MISP
/
PyMISP
mirror of https://github.com/MISP/PyMISP
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge remote-tracking branch 'upstream/master'

pull/312/head
Steve Clement 2018-11-15 17:35:09 +09:00
parent d37b340d39 9a7caa71fb
commit e3d98b409c
6 changed files with 160 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
docs/tutorial/PyMISP Objects.ipynb
View File

@ -53,6 +53,30 @@
"```" "```"
] ]
}, },
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# Getting the API key (automatically generated on the trainig VM)"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"from pathlib import Path\n",
"\n",
"api_file = Path('apikey')\n",
"if api_file.exists():\n",
" misp_url = 'http://127.0.0.1'\n",
" misp_verifycert = False\n",
" with open(api_file) as f:\n",
" misp_key = f.read().strip()\n",
" print(misp_key)"
]
},
{ {
"cell_type": "markdown", "cell_type": "markdown",
"metadata": {}, "metadata": {},
@ -350,7 +374,7 @@
"misp_object.add_attribute('ip', value='149.13.33.14')\n", "misp_object.add_attribute('ip', value='149.13.33.14')\n",
"misp_object.add_attribute('first-seen', value='2018-04-11')\n", "misp_object.add_attribute('first-seen', value='2018-04-11')\n",
"misp_object.add_attribute('last-seen', value='2018-06-11')\n", "misp_object.add_attribute('last-seen', value='2018-06-11')\n",
"misp_object.add_reference(circl_attr.uuid, 'related-to', 'Expanded with passive DNS entry')\n", "misp_object.add_reference(obj_attr.uuid, 'related-to', 'Expanded with passive DNS entry')\n",
"\n", "\n",
"print(event.to_json())\n" "print(event.to_json())\n"
] ]
@ -656,7 +680,7 @@
"misp_url = 'http://127.0.0.1:8080'\n", "misp_url = 'http://127.0.0.1:8080'\n",
"# Can be found in the MISP web interface under \n", "# Can be found in the MISP web interface under \n",
"# http://+MISP_URL+/users/view/me -> Authkey\n", "# http://+MISP_URL+/users/view/me -> Authkey\n",
"misp_key = 'yB8DMS8LkfYYpcVX8bN2v7xwDZDMp4bpW0sNqNGj'\n", "misp_key = 'xe5okWNY2OB3O9ljR6t2cJPNsv4u1VZB0C1mKwtB'\n",
"# Should PyMISP verify the MISP certificate\n", "# Should PyMISP verify the MISP certificate\n",
"misp_verifycert = False\n", "misp_verifycert = False\n",
"\n", "\n",
@ -763,7 +787,7 @@
"name": "python", "name": "python",
"nbconvert_exporter": "python", "nbconvert_exporter": "python",
"pygments_lexer": "ipython3", "pygments_lexer": "ipython3",
"version": "3.6.3" "version": "3.6.5"
} }
}, },
"nbformat": 4, "nbformat": 4,

31
docs/tutorial/PyMISP_tutorial.ipynb
View File

@ -30,6 +30,37 @@
"misp_verifycert = False" "misp_verifycert = False"
] ]
}, },
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# Getting the API key (automatically generated on the trainig VM)"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"from pathlib import Path\n",
"\n",
"api_file = Path('apikey')\n",
"if api_file.exists():\n",
" misp_url = 'http://127.0.0.1'\n",
" misp_verifycert = False\n",
" with open(api_file) as f:\n",
" misp_key = f.read().strip()\n",
" print(misp_key)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# Initialize PyMISP"
]
},
{ {
"cell_type": "code", "cell_type": "code",
"execution_count": null, "execution_count": null,

51
docs/tutorial/Search.ipynb
View File

@ -7,12 +7,43 @@
"outputs": [], "outputs": [],
"source": [ "source": [
"# The URL of the MISP instance to connect to\n", "# The URL of the MISP instance to connect to\n",
"misp_url = 'https://<URL>/'\n", "misp_url = 'http://127.0.0.1:8080'\n",
"# Can be found in the MISP web interface under \n", "# Can be found in the MISP web interface under \n",
"# http://+MISP_URL+/users/view/me -> Authkey\n", "# http://+MISP_URL+/users/view/me -> Authkey\n",
"misp_key = '<KEY>'\n", "misp_key = 'xe5okWNY2OB3O9ljR6t2cJPNsv4u1VZB0C1mKwtB'\n",
"# Should PyMISP verify the MISP certificate\n", "# Should PyMISP verify the MISP certificate\n",
"misp_verifycert = True" "misp_verifycert = False"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# Getting the API key (automatically generated on the trainig VM)"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"from pathlib import Path\n",
"\n",
"api_file = Path('apikey')\n",
"if api_file.exists():\n",
" misp_url = 'http://127.0.0.1'\n",
" misp_verifycert = False\n",
" with open(api_file) as f:\n",
" misp_key = f.read().strip()\n",
" print(misp_key)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# Initialize PyMISP"
] ]
}, },
{ {
@ -48,7 +79,8 @@
"metadata": {}, "metadata": {},
"outputs": [], "outputs": [],
"source": [ "source": [
"r = misp.search_index(published=False)" "r = misp.search_index(published=False)\n",
"print(r)"
] ]
}, },
{ {
@ -130,7 +162,8 @@
"metadata": {}, "metadata": {},
"outputs": [], "outputs": [],
"source": [ "source": [
"r = misp.search_index(attribute='8.8.8.8')" "r = misp.search_index(attribute='8.8.8.8')\n",
"print(r)"
] ]
}, },
{ {
@ -162,7 +195,8 @@
"metadata": {}, "metadata": {},
"outputs": [], "outputs": [],
"source": [ "source": [
"r = misp.search_index(timestamp='1h')" "r = misp.search_index(timestamp='1h')\n",
"print(r)"
] ]
}, },
{ {
@ -206,7 +240,8 @@
"metadata": {}, "metadata": {},
"outputs": [], "outputs": [],
"source": [ "source": [
"r = misp.search(values='8.8.8.8')" "r = misp.search(values='8.8.8.8')\n",
"print(r)"
] ]
}, },
{ {
@ -357,7 +392,7 @@
"name": "python", "name": "python",
"nbconvert_exporter": "python", "nbconvert_exporter": "python",
"pygments_lexer": "ipython3", "pygments_lexer": "ipython3",
"version": "3.6.3" "version": "3.6.5"
} }
}, },
"nbformat": 4, "nbformat": 4,

