diff --git a/examples/add_email_object.py b/examples/add_email_object.py index 1ff1c87..263c543 100755 --- a/examples/add_email_object.py +++ b/examples/add_email_object.py @@ -1,7 +1,7 @@ #!/usr/bin/env python3 # -*- coding: utf-8 -*- -from pymisp import PyMISP +from pymisp import ExpandedPyMISP from pymisp.tools import EMailObject import traceback from keys import misp_url, misp_key, misp_verifycert @@ -15,17 +15,16 @@ if __name__ == '__main__': parser.add_argument("-p", "--path", required=True, help="Path to process (expanded using glob).") args = parser.parse_args() - pymisp = PyMISP(misp_url, misp_key, misp_verifycert, debug=True) + pymisp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert, debug=True) for f in glob.glob(args.path): try: eo = EMailObject(f) - except Exception as e: + except Exception: traceback.print_exc() continue if eo: - template_id = pymisp.get_object_template_id(eo.template_uuid) - response = pymisp.add_object(args.event, template_id, eo) + response = pymisp.add_object(args.event, eo) for ref in eo.ObjectReference: r = pymisp.add_object_reference(ref) diff --git a/examples/add_fail2ban_object.py b/examples/add_fail2ban_object.py index 225eed8..d8be97d 100755 --- a/examples/add_fail2ban_object.py +++ b/examples/add_fail2ban_object.py @@ -1,7 +1,7 @@ #!/usr/bin/env python3 # -*- coding: utf-8 -*- -from pymisp import PyMISP, MISPEvent +from pymisp import ExpandedPyMISP, MISPEvent from pymisp.tools import Fail2BanObject import argparse from base64 import b64decode @@ -43,23 +43,23 @@ if __name__ == '__main__': parser.add_argument("-d", "--disable_new", action='store_true', default=False, help="Do not create a new Event.") args = parser.parse_args() - pymisp = PyMISP(misp_url, misp_key, misp_verifycert, debug=True) + pymisp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert, debug=True) event_id = -1 me = None if args.force_new: me = create_new_event() else: - response = pymisp.search_index(tag=args.tag, timestamp='1h') - if response['response']: + response = pymisp.search_index(tag=args.tag, timestamp='1h', pythonify=True) + if response: if args.disable_new: - event_id = response['response'][0]['id'] + event_id = response[0].id else: - last_event_date = parse(response['response'][0]['date']).date() - nb_attr = response['response'][0]['attribute_count'] + last_event_date = parse(response[0].date).date() + nb_attr = response[0].attribute_count if last_event_date < date.today() or int(nb_attr) > 1000: me = create_new_event() else: - event_id = response['response'][0]['id'] + event_id = response[0].id else: me = create_new_event() @@ -83,5 +83,4 @@ if __name__ == '__main__': me.add_object(f2b) pymisp.add_event(me) elif event_id: - template_id = pymisp.get_object_template_id(f2b.template_uuid) - a = pymisp.add_object(event_id, template_id, f2b) + a = pymisp.add_object(event_id, f2b) diff --git a/examples/add_feed.py b/examples/add_feed.py index 94d0d04..aed6d07 100755 --- a/examples/add_feed.py +++ b/examples/add_feed.py @@ -1,7 +1,7 @@ #!/usr/bin/env python # -*- coding: utf-8 -*- -from pymisp import PyMISP +from pymisp import ExpandedPyMISP, MISPFeed from keys import misp_url, misp_key, misp_verifycert import argparse @@ -14,6 +14,12 @@ if __name__ == '__main__': parser.add_argument("-p", "--provider", required=True, help="Provider name") args = parser.parse_args() - pm = PyMISP(misp_url, misp_key, misp_verifycert, debug=True) - response = pm.add_feed(args.format, args.url, args.name, args.input, args.provider) - print(response) + pm = ExpandedPyMISP(misp_url, misp_key, misp_verifycert, debug=True) + feed = MISPFeed() + feed.format = args.format + feed.url = args.url + feed.name = args.name + feed.input = args.input + feed.provider = args.provider + response = pm.add_feed(feed, pythonify=True) + print(response.to_json()) diff --git a/examples/add_file_object.py b/examples/add_file_object.py index cfa8dc9..e731775 100755 --- a/examples/add_file_object.py +++ b/examples/add_file_object.py @@ -1,7 +1,7 @@ #!/usr/bin/env python3 # -*- coding: utf-8 -*- -from pymisp import PyMISP +from pymisp import ExpandedPyMISP from pymisp.tools import make_binary_objects import traceback from keys import misp_url, misp_key, misp_verifycert @@ -14,28 +14,25 @@ if __name__ == '__main__': parser.add_argument("-p", "--path", required=True, help="Path to process (expanded using glob).") args = parser.parse_args() - pymisp = PyMISP(misp_url, misp_key, misp_verifycert) + pymisp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert) for f in glob.glob(args.path): try: fo, peo, seos = make_binary_objects(f) - except Exception as e: + except Exception: traceback.print_exc() continue if seos: for s in seos: - template_id = pymisp.get_object_template_id(s.template_uuid) - r = pymisp.add_object(args.event, template_id, s) + r = pymisp.add_object(args.event, s) if peo: - template_id = pymisp.get_object_template_id(peo.template_uuid) - r = pymisp.add_object(args.event, template_id, peo) + r = pymisp.add_object(args.event, peo) for ref in peo.ObjectReference: r = pymisp.add_object_reference(ref) if fo: - template_id = pymisp.get_object_template_id(fo.template_uuid) - response = pymisp.add_object(args.event, template_id, fo) + response = pymisp.add_object(args.event, fo) for ref in fo.ObjectReference: r = pymisp.add_object_reference(ref) diff --git a/examples/add_generic_object.py b/examples/add_generic_object.py index 86a7675..ecaae0f 100755 --- a/examples/add_generic_object.py +++ b/examples/add_generic_object.py @@ -2,7 +2,7 @@ # -*- coding: utf-8 -*- import json -from pymisp import PyMISP +from pymisp import ExpandedPyMISP from pymisp.tools import GenericObjectGenerator from keys import misp_url, misp_key, misp_verifycert import argparse @@ -19,21 +19,8 @@ if __name__ == '__main__': parser.add_argument("-l", "--attr_list", required=True, help="List of attributes") args = parser.parse_args() - pymisp = PyMISP(misp_url, misp_key, misp_verifycert) - template = pymisp.get_object_templates_list() - if 'response' in template.keys(): - template = template['response'] - try: - template_ids = [x['ObjectTemplate']['id'] for x in template if x['ObjectTemplate']['name'] == args.type] - if len(template_ids) > 0: - template_id = template_ids[0] - else: - raise IndexError - except IndexError: - valid_types = ", ".join([x['ObjectTemplate']['name'] for x in template]) - print ("Template for type %s not found! Valid types are: %s" % (args.type, valid_types)) - exit() + pymisp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert) misp_object = GenericObjectGenerator(args.type.replace("|", "-")) misp_object.generate_attributes(json.loads(args.attr_list)) - r = pymisp.add_object(args.event, template_id, misp_object) + r = pymisp.add_object(args.event, misp_object) diff --git a/examples/add_named_attribute.py b/examples/add_named_attribute.py index ac494fd..4bbcd97 100755 --- a/examples/add_named_attribute.py +++ b/examples/add_named_attribute.py @@ -1,7 +1,7 @@ #!/usr/bin/env python # -*- coding: utf-8 -*- -from pymisp import PyMISP +from pymisp import ExpandedPyMISP from keys import misp_url, misp_key, misp_verifycert import argparse @@ -12,9 +12,6 @@ except NameError: pass -def init(url, key): - return PyMISP(url, key, misp_verifycert, 'json', debug=True) - if __name__ == '__main__': parser = argparse.ArgumentParser(description='Add an attribute to an event') parser.add_argument("-e", "--event", help="The id, uuid or json of the event to update.") @@ -22,7 +19,7 @@ if __name__ == '__main__': parser.add_argument("-v", "--value", help="The value of the attribute") args = parser.parse_args() - misp = init(misp_url, misp_key) + misp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert) - event = misp.add_named_attribute(args.event, args.type, args.value) + event = misp.add_attribute(args.event, {'type': args.type, 'value': args.value}, pythonify=True) print(event) diff --git a/examples/add_ssh_authorized_keys.py b/examples/add_ssh_authorized_keys.py index dbebe14..f2aba51 100755 --- a/examples/add_ssh_authorized_keys.py +++ b/examples/add_ssh_authorized_keys.py @@ -1,7 +1,7 @@ #!