MISP
/
PyMISP
mirror of https://github.com/MISP/PyMISP
2
0
Fork 0
Code Issues Releases Wiki Activity

Fix stats_report example to use ExpandedPyMISP 

The stats_report example relied on deprecated functions making it crash.
This has been fixed by upgrading to ExpandedPyMISP. Further checks have
been introduced to ensure used dictionnary keys do exist as the example
also crashed on clean MISP instances due to empty responses.
pull/435/head
Maxime Thiebaut 2019-08-12 13:44:10 +02:00
parent 29cc7142ff
commit e912b3ff93
1 changed files with 26 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
examples/stats_report.py
View File

@ -2,6 +2,7 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
''' '''
Koen Van Impe Koen Van Impe
Maxime Thiebaut
Generate a report of your MISP statistics Generate a report of your MISP statistics
Put this script in crontab to run every /15 or /60 Put this script in crontab to run every /15 or /60
@ -11,7 +12,7 @@ Do inline config in "main"
''' '''
from pymisp import PyMISP from pymisp import ExpandedPyMISP
from keys import misp_url, misp_key, misp_verifycert from keys import misp_url, misp_key, misp_verifycert
import argparse import argparse
import os import os
@ -35,7 +36,7 @@ def init(url, key, verifycert):
''' '''
Template to get MISP module started Template to get MISP module started
''' '''
return PyMISP(url, key, verifycert, 'json') return ExpandedPyMISP(url, key, verifycert, 'json')
@ -60,8 +61,7 @@ def get_data(misp, timeframe):
report = {} report = {}
try: try:
stats_event = misp.search(last=timeframe) stats_event_response = misp.search(last=timeframe)
stats_event_response = stats_event['response']
# Number of new or updated events since timestamp # Number of new or updated events since timestamp
report['number_of_misp_events'] = len(stats_event_response) report['number_of_misp_events'] = len(stats_event_response)
@ -105,10 +105,6 @@ def get_data(misp, timeframe):
attr_category[category] = attr_category[category] + 1 attr_category[category] = attr_category[category] + 1
else: else:
attr_category[category] = 1 attr_category[category] = 1
report['number_of_attributes'] = number_of_attributes
report['number_of_attributes_to_ids'] = number_of_attributes_to_ids
report['attr_type'] = attr_type
report['attr_category'] = attr_category
# Process tags # Process tags
if 'Tag' in event_data: if 'Tag' in event_data:
@ -140,11 +136,6 @@ def get_data(misp, timeframe):
tags_type[tag_title] = tags_type[tag_title] + 1 tags_type[tag_title] = tags_type[tag_title] + 1
else: else:
tags_type[tag_title] = 1 tags_type[tag_title] = 1
report['tags_type'] = tags_type
report['tags_tlp'] = tags_tlp
report['tags_misp_galaxy_mitre'] = tags_misp_galaxy_mitre
report['tags_misp_galaxy'] = tags_misp_galaxy
report['tags_misp_galaxy_threat_actor'] = tags_misp_galaxy_threat_actor
# Process the galaxies # Process the galaxies
if 'Galaxy' in event_data: if 'Galaxy' in event_data:
@ -163,12 +154,21 @@ def get_data(misp, timeframe):
galaxies_cluster[cluster_value] = galaxies_cluster[cluster_value] + 1 galaxies_cluster[cluster_value] = galaxies_cluster[cluster_value] + 1
else: else:
galaxies_cluster[cluster_value] = 1 galaxies_cluster[cluster_value] = 1
report['galaxies'] = galaxies report['number_of_attributes'] = number_of_attributes
report['galaxies_cluster'] = galaxies_cluster report['number_of_attributes_to_ids'] = number_of_attributes_to_ids
report['attr_type'] = attr_type
report['attr_category'] = attr_category
report['tags_type'] = tags_type
report['tags_tlp'] = tags_tlp
report['tags_misp_galaxy_mitre'] = tags_misp_galaxy_mitre
report['tags_misp_galaxy'] = tags_misp_galaxy
report['tags_misp_galaxy_threat_actor'] = tags_misp_galaxy_threat_actor
report['galaxies'] = galaxies
report['galaxies_cluster'] = galaxies_cluster
