Moved to env-var based system

misp_taxii_conf.yaml

@@ -0,0 +1,10 @@
+# Sample configuration for misp_taxii_server
+
+zmq:
+    host: localhost
+    port: 50000
+
+taxii:
+    host: localhost
+    port: 9000
+    inbox: inbox

misp_taxii_hooks/hooks.py

@@ -4,19 +4,35 @@
 # TODO: DETECT DUPLICATE DATA
 #####
 
+import os
 import pymisp
 import tempfile
-import os
+from pyaml import yaml
 
 from opentaxii.signals import (
     CONTENT_BLOCK_CREATED, INBOX_MESSAGE_CREATED
 )
 
 ## CONFIG
+if "MISP_TAXII_CONFIG" in os.environ:
+    print("Using config from {}".format(os.environ["MISP_TAXII_CONFIG"]))
+    CONFIG =  yaml.parse(open(os.environ["MISP_TAXII_CONFIG"], "r"))
+else:
+    print("Trying to use env variables...")
+    if "MISP_URL" in os.environ:
+        misp_url = os.environ["MISP_URL"]
+    else:
+        print("Unkown misp URL. Set MISP_TAXII_CONFIG or MISP_URL.")
+        misp_url = "UNKNOWN"
+    if "MISP_API" in os.environ:
+        misp_api = os.environ["MISP_API"]
+    else:
+        print("Unknown misp API key. Set MISP_TAXII_CONFIG or MISP_API.")
+        misp_api = "UNKNOWN"
 
     CONFIG = {
-            "MISP_URL" : "[URL]",
+            "MISP_URL" : misp_url,
-            "MISP_API" : "[APIKEY]",
+            "MISP_API" : misp_api,
             }
 
 MISP = pymisp.PyMISP( 
@@ -31,12 +47,12 @@ def post_stix(manager, content_block, collection_ids, service_id):
     '''
 
     # Create a temporary file to load STIX data from
-    f = tempfile.NamedTemporaryFile(delete=False, mode="w")
+    f = tempfile.SpooledTemporaryFile(max_size=10*1024, mode="w")
     f.write(content_block.content)
-    f.close()
+    f.seek(0)
 
     # Load the package
-    package = pymisp.tools.stix.load_stix(f.name)
+    package = pymisp.tools.stix.load_stix(f)
 
     # Check for duplicates
     for attrib in package.attributes:
@@ -48,9 +64,6 @@ def post_stix(manager, content_block, collection_ids, service_id):
             # idk, this is just in case pymisp does a weird
             pass
 
-    # Delete that old temporary file
-    os.unlink(f.name)
-
     # Push the event to MISP
     # TODO: There's probably a proper method to do this rather than json_full
     # But I don't wanna read docs

push_published_to_taxii.py

@@ -0,0 +1,35 @@
+import os
+import zmq
+import sys
+import json
+import pymisp
+from pyaml import yaml
+
+if "MISP_TAXII_CONFIG" in os.environ:
+    config = yaml.parse(open(os.environ["MISP_TAXII_CONFIG"], "r"))
+else:
+    config = { "taxii" : { "host" : "127.0.0.1", "port" : 9000, "inbox" : "inbox" },
+               "zmq"   : { "host" : "127.0.0.1", "port" : 50000 }
+             }
+
+context = zmq.Context()
+socket = context.socket(zmq.SUB)
+
+print("Subscribing to tcp://{}:{}".format(
+                                    config["zmq"]["host"],
+                                    config["zmq"]["port"]
+                                    ))
+
+socket.connect("tcp://{}:{}".format(
+                                    config["zmq"]["host"],
+                                    config["zmq"]["port"]
+                                    ))
+
+socket.setsockopt_string(zmq.SUBSCRIBE, '')
+
+while True:
+    message = socket.recv().decode("utf-8")[10:]
+    msg = json.loads(message)
+    ev = pymisp.mispevent.MISPEvent()
+    ev.load(msg)
+    print(ev.attributes)

setup.py

@@ -12,6 +12,7 @@ setup(
     author="Hannah Ward",
     author_email="hannah.ward2@baesystems.com",
     packages=['misp_taxii_hooks'],
-    install_requires=["pymisp>=2.4.53", "pyaml>=3.11", "cabby>=0.1", "mysqlclient>=1.3.9", "nose>=1.3.7"],
+    install_requires=["zmq", "misp-stix-converter", "pymisp>=2.4.53", "pyaml>=3.11", "cabby>=0.1", "mysqlclient>=1.3.9", "nose>=1.3.7"],
+    scripts=["start-misp-taxii.sh", "push_published_to_taxii.py"]
 )
 

start-misp-taxii.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+
+if [ -z $OPENTAXII_CONFIG ]
+    then
+        echo "Warning : Variable OPENTAXII_CONFIG not set!";
+fi
+
+if [ -z $MISP_TAXII_CONFIG] 
+    then
+        echo "Warning: Variable MISP_TAXII_CONFIG not set!";
+fi