From be242152e7645a8211ab45981e7d059a505bf18c Mon Sep 17 00:00:00 2001 From: Iglocska Date: Tue, 1 Mar 2016 15:32:58 +0100 Subject: [PATCH] Script for the upcoming feed generator - also some minor modifications to the get_index api --- examples/feed-generator/generate.py | 48 ++++++++++++++++++++++++++++ examples/feed-generator/output/empty | 0 examples/feed-generator/settings.py | 23 +++++++++++++ pymisp/api.py | 11 +++++-- 4 files changed, 79 insertions(+), 3 deletions(-) create mode 100755 examples/feed-generator/generate.py create mode 100644 examples/feed-generator/output/empty create mode 100755 examples/feed-generator/settings.py diff --git a/examples/feed-generator/generate.py b/examples/feed-generator/generate.py new file mode 100755 index 0000000..2307cf2 --- /dev/null +++ b/examples/feed-generator/generate.py @@ -0,0 +1,48 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +import sys +import json +import os +from pymisp import PyMISP +from settings import url, key, ssl, outputdir, filters + + +def init(): + return PyMISP(url, key, ssl, 'json') + + +def saveEvent(misp, uuid): + try: + event = misp.get_event(uuid) + eventFile = open(os.path.join(outputdir, uuid + '.json'), 'w') + eventFile.write(event.text) + eventFile.close() + except: + sys.exit('Could not create the manifest file.') + + +def saveManifest(manifest): + try: + manifestFile = open(os.path.join(outputdir, 'manifest.json'), 'w') + manifestFile.write(json.dumps(manifest)) + manifestFile.close() + except: + sys.exit('Could not create the manifest file.') + +if __name__ == '__main__': + misp = init() + result = misp.get_index(None, filters) + try: + events = result.json() + except: + sys.exit("Invalid response received from MISP.") + if len(events) == 0: + sys.exit("No events returned.") + manifest = {} + for event in events: + manifest[event['uuid']] = event['timestamp'] + saveEvent(misp, event['uuid']) + saveManifest(manifest) + print str(len(manifest)) + ' events exported.' + diff --git a/examples/feed-generator/output/empty b/examples/feed-generator/output/empty new file mode 100644 index 0000000..e69de29 diff --git a/examples/feed-generator/settings.py b/examples/feed-generator/settings.py new file mode 100755 index 0000000..7901a87 --- /dev/null +++ b/examples/feed-generator/settings.py @@ -0,0 +1,23 @@ +# Your MISP's URL +url = '' + +# The auth key to the MISP user that you wish to use. Make sure that the +# user has auth_key access +key = '' + +# Should the certificate be validated? +ssl = False + +# The output dir for the feed. This will drop a lot of files, so make +# sure that you use a directory dedicated to the feed +outputdir = 'output' + +# The filters to be used for by the feed. You can use any filter that +# you can use on the event index, such as organisation, tags, etc. +# It uses the same joining and condition rules as the API parameters +# For example: +# filters = {'tag':'tlp:white|feed-export|!privint','org':'CIRCL'} +# the above would generate a feed for all events created by CIRCL, tagged +# tlp:white and/or feed-export but exclude anything tagged privint +filters = {} + diff --git a/pymisp/api.py b/pymisp/api.py index d709753..1f0c802 100644 --- a/pymisp/api.py +++ b/pymisp/api.py @@ -192,15 +192,20 @@ class PyMISP(object): # ############### Simple REST API ################ # ################################################ - def get_index(self, force_out=None): + def get_index(self, force_out=None, filters=None): """ Return the index. Warning, there's a limit on the number of results """ session = self.__prepare_session(force_out) - url = urljoin(self.root_url, 'events') - return session.get(url) + url = urljoin(self.root_url, 'events', 'index') + if filters is not None: + filters = json.dumps(filters) + print filters + return session.post(url, data=filters) + else: + return session.get(url) def get_event(self, event_id, force_out=None): """