Add examples "create_dummy_event" and "create_massive_dummy_events"

examples/events/README.md

@@ -0,0 +1,53 @@
+## Explanation
+
+This folder contains scripts made to create dummy events in order to test MISP instances.
+
+* dummy is a containing text only file used as uploaded attachement.
+* create\_dummy\_event.py will create a given number of events (default: 1)with a randomly generated domain|ip attribute as well as a copy of dummy file.
+* create\_massive\_dummy\_events.py will create a given number of events (default: 1) with a given number of randomly generated attributes(default: 3000).
+
+### Tools description
+
+* randomStringGenerator: generate a random string of a given size, characters used to build the string can be chosen, default are characters from string.ascii\_lowercase and string.digits
+* randomIpGenerator: generate a random ip
+
+* floodtxt: add a generated string as attribute of the given event. The added attributes can be of the following category/type:
+    - Internal reference/comment
+    - Internal reference/text
+    - Internal reference/other
+    - Payload delivery/email-subject
+    - Artifact dropped/mutex
+    - Artifact dropped/filename
+* floodip: add a generated ip as attribute of the given event. The added attributes can be of the following category/type:
+    - Network activity/ip-src
+    - Network activity/ip.dst
+* flooddomain: add a generated domain-like string as attribute of the given event. The added attributes can be of the following category/type:
+    - Network activity/hostname
+    - Network activity/domain
+* flooddomainip: add a generated domain|ip-like string as attribute of the given event. The added attribute is of the following category/type:
+    - Network activity/domain|ip
+* floodemail: add a generated email-like string as attribute of the given event. The added attributes can be of the following category/type:
+    - Payload delivery/email-src
+    - Payload delivery/email-dst
+* floodattachmentent: add a dummy file as attribute of the given event. The added attribute is of the following category/type:
+    - Payload delivery/attachment
+
+* create\_dummy\_event: create a dummy event named "dummy event" with these caracteristics:
+    - Distribution: Your organisation only
+    - Analysis: Initial
+    - Threat Level: Undefined
+    - Number of Attributes: 2
+    - Attribute:
+        - category/type: Network activity/domain|ip
+        - value: Randomly generated
+    - Attribute:
+        -category/type: Payload delivery/attachment
+        - value: 'dummy' file
+* create\_massive\_dummy\_events: create a dummy event named "massive dummy event" with these caracteristics:
+    - Distribution: Your organisation only
+    - Analysis: Initial
+    - Threat Level: Undefined
+    - Number of Attributes: Given as argument
+    - Attribute:
+        - category/type: Randomly chosen
+        - value: Randomly generated or dummy file

examples/events/create_dummy_event.py

@@ -0,0 +1,23 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+from pymisp import PyMISP
+from keys import misp_url, misp_key, misp_verifycert
+import argparse
+import tools
+
+def init(url, key):
+    return PyMISP(url, key, misp_verifycert, 'json')
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser(description='Create a given number of event containing an domain|ip attribute and an attachment each.')
+    parser.add_argument("-l", "--limit", type=int, help="Number of events to create (default 1)")
+    args = parser.parse_args()
+
+    misp = init(misp_url, misp_key)
+
+    if args.limit is None:
+        args.limit = 1
+
+    for i in range(args.limit):
+        tools.create_dummy_event(misp)

examples/events/create_massive_dummy_events.py

@@ -0,0 +1,26 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+from pymisp import PyMISP
+from keys import misp_url, misp_key, misp_verifycert
+import argparse
+import tools
+
+def init(url, key):
+    return PyMISP(url, key, misp_verifycert, 'json')
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser(description='Create a given number of event containing a given number of attributes eachh.')
+    parser.add_argument("-l", "--limit", type=int, help="Number of events to create (default 1)")
+    parser.add_argument("-a", "--attribute", type=int, help="Number of attributes per event (default 3000)")
+    args = parser.parse_args()
+
+    misp = init(misp_url, misp_key)
+
+    if args.limit is None:
+        args.limit = 1
+    if args.attribute is None:
+        args.attribute = 3000
+
+    for i in range(args.limit):
+        tools.create_massive_dummy_events(misp, args.attribute)

