MISP
/
PyMISP
mirror of https://github.com/MISP/PyMISP
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #435 from 0xThiebaut/master 

Fix stats_report example to use ExpandedPyMISP
pull/436/head
Raphaël Vinot 2019-08-12 17:23:59 +02:00 committed by GitHub
parent 2d37c68bd7 e912b3ff93
commit 3ad3513800
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 26 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
examples/stats_report.py
View File

@ -2,6 +2,7 @@
# -*- coding: utf-8 -*-
'''
Koen Van Impe
Maxime Thiebaut
Generate a report of your MISP statistics
Put this script in crontab to run every /15 or /60
@ -11,7 +12,7 @@ Do inline config in "main"
'''
from pymisp import PyMISP
from pymisp import ExpandedPyMISP
from keys import misp_url, misp_key, misp_verifycert
import argparse
import os
@ -35,7 +36,7 @@ def init(url, key, verifycert):
'''
Template to get MISP module started
'''
return PyMISP(url, key, verifycert, 'json')
return ExpandedPyMISP(url, key, verifycert, 'json')
@ -60,8 +61,7 @@ def get_data(misp, timeframe):
report = {}
try:
stats_event = misp.search(last=timeframe)
stats_event_response = stats_event['response']
stats_event_response = misp.search(last=timeframe)
# Number of new or updated events since timestamp
report['number_of_misp_events'] = len(stats_event_response)
@ -105,10 +105,6 @@ def get_data(misp, timeframe):
attr_category[category] = attr_category[category] + 1
else:
attr_category[category] = 1
report['number_of_attributes'] = number_of_attributes
report['number_of_attributes_to_ids'] = number_of_attributes_to_ids
report['attr_type'] = attr_type
report['attr_category'] = attr_category
# Process tags
if 'Tag' in event_data:
@ -140,11 +136,6 @@ def get_data(misp, timeframe):
tags_type[tag_title] = tags_type[tag_title] + 1
else:
tags_type[tag_title] = 1
report['tags_type'] = tags_type
report['tags_tlp'] = tags_tlp
report['tags_misp_galaxy_mitre'] = tags_misp_galaxy_mitre
report['tags_misp_galaxy'] = tags_misp_galaxy
report['tags_misp_galaxy_threat_actor'] = tags_misp_galaxy_threat_actor
# Process the galaxies
if 'Galaxy' in event_data:
@ -163,12 +154,21 @@ def get_data(misp, timeframe):
galaxies_cluster[cluster_value] = galaxies_cluster[cluster_value] + 1
else:
galaxies_cluster[cluster_value] = 1
report['galaxies'] = galaxies
report['galaxies_cluster'] = galaxies_cluster
report['number_of_attributes'] = number_of_attributes
report['number_of_attributes_to_ids'] = number_of_attributes_to_ids
report['attr_type'] = attr_type
report['attr_category'] = attr_category
report['tags_type'] = tags_type
report['tags_tlp'] = tags_tlp
report['tags_misp_galaxy_mitre'] = tags_misp_galaxy_mitre
report['tags_misp_galaxy'] = tags_misp_galaxy
report['tags_misp_galaxy_threat_actor'] = tags_misp_galaxy_threat_actor
report['galaxies'] = galaxies
report['galaxies_cluster'] = galaxies_cluster
# General MISP statistics
user_statistics = misp.get_users_statistics()
if user_statistics:
user_statistics = misp.users_statistics()
if user_statistics and 'errors' not in user_statistics:
report['user_statistics'] = user_statistics
# Return the report data
@ -191,12 +191,13 @@ def build_report(report, timeframe, misp_url):
report_body = report_body + '\nNew or updated attributes: %s' % report['number_of_attributes']
report_body = report_body + '\nNew or updated attributes with IDS flag: %s' % report['number_of_attributes_to_ids']
report_body = report_body + '\n'
report_body = report_body + '\nTotal events: %s' % report['user_statistics']['stats']['event_count']
report_body = report_body + '\nTotal attributes: %s' % report['user_statistics']['stats']['attribute_count']
report_body = report_body + '\nTotal users: %s' % report['user_statistics']['stats']['user_count']
report_body = report_body + '\nTotal orgs: %s' % report['user_statistics']['stats']['org_count']
report_body = report_body + '\nTotal correlation: %s' % report['user_statistics']['stats']['correlation_count']
report_body = report_body + '\nTotal proposals: %s' % report['user_statistics']['stats']['proposal_count']
if 'user_statistics' in report:
report_body = report_body + '\nTotal events: %s' % report['user_statistics']['stats']['event_count']
report_body = report_body + '\nTotal attributes: %s' % report['user_statistics']['stats']['attribute_count']
report_body = report_body + '\nTotal users: %s' % report['user_statistics']['stats']['user_count']
report_body = report_body + '\nTotal orgs: %s' % report['user_statistics']['stats']['org_count']
report_body = report_body + '\nTotal correlation: %s' % report['user_statistics']['stats']['correlation_count']
report_body = report_body + '\nTotal proposals: %s' % report['user_statistics']['stats']['proposal_count']
report_body = report_body + '\n\n'
@ -204,8 +205,8 @@ def build_report(report, timeframe, misp_url):
report_body = report_body + '\nNew or updated events\n-------------------------------------------------------------------------------'
attachments['misp_events'] = 'ID;Title;Date;Updated;Published;ThreatLevel;AnalysisStatus'
for el in report['misp_events']:
report_body = report_body + '\n #%s %s (%s) \t%s \n\t\t\t\t(Date: %s, Updated: %s, Published: %s)' % (el['id'], el['threat_level'], el['analysis_completion'], el['title'], el['date'], el['timestamp'], el['publish_timestamp'])
attachments['misp_events'] = attachments['misp_events'] + '\n%s;%s;%s;%s;%s;%s;%s' % (el['id'], el['title'], el['date'], el['timestamp'], el['publish_timestamp'], el['threat_level'], el['analysis_completion'])
report_body = report_body + '\n #%s %s (%s) \t%s \n\t\t\t\t(Date: %s, Updated: %s, Published: %s)' % (el['id'], el['threat_level'], el['analysis_completion'], el['title'].decode('utf-8'), el['date'], el['timestamp'], el['publish_timestamp'])
attachments['misp_events'] = attachments['misp_events'] + '\n%s;%s;%s;%s;%s;%s;%s' % (el['id'], el['title'].decode('utf-8'), el['date'], el['timestamp'], el['publish_timestamp'], el['threat_level'], el['analysis_completion'])
report_body = report_body + '\n\n'