From c54258d5473b2f79b9b24d261567e5d4de55c764 Mon Sep 17 00:00:00 2001
From: Davide Baglieri <davidonzo@gmail.com>
Date: Mon, 26 Feb 2018 19:04:51 +0100
Subject: [PATCH] Delete hooks.py

---
 misp_taxii_hooks/hooks.py | 86 ---------------------------------------
 1 file changed, 86 deletions(-)
 delete mode 100644 misp_taxii_hooks/hooks.py

diff --git a/misp_taxii_hooks/hooks.py b/misp_taxii_hooks/hooks.py
deleted file mode 100644
index 81eed0e..0000000
--- a/misp_taxii_hooks/hooks.py
+++ /dev/null
@@ -1,86 +0,0 @@
-#!/usr/bin/env python3
-
-######
-# TODO: DETECT DUPLICATE DATA
-#####
-
-import os
-import pymisp
-import tempfile
-import logging
-from pyaml import yaml
-from io import StringIO
-
-log = logging.getLogger("__main__")
-
-from opentaxii.signals import (
-    CONTENT_BLOCK_CREATED, INBOX_MESSAGE_CREATED
-)
-
-## CONFIG
-if "OPENTAXII_CONFIG" in os.environ:
-    print("Using config from {}".format(os.environ["OPENTAXII_CONFIG"]))
-    CONFIG =  yaml.load(open(os.environ["OPENTAXII_CONFIG"], "r"))
-else:
-    print("Trying to use env variables...")
-    if "MISP_URL" in os.environ:
-        misp_url = os.environ["MISP_URL"]
-    else:
-        print("Unkown misp URL. Set OPENTAXII_CONFIG or MISP_URL.")
-        misp_url = "UNKNOWN"
-    if "MISP_API" in os.environ:
-        misp_api = os.environ["MISP_API"]
-    else:
-        print("Unknown misp API key. Set OPENTAXII_CONFIG or MISP_API.")
-        misp_api = "UNKNOWN"
-
-    CONFIG = {
-                "misp" : {
-                            "url" : misp_url,
-                            "api" : misp_api
-                        }
-            }
-
-MISP = pymisp.PyMISP( 
-                        CONFIG["misp"]["url"],
-                        CONFIG["misp"]["api"],
-                        ssl = CONFIG["misp"].get("verifySSL", True)
-                )
-
-def post_stix(manager, content_block, collection_ids, service_id):
-    '''
-        Callback function for when our taxii server gets new data
-        Will convert it to a MISPEvent and push to the server
-    '''
-
-    # Load the package
-    log.info("Posting STIX...")
-    block = content_block.content
-    if isinstance(block, bytes):
-        block = block.decode()
- 
-    package = pymisp.tools.stix.load_stix(StringIO(block))
-    log.info("STIX loaded succesfully.")
-    values = [x.value for x in package.attributes]
-    log.info("Extracted %s", values)
-    for attrib in values:
-        log.info("Checking for existence of %s", attrib)
-        search = MISP.search("attributes", values=str(attrib))
-        if search["response"] != []:
-            # This means we have it!
-            log.info("%s is a duplicate, we'll ignore it.", attrib)
-            package.attributes.pop([x.value for x in package.attributes].index(attrib))
-        else:
-            log.info("%s is unique, we'll keep it", attrib)
-
-    # Push the event to MISP
-    # TODO: There's probably a proper method to do this rather than json_full
-    # But I don't wanna read docs
-    if (len(package.attributes) > 0):
-        log.info("Uploading event to MISP with attributes %s", [x.value for x in package.attributes])
-        MISP.add_event(package)
-    else:
-        log.info("No attributes, not bothering.")
-
-# Make TAXII call our push function whenever it gets new data
-CONTENT_BLOCK_CREATED.connect(post_stix)