mirror of https://github.com/MISP/PyMISP
Make pep8 happy
parent
03c2a053f4
commit
1da7660934
|
@ -10,24 +10,25 @@ from keys import mispUrl, mispKey, csvTaxonomyFile, iocMispMapping
|
|||
try:
|
||||
from pymisp import PyMISP
|
||||
except:
|
||||
print "you need pymisp form github"
|
||||
print("you need pymisp form github")
|
||||
import sys
|
||||
sys.exit(1)
|
||||
|
||||
import json
|
||||
import os
|
||||
import argparse
|
||||
|
||||
try:
|
||||
from bs4 import BeautifulSoup
|
||||
except:
|
||||
print "install BeautifulSoup : sudo apt-get install python-bs4 python-lxml"
|
||||
print("install BeautifulSoup : sudo apt-get install python-bs4 python-lxml")
|
||||
import sys
|
||||
sys.exit(1)
|
||||
|
||||
|
||||
def misp_init(url, key):
|
||||
return PyMISP(url, key, False, 'json')
|
||||
|
||||
|
||||
def check_valid_ioc():
|
||||
|
||||
(filepath, filename) = os.path.split(iocDescriptions["iocfile"])
|
||||
|
@ -38,16 +39,18 @@ def check_valid_ioc():
|
|||
return True
|
||||
return False
|
||||
|
||||
def get_parse_ioc_file():
|
||||
|
||||
def get_parse_ioc_file():
|
||||
return BeautifulSoup(open(iocDescriptions["iocfile"]), "lxml")
|
||||
|
||||
|
||||
def parse_ioc_search_content(iocContextSearch):
|
||||
for k, v in iocMispMapping.items():
|
||||
if str(k).lower() == str(iocContextSearch).lower():
|
||||
return v
|
||||
return False
|
||||
|
||||
|
||||
def create_attribute_json(iocContextSearch, attributeValue, attributeComment, force=False):
|
||||
#####################################
|
||||
# force used for description to upload
|
||||
|
@ -58,7 +61,7 @@ def create_attribute_json(iocContextSearch, attributeValue, attributeComment,for
|
|||
|
||||
if parseResult is False:
|
||||
|
||||
print "/!\ Not implemented :: {0} :: {1} :: Item add as 'Other','Comment'. Add it in your keys.py".format(iocContextSearch,attributeValue)
|
||||
print("/!\ Not implemented :: {0} :: {1} :: Item add as 'Other','Comment'. Add it in your keys.py".format(iocContextSearch, attributeValue))
|
||||
########################################
|
||||
# force import to misp
|
||||
parseResult = ("Other", "comment")
|
||||
|
@ -69,17 +72,17 @@ def create_attribute_json(iocContextSearch, attributeValue, attributeComment,for
|
|||
except:
|
||||
comment = attributeComment
|
||||
|
||||
attribute = {
|
||||
"category": parseResult[0],
|
||||
attribute = {"category": parseResult[0],
|
||||
"type": parseResult[1],
|
||||
"value": attributeValue,
|
||||
"timestamp": "0",
|
||||
"to_ids": "0",
|
||||
"distribution": "0",
|
||||
"comment": comment,
|
||||
"comment": comment
|
||||
}
|
||||
return attribute
|
||||
|
||||
|
||||
def create_attributes_from_ioc_json(soup):
|
||||
attributes = []
|
||||
|
||||
|
@ -99,7 +102,6 @@ def create_attributes_from_ioc_json(soup):
|
|||
else:
|
||||
IndicatorItemValues["comment"] = ""
|
||||
|
||||
|
||||
jsonAttribute = create_attribute_json(IndicatorItemValues["context"], IndicatorItemValues["content"], IndicatorItemValues["comment"])
|
||||
attributes.append(jsonAttribute)
|
||||
|
||||
|
@ -109,13 +111,9 @@ def create_attributes_from_ioc_json(soup):
|
|||
def create_misp_event_json(attributes):
|
