mirror of https://github.com/MISP/PyMISP
Merge remote-tracking branch 'upstream/master'
commit
e3d98b409c
|
@ -53,6 +53,30 @@
|
||||||
"```"
|
"```"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"cell_type": "markdown",
|
||||||
|
"metadata": {},
|
||||||
|
"source": [
|
||||||
|
"# Getting the API key (automatically generated on the trainig VM)"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"cell_type": "code",
|
||||||
|
"execution_count": null,
|
||||||
|
"metadata": {},
|
||||||
|
"outputs": [],
|
||||||
|
"source": [
|
||||||
|
"from pathlib import Path\n",
|
||||||
|
"\n",
|
||||||
|
"api_file = Path('apikey')\n",
|
||||||
|
"if api_file.exists():\n",
|
||||||
|
" misp_url = 'http://127.0.0.1'\n",
|
||||||
|
" misp_verifycert = False\n",
|
||||||
|
" with open(api_file) as f:\n",
|
||||||
|
" misp_key = f.read().strip()\n",
|
||||||
|
" print(misp_key)"
|
||||||
|
]
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"cell_type": "markdown",
|
"cell_type": "markdown",
|
||||||
"metadata": {},
|
"metadata": {},
|
||||||
|
@ -350,7 +374,7 @@
|
||||||
"misp_object.add_attribute('ip', value='149.13.33.14')\n",
|
"misp_object.add_attribute('ip', value='149.13.33.14')\n",
|
||||||
"misp_object.add_attribute('first-seen', value='2018-04-11')\n",
|
"misp_object.add_attribute('first-seen', value='2018-04-11')\n",
|
||||||
"misp_object.add_attribute('last-seen', value='2018-06-11')\n",
|
"misp_object.add_attribute('last-seen', value='2018-06-11')\n",
|
||||||
"misp_object.add_reference(circl_attr.uuid, 'related-to', 'Expanded with passive DNS entry')\n",
|
"misp_object.add_reference(obj_attr.uuid, 'related-to', 'Expanded with passive DNS entry')\n",
|
||||||
"\n",
|
"\n",
|
||||||
"print(event.to_json())\n"
|
"print(event.to_json())\n"
|
||||||
]
|
]
|
||||||
|
@ -656,7 +680,7 @@
|
||||||
"misp_url = 'http://127.0.0.1:8080'\n",
|
"misp_url = 'http://127.0.0.1:8080'\n",
|
||||||
"# Can be found in the MISP web interface under \n",
|
"# Can be found in the MISP web interface under \n",
|
||||||
"# http://+MISP_URL+/users/view/me -> Authkey\n",
|
"# http://+MISP_URL+/users/view/me -> Authkey\n",
|
||||||
"misp_key = 'yB8DMS8LkfYYpcVX8bN2v7xwDZDMp4bpW0sNqNGj'\n",
|
"misp_key = 'xe5okWNY2OB3O9ljR6t2cJPNsv4u1VZB0C1mKwtB'\n",
|
||||||
"# Should PyMISP verify the MISP certificate\n",
|
"# Should PyMISP verify the MISP certificate\n",
|
||||||
"misp_verifycert = False\n",
|
"misp_verifycert = False\n",
|
||||||
"\n",
|
"\n",
|
||||||
|
@ -763,7 +787,7 @@
|
||||||
"name": "python",
|
"name": "python",
|
||||||
"nbconvert_exporter": "python",
|
"nbconvert_exporter": "python",
|
||||||
"pygments_lexer": "ipython3",
|
"pygments_lexer": "ipython3",
|
||||||
"version": "3.6.3"
|
"version": "3.6.5"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nbformat": 4,
|
"nbformat": 4,
|
||||||
|
|
|
@ -30,6 +30,37 @@
|
||||||
"misp_verifycert = False"
|
"misp_verifycert = False"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"cell_type": "markdown",
|
||||||
|
"metadata": {},
|
||||||
|
"source": [
|
||||||
|
"# Getting the API key (automatically generated on the trainig VM)"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"cell_type": "code",
|
||||||
|
"execution_count": null,
|
||||||
|
"metadata": {},
|
||||||
|
"outputs": [],
|
||||||
|
"source": [
|
||||||
|
"from pathlib import Path\n",
|
||||||
|
"\n",
|
||||||
|
"api_file = Path('apikey')\n",
|
||||||
|
"if api_file.exists():\n",
|
||||||
|
" misp_url = 'http://127.0.0.1'\n",
|
||||||
|
" misp_verifycert = False\n",
|
||||||
|
" with open(api_file) as f:\n",
|
||||||
|
" misp_key = f.read().strip()\n",
|
||||||
|
" print(misp_key)"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"cell_type": "markdown",
|
||||||
|
"metadata": {},
|
||||||
|
"source": [
|
||||||
|
"# Initialize PyMISP"
|
||||||
|
]
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"cell_type": "code",
|
"cell_type": "code",
|
||||||
"execution_count": null,
|
"execution_count": null,
|
||||||
|
|
|
@ -7,12 +7,43 @@
|
||||||
"outputs": [],
|
"outputs": [],
|
||||||
"source": [
|
"source": [
|
||||||
"# The URL of the MISP instance to connect to\n",
|
"# The URL of the MISP instance to connect to\n",
|
||||||
"misp_url = 'https://<URL>/'\n",
|
"misp_url = 'http://127.0.0.1:8080'\n",
|
||||||
"# Can be found in the MISP web interface under \n",
|
"# Can be found in the MISP web interface under \n",
|
||||||
"# http://+MISP_URL+/users/view/me -> Authkey\n",
|
"# http://+MISP_URL+/users/view/me -> Authkey\n",
|
||||||
"misp_key = '<KEY>'\n",
|
"misp_key = 'xe5okWNY2OB3O9ljR6t2cJPNsv4u1VZB0C1mKwtB'\n",
|
||||||
"# Should PyMISP verify the MISP certificate\n",
|
"# Should PyMISP verify the MISP certificate\n",
|
||||||
"misp_verifycert = True"
|
"misp_verifycert = False"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"cell_type": "markdown",
|
||||||
|
"metadata": {},
|
||||||
|
"source": [
|
||||||
|
"# Getting the API key (automatically generated on the trainig VM)"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"cell_type": "code",
|
||||||
|
"execution_count": null,
|
||||||
|
"metadata": {},
|
||||||
|
"outputs": [],
|
||||||
|
"source": [
|
||||||
|
"from pathlib import Path\n",
|
||||||
|
"\n",
|
||||||
|
"api_file = Path('apikey')\n",
|
||||||
|
"if api_file.exists():\n",
|
||||||
|
" misp_url = 'http://127.0.0.1'\n",
|
||||||
|
" misp_verifycert = False\n",
|
||||||
|
" with open(api_file) as f:\n",
|
||||||
|
" misp_key = f.read().strip()\n",
|
||||||
|
" print(misp_key)"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"cell_type": "markdown",
|
||||||
|
"metadata": {},
|
||||||
|
"source": [
|
||||||
|
"# Initialize PyMISP"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -48,7 +79,8 @@
|
||||||
"metadata": {},
|
"metadata": {},
|
||||||
"outputs": [],
|
"outputs": [],
|
||||||
"source": [
|
"source": [
|
||||||
"r = misp.search_index(published=False)"
|
"r = misp.search_index(published=False)\n",
|
||||||
|
"print(r)"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -130,7 +162,8 @@
|
||||||
"metadata": {},
|
"metadata": {},
|
||||||
"outputs": [],
|
"outputs": [],
|
||||||
"source": [
|
"source": [
|
||||||
"r = misp.search_index(attribute='8.8.8.8')"
|
"r = misp.search_index(attribute='8.8.8.8')\n",
|
||||||
|
"print(r)"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -162,7 +195,8 @@
|
||||||
"metadata": {},
|
"metadata": {},
|
||||||
"outputs": [],
|
"outputs": [],
|
||||||
"source": [
|
"source": [
|
||||||
"r = misp.search_index(timestamp='1h')"
|
"r = misp.search_index(timestamp='1h')\n",
|
||||||
|
"print(r)"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -206,7 +240,8 @@
|
||||||
"metadata": {},
|
"metadata": {},
|
||||||
"outputs": [],
|
"outputs": [],
|
||||||
"source": [
|
"source": [
|
||||||
"r = misp.search(values='8.8.8.8')"
|
"r = misp.search(values='8.8.8.8')\n",
|
||||||
