MISP
/
PyMISP
mirror of https://github.com/MISP/PyMISP
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: Bump examples to python3

pull/421/head
Raphaël Vinot 2019-07-17 16:46:47 +02:00
parent ce4cb36d0d
commit 6a48faab73
25 changed files with 134 additions and 262 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
examples/add_email_object.py
View File

@ -1,7 +1,7 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from pymisp import PyMISP
from pymisp import ExpandedPyMISP
from pymisp.tools import EMailObject
import traceback
from keys import misp_url, misp_key, misp_verifycert
@ -15,17 +15,16 @@ if __name__ == '__main__':
parser.add_argument("-p", "--path", required=True, help="Path to process (expanded using glob).")
args = parser.parse_args()
pymisp = PyMISP(misp_url, misp_key, misp_verifycert, debug=True)
pymisp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert, debug=True)
for f in glob.glob(args.path):
try:
eo = EMailObject(f)
except Exception as e:
except Exception:
traceback.print_exc()
continue
if eo:
template_id = pymisp.get_object_template_id(eo.template_uuid)
response = pymisp.add_object(args.event, template_id, eo)
response = pymisp.add_object(args.event, eo)
for ref in eo.ObjectReference:
r = pymisp.add_object_reference(ref)

19
examples/add_fail2ban_object.py
View File

@ -1,7 +1,7 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from pymisp import PyMISP, MISPEvent
from pymisp import ExpandedPyMISP, MISPEvent
from pymisp.tools import Fail2BanObject
import argparse
from base64 import b64decode
@ -43,23 +43,23 @@ if __name__ == '__main__':
parser.add_argument("-d", "--disable_new", action='store_true', default=False, help="Do not create a new Event.")
args = parser.parse_args()
pymisp = PyMISP(misp_url, misp_key, misp_verifycert, debug=True)
pymisp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert, debug=True)
event_id = -1
me = None
if args.force_new:
me = create_new_event()
else:
response = pymisp.search_index(tag=args.tag, timestamp='1h')
if response['response']:
response = pymisp.search_index(tag=args.tag, timestamp='1h', pythonify=True)
if response:
if args.disable_new:
event_id = response['response'][0]['id']
event_id = response[0].id
else:
last_event_date = parse(response['response'][0]['date']).date()
nb_attr = response['response'][0]['attribute_count']
last_event_date = parse(response[0].date).date()
nb_attr = response[0].attribute_count
if last_event_date < date.today() or int(nb_attr) > 1000:
me = create_new_event()
else:
event_id = response['response'][0]['id']
event_id = response[0].id
else:
me = create_new_event()
@ -83,5 +83,4 @@ if __name__ == '__main__':
me.add_object(f2b)
pymisp.add_event(me)
elif event_id:
template_id = pymisp.get_object_template_id(f2b.template_uuid)
a = pymisp.add_object(event_id, template_id, f2b)
a = pymisp.add_object(event_id, f2b)

14
examples/add_feed.py
View File

@ -1,7 +1,7 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from pymisp import PyMISP
from pymisp import ExpandedPyMISP, MISPFeed
from keys import misp_url, misp_key, misp_verifycert
import argparse
@ -14,6 +14,12 @@ if __name__ == '__main__':
parser.add_argument("-p", "--provider", required=True, help="Provider name")
args = parser.parse_args()
pm = PyMISP(misp_url, misp_key, misp_verifycert, debug=True)
response = pm.add_feed(args.format, args.url, args.name, args.input, args.provider)
print(response)
pm = ExpandedPyMISP(misp_url, misp_key, misp_verifycert, debug=True)
feed = MISPFeed()
feed.format = args.format
feed.url = args.url
feed.name = args.name
feed.input = args.input
feed.provider = args.provider
response = pm.add_feed(feed, pythonify=True)
print(response.to_json())

