modify fetching method to use last

pull/23/head
Déborah Servili 2016-07-21 10:09:10 +02:00
parent b0a66da4de
commit 0f68ffc617
2 changed files with 21 additions and 22 deletions

View File

@ -13,23 +13,25 @@ def init(url, key):
########## fetch data ########## ########## fetch data ##########
def searchall(m, search, url): def download_last(m, last):
result = m.search_all(search) result = m.download_last(last)
with open('data', 'w') as f: with open('data', 'w') as f:
f.write(json.dumps(result)) f.write(json.dumps(result))
if __name__ == '__main__': if __name__ == '__main__':
parser = argparse.ArgumentParser(description='Take a sample of events (based on last.py of searchall.py) and create a treemap epresenting the distribution of attributes in this sample.') parser = argparse.ArgumentParser(description='Take a sample of events (based on last.py) and give the number of occurrence of the given tag in this sample.')
parser.add_argument("-s", "--search", help="string to search") parser.add_argument("-t", "--tag", required=True, help="tag to search (search for multiple tags is possible by using |. example : \"osint|OSINT\")")
parser.add_argument("-t", "--tag", required=True, help="String to search in tags, can be composed. Example: \"ransomware|Ransomware\"") parser.add_argument("-d", "--days", help="number of days before today to search. If not define, default value is 7")
parser.add_argument("-b", "--begindate", help="The research will look for Tags attached to events posted at or after the given startdate (format: yyyy-mm-dd): If no date is given, default time is epoch time (1970-1-1)") parser.add_argument("-b", "--begindate", help="The research will look for tags attached to events posted at or after the given startdate (format: yyyy-mm-dd): If no date is given, default time is epoch time (1970-1-1)")
parser.add_argument("-e", "--enddate", help="The research will look for Tags attached to events posted at or before the given enddate (format: yyyy-mm-dd): If no date is given, default time is now()") parser.add_argument("-e", "--enddate", help="The research will look for tags attached to events posted at or before the given enddate (format: yyyy-mm-dd): If no date is given, default time is now()")
args = parser.parse_args() args = parser.parse_args()
misp = init(misp_url, misp_key) misp = init(misp_url, misp_key)
searchall(misp, args.search, misp_url) if args.days is None:
args.days = '7'
download_last(misp, args.days + 'd')
if args.begindate is not None: if args.begindate is not None:
args.begindate = tools.toDatetime(args.begindate) args.begindate = tools.toDatetime(args.begindate)

View File

@ -13,24 +13,26 @@ def init(url, key):
########## fetch data ########## ########## fetch data ##########
def searchall(m, search, url): def download_last(m, last):
result = m.search_all(search) result = m.download_last(last)
with open('data', 'w') as f: with open('data', 'w') as f:
f.write(json.dumps(result)) f.write(json.dumps(result))
if __name__ == '__main__': if __name__ == '__main__':
parser = argparse.ArgumentParser(description='Take a sample of events (based on last.py of searchall.py) and create a treemap epresenting the distribution of attributes in this sample.') parser = argparse.ArgumentParser(description='Take a sample of events (based on last.py) and give the repartition of tags in this sample.')
parser.add_argument("-s", "--search", help="string to search") parser.add_argument("-d", "--days", help="number of days before today to search. If not define, default value is 7")
parser.add_argument("-b", "--begindate", help="The research will look for Tags attached to events posted at or after the given startdate (format: yyyy-mm-dd): If no date is given, default time is epoch time (1970-1-1)") parser.add_argument("-b", "--begindate", help="The research will look for tags attached to events posted at or after the given startdate (format: yyyy-mm-dd): If no date is given, default time is epoch time (1970-1-1)")
parser.add_argument("-e", "--enddate", help="The research will look for Tags attached to events posted at or before the given enddate (format: yyyy-mm-dd): If no date is given, default time is now()") parser.add_argument("-e", "--enddate", help="The research will look for tags attached to events posted at or before the given enddate (format: yyyy-mm-dd): If no date is given, default time is now()")
args = parser.parse_args() args = parser.parse_args()
misp = init(misp_url, misp_key) misp = init(misp_url, misp_key)
if args.search is None: if args.days is None:
args.search = '' args.days = '7'
searchall(misp, args.search, misp_url) download_last(misp, args.days + 'd')
if args.begindate is not None: if args.begindate is not None:
args.begindate = tools.toDatetime(args.begindate) args.begindate = tools.toDatetime(args.begindate)
@ -63,8 +65,3 @@ if __name__ == '__main__':
print '\n========================================================' print '\n========================================================'
print text print text
print result print result
'''
print 'During the studied pediod, ' + str(TotalPeriodTags) + ' events out of ' + str(TotalPeriodEvents) + ' contains at least one tag with ' + args.tag + '.'
print 'It represents ' + str(round(100*TotalPeriodTags/TotalTags,3)) + '% of the fetched events (' + str(TotalTags) + ') including this tag.'
print 'It also represents ' + str(round(100*TotalPeriodTags/TotalEvents,3)) + '% of all the fetched events (' + str(TotalEvents) + ').'
'''