diff --git a/README.md b/README.md index 51722ab..9378d70 100644 --- a/README.md +++ b/README.md @@ -39,6 +39,7 @@ mysql> exit; Now, with that data edit `config.yaml`, and edit the `db_connection` parameters to match your environment. Change `auth_api -> parameters -> secret` whilst you're here as well. +Do not forget to set your MISP server's URL and API key at the bottom. If you wish, you can edit the taxii service definitions in `services.yaml`, or the collections to be created in `collections.yaml`; full documentation on how this is set up is available at [OpenTaxii's docs](https://opentaxii.readthedocs.io/en/stable/configuration.html). @@ -47,8 +48,13 @@ Now it's time to create all your SQL tables. Luckily OpenTaxii comes with comman You're going to want to export your configuration file to a variable as well. ```bash +# Install mysqlclient for python3 if you haven't already done so +apt-get install libmysqlclient-dev # for mysql_config +pip3 install mysqlclient + # An example of this config is in the config directory export OPENTAXII_CONFIG=/path/to/config.yaml +export PYTHONPATH=. opentaxii-create-services -c config/services.yaml opentaxii-create-collections -c config/collections.yaml @@ -58,11 +64,9 @@ opentaxii-create-collections -c config/collections.yaml opentaxii-create-account -u root -p root ``` -OpenTaxii is now ready to roll, we've just gotta do one or two more things. +OpenTaxii is now ready to roll, we've just gotta do one more thing. -Edit `misp_taxii_hooks/hooks.py` and add your MISP server's URL and API key. - -Then, in the repository root directory, run +In the repository root directory, run ```bash sudo python3 setup.py install ``` diff --git a/scripts/push_published_to_taxii.py b/scripts/push_published_to_taxii.py index bb3e9ad..62be789 100644 --- a/scripts/push_published_to_taxii.py +++ b/scripts/push_published_to_taxii.py @@ -45,13 +45,20 @@ cli.set_auth(username = config["taxii"]["auth"]["username"], while True: # Wait for something to come in on the ZMQ socket - message = socket.recv().decode("utf-8")[10:] - + message = socket.recv().decode("utf-8") log.info("Recieved a message!") + topic = message.split(' ', 1)[0] + + if topic != 'misp_json': + log.info("Ignoring " + topic + "...") + continue + + # Process the JSON payload log.debug("Processing...") + payload = message[len(topic)+1:] # Load the message JSON - msg = json.loads(message) + msg = json.loads(payload) log.debug(msg)