Merge pull request #3 from iglocska/master

Script for the upcoming feed generator
2016-03-01 15:53:21 +01:00 · 2016-03-01 15:53:21 +01:00 · 1112a1c5f3
parent 3a2414bc8c be242152e7
commit 1112a1c5f3
4 changed files with 79 additions and 3 deletions
--- a/examples/feed-generator/generate.py
+++ b/examples/feed-generator/generate.py
@ -0,0 +1,48 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+import sys
+import json
+import os
+from pymisp import PyMISP
+from settings import url, key, ssl, outputdir, filters
+
+
+def init():
+    return PyMISP(url, key, ssl, 'json')
+
+
+def saveEvent(misp, uuid):
+    try:
+        event = misp.get_event(uuid)
+        eventFile = open(os.path.join(outputdir, uuid + '.json'), 'w')
+        eventFile.write(event.text)
+        eventFile.close()
+    except:
+        sys.exit('Could not create the manifest file.')
+
+
+def saveManifest(manifest):
+    try:
+        manifestFile = open(os.path.join(outputdir, 'manifest.json'), 'w')
+        manifestFile.write(json.dumps(manifest))
+        manifestFile.close()
+    except:
+        sys.exit('Could not create the manifest file.')
+
+if __name__ == '__main__':
+    misp = init()
+    result = misp.get_index(None, filters)
+    try:
+        events = result.json()
+    except:
+        sys.exit("Invalid response received from MISP.")
+    if len(events) == 0:
+        sys.exit("No events returned.")
+    manifest = {}
+    for event in events:
+        manifest[event['uuid']] = event['timestamp']
+        saveEvent(misp, event['uuid'])
+    saveManifest(manifest)
+    print str(len(manifest)) + ' events exported.'
+
--- a/examples/feed-generator/output/empty
+++ b/examples/feed-generator/output/empty
--- a/examples/feed-generator/settings.py
+++ b/examples/feed-generator/settings.py
@ -0,0 +1,23 @@
+# Your MISP's URL
+url = ''
+
+# The auth key to the MISP user that you wish to use. Make sure that the
+# user has auth_key access
+key = ''
+
+# Should the certificate be validated?
+ssl = False
+
+# The output dir for the feed. This will drop a lot of files, so make
+# sure that you use a directory dedicated to the feed
+outputdir = 'output'
+
+# The filters to be used for by the feed. You can use any filter that
+# you can use on the event index, such as organisation, tags, etc.
+# It uses the same joining and condition rules as the API parameters
+# For example:
+# filters = {'tag':'tlp:white|feed-export|!privint','org':'CIRCL'}
+# the above would generate a feed for all events created by CIRCL, tagged
+# tlp:white and/or feed-export but exclude anything tagged privint
+filters = {}
+
--- a/pymisp/api.py
+++ b/pymisp/api.py
@ -192,15 +192,20 @@ class PyMISP(object):
    # ############### Simple REST API ################
    # ################################################

-    def get_index(self, force_out=None):
+    def get_index(self, force_out=None, filters=None):
        """
            Return the index.

            Warning, there's a limit on the number of results
        """
        session = self.__prepare_session(force_out)
-        url = urljoin(self.root_url, 'events')
-        return session.get(url)
+        url = urljoin(self.root_url, 'events', 'index')
+        if filters is not None:
+            filters = json.dumps(filters)
+            print filters
+            return session.post(url, data=filters)
+        else:
+            return session.get(url)

    def get_event(self, event_id, force_out=None):
        """