MISP
/
PyMISP
mirror of https://github.com/MISP/PyMISP
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge remote-tracking branch 'upstream/master' 

Merging new pymisp changes
pull/9/head
Thomas King 2016-03-31 09:13:04 +01:00
parent 9e8f81aafe f54e92ab81
commit c88096ab5d
6 changed files with 39 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
examples/copy_list.py Normal file → Executable file
View File

@ -1,4 +1,4 @@
#!/usr/bin/python #!/usr/bin/env python
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
import sys import sys

2
examples/create_events.py
View File

@ -16,7 +16,7 @@ def init(url, key):
return PyMISP(url, key, True, 'json') return PyMISP(url, key, True, 'json')
if __name__ == '__main__': if __name__ == '__main__':
parser = argparse.ArgumentParser(description='Send malware sample to MISP.') parser = argparse.ArgumentParser(description='Create an event on MISP.')
parser.add_argument("-d", "--distrib", type=int, help="The distribution setting used for the attributes and for the newly created event, if relevant. [0-3].") parser.add_argument("-d", "--distrib", type=int, help="The distribution setting used for the attributes and for the newly created event, if relevant. [0-3].")
parser.add_argument("-i", "--info", help="Used to populate the event info field if no event ID supplied.") parser.add_argument("-i", "--info", help="Used to populate the event info field if no event ID supplied.")
parser.add_argument("-a", "--analysis", type=int, help="The analysis level of the newly created event, if applicatble. [0-2]") parser.add_argument("-a", "--analysis", type=int, help="The analysis level of the newly created event, if applicatble. [0-2]")

2
examples/get_network_activity.py
View File

@ -1,4 +1,4 @@
#!/usr/bin/python #!/usr/bin/env python
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
""" """

2
pymisp/__init__.py
View File

@ -1,3 +1,3 @@
__version__ = '2.2' __version__ = '2.3'
from .api import PyMISP, PyMISPError, NewEventError, NewAttributeError, MissingDependency, NoURL, NoKey from .api import PyMISP, PyMISPError, NewEventError, NewAttributeError, MissingDependency, NoURL, NoKey

32
pymisp/api.py
View File

@ -237,7 +237,6 @@ class PyMISP(object):
else: else:
return session.post(url, data=event) return session.post(url, data=event)
def update_event(self, event_id, event, force_out=None): def update_event(self, event_id, event, force_out=None):
""" """
Update an event Update an event
@ -270,7 +269,6 @@ class PyMISP(object):
url = urljoin(self.root_url, 'attributes/{}'.format(attribute_id)) url = urljoin(self.root_url, 'attributes/{}'.format(attribute_id))
return session.delete(url) return session.delete(url)
# ############################################## # ##############################################
# ######### Event handling (Json only) ######### # ######### Event handling (Json only) #########
# ############################################## # ##############################################
@ -310,7 +308,7 @@ class PyMISP(object):
distribution = int(distribution) distribution = int(distribution)
# If None: take the default value of the event # If None: take the default value of the event
if distribution not in [None, 0, 1, 2, 3, 5]: if distribution not in [None, 0, 1, 2, 3, 5]:
raise NewAttributeError('{} is invalid, the distribution has to be in 0, 1, 2, 3 or None'.format(distribution)) raise NewAttributeError('{} is invalid, the distribution has to be in 0, 1, 2, 3, 5 or None'.format(distribution))
if distribution is not None: if distribution is not None:
to_return['distribution'] = distribution to_return['distribution'] = distribution
@ -572,7 +570,7 @@ class PyMISP(object):
def prepare_attribute(self, event_id, distribution, to_ids, category, info, def prepare_attribute(self, event_id, distribution, to_ids, category, info,
analysis, threat_level_id): analysis, threat_level_id):
to_post = {'request': {}} to_post = {'request': {}}
authorized_categs = ['Payload delivery', 'Artifacts dropped', 'Payload Installation', 'External Analysis'] authorized_categs = ['Payload delivery', 'Artifacts dropped', 'Payload Installation', 'External Analysis', 'Antivirus detection']
if event_id is not None: if event_id is not None:
try: try:
@ -624,6 +622,31 @@ class PyMISP(object):
response = session.post(url, data=json.dumps(to_post)) response = session.post(url, data=json.dumps(to_post))
return self._check_response(response) return self._check_response(response)
def upload_attachment(self, filename, filepath, event_id, distribution, to_ids,
category, info, analysis, threat_level_id):
to_post = self.prepare_attribute(event_id, distribution, to_ids, category,
info, analysis, threat_level_id)
to_post['request']['files'] = [{'filename': filename, 'data': self._encode_file_to_upload(filepath)}]
return self._upload_sample(to_post)
def upload_attachmentlist(self, filepaths, event_id, distribution, to_ids, category,
info, analysis, threat_level_id):
to_post = self.prepare_attribute(event_id, distribution, to_ids, category,
info, analysis, threat_level_id)
files = []
for path in filepaths:
if not os.path.isfile(path):
continue
files.append({'filename': os.path.basename(path), 'data': self._encode_file_to_upload(path)})
to_post['request']['files'] = files
return self._upload_sample(to_post)
def _upload_attachment(self, to_post):
session = self.__prepare_session('json')
url = urljoin(self.root_url, 'events/upload_attachment')
response = session.post(url, data=json.dumps(to_post))
return self._check_response(response)
# ############################ # ############################
# ######## Proposals ######### # ######## Proposals #########
# ############################ # ############################
@ -912,6 +935,7 @@ class PyMISP(object):
response = session.get(url) response = session.get(url)
return response return response
# ############## Deprecated (Pure XML API should not be used) ################## # ############## Deprecated (Pure XML API should not be used) ##################
@deprecated @deprecated
def download_all(self): def download_all(self):
""" """