Moved to env-var based system

pull/7/head
Hannah Ward 2016-11-23 12:16:30 +00:00
parent 209e4f1a29
commit eb292b3cba
No known key found for this signature in database
GPG Key ID: 6F3BAD60DE190290
5 changed files with 82 additions and 12 deletions

10
misp_taxii_conf.yaml Normal file
View File

@ -0,0 +1,10 @@
# Sample configuration for misp_taxii_server
zmq:
host: localhost
port: 50000
taxii:
host: localhost
port: 9000
inbox: inbox

View File

@ -4,19 +4,35 @@
# TODO: DETECT DUPLICATE DATA
#####
import os
import pymisp
import tempfile
import os
from pyaml import yaml
from opentaxii.signals import (
CONTENT_BLOCK_CREATED, INBOX_MESSAGE_CREATED
)
## CONFIG
if "MISP_TAXII_CONFIG" in os.environ:
print("Using config from {}".format(os.environ["MISP_TAXII_CONFIG"]))
CONFIG = yaml.parse(open(os.environ["MISP_TAXII_CONFIG"], "r"))
else:
print("Trying to use env variables...")
if "MISP_URL" in os.environ:
misp_url = os.environ["MISP_URL"]
else:
print("Unkown misp URL. Set MISP_TAXII_CONFIG or MISP_URL.")
misp_url = "UNKNOWN"
if "MISP_API" in os.environ:
misp_api = os.environ["MISP_API"]
else:
print("Unknown misp API key. Set MISP_TAXII_CONFIG or MISP_API.")
misp_api = "UNKNOWN"
CONFIG = {
"MISP_URL" : "[URL]",
"MISP_API" : "[APIKEY]",
CONFIG = {
"MISP_URL" : misp_url,
"MISP_API" : misp_api,
}
MISP = pymisp.PyMISP(
@ -31,12 +47,12 @@ def post_stix(manager, content_block, collection_ids, service_id):
'''
# Create a temporary file to load STIX data from
f = tempfile.NamedTemporaryFile(delete=False, mode="w")
f = tempfile.SpooledTemporaryFile(max_size=10*1024, mode="w")
f.write(content_block.content)
f.close()
f.seek(0)
# Load the package
package = pymisp.tools.stix.load_stix(f.name)
package = pymisp.tools.stix.load_stix(f)
# Check for duplicates
for attrib in package.attributes:
@ -48,9 +64,6 @@ def post_stix(manager, content_block, collection_ids, service_id):
# idk, this is just in case pymisp does a weird
pass
# Delete that old temporary file
os.unlink(f.name)
# Push the event to MISP
# TODO: There's probably a proper method to do this rather than json_full
# But I don't wanna read docs

View File

@ -0,0 +1,35 @@
import os
import zmq
import sys
import json
import pymisp
from pyaml import yaml
if "MISP_TAXII_CONFIG" in os.environ:
config = yaml.parse(open(os.environ["MISP_TAXII_CONFIG"], "r"))
else:
config = { "taxii" : { "host" : "127.0.0.1", "port" : 9000, "inbox" : "inbox" },
"zmq" : { "host" : "127.0.0.1", "port" : 50000 }
}
context = zmq.Context()
socket = context.socket(zmq.SUB)
print("Subscribing to tcp://{}:{}".format(
config["zmq"]["host"],
config["zmq"]["port"]
))
socket.connect("tcp://{}:{}".format(
config["zmq"]["host"],
config["zmq"]["port"]
))
socket.setsockopt_string(zmq.SUBSCRIBE, '')
while True:
message = socket.recv().decode("utf-8")[10:]
msg = json.loads(message)
ev = pymisp.mispevent.MISPEvent()
ev.load(msg)
print(ev.attributes)

View File

@ -12,6 +12,7 @@ setup(
author="Hannah Ward",
author_email="hannah.ward2@baesystems.com",
packages=['misp_taxii_hooks'],
install_requires=["pymisp>=2.4.53", "pyaml>=3.11", "cabby>=0.1", "mysqlclient>=1.3.9", "nose>=1.3.7"],
install_requires=["zmq", "misp-stix-converter", "pymisp>=2.4.53", "pyaml>=3.11", "cabby>=0.1", "mysqlclient>=1.3.9", "nose>=1.3.7"],
scripts=["start-misp-taxii.sh", "push_published_to_taxii.py"]
)

11
start-misp-taxii.sh Executable file
View File

@ -0,0 +1,11 @@
#!/bin/bash
if [ -z $OPENTAXII_CONFIG ]
then
echo "Warning : Variable OPENTAXII_CONFIG not set!";
fi
if [ -z $MISP_TAXII_CONFIG]
then
echo "Warning: Variable MISP_TAXII_CONFIG not set!";
fi