MISP
/
PyMISP
mirror of https://github.com/MISP/PyMISP
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: Add MISPSighting class.

pull/160/head
Raphaël Vinot 2017-12-26 17:13:57 +01:00
parent f447f55268
commit 4708786959
3 changed files with 48 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pymisp/__init__.py
View File

@ -30,7 +30,7 @@ try:
from .exceptions import PyMISPError, NewEventError, NewAttributeError, MissingDependency, NoURL, NoKey, InvalidMISPObject, UnknownMISPObjectTemplate # noqa from .exceptions import PyMISPError, NewEventError, NewAttributeError, MissingDependency, NoURL, NoKey, InvalidMISPObject, UnknownMISPObjectTemplate # noqa
from .api import PyMISP # noqa from .api import PyMISP # noqa
from .abstract import AbstractMISP, MISPEncode # noqa from .abstract import AbstractMISP, MISPEncode # noqa
from .mispevent import MISPEvent, MISPAttribute, MISPObjectReference, MISPObjectAttribute, MISPObject, MISPTag, MISPUser, MISPOrganisation # noqa from .mispevent import MISPEvent, MISPAttribute, MISPObjectReference, MISPObjectAttribute, MISPObject, MISPTag, MISPUser, MISPOrganisation, MISPSighting # noqa
from .tools import AbstractMISPObjectGenerator # noqa from .tools import AbstractMISPObjectGenerator # noqa
from .tools import Neo4j # noqa from .tools import Neo4j # noqa
from .tools import stix # noqa from .tools import stix # noqa

26
pymisp/api.py
View File

@ -16,7 +16,7 @@ import zipfile
from . import __version__, deprecated from . import __version__, deprecated
from .exceptions import PyMISPError, SearchError, NoURL, NoKey from .exceptions import PyMISPError, SearchError, NoURL, NoKey
from .mispevent import MISPEvent, MISPAttribute, MISPUser, MISPOrganisation from .mispevent import MISPEvent, MISPAttribute, MISPUser, MISPOrganisation, MISPSighting
from .abstract import MISPEncode from .abstract import MISPEncode
logger = logging.getLogger('pymisp') logger = logging.getLogger('pymisp')
@ -1296,10 +1296,16 @@ class PyMISP(object):
def set_sightings(self, sightings): def set_sightings(self, sightings):
"""Push a sighting (python dictionary)""" """Push a sighting (python dictionary)"""
if isinstance(sightings, dict): to_post = []
sightings = json.dumps(sightings) if not isinstance(sightings, list):
sightings = [sightings]
for sighting in sightings:
if isinstance(sighting, MISPSighting):
to_post.appent(sighting.to_json())
elif isinstance(sighting, dict):
to_post.append(json.dumps(sightings))
url = urljoin(self.root_url, 'sightings/add/') url = urljoin(self.root_url, 'sightings/add/')
response = self.__prepare_request('POST', url, sightings) response = self.__prepare_request('POST', url, json.dumps(to_post))
return self._check_response(response) return self._check_response(response)
def sighting_per_json(self, json_file): def sighting_per_json(self, json_file):
@ -1308,6 +1314,18 @@ class PyMISP(object):
jdata = json.load(f) jdata = json.load(f)
return self.set_sightings(jdata) return self.set_sightings(jdata)
def sighting(self, value, source=None, type=None, timestamp=None, **kwargs):
""" Set a single sighting.
:value: Value can either be the attribute's value (to update sighting on all the attributes with this value),
or an UUID in order to update the sightings of one particular attribute.
:source: Source of the sighting
:type: Type of the sighting
:timestamp: Timestamp associated to the sighting
"""
s = MISPSighting()
s.from_dict(value=value, source=source, type=type, timestamp=timestamp, **kwargs)
return self.set_sightings(s)
# ############## Sharing Groups ################## # ############## Sharing Groups ##################
def get_sharing_groups(self): def get_sharing_groups(self):

25
pymisp/mispevent.py
View File

@ -689,6 +689,31 @@ class MISPOrganisation(AbstractMISP):
super(MISPOrganisation, self).__init__() super(MISPOrganisation, self).__init__()
class MISPSighting(AbstractMISP):
def __init__(self):
super(MISPSighting, self).__init__()
def from_dict(self, value, source=None, type=None, timestamp=None, **kwargs):
"""Initialize the MISPSighting from a dictionary
:value: Value can either be the attribute's value (to update sighting on all the attributes with this value),
or an UUID in order to update the sightings of one particular attribute.
:source: Source of the sighting
:type: Type of the sighting
:timestamp: Timestamp associated to the sighting
"""
self.value = value
self.source = source
self.type = type
self.timestamp = timestamp
super(MISPSighting, self).from_dict(**kwargs)
def __repr__(self):
if hasattr(self, 'value'):
return '<{self.__class__.__name__}(value={self.value})'.format(self=self)
return '<{self.__class__.__name__}(NotInitialized)'.format(self=self)
class MISPObjectAttribute(MISPAttribute): class MISPObjectAttribute(MISPAttribute):
def __init__(self, definition): def __init__(self, definition):