# General MISP statistics # General MISP statistics
user_statistics = misp.get_users_statistics() user_statistics = misp.users_statistics()
if user_statistics: if user_statistics and 'errors' not in user_statistics:
report['user_statistics'] = user_statistics report['user_statistics'] = user_statistics
# Return the report data # Return the report data
@ -191,12 +191,13 @@ def build_report(report, timeframe, misp_url):
report_body = report_body + '\nNew or updated attributes: %s' % report['number_of_attributes'] report_body = report_body + '\nNew or updated attributes: %s' % report['number_of_attributes']
report_body = report_body + '\nNew or updated attributes with IDS flag: %s' % report['number_of_attributes_to_ids'] report_body = report_body + '\nNew or updated attributes with IDS flag: %s' % report['number_of_attributes_to_ids']
report_body = report_body + '\n' report_body = report_body + '\n'
report_body = report_body + '\nTotal events: %s' % report['user_statistics']['stats']['event_count'] if 'user_statistics' in report:
report_body = report_body + '\nTotal attributes: %s' % report['user_statistics']['stats']['attribute_count'] report_body = report_body + '\nTotal events: %s' % report['user_statistics']['stats']['event_count']
report_body = report_body + '\nTotal users: %s' % report['user_statistics']['stats']['user_count'] report_body = report_body + '\nTotal attributes: %s' % report['user_statistics']['stats']['attribute_count']
report_body = report_body + '\nTotal orgs: %s' % report['user_statistics']['stats']['org_count'] report_body = report_body + '\nTotal users: %s' % report['user_statistics']['stats']['user_count']
report_body = report_body + '\nTotal correlation: %s' % report['user_statistics']['stats']['correlation_count'] report_body = report_body + '\nTotal orgs: %s' % report['user_statistics']['stats']['org_count']
report_body = report_body + '\nTotal proposals: %s' % report['user_statistics']['stats']['proposal_count'] report_body = report_body + '\nTotal correlation: %s' % report['user_statistics']['stats']['correlation_count']
report_body = report_body + '\nTotal proposals: %s' % report['user_statistics']['stats']['proposal_count']
report_body = report_body + '\n\n' report_body = report_body + '\n\n'
@ -204,8 +205,8 @@ def build_report(report, timeframe, misp_url):
report_body = report_body + '\nNew or updated events\n-------------------------------------------------------------------------------' report_body = report_body + '\nNew or updated events\n-------------------------------------------------------------------------------'
attachments['misp_events'] = 'ID;Title;Date;Updated;Published;ThreatLevel;AnalysisStatus' attachments['misp_events'] = 'ID;Title;Date;Updated;Published;ThreatLevel;AnalysisStatus'
for el in report['misp_events']: for el in report['misp_events']:
report_body = report_body + '\n #%s %s (%s) \t%s \n\t\t\t\t(Date: %s, Updated: %s, Published: %s)' % (el['id'], el['threat_level'], el['analysis_completion'], el['title'], el['date'], el['timestamp'], el['publish_timestamp']) report_body = report_body + '\n #%s %s (%s) \t%s \n\t\t\t\t(Date: %s, Updated: %s, Published: %s)' % (el['id'], el['threat_level'], el['analysis_completion'], el['title'].decode('utf-8'), el['date'], el['timestamp'], el['publish_timestamp'])
attachments['misp_events'] = attachments['misp_events'] + '\n%s;%s;%s;%s;%s;%s;%s' % (el['id'], el['title'], el['date'], el['timestamp'], el['publish_timestamp'], el['threat_level'], el['analysis_completion']) attachments['misp_events'] = attachments['misp_events'] + '\n%s;%s;%s;%s;%s;%s;%s' % (el['id'], el['title'].decode('utf-8'), el['date'], el['timestamp'], el['publish_timestamp'], el['threat_level'], el['analysis_completion'])
report_body = report_body + '\n\n' report_body = report_body + '\n\n'