15
examples/add_file_object.py
View File

@ -1,7 +1,7 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from pymisp import PyMISP
from pymisp import ExpandedPyMISP
from pymisp.tools import make_binary_objects
import traceback
from keys import misp_url, misp_key, misp_verifycert
@ -14,28 +14,25 @@ if __name__ == '__main__':
parser.add_argument("-p", "--path", required=True, help="Path to process (expanded using glob).")
args = parser.parse_args()
pymisp = PyMISP(misp_url, misp_key, misp_verifycert)
pymisp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert)
for f in glob.glob(args.path):
try:
fo, peo, seos = make_binary_objects(f)
except Exception as e:
except Exception:
traceback.print_exc()
continue
if seos:
for s in seos:
template_id = pymisp.get_object_template_id(s.template_uuid)
r = pymisp.add_object(args.event, template_id, s)
r = pymisp.add_object(args.event, s)
if peo:
template_id = pymisp.get_object_template_id(peo.template_uuid)
r = pymisp.add_object(args.event, template_id, peo)
r = pymisp.add_object(args.event, peo)
for ref in peo.ObjectReference:
r = pymisp.add_object_reference(ref)
if fo:
template_id = pymisp.get_object_template_id(fo.template_uuid)
response = pymisp.add_object(args.event, template_id, fo)
response = pymisp.add_object(args.event, fo)
for ref in fo.ObjectReference:
r = pymisp.add_object_reference(ref)

19
examples/add_generic_object.py
View File

@ -2,7 +2,7 @@
# -*- coding: utf-8 -*-
import json
from pymisp import PyMISP
from pymisp import ExpandedPyMISP
from pymisp.tools import GenericObjectGenerator
from keys import misp_url, misp_key, misp_verifycert
import argparse
@ -19,21 +19,8 @@ if __name__ == '__main__':
parser.add_argument("-l", "--attr_list", required=True, help="List of attributes")
args = parser.parse_args()
pymisp = PyMISP(misp_url, misp_key, misp_verifycert)
template = pymisp.get_object_templates_list()
if 'response' in template.keys():
template = template['response']
try:
template_ids = [x['ObjectTemplate']['id'] for x in template if x['ObjectTemplate']['name'] == args.type]
if len(template_ids) > 0:
template_id = template_ids[0]
else:
raise IndexError
except IndexError:
valid_types = ", ".join([x['ObjectTemplate']['name'] for x in template])
print ("Template for type %s not found! Valid types are: %s" % (args.type, valid_types))
exit()
pymisp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert)
misp_object = GenericObjectGenerator(args.type.replace("|", "-"))
misp_object.generate_attributes(json.loads(args.attr_list))
r = pymisp.add_object(args.event, template_id, misp_object)
r = pymisp.add_object(args.event, misp_object)

9
examples/add_named_attribute.py
View File

@ -1,7 +1,7 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from pymisp import PyMISP
from pymisp import ExpandedPyMISP
from keys import misp_url, misp_key, misp_verifycert
import argparse
@ -12,9 +12,6 @@ except NameError:
pass
def init(url, key):
return PyMISP(url, key, misp_verifycert, 'json', debug=True)
if __name__ == '__main__':
parser = argparse.ArgumentParser(description='Add an attribute to an event')
parser.add_argument("-e", "--event", help="The id, uuid or json of the event to update.")
@ -22,7 +19,7 @@ if __name__ == '__main__':
parser.add_argument("-v", "--value", help="The value of the attribute")
args = parser.parse_args()
misp = init(misp_url, misp_key)
misp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert)
event = misp.add_named_attribute(args.event, args.type, args.value)
event = misp.add_attribute(args.event, {'type': args.type, 'value': args.value}, pythonify=True)
print(event)

7
examples/add_ssh_authorized_keys.py
View File

@ -1,7 +1,7 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from pymisp import PyMISP
from pymisp import ExpandedPyMISP
from pymisp.tools import SSHAuthorizedKeysObject
import traceback
from keys import misp_url, misp_key, misp_verifycert
@ -15,7 +15,7 @@ if __name__ == '__main__':
parser.add_argument("-p", "--path", required=True, help="Path to process (expanded using glob).")
args = parser.parse_args()
pymisp = PyMISP(misp_url, misp_key, misp_verifycert, debug=True)
pymisp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert, debug=True)
for f in glob.glob(args.path):
try:
@ -24,7 +24,6 @@ if __name__ == '__main__':
traceback.print_exc()
continue
template_id = pymisp.get_object_template_id(auth_keys.template_uuid)
response = pymisp.add_object(args.event, template_id, auth_keys)
response = pymisp.add_object(args.event, auth_keys)
for ref in auth_keys.ObjectReference:
r = pymisp.add_object_reference(ref)

