mirror of https://github.com/MISP/PyMISP
Added the option to filter out attributes based on distribution level
Iglocska
Déborah Servili
parent
b573daf86d
commit
423757530b
|
|
@ -5,7 +5,7 @@ import sys
|
||||||
import json
|
import json
|
||||||
import os
|
import os
|
||||||
from pymisp import PyMISP
|
from pymisp import PyMISP
|
||||||
from settings import url, key, ssl, outputdir, filters
|
from settings import *
|
||||||
|
|
||||||
|
|
||||||
objectsToSave = {
|
objectsToSave = {
|
||||||
|
|
@ -29,8 +29,16 @@ fieldsToSave = ['uuid', 'info', 'threat_level_id', 'analysis',
|
||||||
'timestamp', 'publish_timestamp', 'published',
|
'timestamp', 'publish_timestamp', 'published',
|
||||||
'date']
|
'date']
|
||||||
|
|
||||||
|
valid_attribute_distributions = []
|
||||||
|
|
||||||
|
|
||||||
def init():
|
def init():
|
||||||
|
# If we have an old settings.py file then this variable won't exist
|
||||||
|
global valid_attribute_distributions
|
||||||
|
try:
|
||||||
|
valid_attribute_distributions = valid_attribute_distribution_levels
|
||||||
|
except:
|
||||||
|
valid_attribute_distributions = ['0', '1', '2', '3', '4', '5']
|
||||||
return PyMISP(url, key, ssl, 'json')
|
return PyMISP(url, key, ssl, 'json')
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -61,11 +69,20 @@ def __cleanupEventFields(event, temp):
|
||||||
return event
|
return event
|
||||||
|
|
||||||
|
|
||||||
|
def __blockAttributeByDistribution(attribute):
|
||||||
|
if attribute['distribution'] not in valid_attribute_distributions:
|
||||||
|
return True
|
||||||
|
return False
|
||||||
|
|
||||||
|
|
||||||
def __cleanupEventObjects(event, temp):
|
def __cleanupEventObjects(event, temp):
|
||||||
for objectType in objectsToSave.keys():
|
for objectType in objectsToSave.keys():
|
||||||
if objectsToSave[objectType]['multiple'] is True:
|
if objectsToSave[objectType]['multiple'] is True:
|
||||||
if objectType in temp['Event']:
|
if objectType in temp['Event']:
|
||||||
for objectInstance in temp['Event'][objectType]:
|
for objectInstance in temp['Event'][objectType]:
|
||||||
|
if objectType is 'Attribute':
|
||||||
|
if __blockAttributeByDistribution(objectInstance):
|
||||||
|
continue
|
||||||
tempObject = {}
|
tempObject = {}
|
||||||
for field in objectsToSave[objectType]['fields']:
|
for field in objectsToSave[objectType]['fields']:
|
||||||
if field in objectInstance.keys():
|
if field in objectInstance.keys():
|
||||||
|
|
|
||||||
|
|
@ -21,3 +21,19 @@ outputdir = 'output'
|
||||||
# tlp:white and/or feed-export but exclude anything tagged privint
|
# tlp:white and/or feed-export but exclude anything tagged privint
|
||||||
filters = {}
|
filters = {}
|
||||||
|
|
||||||
|
|
||||||
|
# By default all attributes will be included in the feed generation
|
||||||
|
# Remove the levels that you do not wish to include in the feed
|
||||||
|
# Use this to further narrow down what gets exported, for example:
|
||||||
|
# Setting this to ['3', '5'] will exclude any attributes from the feed that
|
||||||
|
# are not exportable to all or inherit the event
|
||||||
|
#
|
||||||
|
# The levels are as follows:
|
||||||
|
# 0: Your Organisation Only
|
||||||
|
# 1: This Community Only
|
||||||
|
# 2: Connected Communities
|
||||||
|
# 3: All
|
||||||
|
# 4: Sharing Group
|
||||||
|
# 5: Inherit Event
|
||||||
|
valid_attribute_distribution_levels = ['0', '1', '2', '3', '4', '5']
|
||||||
|
|
||||||
Loading…
Reference in New Issue