mirror of https://github.com/MISP/PyMISP
Merge remote-tracking branch 'upstream/master'
commit
e3d98b409c
|
@ -53,6 +53,30 @@
|
|||
"```"
|
||||
]
|
||||
},
|
||||
{
|
||||
"cell_type": "markdown",
|
||||
"metadata": {},
|
||||
"source": [
|
||||
"# Getting the API key (automatically generated on the trainig VM)"
|
||||
]
|
||||
},
|
||||
{
|
||||
"cell_type": "code",
|
||||
"execution_count": null,
|
||||
"metadata": {},
|
||||
"outputs": [],
|
||||
"source": [
|
||||
"from pathlib import Path\n",
|
||||
"\n",
|
||||
"api_file = Path('apikey')\n",
|
||||
"if api_file.exists():\n",
|
||||
" misp_url = 'http://127.0.0.1'\n",
|
||||
" misp_verifycert = False\n",
|
||||
" with open(api_file) as f:\n",
|
||||
" misp_key = f.read().strip()\n",
|
||||
" print(misp_key)"
|
||||
]
|
||||
},
|
||||
{
|
||||
"cell_type": "markdown",
|
||||
"metadata": {},
|
||||
|
@ -350,7 +374,7 @@
|
|||
"misp_object.add_attribute('ip', value='149.13.33.14')\n",
|
||||
"misp_object.add_attribute('first-seen', value='2018-04-11')\n",
|
||||
"misp_object.add_attribute('last-seen', value='2018-06-11')\n",
|
||||
"misp_object.add_reference(circl_attr.uuid, 'related-to', 'Expanded with passive DNS entry')\n",
|
||||
"misp_object.add_reference(obj_attr.uuid, 'related-to', 'Expanded with passive DNS entry')\n",
|
||||
"\n",
|
||||
"print(event.to_json())\n"
|
||||
]
|
||||
|
@ -656,7 +680,7 @@
|
|||
"misp_url = 'http://127.0.0.1:8080'\n",
|
||||
"# Can be found in the MISP web interface under \n",
|
||||
"# http://+MISP_URL+/users/view/me -> Authkey\n",
|
||||
"misp_key = 'yB8DMS8LkfYYpcVX8bN2v7xwDZDMp4bpW0sNqNGj'\n",
|
||||
"misp_key = 'xe5okWNY2OB3O9ljR6t2cJPNsv4u1VZB0C1mKwtB'\n",
|
||||
"# Should PyMISP verify the MISP certificate\n",
|
||||
"misp_verifycert = False\n",
|
||||
"\n",
|
||||
|
@ -763,7 +787,7 @@
|
|||
"name": "python",
|
||||
"nbconvert_exporter": "python",
|
||||
"pygments_lexer": "ipython3",
|
||||
"version": "3.6.3"
|
||||
"version": "3.6.5"
|
||||
}
|
||||
},
|
||||
"nbformat": 4,
|
||||
|
|
|
@ -30,6 +30,37 @@
|
|||
"misp_verifycert = False"
|
||||
]
|
||||
},
|
||||
{
|
||||
"cell_type": "markdown",
|
||||
"metadata": {},
|
||||
"source": [
|
||||
"# Getting the API key (automatically generated on the trainig VM)"
|
||||
]
|
||||
},
|
||||
{
|
||||
"cell_type": "code",
|
||||
"execution_count": null,
|
||||
"metadata": {},
|
||||
"outputs": [],
|
||||
"source": [
|
||||
"from pathlib import Path\n",
|
||||
"\n",
|
||||
"api_file = Path('apikey')\n",
|
||||
"if api_file.exists():\n",
|
||||
" misp_url = 'http://127.0.0.1'\n",
|
||||
" misp_verifycert = False\n",
|
||||
" with open(api_file) as f:\n",
|
||||
" misp_key = f.read().strip()\n",
|
||||
" print(misp_key)"
|
||||
]
|
||||
},
|
||||
{
|
||||
"cell_type": "markdown",
|
||||
"metadata": {},
|
||||
"source": [
|
||||
"# Initialize PyMISP"
|
||||
]
|
||||
},
|
||||
{
|
||||
"cell_type": "code",
|
||||
"execution_count": null,
|
||||
|
|
|
@ -7,12 +7,43 @@
|
|||
"outputs": [],
|
||||
"source": [
|
||||
"# The URL of the MISP instance to connect to\n",
|
