MISP
/
PyMISP
mirror of https://github.com/MISP/PyMISP
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'master' of github.com:MISP/PyMISP

pull/485/head
Raphaël Vinot 2019-10-16 17:22:33 +02:00
parent c509b22beb d55a5f90de
commit cde248b825
3 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
examples/show_sightings.py
View File

@ -23,7 +23,7 @@ from email import encoders
from email.mime.base import MIMEBase from email.mime.base import MIMEBase
from email.mime.text import MIMEText from email.mime.text import MIMEText
import argparse import argparse
import string
def init(url, key, verifycert): def init(url, key, verifycert):
''' '''
@ -91,7 +91,8 @@ def search_sightings(misp, from_timestamp, end_timestamp):
event_details = misp.get_event(attribute['Attribute']['event_id']) event_details = misp.get_event(attribute['Attribute']['event_id'])
event_info = event_details['Event']['info'] event_info = event_details['Event']['info']
attribute_uuid = attribute['Attribute']['uuid'] attribute_uuid = attribute['Attribute']['uuid']
completed_sightings.append({'attribute_uuid': attribute_uuid, 'date_sighting': sighting['date_sighting'], 'source': sighting['source'], 'type': sighting['type'], 'uuid': sighting['uuid'], 'event_id': attribute['Attribute']['event_id'], 'value': attribute['Attribute']['value'], 'attribute_id': attribute['Attribute']['id'], 'event_title': event_info}) to_ids = attribute['Attribute']['to_ids']
completed_sightings.append({'attribute_uuid': attribute_uuid, 'date_sighting': sighting['date_sighting'], 'source': sighting['source'], 'type': sighting['type'], 'uuid': sighting['uuid'], 'event_id': attribute['Attribute']['event_id'], 'value': attribute['Attribute']['value'], 'attribute_id': attribute['Attribute']['id'], 'event_title': event_info, 'to_ids': to_ids})
else: else:
continue continue
@ -127,10 +128,12 @@ if __name__ == '__main__':
else: else:
s_type = 'FP' s_type = 'FP'
date_sighting = datetime.fromtimestamp(int(s['date_sighting'])).strftime(ts_format) date_sighting = datetime.fromtimestamp(int(s['date_sighting'])).strftime(ts_format)
s_title = s['event_title']
s_title = s_title.replace('\r','').replace('\n','').replace('\t','')
source = s['source'] source = s['source']
if not s['source']: if not s['source']:
source = 'N/A' source = 'N/A'
report_sightings = report_sightings + '%s for [%s] (%s) in event [%s] (%s) on %s from %s\n' % (s_type, s['value'], s['attribute_id'], s['event_title'], s['event_id'], date_sighting, source) report_sightings = report_sightings + '%s for [%s] (%s) in event [%s] (%s) on %s from %s (to_ids flag: %s) \n' % ( s_type, s['value'], s['attribute_id'], s_title, s['event_id'], date_sighting, source, s['to_ids'])
set_drift_timestamp(end_timestamp, drift_timestamp_path) set_drift_timestamp(end_timestamp, drift_timestamp_path)
else: else:

4
pymisp/api.py
View File

@ -19,7 +19,7 @@ from deprecated import deprecated
from . import __version__, warning_2020 from . import __version__, warning_2020
from .exceptions import PyMISPError, SearchError, NoURL, NoKey, PyMISPEmptyResponse from .exceptions import PyMISPError, SearchError, NoURL, NoKey, PyMISPEmptyResponse
from .mispevent import MISPEvent, MISPAttribute, MISPUser, MISPOrganisation, MISPSighting, MISPFeed, MISPObject, MISPSharingGroup from .mispevent import MISPEvent, MISPAttribute, MISPUser, MISPOrganisation, MISPSighting, MISPFeed, MISPObject, MISPSharingGroup
from .abstract import AbstractMISP, pymisp_json_default, MISPFileCache, describe_types from .abstract import AbstractMISP, pymisp_json_default, describe_types
logger = logging.getLogger('pymisp') logger = logging.getLogger('pymisp')
@ -53,7 +53,7 @@ Response (if any):
{}''' {}'''
class PyMISP(MISPFileCache): # pragma: no cover class PyMISP(object): # pragma: no cover
"""Python API for MISP """Python API for MISP
:param url: URL of the MISP instance you want to connect to :param url: URL of the MISP instance you want to connect to

2
pymisp/aping.py
View File

@ -81,7 +81,7 @@ class ExpandedPyMISP(PyMISP):
if recommended_version_tup < pymisp_version_tup[:3]: if recommended_version_tup < pymisp_version_tup[:3]:
logger.info(f"The version of PyMISP recommended by the MISP instance (response['version']) is older than the one you're using now ({__version__}). If you have a problem, please upgrade the MISP instance or use an older PyMISP version.") logger.info(f"The version of PyMISP recommended by the MISP instance (response['version']) is older than the one you're using now ({__version__}). If you have a problem, please upgrade the MISP instance or use an older PyMISP version.")
elif pymisp_version_tup[:3] < recommended_version_tup: elif pymisp_version_tup[:3] < recommended_version_tup:
logger.warning(f"The version of PyMISP recommended by the MI)SP instance ({response['version']}) is newer than the one you're using now ({__version__}). Please upgrade PyMISP.") logger.warning(f"The version of PyMISP recommended by the MISP instance ({response['version']}) is newer than the one you're using now ({__version__}). Please upgrade PyMISP.")
misp_version = self.misp_instance_version misp_version = self.misp_instance_version
if 'version' in misp_version: if 'version' in misp_version: