mirror of https://github.com/MISP/PyMISP
Merge remote-tracking branch 'origin/master'
Conflicts: examples/get_network_activity.py (python 2.7 & 3 compatible print)pull/2/merge
commit
4e942fa33b
|
@ -18,7 +18,7 @@ destination = None
|
||||||
def init(cert_to_priv=True):
|
def init(cert_to_priv=True):
|
||||||
global source
|
global source
|
||||||
global destination
|
global destination
|
||||||
print cert_to_priv
|
print(cert_to_priv)
|
||||||
if cert_to_priv:
|
if cert_to_priv:
|
||||||
source = PyMISP(url_cert, cert, cert_cert, 'xml')
|
source = PyMISP(url_cert, cert, cert_cert, 'xml')
|
||||||
destination = PyMISP(url_priv, priv, cert_priv, 'xml')
|
destination = PyMISP(url_priv, priv, cert_priv, 'xml')
|
||||||
|
@ -63,22 +63,22 @@ def loop_copy():
|
||||||
def copy(eventid):
|
def copy(eventid):
|
||||||
eventid = eventid.strip()
|
eventid = eventid.strip()
|
||||||
if len(eventid) == 0 or not eventid.isdigit():
|
if len(eventid) == 0 or not eventid.isdigit():
|
||||||
print 'empty line or NaN.'
|
print('empty line or NaN.')
|
||||||
return
|
return
|
||||||
eventid = int(eventid)
|
eventid = int(eventid)
|
||||||
print eventid, 'copying...'
|
print(eventid, 'copying...')
|
||||||
r = copy_event(eventid)
|
r = copy_event(eventid)
|
||||||
if r.status_code >= 400:
|
if r.status_code >= 400:
|
||||||
loc = r.headers['location']
|
loc = r.headers['location']
|
||||||
if loc is not None:
|
if loc is not None:
|
||||||
event_to_update = loc.split('/')[-1]
|
event_to_update = loc.split('/')[-1]
|
||||||
print'updating', event_to_update
|
print('updating', event_to_update)
|
||||||
r = update_event(eventid, event_to_update)
|
r = update_event(eventid, event_to_update)
|
||||||
if r.status_code >= 400:
|
if r.status_code >= 400:
|
||||||
print r.status_code, r.headers
|
print(r.status_code, r.headers)
|
||||||
else:
|
else:
|
||||||
print r.status_code, r.headers
|
print(r.status_code, r.headers)
|
||||||
print eventid, 'done.'
|
print(eventid, 'done.')
|
||||||
|
|
||||||
|
|
||||||
def export_our_org():
|
def export_our_org():
|
||||||
|
|
|
@ -70,7 +70,7 @@ def get_event(event_id):
|
||||||
else:
|
else:
|
||||||
continue
|
continue
|
||||||
else:
|
else:
|
||||||
print "Not a valid ID"
|
print("Not a valid ID")
|
||||||
return
|
return
|
||||||
|
|
||||||
|
|
||||||
|
@ -103,16 +103,16 @@ def print_events():
|
||||||
|
|
||||||
if app_ip_src:
|
if app_ip_src:
|
||||||
for ip in network_ip_src:
|
for ip in network_ip_src:
|
||||||
print ip[0]
|
print(ip[0])
|
||||||
if app_ip_dst:
|
if app_ip_dst:
|
||||||
for ip in network_ip_dst:
|
for ip in network_ip_dst:
|
||||||
print ip[0]
|
print(ip[0])
|
||||||
if app_domain:
|
if app_domain:
|
||||||
for ip in network_domain:
|
for ip in network_domain:
|
||||||
print ip[0]
|
print(ip[0])
|
||||||
if app_hostname:
|
if app_hostname:
|
||||||
for ip in network_hostname:
|
for ip in network_hostname:
|
||||||
print ip[0]
|
print(ip[0])
|
||||||
|
|
||||||
|
|
||||||
if __name__ == '__main__':
|
if __name__ == '__main__':
|
||||||
|
@ -158,4 +158,4 @@ if __name__ == '__main__':
|
||||||
get_event(event_id.strip())
|
get_event(event_id.strip())
|
||||||
print_events()
|
print_events()
|
||||||
else:
|
else:
|
||||||
print "No filename given, stopping."
|
print("No filename given, stopping.")
