From 8b046d7348e9c151b1d8f61a5596acc3e9563370 Mon Sep 17 00:00:00 2001
From: Hannah Ward <Hannah.ward9001@gmail.com>
Date: Wed, 28 Dec 2016 10:51:43 +0000
Subject: [PATCH] 2 way comms achieved!

---
 .gitignore                         |  1 +
 scripts/push_published_to_taxii.py | 49 ++++++++++++++++++++++++++----
 scripts/start-misp-taxii.sh        |  2 ++
 3 files changed, 46 insertions(+), 6 deletions(-)

diff --git a/.gitignore b/.gitignore
index 95604ed..03fc175 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
+*.swp
 config.yaml
 *.egg-info
 __pycache__
diff --git a/scripts/push_published_to_taxii.py b/scripts/push_published_to_taxii.py
index f920853..bb3e9ad 100644
--- a/scripts/push_published_to_taxii.py
+++ b/scripts/push_published_to_taxii.py
@@ -3,33 +3,70 @@ import zmq
 import sys
 import json
 import pymisp
+import warnings
 from pyaml import yaml
+from cabby import create_client
+import logging
 
-if "MISP_TAXII_CONFIG" in os.environ:
-    config = yaml.parse(open(os.environ["MISP_TAXII_CONFIG"], "r"))
+# Set up logger
+logging.basicConfig(level=logging.INFO)
+log = logging.getLogger(__name__)
+
+# Try to load in config
+if "OPENTAXII_CONFIG" in os.environ:
+    config = yaml.load(open(os.environ["OPENTAXII_CONFIG"], "r"))
 else:
-    config = { "taxii" : { "host" : "127.0.0.1", "port" : 9000, "inbox" : "inbox" },
+    config = { "domain" : "127.0.0.1:9000" ,
                "zmq"   : { "host" : "127.0.0.1", "port" : 50000 }
              }
 
+# Set up our ZMQ socket to recieve MISP JSON on publish
 context = zmq.Context()
 socket = context.socket(zmq.SUB)
 
-print("Subscribing to tcp://{}:{}".format(
+log.info("Subscribing to tcp://{}:{}".format(
                                     config["zmq"]["host"],
                                     config["zmq"]["port"]
                                     ))
 
+# Connect to the socket
 socket.connect("tcp://{}:{}".format(
                                     config["zmq"]["host"],
                                     config["zmq"]["port"]
                                     ))
-
+# Set the option to subscribe
 socket.setsockopt_string(zmq.SUBSCRIBE, '')
 
+# Connct to TAXII as well
+cli = create_client(discovery_path="http://{}/services/discovery".format(config["domain"]))
+cli.set_auth(username = config["taxii"]["auth"]["username"], 
+             password = config["taxii"]["auth"]["password"]
+            )
+
 while True:
+    # Wait for something to come in on the ZMQ socket
     message = socket.recv().decode("utf-8")[10:]
+
+    log.info("Recieved a message!")
+    log.debug("Processing...")
+
+    # Load the message JSON
     msg = json.loads(message)
+
+    log.debug(msg)
+
+    # Load it as a misp object for easy conversion to STIX
     ev = pymisp.mispevent.MISPEvent()
     ev.load(msg)
-    print(ev.attributes)
+
+    # Convert to STIX
+    pkg = pymisp.tools.stix.make_stix_package(ev)
+    
+    log.debug("Loaded successfully!")
+    
+    # Push the package to TAXII
+    cli.push(pkg.to_xml().decode("utf-8"), "urn:stix.mitre.org:xml:1.1.1", 
+            uri="http://{}/services/inbox".format(config["domain"]),
+            collection_names=["collection"])
+
+    log.info("Pushed!")     
diff --git a/scripts/start-misp-taxii.sh b/scripts/start-misp-taxii.sh
index 872743c..9c6ace8 100755
--- a/scripts/start-misp-taxii.sh
+++ b/scripts/start-misp-taxii.sh
@@ -11,3 +11,5 @@ if [ -z $MISP_TAXII_CONFIG]
 fi
 
 
+echo "Running taxii..."
+opentaxii-run-dev