MISP
/
PyMISP
mirror of https://github.com/MISP/PyMISP
2
0
Fork 0
Code Issues Releases Wiki Activity

Allow statistics date_from date_to 

- date_from + date_to
- move misp object creation after argument parser
pull/438/head
Koen Van Impe 2019-08-16 14:55:59 +02:00
parent 3d2930db12
commit c149886a88
1 changed files with 25 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
examples/stats_report.py
View File

@ -17,6 +17,7 @@ from keys import misp_url, misp_key, misp_verifycert
import argparse import argparse
import os import os
from datetime import datetime from datetime import datetime
from datetime import date
import time import time
import sys import sys
import smtplib import smtplib
@ -40,7 +41,7 @@ def init(url, key, verifycert):
def get_data(misp, timeframe): def get_data(misp, timeframe, date_from = None, date_to = None):
''' '''
Get the event date to build our report Get the event date to build our report
''' '''
@ -61,6 +62,9 @@ def get_data(misp, timeframe):
report = {} report = {}
try: try:
if date_from and date_to:
stats_event_response = misp.search(date_from=date_from, date_to=date_to)
else:
stats_event_response = misp.search(last=timeframe) stats_event_response = misp.search(last=timeframe)
# Number of new or updated events since timestamp # Number of new or updated events since timestamp
@ -348,14 +352,28 @@ def print_report(report_body, attachments, smtp_from, smtp_to, smtp_server, misp
if __name__ == '__main__': if __name__ == '__main__':
parser = argparse.ArgumentParser(description='Generate a report of your MISP statistics.') parser = argparse.ArgumentParser(description='Generate a report of your MISP statistics.')
parser.add_argument('-t', '--timeframe', required=True, help='Timeframe to include in the report ') group = parser.add_mutually_exclusive_group(required=True)
group.add_argument('-t', '--timeframe',action='store', help='Timeframe to include in the report')
group.add_argument('-f', '--date_from',action='store', help='Start date of query (YYYY-MM-DD)')
parser.add_argument('-u', '---date-to', action='store', help='End date of query (YYYY-MM-DD)')
parser.add_argument('-e', '--mispevent', action='store_true', help='Include MISP event titles') parser.add_argument('-e', '--mispevent', action='store_true', help='Include MISP event titles')
parser.add_argument('-m', '--mail', action='store_true', help='Mail the report') parser.add_argument('-m', '--mail', action='store_true', help='Mail the report')
parser.add_argument('-o', '--mailoptions', action='store', help='mailoptions: \'smtp_from=INSERT_FROM;smtp_to=INSERT_TO;smtp_server=localhost\'') parser.add_argument('-o', '--mailoptions', action='store', help='mailoptions: \'smtp_from=INSERT_FROM;smtp_to=INSERT_TO;smtp_server=localhost\'')
misp = init(misp_url, misp_key, misp_verifycert)
args = parser.parse_args() args = parser.parse_args()
misp = init(misp_url, misp_key, misp_verifycert)
timeframe = args.timeframe timeframe = args.timeframe
if not timeframe:
date_from = args.date_from
if not args.date_to:
today = date.today()
date_to = today.strftime("%Y-%m-%d")
else:
date_to = args.date_to
else:
date_from = None
date_to = None
ts_format = '%Y-%m-%d %H:%M:%S' ts_format = '%Y-%m-%d %H:%M:%S'
threat_levels = ['High', 'Medium', 'Low', 'Undef'] threat_levels = ['High', 'Medium', 'Low', 'Undef']
@ -374,7 +392,8 @@ if __name__ == '__main__':
if s.split('=')[0] == 'smtp_server': if s.split('=')[0] == 'smtp_server':
smtp_server = s.split('=')[1] smtp_server = s.split('=')[1]
report = get_data(misp, timeframe) report = get_data(misp, timeframe, date_from, date_to)
if(report): if(report):
report_body, attachments = build_report(report, timeframe, misp_url) report_body, attachments = build_report(report, timeframe, misp_url)
print_report(report_body, attachments, smtp_from, smtp_to, smtp_server, misp_url) print_report(report_body, attachments, smtp_from, smtp_to, smtp_server, misp_url)