From c04a3709f9f96c85d1941b1ecb5ea9a67f1c4cc1 Mon Sep 17 00:00:00 2001 From: Sami Mokaddem Date: Thu, 8 Mar 2018 17:33:39 +0100 Subject: [PATCH] Added support of MISP Object --- .../feed-generator-from-redis/generate.py | 37 ++++++++++++++++++- examples/feed-generator-from-redis/server.py | 12 ++++++ .../settings.default.py | 9 +++-- 3 files changed, 53 insertions(+), 5 deletions(-) create mode 100755 examples/feed-generator-from-redis/server.py diff --git a/examples/feed-generator-from-redis/generate.py b/examples/feed-generator-from-redis/generate.py index 391d598..8e89d69 100755 --- a/examples/feed-generator-from-redis/generate.py +++ b/examples/feed-generator-from-redis/generate.py @@ -10,12 +10,31 @@ import datetime, time import uuid import threading import redis -from pymisp import MISPEvent, MISPAttribute + from redis import StrictRedis as Redis import settings +from pymisp import MISPEvent, MISPAttribute +from pymisp.tools import GenericObjectGenerator + evtObj=thr=None # animation thread +def get_system_templates(): + misp_objects_path = os.path.join( + os.path.abspath(os.path.dirname(sys.modules['pymisp'].__file__)), + 'data', 'misp-objects', 'objects') + + templates = {} + for root, dirs, files in os.walk(misp_objects_path, topdown=False): + for def_file in files: + obj_name = root.split('/')[-1] + template_path = os.path.join(root, def_file) + with open(template_path, 'r') as f: + definition = json.load(f) + templates[obj_name] = definition + return templates + + def gen_uuid(): return str(uuid.uuid4()) @@ -61,6 +80,9 @@ class RedisToMISPFeed: for s in self.SUFFIX_LIST: self.keynames.append(k+s) + # get all templates + self.sys_templates = get_system_templates() + self.sleep = settings.sleep self.flushing_interval = settings.flushing_interval self.flushing_next = time.time() + self.flushing_interval @@ -130,10 +152,21 @@ class RedisToMISPFeed: # object elif key.endswith(self.SUFFIX_OBJ): - self.current_event.add_object(**data) + # create the MISP object + obj_name = data.pop('name') + misp_object = GenericObjectGenerator(obj_name) + for k, v in data.items(): + if k not in self.sys_templates[obj_name]['attributes']: # attribute is not in the object template definition + # add it with type text + misp_object.add_attribute(k, **{'value': v, 'type': 'text'}) + else: + misp_object.add_attribute(k, **{'value': v}) + + self.current_event.add_object(misp_object) for attr_type, attr_value in data.items(): self.add_hash(attr_type, attr_value) + else: raise NoValidKey("Can't define action to perform") diff --git a/examples/feed-generator-from-redis/server.py b/examples/feed-generator-from-redis/server.py new file mode 100755 index 0000000..5a2ee16 --- /dev/null +++ b/examples/feed-generator-from-redis/server.py @@ -0,0 +1,12 @@ +#!/usr/bin/env python3 + +import os.path +from flask import Flask +from flask.ext.autoindex import AutoIndex +from settings import outputdir + +app = Flask(__name__) +AutoIndex(app, browse_root=os.path.join(os.path.curdir, outputdir)) + +if __name__ == '__main__': + app.run(host='0.0.0.0') diff --git a/examples/feed-generator-from-redis/settings.default.py b/examples/feed-generator-from-redis/settings.default.py index 49c121c..c3fce6d 100755 --- a/examples/feed-generator-from-redis/settings.default.py +++ b/examples/feed-generator-from-redis/settings.default.py @@ -26,14 +26,17 @@ published=False Tag=[{ "colour": "#ffffff", "name": "tlp:white" - }] + }, + "colour": "#ff00ff", + "name": "my:custom:feed" + ] # Others ## Redis pooling time -sleep=1 +sleep=60 ## The redis list keyname in which to put items that generated an error keyname_error='feed-generation-error' ## Display an animation while adding element to MISP allow_animation=True ## How frequent the event should be written on disk -flushing_interval=2*5 +flushing_interval=5*60