mirror of https://github.com/MISP/PyMISP
Make pep8 happy
parent
03c2a053f4
commit
1da7660934
|
@ -10,24 +10,25 @@ from keys import mispUrl, mispKey, csvTaxonomyFile, iocMispMapping
|
||||||
try:
|
try:
|
||||||
from pymisp import PyMISP
|
from pymisp import PyMISP
|
||||||
except:
|
except:
|
||||||
print "you need pymisp form github"
|
print("you need pymisp form github")
|
||||||
import sys
|
import sys
|
||||||
sys.exit(1)
|
sys.exit(1)
|
||||||
|
|
||||||
import json
|
|
||||||
import os
|
import os
|
||||||
import argparse
|
import argparse
|
||||||
|
|
||||||
try:
|
try:
|
||||||
from bs4 import BeautifulSoup
|
from bs4 import BeautifulSoup
|
||||||
except:
|
except:
|
||||||
print "install BeautifulSoup : sudo apt-get install python-bs4 python-lxml"
|
print("install BeautifulSoup : sudo apt-get install python-bs4 python-lxml")
|
||||||
import sys
|
import sys
|
||||||
sys.exit(1)
|
sys.exit(1)
|
||||||
|
|
||||||
|
|
||||||
def misp_init(url, key):
|
def misp_init(url, key):
|
||||||
return PyMISP(url, key, False, 'json')
|
return PyMISP(url, key, False, 'json')
|
||||||
|
|
||||||
|
|
||||||
def check_valid_ioc():
|
def check_valid_ioc():
|
||||||
|
|
||||||
(filepath, filename) = os.path.split(iocDescriptions["iocfile"])
|
(filepath, filename) = os.path.split(iocDescriptions["iocfile"])
|
||||||
|
@ -38,16 +39,18 @@ def check_valid_ioc():
|
||||||
return True
|
return True
|
||||||
return False
|
return False
|
||||||
|
|
||||||
def get_parse_ioc_file():
|
|
||||||
|
|
||||||
|
def get_parse_ioc_file():
|
||||||
return BeautifulSoup(open(iocDescriptions["iocfile"]), "lxml")
|
return BeautifulSoup(open(iocDescriptions["iocfile"]), "lxml")
|
||||||
|
|
||||||
|
|
||||||
def parse_ioc_search_content(iocContextSearch):
|
def parse_ioc_search_content(iocContextSearch):
|
||||||
for k, v in iocMispMapping.items():
|
for k, v in iocMispMapping.items():
|
||||||
if str(k).lower() == str(iocContextSearch).lower():
|
if str(k).lower() == str(iocContextSearch).lower():
|
||||||
return v
|
return v
|
||||||
return False
|
return False
|
||||||
|
|
||||||
|
|
||||||
def create_attribute_json(iocContextSearch, attributeValue, attributeComment, force=False):
|
def create_attribute_json(iocContextSearch, attributeValue, attributeComment, force=False):
|
||||||
#####################################
|
#####################################
|
||||||
# force used for description to upload
|
# force used for description to upload
|
||||||
|
@ -58,7 +61,7 @@ def create_attribute_json(iocContextSearch, attributeValue, attributeComment,for
|
||||||
|
|
||||||
if parseResult is False:
|
if parseResult is False:
|
||||||
|
|
||||||
print "/!\ Not implemented :: {0} :: {1} :: Item add as 'Other','Comment'. Add it in your keys.py".format(iocContextSearch,attributeValue)
|
print("/!\ Not implemented :: {0} :: {1} :: Item add as 'Other','Comment'. Add it in your keys.py".format(iocContextSearch, attributeValue))
|
||||||
########################################
|
########################################
|
||||||
# force import to misp
|
# force import to misp
|
||||||
parseResult = ("Other", "comment")
|
parseResult = ("Other", "comment")
|
||||||
|
@ -69,17 +72,17 @@ def create_attribute_json(iocContextSearch, attributeValue, attributeComment,for
|
||||||
except:
|
except:
|
||||||
comment = attributeComment
|
comment = attributeComment
|
||||||
|
|
||||||
attribute = {
|
attribute = {"category": parseResult[0],
|
||||||
"category": parseResult[0],
|
|
||||||
"type": parseResult[1],
|
"type": parseResult[1],
|
||||||
"value": attributeValue,
|
"value": attributeValue,
|
||||||
"timestamp": "0",
|
"timestamp": "0",
|
||||||
"to_ids": "0",
|
"to_ids": "0",
|
||||||
"distribution": "0",
|
"distribution": "0",
|
||||||
"comment": comment,
|
"comment": comment
|
||||||
}
|
}
|
||||||
return attribute
|
return attribute
|
||||||
|
|
||||||
|
|
||||||
def create_attributes_from_ioc_json(soup):
|
def create_attributes_from_ioc_json(soup):
|
||||||
attributes = []
|
attributes = []
|
||||||
|
|
||||||
|
@ -99,7 +102,6 @@ def create_attributes_from_ioc_json(soup):
|
||||||
else:
|
else:
|
||||||
IndicatorItemValues["comment"] = ""
|
IndicatorItemValues["comment"] = ""
|
||||||
|
|
||||||
|
|
||||||
jsonAttribute = create_attribute_json(IndicatorItemValues["context"], IndicatorItemValues["content"], IndicatorItemValues["comment"])
|
jsonAttribute = create_attribute_json(IndicatorItemValues["context"], IndicatorItemValues["content"], IndicatorItemValues["comment"])
|
||||||
attributes.append(jsonAttribute)
|
attributes.append(jsonAttribute)
|
||||||
|
|
||||||
|
@ -109,13 +111,9 @@ def create_attributes_from_ioc_json(soup):
|
||||||
def create_misp_event_json(attributes):
|
def create_misp_event_json(attributes):
|
||||||
import time
|
import time
|
||||||
if iocDescriptions["authored_by"]:
|
if iocDescriptions["authored_by"]:
|
||||||
attributes.append(
|
attributes.append(create_attribute_json(None, "authored_by", iocDescriptions["authored_by"], True))
|
||||||
create_attribute_json(None,"authored_by",iocDescriptions["authored_by"],True)
|
|
||||||
)
|
|
||||||
if iocDescriptions["authored_date"]:
|
if iocDescriptions["authored_date"]:
|
||||||
attributes.append(
|
attributes.append(create_attribute_json(None, "authored_date", iocDescriptions["authored_date"], True))
|
||||||
create_attribute_json(None,"authored_date",iocDescriptions["authored_date"],True)
|
|
||||||
)
|
|
||||||
|
|
||||||
##################################################
|
##################################################
|
||||||
# make short-description in "info field
|
# make short-description in "info field
|
||||||
|
@ -125,18 +123,14 @@ def create_misp_event_json(attributes):
|
||||||
if iocDescriptions["short_description"]:
|
if iocDescriptions["short_description"]:
|
||||||
mispInfoFild = iocDescriptions["short_description"]
|
mispInfoFild = iocDescriptions["short_description"]
|
||||||
if iocDescriptions["description"]:
|
if iocDescriptions["description"]:
|
||||||
attributes.append(
|
attributes.append(create_attribute_json(None, "description", iocDescriptions["description"], True))
|
||||||
create_attribute_json(None,"description",iocDescriptions["description"],True)
|
|
||||||
)
|
|
||||||
else:
|
else:
|
||||||
if iocDescriptions["description"]:
|
if iocDescriptions["description"]:
|
||||||
mispInfoFild = iocDescriptions["description"]
|
mispInfoFild = iocDescriptions["description"]
|
||||||
else:
|
else:
|
||||||
mispInfoFild = "No description or short_description from IOC find."
|
mispInfoFild = "No description or short_description from IOC find."
|
||||||
|
|
||||||
eventJson = {
|
eventJson = {"Event": {"info": mispInfoFild,
|
||||||
"Event": {
|
|
||||||
"info": mispInfoFild,
|
|
||||||
"timestamp": "1",
|
"timestamp": "1",
|
||||||
"attribute_count": 0,
|
"attribute_count": 0,
|
||||||
"analysis": "0",
|
"analysis": "0",
|
||||||
|
@ -146,8 +140,7 @@ def create_misp_event_json(attributes):
|
||||||
"Attribute": [],
|
"Attribute": [],
|
||||||
"proposal_email_lock": False,
|
"proposal_email_lock": False,
|
||||||
"threat_level_id": "4",
|
"threat_level_id": "4",
|
||||||
}
|
}}
|
||||||
}
|
|
||||||
|
|
||||||
eventJson["Event"]["Attribute"] = attributes
|
eventJson["Event"]["Attribute"] = attributes
|
||||||
|
|
||||||
|
@ -159,6 +152,7 @@ def get_descriptions(soup, description):
|
||||||
return soup.find(description.lower()).text
|
return soup.find(description.lower()).text
|
||||||
return ""
|
return ""
|
||||||
|
|
||||||
|
|
||||||
def save_ioc_description(soup):
|
def save_ioc_description(soup):
|
||||||
list_description = ["short_description", "authored_by", "authored_date", "description"]
|
list_description = ["short_description", "authored_by", "authored_date", "description"]
|
||||||
|
|
||||||
|
@ -168,7 +162,6 @@ def save_ioc_description(soup):
|
||||||
return
|
return
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
def get_taxonomy(soup):
|
def get_taxonomy(soup):
|
||||||
import csv
|
import csv
|
||||||
taxonomy = []
|
taxonomy = []
|
||||||
|
@ -204,12 +197,7 @@ def get_taxonomy(soup):
|
||||||
#########################
|
#########################
|
||||||
# build taxo from csv match
|
# build taxo from csv match
|
||||||
else:
|
else:
|
||||||
taxo = [r[3] for r in
|
taxo = [r[3] for r in {i: r for i, r in csvdic.items() if r[0].lower() == rel and str(r[2]) == "1"}.values() if r[1].lower() == relValue.lower() and str(r[2]) == "1"]
|
||||||
{i:r for i,r in csvdic.items()
|
|
||||||
if r[0].lower() == rel and str(r[2])=="1"
|
|
||||||
}.values()
|
|
||||||
if r[1].lower() == relValue.lower() and str(r[2])=="1"
|
|
||||||
]
|
|
||||||
|
|
||||||
# taxo find in correspondance file
|
# taxo find in correspondance file
|
||||||
if (len(taxo) > 0 and taxo[0] != ''):
|
if (len(taxo) > 0 and taxo[0] != ''):
|
||||||
|
@ -217,16 +205,24 @@ def get_taxonomy(soup):
|
||||||
# not find
|
# not find
|
||||||
return taxonomy
|
return taxonomy
|
||||||
|
|
||||||
|
|
||||||
def custum_color_tag(tagg):
|
def custum_color_tag(tagg):
|
||||||
color = "#00ace6"
|
color = "#00ace6"
|
||||||
if ":amber" in tagg :color="#ffc200"
|
if ":amber" in tagg:
|
||||||
if ":green:" in tagg :color="#009933"
|
color = "#ffc200"
|
||||||
if "tlp:green" in tagg :color="#009933"
|
if ":green:" in tagg:
|
||||||
if ":red:" in tagg :color="#ff0000"
|
color = "#009933"
|
||||||
if "tlp:red" in tagg :color="#ff0000"
|
if "tlp:green" in tagg:
|
||||||
if "tlp:white" in tagg :color="#fafafa"
|
color = "#009933"
|
||||||
|
if ":red:" in tagg:
|
||||||
|
color = "#ff0000"
|
||||||
|
if "tlp:red" in tagg:
|
||||||
|
color = "#ff0000"
|
||||||
|
if "tlp:white" in tagg:
|
||||||
|
color = "#fafafa"
|
||||||
return color
|
return color
|
||||||
|
|
||||||
|
|
||||||
def push_event_to_misp(jsonEvent):
|
def push_event_to_misp(jsonEvent):
|
||||||
global misp
|
global misp
|
||||||
|
|
||||||
|
@ -240,11 +236,11 @@ def push_event_to_misp(jsonEvent):
|
||||||
|
|
||||||
return
|
return
|
||||||
|
|
||||||
|
|
||||||
def upload_file():
|
def upload_file():
|
||||||
|
|
||||||
# filename,path, eid, distrib, ids, categ, info, ids, analysis, threat
|
# filename,path, eid, distrib, ids, categ, info, ids, analysis, threat
|
||||||
misp.upload_sample(
|
misp.upload_sample(iocDescriptions['filename'],
|
||||||
