MISP
/
MISP-Taxii-Server
mirror of https://github.com/MISP/MISP-Taxii-Server
2
0
Fork 0
Code Issues Releases Wiki Activity

2 way comms achieved!

pull/7/head
Hannah Ward 2016-12-28 10:51:43 +00:00
parent dfa2dbc6af
commit 8b046d7348
No known key found for this signature in database
GPG Key ID: 6F3BAD60DE190290
3 changed files with 46 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1,3 +1,4 @@
*.swp
config.yaml config.yaml
*.egg-info *.egg-info
__pycache__ __pycache__

49
scripts/push_published_to_taxii.py
View File

@ -3,33 +3,70 @@ import zmq
import sys import sys
import json import json
import pymisp import pymisp
import warnings
from pyaml import yaml from pyaml import yaml
from cabby import create_client
import logging
if "MISP_TAXII_CONFIG" in os.environ: # Set up logger
config = yaml.parse(open(os.environ["MISP_TAXII_CONFIG"], "r")) logging.basicConfig(level=logging.INFO)
log = logging.getLogger(__name__)
# Try to load in config
if "OPENTAXII_CONFIG" in os.environ:
config = yaml.load(open(os.environ["OPENTAXII_CONFIG"], "r"))
else: else:
config = { "taxii" : { "host" : "127.0.0.1", "port" : 9000, "inbox" : "inbox" }, config = { "domain" : "127.0.0.1:9000" ,
"zmq" : { "host" : "127.0.0.1", "port" : 50000 } "zmq" : { "host" : "127.0.0.1", "port" : 50000 }
} }
# Set up our ZMQ socket to recieve MISP JSON on publish
context = zmq.Context() context = zmq.Context()
socket = context.socket(zmq.SUB) socket = context.socket(zmq.SUB)
print("Subscribing to tcp://{}:{}".format( log.info("Subscribing to tcp://{}:{}".format(
config["zmq"]["host"], config["zmq"]["host"],
config["zmq"]["port"] config["zmq"]["port"]
)) ))
# Connect to the socket
socket.connect("tcp://{}:{}".format( socket.connect("tcp://{}:{}".format(
config["zmq"]["host"], config["zmq"]["host"],
config["zmq"]["port"] config["zmq"]["port"]
)) ))
# Set the option to subscribe
socket.setsockopt_string(zmq.SUBSCRIBE, '') socket.setsockopt_string(zmq.SUBSCRIBE, '')
# Connct to TAXII as well
cli = create_client(discovery_path="http://{}/services/discovery".format(config["domain"]))
cli.set_auth(username = config["taxii"]["auth"]["username"],
password = config["taxii"]["auth"]["password"]
)
while True: while True:
# Wait for something to come in on the ZMQ socket
message = socket.recv().decode("utf-8")[10:] message = socket.recv().decode("utf-8")[10:]
log.info("Recieved a message!")
log.debug("Processing...")
# Load the message JSON
msg = json.loads(message) msg = json.loads(message)
log.debug(msg)
# Load it as a misp object for easy conversion to STIX
ev = pymisp.mispevent.MISPEvent() ev = pymisp.mispevent.MISPEvent()
ev.load(msg) ev.load(msg)
print(ev.attributes)
# Convert to STIX
pkg = pymisp.tools.stix.make_stix_package(ev)
log.debug("Loaded successfully!")
# Push the package to TAXII
cli.push(pkg.to_xml().decode("utf-8"), "urn:stix.mitre.org:xml:1.1.1",
uri="http://{}/services/inbox".format(config["domain"]),
collection_names=["collection"])
log.info("Pushed!")

2
scripts/start-misp-taxii.sh
View File

@ -11,3 +11,5 @@ if [ -z $MISP_TAXII_CONFIG]
fi fi
echo "Running taxii..."
opentaxii-run-dev