From 55b4a0725bcd091c959df1b4b9b29d50980a3d5d Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Fri, 4 Nov 2016 09:31:52 +0100 Subject: [PATCH] Neo4j stuff moved into graphdb directory --- examples/graphdb/make_neo4j.py | 45 ++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100755 examples/graphdb/make_neo4j.py diff --git a/examples/graphdb/make_neo4j.py b/examples/graphdb/make_neo4j.py new file mode 100755 index 0000000..6393813 --- /dev/null +++ b/examples/graphdb/make_neo4j.py @@ -0,0 +1,45 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +from pymisp import PyMISP +from pymisp import Neo4j +from pymisp import MISPEvent +from keys import misp_url, misp_key +import argparse + +""" +Sample Neo4J query: + + +MATCH ()-[r:has]->(n) +WITH n, count(r) as rel_cnt +WHERE rel_cnt > 5 +MATCH (m)-[r:has]->(n) +RETURN m, n LIMIT 200; +""" + +if __name__ == '__main__': + parser = argparse.ArgumentParser(description='Get all the events matching a value.') + parser.add_argument("-s", "--search", required=True, help="String to search.") + parser.add_argument("--host", default='localhost:7474', help="Host where neo4j is running.") + parser.add_argument("-u", "--user", default='neo4j', help="User on neo4j.") + parser.add_argument("-p", "--password", default='neo4j', help="Password on neo4j.") + parser.add_argument("-d", "--deleteall", action="store_true", default=False, help="Delete all nodes from the database") + args = parser.parse_args() + + neo4j = Neo4j(args.host, args.user, args.password) + if args.deleteall: + neo4j.del_all() + misp = PyMISP(misp_url, misp_key) + result = misp.search_all(args.search) + for json_event in result['response']: + if not json_event['Event']: + print(json_event) + continue + print('Importing', json_event['Event']['info'], json_event['Event']['id']) + try: + misp_event = MISPEvent() + misp_event.load(json_event) + neo4j.import_event(misp_event) + except: + print('broken')