mirror of https://github.com/MISP/MISP
Update misp_retention.py to new api, use local tags
parent
2a3e7a53a4
commit
91f40e6641
|
@ -1,13 +1,13 @@
|
||||||
#!/usr/bin/env python
|
#!/usr/bin/env python3
|
||||||
#
|
#
|
||||||
# This script requires the MISP retention taxonomy is installed and enabled
|
# This script requires the MISP retention taxonomy is installed and enabled
|
||||||
# See https://github.com/MISP/misp-taxonomies/tree/master/retention/retention
|
# See https://github.com/MISP/misp-taxonomies/tree/master/retention/retention
|
||||||
|
|
||||||
from pymisp import PyMISP, MISPEvent
|
from pymisp import ExpandedPyMISP, MISPEvent
|
||||||
from datetime import datetime
|
from datetime import datetime
|
||||||
from dateutil.relativedelta import relativedelta
|
from dateutil.relativedelta import relativedelta
|
||||||
import re
|
import re
|
||||||
from keys import misp_url, misp_key, misp_verifycert
|
from keys import misp_url, misp_key
|
||||||
|
|
||||||
# pip install pymisp python-dateutil
|
# pip install pymisp python-dateutil
|
||||||
|
|
||||||
|
@ -18,16 +18,15 @@ class misphelper(object):
|
||||||
expiredTag = "retention:expired"
|
expiredTag = "retention:expired"
|
||||||
|
|
||||||
def __init__(self):
|
def __init__(self):
|
||||||
self.misp = PyMISP(url=misp_url,
|
self.misp = ExpandedPyMISP(url=misp_url,
|
||||||
key=misp_key,
|
key=misp_key,
|
||||||
ssl=misp_verifycert,
|
ssl=True)
|
||||||
out_type="json")
|
|
||||||
self.taxonomyId = self.searchTaxonomy()
|
self.taxonomyId = self.searchTaxonomy()
|
||||||
|
|
||||||
def searchTaxonomy(self):
|
def searchTaxonomy(self):
|
||||||
res = self.misp.get_taxonomies_list()
|
res = self.misp.taxonomies()
|
||||||
|
|
||||||
for tax in res["response"]:
|
for tax in res:
|
||||||
if (tax["Taxonomy"]["namespace"] == "retention" and tax["Taxonomy"]["enabled"]):
|
if (tax["Taxonomy"]["namespace"] == "retention" and tax["Taxonomy"]["enabled"]):
|
||||||
return tax["Taxonomy"]["id"]
|
return tax["Taxonomy"]["id"]
|
||||||
|
|
||||||
|
@ -44,12 +43,12 @@ class misphelper(object):
|
||||||
changed = True
|
changed = True
|
||||||
attr["to_ids"] = False
|
attr["to_ids"] = False
|
||||||
|
|
||||||
|
self.misp.tag(mevent, self.expiredTag, True)
|
||||||
if changed:
|
if changed:
|
||||||
mevent.add_tag(self.expiredTag)
|
|
||||||
res = self.misp.update_event(mevent.id, mevent)
|
res = self.misp.update_event(mevent.id, mevent)
|
||||||
|
|
||||||
def findEventsAfterRetention(self, events, retention):
|
def findEventsAfterRetention(self, events, retention):
|
||||||
for event in events["response"]:
|
for event in events:
|
||||||
ts = datetime.strptime(event["Event"]["date"], "%Y-%m-%d")
|
ts = datetime.strptime(event["Event"]["date"], "%Y-%m-%d")
|
||||||
now = datetime.utcnow()
|
now = datetime.utcnow()
|
||||||
|
|
||||||
|
@ -66,12 +65,13 @@ class misphelper(object):
|
||||||
self.processEvent(event["Event"])
|
self.processEvent(event["Event"])
|
||||||
|
|
||||||
def queryRetentionTags(self):
|
def queryRetentionTags(self):
|
||||||
res = self.misp.get_taxonomy_tags_list(self.taxonomyId)
|
res = self.misp.get_taxonomy(self.taxonomyId)
|
||||||
|
|
||||||
for tag in res:
|
for tag in res['entries']:
|
||||||
m = re.match(r"^retention:([0-9]+)([d,w,m,y])$", tag["tag"])
|
m = re.match(r"^retention:([0-9]+)([d,w,m,y])$", tag["tag"])
|
||||||
if m:
|
if m:
|
||||||
events = self.misp.search(published=True, tags=tag["tag"], not_tags=self.expiredTag)
|
tagSearch = self.misp.build_complex_query(and_parameters = tag["tag"], not_parameters = self.expiredTag)
|
||||||
|
events = self.misp.search(published=True, tags=tagSearch)
|
||||||
self.findEventsAfterRetention(events, (m.group(1), m.group(2)))
|
self.findEventsAfterRetention(events, (m.group(1), m.group(2)))
|
||||||
|
|
||||||
else:
|
else:
|
||||||
|
|
Loading…
Reference in New Issue