Merge branch 'LDO-CERT-master'

2018-01-23 11:07:53 +01:00 · 2018-01-23 11:07:53 +01:00 · 19fa34c8fe
parent 8026d0fa42 e2bb66d01c
commit 19fa34c8fe
4 changed files with 39 additions and 1 deletions
--- a/examples/add_sbsignature.py
+++ b/examples/add_sbsignature.py
@ -0,0 +1,16 @@
+import json
+from pymisp import PyMISP
+from keys import misp_url, misp_key, misp_verifycert
+from pymisp.tools import SBSignatureObject
+
+pymisp = PyMISP(misp_url, misp_key, misp_verifycert)
+a = json.loads('{"signatures":[{"new_data":[],"confidence":100,"families":[],"severity":1,"weight":0,"description":"AttemptstoconnecttoadeadIP:Port(2uniquetimes)","alert":false,"references":[],"data":[{"IP":"95.101.39.58:80(Europe)"},{"IP":"192.35.177.64:80(UnitedStates)"}],"name":"dead_connect"},{"new_data":[],"confidence":30,"families":[],"severity":2,"weight":1,"description":"PerformssomeHTTPrequests","alert":false,"references":[],"data":[{"url":"http://cert.int-x3.letsencrypt.org/"},{"url":"http://apps.identrust.com/roots/dstrootcax3.p7c"}],"name":"network_http"},{"new_data":[],"confidence":100,"families":[],"severity":2,"weight":1,"description":"Theofficefilehasaunconventionalcodepage:ANSICyrillic;Cyrillic(Windows)","alert":false,"references":[],"data":[],"name":"office_code_page"}]}')
+a = [(x['name'], x['description']) for x in a["signatures"]]
+
+
+b = SBSignatureObject(a)
+
+
+template_id = [x['ObjectTemplate']['id'] for x in pymisp.get_object_templates_list() if x['ObjectTemplate']['name'] == 'sb-signature'][0]
+
+pymisp.add_object(234111, template_id, b)
--- a/pymisp/data/misp-objects
+++ b/pymisp/data/misp-objects
@ -1 +1 @@
-Subproject commit 21e58b3ddf1737028b556b93b20d848f86a71cd0
+Subproject commit 333f9a46e4bcc96cd2e5f276bff26c9dd9b1524f
--- a/pymisp/tools/init.py
+++ b/pymisp/tools/init.py
@ -8,3 +8,4 @@ from .create_misp_object import make_binary_objects  # noqa
 from .abstractgenerator import AbstractMISPObjectGenerator  # noqa
 from .genericgenerator import GenericObjectGenerator  # noqa
 from .openioc import load_openioc, load_openioc_file  # noqa
+from .sbsignatureobject import SBSignatureObject  # noqa
--- a/pymisp/tools/sbsignatureobject.py
+++ b/pymisp/tools/sbsignatureobject.py
@ -0,0 +1,21 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+
+from .abstractgenerator import AbstractMISPObjectGenerator
+
+
+class SBSignatureObject(AbstractMISPObjectGenerator):
+    '''
+    Sandbox Analyzer
+    '''
+    def __init__(self, software, report, standalone=True, **kwargs):
+        super(SBSignatureObject, self).__init__("sb-signature", **kwargs)
+        self._software = software
+        self._report = report
+        self.generate_attributes()
+
+    def generate_attributes(self):
+        ''' Parse the report for relevant attributes '''
+        self.add_attribute("software", value=self._software)
+        for (signature_name, description) in self._report:
+            self.add_attribute("signature", value=signature_name, comment=description)