mirror of https://github.com/MISP/PyMISP
Added support of MISP Object
Sami Mokaddem
parent
22efb64f14
commit
c04a3709f9
|
|
@ -10,12 +10,31 @@ import datetime, time
|
||||||
import uuid
|
import uuid
|
||||||
import threading
|
import threading
|
||||||
import redis
|
import redis
|
||||||
from pymisp import MISPEvent, MISPAttribute
|
|
||||||
from redis import StrictRedis as Redis
|
from redis import StrictRedis as Redis
|
||||||
import settings
|
import settings
|
||||||
|
|
||||||
|
from pymisp import MISPEvent, MISPAttribute
|
||||||
|
from pymisp.tools import GenericObjectGenerator
|
||||||
|
|
||||||
evtObj=thr=None # animation thread
|
evtObj=thr=None # animation thread
|
||||||
|
|
||||||
|
def get_system_templates():
|
||||||
|
misp_objects_path = os.path.join(
|
||||||
|
os.path.abspath(os.path.dirname(sys.modules['pymisp'].__file__)),
|
||||||
|
'data', 'misp-objects', 'objects')
|
||||||
|
|
||||||
|
templates = {}
|
||||||
|
for root, dirs, files in os.walk(misp_objects_path, topdown=False):
|
||||||
|
for def_file in files:
|
||||||
|
obj_name = root.split('/')[-1]
|
||||||
|
template_path = os.path.join(root, def_file)
|
||||||
|
with open(template_path, 'r') as f:
|
||||||
|
definition = json.load(f)
|
||||||
|
templates[obj_name] = definition
|
||||||
|
return templates
|
||||||
|
|
||||||
|
|
||||||
def gen_uuid():
|
def gen_uuid():
|
||||||
return str(uuid.uuid4())
|
return str(uuid.uuid4())
|
||||||
|
|
||||||
|
|
@ -61,6 +80,9 @@ class RedisToMISPFeed:
|
||||||
for s in self.SUFFIX_LIST:
|
for s in self.SUFFIX_LIST:
|
||||||
self.keynames.append(k+s)
|
self.keynames.append(k+s)
|
||||||
|
|
||||||
|
# get all templates
|
||||||
|
self.sys_templates = get_system_templates()
|
||||||
|
|
||||||
self.sleep = settings.sleep
|
self.sleep = settings.sleep
|
||||||
self.flushing_interval = settings.flushing_interval
|
self.flushing_interval = settings.flushing_interval
|
||||||
self.flushing_next = time.time() + self.flushing_interval
|
self.flushing_next = time.time() + self.flushing_interval
|
||||||
|
|
@ -130,10 +152,21 @@ class RedisToMISPFeed:
|
||||||
|
|
||||||
# object
|
# object
|
||||||
elif key.endswith(self.SUFFIX_OBJ):
|
elif key.endswith(self.SUFFIX_OBJ):
|
||||||
self.current_event.add_object(**data)
|
# create the MISP object
|
||||||
|
obj_name = data.pop('name')
|
||||||
|
misp_object = GenericObjectGenerator(obj_name)
|
||||||
|
for k, v in data.items():
|
||||||
|
if k not in self.sys_templates[obj_name]['attributes']: # attribute is not in the object template definition
|
||||||
|
# add it with type text
|
||||||
|
misp_object.add_attribute(k, **{'value': v, 'type': 'text'})
|
||||||
|
else:
|
||||||
|
misp_object.add_attribute(k, **{'value': v})
|
||||||
|
|
||||||
|
self.current_event.add_object(misp_object)
|
||||||
for attr_type, attr_value in data.items():
|
for attr_type, attr_value in data.items():
|
||||||
self.add_hash(attr_type, attr_value)
|
self.add_hash(attr_type, attr_value)
|
||||||
|
|
||||||
|
|
||||||
else:
|
else:
|
||||||
raise NoValidKey("Can't define action to perform")
|
raise NoValidKey("Can't define action to perform")
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,12 @@
|
||||||
|
#!/usr/bin/env python3
|
||||||
|
|
||||||
|
import os.path
|
||||||
|
from flask import Flask
|
||||||
|
from flask.ext.autoindex import AutoIndex
|
||||||
|
from settings import outputdir
|
||||||
|
|
||||||
|
app = Flask(__name__)
|
||||||
|
AutoIndex(app, browse_root=os.path.join(os.path.curdir, outputdir))
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
app.run(host='0.0.0.0')
|
||||||
|
|
@ -26,14 +26,17 @@ published=False
|
||||||
Tag=[{
|
Tag=[{
|
||||||
"colour": "#ffffff",
|
"colour": "#ffffff",
|
||||||
"name": "tlp:white"
|
"name": "tlp:white"
|
||||||
}]
|
},
|
||||||
|
"colour": "#ff00ff",
|
||||||
|
"name": "my:custom:feed"
|
||||||
|
]
|
||||||
|
|
||||||
# Others
|
# Others
|
||||||
## Redis pooling time
|
## Redis pooling time
|
||||||
sleep=1
|
sleep=60
|
||||||
## The redis list keyname in which to put items that generated an error
|
## The redis list keyname in which to put items that generated an error
|
||||||
keyname_error='feed-generation-error'
|
keyname_error='feed-generation-error'
|
||||||
## Display an animation while adding element to MISP
|
## Display an animation while adding element to MISP
|
||||||
allow_animation=True
|
allow_animation=True
|
||||||
## How frequent the event should be written on disk
|
## How frequent the event should be written on disk
|
||||||
flushing_interval=2*5
|
flushing_interval=5*60
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue