MISP
/
PyMISP
mirror of https://github.com/MISP/PyMISP
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge remote-tracking branch 'upstream/master' 

Merging new pymisp changes
pull/9/head
Thomas King 2016-03-31 09:13:04 +01:00
parent 9e8f81aafe f54e92ab81
commit c88096ab5d
6 changed files with 39 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
examples/copy_list.py Normal file → Executable file
View File

@ -1,4 +1,4 @@
#!/usr/bin/python #!/usr/bin/env python
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
import sys import sys

2
examples/create_events.py
View File

@ -16,7 +16,7 @@ def init(url, key):
return PyMISP(url, key, True, 'json') return PyMISP(url, key, True, 'json')
if __name__ == '__main__': if __name__ == '__main__':
parser = argparse.ArgumentParser(description='Send malware sample to MISP.') parser = argparse.ArgumentParser(description='Create an event on MISP.')
parser.add_argument("-d", "--distrib", type=int, help="The distribution setting used for the attributes and for the newly created event, if relevant. [0-3].") parser.add_argument("-d", "--distrib", type=int, help="The distribution setting used for the attributes and for the newly created event, if relevant. [0-3].")
parser.add_argument("-i", "--info", help="Used to populate the event info field if no event ID supplied.") parser.add_argument("-i", "--info", help="Used to populate the event info field if no event ID supplied.")
parser.add_argument("-a", "--analysis", type=int, help="The analysis level of the newly created event, if applicatble. [0-2]") parser.add_argument("-a", "--analysis", type=int, help="The analysis level of the newly created event, if applicatble. [0-2]")

2
examples/get_network_activity.py
View File

@ -1,4 +1,4 @@
#!/usr/bin/python #!/usr/bin/env python
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
""" """

2
examples/last.py
View File

@ -2,7 +2,7 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
from pymisp import PyMISP from pymisp import PyMISP
from keys import misp_url, misp_key,misp_verifycert from keys import misp_url, misp_key, misp_verifycert
import argparse import argparse
import os import os
import json import json

2
pymisp/__init__.py
View File

@ -1,3 +1,3 @@
__version__ = '2.2' __version__ = '2.3'
from .api import PyMISP, PyMISPError, NewEventError, NewAttributeError, MissingDependency, NoURL, NoKey from .api import PyMISP, PyMISPError, NewEventError, NewAttributeError, MissingDependency, NoURL, NoKey

