From 414ddaec014dcbee5dbb9ec46c3bad890c1a06bc Mon Sep 17 00:00:00 2001 From: Hannah Ward Date: Thu, 14 Jul 2016 12:55:37 +0100 Subject: [PATCH 1/2] Added STIX retrieval - misp.get_stix(event_id=ID, with_attachment=True/False, from_date=YYYY-MM-DD, to_date=YYYY-MM-DD, tags=["tag1", "tag2"] ) --- .gitignore | 1 + pymisp/api.py | 22 ++++++++++++++++++++++ tests/test.py | 4 ++++ 3 files changed, 27 insertions(+) diff --git a/.gitignore b/.gitignore index d8e1bbd..4fb001d 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ +*.pem *.pyc examples/keys.py examples/cudeso.py diff --git a/pymisp/api.py b/pymisp/api.py index 35c8059..21d999c 100644 --- a/pymisp/api.py +++ b/pymisp/api.py @@ -217,6 +217,24 @@ class PyMISP(object): url = urljoin(self.root_url, 'events/{}'.format(event_id)) return session.get(url) + def get_stix_event(self, event_id=None, out_format="json", with_attachments=False, from_date=False, to_date=False, tags=False): + """ + Get an event/events in STIX format + """ + out_format = out_format.lower() + if tags: + if isinstance(tags, list): + tags = "&&".join(tags) + + session = self.__prepare_session(out_format) + url = urljoin(self.root_url, + "/events/stix/download/{}/{}/{}/{}/{}".format( + event_id, with_attachments, tags, from_date, to_date + )) + if self.debug: + print("Getting STIX event from {}".format(url)) + return session.get(url) + def add_event(self, event, force_out=None): """ Add a new event @@ -339,6 +357,10 @@ class PyMISP(object): response = self.get_event(int(eid), 'json') return self._check_response(response) + def get_stix(self, **kwargs): + response = self.get_stix_event(**kwargs) + return self._check_response(response) + def update(self, event): eid = event['Event']['id'] response = self.update_event(eid, event, 'json') diff --git a/tests/test.py b/tests/test.py index 4bd0b2f..5d7c5f1 100755 --- a/tests/test.py +++ b/tests/test.py @@ -109,6 +109,10 @@ class TestBasic(unittest.TestCase): event = self.misp.get_event(eventid) print event.json() + def get_stix(self, **kwargs): + event = self.misp.get_stix(kwargs) + print(event) + def add(self): event = {u'Event': {u'info': u'This is a test', u'locked': False, u'attribute_count': u'3', u'analysis': u'0', From ca5a4d0960d6dc49a9e9211b3a9bfc0c2cdfbfe8 Mon Sep 17 00:00:00 2001 From: Nils <3c7@users.noreply.github.com> Date: Thu, 21 Jul 2016 13:43:04 +0200 Subject: [PATCH 2/2] Fixes: expected bytes, got in download_samples() --- pymisp/api.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pymisp/api.py b/pymisp/api.py index 21d999c..3ae0d12 100644 --- a/pymisp/api.py +++ b/pymisp/api.py @@ -917,10 +917,10 @@ class PyMISP(object): archive = zipfile.ZipFile(zipped) try: # New format - unzipped = BytesIO(archive.open(f['md5'], pwd='infected').read()) + unzipped = BytesIO(archive.open(f['md5'], pwd=b'infected').read()) except KeyError: # Old format - unzipped = BytesIO(archive.open(f['filename'], pwd='infected').read()) + unzipped = BytesIO(archive.open(f['filename'], pwd=b'infected').read()) details.append([f['event_id'], f['filename'], unzipped]) except zipfile.BadZipfile: # In case the sample isn't zipped