mirror of https://github.com/MISP/PyMISP
Merge pull request #21 from Delta-Sierra/master
Add examples "create_dummy_event" and "create_massive_dummy_events"pull/22/head
commit
38b82b088f
|
@ -0,0 +1,53 @@
|
|||
## Explanation
|
||||
|
||||
This folder contains scripts made to create dummy events in order to test MISP instances.
|
||||
|
||||
* dummy is a containing text only file used as uploaded attachement.
|
||||
* create\_dummy\_event.py will create a given number of events (default: 1)with a randomly generated domain|ip attribute as well as a copy of dummy file.
|
||||
* create\_massive\_dummy\_events.py will create a given number of events (default: 1) with a given number of randomly generated attributes(default: 3000).
|
||||
|
||||
### Tools description
|
||||
|
||||
* randomStringGenerator: generate a random string of a given size, characters used to build the string can be chosen, default are characters from string.ascii\_lowercase and string.digits
|
||||
* randomIpGenerator: generate a random ip
|
||||
|
||||
* floodtxt: add a generated string as attribute of the given event. The added attributes can be of the following category/type:
|
||||
- Internal reference/comment
|
||||
- Internal reference/text
|
||||
- Internal reference/other
|
||||
- Payload delivery/email-subject
|
||||
- Artifact dropped/mutex
|
||||
- Artifact dropped/filename
|
||||
* floodip: add a generated ip as attribute of the given event. The added attributes can be of the following category/type:
|
||||
- Network activity/ip-src
|
||||
- Network activity/ip.dst
|
||||
* flooddomain: add a generated domain-like string as attribute of the given event. The added attributes can be of the following category/type:
|
||||
- Network activity/hostname
|
||||
- Network activity/domain
|
||||
* flooddomainip: add a generated domain|ip-like string as attribute of the given event. The added attribute is of the following category/type:
|
||||
- Network activity/domain|ip
|
||||
* floodemail: add a generated email-like string as attribute of the given event. The added attributes can be of the following category/type:
|
||||
- Payload delivery/email-src
|
||||
- Payload delivery/email-dst
|
||||
* floodattachmentent: add a dummy file as attribute of the given event. The added attribute is of the following category/type:
|
||||
- Payload delivery/attachment
|
||||
|
||||
* create\_dummy\_event: create a dummy event named "dummy event" with these caracteristics:
|
||||
- Distribution: Your organisation only
|
||||
- Analysis: Initial
|
||||
- Threat Level: Undefined
|
||||
- Number of Attributes: 2
|
||||
- Attribute:
|
||||
- category/type: Network activity/domain|ip
|
||||
- value: Randomly generated
|
||||
- Attribute:
|
||||
-category/type: Payload delivery/attachment
|
||||
- value: 'dummy' file
|
||||
* create\_massive\_dummy\_events: create a dummy event named "massive dummy event" with these caracteristics:
|
||||
- Distribution: Your organisation only
|
||||
- Analysis: Initial
|
||||
- Threat Level: Undefined
|
||||
- Number of Attributes: Given as argument
|
||||
- Attribute:
|
||||
- category/type: Randomly chosen
|
||||
- value: Randomly generated or dummy file
|
|
@ -0,0 +1,23 @@
|
|||
#!/usr/bin/env python
|
||||
# -*- coding: utf-8 -*-
|
||||
|
||||
from pymisp import PyMISP
|
||||
from keys import misp_url, misp_key, misp_verifycert
|
||||
import argparse
|
||||
import tools
|
||||
|
||||
def init(url, key):
|
||||
return PyMISP(url, key, misp_verifycert, 'json')
|
||||
|
||||
if __name__ == '__main__':
|
||||
parser = argparse.ArgumentParser(description='Create a given number of event containing an domain|ip attribute and an attachment each.')
|
||||
parser.add_argument("-l", "--limit", type=int, help="Number of events to create (default 1)")
|
||||
args = parser.parse_args()
|
||||
|
||||
misp = init(misp_url, misp_key)
|
||||
|
||||
if args.limit is None:
|
||||
args.limit = 1
|
||||
|
||||
for i in range(args.limit):
|
||||
tools.create_dummy_event(misp)
|
|
@ -0,0 +1,26 @@
|
|||
#!/usr/bin/env python
|
||||
# -*- coding: utf-8 -*-
|
||||
|
||||
from pymisp import PyMISP
|
||||
from keys import misp_url, misp_key, misp_verifycert
|
||||
import argparse
|
||||
import tools
|
||||
|
||||
def init(url, key):
|
||||
return PyMISP(url, key, misp_verifycert, 'json')
|
||||
|
||||
if __name__ == '__main__':
|
||||
parser = argparse.ArgumentParser(description='Create a given number of event containing a given number of attributes eachh.')