||||
import time
|
||||
if iocDescriptions["authored_by"]:
|
||||
attributes.append(
|
||||
create_attribute_json(None,"authored_by",iocDescriptions["authored_by"],True)
|
||||
)
|
||||
attributes.append(create_attribute_json(None, "authored_by", iocDescriptions["authored_by"], True))
|
||||
if iocDescriptions["authored_date"]:
|
||||
attributes.append(
|
||||
create_attribute_json(None,"authored_date",iocDescriptions["authored_date"],True)
|
||||
)
|
||||
attributes.append(create_attribute_json(None, "authored_date", iocDescriptions["authored_date"], True))
|
||||
|
||||
##################################################
|
||||
# make short-description in "info field
|
||||
|
@ -125,18 +123,14 @@ def create_misp_event_json(attributes):
|
|||
if iocDescriptions["short_description"]:
|
||||
mispInfoFild = iocDescriptions["short_description"]
|
||||
if iocDescriptions["description"]:
|
||||
attributes.append(
|
||||
create_attribute_json(None,"description",iocDescriptions["description"],True)
|
||||
)
|
||||
attributes.append(create_attribute_json(None, "description", iocDescriptions["description"], True))
|
||||
else:
|
||||
if iocDescriptions["description"]:
|
||||
mispInfoFild = iocDescriptions["description"]
|
||||
else:
|
||||
mispInfoFild = "No description or short_description from IOC find."
|
||||
|
||||
eventJson = {
|
||||
"Event": {
|
||||
"info": mispInfoFild,
|
||||
eventJson = {"Event": {"info": mispInfoFild,
|
||||
"timestamp": "1",
|
||||
"attribute_count": 0,
|
||||
"analysis": "0",
|
||||
|
@ -146,8 +140,7 @@ def create_misp_event_json(attributes):
|
|||
"Attribute": [],
|
||||
"proposal_email_lock": False,
|
||||
"threat_level_id": "4",
|
||||
}
|
||||
}
|
||||
}}
|
||||
|
||||
eventJson["Event"]["Attribute"] = attributes
|
||||
|
||||
|
@ -159,6 +152,7 @@ def get_descriptions(soup, description):
|
|||
return soup.find(description.lower()).text
|
||||
return ""
|
||||
|
||||
|
||||
def save_ioc_description(soup):
|
||||
list_description = ["short_description", "authored_by", "authored_date", "description"]
|
||||
|
||||
|
@ -168,7 +162,6 @@ def save_ioc_description(soup):
|
|||
return
|
||||
|
||||
|
||||
|
||||
def get_taxonomy(soup):
|
||||
import csv
|
||||
taxonomy = []
|
||||
|
@ -204,12 +197,7 @@ def get_taxonomy(soup):
|
|||
#########################
|
||||
# build taxo from csv match
|
||||
else:
|
||||
taxo = [r[3] for r in
|
||||
{i:r for i,r in csvdic.items()
|
||||
if r[0].lower() == rel and str(r[2])=="1"
|
||||
}.values()
|
||||
if r[1].lower() == relValue.lower() and str(r[2])=="1"
|
||||
]
|
||||
taxo = [r[3] for r in {i: r for i, r in csvdic.items() if r[0].lower() == rel and str(r[2]) == "1"}.values() if r[1].lower() == relValue.lower() and str(r[2]) == "1"]
|
||||
|
||||
# taxo find in correspondance file
|
||||
if (len(taxo) > 0 and taxo[0] != ''):
|
||||
|
@ -217,16 +205,24 @@ def get_taxonomy(soup):
|
|||
# not find
|
||||
return taxonomy
|
||||
|
||||
|
||||
def custum_color_tag(tagg):
|
||||
color = "#00ace6"
|
||||
if ":amber" in tagg :color="#ffc200"
|
||||
if ":green:" in tagg :color="#009933"
|
||||
if "tlp:green" in tagg :color="#009933"
|
||||
if ":red:" in tagg :color="#ff0000"
