Added support of MISP Object

examples/feed-generator-from-redis/generate.py

@@ -10,12 +10,31 @@ import datetime, time
 import uuid
 import threading
 import redis
-from pymisp import MISPEvent, MISPAttribute
+
 from redis import StrictRedis as Redis
 import settings
 
+from pymisp import MISPEvent, MISPAttribute
+from pymisp.tools import GenericObjectGenerator
+
 evtObj=thr=None # animation thread
 
+def get_system_templates():
+    misp_objects_path = os.path.join(
+        os.path.abspath(os.path.dirname(sys.modules['pymisp'].__file__)),
+        'data', 'misp-objects', 'objects')
+
+    templates = {}
+    for root, dirs, files in os.walk(misp_objects_path, topdown=False):
+        for def_file in files:
+            obj_name = root.split('/')[-1]
+            template_path = os.path.join(root, def_file)
+            with open(template_path, 'r') as f:
+                definition = json.load(f)
+                templates[obj_name] = definition
+    return templates
+
+
 def gen_uuid():
     return str(uuid.uuid4())
 
@@ -61,6 +80,9 @@ class RedisToMISPFeed:
             for s in self.SUFFIX_LIST:
                 self.keynames.append(k+s)
 
+        # get all templates
+        self.sys_templates = get_system_templates()
+
         self.sleep = settings.sleep
         self.flushing_interval = settings.flushing_interval
         self.flushing_next = time.time() + self.flushing_interval
@@ -130,10 +152,21 @@ class RedisToMISPFeed:
 
         # object
         elif key.endswith(self.SUFFIX_OBJ):
-            self.current_event.add_object(**data)
+            # create the MISP object
+            obj_name = data.pop('name')
+            misp_object = GenericObjectGenerator(obj_name)
+            for k, v in data.items():
+                if k not in self.sys_templates[obj_name]['attributes']: # attribute is not in the object template definition
+                    # add it with type text
+                    misp_object.add_attribute(k, **{'value': v, 'type': 'text'})
+                else:
+                    misp_object.add_attribute(k, **{'value': v})
+
+            self.current_event.add_object(misp_object)
             for attr_type, attr_value in data.items():
                 self.add_hash(attr_type, attr_value)
 
+
         else:
             raise NoValidKey("Can't define action to perform")
 

examples/feed-generator-from-redis/server.py

@@ -0,0 +1,12 @@
+#!/usr/bin/env python3
+
+import os.path
+from flask import Flask
+from flask.ext.autoindex import AutoIndex
+from settings import outputdir
+
+app = Flask(__name__)
+AutoIndex(app, browse_root=os.path.join(os.path.curdir, outputdir))
+
+if __name__ == '__main__':
+    app.run(host='0.0.0.0')

examples/feed-generator-from-redis/settings.default.py

@@ -26,14 +26,17 @@ published=False
 Tag=[{
         "colour": "#ffffff",
         "name": "tlp:white"
-    }]
+    },
+        "colour": "#ff00ff",
+        "name": "my:custom:feed"
+    ]
 
 # Others
 ## Redis pooling time
-sleep=1
+sleep=60
 ## The redis list keyname in which to put items that generated an error
 keyname_error='feed-generation-error'
 ## Display an animation while adding element to MISP
 allow_animation=True
 ## How frequent the event should be written on disk
-flushing_interval=2*5
+flushing_interval=5*60