MISP
/
PyMISP
mirror of https://github.com/MISP/PyMISP
2
0
Fork 0
Code Issues Releases Wiki Activity

Deleted remaining outputs

pull/215/head
Sami Mokaddem 2018-03-28 10:11:12 +02:00
parent b89a1bc135
commit c7e705d57a
1 changed files with 22 additions and 106 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

128
docs/tutorial/PyMISP_tutorial.ipynb
View File

@ -17,7 +17,7 @@
}, },
{ {
"cell_type": "code", "cell_type": "code",
"execution_count": 3, "execution_count": null,
"metadata": {}, "metadata": {},
"outputs": [], "outputs": [],
"source": [ "source": [
@ -32,7 +32,7 @@
}, },
{ {
"cell_type": "code", "cell_type": "code",
"execution_count": 4, "execution_count": null,
"metadata": {}, "metadata": {},
"outputs": [], "outputs": [],
"source": [ "source": [
@ -57,17 +57,9 @@
}, },
{ {
"cell_type": "code", "cell_type": "code",
"execution_count": 3, "execution_count": null,
"metadata": {}, "metadata": {},
"outputs": [ "outputs": [],
{
"name": "stdout",
"output_type": "stream",
"text": [
"Event id: 16\n"
]
}
],
"source": [ "source": [
"event = misp.new_event(distribution=1,\n", "event = misp.new_event(distribution=1,\n",
" threat_level_id=1,\n", " threat_level_id=1,\n",
@ -85,17 +77,9 @@
}, },
{ {
"cell_type": "code", "cell_type": "code",
"execution_count": 4, "execution_count": null,
"metadata": {}, "metadata": {},
"outputs": [ "outputs": [],
{
"name": "stdout",
"output_type": "stream",
"text": [
"Event id: 17\n"
]
}
],
"source": [ "source": [
"from pymisp import MISPEvent\n", "from pymisp import MISPEvent\n",
"\n", "\n",
@ -118,17 +102,9 @@
}, },
{ {
"cell_type": "code", "cell_type": "code",
"execution_count": 9, "execution_count": null,
"metadata": {}, "metadata": {},
"outputs": [ "outputs": [],
{
"name": "stdout",
"output_type": "stream",
"text": [
"{'Event': {'attribute_count': '1', 'published': False, 'orgc_id': '1', 'disable_correlation': False, 'id': '17', 'Orgc': {'uuid': '5aa4dd31-42e0-4ebb-a65f-776c88efcce7', 'id': '1', 'name': 'ORGNAME'}, 'ShadowAttribute': [], 'threat_level_id': '1', 'info': 'Event from notebook 2', 'analysis': '1', 'date': '2018-03-28', 'org_id': '1', 'publish_timestamp': '0', 'uuid': '5abb3fc8-8b04-4f1f-9454-0eba0a00020f', 'Org': {'uuid': '5aa4dd31-42e0-4ebb-a65f-776c88efcce7', 'id': '1', 'name': 'ORGNAME'}, 'sharing_group_id': '0', 'distribution': '1', 'Attribute': [{'ShadowAttribute': [], 'uuid': '5abb4064-23e8-4087-83ed-0cba0a00020f', 'category': 'Network activity', 'event_id': '17', 'deleted': False, 'disable_correlation': False, 'id': '4928', 'sharing_group_id': '0', 'object_id': '0', 'distribution': '5', 'type': 'ip-src', 'to_ids': False, 'timestamp': '1522221156', 'value': '8.8.8.8', 'comment': '', 'object_relation': None}], 'proposal_email_lock': False, 'locked': False, 'RelatedEvent': [{'Event': {'published': False, 'uuid': '5aa8b0e7-7424-4747-8592-17acc0a83865', 'Org': {'uuid': '5aa4dd31-42e0-4ebb-a65f-776c88efcce7', 'id': '1', 'name': 'ORGNAME'}, 'analysis': '1', 'distribution': '1', 'Orgc': {'uuid': '5aa4dd31-42e0-4ebb-a65f-776c88efcce7', 'id': '1', 'name': 'ORGNAME'}, 'orgc_id': '1', 'threat_level_id': '1', 'id': '9', 'info': 'Event from notebook 2', 'date': '2018-03-14', 'org_id': '1', 'timestamp': '1522058405'}}, {'Event': {'published': False, 'uuid': '5aa63a59-25a4-4cf9-bd93-024dc0a83865', 'Org': {'uuid': '5aa4dd31-42e0-4ebb-a65f-776c88efcce7', 'id': '1', 'name': 'ORGNAME'}, 'analysis': '0', 'distribution': '0', 'Orgc': {'uuid': '5aa4dd31-42e0-4ebb-a65f-776c88efcce7', 'id': '1', 'name': 'ORGNAME'}, 'orgc_id': '1', 'threat_level_id': '3', 'id': '1', 'info': 'Test event', 'date': '2018-03-12', 'org_id': '1', 'timestamp': '1520991310'}}], 'timestamp': '1522221156', 'event_creator_email': 'admin@admin.test', 'Galaxy': [], 'Object': []}}\n"
]
}
],
"source": [ "source": [
"# Fetch by ID\n", "# Fetch by ID\n",
"event = misp.get_event(event_id)\n", "event = misp.get_event(event_id)\n",
@ -151,17 +127,9 @@
}, },
{ {
"cell_type": "code", "cell_type": "code",
"execution_count": 10, "execution_count": null,
"metadata": {}, "metadata": {},
"outputs": [ "outputs": [],
{
"name": "stdout",
"output_type": "stream",
"text": [
"[{'errors': {'value': ['A similar attribute already exists for this event.']}, 'message': 'Could not add Attribute', 'url': '/attributes/add', 'name': 'Could not add Attribute'}]\n"
]
}
],
"source": [ "source": [
"attr_type = \"ip-src\"\n", "attr_type = \"ip-src\"\n",
"value = \"8.8.8.8\"\n", "value = \"8.8.8.8\"\n",
@ -186,17 +154,9 @@
}, },
{ {
"cell_type": "code", "cell_type": "code",
"execution_count": 11, "execution_count": null,
"metadata": {}, "metadata": {},
"outputs": [ "outputs": [],
{
"name": "stdout",
"output_type": "stream",
"text": [
"<MISPAttribute(type=ip-src, value=8.8.8.8)\n"
]
}
],
"source": [ "source": [
"from pymisp import MISPAttribute\n", "from pymisp import MISPAttribute\n",
"\n", "\n",
@ -211,17 +171,9 @@
}, },
{ {
"cell_type": "code", "cell_type": "code",
"execution_count": 12, "execution_count": null,
"metadata": {}, "metadata": {},
"outputs": [ "outputs": [],
{
"name": "stdout",
"output_type": "stream",
"text": [
"<MISPAttribute(type=ip-dst, value=127.0.0.1)\n"
]
}
],
"source": [ "source": [
"# An attribute can also be loaded directly from a JSON\n", "# An attribute can also be loaded directly from a JSON\n",
"json = '''{\n", "json = '''{\n",
@ -246,19 +198,11 @@
}, },
{ {
"cell_type": "code", "cell_type": "code",
"execution_count": 16, "execution_count": null,
"metadata": { "metadata": {
"scrolled": false "scrolled": false
}, },
"outputs": [ "outputs": [],
{
"name": "stdout",
"output_type": "stream",
"text": [
"{'Event': {'attribute_count': '2', 'published': False, 'orgc_id': '1', 'disable_correlation': False, 'id': '17', 'Orgc': {'uuid': '5aa4dd31-42e0-4ebb-a65f-776c88efcce7', 'id': '1', 'name': 'ORGNAME'}, 'ShadowAttribute': [], 'threat_level_id': '1', 'info': 'Event from notebook 2', 'analysis': '1', 'date': '2018-03-28', 'org_id': '1', 'publish_timestamp': '0', 'uuid': '5abb3fc8-8b04-4f1f-9454-0eba0a00020f', 'Org': {'uuid': '5aa4dd31-42e0-4ebb-a65f-776c88efcce7', 'id': '1', 'name': 'ORGNAME'}, 'sharing_group_id': '0', 'distribution': '1', 'Attribute': [{'ShadowAttribute': [], 'uuid': '5abb4064-23e8-4087-83ed-0cba0a00020f', 'category': 'Network activity', 'event_id': '17', 'deleted': False, 'disable_correlation': False, 'id': '4928', 'sharing_group_id': '0', 'object_id': '0', 'distribution': '5', 'type': 'ip-src', 'to_ids': False, 'timestamp': '1522221156', 'value': '8.8.8.8', 'comment': '', 'object_relation': None}, {'ShadowAttribute': [], 'uuid': '5abb4266-5ba0-4ab9-a2ab-0f360a00020f', 'category': 'Network activity', 'event_id': '17', 'deleted': False, 'disable_correlation': False, 'id': '4929', 'sharing_group_id': '0', 'object_id': '0', 'distribution': '0', 'type': 'ip-dst', 'to_ids': False, 'timestamp': '1522221670', 'value': '127.0.0.1', 'comment': '', 'object_relation': None}], 'proposal_email_lock': False, 'locked': False, 'RelatedEvent': [{'Event': {'published': False, 'uuid': '5aa8b0e7-7424-4747-8592-17acc0a83865', 'Org': {'uuid': '5aa4dd31-42e0-4ebb-a65f-776c88efcce7', 'id': '1', 'name': 'ORGNAME'}, 'analysis': '1', 'distribution': '1', 'Orgc': {'uuid': '5aa4dd31-42e0-4ebb-a65f-776c88efcce7', 'id': '1', 'name': 'ORGNAME'}, 'orgc_id': '1', 'threat_level_id': '1', 'id': '9', 'info': 'Event from notebook 2', 'date': '2018-03-14', 'org_id': '1', 'timestamp': '1522058405'}}, {'Event': {'published': False, 'uuid': '5aa63a59-25a4-4cf9-bd93-024dc0a83865', 'Org': {'uuid': '5aa4dd31-42e0-4ebb-a65f-776c88efcce7', 'id': '1', 'name': 'ORGNAME'}, 'analysis': '0', 'distribution': '0', 'Orgc': {'uuid': '5aa4dd31-42e0-4ebb-a65f-776c88efcce7', 'id': '1', 'name': 'ORGNAME'}, 'orgc_id': '1', 'threat_level_id': '3', 'id': '1', 'info': 'Test event', 'date': '2018-03-12', 'org_id': '1', 'timestamp': '1520991310'}}], 'timestamp': '1522221685', 'event_creator_email': 'admin@admin.test', 'Galaxy': [], 'Object': []}}\n"
