MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

chg: mispzmq -> python3.6

pull/3405/head
Raphaël Vinot 2018-06-29 01:08:29 +08:00
parent d2684407c3
commit 0e93b54e14
2 changed files with 104 additions and 108 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
INSTALL/get-misp-automation.py
View File

@ -1,22 +0,0 @@
#!/usr/bin/env python
'''
Example file on how to get the exported IDS data from MISP
Add your API key, set the MISP host and define the output file.
'''
import urllib2
MISP_HOST="http:/"
API_KEY=""
EXPORT_DATA="events/nids/suricata/download"
OUTPUT_FILE="misp-suricata"
URL="%s/%s" % (MISP_HOST, EXPORT_DATA)
request = urllib2.Request(URL)
f = open(OUTPUT_FILE,'w')
request.add_header('Authorization', API_KEY)
data = urllib2.urlopen(request).read()
f.write(data)
f.close()

190
app/files/scripts/mispzmq/mispzmq.py
View File

@ -1,3 +1,5 @@
#!/usr/bin/env python3
import zmq
import sys
import redis
@ -5,99 +7,115 @@ import json
import os
import time
socket = None
r = None
namespace = None
settings = None
current_location = os.path.dirname(os.path.realpath(__file__))
pidfile = current_location + "/mispzmq.pid"
timestamp = time.time()
timestampSettings = timestamp
publishCount = 0
from pathlib import Path
def setup():
global namespace
global socket
global r
global settings
global timestampSettings
with open(current_location + '/settings.json') as settings_file:
settings = json.load(settings_file)
namespace = settings["redis_namespace"]
r = redis.StrictRedis(host=settings["redis_host"], db=settings["redis_database"], password=settings["redis_password"], port=settings["redis_port"])
timestampSettings = time.time()
def handleCommand(command):
if command == "kill":
print("Kill command received, shutting down.\n")
removePidFile()
sys.exit()
if command == "reload":
print("Reload command received, reloading settings from file.\n")
setup()
if command == "status":
print("Status command received, responding with latest stats.\n")
r.delete(namespace + ":status")
r.lpush(namespace + ":status", json.dumps({"timestamp": timestamp, "timestampSettings": timestampSettings, "publishCount": publishCount}))
return
def check_pid(pid):
""" Check For the existence of a unix pid. """
try:
os.kill(pid, 0)
except OSError:
return False
else:
return True
def removePidFile():
os.unlink(pidfile)
def createPidFile():
pid = str(os.getpid())
open(pidfile, 'w').write(pid)
class MISPZMQ():
def pubMessage(topic, data, socket):
socket.send_string("%s %s" % (topic, data))
if topic is 'misp_json':
global publishCount
publishCount = publishCount + 1
def __init__(self):
self.current_location = Path(__file__).cwd()
self.pidfile = self.current_location / "mispzmq.pid"
self.publishCount = 0
if self.pidfile.exists():
with open(self.pidfile) as f:
pid = f.read()
if check_pid(pid):
raise Exception(f'mispzmq already running on PID {pid}')
else:
# Cleanup
self.pidfile.unlink()
if (self.current_location / 'settings.json').exists():
self.setup()
else:
raise Exception("The settings file is missing.")
def main(args):
start_time = int(time.time())
setup()
createPidFile()
status_array = [
'And when you\'re dead I will be still alive.',
'And believe me I am still alive.',
'I\'m doing science and I\'m still alive.',
'I feel FANTASTIC and I\'m still alive.',
'While you\'re dying I\'ll be still alive.'
def setup(self):
with open(self.current_location / 'settings.json') as settings_file:
self.settings = json.load(settings_file)
self.namespace = self.settings["redis_namespace"]
self.r = redis.StrictRedis(host=self.settings["redis_host"], db=self.settings["redis_database"],
password=self.settings["redis_password"], port=self.settings["redis_port"])
self.timestampSettings = time.time()
]
context = zmq.Context()
socket = context.socket(zmq.PUB)
socket.bind("tcp://*:%s" % settings["port"])
time.sleep(1)
def handleCommand(self, command):
if command == "kill":
print("Kill command received, shutting down.")
self.pidfile.unlink()
sys.exit()
if command == "reload":
print("Reload command received, reloading settings from file.")
self.setup()
if command == "status":
print("Status command received, responding with latest stats.")
self.r.delete(f"{self.namespace}:status")
self.r.lpush(f"{self.namespace}:status",
json.dumps({"timestamp": time.time(),
"timestampSettings": self.timestampSettings,
"publishCount": self.publishCount}))
def createPidFile(self):
with open(self.pidfile, 'w') as f:
f.write(str(os.getpid()))
def pubMessage(self, topic, data, socket):
socket.send_string(f"{topic} {data}")
if topic is 'misp_json':
self.publishCount += 1
def main(self):
start_time = int(time.time())
self.createPidFile()
status_array = [
"And when you're dead I will be still alive.",
"And believe me I am still alive.",
"I'm doing science and I'm still alive.",
"I feel FANTASTIC and I'm still alive.",
"While you're dying I'll be still alive."
]
context = zmq.Context()
socket = context.socket(zmq.PUB)
socket.bind("tcp://*:{}".format(self.settings["port"]))
time.sleep(1)
while True:
command = self.r.lpop(f"{self.namespace}:command")
if command is not None:
self.handleCommand(command)
topics = ["misp_json", "misp_json_event", "misp_json_attribute", "misp_json_sighting",
"misp_json_organisation", "misp_json_user", "misp_json_conversation",
"misp_json_object", "misp_json_object_reference", "misp_json_audit",
"misp_json_tag"
]
message_received = False
for topic in topics:
data = self.r.lpop(f"{self.namespace}:data:{topic}")
if data is not None:
self.pubMessage(topic, data, socket)
message_received = True
if not message_received:
time.sleep(0.1)
current_time = 10 * time.time()
temp_start_time = 10 * start_time
time_delta = int(current_time - temp_start_time)
if (time_delta % 100 == 0):
status_entry = int(time_delta / 100 % 5)
status_message = {
'status': status_array[status_entry],
'uptime': int(time.time()) - start_time
}
self.pubMessage('misp_json_self', json.dumps(status_message), socket)
while True:
command = r.lpop(namespace + ":command")
if command is not None:
handleCommand(command)
topics = ["misp_json", "misp_json_event", "misp_json_attribute", "misp_json_sighting",
"misp_json_organisation", "misp_json_user", "misp_json_conversation",
"misp_json_object", "misp_json_object_reference", "misp_json_audit",
"misp_json_tag"
]
message_received = False
for topic in topics:
data = r.lpop(namespace + ":data:" + topic)
if data is not None:
pubMessage(topic, data, socket)
message_received = True
if (message_received == False):
time.sleep(0.1)
current_time = 10*time.time()
temp_start_time = 10*start_time
time_delta = int(current_time - temp_start_time)
if (time_delta % 100 == 0):
status_entry = time_delta/100 % 5
status_message = {
'status': status_array[status_entry],
'uptime': int(time.time()) - start_time
}
pubMessage('misp_json_self', json.dumps(status_message), socket)
if __name__ == "__main__":
main(sys.argv)
mzq = MISPZMQ()
mzq.main()