MISP
/
PyMISP
mirror of https://github.com/MISP/PyMISP
2
0
Fork 0
Code Issues Releases Wiki Activity

Fix examples after removal of MISP XML support

pull/30/head
Raphaël Vinot 2016-09-12 12:53:58 +02:00
parent 63270d6eaa
commit bf5793992b
6 changed files with 43 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
examples/copy_list.py
View File

@ -27,25 +27,14 @@ def init(cert_to_priv=True):
destination = PyMISP(url_cert, cert, cert_cert, 'xml')
def _to_utf8(request):
to_return = None
if 'json' in request.headers['content-type']:
to_return = request.json()
else:
to_return = request.text.encode('utf-8')
return to_return
def copy_event(event_id):
r_src = source.get_event(event_id)
to_send = _to_utf8(r_src)
return destination.add_event(to_send)
e = source.get_event(event_id)
return destination.add_event(e)
def update_event(event_id, event_to_update):
r_src = source.get_event(event_id)
to_send = _to_utf8(r_src)
return destination.update_event(event_to_update, to_send)
e = source.get_event(event_id)
return destination.update_event(event_to_update, e)
def list_copy(filename):
@ -83,7 +72,7 @@ def copy(eventid):
def export_our_org():
circl = source.search(org='CIRCL')
return _to_utf8(circl)
return circl
if __name__ == '__main__':
import argparse

16
examples/feed-generator/generate.py
View File

@ -34,13 +34,13 @@ def init():
valid_attribute_distributions = valid_attribute_distribution_levels
except:
valid_attribute_distributions = ['0', '1', '2', '3', '4', '5']
return PyMISP(url, key, ssl, 'json')
return PyMISP(url, key, ssl)
def saveEvent(misp, uuid):
event = misp.get_event(uuid)
if not event.json().get('Event'):
print('Error while fetching event: {}'.format(event.json()['message']))
if not event.get('Event'):
print('Error while fetching event: {}'.format(event['message']))
sys.exit('Could not create file for event ' + uuid + '.')
event = __cleanUpEvent(event)
event = json.dumps(event)
@ -50,7 +50,7 @@ def saveEvent(misp, uuid):
def __cleanUpEvent(event):
temp = event.json()
temp = event
event = {'Event': {}}
__cleanupEventFields(event, temp)
__cleanupEventObjects(event, temp)
@ -120,10 +120,12 @@ def __addEventToManifest(event):
if __name__ == '__main__':
misp = init()
result = misp.get_index(None, filters)
try:
events = result.json()
except:
r = misp.get_index(filters)
events = r['response']
print(events[0])
except Exception as e:
print(e)
sys.exit("Invalid response received from MISP.")
if len(events) == 0:
sys.exit("No events returned.")

59
examples/get_network_activity.py
View File

@ -48,41 +48,34 @@ def get_event(event_id):
event_id = int(event_id)
if event_id > 0:
event = source.get_event(event_id)
if event.status_code == 200:
event_json = source.get_event(event_id)
event_core = event_json["Event"]
# event_threatlevel_id = event_core["threat_level_id"]
try:
event_json = event.json()
except:
return False
# attribute_count = event_core["attribute_count"]
attribute = event_core["Attribute"]
event_core = event_json["Event"]
# event_threatlevel_id = event_core["threat_level_id"]
for attribute in event_core["Attribute"]:
if app_ids_only and not attribute["to_ids"]:
continue
# attribute_count = event_core["attribute_count"]
attribute = event_core["Attribute"]
for attribute in event_core["Attribute"]:
if app_ids_only and not attribute["to_ids"]:
continue
value = attribute["value"]
title = event_core["info"]
if app_netflow:
app_printcomment = False
if attribute["type"] == "ip-dst" and app_ip_dst:
network_ip_dst.append([build_entry(value, event_id, title, "ip-dst")])
value = attribute["value"]
title = event_core["info"]
if app_netflow:
app_printcomment = False
if attribute["type"] == "ip-dst" and app_ip_dst:
network_ip_dst.append([build_entry(value, event_id, title, "ip-dst")])
else:
if attribute["type"] == "ip-src" and app_ip_src:
network_ip_src.append([build_entry(value, event_id, title, "ip-src")])
elif attribute["type"] == "ip-dst" and app_ip_dst:
network_ip_dst.append([build_entry(value, event_id, title, "ip-dst")])
elif attribute["type"] == "domain" and app_domain:
network_domain.append([build_entry(value, event_id, title, "domain")])
elif attribute["type"] == "hostname" and app_hostname:
network_hostname.append([build_entry(value, event_id, title, "hostname")])
else:
if attribute["type"] == "ip-src" and app_ip_src:
network_ip_src.append([build_entry(value, event_id, title, "ip-src")])
elif attribute["type"] == "ip-dst" and app_ip_dst:
network_ip_dst.append([build_entry(value, event_id, title, "ip-dst")])
elif attribute["type"] == "domain" and app_domain:
network_domain.append([build_entry(value, event_id, title, "domain")])
elif attribute["type"] == "hostname" and app_hostname:
network_hostname.append([build_entry(value, event_id, title, "hostname")])
else:
continue
continue
else:
print("Not a valid ID")
return
@ -121,8 +114,8 @@ def print_events():
if firsthost:
firsthost = False
else:
print " or "
print "host %s" % ip[0]
print(" or ")
print("host %s" % ip[0])
else:
if app_ip_src:
for ip in network_ip_src:

3
examples/ioc-2-misp/ioc2misp.py
View File

@ -228,8 +228,7 @@ def push_event_to_misp(jsonEvent):
####################
# upload json event
r = misp.add_event(jsonEvent)
event = r.json()
event = misp.add_event(jsonEvent)
# save event id for file upload and tagg
iocDescriptions["misp_event_id"] = event["Event"]["id"]

2
examples/tagstatistics.py
View File

@ -25,4 +25,4 @@ if __name__ == '__main__':
misp = init(misp_url, misp_key)
stats = misp.get_tags_statistics(args.percentage, args.namesort)
print json.dumps(stats)
print(json.dumps(stats))

2
pymisp/api.py
View File

@ -1138,7 +1138,7 @@ class PyMISP(object):
else:
name_sort = 'false'
url = urljoin(self.root_url, 'tags/tagStatistics/{}/{}'.format(percentage, name_sort))
response = session.get(url).json()
response = session.get(url)
return self._check_response(response)
# ############## Sightings ##################