|
||||
parser.add_argument("-l", "--limit", type=int, help="Number of events to create (default 1)")
|
||||
parser.add_argument("-a", "--attribute", type=int, help="Number of attributes per event (default 3000)")
|
||||
args = parser.parse_args()
|
||||
|
||||
misp = init(misp_url, misp_key)
|
||||
|
||||
if args.limit is None:
|
||||
args.limit = 1
|
||||
if args.attribute is None:
|
||||
args.attribute = 3000
|
||||
|
||||
for i in range(args.limit):
|
||||
tools.create_massive_dummy_events(misp, args.attribute)
|
|
@ -0,0 +1,21 @@
|
|||
DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY
|
||||
DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY
|
||||
DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY
|
||||
DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY
|
||||
DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY
|
||||
DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY
|
||||
DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY
|
||||
DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY
|
||||
DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY
|
||||
DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY
|
||||
DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY
|
||||
DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY
|
||||
DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY
|
||||
DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY
|
||||
DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY
|
||||
DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY
|
||||
DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY
|
||||
DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY
|
||||
DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY
|
||||
DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY
|
||||
DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY DUMMY
|
|
@ -0,0 +1,64 @@
|
|||
#!/usr/bin/env python
|
||||
# -*- coding: utf-8 -*-
|
||||
|
||||
import random
|
||||
from random import randint
|
||||
import string
|
||||
|
||||
def randomStringGenerator(size, chars=string.ascii_lowercase + string.digits):
|
||||
return ''.join(random.choice(chars) for _ in range(size))
|
||||
|
||||
def randomIpGenerator():
|
||||
return str(randint(0, 255)) + '.' + str(randint(0, 255)) + '.' + str(randint(0, 255)) + '.' + str(randint(0, 255))
|
||||
|
||||
def floodtxt(misp, event, maxlength = 255):
|
||||
text = randomStringGenerator(randint(1, maxlength))
|
||||
textfunctions = [misp.add_internal_comment, misp.add_internal_text, misp.add_internal_other, misp.add_email_subject, misp.add_mutex, misp.add_filename]
|
||||
textfunctions[randint(0,5)](event, text)
|
||||
|
||||
def floodip(misp, event):
|
||||
ip = randomIpGenerator()
|
||||
ipfunctions = [misp.add_ipsrc, misp.add_ipdst]
|
||||
ipfunctions[randint(0,1)](event, ip)
|
||||
|
||||
def flooddomain(misp, event, maxlength = 25):
|
||||
a = randomStringGenerator(randint(1, maxlength))
|
||||
b = randomStringGenerator(randint(2, 3), chars=string.ascii_lowercase)
|
||||
domain = a + '.' + b
|
||||
domainfunctions = [misp.add_hostname, misp.add_domain]
|
||||
domainfunctions[randint(0,1)](event, domain)
|
||||
|
||||
def flooddomainip(misp, event, maxlength = 25):
|
||||
a = randomStringGenerator(randint(1, maxlength))
|
||||
b = randomStringGenerator(randint(2, 3), chars=string.ascii_lowercase)
|
||||
domain = a + '.' + b
|
||||
ip = randomIpGenerator()
|
||||
misp.add_domain_ip(event, domain, ip)
|
||||
|
||||
def floodemail(misp, event, maxlength = 25):
|
||||
a = randomStringGenerator(randint(1, maxlength))
|
||||
b = randomStringGenerator(randint(1, maxlength))
|
||||
c = randomStringGenerator(randint(2, 3), chars=string.ascii_lowercase)
|
||||
email = a + '@' + b + '.'+ c
|
||||
emailfunctions = [misp.add_email_src, misp.add_email_dst]
|
||||
emailfunctions[randint(0,1)](event, email)
|
||||
|
||||
def floodattachment(misp, eventid, distribution, to_ids, category, comment, info, analysis, threat_level_id):
|
||||
filename = randomStringGenerator(randint(1,128))
|
||||
misp.upload_sample(filename, 'dummy', eventid, distribution, to_ids, category, comment, info, analysis, threat_level_id)
|
||||
|
||||
def create_dummy_event(misp):
|
||||
event = misp.new_event(0, 4, 0, 'dummy event')
|
||||
flooddomainip(misp, event)
|
||||
floodattachment(misp, event['Event']['id'], event['Event']['id'], event['Event']['distribution'], False, 'Payload delivery', '', event['Event']['info'], event['Event']['analysis'], event['Event']['threat_level_id'])
|
||||
|
||||
def create_massive_dummy_events(misp, nbattribute):
|
||||
event = misp.new_event(0, 4, 0, 'massive dummy event')
|
||||
eventid = event['Event']['id']
|
||||
functions = [floodtxt, floodip, flooddomain, flooddomainip, floodemail, floodattachment]
|
||||
for i in range(nbattribute):
|
||||
choice = randint(0,5)
|
||||
if choice == 5:
|
||||
floodattachment(misp, eventid, event['Event']['distribution'], False, 'Payload delivery', '', event['Event']['info'], event['Event']['analysis'], event['Event']['threat_level_id'])
|
||||
else:
|
||||
functions[choice](misp,event)
|
Loading…
Reference in New Issue