2015-09-01 18:46:10 +02:00
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from pymisp import PyMISP
2018-10-14 19:26:03 +02:00
from keys import misp_url , misp_key , misp_verifycert
2015-09-01 18:46:10 +02:00
import argparse
# For python2 & 3 compat, a bit dirty, but it seems to be the least bad one
try :
input = raw_input
except NameError :
pass
def init ( url , key ) :
2018-10-14 19:26:03 +02:00
return PyMISP ( url , key , misp_verifycert , ' json ' , debug = True )
2015-09-01 18:46:10 +02:00
if __name__ == ' __main__ ' :
2016-03-21 21:24:15 +01:00
parser = argparse . ArgumentParser ( description = ' Create an event on MISP. ' )
2015-09-01 18:46:10 +02:00
parser . add_argument ( " -d " , " --distrib " , type = int , help = " The distribution setting used for the attributes and for the newly created event, if relevant. [0-3]. " )
parser . add_argument ( " -i " , " --info " , help = " Used to populate the event info field if no event ID supplied. " )
2018-03-10 14:04:18 +01:00
parser . add_argument ( " -a " , " --analysis " , type = int , help = " The analysis level of the newly created event, if applicable. [0-2] " )
parser . add_argument ( " -t " , " --threat " , type = int , help = " The threat level ID of the newly created event, if applicable. [1-4] " )
2015-09-01 18:46:10 +02:00
args = parser . parse_args ( )
2015-11-06 10:14:45 +01:00
misp = init ( misp_url , misp_key )
2015-09-01 18:46:10 +02:00
event = misp . new_event ( args . distrib , args . threat , args . analysis , args . info )
2016-08-26 18:23:20 +02:00
print ( event )
