MISP
/
PyMISP
mirror of https://github.com/MISP/PyMISP
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: Update fail2ban helper & example

pull/215/head
Raphaël Vinot 2018-03-27 10:29:57 +02:00
parent 0a4860b481
commit 8125b073a1
3 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
examples/add_fail2ban_object.py
View File

@ -5,6 +5,8 @@ from pymisp import PyMISP, MISPEvent
from pymisp.tools import Fail2BanObject from pymisp.tools import Fail2BanObject
import argparse import argparse
from base64 import b64decode from base64 import b64decode
from io import BytesIO
import os
from datetime import date, datetime from datetime import date, datetime
from dateutil.parser import parse from dateutil.parser import parse
@ -36,6 +38,7 @@ if __name__ == '__main__':
parser.add_argument("-s", "--sensor", help="Sensor identifier.") parser.add_argument("-s", "--sensor", help="Sensor identifier.")
parser.add_argument("-v", "--victim", help="Victim identifier.") parser.add_argument("-v", "--victim", help="Victim identifier.")
parser.add_argument("-l", "--logline", help="Logline (base64 encoded).") parser.add_argument("-l", "--logline", help="Logline (base64 encoded).")
parser.add_argument("-F", "--logfile", help="Path to a logfile to attach.")
parser.add_argument("-n", "--force_new", action='store_true', default=False, help="Force new MISP event.") parser.add_argument("-n", "--force_new", action='store_true', default=False, help="Force new MISP event.")
parser.add_argument("-d", "--disable_new", action='store_true', default=False, help="Do not create a new Event.") parser.add_argument("-d", "--disable_new", action='store_true', default=False, help="Do not create a new Event.")
args = parser.parse_args() args = parser.parse_args()
@ -71,6 +74,9 @@ if __name__ == '__main__':
parameters['victim'] = args.victim parameters['victim'] = args.victim
if args.logline: if args.logline:
parameters['logline'] = b64decode(args.logline).decode() parameters['logline'] = b64decode(args.logline).decode()
if args.logfile:
with open(args.logfile, 'rb') as f:
parameters['logfile'] = (os.path.basename(args.logfile), BytesIO(f.read()))
f2b = Fail2BanObject(parameters=parameters, standalone=False) f2b = Fail2BanObject(parameters=parameters, standalone=False)
if me: if me:
me.add_object(f2b) me.add_object(f2b)

2
pymisp/data/misp-objects

@ -1 +1 @@
Subproject commit 4708caffb5bd7c9bf67476e098c7cdd3d4d3bd19 Subproject commit 7c9e0420e196b37004c42c218e588c0d55a1f8cd

5
pymisp/tools/fail2banobject.py
View File

@ -32,3 +32,8 @@ class Fail2BanObject(AbstractMISPObjectGenerator):
self.add_attribute('', value=self.__parameters['sensor']) self.add_attribute('', value=self.__parameters['sensor'])
if 'victim' in self.__parameters: if 'victim' in self.__parameters:
self.add_attribute('victim', value=self.__parameters['victim']) self.add_attribute('victim', value=self.__parameters['victim'])
if 'logline' in self.__parameters:
self.add_attribute('logline', value=self.__parameters['logline'])
if 'logfile' in self.__parameters:
self.add_attribute('logfile', value=self.__parameters['logfile'][0],
data=self.__parameters['logfile'][1])