From dcdbbd1bb4e6383000e1e146f07ae9a3b6b30ce2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Tue, 6 Nov 2018 15:28:07 +0100 Subject: [PATCH 1/5] chg: Add a script to load the API key from the file system (training VM) --- docs/tutorial/PyMISP Objects.ipynb | 28 +++++++++++++++-- docs/tutorial/PyMISP_tutorial.ipynb | 29 +++++++++++++++++ docs/tutorial/Search.ipynb | 49 ++++++++++++++++++++++++----- docs/tutorial/Usage.ipynb | 40 +++++++++++++++++++++-- 4 files changed, 133 insertions(+), 13 deletions(-) diff --git a/docs/tutorial/PyMISP Objects.ipynb b/docs/tutorial/PyMISP Objects.ipynb index 62a3476..3feaa82 100644 --- a/docs/tutorial/PyMISP Objects.ipynb +++ b/docs/tutorial/PyMISP Objects.ipynb @@ -53,6 +53,28 @@ "```" ] }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "# Getting the API key (automatically generated on the trainig VM)" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "from pathlib import Path\n", + "\n", + "api_file = Path('apikey')\n", + "if api_file.exists():\n", + " with open(api_file) as f:\n", + " misp_key = f.read().strip()\n", + " print(misp_key)" + ] + }, { "cell_type": "markdown", "metadata": {}, @@ -350,7 +372,7 @@ "misp_object.add_attribute('ip', value='149.13.33.14')\n", "misp_object.add_attribute('first-seen', value='2018-04-11')\n", "misp_object.add_attribute('last-seen', value='2018-06-11')\n", - "misp_object.add_reference(circl_attr.uuid, 'related-to', 'Expanded with passive DNS entry')\n", + "misp_object.add_reference(obj_attr.uuid, 'related-to', 'Expanded with passive DNS entry')\n", "\n", "print(event.to_json())\n" ] @@ -656,7 +678,7 @@ "misp_url = 'http://127.0.0.1:8080'\n", "# Can be found in the MISP web interface under \n", "# http://+MISP_URL+/users/view/me -> Authkey\n", - "misp_key = 'yB8DMS8LkfYYpcVX8bN2v7xwDZDMp4bpW0sNqNGj'\n", + "misp_key = 'xe5okWNY2OB3O9ljR6t2cJPNsv4u1VZB0C1mKwtB'\n", "# Should PyMISP verify the MISP certificate\n", "misp_verifycert = False\n", "\n", @@ -763,7 +785,7 @@ "name": "python", "nbconvert_exporter": "python", "pygments_lexer": "ipython3", - "version": "3.6.3" + "version": "3.6.5" } }, "nbformat": 4, diff --git a/docs/tutorial/PyMISP_tutorial.ipynb b/docs/tutorial/PyMISP_tutorial.ipynb index 0ada011..aefff84 100644 --- a/docs/tutorial/PyMISP_tutorial.ipynb +++ b/docs/tutorial/PyMISP_tutorial.ipynb @@ -30,6 +30,35 @@ "misp_verifycert = False" ] }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "# Getting the API key (automatically generated on the trainig VM)" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "from pathlib import Path\n", + "\n", + "api_file = Path('apikey')\n", + "if api_file.exists():\n", + " with open(api_file) as f:\n", + " misp_key = f.read().strip()\n", + " print(misp_key)" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "# Initialize PyMISP" + ] + }, { "cell_type": "code", "execution_count": null, diff --git a/docs/tutorial/Search.ipynb b/docs/tutorial/Search.ipynb index 47b420b..8d7b516 100644 --- a/docs/tutorial/Search.ipynb +++ b/docs/tutorial/Search.ipynb @@ -7,12 +7,41 @@ "outputs": [], "source": [ "# The URL of the MISP instance to connect to\n", - "misp_url = 'https:///'\n", + "misp_url = 'http://127.0.0.1:8080'\n", "# Can be found in the MISP web interface under \n", "# http://+MISP_URL+/users/view/me -> Authkey\n", - "misp_key = ''\n", + "misp_key = 'xe5okWNY2OB3O9ljR6t2cJPNsv4u1VZB0C1mKwtB'\n", "# Should PyMISP verify the MISP certificate\n", - "misp_verifycert = True" + "misp_verifycert = False" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "# Getting the API key (automatically generated on the trainig VM)" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "from pathlib import Path\n", + "\n", + "api_file = Path('apikey')\n", + "if api_file.exists():\n", + " with open(api_file) as f:\n", + " misp_key = f.read().strip()\n", + " print(misp_key)" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "# Initialize PyMISP" ] }, { @@ -48,7 +77,8 @@ "metadata": {}, "outputs": [], "source": [ - "r = misp.search_index(published=False)" + "r = misp.search_index(published=False)\n", + "print(r)" ] }, { @@ -130,7 +160,8 @@ "metadata": {}, "outputs": [], "source": [ - "r = misp.search_index(attribute='8.8.8.8')" + "r = misp.search_index(attribute='8.8.8.8')\n", + "print(r)" ] }, { @@ -162,7 +193,8 @@ "metadata": {}, "outputs": [], "source": [ - "r = misp.search_index(timestamp='1h')" + "r = misp.search_index(timestamp='1h')\n", + "print(r)" ] }, { @@ -206,7 +238,8 @@ "metadata": {}, "outputs": [], "source": [ - "r = misp.search(values='8.8.8.8')" + "r = misp.search(values='8.8.8.8')\n", + "print(r)" ] }, { @@ -357,7 +390,7 @@ "name": "python", "nbconvert_exporter": "python", "pygments_lexer": "ipython3", - "version": "3.6.3" + "version": "3.6.5" } }, "nbformat": 4, diff --git a/docs/tutorial/Usage.ipynb b/docs/tutorial/Usage.ipynb index 765f848..5d9fdca 100644 --- a/docs/tutorial/Usage.ipynb +++ b/docs/tutorial/Usage.ipynb @@ -25,8 +25,44 @@ "# http://+MISP_URL+/users/view/me -> Authkey\n", "misp_key = 'yB8DMS8LkfYYpcVX8bN2v7xwDZDMp4bpW0sNqNGj'\n", "# Should PyMISP verify the MISP certificate\n", - "misp_verifycert = False\n", + "misp_verifycert = False" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "# Getting the API key (automatically generated on the trainig VM)" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "from pathlib import Path\n", "\n", + "api_file = Path('apikey')\n", + "if api_file.exists():\n", + " with open(api_file) as f:\n", + " misp_key = f.read().strip()\n", + " print(misp_key)" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "# Initialize PyMISP" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ "misp = PyMISP(misp_url, misp_key, misp_verifycert)" ] }, @@ -460,7 +496,7 @@ "name": "python", "nbconvert_exporter": "python", "pygments_lexer": "ipython3", - "version": "3.6.3" + "version": "3.6.5" } }, "nbformat": 4, From ada955a9e6a02220eb6b86ce70aedc0e3c220c19 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Tue, 6 Nov 2018 17:53:10 +0100 Subject: [PATCH 2/5] fix: Properly initialize the config when jupyter runs on the VM --- docs/tutorial/PyMISP Objects.ipynb | 2 ++ docs/tutorial/PyMISP_tutorial.ipynb | 2 ++ docs/tutorial/Search.ipynb | 2 ++ docs/tutorial/Usage.ipynb | 2 ++ 4 files changed, 8 insertions(+) diff --git a/docs/tutorial/PyMISP Objects.ipynb b/docs/tutorial/PyMISP Objects.ipynb index 3feaa82..e4f3a6d 100644 --- a/docs/tutorial/PyMISP Objects.ipynb +++ b/docs/tutorial/PyMISP Objects.ipynb @@ -70,6 +70,8 @@ "\n", "api_file = Path('apikey')\n", "if api_file.exists():\n", + " misp_url = 'http://127.0.0.1'\n", + " misp_verifycert = False\n", " with open(api_file) as f:\n", " misp_key = f.read().strip()\n", " print(misp_key)" diff --git a/docs/tutorial/PyMISP_tutorial.ipynb b/docs/tutorial/PyMISP_tutorial.ipynb index aefff84..0b0ace5 100644 --- a/docs/tutorial/PyMISP_tutorial.ipynb +++ b/docs/tutorial/PyMISP_tutorial.ipynb @@ -47,6 +47,8 @@ "\n", "api_file = Path('apikey')\n", "if api_file.exists():\n", + " misp_url = 'http://127.0.0.1'\n", + " misp_verifycert = False\n", " with open(api_file) as f:\n", " misp_key = f.read().strip()\n", " print(misp_key)" diff --git a/docs/tutorial/Search.ipynb b/docs/tutorial/Search.ipynb index 8d7b516..27a7ecc 100644 --- a/docs/tutorial/Search.ipynb +++ b/docs/tutorial/Search.ipynb @@ -32,6 +32,8 @@ "\n", "api_file = Path('apikey')\n", "if api_file.exists():\n", + " misp_url = 'http://127.0.0.1'\n", + " misp_verifycert = False\n", " with open(api_file) as f:\n", " misp_key = f.read().strip()\n", " print(misp_key)" diff --git a/docs/tutorial/Usage.ipynb b/docs/tutorial/Usage.ipynb index 5d9fdca..3eced66 100644 --- a/docs/tutorial/Usage.ipynb +++ b/docs/tutorial/Usage.ipynb @@ -45,6 +45,8 @@ "\n", "api_file = Path('apikey')\n", "if api_file.exists():\n", + " misp_url = 'http://127.0.0.1'\n", + " misp_verifycert = False\n", " with open(api_file) as f:\n", " misp_key = f.read().strip()\n", " print(misp_key)" From a92e2a2d432e06a6f3dc223722e7149a373c1486 Mon Sep 17 00:00:00 2001 From: Nils Kuhnert Date: Thu, 8 Nov 2018 08:51:20 +0100 Subject: [PATCH 3/5] Fixes date parameters for search_index() function --- pymisp/api.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pymisp/api.py b/pymisp/api.py index 3011ec0..d240ef3 100644 --- a/pymisp/api.py +++ b/pymisp/api.py @@ -1054,8 +1054,8 @@ class PyMISP(object): :param normalize: Normalize output | True or False :param timestamp: Interval since last update (in second, or 1d, 1h, ...) """ - allowed = {'published': published, 'eventid': eventid, 'tag': tag, 'Dateuntil': dateuntil, - 'Datefrom': datefrom, 'eventinfo': eventinfo, 'threatlevel': threatlevel, + allowed = {'published': published, 'eventid': eventid, 'tag': tag, 'dateuntil': dateuntil, + 'datefrom': datefrom, 'eventinfo': eventinfo, 'threatlevel': threatlevel, 'distribution': distribution, 'analysis': analysis, 'attribute': attribute, 'org': org, 'timestamp': timestamp} rule_levels = {'distribution': ["0", "1", "2", "3", "!0", "!1", "!2", "!3"], From bc8a397752acd5684773c1ad8157b952c497ee6f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Fri, 9 Nov 2018 10:55:27 +0100 Subject: [PATCH 4/5] new: change_distribution method Fix: #294 --- pymisp/api.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/pymisp/api.py b/pymisp/api.py index 3011ec0..a951bc5 100644 --- a/pymisp/api.py +++ b/pymisp/api.py @@ -468,6 +468,12 @@ class PyMISP(object): e.analysis = analysis_status return self.update(e) + def change_distribution(self, event, distribution): + """Change the distribution of an event""" + e = self._make_mispevent(event) + e.distribution = distribution + return self.update(e) + def change_sharing_group(self, event, sharing_group_id): """Change the sharing group of an event""" e = self._make_mispevent(event) From 9a7caa71fb99ea6a328b578e8dcd65ba50f63a76 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Mon, 12 Nov 2018 10:16:01 +0100 Subject: [PATCH 5/5] new: Add test for pushing an event to ZMQ --- tests/testlive_comprehensive.py | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/tests/testlive_comprehensive.py b/tests/testlive_comprehensive.py index 562c49c..deb9111 100644 --- a/tests/testlive_comprehensive.py +++ b/tests/testlive_comprehensive.py @@ -14,7 +14,7 @@ try: except ImportError as e: print(e) url = 'http://localhost:8080' - key = 'fk5BodCZw8owbscW8pQ4ykMASLeJ4NYhuAbshNjo' + key = 'y0rs3LNOP0Y3v6dfSMMdhxj5Oxx9MfaInpRP2pBC' from uuid import uuid4 @@ -916,6 +916,16 @@ class TestComprehensive(unittest.TestCase): self.assertEqual(r['Galaxy']['name'], list_name_test) self.assertTrue('GalaxyCluster' in r) + def test_zmq(self): + first = self.create_simple_event() + try: + first = self.user_misp_connector.add_event(first) + r = self.admin_misp_connector.pushEventToZMQ(first.id) + self.assertEqual(r['message'], 'Event published to ZMQ') + finally: + # Delete event + self.admin_misp_connector.delete_event(first.id) + @unittest.skip("Currently failing") def test_search_type_event_csv(self): try: