mirror of https://github.com/MISP/PyMISP
Added MISPItemToRedis and updated readme accordingly
parent
39fc05aad9
commit
91262662c4
|
@ -0,0 +1,89 @@
|
||||||
|
import redis
|
||||||
|
import json
|
||||||
|
|
||||||
|
|
||||||
|
class MISPItemToRedis:
|
||||||
|
"""This class provides a simple normalization to add MISP item to
|
||||||
|
redis, so that they can easily be processed and added to MISP later on."""
|
||||||
|
SUFFIX_SIGH = '_sighting'
|
||||||
|
SUFFIX_ATTR = '_attribute'
|
||||||
|
SUFFIX_OBJ = '_object'
|
||||||
|
SUFFIX_LIST = [SUFFIX_SIGH, SUFFIX_ATTR, SUFFIX_OBJ]
|
||||||
|
|
||||||
|
def __init__(self, keyname, host='localhost', port=6379, db=0):
|
||||||
|
self.host = host
|
||||||
|
self.port = port
|
||||||
|
self.db = db
|
||||||
|
self.keyname = keyname
|
||||||
|
self.serv = redis.StrictRedis(self.host, self.port, self.db)
|
||||||
|
|
||||||
|
def push_json(self, jdata, keyname, action):
|
||||||
|
all_action = [s.lstrip('_') for s in self.SUFFIX_LIST]
|
||||||
|
if action not in all_action:
|
||||||
|
raise('Error: Invalid action. (Allowed: {})'.format(all_action))
|
||||||
|
key = keyname + '_' + action
|
||||||
|
self.serv.lpush(key, jdata)
|
||||||
|
|
||||||
|
def push_attribute(self, type_value, value, category=None, to_ids=False,
|
||||||
|
comment=None, distribution=None, proposal=False, **kwargs):
|
||||||
|
to_push = {}
|
||||||
|
to_push['type'] = type_value
|
||||||
|
to_push['value'] = value
|
||||||
|
if category is not None:
|
||||||
|
to_push['category'] = category
|
||||||
|
if to_ids is not None:
|
||||||
|
to_push['to_ids'] = to_ids
|
||||||
|
if comment is not None:
|
||||||
|
to_push['comment'] = comment
|
||||||
|
if distribution is not None:
|
||||||
|
to_push['distribution'] = distribution
|
||||||
|
if proposal is not None:
|
||||||
|
to_push['proposal'] = proposal
|
||||||
|
for k, v in kwargs.items():
|
||||||
|
to_push[k] = v
|
||||||
|
key = self.keyname + self.SUFFIX_ATTR
|
||||||
|
self.serv.lpush(key, json.dumps(to_push))
|
||||||
|
|
||||||
|
def push_attribute_obj(self, MISP_Attribute, keyname):
|
||||||
|
key = keyname + self.SUFFIX_ATTR
|
||||||
|
jdata = MISP_Attribute.to_json()
|
||||||
|
self.serv.lpush(key, jdata)
|
||||||
|
|
||||||
|
def push_object(self, dict_values):
|
||||||
|
# check that 'name' field is present
|
||||||
|
if 'name' not in dict_values:
|
||||||
|
print("Error: JSON must contain the field 'name'")
|
||||||
|
key = self.keyname + self.SUFFIX_OBJ
|
||||||
|
self.serv.lpush(key, json.dumps(dict_values))
|
||||||
|
|
||||||
|
def push_object_obj(self, MISP_Object, keyname):
|
||||||
|
key = keyname + self.SUFFIX_OBJ
|
||||||
|
jdata = MISP_Object.to_json()
|
||||||
|
self.serv.lpush(key, jdata)
|
||||||
|
|
||||||
|
def push_sighting(self, value=None, uuid=None, id=None, source=None,
|
||||||
|
type=0, timestamp=None, **kargs):
|
||||||
|
to_push = {}
|
||||||
|
if value is not None:
|
||||||
|
to_push['value'] = value
|
||||||
|
if uuid is not None:
|
||||||
|
to_push['uuid'] = uuid
|
||||||
|
if id is not None:
|
||||||
|
to_push['id'] = id
|
||||||
|
if source is not None:
|
||||||
|
to_push['source'] = source
|
||||||
|
if type is not None:
|
||||||
|
to_push['type'] = type
|
||||||
|
if timestamp is not None:
|
||||||
|
to_push['timestamp'] = timestamp
|
||||||
|
|
||||||
|
for k, v in kargs.items():
|
||||||
|
if v is not None:
|
||||||
|
to_push[k] = v
|
||||||
|
key = self.keyname + self.SUFFIX_SIGH
|
||||||
|
self.serv.lpush(key, json.dumps(to_push))
|
||||||
|
|
||||||
|
def push_sighting_obj(self, MISP_Sighting, keyname):
|
||||||
|
key = keyname + self.SUFFIX_SIGH
|
||||||
|
jdata = MISP_Sighting.to_json()
|
||||||
|
self.serv.lpush(key, jdata)
|
|
@ -2,7 +2,8 @@
|
||||||
|
|
||||||
- ``generator.py`` exposes a class allowing to generate a MISP feed in real time.
|
- ``generator.py`` exposes a class allowing to generate a MISP feed in real time.
|
||||||
- ``fromredis.py`` uses ``generator.py`` to generate a MISP feed based on data stored in redis.
|
- ``fromredis.py`` uses ``generator.py`` to generate a MISP feed based on data stored in redis.
|
||||||
- ``server.py`` is a simple script using *Flask_autoindex* to serve data to MISP
|
- ``server.py`` is a simple script using *Flask_autoindex* to serve data to MISP.
|
||||||
|
- ``MISPItemToRedis.py`` permits to push (in redis) items to be added in MISP by the ``fromredis.py`` script.
|
||||||
|
|
||||||
|
|
||||||
# Installation
|
# Installation
|
||||||
|
|
Loading…
Reference in New Issue