/usr/bin/env python3 # -*- coding: utf-8 -*- -from pymisp import PyMISP +from pymisp import ExpandedPyMISP from pymisp.tools import SSHAuthorizedKeysObject import traceback from keys import misp_url, misp_key, misp_verifycert @@ -15,7 +15,7 @@ if __name__ == '__main__': parser.add_argument("-p", "--path", required=True, help="Path to process (expanded using glob).") args = parser.parse_args() - pymisp = PyMISP(misp_url, misp_key, misp_verifycert, debug=True) + pymisp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert, debug=True) for f in glob.glob(args.path): try: @@ -24,7 +24,6 @@ if __name__ == '__main__': traceback.print_exc() continue - template_id = pymisp.get_object_template_id(auth_keys.template_uuid) - response = pymisp.add_object(args.event, template_id, auth_keys) + response = pymisp.add_object(args.event, auth_keys) for ref in auth_keys.ObjectReference: r = pymisp.add_object_reference(ref) diff --git a/examples/add_user.py b/examples/add_user.py index f18e7c4..c50b29a 100755 --- a/examples/add_user.py +++ b/examples/add_user.py @@ -1,20 +1,10 @@ #!/usr/bin/env python # -*- coding: utf-8 -*- -from pymisp import PyMISP +from pymisp import ExpandedPyMISP, MISPUser from keys import misp_url, misp_key, misp_verifycert import argparse -# For python2 & 3 compat, a bit dirty, but it seems to be the least bad one -try: - input = raw_input -except NameError: - pass - - -def init(url, key): - return PyMISP(url, key, misp_verifycert, 'json') - if __name__ == '__main__': parser = argparse.ArgumentParser(description='Add a new user by setting the mandory fields.') parser.add_argument("-e", "--email", required=True, help="Email linked to the account.") @@ -22,6 +12,11 @@ if __name__ == '__main__': parser.add_argument("-r", "--role_id", required=True, help="Role linked to the user.") args = parser.parse_args() - misp = init(misp_url, misp_key) + misp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert, 'json') - print (misp.add_user(args.email, args.org_id, args.role_id)) + user = MISPUser() + user.email = args.email + user.org_id = args.org_id + user.role_id = args.role_id + + print(misp.add_user(user, pythonify=True)) diff --git a/examples/cache_all.py b/examples/cache_all.py index 00e3eea..4a3fa02 100755 --- a/examples/cache_all.py +++ b/examples/cache_all.py @@ -2,13 +2,9 @@ # -*- coding: utf-8 -*- from keys import misp_url, misp_key, misp_verifycert -from pymisp import PyMISP - - -def init(url, key): - return PyMISP(url, key, misp_verifycert, 'json') +from pymisp import ExpandedPyMISP if __name__ == '__main__': - misp = init(misp_url, misp_key) - misp.cache_all_feeds() \ No newline at end of file + misp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert) + misp.cache_all_feeds() diff --git a/examples/create_events.py b/examples/create_events.py index 89eb398..1d8c2b4 100755 --- a/examples/create_events.py +++ b/examples/create_events.py @@ -1,19 +1,10 @@ #!/usr/bin/env python # -*- coding: utf-8 -*- -from pymisp import PyMISP +from pymisp import ExpandedPyMISP, MISPEvent from keys import misp_url, misp_key, misp_verifycert import argparse -# For python2 & 3 compat, a bit dirty, but it seems to be the least bad one -try: - input = raw_input -except NameError: - pass - - -def init(url, key): - return PyMISP(url, key, misp_verifycert, 'json', debug=True) if __name__ == '__main__': parser = argparse.ArgumentParser(description='Create an event on MISP.') @@ -23,7 +14,13 @@ if __name__ == '__main__': parser.add_argument("-t", "--threat", type=int, help="The threat level ID of the newly created event, if applicable. [1-4]") args = parser.parse_args() - misp = init(misp_url, misp_key) + misp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert) - event = misp.new_event(args.distrib, args.threat, args.analysis, args.info) + event = MISPEvent() + event.distribution = args.distrib + event.threat_level_id = args.threat + event.analysis = args.analysis + event.info = args.info + + event = misp.add_event(event, pythonify=True) print(event) diff --git a/examples/del.py b/examples/del.py index 24969d1..81dd774 100755 --- a/examples/del.py +++ b/examples/del.py @@ -1,26 +1,11 @@ #!