2018-03-18 23:21:29 +01:00
|
|
|
#!/usr/bin/env python3
|
|
|
|
# -*- coding: utf-8 -*-
|
|
|
|
|
2019-07-17 16:46:47 +02:00
|
|
|
from pymisp import ExpandedPyMISP
|
2018-03-18 23:21:29 +01:00
|
|
|
from pymisp.tools import EMailObject
|
|
|
|
import traceback
|
|
|
|
from keys import misp_url, misp_key, misp_verifycert
|
|
|
|
import glob
|
|
|
|
import argparse
|
|
|
|
|
|
|
|
|
|
|
|
if __name__ == '__main__':
|
|
|
|
parser = argparse.ArgumentParser(description='Extract indicators out of binaries and add MISP objects to a MISP instance.')
|
|
|
|
parser.add_argument("-e", "--event", required=True, help="Event ID to update.")
|
|
|
|
parser.add_argument("-p", "--path", required=True, help="Path to process (expanded using glob).")
|
|
|
|
args = parser.parse_args()
|
|
|
|
|
2019-07-17 16:46:47 +02:00
|
|
|
pymisp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert, debug=True)
|
2018-03-18 23:21:29 +01:00
|
|
|
|
|
|
|
for f in glob.glob(args.path):
|
|
|
|
try:
|
|
|
|
eo = EMailObject(f)
|
2019-07-17 16:46:47 +02:00
|
|
|
except Exception:
|
2018-03-18 23:21:29 +01:00
|
|
|
traceback.print_exc()
|
|
|
|
continue
|
|
|
|
|
|
|
|
if eo:
|
2019-07-22 12:41:27 +02:00
|
|
|
response = pymisp.add_object(args.event, eo, pythonify=True)
|
2018-03-18 23:21:29 +01:00
|
|
|
for ref in eo.ObjectReference:
|
|
|
|
r = pymisp.add_object_reference(ref)
|