mirror of https://github.com/MISP/PyMISP
commit
b425ab4826
|
@ -1295,7 +1295,7 @@ Other
|
||||||
values, sanitization) [Falconieri]
|
values, sanitization) [Falconieri]
|
||||||
- Add: exportpdf tool working. [Falconieri]
|
- Add: exportpdf tool working. [Falconieri]
|
||||||
- General improvement : deisgn, exhaustiviness of mispEvent values
|
- General improvement : deisgn, exhaustiviness of mispEvent values
|
||||||
displayed, good pratice concerning paragraphe/table made. [Falconieri]
|
displayed, good practice concerning paragraphe/table made. [Falconieri]
|
||||||
- Update with table basics. [Falconieri]
|
- Update with table basics. [Falconieri]
|
||||||
- Structure of the improvements OK : test file, test folder, report
|
- Structure of the improvements OK : test file, test folder, report
|
||||||
generator. [Falconieri]
|
generator. [Falconieri]
|
||||||
|
@ -2219,7 +2219,7 @@ Changes
|
||||||
- Bump CHANGELOG. [Raphaël Vinot]
|
- Bump CHANGELOG. [Raphaël Vinot]
|
||||||
- Bump misp-objects. [Raphaël Vinot]
|
- Bump misp-objects. [Raphaël Vinot]
|
||||||
- Update readme for new logging system. [Raphaël Vinot]
|
- Update readme for new logging system. [Raphaël Vinot]
|
||||||
- Small improvments in the logging system. [Raphaël Vinot]
|
- Small improvements in the logging system. [Raphaël Vinot]
|
||||||
- Properly use python logging module. [Raphaël Vinot]
|
- Properly use python logging module. [Raphaël Vinot]
|
||||||
- Update asciidoctor generator. [Raphaël Vinot]
|
- Update asciidoctor generator. [Raphaël Vinot]
|
||||||
- Remove warning if PyMISP is too new. [Raphaël Vinot]
|
- Remove warning if PyMISP is too new. [Raphaël Vinot]
|
||||||
|
@ -2547,7 +2547,7 @@ Other
|
||||||
- Cleanup warning function. [Raphaël Vinot]
|
- Cleanup warning function. [Raphaël Vinot]
|
||||||
- Fix typos. [Raphaël Vinot]
|
- Fix typos. [Raphaël Vinot]
|
||||||
- Remove unused variable. [Tristan METAYER]
|
- Remove unused variable. [Tristan METAYER]
|
||||||
- Remove category It will be automaticly detected
|
- Remove category It will be automatically detected
|
||||||
https://github.com/MISP/PyMISP/blob/master/pymisp/tools/openioc.py.
|
https://github.com/MISP/PyMISP/blob/master/pymisp/tools/openioc.py.
|
||||||
[Tristan METAYER]
|
[Tristan METAYER]
|
||||||
- Revert tab to escape. [Tristan METAYER]
|
- Revert tab to escape. [Tristan METAYER]
|
||||||
|
@ -2756,7 +2756,7 @@ Other
|
||||||
- Bump version. [Raphaël Vinot]
|
- Bump version. [Raphaël Vinot]
|
||||||
- Add orgs managment. [Raphaël Vinot]
|
- Add orgs managment. [Raphaël Vinot]
|
||||||
- Run on more python versions. [Raphaël Vinot]
|
- Run on more python versions. [Raphaël Vinot]
|
||||||
- Exemple addtag (dirty) [Déborah Servili]
|
- Example addtag (dirty) [Déborah Servili]
|
||||||
- Fix last commit. [Raphaël Vinot]
|
- Fix last commit. [Raphaël Vinot]
|
||||||
- Wrong use of API for dateuntil. [Koen Van Impe]
|
- Wrong use of API for dateuntil. [Koen Van Impe]
|
||||||
|
|
||||||
|
|
|
@ -70,7 +70,7 @@
|
||||||
"source": [
|
"source": [
|
||||||
"## Search unpublished events\n",
|
"## Search unpublished events\n",
|
||||||
"\n",
|
"\n",
|
||||||
"**WARNING**: By default, the search query will only return all the events listed on teh index page"
|
"**WARNING**: By default, the search query will only return all the events listed on the index page"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
|
|
@ -7,7 +7,7 @@ import argparse
|
||||||
|
|
||||||
|
|
||||||
if __name__ == '__main__':
|
if __name__ == '__main__':
|
||||||
parser = argparse.ArgumentParser(description='Delete the user with the given id. Keep in mind that disabling users (by setting the disabled flag via an edit) is always prefered to keep user associations to events intact.')
|
parser = argparse.ArgumentParser(description='Delete the user with the given id. Keep in mind that disabling users (by setting the disabled flag via an edit) is always preferred to keep user associations to events intact.')
|
||||||
parser.add_argument("-i", "--user_id", help="The id of the user you want to delete.")
|
parser.add_argument("-i", "--user_id", help="The id of the user you want to delete.")
|
||||||
args = parser.parse_args()
|
args = parser.parse_args()
|
||||||
|
|
||||||
|
|
|
@ -66,7 +66,7 @@ python3 server.py
|
||||||
>>> obj_data = { "session": "session_id", "username": "admin", "password": "admin", "protocol": "telnet" }
|
>>> obj_data = { "session": "session_id", "username": "admin", "password": "admin", "protocol": "telnet" }
|
||||||
>>> generator.add_object_to_event(obj_name, **obj_data)
|
>>> generator.add_object_to_event(obj_name, **obj_data)
|
||||||
|
|
||||||
# Immediatly write the event to the disk (Bypassing the default flushing behavior)
|
# Immediately write the event to the disk (Bypassing the default flushing behavior)
|
||||||
>>> generator.flush_event()
|
>>> generator.flush_event()
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
|
@ -107,7 +107,7 @@ class RedisToMISPFeed:
|
||||||
# Suffix not provided, try to add anyway
|
# Suffix not provided, try to add anyway
|
||||||
if settings.fallback_MISP_type == 'attribute':
|
if settings.fallback_MISP_type == 'attribute':
|
||||||
new_key = key + self.SUFFIX_ATTR
|
new_key = key + self.SUFFIX_ATTR
|
||||||
# Add atribute type from the config
|
# Add attribute type from the config
|
||||||
if 'type' not in data and settings.fallback_attribute_type:
|
if 'type' not in data and settings.fallback_attribute_type:
|
||||||
data['type'] = settings.fallback_attribute_type
|
data['type'] = settings.fallback_attribute_type
|
||||||
else:
|
else:
|
||||||
|
|
|
@ -4,8 +4,8 @@
|
||||||
* It will also generate a html document with a table (attribute\_table.html) containing count for each type of attribute.
|
* It will also generate a html document with a table (attribute\_table.html) containing count for each type of attribute.
|
||||||
* test\_attribute\_treemap.html is a quick page made to visualize both treemap and table at the same time.
|
* test\_attribute\_treemap.html is a quick page made to visualize both treemap and table at the same time.
|
||||||
|
|
||||||
* tags\_count.py is a script that count the number of occurences of every tags in a fetched sample of Events in a given period of time.
|
* tags\_count.py is a script that count the number of occurrences of every tags in a fetched sample of Events in a given period of time.
|
||||||
* tag\_search.py is a script that count the number of occurences of a given tag in a fetched sample of Events in a given period of time.
|
* tag\_search.py is a script that count the number of occurrences of a given tag in a fetched sample of Events in a given period of time.
|
||||||
* Events will be fetched from _days_ days ago to today.
|
* Events will be fetched from _days_ days ago to today.
|
||||||
* _begindate_ is the beginning of the studied period. If it is later than today, an error will be raised.
|
* _begindate_ is the beginning of the studied period. If it is later than today, an error will be raised.
|
||||||
* _enddate_ is the end of the studied period. If it is earlier than _begindate_, an error will be raised.
|
* _enddate_ is the end of the studied period. If it is earlier than _begindate_, an error will be raised.
|
||||||
|
|
|
@ -129,7 +129,7 @@ def search_vmray_incomplete(m, url, wait_period, module_import_url, module_impor
|
||||||
if module_DEBUG and req is not None:
|
if module_DEBUG and req is not None:
|
||||||
print("Response code from submitting to MISP modules %s" % (req.status_code))
|
print("Response code from submitting to MISP modules %s" % (req.status_code))
|
||||||
|
|
||||||
# Succesful response from the misp modules?
|
# Successful response from the misp modules?
|
||||||
if req.status_code == 200:
|
if req.status_code == 200:
|
||||||
req_json = req.json()
|
req_json = req.json()
|
||||||
if "error" in req_json:
|
if "error" in req_json:
|
||||||
|
|
|
@ -1917,7 +1917,7 @@ class PyMISP:
|
||||||
:param timestamp: Restrict the results by the timestamp (last edit). Any event with a timestamp newer than the given timestamp will be returned. In case you are dealing with /attributes as scope, the attribute's timestamp will be used for the lookup.
|
:param timestamp: Restrict the results by the timestamp (last edit). Any event with a timestamp newer than the given timestamp will be returned. In case you are dealing with /attributes as scope, the attribute's timestamp will be used for the lookup.
|
||||||
:param published: Set whether published or unpublished events should be returned. Do not set the parameter if you want both.
|
:param published: Set whether published or unpublished events should be returned. Do not set the parameter if you want both.
|
||||||
:param enforce_warninglist: Remove any attributes from the result that would cause a hit on a warninglist entry.
|
:param enforce_warninglist: Remove any attributes from the result that would cause a hit on a warninglist entry.
|
||||||
:param to_ids: By default all attributes are returned that match the other filter parameters, irregardless of their to_ids setting. To restrict the returned data set to to_ids only attributes set this parameter to 1. 0 for the ones with to_ids set to False.
|
:param to_ids: By default all attributes are returned that match the other filter parameters, regardless of their to_ids setting. To restrict the returned data set to to_ids only attributes set this parameter to 1. 0 for the ones with to_ids set to False.
|
||||||
:param deleted: If this parameter is set to 1, it will only return soft-deleted attributes. ["0", "1"] will return the active ones as well as the soft-deleted ones.
|
:param deleted: If this parameter is set to 1, it will only return soft-deleted attributes. ["0", "1"] will return the active ones as well as the soft-deleted ones.
|
||||||
:param include_event_uuid: Instead of just including the event ID, also include the event UUID in each of the attributes.
|
:param include_event_uuid: Instead of just including the event ID, also include the event UUID in each of the attributes.
|
||||||
:param include_event_tags: Include the event level tags in each of the attributes.
|
:param include_event_tags: Include the event level tags in each of the attributes.
|
||||||
|
|
|
@ -79,10 +79,10 @@ class FileObject(AbstractMISPObjectGenerator):
|
||||||
if len(data) == 0:
|
if len(data) == 0:
|
||||||
return 0.0
|
return 0.0
|
||||||
|
|
||||||
occurences = Counter(bytearray(data))
|
occurrences = Counter(bytearray(data))
|
||||||
|
|
||||||
entropy = 0.0
|
entropy = 0.0
|
||||||
for x in occurences.values():
|
for x in occurrences.values():
|
||||||
p_x = float(x) / len(data)
|
p_x = float(x) / len(data)
|
||||||
entropy -= p_x * math.log(p_x, 2)
|
entropy -= p_x * math.log(p_x, 2)
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue