sb-signature library

Created sb-signature library with relative example for testing. Thanks @dadokkio
2018-01-23 10:35:21 +01:00 · 2018-01-23 10:35:21 +01:00 · db235899bf
parent 8026d0fa42
commit db235899bf
3 changed files with 44 additions and 0 deletions
--- a/examples/add_sbsignature.py
+++ b/examples/add_sbsignature.py
@ -0,0 +1,17 @@
+import json
+from pymisp import PyMISP
+from keys import misp_url, misp_key, misp_verifycert
+from pymisp.tools import SBSignatureObject
+
+pymisp = PyMISP(misp_url, misp_key, misp_verifycert)
+a = json.loads('{"signatures":[{"new_data":[],"confidence":100,"families":[],"severity":1,"weight":0,"description":"AttemptstoconnecttoadeadIP:Port(2uniquetimes)","alert":false,"references":[],"data":[{"IP":"95.101.39.58:80(Europe)"},{"IP":"192.35.177.64:80(UnitedStates)"}],"name":"dead_connect"},{"new_data":[],"confidence":30,"families":[],"severity":2,"weight":1,"description":"PerformssomeHTTPrequests","alert":false,"references":[],"data":[{"url":"http://cert.int-x3.letsencrypt.org/"},{"url":"http://apps.identrust.com/roots/dstrootcax3.p7c"}],"name":"network_http"},{"new_data":[],"confidence":100,"families":[],"severity":2,"weight":1,"description":"Theofficefilehasaunconventionalcodepage:ANSICyrillic;Cyrillic(Windows)","alert":false,"references":[],"data":[],"name":"office_code_page"}]}')
+a = [(x['name'], x['description']) for x in a["signatures"]]
+
+
+b = SBSignatureObject(a)
+
+
+template_id = [x['ObjectTemplate']['id'] for x in pymisp.get_object_templates_list(
+                ) if x['ObjectTemplate']['name'] == 'sb-signature'][0]
+
+pymisp.add_object(234111, template_id, b)
--- a/pymisp/tools/init.py
+++ b/pymisp/tools/init.py
@ -8,3 +8,4 @@ from .create_misp_object import make_binary_objects  # noqa
 from .abstractgenerator import AbstractMISPObjectGenerator  # noqa
 from .genericgenerator import GenericObjectGenerator  # noqa
 from .openioc import load_openioc, load_openioc_file  # noqa
+from .sbsignatureobject import SBSignatureObject  # noqa
--- a/pymisp/tools/sbsignatureobject.py
+++ b/pymisp/tools/sbsignatureobject.py
@ -0,0 +1,26 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+
+import re
+import requests
+from .abstractgenerator import AbstractMISPObjectGenerator
+from .. import InvalidMISPObject
+
+class SBSignatureObject(AbstractMISPObjectGenerator):
+    '''
+    Sandbox Analyzer
+    '''
+    def __init__(self, report, software, parsed=None, filepath=None, pseudofile=None, standalone=True, **kwargs):
+        # PY3 way:
+        # super().__init__("virustotal-report")
+        super(SBSignatureObject, self).__init__("sb-signature", **kwargs)
+        self._report = report
+        self._software = software
+        self.generate_attributes()
+
+    def generate_attributes(self):
+        ''' Parse the report for relevant attributes '''
+        self.add_attribute("software", value=self._software, type="text")
+        for (name, description) in self._report:            
+            self.add_attribute("signature", value=name, comment=description, type="text")        
+