Merge pull request #12 from Delta-Sierra/master

type-category association checking automated
pull/14/head
Alexandre Dulaunoy 2016-04-14 11:11:32 +02:00
commit 1de86c1d43
2 changed files with 19 additions and 7 deletions

View File

@ -20,7 +20,7 @@ if __name__ == '__main__':
parser.add_argument("-d", "--distrib", type=int, help="The distribution setting used for the attributes and for the newly created event, if relevant. [0-3].") parser.add_argument("-d", "--distrib", type=int, help="The distribution setting used for the attributes and for the newly created event, if relevant. [0-3].")
parser.add_argument("-i", "--info", help="Used to populate the event info field if no event ID supplied.") parser.add_argument("-i", "--info", help="Used to populate the event info field if no event ID supplied.")
parser.add_argument("-a", "--analysis", type=int, help="The analysis level of the newly created event, if applicatble. [0-2]") parser.add_argument("-a", "--analysis", type=int, help="The analysis level of the newly created event, if applicatble. [0-2]")
parser.add_argument("-t", "--threat", type=int, help="The threat level ID of the newly created event, if applicatble. [0-3]") parser.add_argument("-t", "--threat", type=int, help="The threat level ID of the newly created event, if applicatble. [1-4]")
args = parser.parse_args() args = parser.parse_args()
misp = init(misp_url, misp_key) misp = init(misp_url, misp_key)

View File

@ -105,6 +105,19 @@ class PyMISP(object):
self.out_type = out_type self.out_type = out_type
self.debug = debug self.debug = debug
try:
# Make sure the MISP instance is working and the URL is valid
self.get_version()
except Exception as e:
raise PyMISPError('Unable to connect to MISP ({}). Please make sure the API key and the URL are correct (http/https is required): {}'.format(self.root_url, e))
session = self.__prepare_session(out_type)
self.describe_types = session.get(self.root_url + 'attributes/describeTypes.json').json()
self.categories = self.describe_types['result']['categories']
self.types = self.describe_types['result']['types']
self.category_type_mapping = self.describe_types['result']['category_type_mappings']
self.categories = ['Internal reference', 'Targeting data', 'Antivirus detection', self.categories = ['Internal reference', 'Targeting data', 'Antivirus detection',
'Payload delivery', 'Payload installation', 'Artifacts dropped', 'Payload delivery', 'Payload installation', 'Artifacts dropped',
'Persistence mechanism', 'Network activity', 'Payload type', 'Persistence mechanism', 'Network activity', 'Payload type',
@ -118,11 +131,7 @@ class PyMISP(object):
'yara', 'target-user', 'target-email', 'target-machine', 'target-org', 'yara', 'target-user', 'target-email', 'target-machine', 'target-org',
'target-location', 'target-external', 'other', 'threat-actor'] 'target-location', 'target-external', 'other', 'threat-actor']
try:
# Make sure the MISP instance is working and the URL is valid
self.get_version()
except Exception as e:
raise PyMISPError('Unable to connect to MISP ({}). Please make sure the API key and the URL are correct (http/https is required): {}'.format(self.root_url, e))
def __prepare_session(self, force_out=None): def __prepare_session(self, force_out=None):
""" """
@ -296,11 +305,14 @@ class PyMISP(object):
to_return = {} to_return = {}
if category not in self.categories: if category not in self.categories:
raise NewAttributeError('{} is invalid, category has to be in {}'.format(category, (', '.join(self.categories)))) raise NewAttributeError('{} is invalid, category has to be in {}'.format(category, (', '.join(self.categories))))
to_return['category'] = category
if type_value not in self.types: if type_value not in self.types:
raise NewAttributeError('{} is invalid, type_value has to be in {}'.format(type_value, (', '.join(self.types)))) raise NewAttributeError('{} is invalid, type_value has to be in {}'.format(type_value, (', '.join(self.types))))
if type_value not in self.category_type_mapping[category]:
raise NewAttributeError('{} and {} is an invalid combinaison, type_value for this category has to be in {}'.format(type_value, category, (', '.join(self.category_type_mapping[category]))))
to_return['type'] = type_value to_return['type'] = type_value
to_return['category'] = category
if to_ids not in [True, False]: if to_ids not in [True, False]:
raise NewAttributeError('{} is invalid, to_ids has to be True or False'.format(to_ids)) raise NewAttributeError('{} is invalid, to_ids has to be True or False'.format(to_ids))