|
||||
if "tlp:red" in tagg :color="#ff0000"
|
||||
if "tlp:white" in tagg :color="#fafafa"
|
||||
if ":amber" in tagg:
|
||||
color = "#ffc200"
|
||||
if ":green:" in tagg:
|
||||
color = "#009933"
|
||||
if "tlp:green" in tagg:
|
||||
color = "#009933"
|
||||
if ":red:" in tagg:
|
||||
color = "#ff0000"
|
||||
if "tlp:red" in tagg:
|
||||
color = "#ff0000"
|
||||
if "tlp:white" in tagg:
|
||||
color = "#fafafa"
|
||||
return color
|
||||
|
||||
|
||||
def push_event_to_misp(jsonEvent):
|
||||
global misp
|
||||
|
||||
|
@ -240,11 +236,11 @@ def push_event_to_misp(jsonEvent):
|
|||
|
||||
return
|
||||
|
||||
|
||||
def upload_file():
|
||||
|
||||
# filename,path, eid, distrib, ids, categ, info, ids, analysis, threat
|
||||
misp.upload_sample(
|
||||
iocDescriptions['filename'],
|
||||
misp.upload_sample(iocDescriptions['filename'],
|
||||
iocDescriptions["iocfile"],
|
||||
iocDescriptions["misp_event_id"],
|
||||
"0",
|
||||
|
@ -255,9 +251,9 @@ def upload_file():
|
|||
"1",
|
||||
"4",
|
||||
)
|
||||
|
||||
return
|
||||
|
||||
|
||||
def update_tag(listOfTagg):
|
||||
for tagg in listOfTagg:
|
||||
color = custum_color_tag(tagg)
|
||||
|
@ -265,14 +261,12 @@ def update_tag(listOfTagg):
|
|||
#############################
|
||||
# creatz tag in MISP
|
||||
|
||||
r = misp.new_tag(str(tagg), str(color))
|
||||
misp.new_tag(str(tagg), str(color))
|
||||
#############################
|
||||
# link tag to MISP event
|
||||
toPost = {}
|
||||
toPost['Event'] = {'id': iocDescriptions["misp_event_id"]}
|
||||
misp.add_tag(
|
||||
toPost,
|
||||
str(tagg))
|
||||
misp.add_tag(toPost, str(tagg))
|
||||
return
|
||||
|
||||
|
||||
|
@ -281,7 +275,6 @@ def main():
|
|||
global iocDescriptions
|
||||
iocDescriptions = {}
|
||||
|
||||
|
||||
################################
|
||||
# parse for valid argments
|
||||
parser = argparse.ArgumentParser(description='Get an event from a MISP instance.')
|
||||
|
@ -299,7 +292,7 @@ def main():
|
|||
# Try to parse file
|
||||
iocfileparse = get_parse_ioc_file()
|
||||
else:
|
||||
print "/!\ Bad format {0}".format(iocDescriptions["iocfile"])
|
||||
print("/!\ Bad format {0}".format(iocDescriptions["iocfile"]))
|
||||
return
|
||||
|
||||
################################
|
||||
|
@ -314,20 +307,18 @@ def main():
|
|||
# create a json misp event and append attributes
|
||||
jsonEvent = create_misp_event_json(jsonAttributes)
|
||||
|
||||
|
||||
################################
|
||||
# try connection
|
||||
try:
|
||||
misp = misp_init(mispUrl, mispKey)
|
||||
except:
|
||||
print "/!\ Connection fail, bad url ({0}) or API key : {1}".format(mispUrl,mispKey)
|
||||
print("/!\ Connection fail, bad url ({0}) or API key : {1}".format(mispUrl, mispKey))
|
||||
return
|
||||
|
||||
################################
|
||||
# Add event to MSIP
|
||||
push_event_to_misp(jsonEvent)
|
||||
|
||||
|
||||
################################
|
||||
# Upload the IOC file and close tmpfile
|
||||
upload_file()
|
||||
|
@ -343,6 +334,5 @@ def main():
|
|||
update_tag(customTag.split(","))
|
||||
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
||||
|
|
Loading…
Reference in New Issue