MISP
/
PyMISP
mirror of https://github.com/MISP/PyMISP
2
0
Fork 0
Code Issues Releases Wiki Activity

Allow to pass a pseudo file to OpenIOC loader.

pull/55/head
Raphaël Vinot 2017-02-27 11:33:07 +01:00
parent 8175a0ecf0
commit a55603e5c8
1 changed files with 26 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
pymisp/tools/openioc.py
View File

@ -1,6 +1,8 @@
#!/usr/bin/env python #!/usr/bin/env python
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
import os
from pymisp import MISPEvent from pymisp import MISPEvent
try: try:
from bs4 import BeautifulSoup from bs4 import BeautifulSoup
@ -79,27 +81,34 @@ def extract_field(report, field_name):
return None return None
def load_openioc_file(openioc_path):
if not os.path.exists(openioc_path):
raise Exception("Path doesn't exists.")
with open(openioc_path, 'r') as f:
return load_openioc(f)
def load_openioc(openioc): def load_openioc(openioc):
# Takes a opened file, or a string
if not has_bs4: if not has_bs4:
raise Exception('You need to install BeautifulSoup: pip install bs4') raise Exception('You need to install BeautifulSoup: pip install bs4')
misp_event = MISPEvent() misp_event = MISPEvent()
with open(openioc, "r") as ioc_file: iocreport = BeautifulSoup(openioc, "lxml")
iocreport = BeautifulSoup(ioc_file, "lxml") # Set event fields
# Set event fields info = extract_field(iocreport, 'short_description')
info = extract_field(iocreport, 'short_description') if info:
if info: misp_event.info = info
misp_event.info = info date = extract_field(iocreport, 'authored_date')
date = extract_field(iocreport, 'authored_date') if date:
if date: misp_event.set_date(date)
misp_event.set_date(date) # Set special attributes
# Set special attributes description = extract_field(iocreport, 'description')
description = extract_field(iocreport, 'description') if description:
if description: misp_event.add_attribute('comment', description)
misp_event.add_attribute('comment', description) author = extract_field(iocreport, 'authored_by')
author = extract_field(iocreport, 'authored_by') if author:
if author: misp_event.add_attribute('comment', author)
misp_event.add_attribute('comment', author) misp_event = set_all_attributes(iocreport, misp_event)
misp_event = set_all_attributes(iocreport, misp_event)
return misp_event return misp_event