/usr/bin/env python # -*- coding: utf-8 -*- -from pymisp import PyMISP -from keys import misp_url, misp_key,misp_verifycert +from pymisp import ExpandedPyMISP +from keys import misp_url, misp_key, misp_verifycert import argparse -# Usage for pipe masters: ./last.py -l 5h | jq . - - -def init(url, key): - return PyMISP(url, key, misp_verifycert, 'json', debug=True) - - -def del_event(m, eventid): - result = m.delete_event(eventid) - print(result) - -def del_attr(m, attrid): - result = m.delete_attribute(attrid) - print(result) - if __name__ == '__main__': parser = argparse.ArgumentParser(description='Delete an event from a MISP instance.') parser.add_argument("-e", "--event", help="Event ID to delete.") @@ -28,9 +13,10 @@ if __name__ == '__main__': args = parser.parse_args() - misp = init(misp_url, misp_key) + misp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert) if args.event: - del_event(misp, args.event) + result = misp.delete_event(args.event) else: - del_attr(misp, args.attribute) + result = misp.delete_attribute(args.attribute) + print(result) diff --git a/examples/delete_user.py b/examples/delete_user.py index 9537558..87459a0 100755 --- a/examples/delete_user.py +++ b/examples/delete_user.py @@ -1,25 +1,16 @@ #!/usr/bin/env python # -*- coding: utf-8 -*- -from pymisp import PyMISP +from pymisp import ExpandedPyMISP from keys import misp_url, misp_key, misp_verifycert import argparse -# For python2 & 3 compat, a bit dirty, but it seems to be the least bad one -try: - input = raw_input -except NameError: - pass - - -def init(url, key): - return PyMISP(url, key, misp_verifycert, 'json') if __name__ == '__main__': parser = argparse.ArgumentParser(description='Delete the user with the given id. Keep in mind that disabling users (by setting the disabled flag via an edit) is always prefered to keep user associations to events intact.') parser.add_argument("-i", "--user_id", help="The id of the user you want to delete.") args = parser.parse_args() - misp = init(misp_url, misp_key) + misp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert) print(misp.delete_user(args.user_id)) diff --git a/examples/edit_organisation.py b/examples/edit_organisation.py index 9037988..41bc024 100755 --- a/examples/edit_organisation.py +++ b/examples/edit_organisation.py @@ -1,26 +1,20 @@ #!/usr/bin/env python # -*- coding: utf-8 -*- -from pymisp import PyMISP +from pymisp import ExpandedPyMISP, MISPOrganisation from keys import misp_url, misp_key, misp_verifycert import argparse -# For python2 & 3 compat, a bit dirty, but it seems to be the least bad one -try: - input = raw_input -except NameError: - pass - - -def init(url, key): - return PyMISP(url, key, misp_verifycert, 'json') - if __name__ == '__main__': parser = argparse.ArgumentParser(description='Edit the email of the organisation designed by the organisation_id.') parser.add_argument("-i", "--organisation_id", required=True, help="The name of the json file describing the organisation you want to modify.") parser.add_argument("-e", "--email", help="Email linked to the organisation.") args = parser.parse_args() - misp = init(misp_url, misp_key) + misp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert) - print(misp.edit_organisation(args.organisation_id, email=args.email)) + org = MISPOrganisation() + org.id = args.organisation_id + org.email = args.email + + print(misp.update_organisation(org, pythonify=True)) diff --git a/examples/edit_user.py b/examples/edit_user.py index e48090d..74440fd 100755 --- a/examples/edit_user.py +++ b/examples/edit_user.py @@ -1,19 +1,10 @@ #!