From c149886a88ec036a9ccead1b36f24edce8dce22b Mon Sep 17 00:00:00 2001 From: Koen Van Impe Date: Fri, 16 Aug 2019 14:55:59 +0200 Subject: [PATCH] Allow statistics date_from date_to - date_from + date_to - move misp object creation after argument parser --- examples/stats_report.py | 31 +++++++++++++++++++++++++------ 1 file changed, 25 insertions(+), 6 deletions(-) diff --git a/examples/stats_report.py b/examples/stats_report.py index 407eb74..be5c9d0 100644 --- a/examples/stats_report.py +++ b/examples/stats_report.py @@ -17,6 +17,7 @@ from keys import misp_url, misp_key, misp_verifycert import argparse import os from datetime import datetime +from datetime import date import time import sys import smtplib @@ -40,7 +41,7 @@ def init(url, key, verifycert): -def get_data(misp, timeframe): +def get_data(misp, timeframe, date_from = None, date_to = None): ''' Get the event date to build our report ''' @@ -61,7 +62,10 @@ def get_data(misp, timeframe): report = {} try: - stats_event_response = misp.search(last=timeframe) + if date_from and date_to: + stats_event_response = misp.search(date_from=date_from, date_to=date_to) + else: + stats_event_response = misp.search(last=timeframe) # Number of new or updated events since timestamp report['number_of_misp_events'] = len(stats_event_response) @@ -348,14 +352,28 @@ def print_report(report_body, attachments, smtp_from, smtp_to, smtp_server, misp if __name__ == '__main__': parser = argparse.ArgumentParser(description='Generate a report of your MISP statistics.') - parser.add_argument('-t', '--timeframe', required=True, help='Timeframe to include in the report ') + group = parser.add_mutually_exclusive_group(required=True) + group.add_argument('-t', '--timeframe',action='store', help='Timeframe to include in the report') + group.add_argument('-f', '--date_from',action='store', help='Start date of query (YYYY-MM-DD)') + parser.add_argument('-u', '---date-to', action='store', help='End date of query (YYYY-MM-DD)') parser.add_argument('-e', '--mispevent', action='store_true', help='Include MISP event titles') parser.add_argument('-m', '--mail', action='store_true', help='Mail the report') parser.add_argument('-o', '--mailoptions', action='store', help='mailoptions: \'smtp_from=INSERT_FROM;smtp_to=INSERT_TO;smtp_server=localhost\'') - misp = init(misp_url, misp_key, misp_verifycert) args = parser.parse_args() + misp = init(misp_url, misp_key, misp_verifycert) + timeframe = args.timeframe + if not timeframe: + date_from = args.date_from + if not args.date_to: + today = date.today() + date_to = today.strftime("%Y-%m-%d") + else: + date_to = args.date_to + else: + date_from = None + date_to = None ts_format = '%Y-%m-%d %H:%M:%S' threat_levels = ['High', 'Medium', 'Low', 'Undef'] @@ -373,8 +391,9 @@ if __name__ == '__main__': smtp_to = s.split('=')[1] if s.split('=')[0] == 'smtp_server': smtp_server = s.split('=')[1] - - report = get_data(misp, timeframe) + + report = get_data(misp, timeframe, date_from, date_to) if(report): report_body, attachments = build_report(report, timeframe, misp_url) print_report(report_body, attachments, smtp_from, smtp_to, smtp_server, misp_url) +