2018-03-09 15:31:13 +01:00
|
|
|
""" REDIS RELATED """
|
2018-03-08 12:01:35 +01:00
|
|
|
# Your redis server
|
|
|
|
host='127.0.0.1'
|
|
|
|
port=6379
|
|
|
|
db=0
|
|
|
|
## The keynames to POP element from
|
2018-03-08 14:19:28 +01:00
|
|
|
keyname_pop=['cowrie']
|
2018-03-08 12:01:35 +01:00
|
|
|
|
2018-03-09 15:31:13 +01:00
|
|
|
# OTHERS
|
2018-10-11 10:12:45 +02:00
|
|
|
## If key prefix not provided, data will be added as either object, attribute or sighting
|
|
|
|
fallback_MISP_type = 'object'
|
|
|
|
### How to handle the fallback
|
|
|
|
fallback_object_template_name = 'cowrie' # MISP-Object only
|
|
|
|
fallback_attribute_category = 'comment' # MISP-Attribute only
|
|
|
|
|
2018-03-09 15:31:13 +01:00
|
|
|
## How frequent the event should be written on disk
|
|
|
|
flushing_interval=5*60
|
|
|
|
## The redis list keyname in which to put items that generated an error
|
|
|
|
keyname_error='feed-generation-error'
|
|
|
|
|
|
|
|
""" FEED GENERATOR CONFIGURATION """
|
|
|
|
|
2018-03-08 12:01:35 +01:00
|
|
|
# The output dir for the feed. This will drop a lot of files, so make
|
|
|
|
# sure that you use a directory dedicated to the feed
|
|
|
|
outputdir = 'output'
|
|
|
|
|
|
|
|
# Event meta data
|
|
|
|
## Required
|
|
|
|
### The organisation id that generated this feed
|
|
|
|
org_name='myOrg'
|
|
|
|
### Your organisation UUID
|
|
|
|
org_uuid=''
|
2018-03-12 15:17:25 +01:00
|
|
|
### The daily event name to be used in MISP.
|
2018-03-09 15:31:13 +01:00
|
|
|
### (e.g. honeypot_1, will produce each day an event of the form honeypot_1 dd-mm-yyyy)
|
2018-03-08 12:01:35 +01:00
|
|
|
daily_event_name='PyMISP default event name'
|
|
|
|
|
|
|
|
## Optional
|
|
|
|
analysis=0
|
|
|
|
threat_level_id=3
|
|
|
|
published=False
|
2018-03-09 15:31:13 +01:00
|
|
|
Tag=[
|
|
|
|
{
|
2018-03-08 12:01:35 +01:00
|
|
|
"colour": "#ffffff",
|
|
|
|
"name": "tlp:white"
|
2018-03-08 17:33:39 +01:00
|
|
|
},
|
2018-03-09 15:31:13 +01:00
|
|
|
{
|
2018-03-08 17:33:39 +01:00
|
|
|
"colour": "#ff00ff",
|
|
|
|
"name": "my:custom:feed"
|
2018-03-09 15:31:13 +01:00
|
|
|
}
|
|
|
|
]
|
2018-03-08 12:01:35 +01:00
|
|
|
|
2018-03-12 15:17:25 +01:00
|
|
|
# MISP Object constructor
|
2018-03-12 15:22:58 +01:00
|
|
|
from ObjectConstructor.CowrieMISPObject import CowrieMISPObject
|
2018-03-12 15:17:25 +01:00
|
|
|
from pymisp.tools import GenericObjectGenerator
|
|
|
|
|
|
|
|
constructor_dict = {
|
|
|
|
'cowrie': CowrieMISPObject,
|
|
|
|
'generic': GenericObjectGenerator
|
|
|
|
}
|
|
|
|
|
2018-03-08 12:01:35 +01:00
|
|
|
# Others
|
|
|
|
## Redis pooling time
|
2018-03-08 17:33:39 +01:00
|
|
|
sleep=60
|