Basic callback done, taxii server will now push to a MISP server

travis
Hannah Ward 2016-11-18 11:54:58 +00:00
parent 3a588632da
commit 378bf9cf90
No known key found for this signature in database
GPG Key ID: 6F3BAD60DE190290
1 changed files with 35 additions and 11 deletions

View File

@ -1,6 +1,12 @@
#!/usr/bin/env python3
######
# TODO: DETECT DUPLICATE DATA
#####
import pymisp
import tempfile
import os
from opentaxii.signals import (
CONTENT_BLOCK_CREATED, INBOX_MESSAGE_CREATED
@ -8,10 +14,9 @@ from opentaxii.signals import (
## CONFIG
def post_stix(manager, content_block, collection_ids, service_id):
CONFIG = {
"MISP_URL" : "localhost",
"MISP_API" : "DEADBEEF",
"MISP_URL" : "[URL]",
"MISP_API" : "[APIKEY]",
}
MISP = pymisp.PyMISP(
@ -19,8 +24,27 @@ def post_stix(manager, content_block, collection_ids, service_id):
CONFIG["MISP_API"],
)
with open("/tmp/test.txt", "w") as f:
f.write("connect!")
print("Content: {}".format(content_block.content))
def post_stix(manager, content_block, collection_ids, service_id):
'''
Callback function for when our taxii server gets new data
Will convert it to a MISPEvent and push to the server
'''
# Create a temporary file to load STIX data from
f = tempfile.NamedTemporaryFile(delete=False, mode="w")
f.write(content_block.content)
f.close()
# Load the package
package = pymisp.tools.stix.load_stix(f.name)
# Delete that old temporary file
os.unlink(f.name)
# Push the event to MISP
# TODO: There's probably a proper method to do this rather than json_full
# But I don't wanna read docs
MISP.add_event(package._json_full())
# Make TAXII call our push function whenever it gets new data
CONTENT_BLOCK_CREATED.connect(post_stix)