/usr/bin/env python # -*- coding: utf-8 -*- -from pymisp import PyMISP +from pymisp import ExpandedPyMISP, MISPUser from keys import misp_url, misp_key, misp_verifycert import argparse -# For python2 & 3 compat, a bit dirty, but it seems to be the least bad one -try: - input = raw_input -except NameError: - pass - - -def init(url, key): - return PyMISP(url, key, misp_verifycert, 'json') if __name__ == '__main__': parser = argparse.ArgumentParser(description='Edit the email of the user designed by the user_id.') @@ -21,6 +12,9 @@ if __name__ == '__main__': parser.add_argument("-e", "--email", help="Email linked to the account.") args = parser.parse_args() - misp = init(misp_url, misp_key) + misp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert) + user = MISPUser + user.id = args.user_id + user.email = args.email - print(misp.edit_user(args.user_id, email=args.email)) + print(misp.edit_user(user, pythonify=True)) diff --git a/examples/et2misp.py b/examples/et2misp.py index 2fa5f29..495eeb7 100755 --- a/examples/et2misp.py +++ b/examples/et2misp.py @@ -1,6 +1,6 @@ #!/usr/bin/env python # -*- coding: utf-8 -*- -# +# # Copy Emerging Threats Block IPs list to several MISP events # Because of the large size of the list the first run will take a minute # Running it again will update the MISP events if changes are detected @@ -24,7 +24,7 @@ def load_misp_event(eid): global et_event et_attr = {} et_drev = {} - + et_event = mymisp.get(eid) echeck(et_event) for a in et_event['Event']['Attribute']: @@ -66,7 +66,7 @@ def update_et_event(name): # Weed out attributes still in ET data for k,v in et_data[name].items(): et_attr.pop(k, None) - + # Delete the leftover attributes from MISP for k,v in et_attr.items(): r = mymisp.delete_attribute(v) @@ -92,7 +92,7 @@ def update_et_event(name): attr = [] attr.append(et_drev) - # Publish updated MISP event + # Publish updated MISP event et_event['Event']['Attribute'] = attr et_event['Event']['published'] = False et_event['Event']['date'] = time.strftime('%Y-%m-%d') diff --git a/examples/fetch_events_feed.py b/examples/fetch_events_feed.py index 3a3a8fe..92a1a7b 100755 --- a/examples/fetch_events_feed.py +++ b/examples/fetch_events_feed.py @@ -3,22 +3,13 @@ from keys import misp_url, misp_key, misp_verifycert import argparse -from pymisp import PyMISP - -# For python2 & 3 compat, a bit dirty, but it seems to be the least bad one -try: - input = raw_input -except NameError: - pass - -def init(url, key): - return PyMISP(url, key, misp_verifycert, 'json', debug=False) +from pymisp import ExpandedPyMISP if __name__ == '__main__': parser = argparse.ArgumentParser(description='Fetch all events from a feed.') parser.add_argument("-f", "--feed", required=True, help="feed's ID to be fetched.") args = parser.parse_args() - - misp = init(misp_url, misp_key) + + misp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert) misp.fetch_feed(args.feed) diff --git a/examples/freetext.py b/examples/freetext.py index 63c0a65..fdadacc 100755 --- a/examples/freetext.py +++ b/examples/freetext.py @@ -1,7 +1,7 @@ #!/usr/bin/env python # -*- coding: utf-8 -*- -from pymisp import PyMISP +from pymisp import ExpandedPyMISP from keys import misp_url, misp_key, misp_verifycert import argparse diff --git a/examples/get.py b/examples/get.py index 80e5270..6ca3ce8 100755 --- a/examples/get.py +++ b/examples/get.py @@ -1,15 +1,12 @@ #!/usr/bin/env python # -*- coding: utf-8 -*- -from pymisp import PyMISP +from pymisp import ExpandedPyMISP from keys import misp_url, misp_key, misp_verifycert import argparse import os -import json -# Usage for pipe masters: ./last.py -l 5h | jq . - proxies = { 'http': 'http://127.0.0.1:8123', 'https': 'http://127.0.0.1:8123', @@ -18,18 +15,6 @@ proxies = { proxies = None -def init(url, key): - return PyMISP(url, key, misp_verifycert, 'json', proxies=proxies) - - -def get_event(m, event, out=None): - result = m.get_event(event) - if out is None: - print(json.dumps(result) + '\n') - else: - with open(out, 'w') as f: - f.write(json.dumps(result) + '\n') - if __name__ == '__main__': parser = argparse.ArgumentParser(description='Get