MISP
/
PyMISP
mirror of https://github.com/MISP/PyMISP
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [jupyter] remove all the response key (as response is removing it)

pull/362/head
Alexandre Dulaunoy 2019-02-28 19:49:32 +01:00
parent c35a2aea55
commit 33186b6ec8
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 20 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
docs/tutorial/Usage-NG.ipynb
View File

@ -23,7 +23,7 @@
"misp_url = 'http://127.0.0.1:8080'\n", "misp_url = 'http://127.0.0.1:8080'\n",
"# Can be found in the MISP web interface under \n", "# Can be found in the MISP web interface under \n",
"# http://+MISP_URL+/users/view/me -> Authkey\n", "# http://+MISP_URL+/users/view/me -> Authkey\n",
"misp_key = 'LBelWqKY9SQyG0huZzAMqiEBl6FODxpgRRXMsZFu'\n", "misp_key = 'aJAmQQoBhVL5jqUDSucIkPrEYIbFyW0wwQnxyBfc'\n",
"# Should PyMISP verify the MISP certificate\n", "# Should PyMISP verify the MISP certificate\n",
"misp_verifycert = False" "misp_verifycert = False"
] ]
@ -87,10 +87,11 @@
}, },
"outputs": [], "outputs": [],
"source": [ "source": [
"response = misp.search(publish_timestamp='2h')\n", "response = misp.search(publish_timestamp='2d')\n",
"\n", "\n",
"print (response)\n",
"events = []\n", "events = []\n",
"for event in response['response']:\n", "for event in response:\n",
" me = MISPEvent()\n", " me = MISPEvent()\n",
" me.load(event)\n", " me.load(event)\n",
" events.append(me)\n", " events.append(me)\n",
@ -133,7 +134,7 @@
"response = misp.search(timestamp=ts-36000)\n", "response = misp.search(timestamp=ts-36000)\n",
"\n", "\n",
"events = []\n", "events = []\n",
"for event in response['response']:\n", "for event in response:\n",
" me = MISPEvent()\n", " me = MISPEvent()\n",
" me.load(event)\n", " me.load(event)\n",
" events.append(me)\n", " events.append(me)\n",
@ -179,10 +180,10 @@
"metadata": {}, "metadata": {},
"outputs": [], "outputs": [],
"source": [ "source": [
"response = misp.search(controller='attributes', publish_timestamp='1h')\n", "response = misp.search(controller='attributes', publish_timestamp='1d')\n",
"\n", "\n",
"attributes = []\n", "attributes = []\n",
"for attribute in response['response']['Attribute']:\n", "for attribute in response['Attribute']:\n",
" ma = MISPAttribute()\n", " ma = MISPAttribute()\n",
" ma.from_dict(**attribute)\n", " ma.from_dict(**attribute)\n",
" attributes.append(ma)\n", " attributes.append(ma)\n",
@ -197,10 +198,10 @@
"metadata": {}, "metadata": {},
"outputs": [], "outputs": [],
"source": [ "source": [
"response = misp.search(controller='attributes', publish_timestamp=['2h', '1h'])\n", "response = misp.search(controller='attributes', publish_timestamp=['2d', '1h'])\n",
"\n", "\n",
"attributes = []\n", "attributes = []\n",
"for attribute in response['response']['Attribute']:\n", "for attribute in response['Attribute']:\n",
" ma = MISPAttribute()\n", " ma = MISPAttribute()\n",
" ma.from_dict(**attribute)\n", " ma.from_dict(**attribute)\n",
" attributes.append(ma)\n", " attributes.append(ma)\n",
@ -229,7 +230,7 @@
"response = misp.search(controller='attributes', timestamp=ts - 36000)\n", "response = misp.search(controller='attributes', timestamp=ts - 36000)\n",
"\n", "\n",
"attributes = []\n", "attributes = []\n",
"for attribute in response['response']['Attribute']:\n", "for attribute in response['Attribute']:\n",
" ma = MISPAttribute()\n", " ma = MISPAttribute()\n",
" ma.from_dict(**attribute)\n", " ma.from_dict(**attribute)\n",
" attributes.append(ma)\n", " attributes.append(ma)\n",
@ -256,7 +257,7 @@
"response = misp.search_index(eventinfo='Cobalt Strike')\n", "response = misp.search_index(eventinfo='Cobalt Strike')\n",
"\n", "\n",
"events = []\n", "events = []\n",
"for event in response['response']:\n", "for event in response:\n",
" me = MISPEvent()\n", " me = MISPEvent()\n",
" me.from_dict(**event)\n", " me.from_dict(**event)\n",
" events.append(me)\n", " events.append(me)\n",
@ -280,10 +281,10 @@
"metadata": {}, "metadata": {},
"outputs": [], "outputs": [],
"source": [ "source": [
"response = misp.search_index(tag='malware_classification:malware-category=\"Ransomware\"')\n", "response = misp.search_index(tags='malware_classification:malware-category=\"Ransomware\"')\n",
"\n", "\n",
"events = []\n", "events = []\n",
"for event in response['response']:\n", "for event in response:\n",
" me = MISPEvent()\n", " me = MISPEvent()\n",
" me.from_dict(**event)\n", " me.from_dict(**event)\n",
" events.append(me)\n", " events.append(me)\n",
@ -303,7 +304,7 @@
"response = misp.search_index(timestamp='1h')\n", "response = misp.search_index(timestamp='1h')\n",
"\n", "\n",
"events = []\n", "events = []\n",
"for event in response['response']:\n", "for event in response:\n",
" me = MISPEvent()\n", " me = MISPEvent()\n",
" me.from_dict(**event)\n", " me.from_dict(**event)\n",
" events.append(me)\n", " events.append(me)\n",
@ -328,8 +329,9 @@
"outputs": [], "outputs": [],
"source": [ "source": [
"event = MISPEvent()\n", "event = MISPEvent()\n",
"event.load(misp.get(events[0].id))\n", "#event.load(misp.get(events[0].id))\n",
"print(event.to_json())" "print (misp.get(events[0].id))\n",
"#print(event.to_json())"
] ]
}, },
{ {
@ -345,7 +347,7 @@
"metadata": {}, "metadata": {},
"outputs": [], "outputs": [],
"source": [ "source": [
"complex_query = misp.build_complex_query(or_parameters=['59.157.4.2', 'hotfixmsupload.com'])\n", "complex_query = misp.build_complex_query(or_parameters=['59.157.4.2', 'hotfixmsupload.com', '8.8.8.8'])\n",
"events = misp.search(value=complex_query, pythonify=True)\n", "events = misp.search(value=complex_query, pythonify=True)\n",
"\n", "\n",
"for e in events:\n", "for e in events:\n",
@ -365,7 +367,7 @@
"metadata": {}, "metadata": {},
"outputs": [], "outputs": [],
"source": [ "source": [
"misp.sighting(value=e.attributes[3].value)" "misp.sighting(value=e.attributes[1].value)"
] ]
}, },
{ {
@ -374,7 +376,7 @@
"metadata": {}, "metadata": {},
"outputs": [], "outputs": [],
"source": [ "source": [
"misp.sighting_list(e.attributes[3].id)" "misp.sighting_list(e.attributes[1].id)"
] ]
}, },
{ {