MISP
/
PyMISP
mirror of https://github.com/MISP/PyMISP
2
0
Fork 0
Code Issues Releases Wiki Activity

Cleanup misp2clamav

pull/66/head
Raphaël Vinot 2017-03-27 17:43:11 +02:00
parent 0e39a204f6
commit 6dc422de72
1 changed files with 21 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
examples/misp2clamav.py
View File

@ -1,17 +1,19 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
# vim: tabstop=4 shiftwidth=4 expandtab
#
#
# Export file hashes from MISP to ClamAV hdb file
import sys
from pymisp import PyMISP
from pymisp import PyMISP, MISPAttribute
from keys import misp_url, misp_key
def init_misp():
global mymisp
mymisp = PyMISP(misp_url, misp_key)
def echeck(r):
if r.get('errors'):
if r.get('message') == 'No matches.':
@ -20,25 +22,25 @@ def echeck(r):
print(r['errors'])
sys.exit(1)
def find_hashes(htype):
r = mymisp.search(type_attribute = htype)
r = mymisp.search(controller='attributes', type_attribute=htype)
echeck(r)
if r.get('response'):
c = ''
v = ''
for e in r['response']:
for a in e['Event']['Attribute']:
if a['type'] == htype:
if '|' in htype and '|' in v:
s = v.split('|')
c = s[0]
v = s[1]
else:
c = a['comment']
v = a['value']
mhash = v.replace(':',';')
mfile = 'MISP event ' + e['Event']['id'] + ' ' + c.replace(':',';').replace('\r', '').replace('\n', '')
print('{}:*:{}:73'.format(mhash, mfile))
if not r.get('response'):
return
for a in r['response']['Attribute']:
attribute = MISPAttribute(mymisp.describe_types)
attribute.set_all_values(**a)
if '|' in attribute.type and '|' in attribute.value:
c, value = attribute.value.split('|')
comment = '{} - {}'.format(attribute.comment, c)
else:
comment = attribute.comment
value = attribute.value
mhash = value.replace(':', ';')
mfile = 'MISP event {} {}'.format(a['event_id'], comment.replace(':', ';').replace('\r', '').replace('\n', ''))
print('{}:*:{}:73'.format(mhash, mfile))
if __name__ == '__main__':
init_misp()