MISP
/
PyMISP
mirror of https://github.com/MISP/PyMISP
2
0
Fork 0
Code Issues Releases Wiki Activity

Add some mapping to openioc, add python version in the user agent

pull/30/head
Raphaël Vinot 2016-11-03 16:01:48 -04:00
parent 6c5289d495
commit 9f0737c34a
2 changed files with 13 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
pymisp/api.py
View File

@ -3,6 +3,7 @@
"""Python API using the REST interface of MISP""" """Python API using the REST interface of MISP"""
import sys
import json import json
import datetime import datetime
import os import os
@ -136,7 +137,7 @@ class PyMISP(object):
{'Authorization': self.key, {'Authorization': self.key,
'Accept': 'application/{}'.format(output), 'Accept': 'application/{}'.format(output),
'content-type': 'application/{}'.format(output), 'content-type': 'application/{}'.format(output),
'User-Agent': 'PyMISP {}'.format(__version__)}) 'User-Agent': 'PyMISP {} - Python {}.{}.{}'.format(__version__, *sys.version_info)})
return session return session
def flatten_error_messages(self, response): def flatten_error_messages(self, response):

12
pymisp/tools/openioc.py
View File

@ -23,14 +23,17 @@ iocMispMapping = {
'FileItem/Md5sum': {'type': 'md5'}, 'FileItem/Md5sum': {'type': 'md5'},
'FileItem/Sha1sum': {'type': 'sha1'}, 'FileItem/Sha1sum': {'type': 'sha1'},
'TaskItem/Sha1sum': {'type': 'sha1'},
'FileItem/Sha256sum': {'type': 'sha256'}, 'FileItem/Sha256sum': {'type': 'sha256'},
'FileItem/FileName': {'type': 'filename'}, 'FileItem/FileName': {'type': 'filename'},
'FileItem/FullPath': {'type': 'filename'}, 'FileItem/FullPath': {'type': 'filename'},
'FileItem/FilePath': {'type': 'filename'}, 'FileItem/FilePath': {'type': 'filename'},
'DriverItem/DriverName': {'type': 'filename'},
'Network/URI': {'type': 'uri'}, 'Network/URI': {'type': 'uri'},
'Network/DNS': {'type': 'domain'}, 'Network/DNS': {'type': 'domain'},
'Network/String': {'type': 'ip-dst'}, 'Network/String': {'type': 'ip-dst'},
'RouteEntryItem/Destination': {'type': 'ip-dst'},
'Network/UserAgent': {'type': 'user-agent'}, 'Network/UserAgent': {'type': 'user-agent'},
'PortItem/localIP': {'type': 'ip-dst'}, 'PortItem/localIP': {'type': 'ip-dst'},
@ -41,8 +44,16 @@ iocMispMapping = {
'ProcessItem/Pipe/Name': {'type': 'named pipe'}, 'ProcessItem/Pipe/Name': {'type': 'named pipe'},
'ProcessItem/Mutex/Name': {'type': 'mutex', 'comment': 'MutexName.'}, 'ProcessItem/Mutex/Name': {'type': 'mutex', 'comment': 'MutexName.'},
'CookieHistoryItem/HostName': {'type': 'hostname'},
'FormHistoryItem/HostName': {'type': 'hostname'},
'SystemInfoItem/HostName': {'type': 'hostname'},
'UrlHistoryItem/HostName': {'type': 'hostname'},
'DnsEntryItem/RecordName': {'type': 'hostname'},
'DnsEntryItem/Host': {'type': 'hostname'},
# Is it the regkey value? # Is it the regkey value?
# 'RegistryItem/Text': {'type': 'regkey', 'RegistryText. '}, # 'RegistryItem/Text': {'type': 'regkey', 'RegistryText. '},
'RegistryItem/KeyPath': {'type': 'regkey'},
'RegistryItem/Path': {'type': 'regkey'}, 'RegistryItem/Path': {'type': 'regkey'},
'ServiceItem/name': {'type': 'windows-service-name'}, 'ServiceItem/name': {'type': 'windows-service-name'},
@ -93,7 +104,6 @@ def get_mapping(openioc_type):
def set_all_attributes(openioc, misp_event): def set_all_attributes(openioc, misp_event):
for item in openioc.find_all("indicatoritem"): for item in openioc.find_all("indicatoritem"):
print(item)
attribute_values = {'comment': ''} attribute_values = {'comment': ''}
if item.find('context'): if item.find('context'):
mapping = get_mapping(item.find('context')['search']) mapping = get_mapping(item.find('context')['search'])