2016-06-16 06:48:40 +02:00
|
|
|
#!/usr/bin/env python
|
2016-03-01 15:32:58 +01:00
|
|
|
# -*- coding: utf-8 -*-
|
|
|
|
|
|
|
|
import sys
|
|
|
|
import json
|
|
|
|
import os
|
|
|
|
from pymisp import PyMISP
|
2016-06-16 06:48:40 +02:00
|
|
|
from settings import url, key, ssl, outputdir, filters, valid_attribute_distribution_levels
|
|
|
|
|
|
|
|
|
|
|
|
objectsToSave = {'Orgc': {'fields': ['name', 'uuid'],
|
|
|
|
'multiple': False,
|
|
|
|
},
|
|
|
|
'Tag': {'fields': ['name', 'colour', 'exportable'],
|
|
|
|
'multiple': True,
|
|
|
|
},
|
|
|
|
'Attribute': {'fields': ['uuid', 'value', 'category', 'type',
|
|
|
|
'comment', 'data', 'timestamp', 'to_ids'],
|
|
|
|
'multiple': True,
|
|
|
|
},
|
|
|
|
}
|
2016-03-07 03:29:34 +01:00
|
|
|
|
|
|
|
fieldsToSave = ['uuid', 'info', 'threat_level_id', 'analysis',
|
|
|
|
'timestamp', 'publish_timestamp', 'published',
|
|
|
|
'date']
|
|
|
|
|
2016-04-11 15:18:05 +02:00
|
|
|
valid_attribute_distributions = []
|
|
|
|
|
2016-03-07 03:29:34 +01:00
|
|
|
|
2016-03-01 15:32:58 +01:00
|
|
|
def init():
|
2016-04-11 15:18:05 +02:00
|
|
|
# If we have an old settings.py file then this variable won't exist
|
|
|
|
global valid_attribute_distributions
|
|
|
|
try:
|
|
|
|
valid_attribute_distributions = valid_attribute_distribution_levels
|
|
|
|
except:
|
|
|
|
valid_attribute_distributions = ['0', '1', '2', '3', '4', '5']
|
2016-09-12 12:53:58 +02:00
|
|
|
return PyMISP(url, key, ssl)
|
2016-03-01 15:32:58 +01:00
|
|
|
|
|
|
|
|
|
|
|
def saveEvent(misp, uuid):
|
2016-06-16 06:48:40 +02:00
|
|
|
event = misp.get_event(uuid)
|
2016-09-12 12:53:58 +02:00
|
|
|
if not event.get('Event'):
|
|
|
|
print('Error while fetching event: {}'.format(event['message']))
|
2016-03-07 03:29:34 +01:00
|
|
|
sys.exit('Could not create file for event ' + uuid + '.')
|
2016-06-16 06:48:40 +02:00
|
|
|
event = __cleanUpEvent(event)
|
|
|
|
event = json.dumps(event)
|
|
|
|
eventFile = open(os.path.join(outputdir, uuid + '.json'), 'w')
|
|
|
|
eventFile.write(event)
|
|
|
|
eventFile.close()
|
2016-03-07 03:29:34 +01:00
|
|
|
|
|
|
|
|
|
|
|
def __cleanUpEvent(event):
|
2016-09-12 12:53:58 +02:00
|
|
|
temp = event
|
2016-03-07 03:29:34 +01:00
|
|
|
event = {'Event': {}}
|
|
|
|
__cleanupEventFields(event, temp)
|
|
|
|
__cleanupEventObjects(event, temp)
|
|
|
|
return event
|
|
|
|
|
|
|
|
|
|
|
|
def __cleanupEventFields(event, temp):
|
|
|
|
for field in fieldsToSave:
|
|
|
|
if field in temp['Event'].keys():
|
|
|
|
event['Event'][field] = temp['Event'][field]
|
|
|
|
return event
|
|
|
|
|
|
|
|
|
2016-04-11 15:18:05 +02:00
|
|
|
def __blockAttributeByDistribution(attribute):
|
|
|
|
if attribute['distribution'] not in valid_attribute_distributions:
|
|
|
|
return True
|
|
|
|
return False
|
|
|
|
|
|
|
|
|
2016-03-07 03:29:34 +01:00
|
|
|
def __cleanupEventObjects(event, temp):
|
|
|
|
for objectType in objectsToSave.keys():
|
|
