MISP
/
PyMISP
mirror of https://github.com/MISP/PyMISP
2
0
Fork 0
Code Issues Releases Wiki Activity

fix: Add Info field to the event

pull/210/head
Raphaël Vinot 2018-03-26 13:58:33 +02:00
parent ecf9bd549f
commit 22c874e479
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
examples/add_fail2ban_object.py
View File

@ -11,6 +11,7 @@ try:
except Exception: except Exception:
misp_url = 'URL' misp_url = 'URL'
misp_key = 'AUTH_KEY' misp_key = 'AUTH_KEY'
misp_key = True
if __name__ == '__main__': if __name__ == '__main__':
@ -31,8 +32,9 @@ if __name__ == '__main__':
response = pymisp.search(tags=args.tag, last=args.aggregation_period, published=False) response = pymisp.search(tags=args.tag, last=args.aggregation_period, published=False)
me = MISPEvent() me = MISPEvent()
if 'response' in response and response['response']: if 'response' in response and response['response']:
me.load(response['response'][1]) me.load(response['response'][0])
else: else:
me.info = "Fail2Ban blocking"
me.add_tag(args.tag) me.add_tag(args.tag)
parameters = {'banned-ip': args.banned_ip, 'attack-type': args.attack_type, 'processing-timestamp': args.processing_timestamp} parameters = {'banned-ip': args.banned_ip, 'attack-type': args.attack_type, 'processing-timestamp': args.processing_timestamp}
if args.failures: if args.failures: