chg: Update fail2ban helper & example

pull/215/head
Raphaël Vinot 2018-03-27 10:29:57 +02:00
parent 0a4860b481
commit 8125b073a1
3 changed files with 12 additions and 1 deletions

View File

@ -5,6 +5,8 @@ from pymisp import PyMISP, MISPEvent
from pymisp.tools import Fail2BanObject
import argparse
from base64 import b64decode
from io import BytesIO
import os
from datetime import date, datetime
from dateutil.parser import parse
@ -36,6 +38,7 @@ if __name__ == '__main__':
parser.add_argument("-s", "--sensor", help="Sensor identifier.")
parser.add_argument("-v", "--victim", help="Victim identifier.")
parser.add_argument("-l", "--logline", help="Logline (base64 encoded).")
parser.add_argument("-F", "--logfile", help="Path to a logfile to attach.")
parser.add_argument("-n", "--force_new", action='store_true', default=False, help="Force new MISP event.")
parser.add_argument("-d", "--disable_new", action='store_true', default=False, help="Do not create a new Event.")
args = parser.parse_args()
@ -71,6 +74,9 @@ if __name__ == '__main__':
parameters['victim'] = args.victim
if args.logline:
parameters['logline'] = b64decode(args.logline).decode()
if args.logfile:
with open(args.logfile, 'rb') as f:
parameters['logfile'] = (os.path.basename(args.logfile), BytesIO(f.read()))
f2b = Fail2BanObject(parameters=parameters, standalone=False)
if me:
me.add_object(f2b)

@ -1 +1 @@
Subproject commit 4708caffb5bd7c9bf67476e098c7cdd3d4d3bd19
Subproject commit 7c9e0420e196b37004c42c218e588c0d55a1f8cd

View File

@ -32,3 +32,8 @@ class Fail2BanObject(AbstractMISPObjectGenerator):
self.add_attribute('', value=self.__parameters['sensor'])
if 'victim' in self.__parameters:
self.add_attribute('victim', value=self.__parameters['victim'])
if 'logline' in self.__parameters:
self.add_attribute('logline', value=self.__parameters['logline'])
if 'logfile' in self.__parameters:
self.add_attribute('logfile', value=self.__parameters['logfile'][0],
data=self.__parameters['logfile'][1])