|
|
if objectsToSave[objectType]['multiple'] is True:
|
2016-03-11 14:51:38 +01:00
|
|
|
if objectType in temp['Event']:
|
|
|
|
for objectInstance in temp['Event'][objectType]:
|
2016-04-11 15:18:05 +02:00
|
|
|
if objectType is 'Attribute':
|
|
|
|
if __blockAttributeByDistribution(objectInstance):
|
|
|
|
continue
|
2016-03-11 14:51:38 +01:00
|
|
|
tempObject = {}
|
|
|
|
for field in objectsToSave[objectType]['fields']:
|
|
|
|
if field in objectInstance.keys():
|
|
|
|
tempObject[field] = objectInstance[field]
|
|
|
|
if objectType not in event['Event']:
|
|
|
|
event['Event'][objectType] = []
|
|
|
|
event['Event'][objectType].append(tempObject)
|
2016-03-07 03:29:34 +01:00
|
|
|
else:
|
|
|
|
tempObject = {}
|
|
|
|
for field in objectsToSave[objectType]['fields']:
|
|
|
|
tempObject[field] = temp['Event'][objectType][field]
|
|
|
|
event['Event'][objectType] = tempObject
|
|
|
|
return event
|
2016-03-01 15:32:58 +01:00
|
|
|
|
|
|
|
|
|
|
|
def saveManifest(manifest):
|
|
|
|
try:
|
|
|
|
manifestFile = open(os.path.join(outputdir, 'manifest.json'), 'w')
|
|
|
|
manifestFile.write(json.dumps(manifest))
|
|
|
|
manifestFile.close()
|
2016-06-16 06:48:40 +02:00
|
|
|
except Exception as e:
|
|
|
|
print(e)
|
2016-03-01 15:32:58 +01:00
|
|
|
sys.exit('Could not create the manifest file.')
|
|
|
|
|
2016-03-07 03:29:34 +01:00
|
|
|
|
|
|
|
def __addEventToManifest(event):
|
|
|
|
tags = []
|
|
|
|
for eventTag in event['EventTag']:
|
|
|
|
tags.append({'name': eventTag['Tag']['name'],
|
|
|
|
'colour': eventTag['Tag']['colour']})
|
2016-06-16 06:48:40 +02:00
|
|
|
return {'Orgc': event['Orgc'],
|
2016-03-07 03:29:34 +01:00
|
|
|
'Tag': tags,
|
|
|
|
'info': event['info'],
|
|
|
|
'date': event['date'],
|
|
|
|
'analysis': event['analysis'],
|
|
|
|
'threat_level_id': event['threat_level_id'],
|
|
|
|
'timestamp': event['timestamp']
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2016-03-01 15:32:58 +01:00
|
|
|
if __name__ == '__main__':
|
|
|
|
misp = init()
|
|
|
|
try:
|
2016-09-12 12:53:58 +02:00
|
|
|
r = misp.get_index(filters)
|
|
|
|
events = r['response']
|
|
|
|
print(events[0])
|
|
|
|
except Exception as e:
|
|
|
|
print(e)
|
2016-03-01 15:32:58 +01:00
|
|
|
sys.exit("Invalid response received from MISP.")
|
|
|
|
if len(events) == 0:
|
|
|
|
sys.exit("No events returned.")
|
|
|
|
manifest = {}
|
2016-03-07 03:29:34 +01:00
|
|
|
counter = 1
|
|
|
|
total = len(events)
|
2016-03-01 15:32:58 +01:00
|
|
|
for event in events:
|
|
|
|
saveEvent(misp, event['uuid'])
|
2016-03-07 03:29:34 +01:00
|
|
|
manifest[event['uuid']] = __addEventToManifest(event)
|
2016-06-16 06:48:40 +02:00
|
|
|
print("Event " + str(counter) + "/" + str(total) + " exported.")
|
2016-03-07 03:29:34 +01:00
|
|
|
counter += 1
|
2016-03-01 15:32:58 +01:00
|
|
|
saveManifest(manifest)
|
2016-06-16 06:48:40 +02:00
|
|
|
print('Manifest saved. Feed creation completed.')
|