examples/events/dummy

@@ -0,0 +1,21 @@
+DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY
+DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY
+DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY
+DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY
+DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY
+DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY
+DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY
+DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY
+DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY
+DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY
+DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY
+DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY
+DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY
+DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY
+DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY
+DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY
+DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY
+DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY
+DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY
+DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY
+DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY

examples/events/tools.py

@@ -0,0 +1,64 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+import random
+from random import randint
+import string
+
+def randomStringGenerator(size, chars=string.ascii_lowercase + string.digits):
+    return ''.join(random.choice(chars) for _ in range(size))
+
+def randomIpGenerator():
+    return str(randint(0, 255)) + '.' + str(randint(0, 255)) + '.' + str(randint(0, 255)) + '.' + str(randint(0, 255))
+
+def floodtxt(misp, event, maxlength = 255):
+    text = randomStringGenerator(randint(1, maxlength))
+    textfunctions = [misp.add_internal_comment, misp.add_internal_text, misp.add_internal_other, misp.add_email_subject, misp.add_mutex, misp.add_filename]
+    textfunctions[randint(0,5)](event, text)
+
+def floodip(misp, event):
+    ip = randomIpGenerator()
+    ipfunctions = [misp.add_ipsrc, misp.add_ipdst]
+    ipfunctions[randint(0,1)](event, ip)
+
+def flooddomain(misp, event, maxlength = 25):
+    a = randomStringGenerator(randint(1, maxlength))
+    b = randomStringGenerator(randint(2, 3), chars=string.ascii_lowercase)
+    domain = a + '.' + b
+    domainfunctions = [misp.add_hostname, misp.add_domain]
+    domainfunctions[randint(0,1)](event, domain)
+
+def flooddomainip(misp, event, maxlength = 25):
+    a = randomStringGenerator(randint(1, maxlength))
+    b = randomStringGenerator(randint(2, 3), chars=string.ascii_lowercase)
+    domain = a + '.' + b
+    ip = randomIpGenerator()
+    misp.add_domain_ip(event, domain, ip)
+
+def floodemail(misp, event, maxlength = 25):
+    a = randomStringGenerator(randint(1, maxlength))
+    b = randomStringGenerator(randint(1, maxlength))
+    c = randomStringGenerator(randint(2, 3), chars=string.ascii_lowercase)
+    email = a + '@' + b + '.'+ c
+    emailfunctions = [misp.add_email_src, misp.add_email_dst]
+    emailfunctions[randint(0,1)](event, email)
+
+def floodattachment(misp, eventid, it, distribution, to_ids, category, comment, info, analysis, threat_level_id):
+    filename = 'dummy' + str(it)
+    misp.upload_sample(filename, 'dummy', eventid, distribution, to_ids, category, comment, info, analysis, threat_level_id)
+
+def create_dummy_event(misp):
+    event = misp.new_event(0, 4, 0, 'dummy event')
+    flooddomainip(misp, event)
+    floodattachment(misp, event['Event']['id'], event['Event']['id'], event['Event']['distribution'], False, 'Payload delivery', '', event['Event']['info'], event['Event']['analysis'], event['Event']['threat_level_id'])
+
+def create_massive_dummy_events(misp, nbattribute):
+    event = misp.new_event(0, 4, 0, 'massive dummy event')
+    eventid = event['Event']['id']
+    functions = [floodtxt, floodip, flooddomain, flooddomainip, floodemail, floodattachment]
+    for i in range(nbattribute):
+        choice = randint(0,5)
+        if choice == 5:
+            floodattachment(misp, eventid, i, event['Event']['distribution'], False, 'Payload delivery', '', event['Event']['info'], event['Event']['analysis'], event['Event']['threat_level_id'])
+        else:
+            functions[choice](misp,event)

pymisp/api.py

@@ -1027,7 +1027,7 @@ class PyMISP(object):
         url = urljoin(self.root_url, 'tags/tagStatistics/{}/{}'.format(percentage, name_sort))
         return session.get(url).json()
 
-# ############## Sightings ##################
+    # ############## Sightings ##################
 
     def sighting_per_id(self, attribute_id, force_out=None):
         session = self.__prepare_session(force_out)