PyMISP/examples/add_generic_object.py

#!/usr/bin/env python
# -*- coding: utf-8 -*-

import json
from pymisp import PyMISP
from pymisp.tools import GenericObjectGenerator
from keys import misp_url, misp_key, misp_verifycert
import argparse

"""
Sample usage:
./add_generic_object.py -e 5065 -t email -l '[{"to": "undisclosed@ppp.com"}, {"to": "second.to@mail.com"}]'
"""

if __name__ == '__main__':
    parser = argparse.ArgumentParser(description='Create a MISP Object selectable by type starting from a dictionary')
    parser.add_argument("-e", "--event", required=True, help="Event ID to update")
    parser.add_argument("-t", "--type", required=True, help="Type of the generic object")
    parser.add_argument("-l", "--attr_list", required=True, help="List of attributes")
    args = parser.parse_args()

    pymisp = PyMISP(misp_url, misp_key, misp_verifycert)
    template = pymisp.get_object_templates_list()
    if 'response' in template.keys():
        template = template['response']
    try:
        template_ids = [x['ObjectTemplate']['id'] for x in template if x['ObjectTemplate']['name'] == args.type]
        if len(template_ids) > 0:
            template_id = template_ids[0]
        else:
            raise IndexError
    except IndexError:
        valid_types = ", ".join([x['ObjectTemplate']['name'] for x in template])
        print ("Template for type %s not found! Valid types are: %s" % (args.type, valid_types))
        exit()

    misp_object = GenericObjectGenerator(args.type.replace("|", "-"))
    misp_object.generate_attributes(json.loads(args.attr_list))
    r = pymisp.add_object(args.event, template_id, misp_object)
chg: Allow to add multiple attribute of the same type 2017-11-15 09:39:59 +01:00			`#!/usr/bin/env python`
			`# -- coding: utf-8 --`

Created add_generic_object.py usage: add_generic_object.py [-h] -e EVENT -t TYPE -d DICT Examples: python3 add_generic_object.py -e 1683 -t email -d '{"subject":"The Pink Letter", "to":"jon@snow.org"}' python3 add_generic_object.py -e 2343 -t person -d '{"first-name":"Daenerys", "last-name":"Targaryen", "place-of-birth":"Dragonstone"}' python3 add_generic_object.py -e 3596 -t "domain\|ip" -d '{"domain":"stormborn.org", "ip":"50.63.202.33"}' 2017-10-20 09:55:46 +02:00			`import json`
			`from pymisp import PyMISP`
chg: Add a generic MISP object generator 2017-11-15 17:37:17 +01:00			`from pymisp.tools import GenericObjectGenerator`
Created add_generic_object.py usage: add_generic_object.py [-h] -e EVENT -t TYPE -d DICT Examples: python3 add_generic_object.py -e 1683 -t email -d '{"subject":"The Pink Letter", "to":"jon@snow.org"}' python3 add_generic_object.py -e 2343 -t person -d '{"first-name":"Daenerys", "last-name":"Targaryen", "place-of-birth":"Dragonstone"}' python3 add_generic_object.py -e 3596 -t "domain\|ip" -d '{"domain":"stormborn.org", "ip":"50.63.202.33"}' 2017-10-20 09:55:46 +02:00			`from keys import misp_url, misp_key, misp_verifycert`
			`import argparse`

chg: Allow to add multiple attribute of the same type 2017-11-15 09:39:59 +01:00			`"""`
			`Sample usage:`
			`./add_generic_object.py -e 5065 -t email -l '[{"to": "undisclosed@ppp.com"}, {"to": "second.to@mail.com"}]'`
			`"""`

Created add_generic_object.py usage: add_generic_object.py [-h] -e EVENT -t TYPE -d DICT Examples: python3 add_generic_object.py -e 1683 -t email -d '{"subject":"The Pink Letter", "to":"jon@snow.org"}' python3 add_generic_object.py -e 2343 -t person -d '{"first-name":"Daenerys", "last-name":"Targaryen", "place-of-birth":"Dragonstone"}' python3 add_generic_object.py -e 3596 -t "domain\|ip" -d '{"domain":"stormborn.org", "ip":"50.63.202.33"}' 2017-10-20 09:55:46 +02:00			`if __name__ == '__main__':`
			`parser = argparse.ArgumentParser(description='Create a MISP Object selectable by type starting from a dictionary')`
			`parser.add_argument("-e", "--event", required=True, help="Event ID to update")`
			`parser.add_argument("-t", "--type", required=True, help="Type of the generic object")`
chg: Allow to add multiple attribute of the same type 2017-11-15 09:39:59 +01:00			`parser.add_argument("-l", "--attr_list", required=True, help="List of attributes")`
Created add_generic_object.py usage: add_generic_object.py [-h] -e EVENT -t TYPE -d DICT Examples: python3 add_generic_object.py -e 1683 -t email -d '{"subject":"The Pink Letter", "to":"jon@snow.org"}' python3 add_generic_object.py -e 2343 -t person -d '{"first-name":"Daenerys", "last-name":"Targaryen", "place-of-birth":"Dragonstone"}' python3 add_generic_object.py -e 3596 -t "domain\|ip" -d '{"domain":"stormborn.org", "ip":"50.63.202.33"}' 2017-10-20 09:55:46 +02:00			`args = parser.parse_args()`

			`pymisp = PyMISP(misp_url, misp_key, misp_verifycert)`
fix for last pymisp version 2018-12-04 17:08:00 +01:00			`template = pymisp.get_object_templates_list()`
			`if 'response' in template.keys():`
			`template = template['response']`
Created add_generic_object.py usage: add_generic_object.py [-h] -e EVENT -t TYPE -d DICT Examples: python3 add_generic_object.py -e 1683 -t email -d '{"subject":"The Pink Letter", "to":"jon@snow.org"}' python3 add_generic_object.py -e 2343 -t person -d '{"first-name":"Daenerys", "last-name":"Targaryen", "place-of-birth":"Dragonstone"}' python3 add_generic_object.py -e 3596 -t "domain\|ip" -d '{"domain":"stormborn.org", "ip":"50.63.202.33"}' 2017-10-20 09:55:46 +02:00			`try:`
fix for last pymisp version 2018-12-04 17:08:00 +01:00			`template_ids = [x['ObjectTemplate']['id'] for x in template if x['ObjectTemplate']['name'] == args.type]`
			`if len(template_ids) > 0:`
			`template_id = template_ids[0]`
			`else:`
			`raise IndexError`
Created add_generic_object.py usage: add_generic_object.py [-h] -e EVENT -t TYPE -d DICT Examples: python3 add_generic_object.py -e 1683 -t email -d '{"subject":"The Pink Letter", "to":"jon@snow.org"}' python3 add_generic_object.py -e 2343 -t person -d '{"first-name":"Daenerys", "last-name":"Targaryen", "place-of-birth":"Dragonstone"}' python3 add_generic_object.py -e 3596 -t "domain\|ip" -d '{"domain":"stormborn.org", "ip":"50.63.202.33"}' 2017-10-20 09:55:46 +02:00			`except IndexError:`
fix for last pymisp version 2018-12-04 17:08:00 +01:00			`valid_types = ", ".join([x['ObjectTemplate']['name'] for x in template])`
Created add_generic_object.py usage: add_generic_object.py [-h] -e EVENT -t TYPE -d DICT Examples: python3 add_generic_object.py -e 1683 -t email -d '{"subject":"The Pink Letter", "to":"jon@snow.org"}' python3 add_generic_object.py -e 2343 -t person -d '{"first-name":"Daenerys", "last-name":"Targaryen", "place-of-birth":"Dragonstone"}' python3 add_generic_object.py -e 3596 -t "domain\|ip" -d '{"domain":"stormborn.org", "ip":"50.63.202.33"}' 2017-10-20 09:55:46 +02:00			`print ("Template for type %s not found! Valid types are: %s" % (args.type, valid_types))`
			`exit()`

chg: Add a generic MISP object generator 2017-11-15 17:37:17 +01:00			`misp_object = GenericObjectGenerator(args.type.replace("\|", "-"))`
			`misp_object.generate_attributes(json.loads(args.attr_list))`
Created add_generic_object.py usage: add_generic_object.py [-h] -e EVENT -t TYPE -d DICT Examples: python3 add_generic_object.py -e 1683 -t email -d '{"subject":"The Pink Letter", "to":"jon@snow.org"}' python3 add_generic_object.py -e 2343 -t person -d '{"first-name":"Daenerys", "last-name":"Targaryen", "place-of-birth":"Dragonstone"}' python3 add_generic_object.py -e 3596 -t "domain\|ip" -d '{"domain":"stormborn.org", "ip":"50.63.202.33"}' 2017-10-20 09:55:46 +02:00			`r = pymisp.add_object(args.event, template_id, misp_object)`