chg: Update fail2ban helper & example

2018-03-27 10:29:57 +02:00 · 2018-03-27 10:29:57 +02:00 · 8125b073a1
parent 0a4860b481
commit 8125b073a1
3 changed files with 12 additions and 1 deletions
--- a/examples/add_fail2ban_object.py
+++ b/examples/add_fail2ban_object.py
@ -5,6 +5,8 @@ from pymisp import PyMISP, MISPEvent
 from pymisp.tools import Fail2BanObject
 import argparse
 from base64 import b64decode
+from io import BytesIO
+import os
 from datetime import date, datetime
 from dateutil.parser import parse

@ -36,6 +38,7 @@ if __name__ == '__main__':
    parser.add_argument("-s", "--sensor", help="Sensor identifier.")
    parser.add_argument("-v", "--victim", help="Victim identifier.")
    parser.add_argument("-l", "--logline", help="Logline (base64 encoded).")
+    parser.add_argument("-F", "--logfile", help="Path to a logfile to attach.")
    parser.add_argument("-n", "--force_new", action='store_true', default=False, help="Force new MISP event.")
    parser.add_argument("-d", "--disable_new", action='store_true', default=False, help="Do not create a new Event.")
    args = parser.parse_args()
@ -71,6 +74,9 @@ if __name__ == '__main__':
        parameters['victim'] = args.victim
    if args.logline:
        parameters['logline'] = b64decode(args.logline).decode()
+    if args.logfile:
+        with open(args.logfile, 'rb') as f:
+            parameters['logfile'] = (os.path.basename(args.logfile), BytesIO(f.read()))
    f2b = Fail2BanObject(parameters=parameters, standalone=False)
    if me:
        me.add_object(f2b)
--- a/pymisp/data/misp-objects
+++ b/pymisp/data/misp-objects
@ -1 +1 @@
-Subproject commit 4708caffb5bd7c9bf67476e098c7cdd3d4d3bd19
+Subproject commit 7c9e0420e196b37004c42c218e588c0d55a1f8cd
--- a/pymisp/tools/fail2banobject.py
+++ b/pymisp/tools/fail2banobject.py
@ -32,3 +32,8 @@ class Fail2BanObject(AbstractMISPObjectGenerator):
            self.add_attribute('', value=self.__parameters['sensor'])
        if 'victim' in self.__parameters:
            self.add_attribute('victim', value=self.__parameters['victim'])
+        if 'logline' in self.__parameters:
+            self.add_attribute('logline', value=self.__parameters['logline'])
+        if 'logfile' in self.__parameters:
+            self.add_attribute('logfile', value=self.__parameters['logfile'][0],
+                               data=self.__parameters['logfile'][1])