]
}
],
"source": [ "source": [
"# Add the attribute to the event\n", "# Add the attribute to the event\n",
"## Fetch the event from MISP\n", "## Fetch the event from MISP\n",
@ -295,21 +239,9 @@
}, },
{ {
"cell_type": "code", "cell_type": "code",
"execution_count": 17, "execution_count": null,
"metadata": {}, "metadata": {},
"outputs": [ "outputs": [],
{
"name": "stdout",
"output_type": "stream",
"text": [
"17 : Event from notebook 2\n",
"16 : Event from notebook\n",
"9 : Event from notebook 2\n",
"8 : Event from notebook 2\n",
"7 : Event from notebook\n"
]
}
],
"source": [ "source": [
"results = misp.search_index(eventinfo='notebook')\n", "results = misp.search_index(eventinfo='notebook')\n",
"# The data is stored in the field 'response'\n", "# The data is stored in the field 'response'\n",
@ -335,19 +267,11 @@
}, },
{ {
"cell_type": "code", "cell_type": "code",
"execution_count": 22, "execution_count": null,
"metadata": { "metadata": {
"scrolled": true "scrolled": true
}, },
"outputs": [ "outputs": [],
{
"name": "stdout",
"output_type": "stream",
"text": [
"Event from notebook 2\n"
]
}
],
"source": [ "source": [
"# Search attributes (specified in controller) where the attribute type is 'ip-src'\n", "# Search attributes (specified in controller) where the attribute type is 'ip-src'\n",
"# And the to_ids flag is set\n", "# And the to_ids flag is set\n",
@ -376,17 +300,9 @@
}, },
{ {
"cell_type": "code", "cell_type": "code",
"execution_count": 24, "execution_count": null,
"metadata": {}, "metadata": {},
"outputs": [ "outputs": [],
{
"name": "stdout",
"output_type": "stream",
"text": [
"{'Attribute': [{'uuid': '5abb4316-22a0-446a-a89e-0f260a00020f', 'category': 'Payload delivery', 'event_id': '17', 'distribution': '5', 'value1': 'admin@admin.test', 'disable_correlation': False, 'id': '4933', 'sharing_group_id': '0', 'comment': '', 'deleted': False, 'type': 'email-src', 'to_ids': True, 'timestamp': '1522221846', 'value2': '', 'value': 'admin@admin.test', 'object_id': '1094', 'object_relation': 'from'}, {'uuid': '5abb4316-6594-4ee5-a355-0f260a00020f', 'category': 'Payload delivery', 'event_id': '17', 'distribution': '5', 'value1': 'An email', 'disable_correlation': False, 'id': '4934', 'sharing_group_id': '0', 'comment': '', 'deleted': False, 'type': 'email-subject', 'to_ids': False, 'timestamp': '1522221846', 'value2': '', 'value': 'An email', 'object_id': '1094', 'object_relation': 'subject'}, {'uuid': '5abb4316-80b8-4689-a4e8-0f260a00020f', 'category': 'Network activity', 'event_id': '17', 'distribution': '5', 'value1': 'admin@foo.bar', 'disable_correlation': False, 'id': '4935', 'sharing_group_id': '0', 'comment': '', 'deleted': False, 'type': 'email-dst', 'to_ids': True, 'timestamp': '1522221846', 'value2': '', 'value': 'admin@foo.bar', 'object_id': '1094', 'object_relation': 'to'}], 'Object': {'description': 'Email object describing an email with meta-information', 'template_uuid': 'a0c666e0-fc65-4be8-b48f-3423d788b552', 'event_id': '17', 'distribution': '5', 'template_version': '8', 'name': 'email', 'uuid': '5fabdfaa-3520-4424-987a-2e247797c473', 'id': '1094', 'deleted': False, 'timestamp': '1522221846', 'meta-category': 'network', 'comment': '', 'sharing_group_id': '0'}}\n"
]
}
],
"source": [ "source": [
"from pymisp import MISPObject\n", "from pymisp import MISPObject\n",
"\n", "\n",