21
examples/add_user.py
View File

@ -1,20 +1,10 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from pymisp import PyMISP
from pymisp import ExpandedPyMISP, MISPUser
from keys import misp_url, misp_key, misp_verifycert
import argparse
# For python2 & 3 compat, a bit dirty, but it seems to be the least bad one
try:
input = raw_input
except NameError:
pass
def init(url, key):
return PyMISP(url, key, misp_verifycert, 'json')
if __name__ == '__main__':
parser = argparse.ArgumentParser(description='Add a new user by setting the mandory fields.')
parser.add_argument("-e", "--email", required=True, help="Email linked to the account.")
@ -22,6 +12,11 @@ if __name__ == '__main__':
parser.add_argument("-r", "--role_id", required=True, help="Role linked to the user.")
args = parser.parse_args()
misp = init(misp_url, misp_key)
misp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert, 'json')
print (misp.add_user(args.email, args.org_id, args.role_id))
user = MISPUser()
user.email = args.email
user.org_id = args.org_id
user.role_id = args.role_id
print(misp.add_user(user, pythonify=True))

10
examples/cache_all.py
View File

@ -2,13 +2,9 @@
# -*- coding: utf-8 -*-
from keys import misp_url, misp_key, misp_verifycert
from pymisp import PyMISP
def init(url, key):
return PyMISP(url, key, misp_verifycert, 'json')
from pymisp import ExpandedPyMISP
if __name__ == '__main__':
misp = init(misp_url, misp_key)
misp.cache_all_feeds()
misp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert)
misp.cache_all_feeds()

21
examples/create_events.py
View File

@ -1,19 +1,10 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from pymisp import PyMISP
from pymisp import ExpandedPyMISP, MISPEvent
from keys import misp_url, misp_key, misp_verifycert
import argparse
# For python2 & 3 compat, a bit dirty, but it seems to be the least bad one
try:
input = raw_input
except NameError:
pass
def init(url, key):
return PyMISP(url, key, misp_verifycert, 'json', debug=True)
if __name__ == '__main__':
parser = argparse.ArgumentParser(description='Create an event on MISP.')
@ -23,7 +14,13 @@ if __name__ == '__main__':
parser.add_argument("-t", "--threat", type=int, help="The threat level ID of the newly created event, if applicable. [1-4]")
args = parser.parse_args()
misp = init(misp_url, misp_key)
misp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert)
event = misp.new_event(args.distrib, args.threat, args.analysis, args.info)
event = MISPEvent()
event.distribution = args.distrib
event.threat_level_id = args.threat
event.analysis = args.analysis
event.info = args.info
event = misp.add_event(event, pythonify=True)
print(event)

26
examples/del.py
View File

@ -1,26 +1,11 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from pymisp import PyMISP
from keys import misp_url, misp_key,misp_verifycert
from pymisp import ExpandedPyMISP
from keys import misp_url, misp_key, misp_verifycert
import argparse
# Usage for pipe masters: ./last.py -l 5h | jq .
def init(url, key):
return PyMISP(url, key, misp_verifycert, 'json', debug=True)
def del_event(m, eventid):
result = m.delete_event(eventid)
print(result)
def del_attr(m, attrid):
result = m.delete_attribute(attrid)
print(result)
if __name__ == '__main__':
parser = argparse.ArgumentParser(description='Delete an event from a MISP instance.')
parser.add_argument("-e", "--event", help="Event ID to delete.")
@ -28,9 +13,10 @@ if __name__ == '__main__':
args = parser.parse_args()
misp = init(misp_url, misp_key)
misp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert)
if args.event:
del_event(misp, args.event)
result = misp.delete_event(args.event)
else:
del_attr(misp, args.attribute)
result = misp.delete_attribute(args.attribute)
print(result)

