From 364d685e0c7143d9fd6b2426eab225dd27949edc Mon Sep 17 00:00:00 2001 From: Sami Mokaddem Date: Mon, 12 Mar 2018 16:40:06 +0100 Subject: [PATCH] Added usage in README --- examples/feed-generator-from-redis/README.md | 40 +++++++++++++++++++- 1 file changed, 39 insertions(+), 1 deletion(-) diff --git a/examples/feed-generator-from-redis/README.md b/examples/feed-generator-from-redis/README.md index 1e31868..2a3a94a 100644 --- a/examples/feed-generator-from-redis/README.md +++ b/examples/feed-generator-from-redis/README.md @@ -1,6 +1,6 @@ # What -- ``generator.py`` exposes a class allowing to generate a MISP feed in real time. +- ``generator.py`` exposes a class allowing to generate a MISP feed in real time, where each items can be added on daily generated events. - ``fromredis.py`` uses ``generator.py`` to generate a MISP feed based on data stored in redis. - ``server.py`` is a simple script using *Flask_autoindex* to serve data to MISP. - ``MISPItemToRedis.py`` permits to push (in redis) items to be added in MISP by the ``fromredis.py`` script. @@ -22,3 +22,41 @@ bash install.sh . ./serv-env/bin/activate python3 server.py ```` + + +# Utilisation + +### Adding items to MISP + +``` +# create helper object +>>> helper = MISPItemToRedis("redis_list_keyname") + +# push an attribute to redis +>>> helper.push_attribute("ip-src", "8.8.8.8", category="Network activity") + +# push an object to redis +>>> helper.push_object({ "name": "cowrie", "session": "session_id", "username": "admin", "password": "admin", "protocol": "telnet" }) + +# push a sighting to redis +>>> helper.push_sighting(uuid="5a9e9e26-fe40-4726-8563-5585950d210f") +``` + +### Generator + +``` +# Create the FeedGenerator object using the configuration provided in the file settings.py +# It will create daily event in which attributes and object will be added +generator = FeedGenerator() + +# Add an attribute to the daily event +attr_type = "ip-src" +attr_value = "8.8.8.8" +additional_data = {} +generator.add_attribute_to_event(attr_type, attr_value, **additional_data) + +# Add a cowrie object to the daily event +obj_name = "cowrie" +obj_data = { "session": "session_id", "username": "admin", "password": "admin", "protocol": "telnet" } +generator.add_object_to_event(obj_name, **obj_data) +```