an event from a MISP instance.') @@ -42,6 +27,11 @@ if __name__ == '__main__': print('Output file already exists, abort.') exit(0) - misp = init(misp_url, misp_key) + misp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert, proxies=proxies) - get_event(misp, args.event, args.output) + event = misp.get_event(args.event, pythonify=True) + if args.output: + with open(args.output, 'w') as f: + f.write(event.to_json()) + else: + print(event.to_json()) diff --git a/examples/last.py b/examples/last.py index 8f1b144..89ba7be 100755 --- a/examples/last.py +++ b/examples/last.py @@ -1,32 +1,15 @@ #!/usr/bin/env python # -*- coding: utf-8 -*- -from pymisp import PyMISP +from pymisp import ExpandedPyMISP from keys import misp_url, misp_key, misp_verifycert import argparse import os -import json # Usage for pipe masters: ./last.py -l 5h | jq . # Usage in case of large data set and pivoting page by page: python3 last.py -l 48h -m 10 -p 2 | jq .[].Event.info -def init(url, key): - return PyMISP(url, key, misp_verifycert, 'json') - - -def download_last(m, last, limit='10', page='1', out=None): - result = m.search(last=last, limit=limit, page=page) - if out is None: - if 'response' in result: - print(json.dumps(result['response'])) - else: - print('No results for that time period') - exit(0) - else: - with open(out, 'w') as f: - f.write(json.dumps(result['response'])) - if __name__ == '__main__': parser = argparse.ArgumentParser(description='Download latest events from a MISP instance.') parser.add_argument("-l", "--last", required=True, help="can be defined in days, hours, minutes (for example 5d or 12h or 30m).") @@ -40,6 +23,17 @@ if __name__ == '__main__': print('Output file already exists, aborted.') exit(0) - misp = init(misp_url, misp_key) + misp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert) + result = misp.search(publish_timestamp=args.last, limit=args.limit, page=args.page, pythonify=True) - download_last(misp, args.last, limit=args.limit, page=args.page, out=args.output) + if not result: + print('No results for that time period') + exit(0) + + if args.output: + with open(args.output, 'w') as f: + for r in result: + f.write(r.to_json() + '\n') + else: + for r in result: + print(r.to_json()) diff --git a/examples/sharing_groups.py b/examples/sharing_groups.py index bf17af8..dea34da 100755 --- a/examples/sharing_groups.py +++ b/examples/sharing_groups.py @@ -1,25 +1,15 @@ #!/usr/bin/env python # -*- coding: utf-8 -*- -from pymisp import PyMISP +from pymisp import ExpandedPyMISP from keys import misp_url, misp_key, misp_verifycert import argparse -# For python2 & 3 compat, a bit dirty, but it seems to be the least bad one -try: - input = raw_input -except NameError: - pass - - -def init(url, key): - return PyMISP(url, key, misp_verifycert, 'json') if __name__ == '__main__': parser = argparse.ArgumentParser(description='Get a list of the sharing groups from the MISP instance.') - misp = init(misp_url, misp_key) - - sharing_groups = misp.get_sharing_groups() - print (sharing_groups) + misp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert) + sharing_groups = misp.sharing_groups(pythonify=True) + print(sharing_groups) diff --git a/examples/stats.py b/examples/stats.py index 41d6b28..8f09263 100755 --- a/examples/stats.py +++ b/examples/stats.py @@ -1,19 +1,16 @@ #!/usr/bin/env python # -*- coding: utf-8 -*- -from pymisp import PyMISP +from pymisp import ExpandedPyMISP from keys import misp_url, misp_key, misp_verifycert import argparse -def init(url, key): - return PyMISP(url, key, misp_verifycert, 'json') - if __name__ == '__main__': parser = argparse.ArgumentParser(description='Output attributes statistics from a MISP instance.') args = parser.parse_args() - misp = init(misp_url, misp_key) + misp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert) - print (misp.get_attributes_statistics(misp, percentage=True)) - print (misp.get_attributes_statistics(context='category', percentage=True)) + print(misp.get_attributes_statistics(misp, percentage=True)) + print(misp.get_attributes_statistics(context='category', percentage=True)) diff --git a/examples/tags.py b/examples/tags.py index b8f3f13..6bf3b95 100755 --- a/examples/tags.py +++ b/examples/tags.py @@ -1,16 +1,12 @@ #!/usr/bin/env python # -*- coding: utf-8 -*- -from pymisp import PyMISP +from pymisp import ExpandedPyMISP from keys import misp_url, misp_key, misp_verifycert import argparse import json -def init(url, key): - return PyMISP(url, key, misp_verifycert, 'json', True) - - def get_tags(m): result = m.get_all_tags(True) r = result @@ -22,6 +18,8 @@ if __name__ == '__main__': args = parser.parse_args() - misp = init(misp_url, misp_key) + misp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert) - get_tags(misp) + tags = misp.tags(pythonify=True) + for tag in tags: + print(tag.to_json()) diff --git a/examples/tagstatistics.py b/examples/tagstatistics.py index 4f9fe76..f0bc29c 100755 --- a/examples/tagstatistics.py +++ b/examples/tagstatistics.py @@ -1,28 +1,18 @@ #!/usr/bin/env python # -*- coding: utf-8 -*- -from pymisp import PyMISP +from pymisp import ExpandedPyMISP from keys import misp_url, misp_key, misp_verifycert import argparse import json -# For python2 & 3 compat, a bit dirty, but it seems to be the least bad one -try: - input = raw_input -except NameError: - pass - - -def init(url, key): - return PyMISP(url, key, misp_verifycert, 'json') - if __name__ == '__main__': parser = argparse.ArgumentParser(description='Get statistics from tags.') parser.add_argument("-p", "--percentage", action='store_true', default=None, help="An optional field, if set, it will return the results in percentages, otherwise it returns exact count.") parser.add_argument("-n", "--namesort", action='store_true', default=None, help="An optional field, if set, values are sort by the namespace, otherwise the sorting will happen on the value.") args = parser.parse_args() - misp = init(misp_url, misp_key) + misp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert) stats = misp.get_tags_statistics(args.percentage, args.namesort) print(json.dumps(stats)) diff --git a/examples/up.py b/examples/up.py index d056af4..af53e02 100755 --- a/examples/up.py +++ b/examples/up.py @@ -1,19 +1,10 @@ #!/usr/bin/env python # -*- coding: utf-8 -*- -from pymisp import PyMISP +from pymisp import ExpandedPyMISP, MISPEvent from keys import misp_url, misp_key, misp_verifycert import argparse -from io import open - -def init(url, key): - return PyMISP(url, key, misp_verifycert, 'json', debug=True) - -def up_event(m, event, content): - with open(content, 'r') as f: - result = m.update_event(event, f.read()) - print(result) if __name__ == '__main__': parser = argparse.ArgumentParser(description="Update a MISP event.") @@ -22,6 +13,9 @@ if __name__ == '__main__': args = parser.parse_args() - misp = init(misp_url, misp_key) + misp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert) - up_event(misp, args.event, args.input) + me = MISPEvent() + me.load_file(args.input) + + result = misp.update_event(args.event, me) diff --git a/examples/users_list.py b/examples/users_list.py index 606d210..d62c78e 100755 --- a/examples/users_list.py +++ b/examples/users_list.py @@ -1,24 +1,15 @@ #!/usr/bin/env python # -*- coding: utf-8 -*- -from pymisp import PyMISP +from pymisp import ExpandedPyMISP from keys import misp_url, misp_key, misp_verifycert import argparse -# For python2 & 3 compat, a bit dirty, but it seems to be the least bad one -try: - input = raw_input -except NameError: - pass - - -def init(url, key): - return PyMISP(url, key, misp_verifycert, 'json') if __name__ == '__main__': parser = argparse.ArgumentParser(description='Get a list of the sharing groups from the MISP instance.') - misp = init(misp_url, misp_key) + misp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert) - users_list = misp.get_users_list() - print (users_list) + users_list = misp.users(pythonify=True) + print(users_list)