||||
"misp_url = 'https://<URL>/'\n",
|
||||
"misp_url = 'http://127.0.0.1:8080'\n",
|
||||
"# Can be found in the MISP web interface under \n",
|
||||
"# http://+MISP_URL+/users/view/me -> Authkey\n",
|
||||
"misp_key = '<KEY>'\n",
|
||||
"misp_key = 'xe5okWNY2OB3O9ljR6t2cJPNsv4u1VZB0C1mKwtB'\n",
|
||||
"# Should PyMISP verify the MISP certificate\n",
|
||||
"misp_verifycert = True"
|
||||
"misp_verifycert = False"
|
||||
]
|
||||
},
|
||||
{
|
||||
"cell_type": "markdown",
|
||||
"metadata": {},
|
||||
"source": [
|
||||
"# Getting the API key (automatically generated on the trainig VM)"
|
||||
]
|
||||
},
|
||||
{
|
||||
"cell_type": "code",
|
||||
"execution_count": null,
|
||||
"metadata": {},
|
||||
"outputs": [],
|
||||
"source": [
|
||||
"from pathlib import Path\n",
|
||||
"\n",
|
||||
"api_file = Path('apikey')\n",
|
||||
"if api_file.exists():\n",
|
||||
" misp_url = 'http://127.0.0.1'\n",
|
||||
" misp_verifycert = False\n",
|
||||
" with open(api_file) as f:\n",
|
||||
" misp_key = f.read().strip()\n",
|
||||
" print(misp_key)"
|
||||
]
|
||||
},
|
||||
{
|
||||
"cell_type": "markdown",
|
||||
"metadata": {},
|
||||
"source": [
|
||||
"# Initialize PyMISP"
|
||||
]
|
||||
},
|
||||
{
|
||||
|
@ -48,7 +79,8 @@
|
|||
"metadata": {},
|
||||
"outputs": [],
|
||||
"source": [
|
||||
"r = misp.search_index(published=False)"
|
||||
"r = misp.search_index(published=False)\n",
|
||||
"print(r)"
|
||||
]
|
||||
},
|
||||
{
|
||||
|
@ -130,7 +162,8 @@
|
|||
"metadata": {},
|
||||
"outputs": [],
|
||||
"source": [
|
||||
"r = misp.search_index(attribute='8.8.8.8')"
|
||||
"r = misp.search_index(attribute='8.8.8.8')\n",
|
||||
"print(r)"
|
||||
]
|
||||
},
|
||||
{
|
||||
|
@ -162,7 +195,8 @@
|
|||
"metadata": {},
|
||||
"outputs": [],
|
||||
"source": [
|
||||
"r = misp.search_index(timestamp='1h')"
|
||||
"r = misp.search_index(timestamp='1h')\n",
|
||||
"print(r)"
|
||||
]
|
||||
},
|
||||
{
|
||||
|
@ -206,7 +240,8 @@
|
|||
"metadata": {},
|
||||
"outputs": [],
|
||||
"source": [
|
||||
"r = misp.search(values='8.8.8.8')"
|
||||
"r = misp.search(values='8.8.8.8')\n",
|
||||
"print(r)"
|
||||
]
|
||||
},
|
||||
{
|
||||
|
@ -357,7 +392,7 @@
|
|||
"name": "python",
|
||||
"nbconvert_exporter": "python",
|
||||
"pygments_lexer": "ipython3",
|
||||
"version": "3.6.3"
|
||||
"version": "3.6.5"
|
||||
}
|
||||
},
|
||||
"nbformat": 4,
|
||||
|
|
|
@ -25,8 +25,46 @@
|
|||
"# http://+MISP_URL+/users/view/me -> Authkey\n",
|
||||
"misp_key = 'yB8DMS8LkfYYpcVX8bN2v7xwDZDMp4bpW0sNqNGj'\n",
|
||||
"# Should PyMISP verify the MISP certificate\n",
|
||||
"misp_verifycert = False\n",
|
||||
"misp_verifycert = False"
|
||||
]
|
||||
},
|
||||
{
|
||||
"cell_type": "markdown",
|
||||
"metadata": {},
|
||||
"source": [
|
||||
"# Getting the API key (automatically generated on the trainig VM)"
|
||||
]
|
||||
},
|
||||
{
|
||||
"cell_type": "code",
|
||||
"execution_count": null,
|
||||
"metadata": {},
|
||||
"outputs": [],
|
||||
"source": [
|
||||
"from pathlib import Path\n",
|
||||
"\n",
|
||||