44
pymisp/api.py
View File

@ -237,7 +237,6 @@ class PyMISP(object):
else: else:
return session.post(url, data=event) return session.post(url, data=event)
def update_event(self, event_id, event, force_out=None): def update_event(self, event_id, event, force_out=None):
""" """
Update an event Update an event
@ -270,7 +269,6 @@ class PyMISP(object):
url = urljoin(self.root_url, 'attributes/{}'.format(attribute_id)) url = urljoin(self.root_url, 'attributes/{}'.format(attribute_id))
return session.delete(url) return session.delete(url)
# ############################################## # ##############################################
# ######### Event handling (Json only) ######### # ######### Event handling (Json only) #########
# ############################################## # ##############################################
@ -309,8 +307,8 @@ class PyMISP(object):
if distribution is not None: if distribution is not None:
distribution = int(distribution) distribution = int(distribution)
# If None: take the default value of the event # If None: take the default value of the event
if distribution not in [None, 0, 1, 2, 3,5]: if distribution not in [None, 0, 1, 2, 3, 5]:
raise NewAttributeError('{} is invalid, the distribution has to be in 0, 1, 2, 3 or None'.format(distribution)) raise NewAttributeError('{} is invalid, the distribution has to be in 0, 1, 2, 3, 5 or None'.format(distribution))
if distribution is not None: if distribution is not None:
to_return['distribution'] = distribution to_return['distribution'] = distribution
@ -360,9 +358,9 @@ class PyMISP(object):
response = self.update_event(event['Event']['id'], event, 'json') response = self.update_event(event['Event']['id'], event, 'json')
return self._check_response(response) return self._check_response(response)
def add_tag(self,event, tag): def add_tag(self, event, tag):
session = self.__prepare_session('json') session = self.__prepare_session('json')
to_post = {'request': {'Event':{'id': event['Event']['id'], 'tag': tag}}} to_post = {'request': {'Event': {'id': event['Event']['id'], 'tag': tag}}}
response = session.post(urljoin(self.root_url, 'events/addTag'), data=json.dumps(to_post)) response = session.post(urljoin(self.root_url, 'events/addTag'), data=json.dumps(to_post))
return self._check_response(response) return self._check_response(response)
@ -572,7 +570,7 @@ class PyMISP(object):
def prepare_attribute(self, event_id, distribution, to_ids, category, info, def prepare_attribute(self, event_id, distribution, to_ids, category, info,
analysis, threat_level_id): analysis, threat_level_id):
to_post = {'request': {}} to_post = {'request': {}}
authorized_categs = ['Payload delivery', 'Artifacts dropped', 'Payload Installation', 'External Analysis'] authorized_categs = ['Payload delivery', 'Artifacts dropped', 'Payload Installation', 'External Analysis', 'Antivirus detection']
if event_id is not None: if event_id is not None:
try: try:
@ -624,6 +622,31 @@ class PyMISP(object):
response = session.post(url, data=json.dumps(to_post)) response = session.post(url, data=json.dumps(to_post))
return self._check_response(response) return self._check_response(response)
def upload_attachment(self, filename, filepath, event_id, distribution, to_ids,
category, info, analysis, threat_level_id):
to_post = self.prepare_attribute(event_id, distribution, to_ids, category,
info, analysis, threat_level_id)
to_post['request']['files'] = [{'filename': filename, 'data': self._encode_file_to_upload(filepath)}]
return self._upload_sample(to_post)
def upload_attachmentlist(self, filepaths, event_id, distribution, to_ids, category,
info, analysis, threat_level_id):
to_post = self.prepare_attribute(event_id, distribution, to_ids, category,
info, analysis, threat_level_id)
files = []
for path in filepaths:
if not os.path.isfile(path):
continue
files.append({'filename': os.path.basename(path), 'data': self._encode_file_to_upload(path)})
to_post['request']['files'] = files
return self._upload_sample(to_post)
def _upload_attachment(self, to_post):
session = self.__prepare_session('json')
url = urljoin(self.root_url, 'events/upload_attachment')
response = session.post(url, data=json.dumps(to_post))
return self._check_response(response)
# ############################ # ############################
# ######## Proposals ######### # ######## Proposals #########
# ############################ # ############################
@ -858,8 +881,8 @@ class PyMISP(object):
to_return.append(tag['name']) to_return.append(tag['name'])
return to_return return to_return
def new_tag(self,name=None, colour="#00ace6", exportable=False): def new_tag(self, name=None, colour="#00ace6", exportable=False):
to_post = {'Tag': {'name':name,'colour':colour, 'exportable':exportable}} to_post = {'Tag': {'name': name, 'colour': colour, 'exportable': exportable}}
session = self.__prepare_session('json') session = self.__prepare_session('json')
url = urljoin(self.root_url, 'tags/add') url = urljoin(self.root_url, 'tags/add')
response = session.post(url, data=json.dumps(to_post)) response = session.post(url, data=json.dumps(to_post))
@ -908,10 +931,11 @@ class PyMISP(object):
def get_all_attributes_txt(self, type_attr): def get_all_attributes_txt(self, type_attr):
session = self.__prepare_session('txt') session = self.__prepare_session('txt')
url = urljoin(self.root_url,'attributes/text/download/%s' % type_attr) url = urljoin(self.root_url, 'attributes/text/download/%s' % type_attr)
response = session.get(url) response = session.get(url)
return response return response
# ############## Deprecated (Pure XML API should not be used) ################## # ############## Deprecated (Pure XML API should not be used) ##################
@deprecated @deprecated
def download_all(self): def download_all(self):
""" """