From db235899bf480b2cd53805bd2f2646762e1ad1d6 Mon Sep 17 00:00:00 2001
From: garanews <puntogtg@tiscali.it>
Date: Tue, 23 Jan 2018 10:35:21 +0100
Subject: [PATCH] sb-signature library

Created sb-signature library with relative example for testing.
Thanks @dadokkio
---
 examples/add_sbsignature.py       | 17 +++++++++++++++++
 pymisp/tools/__init__.py          |  1 +
 pymisp/tools/sbsignatureobject.py | 26 ++++++++++++++++++++++++++
 3 files changed, 44 insertions(+)
 create mode 100644 examples/add_sbsignature.py
 create mode 100644 pymisp/tools/sbsignatureobject.py

diff --git a/examples/add_sbsignature.py b/examples/add_sbsignature.py
new file mode 100644
index 0000000..5b3bff8
--- /dev/null
+++ b/examples/add_sbsignature.py
@@ -0,0 +1,17 @@
+import json
+from pymisp import PyMISP
+from keys import misp_url, misp_key, misp_verifycert
+from pymisp.tools import SBSignatureObject
+
+pymisp = PyMISP(misp_url, misp_key, misp_verifycert)
+a = json.loads('{"signatures":[{"new_data":[],"confidence":100,"families":[],"severity":1,"weight":0,"description":"AttemptstoconnecttoadeadIP:Port(2uniquetimes)","alert":false,"references":[],"data":[{"IP":"95.101.39.58:80(Europe)"},{"IP":"192.35.177.64:80(UnitedStates)"}],"name":"dead_connect"},{"new_data":[],"confidence":30,"families":[],"severity":2,"weight":1,"description":"PerformssomeHTTPrequests","alert":false,"references":[],"data":[{"url":"http://cert.int-x3.letsencrypt.org/"},{"url":"http://apps.identrust.com/roots/dstrootcax3.p7c"}],"name":"network_http"},{"new_data":[],"confidence":100,"families":[],"severity":2,"weight":1,"description":"Theofficefilehasaunconventionalcodepage:ANSICyrillic;Cyrillic(Windows)","alert":false,"references":[],"data":[],"name":"office_code_page"}]}')
+a = [(x['name'], x['description']) for x in a["signatures"]]
+
+
+b = SBSignatureObject(a)
+
+
+template_id = [x['ObjectTemplate']['id'] for x in pymisp.get_object_templates_list(
+                ) if x['ObjectTemplate']['name'] == 'sb-signature'][0]
+
+pymisp.add_object(234111, template_id, b)
\ No newline at end of file
diff --git a/pymisp/tools/__init__.py b/pymisp/tools/__init__.py
index b551432..87154ec 100644
--- a/pymisp/tools/__init__.py
+++ b/pymisp/tools/__init__.py
@@ -8,3 +8,4 @@ from .create_misp_object import make_binary_objects  # noqa
 from .abstractgenerator import AbstractMISPObjectGenerator  # noqa
 from .genericgenerator import GenericObjectGenerator  # noqa
 from .openioc import load_openioc, load_openioc_file  # noqa
+from .sbsignatureobject import SBSignatureObject  # noqa
diff --git a/pymisp/tools/sbsignatureobject.py b/pymisp/tools/sbsignatureobject.py
new file mode 100644
index 0000000..dd398f9
--- /dev/null
+++ b/pymisp/tools/sbsignatureobject.py
@@ -0,0 +1,26 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+
+import re
+import requests
+from .abstractgenerator import AbstractMISPObjectGenerator
+from .. import InvalidMISPObject
+
+class SBSignatureObject(AbstractMISPObjectGenerator):
+    '''
+    Sandbox Analyzer
+    '''
+    def __init__(self, report, software, parsed=None, filepath=None, pseudofile=None, standalone=True, **kwargs):
+        # PY3 way:
+        # super().__init__("virustotal-report")
+        super(SBSignatureObject, self).__init__("sb-signature", **kwargs)
+        self._report = report
+        self._software = software
+        self.generate_attributes()
+
+    def generate_attributes(self):
+        ''' Parse the report for relevant attributes '''
+        self.add_attribute("software", value=self._software, type="text")
+        for (name, description) in self._report:            
+            self.add_attribute("signature", value=name, comment=description, type="text")        
+            
\ No newline at end of file