mirror of https://github.com/MISP/MISP-maltego
38 lines
1.1 KiB
Python
38 lines
1.1 KiB
Python
|
#############################################
|
||
|
# MISP API miscellaneous functions.
|
||
|
#
|
||
|
# Author: Emmanuel Bouillon
|
||
|
# Email: emmanuel.bouillon.sec@gmail.com
|
||
|
# Date: 24/11/2015
|
||
|
#############################################
|
||
|
|
||
|
# MISP BASE URL
|
||
|
BASE_URL = '<MISP_BASE_URL>'
|
||
|
# API KEY
|
||
|
API_KEY = '<YOUR_API_KEY>'
|
||
|
# MISP_VERIFYCERT
|
||
|
MISP_VERIFYCERT = True
|
||
|
# pyMISP DEBUG
|
||
|
MISP_DEBUG = False
|
||
|
|
||
|
from pymisp import PyMISP
|
||
|
from MaltegoTransform import *
|
||
|
|
||
|
def init():
|
||
|
return PyMISP(BASE_URL, API_KEY, MISP_VERIFYCERT, 'json', MISP_DEBUG)
|
||
|
|
||
|
def retrieveEvents(mt, enFilter, enValue):
|
||
|
misp = init()
|
||
|
result = misp.search(values = enValue, type_attribute = enFilter)
|
||
|
for e in result['response']:
|
||
|
eid = e['Event']['id']
|
||
|
einfo = e['Event']['info']
|
||
|
eorgc = e['Event']['orgc']
|
||
|
me = MaltegoEntity('maltego.MISPEvent',eid);
|
||
|
me.addAdditionalFields('EventLink', 'EventLink', False, BASE_URL + '/events/view/' + eid )
|
||
|
me.addAdditionalFields('Org', 'Org', False, eorgc)
|
||
|
me.addAdditionalFields('notes#', 'notes', False, eorgc + ": " + einfo)
|
||
|
mt.addEntityToMessage(me);
|
||
|
return
|
||
|
|