iocDescriptions['filename'],
|
|
||||||
iocDescriptions["iocfile"],
|
iocDescriptions["iocfile"],
|
||||||
iocDescriptions["misp_event_id"],
|
iocDescriptions["misp_event_id"],
|
||||||
"0",
|
"0",
|
||||||
|
@ -255,9 +251,9 @@ def upload_file():
|
||||||
"1",
|
"1",
|
||||||
"4",
|
"4",
|
||||||
)
|
)
|
||||||
|
|
||||||
return
|
return
|
||||||
|
|
||||||
|
|
||||||
def update_tag(listOfTagg):
|
def update_tag(listOfTagg):
|
||||||
for tagg in listOfTagg:
|
for tagg in listOfTagg:
|
||||||
color = custum_color_tag(tagg)
|
color = custum_color_tag(tagg)
|
||||||
|
@ -265,14 +261,12 @@ def update_tag(listOfTagg):
|
||||||
#############################
|
#############################
|
||||||
# creatz tag in MISP
|
# creatz tag in MISP
|
||||||
|
|
||||||
r = misp.new_tag(str(tagg), str(color))
|
misp.new_tag(str(tagg), str(color))
|
||||||
#############################
|
#############################
|
||||||
# link tag to MISP event
|
# link tag to MISP event
|
||||||
toPost = {}
|
toPost = {}
|
||||||
toPost['Event'] = {'id': iocDescriptions["misp_event_id"]}
|
toPost['Event'] = {'id': iocDescriptions["misp_event_id"]}
|
||||||
misp.add_tag(
|
misp.add_tag(toPost, str(tagg))
|
||||||
toPost,
|
|
||||||
str(tagg))
|
|
||||||
return
|
return
|
||||||
|
|
||||||
|
|
||||||
|
@ -281,7 +275,6 @@ def main():
|
||||||
global iocDescriptions
|
global iocDescriptions
|
||||||
iocDescriptions = {}
|
iocDescriptions = {}
|
||||||
|
|
||||||
|
|
||||||
################################
|
################################
|
||||||
# parse for valid argments
|
# parse for valid argments
|
||||||
parser = argparse.ArgumentParser(description='Get an event from a MISP instance.')
|
parser = argparse.ArgumentParser(description='Get an event from a MISP instance.')
|
||||||
|
@ -299,7 +292,7 @@ def main():
|
||||||
# Try to parse file
|
# Try to parse file
|
||||||
iocfileparse = get_parse_ioc_file()
|
iocfileparse = get_parse_ioc_file()
|
||||||
else:
|
else:
|
||||||
print "/!\ Bad format {0}".format(iocDescriptions["iocfile"])
|
print("/!\ Bad format {0}".format(iocDescriptions["iocfile"]))
|
||||||
return
|
return
|
||||||
|
|
||||||
################################
|
################################
|
||||||
|
@ -314,20 +307,18 @@ def main():
|
||||||
# create a json misp event and append attributes
|
# create a json misp event and append attributes
|
||||||
jsonEvent = create_misp_event_json(jsonAttributes)
|
jsonEvent = create_misp_event_json(jsonAttributes)
|
||||||
|
|
||||||
|
|
||||||
################################
|
################################
|
||||||
# try connection
|
# try connection
|
||||||
try:
|
try:
|
||||||
misp = misp_init(mispUrl, mispKey)
|
misp = misp_init(mispUrl, mispKey)
|
||||||
except:
|
except:
|
||||||
print "/!\ Connection fail, bad url ({0}) or API key : {1}".format(mispUrl,mispKey)
|
print("/!\ Connection fail, bad url ({0}) or API key : {1}".format(mispUrl, mispKey))
|
||||||
return
|
return
|
||||||
|
|
||||||
################################
|
################################
|
||||||
# Add event to MSIP
|
# Add event to MSIP
|
||||||
push_event_to_misp(jsonEvent)
|
push_event_to_misp(jsonEvent)
|
||||||
|
|
||||||
|
|
||||||
################################
|
################################
|
||||||
# Upload the IOC file and close tmpfile
|
# Upload the IOC file and close tmpfile
|
||||||
upload_file()
|
upload_file()
|
||||||
|
@ -343,6 +334,5 @@ def main():
|
||||||
update_tag(customTag.split(","))
|
update_tag(customTag.split(","))
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
if __name__ == '__main__':
|
if __name__ == '__main__':
|
||||||
main()
|
main()
|
||||||
|
|
Loading…
Reference in New Issue