13
examples/delete_user.py
View File

@ -1,25 +1,16 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from pymisp import PyMISP
from pymisp import ExpandedPyMISP
from keys import misp_url, misp_key, misp_verifycert
import argparse
# For python2 & 3 compat, a bit dirty, but it seems to be the least bad one
try:
input = raw_input
except NameError:
pass
def init(url, key):
return PyMISP(url, key, misp_verifycert, 'json')
if __name__ == '__main__':
parser = argparse.ArgumentParser(description='Delete the user with the given id. Keep in mind that disabling users (by setting the disabled flag via an edit) is always prefered to keep user associations to events intact.')
parser.add_argument("-i", "--user_id", help="The id of the user you want to delete.")
args = parser.parse_args()
misp = init(misp_url, misp_key)
misp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert)
print(misp.delete_user(args.user_id))

20
examples/edit_organisation.py
View File

@ -1,26 +1,20 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from pymisp import PyMISP
from pymisp import ExpandedPyMISP, MISPOrganisation
from keys import misp_url, misp_key, misp_verifycert
import argparse
# For python2 & 3 compat, a bit dirty, but it seems to be the least bad one
try:
input = raw_input
except NameError:
pass
def init(url, key):
return PyMISP(url, key, misp_verifycert, 'json')
if __name__ == '__main__':
parser = argparse.ArgumentParser(description='Edit the email of the organisation designed by the organisation_id.')
parser.add_argument("-i", "--organisation_id", required=True, help="The name of the json file describing the organisation you want to modify.")
parser.add_argument("-e", "--email", help="Email linked to the organisation.")
args = parser.parse_args()
misp = init(misp_url, misp_key)
misp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert)
print(misp.edit_organisation(args.organisation_id, email=args.email))
org = MISPOrganisation()
org.id = args.organisation_id
org.email = args.email
print(misp.update_organisation(org, pythonify=True))

18
examples/edit_user.py
View File

@ -1,19 +1,10 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from pymisp import PyMISP
from pymisp import ExpandedPyMISP, MISPUser
from keys import misp_url, misp_key, misp_verifycert
import argparse
# For python2 & 3 compat, a bit dirty, but it seems to be the least bad one
try:
input = raw_input
except NameError:
pass
def init(url, key):
return PyMISP(url, key, misp_verifycert, 'json')
if __name__ == '__main__':
parser = argparse.ArgumentParser(description='Edit the email of the user designed by the user_id.')
@ -21,6 +12,9 @@ if __name__ == '__main__':
parser.add_argument("-e", "--email", help="Email linked to the account.")
args = parser.parse_args()
misp = init(misp_url, misp_key)
misp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert)
user = MISPUser
user.id = args.user_id
user.email = args.email
print(misp.edit_user(args.user_id, email=args.email))
print(misp.edit_user(user, pythonify=True))

8
examples/et2misp.py
View File

@ -1,6 +1,6 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
#
#
# Copy Emerging Threats Block IPs list to several MISP events
# Because of the large size of the list the first run will take a minute
# Running it again will update the MISP events if changes are detected
@ -24,7 +24,7 @@ def load_misp_event(eid):
global et_event
et_attr = {}
et_drev = {}
et_event = mymisp.get(eid)
echeck(et_event)
for a in et_event['Event']['Attribute']:
@ -66,7 +66,7 @@ def update_et_event(name):
# Weed out attributes still in ET data
for k,v in et_data[name].items():
et_attr.pop(k, None)
# Delete the leftover attributes from MISP
for k,v in et_attr.items():
r = mymisp.delete_attribute(v)
@ -92,7 +92,7 @@ def update_et_event(name):
attr = []
attr.append(et_drev)
# Publish updated MISP event
# Publish updated MISP event
et_event['Event']['Attribute'] = attr
et_event['Event']['published'] = False
et_event['Event']['date'] = time.strftime('%Y-%m-%d')

15
examples/fetch_events_feed.py
View File

@ -3,22 +3,13 @@
from keys import misp_url, misp_key, misp_verifycert
import argparse
from pymisp import PyMISP
# For python2 & 3 compat, a bit dirty, but it seems to be the least bad one
try:
input = raw_input
except NameError:
pass
def init(url, key):
return PyMISP(url, key, misp_verifycert, 'json', debug=False)
from pymisp import ExpandedPyMISP
if __name__ == '__main__':
parser = argparse.ArgumentParser(description='Fetch all events from a feed.')
parser.add_argument("-f", "--feed", required=True, help="feed's ID to be fetched.")
args = parser.parse_args()
misp = init(misp_url, misp_key)
misp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert)
misp.fetch_feed(args.feed)

2
examples/freetext.py
View File

@ -1,7 +1,7 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from pymisp import PyMISP
from pymisp import ExpandedPyMISP
from keys import misp_url, misp_key, misp_verifycert
import argparse

26
examples/get.py
View File

@ -1,15 +1,12 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from pymisp import PyMISP
from pymisp import ExpandedPyMISP
from keys import misp_url, misp_key, misp_verifycert
import argparse
import os
import json
# Usage for pipe masters: ./last.py -l 5h | jq .
proxies = {
'http': 'http://127.0.0.1:8123',
'https': 'http://127.0.0.1:8123',
@ -18,18 +15,6 @@ proxies = {
proxies = None
def init(url, key):
return PyMISP(url, key, misp_verifycert, 'json', proxies=proxies)
def get_event(m, event, out=None):
result = m.get_event(event)
if out is None:
print(json.dumps(result) + '\n')
else:
with open(out, 'w') as f:
f.write(json.dumps(result) + '\n')
if __name__ == '__main__':
parser = argparse.ArgumentParser(description='Get an event from a MISP instance.')
@ -42,6 +27,11 @@ if __name__ == '__main__':
print('Output file already exists, abort.')
exit(0)
misp = init(misp_url, misp_key)
misp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert, proxies=proxies)
get_event(misp, args.event, args.output)
event = misp.get_event(args.event, pythonify=True)
if args.output:
with open(args.output, 'w') as f:
f.write(event.to_json())
else:
print(event.to_json())

34
examples/last.py
View File

@ -1,32 +1,15 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from pymisp import PyMISP
from pymisp import ExpandedPyMISP
from keys import misp_url, misp_key, misp_verifycert
import argparse
import os
import json
# Usage for pipe masters: ./last.py -l 5h | jq .
# Usage in case of large data set and pivoting page by page: python3 last.py -l 48h -m 10 -p 2 | jq .[].Event.info
def init(url, key):
return PyMISP(url, key, misp_verifycert, 'json')
def download_last(m, last, limit='10', page='1', out=None):
result = m.search(last=last, limit=limit, page=page)
if out is None:
if 'response' in result:
print(json.dumps(result['response']))
else:
print('No results for that time period')
exit(0)
else:
with open(out, 'w') as f:
f.write(json.dumps(result['response']))
if __name__ == '__main__':
parser = argparse.ArgumentParser(description='Download latest events from a MISP instance.')
parser.add_argument("-l", "--last", required=True, help="can be defined in days, hours, minutes (for example 5d or 12h or 30m).")
@ -40,6 +23,17 @@ if __name__ == '__main__':
print('Output file already exists, aborted.')
exit(0)
misp = init(misp_url, misp_key)
misp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert)
result = misp.search(publish_timestamp=args.last, limit=args.limit, page=args.page, pythonify=True)
download_last(misp, args.last, limit=args.limit, page=args.page, out=args.output)
if not result:
print('No results for that time period')
exit(0)
if args.output:
with open(args.output, 'w') as f:
for r in result:
f.write(r.to_json() + '\n')
else:
for r in result:
print(r.to_json())

18
examples/sharing_groups.py
View File

@ -1,25 +1,15 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from pymisp import PyMISP
from pymisp import ExpandedPyMISP
from keys import misp_url, misp_key, misp_verifycert
import argparse
# For python2 & 3 compat, a bit dirty, but it seems to be the least bad one
try:
input = raw_input
except NameError:
pass
def init(url, key):
return PyMISP(url, key, misp_verifycert, 'json')
if __name__ == '__main__':
parser = argparse.ArgumentParser(description='Get a list of the sharing groups from the MISP instance.')
misp = init(misp_url, misp_key)
sharing_groups = misp.get_sharing_groups()
print (sharing_groups)
misp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert)
sharing_groups = misp.sharing_groups(pythonify=True)
print(sharing_groups)

