2016-03-21 21:24:15 +01:00
|
|
|
#!/usr/bin/env python
|
2014-04-12 17:44:47 +02:00
|
|
|
# -*- coding: utf-8 -*-
|
|
|
|
|
2014-05-02 11:46:04 +02:00
|
|
|
import sys
|
2014-04-16 15:14:58 +02:00
|
|
|
|
|
|
|
from pymisp import PyMISP
|
2014-04-12 17:44:47 +02:00
|
|
|
|
2014-05-02 11:46:04 +02:00
|
|
|
from keys import cert, priv
|
2014-04-12 17:44:47 +02:00
|
|
|
|
2014-05-02 11:46:04 +02:00
|
|
|
url_cert = 'https://misp.circl.lu'
|
|
|
|
url_priv = 'https://misppriv.circl.lu'
|
|
|
|
cert_cert = 'misp.circl.lu.crt'
|
|
|
|
cert_priv = 'misppriv.circl.lu.crt'
|
2014-04-12 17:44:47 +02:00
|
|
|
source = None
|
|
|
|
destination = None
|
|
|
|
|
2014-04-14 19:18:12 +02:00
|
|
|
|
2014-05-02 11:46:04 +02:00
|
|
|
def init(cert_to_priv=True):
|
2014-04-12 17:44:47 +02:00
|
|
|
global source
|
|
|
|
global destination
|
2015-05-03 02:47:47 +02:00
|
|
|
print(cert_to_priv)
|
2014-05-02 11:46:04 +02:00
|
|
|
if cert_to_priv:
|
|
|
|
source = PyMISP(url_cert, cert, cert_cert, 'xml')
|
|
|
|
destination = PyMISP(url_priv, priv, cert_priv, 'xml')
|
|
|
|
else:
|
|
|
|
source = PyMISP(url_priv, priv, cert_priv, 'xml')
|
|
|
|
destination = PyMISP(url_cert, cert, cert_cert, 'xml')
|
2014-04-12 17:44:47 +02:00
|
|
|
|
2014-04-14 19:18:12 +02:00
|
|
|
|
|
|
|
def _to_utf8(request):
|
|
|
|
to_return = None
|
|
|
|
if 'json' in request.headers['content-type']:
|
2015-07-30 15:53:34 +02:00
|
|
|
to_return = request.json()
|
2014-04-14 19:18:12 +02:00
|
|
|
else:
|
|
|
|
to_return = request.text.encode('utf-8')
|
|
|
|
return to_return
|
|
|
|
|
|
|
|
|
2014-04-12 17:44:47 +02:00
|
|
|
def copy_event(event_id):
|
|
|
|
r_src = source.get_event(event_id)
|
2014-04-14 19:18:12 +02:00
|
|
|
to_send = _to_utf8(r_src)
|
|
|
|
return destination.add_event(to_send)
|
|
|
|
|
|
|
|
|
2014-05-02 17:10:53 +02:00
|
|
|
def update_event(event_id, event_to_update):
|
|
|
|
r_src = source.get_event(event_id)
|
|
|
|
to_send = _to_utf8(r_src)
|
|
|
|
return destination.update_event(event_to_update, to_send)
|
|
|
|
|
|
|
|
|
2014-04-14 19:18:12 +02:00
|
|
|
def list_copy(filename):
|
|
|
|
with open(filename, 'r') as f:
|
|
|
|
for l in f:
|
2014-05-02 11:46:04 +02:00
|
|
|
copy(l)
|
|
|
|
|
|
|
|
|
|
|
|
def loop_copy():
|
|
|
|
while True:
|
|
|
|
line = sys.stdin.readline()
|
|
|
|
copy(line)
|
|
|
|
|
|
|
|
|
|
|
|
def copy(eventid):
|
|
|
|
eventid = eventid.strip()
|
|
|
|
if len(eventid) == 0 or not eventid.isdigit():
|
2015-05-03 02:47:47 +02:00
|
|
|
print('empty line or NaN.')
|
2014-05-02 11:46:04 +02:00
|
|
|
return
|
|
|
|
eventid = int(eventid)
|
2015-05-03 02:47:47 +02:00
|
|
|
print(eventid, 'copying...')
|
2014-05-02 11:46:04 +02:00
|
|
|
r = copy_event(eventid)
|
2014-05-02 17:10:53 +02:00
|
|
|
if r.status_code >= 400:
|
|
|
|
loc = r.headers['location']
|
|
|
|
if loc is not None:
|
|
|
|
event_to_update = loc.split('/')[-1]
|
2015-05-03 02:47:47 +02:00
|
|
|
print('updating', event_to_update)
|
2014-05-02 17:10:53 +02:00
|
|
|
r = update_event(eventid, event_to_update)
|
|
|
|
if r.status_code >= 400:
|
2015-05-03 02:47:47 +02:00
|
|
|
print(r.status_code, r.headers)
|
2014-05-02 17:10:53 +02:00
|
|
|
else:
|
2015-05-03 02:47:47 +02:00
|
|
|
print(r.status_code, r.headers)
|
|
|
|
print(eventid, 'done.')
|
2014-04-12 17:44:47 +02:00
|
|
|
|
2014-04-15 16:40:49 +02:00
|
|
|
|
|
|
|
def export_our_org():
|
|
|
|
circl = source.search(org='CIRCL')
|
|
|
|
return _to_utf8(circl)
|
|
|
|
|
2014-04-12 17:44:47 +02:00
|
|
|
if __name__ == '__main__':
|
2014-04-16 15:14:58 +02:00
|
|
|
import argparse
|
|
|
|
parser = argparse.ArgumentParser(
|
|
|
|
description='Copy the events from one MISP instance to an other.')
|
2014-05-02 11:46:04 +02:00
|
|
|
parser.add_argument('-f', '--filename', type=str,
|
2014-04-16 15:14:58 +02:00
|
|
|
help='File containing a list of event id.')
|
2014-05-02 11:46:04 +02:00
|
|
|
parser.add_argument(
|
|
|
|
'-l', '--loop', action='store_true',
|
|
|
|
help='Endless loop: eventid in the terminal and it will be copied.')
|
|
|
|
parser.add_argument('--priv_to_cert', action='store_false', default=True,
|
|
|
|
help='Copy from MISP priv to MISP CERT.')
|
2014-04-16 15:14:58 +02:00
|
|
|
args = parser.parse_args()
|
2014-05-02 11:46:04 +02:00
|
|
|
init(args.priv_to_cert)
|
|
|
|
if args.filename is not None:
|
|
|
|
list_copy(args.filename)
|
|
|
|
else:
|
|
|
|
loop_copy()
|