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
from api import PyMISP
|
from .api import PyMISP
|
||||||
|
|
|
@ -45,7 +45,7 @@ class PyMISP(object):
|
||||||
session.headers.update(
|
session.headers.update(
|
||||||
{'Authorization': self.key,
|
{'Authorization': self.key,
|
||||||
'Accept': 'application/' + out,
|
'Accept': 'application/' + out,
|
||||||
'content-type': 'text/' + out})
|
'content-type': 'application/' + out})
|
||||||
return session
|
return session
|
||||||
|
|
||||||
def __query(self, session, path, query):
|
def __query(self, session, path, query):
|
||||||
|
@ -53,7 +53,7 @@ class PyMISP(object):
|
||||||
return query
|
return query
|
||||||
url = self.rest.format(path)
|
url = self.rest.format(path)
|
||||||
query = {'request': query}
|
query = {'request': query}
|
||||||
print json.dumps(query)
|
print(json.dumps(query))
|
||||||
r = session.post(url, data=json.dumps(query))
|
r = session.post(url, data=json.dumps(query))
|
||||||
return r.json()
|
return r.json()
|
||||||
|
|
||||||
|
@ -66,7 +66,7 @@ class PyMISP(object):
|
||||||
Warning, there's a limit on the number of results
|
Warning, there's a limit on the number of results
|
||||||
"""
|
"""
|
||||||
session = self.__prepare_session()
|
session = self.__prepare_session()
|
||||||
return session.get(self.rest)
|
return session.get(self.url)
|
||||||
|
|
||||||
def get_event(self, event_id):
|
def get_event(self, event_id):
|
||||||
"""
|
"""
|
||||||
|
@ -81,20 +81,32 @@ class PyMISP(object):
|
||||||
"""
|
"""
|
||||||
Add a new event
|
Add a new event
|
||||||
|
|
||||||
:param event: Event object to add
|
:param event: Event as JSON object / string or XML to add
|
||||||
"""
|
"""
|
||||||
session = self.__prepare_session()
|
session = self.__prepare_session()
|
||||||
return session.post(self.url, data=event)
|
if self.out_type == 'json':
|
||||||
|
if isinstance(event, basestring):
|
||||||
|
return session.post(self.url, data=event)
|
||||||
|
else:
|
||||||
|
return session.post(self.url, data=json.dumps(event))
|
||||||
|
else:
|
||||||
|
return session.post(self.url, data=event)
|
||||||
|
|
||||||
def update_event(self, event_id, event):
|
def update_event(self, event_id, event):
|
||||||
"""
|
"""
|
||||||
Update an event
|
Update an event
|
||||||
|
|
||||||
:param event_id: Event id to update
|
:param event_id: Event id to update
|
||||||
:param event: Elements to add
|
:param event: Event as JSON object / string or XML to add
|
||||||
"""
|
"""
|
||||||
session = self.__prepare_session()
|
session = self.__prepare_session()
|
||||||
return session.post(self.rest.format(event_id), data=event)
|
if self.out_type == 'json':
|
||||||
|
if isinstance(event, basestring):
|
||||||
|
return session.post(self.rest.format(event_id), data=event)
|
||||||
|
else:
|
||||||
|
return session.post(self.rest.format(event_id), data=json.dumps(event))
|
||||||
|
else:
|
||||||
|
return session.post(self.rest.format(event_id), data=event)
|
||||||
|
|
||||||
def delete_event(self, event_id):
|
def delete_event(self, event_id):
|
||||||
"""
|
"""
|
||||||
|
@ -196,6 +208,24 @@ class PyMISP(object):
|
||||||
session = self.__prepare_session('xml')
|
session = self.__prepare_session('xml')
|
||||||
return session.get(xml)
|
return session.get(xml)
|
||||||
|
|
||||||
|
def download_all_suricata(self):
|
||||||
|
"""
|
||||||
|
Download all suricata rules events.
|
||||||
|
"""
|
||||||
|
suricata_rules = self.url + '/nids/suricata/download'
|
||||||
|
session = self.__prepare_session('rules')
|
||||||
|
return session.get(suricata_rules)
|
||||||
|
|
||||||
|
def download_suricata_rule_event(self, event_id):
|
||||||
|
"""
|
||||||
|
Download one suricata rule event.
|
||||||
|
|
||||||
|
:param event_id: ID of the event to download (same as get)
|
||||||
|
"""
|
||||||
|
template = self.url + '/nids/suricata/download/{}'
|
||||||
|
session = self.__prepare_session('rules')
|
||||||
|
return session.get(template.format(event_id))
|
||||||
|
|
||||||
def download(self, event_id, with_attachement=False):
|
def download(self, event_id, with_attachement=False):
|
||||||
"""
|
"""
|
||||||
Download one event in XML
|
Download one event in XML
|
||||||
|
|
Loading…
Reference in New Issue