Add test script to add attachement to event

2015-08-03 18:09:39 +02:00 · 2015-08-03 18:09:39 +02:00 · 58bfd30a23
parent 4e942fa33b
commit 58bfd30a23
1 changed files with 43 additions and 0 deletions
--- a/examples/add_attachement.py
+++ b/examples/add_attachement.py
@ -0,0 +1,43 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+from pymisp import PyMISP
+from keys import priv
+import argparse
+import os
+import glob
+import base64
+import json
+import time
+
+url = 'https://misppriv.circl.lu'
+
+
+def init(url, key):
+    return PyMISP(url, key, True, 'json')
+
+
+def upload_file(m, eid, path):
+    curevent = misp.get_event(eid)
+    j = curevent.json()
+    if j.get("Event"):
+        with open(path, "rb") as curfile:
+            j["Event"].update({"data": base64.b64encode(curfile.read())})
+            j["Event"]["timestamp"] = int(time.time())
+        out = misp.update_event(args.event, json.dumps(j))
+    print out, out.text
+
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser(description='Send malware sample to MISP.')
+    parser.add_argument("-u", "--upload", type=str, required=True, help="File or directory of files to upload.")
+    parser.add_argument("-e", "--event", type=int, help="Event to update with a sample (if none, create a new event).")
+    args = parser.parse_args()
+
+    misp = init(url, priv)
+
+    if os.path.isfile(args.upload):
+        upload_file(misp, args.event, args.upload)
+    elif os.path.isdir(args.upload):
+        for filename in glob.iglob(os.path.join(args.upload + '*')):
+            upload_file(misp, args.event, filename)