"api_file = Path('apikey')\n",
|
||||
"if api_file.exists():\n",
|
||||
" misp_url = 'http://127.0.0.1'\n",
|
||||
" misp_verifycert = False\n",
|
||||
" with open(api_file) as f:\n",
|
||||
" misp_key = f.read().strip()\n",
|
||||
" print(misp_key)"
|
||||
]
|
||||
},
|
||||
{
|
||||
"cell_type": "markdown",
|
||||
"metadata": {},
|
||||
"source": [
|
||||
"# Initialize PyMISP"
|
||||
]
|
||||
},
|
||||
{
|
||||
"cell_type": "code",
|
||||
"execution_count": null,
|
||||
"metadata": {},
|
||||
"outputs": [],
|
||||
"source": [
|
||||
"misp = PyMISP(misp_url, misp_key, misp_verifycert)"
|
||||
]
|
||||
},
|
||||
|
@ -460,7 +498,7 @@
|
|||
"name": "python",
|
||||
"nbconvert_exporter": "python",
|
||||
"pygments_lexer": "ipython3",
|
||||
"version": "3.6.3"
|
||||
"version": "3.6.5"
|
||||
}
|
||||
},
|
||||
"nbformat": 4,
|
||||
|
|
|
@ -468,6 +468,12 @@ class PyMISP(object):
|
|||
e.analysis = analysis_status
|
||||
return self.update(e)
|
||||
|
||||
def change_distribution(self, event, distribution):
|
||||
"""Change the distribution of an event"""
|
||||
e = self._make_mispevent(event)
|
||||
e.distribution = distribution
|
||||
return self.update(e)
|
||||
|
||||
def change_sharing_group(self, event, sharing_group_id):
|
||||
"""Change the sharing group of an event"""
|
||||
e = self._make_mispevent(event)
|
||||
|
@ -1054,8 +1060,8 @@ class PyMISP(object):
|
|||
:param normalize: Normalize output | True or False
|
||||
:param timestamp: Interval since last update (in second, or 1d, 1h, ...)
|
||||
"""
|
||||
allowed = {'published': published, 'eventid': eventid, 'tag': tag, 'Dateuntil': dateuntil,
|
||||
'Datefrom': datefrom, 'eventinfo': eventinfo, 'threatlevel': threatlevel,
|
||||
allowed = {'published': published, 'eventid': eventid, 'tag': tag, 'dateuntil': dateuntil,
|
||||
'datefrom': datefrom, 'eventinfo': eventinfo, 'threatlevel': threatlevel,
|
||||
'distribution': distribution, 'analysis': analysis, 'attribute': attribute,
|
||||
'org': org, 'timestamp': timestamp}
|
||||
rule_levels = {'distribution': ["0", "1", "2", "3", "!0", "!1", "!2", "!3"],
|
||||
|
|
|
@ -14,7 +14,7 @@ try:
|
|||
except ImportError as e:
|
||||
print(e)
|
||||
url = 'http://localhost:8080'
|
||||
key = 'fk5BodCZw8owbscW8pQ4ykMASLeJ4NYhuAbshNjo'
|
||||
key = 'y0rs3LNOP0Y3v6dfSMMdhxj5Oxx9MfaInpRP2pBC'
|
||||
|
||||
from uuid import uuid4
|
||||
|
||||
|
@ -916,6 +916,16 @@ class TestComprehensive(unittest.TestCase):
|
|||
self.assertEqual(r['Galaxy']['name'], list_name_test)
|
||||
self.assertTrue('GalaxyCluster' in r)
|
||||
|
||||
def test_zmq(self):
|
||||
first = self.create_simple_event()
|
||||
try:
|
||||
first = self.user_misp_connector.add_event(first)
|
||||
r = self.admin_misp_connector.pushEventToZMQ(first.id)
|
||||
self.assertEqual(r['message'], 'Event published to ZMQ')
|
||||
finally:
|
||||
# Delete event
|
||||
self.admin_misp_connector.delete_event(first.id)
|
||||
|
||||
@unittest.skip("Currently failing")
|
||||
def test_search_type_event_csv(self):
|
||||
try:
|
||||
|
|
Loading…
Reference in New Issue