Merge pull request #823 from Felix83000/patch-1

Create add_filetype_object_from_csv.py
req_py37
Alexandre Dulaunoy 2022-02-04 10:53:14 +01:00 committed by GitHub
commit 767b4bc81c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 53 additions and 0 deletions

View File

@ -0,0 +1,53 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import csv
from pymisp import ExpandedPyMISP, MISPObject
from keys import misp_url, misp_key, misp_verifycert
import argparse
"""
Sample usage:
python3 ./add_filetype_object_from_csv.py -e 77bcc9f4-21a8-4252-9353-f4615d6121e3 -f ./attributes.csv
Attribute csv file (2 lines. Each line will be a file MISP Object):
test.pdf;6ff19f8b680df260883d61d7c00db14a8bc57aa0;ea307d60ad0bd1df83ab5119df0bf638;b6c9903c9c38400345ad21faa2df50211d8878c96079c43ae64f35b17c9f74a1
test2.xml;0dcef3d68f43e2badb0bfe3d47fd19633264cd1d;15f453625882f6123e239c9ce2b0fe24;b064514fcc52a769e064c4d61ce0c554fbc81e446af31dddac810879a5ca5b17
"""
if __name__ == '__main__':
parser = argparse.ArgumentParser(description='Create a file type MISP Object starting from attributes in a csv file')
parser.add_argument("-e", "--event_uuid", required=True, help="Event UUID to update")
parser.add_argument("-f", "--attr_file", required=True, help="Attribute CSV file path")
args = parser.parse_args()
pymisp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert)
f = open(args.attr_file, newline='')
csv_reader = csv.reader(f, delimiter=";")
for line in csv_reader:
filename = line[0]
sha1 = line[1]
md5 = line[2]
sha256 = line[3]
misp_object = MISPObject(name='file', filename=filename)
obj1 = misp_object.add_attribute("filename", value = filename)
obj1.add_tag('tlp:green')
obj2 = misp_object.add_attribute("sha1", value = sha1)
obj2.add_tag('tlp:amber')
obj3 = misp_object.add_attribute("md5", value = md5)
obj3.add_tag('tlp:amber')
obj4 = misp_object.add_attribute("sha256", value = sha256)
obj4.add_tag('tlp:amber')
r = pymisp.add_object(args.event_uuid, misp_object)
print(line)
print("\nObjects created :)")