MISP
/
PyMISP
mirror of https://github.com/MISP/PyMISP
2
0
Fork 0
Code Issues Releases Wiki Activity

Update accordingly to the current server implementation

pull/111/head
Raphaël Vinot 2017-07-24 17:16:40 +02:00
parent 0c66d80dd1
commit 2fd3b05202
5 changed files with 66 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
examples/add_file_object.py Executable file
View File

@ -0,0 +1,48 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from pymisp import PyMISP
from pymisp.tools import make_binary_objects
import traceback
from keys import misp_url, misp_key, misp_verifycert
import glob
import argparse
if __name__ == '__main__':
parser = argparse.ArgumentParser(description='Extract indicators out of binaries and add MISP objects to a MISP instance.')
parser.add_argument("-e", "--event", required=True, help="Event ID to update.")
parser.add_argument("-p", "--path", required=True, help="Path to process (expanded using glob).")
args = parser.parse_args()
pymisp = PyMISP(misp_url, misp_key, misp_verifycert)
for f in glob.glob(args.path):
print('\n', f)
try:
fo, peo, seos = make_binary_objects(f)
except Exception as e:
traceback.print_exc()
continue
if fo:
template_id = pymisp.get_object_template_id(fo['name'])
try:
response = pymisp.add_object(args.event, template_id, fo)
print(response)
except Exception as e:
traceback.print_exc()
continue
continue
if peo:
template_id = pymisp.get_object_template_id(peo['name'])
print(template_id)
r = pymisp.add_object(args.event, template_id, peo)
print(r)
continue
if seos:
for s in seos:
print(s)
template_id = pymisp.get_object_template_id(s['name'])
r = pymisp.add_object(args.event, template_id, s)
print(r)
break

17
pymisp/api.py
View File

@ -1584,12 +1584,23 @@ class PyMISP(object):
def add_object(self, event_id, template_id, misp_object): def add_object(self, event_id, template_id, misp_object):
session = self.__prepare_session() session = self.__prepare_session()
url = urljoin(self.root_url, 'objectTemplates/add/{}/{}'.format(event_id, template_id)) url = urljoin(self.root_url, 'objects/add/{}/{}'.format(event_id, template_id))
if not misp_object.get('object'):
misp_object = {'object': misp_object}
response = session.post(url, data=json.dumps(misp_object)) response = session.post(url, data=json.dumps(misp_object))
return self._check_response(response) return self._check_response(response)
def get_object_templates_list(self):
session = self.__prepare_session()
url = urljoin(self.root_url, 'objectTemplates')
response = session.get(url)
return self._check_response(response)['response']
def get_object_template_id(self, object_name):
templates = self.get_object_templates_list()
for t in templates:
if t['ObjectTemplate']['name'] == object_name:
return t['ObjectTemplate']['id']
raise Exception('Unable to find template name {} on the MISP instance'.format(object_name))
# ########################### # ###########################
# ####### Deprecated ######## # ####### Deprecated ########
# ########################### # ###########################

2
pymisp/tools/create_misp_object.py
View File

@ -32,7 +32,7 @@ def make_binary_objects(filepath):
try: try:
lief_parsed = lief.parse(filepath) lief_parsed = lief.parse(filepath)
if isinstance(lief_parsed, lief.PE.Binary): if isinstance(lief_parsed, lief.PE.Binary):
make_pe_objects(lief_parsed, misp_file) return make_pe_objects(lief_parsed, misp_file)
elif isinstance(lief_parsed, lief.ELF.Binary): elif isinstance(lief_parsed, lief.ELF.Binary):
raise FileTypeNotImplemented('ELF not implemented yet.') raise FileTypeNotImplemented('ELF not implemented yet.')
elif isinstance(lief_parsed, lief.MachO.Binary): elif isinstance(lief_parsed, lief.MachO.Binary):

6
pymisp/tools/objectgenerator.py
View File

@ -7,7 +7,7 @@ import json
import uuid import uuid
import abc import abc
import sys import sys
import six import six # Remove that import when discarding python2 support.
class MISPObjectException(Exception): class MISPObjectException(Exception):
@ -72,7 +72,7 @@ class MISPObjectGenerator():
# Set all the values in the MISP attribute # Set all the values in the MISP attribute
attribute.set_all_values(**value) attribute.set_all_values(**value)
# Finalize the actual MISP Object # Finalize the actual MISP Object
new_object['ObjectAttribute'].append({'type': object_type, 'Attribute': attribute._json()}) new_object['Attribute'].append({'type': object_type, 'Attribute': attribute._json()})
return new_object return new_object
def _validate(self, dump): def _validate(self, dump):
@ -95,7 +95,7 @@ class MISPObjectGenerator():
"""Create a new empty object out of the template""" """Create a new empty object out of the template"""
return {'name': object_definiton['name'], 'meta-category': object_definiton['meta-category'], return {'name': object_definiton['name'], 'meta-category': object_definiton['meta-category'],
'uuid': self.uuid, 'description': object_definiton['description'], 'uuid': self.uuid, 'description': object_definiton['description'],
'version': object_definiton['version'], 'ObjectAttribute': []} 'version': object_definiton['version'], 'Attribute': []}
@abc.abstractmethod @abc.abstractmethod
def generate_attributes(self): def generate_attributes(self):

51
pymisp/tools/prepare_misp_object.py
View File

@ -1,51 +0,0 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from pymisp import PyMISP
from pymisp.tools import FileObject, PEObject
from pymisp.tools import make_binary_objects
import traceback
try:
import lief
HAS_LIEF = True
except ImportError:
HAS_LIEF = False
raise ImportError("Please install lief: https://github.com/lief-project/LIEF")
if __name__ == '__main__':
pymisp = PyMISP('https://mispbeta.circl.lu', 'et9ZEgn70YJ6URkCr6741LpJNAVUMYD1rM063od3')
# fo, peo, seos = make_objects('/home/raphael/.viper/projects/troopers17/vt_samples/1189/566ab945f61be016bfd9e83cc1b64f783b9b8deb891e6d504d3442bc8281b092')
import glob
for f in glob.glob('/home/raphael/.viper/projects/troopers17/vt_samples/*/*'):
#for f in glob.glob('/home/raphael/gits/pefile-tests/tests/corkami/*/*.exe'):
#for f in glob.glob('/home/raphael/gits/pefile-tests/tests/corkami/pocs/version_mini.exe'):
#for f in glob.glob('/home/raphael/gits/pefile-tests/tests/corkami/pocs/version_cust.exe'):
#for f in glob.glob('/home/raphael/gits/pefile-tests/tests/data/*.dll'):
print('\n', f)
try:
fo, peo, seos = make_binary_objects(f)
except Exception as e:
traceback.print_exc()
continue
continue
if fo:
response = pymisp.add_object(2221, 7, fo)
print(response)
if peo:
pymisp.add_object(2221, 11, peo)
if seos:
for s in seos:
pymisp.add_object(2221, 12, s)
#with open('fileobj.json', 'w') as f:
# json.dump(fo, f)
#with open('peobj.json', 'w') as f:
# json.dump(peo, f)
#with open('seobj.json', 'w') as f:
# json.dump(seos, f)
break