42
docs/tutorial/Usage.ipynb
View File

@ -25,8 +25,46 @@
"# http://+MISP_URL+/users/view/me -> Authkey\n", "# http://+MISP_URL+/users/view/me -> Authkey\n",
"misp_key = 'yB8DMS8LkfYYpcVX8bN2v7xwDZDMp4bpW0sNqNGj'\n", "misp_key = 'yB8DMS8LkfYYpcVX8bN2v7xwDZDMp4bpW0sNqNGj'\n",
"# Should PyMISP verify the MISP certificate\n", "# Should PyMISP verify the MISP certificate\n",
"misp_verifycert = False\n", "misp_verifycert = False"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# Getting the API key (automatically generated on the trainig VM)"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"from pathlib import Path\n",
"\n", "\n",
"api_file = Path('apikey')\n",
"if api_file.exists():\n",
" misp_url = 'http://127.0.0.1'\n",
" misp_verifycert = False\n",
" with open(api_file) as f:\n",
" misp_key = f.read().strip()\n",
" print(misp_key)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# Initialize PyMISP"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"misp = PyMISP(misp_url, misp_key, misp_verifycert)" "misp = PyMISP(misp_url, misp_key, misp_verifycert)"
] ]
}, },
@ -460,7 +498,7 @@
"name": "python", "name": "python",
"nbconvert_exporter": "python", "nbconvert_exporter": "python",
"pygments_lexer": "ipython3", "pygments_lexer": "ipython3",
"version": "3.6.3" "version": "3.6.5"
} }
}, },
"nbformat": 4, "nbformat": 4,

10
pymisp/api.py
View File

@ -468,6 +468,12 @@ class PyMISP(object):
e.analysis = analysis_status e.analysis = analysis_status
return self.update(e) return self.update(e)
def change_distribution(self, event, distribution):
"""Change the distribution of an event"""
e = self._make_mispevent(event)
e.distribution = distribution
return self.update(e)
def change_sharing_group(self, event, sharing_group_id): def change_sharing_group(self, event, sharing_group_id):
"""Change the sharing group of an event""" """Change the sharing group of an event"""
e = self._make_mispevent(event) e = self._make_mispevent(event)
@ -1054,8 +1060,8 @@ class PyMISP(object):
:param normalize: Normalize output | True or False :param normalize: Normalize output | True or False
:param timestamp: Interval since last update (in second, or 1d, 1h, ...) :param timestamp: Interval since last update (in second, or 1d, 1h, ...)
""" """
allowed = {'published': published, 'eventid': eventid, 'tag': tag, 'Dateuntil': dateuntil, allowed = {'published': published, 'eventid': eventid, 'tag': tag, 'dateuntil': dateuntil,
'Datefrom': datefrom, 'eventinfo': eventinfo, 'threatlevel': threatlevel, 'datefrom': datefrom, 'eventinfo': eventinfo, 'threatlevel': threatlevel,
'distribution': distribution, 'analysis': analysis, 'attribute': attribute, 'distribution': distribution, 'analysis': analysis, 'attribute': attribute,
'org': org, 'timestamp': timestamp} 'org': org, 'timestamp': timestamp}
rule_levels = {'distribution': ["0", "1", "2", "3", "!0", "!1", "!2", "!3"], rule_levels = {'distribution': ["0", "1", "2", "3", "!0", "!1", "!2", "!3"],

12
tests/testlive_comprehensive.py
View File

@ -14,7 +14,7 @@ try:
except ImportError as e: except ImportError as e:
print(e) print(e)
url = 'http://localhost:8080' url = 'http://localhost:8080'
key = 'fk5BodCZw8owbscW8pQ4ykMASLeJ4NYhuAbshNjo' key = 'y0rs3LNOP0Y3v6dfSMMdhxj5Oxx9MfaInpRP2pBC'
from uuid import uuid4 from uuid import uuid4
@ -916,6 +916,16 @@ class TestComprehensive(unittest.TestCase):
self.assertEqual(r['Galaxy']['name'], list_name_test) self.assertEqual(r['Galaxy']['name'], list_name_test)
self.assertTrue('GalaxyCluster' in r) self.assertTrue('GalaxyCluster' in r)
def test_zmq(self):
first = self.create_simple_event()
try:
first = self.user_misp_connector.add_event(first)
r = self.admin_misp_connector.pushEventToZMQ(first.id)
self.assertEqual(r['message'], 'Event published to ZMQ')
finally:
# Delete event
self.admin_misp_connector.delete_event(first.id)
@unittest.skip("Currently failing") @unittest.skip("Currently failing")
def test_search_type_event_csv(self): def test_search_type_event_csv(self):
try: try: