type-category association checking automated

pull/13/head
Déborah Servili 2016-04-14 10:47:13 +02:00
parent 9e92072f88
commit c269913ad3
1 changed files with 11 additions and 14 deletions

View File

@ -105,25 +105,19 @@ class PyMISP(object):
self.out_type = out_type self.out_type = out_type
self.debug = debug self.debug = debug
self.categories = ['Internal reference', 'Targeting data', 'Antivirus detection',
'Payload delivery', 'Payload installation', 'Artifacts dropped',
'Persistence mechanism', 'Network activity', 'Payload type',
'Attribution', 'External analysis', 'Other']
self.types = ['md5', 'sha1', 'sha256', 'ssdeep', 'filename', 'filename|md5', 'filename|sha1',
'filename|sha256', 'filename|ssdeep', 'ip-src', 'ip-dst', 'hostname', 'domain', 'url',
'user-agent', 'http-method', 'regkey', 'regkey|value', 'AS', 'snort',
'pattern-in-file', 'pattern-in-traffic', 'pattern-in-memory', 'named pipe',
'mutex', 'vulnerability', 'attachment', 'malware-sample', 'link', 'comment',
'text', 'email-src', 'email-dst', 'email-subject', 'email-attachment',
'yara', 'target-user', 'target-email', 'target-machine', 'target-org',
'target-location', 'target-external', 'other', 'threat-actor']
try: try:
# Make sure the MISP instance is working and the URL is valid # Make sure the MISP instance is working and the URL is valid
self.get_version() self.get_version()
except Exception as e: except Exception as e:
raise PyMISPError('Unable to connect to MISP ({}). Please make sure the API key and the URL are correct (http/https is required): {}'.format(self.root_url, e)) raise PyMISPError('Unable to connect to MISP ({}). Please make sure the API key and the URL are correct (http/https is required): {}'.format(self.root_url, e))
session = self.__prepare_session(out_type)
self.describe_types = session.get(self.root_url + 'attributes/describeTypes.json').json()
self.categories = self.describe_types['result']['categories']
self.types = self.describe_types['result']['types']
self.category_type_mapping = self.describe_types['result']['category_type_mappings']
def __prepare_session(self, force_out=None): def __prepare_session(self, force_out=None):
""" """
Prepare the headers of the session Prepare the headers of the session
@ -296,11 +290,14 @@ class PyMISP(object):
to_return = {} to_return = {}
if category not in self.categories: if category not in self.categories:
raise NewAttributeError('{} is invalid, category has to be in {}'.format(category, (', '.join(self.categories)))) raise NewAttributeError('{} is invalid, category has to be in {}'.format(category, (', '.join(self.categories))))
to_return['category'] = category
if type_value not in self.types: if type_value not in self.types:
raise NewAttributeError('{} is invalid, type_value has to be in {}'.format(type_value, (', '.join(self.types)))) raise NewAttributeError('{} is invalid, type_value has to be in {}'.format(type_value, (', '.join(self.types))))
if type_value not in self.category_type_mapping[category]:
raise NewAttributeError('{} and {} is an invalid combinaison, type_value for this category has to be in {}'.format(type_value, category, (', '.join(self.category_type_mapping[category]))))
to_return['type'] = type_value to_return['type'] = type_value
to_return['category'] = category
if to_ids not in [True, False]: if to_ids not in [True, False]:
raise NewAttributeError('{} is invalid, to_ids has to be True or False'.format(to_ids)) raise NewAttributeError('{} is invalid, to_ids has to be True or False'.format(to_ids))