MISP
/
PyMISP
mirror of https://github.com/MISP/PyMISP
2
0
Fork 0
Code Issues Releases Wiki Activity

Script for the upcoming feed generator 

- also some minor modifications to the get_index api
pull/3/head
Iglocska 2016-03-01 15:32:58 +01:00
parent 3a2414bc8c
commit be242152e7
4 changed files with 79 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
examples/feed-generator/generate.py Executable file
View File

@ -0,0 +1,48 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
import sys
import json
import os
from pymisp import PyMISP
from settings import url, key, ssl, outputdir, filters
def init():
return PyMISP(url, key, ssl, 'json')
def saveEvent(misp, uuid):
try:
event = misp.get_event(uuid)
eventFile = open(os.path.join(outputdir, uuid + '.json'), 'w')
eventFile.write(event.text)
eventFile.close()
except:
sys.exit('Could not create the manifest file.')
def saveManifest(manifest):
try:
manifestFile = open(os.path.join(outputdir, 'manifest.json'), 'w')
manifestFile.write(json.dumps(manifest))
manifestFile.close()
except:
sys.exit('Could not create the manifest file.')
if __name__ == '__main__':
misp = init()
result = misp.get_index(None, filters)
try:
events = result.json()
except:
sys.exit("Invalid response received from MISP.")
if len(events) == 0:
sys.exit("No events returned.")
manifest = {}
for event in events:
manifest[event['uuid']] = event['timestamp']
saveEvent(misp, event['uuid'])
saveManifest(manifest)
print str(len(manifest)) + ' events exported.'

0
examples/feed-generator/output/empty Normal file
View File

23
examples/feed-generator/settings.py Executable file
View File

@ -0,0 +1,23 @@
# Your MISP's URL
url = ''
# The auth key to the MISP user that you wish to use. Make sure that the
# user has auth_key access
key = ''
# Should the certificate be validated?
ssl = False
# The output dir for the feed. This will drop a lot of files, so make
# sure that you use a directory dedicated to the feed
outputdir = 'output'
# The filters to be used for by the feed. You can use any filter that
# you can use on the event index, such as organisation, tags, etc.
# It uses the same joining and condition rules as the API parameters
# For example:
# filters = {'tag':'tlp:white|feed-export|!privint','org':'CIRCL'}
# the above would generate a feed for all events created by CIRCL, tagged
# tlp:white and/or feed-export but exclude anything tagged privint
filters = {}

9
pymisp/api.py
View File

@ -192,14 +192,19 @@ class PyMISP(object):
# ############### Simple REST API ################ # ############### Simple REST API ################
# ################################################ # ################################################
def get_index(self, force_out=None): def get_index(self, force_out=None, filters=None):
""" """
Return the index. Return the index.
Warning, there's a limit on the number of results Warning, there's a limit on the number of results
""" """
session = self.__prepare_session(force_out) session = self.__prepare_session(force_out)
url = urljoin(self.root_url, 'events') url = urljoin(self.root_url, 'events', 'index')
if filters is not None:
filters = json.dumps(filters)
print filters
return session.post(url, data=filters)
else:
return session.get(url) return session.get(url)
def get_event(self, event_id, force_out=None): def get_event(self, event_id, force_out=None):