|
"print(r)"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -357,7 +392,7 @@
|
||||||
"name": "python",
|
"name": "python",
|
||||||
"nbconvert_exporter": "python",
|
"nbconvert_exporter": "python",
|
||||||
"pygments_lexer": "ipython3",
|
"pygments_lexer": "ipython3",
|
||||||
"version": "3.6.3"
|
"version": "3.6.5"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nbformat": 4,
|
"nbformat": 4,
|
||||||
|
|
|
@ -25,8 +25,46 @@
|
||||||
"# http://+MISP_URL+/users/view/me -> Authkey\n",
|
"# http://+MISP_URL+/users/view/me -> Authkey\n",
|
||||||
"misp_key = 'yB8DMS8LkfYYpcVX8bN2v7xwDZDMp4bpW0sNqNGj'\n",
|
"misp_key = 'yB8DMS8LkfYYpcVX8bN2v7xwDZDMp4bpW0sNqNGj'\n",
|
||||||
"# Should PyMISP verify the MISP certificate\n",
|
"# Should PyMISP verify the MISP certificate\n",
|
||||||
"misp_verifycert = False\n",
|
"misp_verifycert = False"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"cell_type": "markdown",
|
||||||
|
"metadata": {},
|
||||||
|
"source": [
|
||||||
|
"# Getting the API key (automatically generated on the trainig VM)"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"cell_type": "code",
|
||||||
|
"execution_count": null,
|
||||||
|
"metadata": {},
|
||||||
|
"outputs": [],
|
||||||
|
"source": [
|
||||||
|
"from pathlib import Path\n",
|
||||||
"\n",
|
"\n",
|
||||||
|
"api_file = Path('apikey')\n",
|
||||||
|
"if api_file.exists():\n",
|
||||||
|
" misp_url = 'http://127.0.0.1'\n",
|
||||||
|
" misp_verifycert = False\n",
|
||||||
|
" with open(api_file) as f:\n",
|
||||||
|
" misp_key = f.read().strip()\n",
|
||||||
|
" print(misp_key)"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"cell_type": "markdown",
|
||||||
|
"metadata": {},
|
||||||
|
"source": [
|
||||||
|
"# Initialize PyMISP"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"cell_type": "code",
|
||||||
|
"execution_count": null,
|
||||||
|
"metadata": {},
|
||||||
|
"outputs": [],
|
||||||
|
"source": [
|
||||||
"misp = PyMISP(misp_url, misp_key, misp_verifycert)"
|
"misp = PyMISP(misp_url, misp_key, misp_verifycert)"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
@ -460,7 +498,7 @@
|
||||||
"name": "python",
|
"name": "python",
|
||||||
"nbconvert_exporter": "python",
|
"nbconvert_exporter": "python",
|
||||||
"pygments_lexer": "ipython3",
|
"pygments_lexer": "ipython3",
|
||||||
"version": "3.6.3"
|
"version": "3.6.5"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nbformat": 4,
|
"nbformat": 4,
|
||||||
|
|
|
@ -468,6 +468,12 @@ class PyMISP(object):
|
||||||
e.analysis = analysis_status
|
e.analysis = analysis_status
|
||||||
return self.update(e)
|
return self.update(e)
|
||||||
|
|
||||||
|
def change_distribution(self, event, distribution):
|
||||||
|
"""Change the distribution of an event"""
|
||||||
|
e = self._make_mispevent(event)
|
||||||
|
e.distribution = distribution
|
||||||
|
return self.update(e)
|
||||||
|
|
||||||
def change_sharing_group(self, event, sharing_group_id):
|
def change_sharing_group(self, event, sharing_group_id):
|
||||||
"""Change the sharing group of an event"""
|
"""Change the sharing group of an event"""
|
||||||
e = self._make_mispevent(event)
|
e = self._make_mispevent(event)
|
||||||
|
@ -1054,8 +1060,8 @@ class PyMISP(object):
|
||||||
:param normalize: Normalize output | True or False
|
:param normalize: Normalize output | True or False
|
||||||
:param timestamp: Interval since last update (in second, or 1d, 1h, ...)
|
:param timestamp: Interval since last update (in second, or 1d, 1h, ...)
|
||||||
"""
|
"""
|
||||||
allowed = {'published': published, 'eventid': eventid, 'tag': tag, 'Dateuntil': dateuntil,
|
allowed = {'published': published, 'eventid': eventid, 'tag': tag, 'dateuntil': dateuntil,
|
||||||
'Datefrom': datefrom, 'eventinfo': eventinfo, 'threatlevel': threatlevel,
|
'datefrom': datefrom, 'eventinfo': eventinfo, 'threatlevel': threatlevel,
|
||||||
'distribution': distribution, 'analysis': analysis, 'attribute': attribute,
|
'distribution': distribution, 'analysis': analysis, 'attribute': attribute,
|
||||||
'org': org, 'timestamp': timestamp}
|
'org': org, 'timestamp': timestamp}
|
||||||
rule_levels = {'distribution': ["0", "1", "2", "3", "!0", "!1", "!2", "!3"],
|
rule_levels = {'distribution': ["0", "1", "2", "3", "!0", "!1", "!2", "!3"],
|
||||||
|
|
|
@ -14,7 +14,7 @@ try:
|
||||||
except ImportError as e:
|
except ImportError as e:
|
||||||
print(e)
|
print(e)
|
||||||
url = 'http://localhost:8080'
|
url = 'http://localhost:8080'
|
||||||
key = 'fk5BodCZw8owbscW8pQ4ykMASLeJ4NYhuAbshNjo'
|
key = 'y0rs3LNOP0Y3v6dfSMMdhxj5Oxx9MfaInpRP2pBC'
|
||||||
|
|
||||||
from uuid import uuid4
|
from uuid import uuid4
|
||||||
|
|
||||||
|
@ -916,6 +916,16 @@ class TestComprehensive(unittest.TestCase):
|
||||||
self.assertEqual(r['Galaxy']['name'], list_name_test)
|
self.assertEqual(r['Galaxy']['name'], list_name_test)
|
||||||
self.assertTrue('GalaxyCluster' in r)
|
self.assertTrue('GalaxyCluster' in r)
|
||||||
|
|
||||||
|
def test_zmq(self):
|
||||||
|
first = self.create_simple_event()
|
||||||
|
try:
|
||||||
|
first = self.user_misp_connector.add_event(first)
|
||||||
|
r = self.admin_misp_connector.pushEventToZMQ(first.id)
|
||||||
|
self.assertEqual(r['message'], 'Event published to ZMQ')
|
||||||
|
finally:
|
||||||
|
# Delete event
|
||||||
|
self.admin_misp_connector.delete_event(first.id)
|
||||||
|
|
||||||
@unittest.skip("Currently failing")
|
@unittest.skip("Currently failing")
|
||||||
def test_search_type_event_csv(self):
|
def test_search_type_event_csv(self):
|
||||||
try:
|
try:
|
||||||
|
|
Loading…
Reference in New Issue