2016-07-13 15:24:36 +02:00
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from pymisp import PyMISP
from keys import misp_url , misp_key , misp_verifycert
from datetime import datetime
import argparse
import tools
2017-02-03 16:12:02 +01:00
import date_tools
2016-07-13 15:24:36 +02:00
2016-07-26 16:35:46 +02:00
2016-07-13 15:24:36 +02:00
def init ( url , key ) :
return PyMISP ( url , key , misp_verifycert , ' json ' )
2016-07-26 16:35:46 +02:00
# ######### fetch data ##########
2016-07-13 15:24:36 +02:00
if __name__ == ' __main__ ' :
2016-07-21 10:09:10 +02:00
parser = argparse . ArgumentParser ( description = ' Take a sample of events (based on last.py) and give the number of occurrence of the given tag in this sample. ' )
parser . add_argument ( " -t " , " --tag " , required = True , help = " tag to search (search for multiple tags is possible by using |. example : \" osint|OSINT \" ) " )
2016-07-26 11:05:20 +02:00
parser . add_argument ( " -d " , " --days " , type = int , help = " number of days before today to search. If not define, default value is 7 " )
2016-07-21 10:09:10 +02:00
parser . add_argument ( " -b " , " --begindate " , help = " The research will look for tags attached to events posted at or after the given startdate (format: yyyy-mm-dd): If no date is given, default time is epoch time (1970-1-1) " )
parser . add_argument ( " -e " , " --enddate " , help = " The research will look for tags attached to events posted at or before the given enddate (format: yyyy-mm-dd): If no date is given, default time is now() " )
2016-07-13 15:24:36 +02:00
args = parser . parse_args ( )
misp = init ( misp_url , misp_key )
2016-07-21 10:09:10 +02:00
if args . days is None :
2016-07-26 11:05:20 +02:00
args . days = 7
2016-10-13 13:39:44 +02:00
result = misp . search ( last = ' {} d ' . format ( args . days ) , metadata = True )
2016-07-13 15:24:36 +02:00
2017-02-03 16:12:02 +01:00
date_tools . checkDateConsistancy ( args . begindate , args . enddate , date_tools . getLastdate ( args . days ) )
2016-07-13 15:24:36 +02:00
2016-07-26 11:05:20 +02:00
if args . begindate is None :
2017-02-03 16:12:02 +01:00
args . begindate = date_tools . getLastdate ( args . days )
2016-07-26 11:05:20 +02:00
else :
2017-02-03 16:12:02 +01:00
args . begindate = date_tools . setBegindate ( date_tools . toDatetime ( args . begindate ) , tools . getLastdate ( args . days ) )
2016-07-13 15:24:36 +02:00
2016-07-26 11:05:20 +02:00
if args . enddate is None :
args . enddate = datetime . now ( )
else :
2017-02-03 16:12:02 +01:00
args . enddate = date_tools . setEnddate ( date_tools . toDatetime ( args . enddate ) )
2016-07-26 11:05:20 +02:00
2016-10-12 12:33:42 +02:00
if ' response ' in result :
events = tools . selectInRange ( tools . eventsListBuildFromArray ( result ) , begin = args . begindate , end = args . enddate )
totalPeriodEvents = tools . getNbitems ( events )
tags = tools . tagsListBuild ( events )
result = tools . isTagIn ( tags , args . tag )
totalPeriodTags = len ( result )
2016-07-13 15:24:36 +02:00
2016-10-12 12:33:42 +02:00
text = ' Studied pediod: from '
if args . begindate is None :
text = text + ' 1970-01-01 '
else :
text = text + str ( args . begindate . date ( ) )
text = text + ' to '
if args . enddate is None :
text = text + str ( datetime . now ( ) . date ( ) )
else :
text = text + str ( args . enddate . date ( ) )
print ( ' \n ======================================================== ' )
print ( text )
print ( ' During the studied pediod, ' + str ( totalPeriodTags ) + ' events out of ' + str ( totalPeriodEvents ) + ' contains at least one tag with ' + args . tag + ' . ' )
if totalPeriodEvents != 0 :
print ( ' It represents {} % o f the events in this period. ' . format ( round ( 100 * totalPeriodTags / totalPeriodEvents , 3 ) ) )
2016-07-13 15:24:36 +02:00
else :
2016-10-12 12:33:42 +02:00
print ( ' There is no event answering the research criteria ' )
2016-07-13 15:24:36 +02:00