MISP
/
PyMISP
mirror of https://github.com/MISP/PyMISP
2
0
Fork 0
Code Issues Releases Wiki Activity

Make PEP8 Happy

pull/2/merge
Raphaël Vinot 2015-02-24 14:31:01 +01:00
parent 59254c8246
commit 33597f97ef
1 changed files with 45 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
examples/get_network_activity.py
View File

@ -11,33 +11,29 @@
""" """
import sys
import json
from pymisp import PyMISP from pymisp import PyMISP
from cudeso import misp_key from cudeso import misp_key
from cudeso import misp_url from cudeso import misp_url
from cudeso import misp_verifycert from cudeso import misp_verifycert
source = None
def init():
""" """
Initialize PyMISP Initialize PyMISP
Get configuration settings from config file Get configuration settings from config file
""" """
def init():
global source global source
source = PyMISP(misp_url, misp_key, misp_verifycert, 'json') source = PyMISP(misp_url, misp_key, misp_verifycert, 'json')
def get_event(event_id):
""" """
Get details of an event and add it to the result arrays Get details of an event and add it to the result arrays
:event_id the id of the event :event_id the id of the event
""" """
def get_event(event_id):
global network_ip_src, network_ip_dst, network_hostname, network_domain global network_ip_src, network_ip_dst, network_hostname, network_domain
global app_hostname, app_domain, app_ip_src, app_ip_dst, app_ids_only global app_hostname, app_domain, app_ip_src, app_ip_dst, app_ids_only
@ -52,24 +48,24 @@ def get_event(event_id):
return False return False
event_core = event_json["Event"] event_core = event_json["Event"]
event_threatlevel_id = event_core["threat_level_id"] # event_threatlevel_id = event_core["threat_level_id"]
attribute_count = event_core["attribute_count"] # attribute_count = event_core["attribute_count"]
attribute = event_core["Attribute"] attribute = event_core["Attribute"]
for attribute in event_core["Attribute"]: for attribute in event_core["Attribute"]:
if app_ids_only == True and attribute["to_ids"] == False: if app_ids_only and not attribute["to_ids"]:
continue continue
value = attribute["value"] value = attribute["value"]
title = event_core["info"] title = event_core["info"]
if attribute["type"] == "ip-src" and app_ip_src == True: if attribute["type"] == "ip-src" and app_ip_src:
network_ip_src.append([build_entry(value, event_id, title, "ip-src")]) network_ip_src.append([build_entry(value, event_id, title, "ip-src")])
elif attribute["type"] == "ip-dst" and app_ip_dst == True: elif attribute["type"] == "ip-dst" and app_ip_dst:
network_ip_dst.append([build_entry(value, event_id, title, "ip-dst")]) network_ip_dst.append([build_entry(value, event_id, title, "ip-dst")])
elif attribute["type"] == "domain" and app_domain == True: elif attribute["type"] == "domain" and app_domain:
network_domain.append([build_entry(value, event_id, title, "domain")]) network_domain.append([build_entry(value, event_id, title, "domain")])
elif attribute["type"] == "hostname" and app_hostname == True: elif attribute["type"] == "hostname" and app_hostname:
network_hostname.append([build_entry(value, event_id, title, "hostname")]) network_hostname.append([build_entry(value, event_id, title, "hostname")])
else: else:
continue continue
@ -78,6 +74,7 @@ def get_event(event_id):
return return
def build_entry(value, event_id, title, source):
""" """
Build the line containing the entry Build the line containing the entry
@ -85,13 +82,11 @@ def get_event(event_id):
:event_id id of the event :event_id id of the event
:title name of the event :title name of the event
:source from which set was the entry retrieved :source from which set was the entry retrieved
""" """
def build_entry( value, event_id , title, source ):
global app_printcomment global app_printcomment
if app_printcomment == True: if app_printcomment:
if app_printtitle == True: if app_printtitle:
return "%s # Event: %s / %s (from %s) " % (value, event_id, title, source) return "%s # Event: %s / %s (from %s) " % (value, event_id, title, source)
else: else:
return "%s # Event: %s (from %s) " % (value, event_id, source) return "%s # Event: %s (from %s) " % (value, event_id, source)
@ -99,24 +94,23 @@ def build_entry( value, event_id , title, source ):
return value return value
def print_events():
""" """
Print the events from the result arrays Print the events from the result arrays
""" """
def print_events():
global network_ip_src, network_ip_dst, network_domain, network_hostname global network_ip_src, network_ip_dst, network_domain, network_hostname
global app_hostname, app_domain, app_ip_src, app_ip_dst, app_ids_only, app_printcomment, app_printtitle global app_hostname, app_domain, app_ip_src, app_ip_dst, app_ids_only, app_printcomment, app_printtitle
if app_ip_src == True: if app_ip_src:
for ip in network_ip_src: for ip in network_ip_src:
print ip[0] print ip[0]
if app_ip_dst == True: if app_ip_dst:
for ip in network_ip_dst: for ip in network_ip_dst:
print ip[0] print ip[0]
if app_domain == True: if app_domain:
for ip in network_domain: for ip in network_domain:
print ip[0] print ip[0]
if app_hostname == True: if app_hostname:
for ip in network_hostname: for ip in network_hostname:
print ip[0] print ip[0]
@ -165,4 +159,3 @@ if __name__ == '__main__':
print_events() print_events()
else: else:
print "No filename given, stopping." print "No filename given, stopping."