mirror of https://github.com/MISP/MISP
41 lines
1.8 KiB
Python
41 lines
1.8 KiB
Python
import json
|
|
from argparse import ArgumentParser
|
|
from pymisp import ExpandedPyMISP
|
|
from pymisp.exceptions import PyMISPError
|
|
|
|
def ingest_to_misp(path, version, url, key, verifycert):
|
|
try:
|
|
misp = ExpandedPyMISP(url, key, verifycert)
|
|
except PyMISPError:
|
|
return f'Unable to connect to MISP ({url}). Please make sure the API key and the URL are correct.'
|
|
|
|
errors = []
|
|
for filename in path:
|
|
response = misp.upload_stix(filename, version=version)
|
|
if response.status_code != 200:
|
|
errors.append(filename)
|
|
|
|
if errors:
|
|
file = "file: " if len(errors) == 1 else "files:\n- "
|
|
print_errors = '\n- '.join(errors)
|
|
return f'Error with the ingestion of the following {file}{print_errors}'
|
|
return f'Successfully ingested {len(path)} STIX {version} files.'
|
|
|
|
|
|
if __name__ == '__main__':
|
|
parser = ArgumentParser(description='')
|
|
parser.add_argument('--misp_url', help='URL of the MISP instance you want to connect to.')
|
|
parser.add_argument('--misp_key', help='API key of the user you want to use.')
|
|
parser.add_argument('--misp_verifycert', action='store_true', help='To check the validity of the certificate.')
|
|
parser.add_argument('--version', required=True, help='STIX version (1 or 2).')
|
|
parser.add_argument('--path', nargs='+', required=True, help='Path to the STIX files to ingest.')
|
|
args = parser.parse_args()
|
|
|
|
if args.version not in ('1', '2'):
|
|
sys.exit('Please specify the STIX version: 1 or 2.')
|
|
with open('setup.json', 'rt', encoding='utf-8') as f:
|
|
default_setup = json.loads(f.read())
|
|
features = ('misp_url', 'misp_key', 'misp_verifycert')
|
|
setup = [getattr(args, feature) if getattr(args, feature) else default_setup[feature] for feature in features]
|
|
print(ingest_to_misp(args.path, args.version, *setup))
|