11
examples/stats.py
View File

@ -1,19 +1,16 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from pymisp import PyMISP
from pymisp import ExpandedPyMISP
from keys import misp_url, misp_key, misp_verifycert
import argparse
def init(url, key):
return PyMISP(url, key, misp_verifycert, 'json')
if __name__ == '__main__':
parser = argparse.ArgumentParser(description='Output attributes statistics from a MISP instance.')
args = parser.parse_args()
misp = init(misp_url, misp_key)
misp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert)
print (misp.get_attributes_statistics(misp, percentage=True))
print (misp.get_attributes_statistics(context='category', percentage=True))
print(misp.get_attributes_statistics(misp, percentage=True))
print(misp.get_attributes_statistics(context='category', percentage=True))

12
examples/tags.py
View File

@ -1,16 +1,12 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from pymisp import PyMISP
from pymisp import ExpandedPyMISP
from keys import misp_url, misp_key, misp_verifycert
import argparse
import json
def init(url, key):
return PyMISP(url, key, misp_verifycert, 'json', True)
def get_tags(m):
result = m.get_all_tags(True)
r = result
@ -22,6 +18,8 @@ if __name__ == '__main__':
args = parser.parse_args()
misp = init(misp_url, misp_key)
misp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert)
get_tags(misp)
tags = misp.tags(pythonify=True)
for tag in tags:
print(tag.to_json())

14
examples/tagstatistics.py
View File

@ -1,28 +1,18 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from pymisp import PyMISP
from pymisp import ExpandedPyMISP
from keys import misp_url, misp_key, misp_verifycert
import argparse
import json
# For python2 & 3 compat, a bit dirty, but it seems to be the least bad one
try:
input = raw_input
except NameError:
pass
def init(url, key):
return PyMISP(url, key, misp_verifycert, 'json')
if __name__ == '__main__':
parser = argparse.ArgumentParser(description='Get statistics from tags.')
parser.add_argument("-p", "--percentage", action='store_true', default=None, help="An optional field, if set, it will return the results in percentages, otherwise it returns exact count.")
parser.add_argument("-n", "--namesort", action='store_true', default=None, help="An optional field, if set, values are sort by the namespace, otherwise the sorting will happen on the value.")
args = parser.parse_args()
misp = init(misp_url, misp_key)
misp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert)
stats = misp.get_tags_statistics(args.percentage, args.namesort)
print(json.dumps(stats))

18
examples/up.py
View File

@ -1,19 +1,10 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from pymisp import PyMISP
from pymisp import ExpandedPyMISP, MISPEvent
from keys import misp_url, misp_key, misp_verifycert
import argparse
from io import open
def init(url, key):
return PyMISP(url, key, misp_verifycert, 'json', debug=True)
def up_event(m, event, content):
with open(content, 'r') as f:
result = m.update_event(event, f.read())
print(result)
if __name__ == '__main__':
parser = argparse.ArgumentParser(description="Update a MISP event.")
@ -22,6 +13,9 @@ if __name__ == '__main__':
args = parser.parse_args()
misp = init(misp_url, misp_key)
misp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert)
up_event(misp, args.event, args.input)
me = MISPEvent()
me.load_file(args.input)
result = misp.update_event(args.event, me)

17
examples/users_list.py
View File

@ -1,24 +1,15 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from pymisp import PyMISP
from pymisp import ExpandedPyMISP
from keys import misp_url, misp_key, misp_verifycert
import argparse
# For python2 & 3 compat, a bit dirty, but it seems to be the least bad one
try:
input = raw_input
except NameError:
pass
def init(url, key):
return PyMISP(url, key, misp_verifycert, 'json')
if __name__ == '__main__':
parser = argparse.ArgumentParser(description='Get a list of the sharing groups from the MISP instance.')
misp = init(misp_url, misp_key)
misp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert)
users_list = misp.get_users_list()
print (users_list)
users_list = misp.users(pythonify=True)
print(users_list)