MISP
/
PyMISP
mirror of https://github.com/MISP/PyMISP
2
0
Fork 0
Code Issues Releases Wiki Activity

feature: Added support of MISP object constructor instead of the generic_generator

pull/204/head
Sami Mokaddem 2018-03-12 15:17:25 +01:00
parent 81d3532877
commit d898bb3857
3 changed files with 47 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
examples/feed-generator-from-redis/generator.py
View File

@ -9,7 +9,6 @@ import time
import uuid import uuid
from pymisp import MISPEvent from pymisp import MISPEvent
from pymisp.tools import GenericObjectGenerator
import settings import settings
@ -46,7 +45,6 @@ class FeedGenerator:
Configuration taken from the file settings.py""" Configuration taken from the file settings.py"""
def __init__(self): def __init__(self):
"""This object can be use to easily create a daily MISP-feed. """This object can be use to easily create a daily MISP-feed.
@ -55,6 +53,7 @@ class FeedGenerator:
""" """
self.sys_templates = get_system_templates() self.sys_templates = get_system_templates()
self.constructor_dict = settings.constructor_dict
self.flushing_interval = settings.flushing_interval self.flushing_interval = settings.flushing_interval
self.flushing_next = time.time() + self.flushing_interval self.flushing_next = time.time() + self.flushing_interval
@ -63,30 +62,41 @@ class FeedGenerator:
self.attributeHashes = [] self.attributeHashes = []
self.daily_event_name = settings.daily_event_name + ' {}' self.daily_event_name = settings.daily_event_name + ' {}'
_, self.current_event_uuid, self.event_name = self.get_last_event_from_manifest() event_date_str, self.current_event_uuid, self.event_name = self.get_last_event_from_manifest()
self.current_date = datetime.date.today() temp = [int(x) for x in event_date_str.split('-')]
self.current_event_date = datetime.date(temp[0], temp[1], temp[2])
self.current_event = self._get_event_from_id(self.current_event_uuid) self.current_event = self._get_event_from_id(self.current_event_uuid)
def add_sighting_on_attribute(self, sight_type, attr_uuid, **data): def add_sighting_on_attribute(self, sight_type, attr_uuid, **data):
"""Add a sighting on an attribute.
Not supported for the moment."""
self.update_daily_event_id() self.update_daily_event_id()
self.after_addition() self._after_addition()
return False return False
def add_attribute_to_event(self, attr_type, attr_value, **attr_data): def add_attribute_to_event(self, attr_type, attr_value, **attr_data):
"""Add an attribute to the daily event"""
self.update_daily_event_id() self.update_daily_event_id()
self.current_event.add_attribute(attr_type, attr_value, **attr_data) self.current_event.add_attribute(attr_type, attr_value, **attr_data)
self._add_hash(attr_type, attr_value) self._add_hash(attr_type, attr_value)
self.after_addition() self._after_addition()
return True return True
def add_object_to_event(self, obj_name, **data): def add_object_to_event(self, obj_name, **data):
"""Add an object to the daily event"""
self.update_daily_event_id() self.update_daily_event_id()
# create the MISP object
misp_object = GenericObjectGenerator(obj_name)
if obj_name not in self.sys_templates: if obj_name not in self.sys_templates:
print('Unkown object template') print('Unkown object template')
return False return False
# Get MISP object constructor
obj_constr = self.constructor_dict.get(obj_name, None)
# Constructor not known, using the generic one
if obj_constr is None:
obj_constr = self.constructor_dict.get('generic')
misp_object = obj_constr(obj_name)
# Fill generic object
for k, v in data.items(): for k, v in data.items():
# attribute is not in the object template definition # attribute is not in the object template definition
if k not in self.sys_templates[obj_name]['attributes']: if k not in self.sys_templates[obj_name]['attributes']:
@ -95,18 +105,20 @@ class FeedGenerator:
else: else:
misp_object.add_attribute(k, **{'value': v}) misp_object.add_attribute(k, **{'value': v})
else:
misp_object = obj_constr(data)
self.current_event.add_object(misp_object) self.current_event.add_object(misp_object)
for attr_type, attr_value in data.items(): for attr_type, attr_value in data.items():
self._add_hash(attr_type, attr_value) self._add_hash(attr_type, attr_value)
self.after_addition() self._after_addition()
return True return True
def after_addition(self): def _after_addition(self):
# Write event on disk """Write event on disk"""
now = time.time() now = time.time()
if self.flushing_next <= now: if self.flushing_next <= now:
self.update_last_action('Flushed on disk')
self.flush_event() self.flush_event()
self.flushing_next = now + self.flushing_interval self.flushing_next = now + self.flushing_interval
@ -137,7 +149,7 @@ class FeedGenerator:
self.create_daily_event() self.create_daily_event()
def flush_event(self, new_event=None): def flush_event(self, new_event=None):
print('Writting event on disk'+' '*20) print('Writting event on disk'+' '*50)
if new_event is not None: if new_event is not None:
event_uuid = new_event['uuid'] event_uuid = new_event['uuid']
event = new_event event = new_event
@ -207,7 +219,8 @@ class FeedGenerator:
self.manifest[event_uuid] = event_json self.manifest[event_uuid] = event_json
dated_events.append([ dated_events.append([
event_json['date'], event_json['date'],
event_uuid, event_json['info'] event_uuid,
event_json['info']
]) ])
# Sort by date then by event name # Sort by date then by event name
dated_events.sort(key=lambda k: (k[0], k[2]), reverse=True) dated_events.sort(key=lambda k: (k[0], k[2]), reverse=True)
@ -219,10 +232,11 @@ class FeedGenerator:
# DAILY # DAILY
def update_daily_event_id(self): def update_daily_event_id(self):
if self.current_date != datetime.date.today(): # create new event if self.current_event_date != datetime.date.today(): # create new event
# save current event on disk # save current event on disk
self.flush_event() self.flush_event()
self.current_event = self.create_daily_event() self.current_event = self.create_daily_event()
self.current_event_date = datetime.date.today()
self.current_event_uuid = self.current_event.get('uuid') self.current_event_uuid = self.current_event.get('uuid')
self.event_name = self.current_event.info self.event_name = self.current_event.info

2
examples/feed-generator-from-redis/server.py
View File

@ -2,7 +2,7 @@
import os.path import os.path
from flask import Flask from flask import Flask
from flask.ext.autoindex import AutoIndex from flask_autoindex import AutoIndex
from settings import outputdir from settings import outputdir
app = Flask(__name__) app = Flask(__name__)

9
examples/feed-generator-from-redis/settings.default.py
View File

@ -44,6 +44,15 @@ Tag=[
} }
] ]
# MISP Object constructor
from CowrieMISPObject import CowrieMISPObject
from pymisp.tools import GenericObjectGenerator
constructor_dict = {
'cowrie': CowrieMISPObject,
'generic': GenericObjectGenerator
}
# Others # Others
## Redis pooling time ## Redis pooling time
sleep=60 sleep=60