MISP
/
PyMISP
mirror of https://github.com/MISP/PyMISP
2
0
Fork 0
Code Issues Releases Wiki Activity
3,072 Commits
13 Branches
166 Tags
93 MiB
Commit Graph

351 Commits (16edaeb92f9be4d798591bae4e221b8805f63169)

Author SHA1 Message Date
Raphaël Vinot d55a5f90de
Merge pull request #480 from cudeso/master 
Include to_ids and replace newlines in title
 2019-10-16 15:36:57 +02:00
Koen Van Impe 4b08b9baa4 Include to_ids and replace newlines in title 2019-10-16 00:19:12 +02:00
Raphaël Vinot 02659a5782 chg: Add support for rapidjson, refactoring and code cleanup. 2019-10-09 16:07:40 +02:00
Koen Van Impe 5b7eeaa8ab Code cleanup 2019-09-26 20:50:53 +02:00
Koen Van Impe 0e68071ef2 Update type and code cleanup 2019-09-26 20:46:31 +02:00
Koen Van Impe edaae39bc8 List all the sightings - show_sightings.py 2019-09-26 20:31:05 +02:00
Koen Van Impe c8e9aa47d5 Disable to_ids based on false positive sightings reporting 2019-09-24 20:59:46 +02:00
Campbell McKenzie 0fad4d9640 Make client_certs out of the box friendly 2019-09-12 12:42:22 +10:00
Raphaël Vinot 9df636cd37 chg: Update upload malware/attachment example script 
Fix #447

Make data at attibute level more generic with getter/setter methods
 2019-09-04 13:59:25 +02:00
Koen Van Impe f063457261 Include date_from & date_to in subject and report content 2019-08-16 15:11:43 +02:00
Koen Van Impe c149886a88 Allow statistics date_from date_to 
- date_from + date_to
- move misp object creation after argument parser
 2019-08-16 14:55:59 +02:00
Koen Van Impe 3d2930db12 Allow to supply mail options as arguments on command line 2019-08-14 08:46:11 +02:00
Maxime Thiebaut e912b3ff93 Fix stats_report example to use ExpandedPyMISP 
The stats_report example relied on deprecated functions making it crash.
This has been fixed by upgrading to ExpandedPyMISP. Further checks have
been introduced to ensure used dictionnary keys do exist as the example
also crashed on clean MISP instances due to empty responses.
 2019-08-12 13:44:10 +02:00
kovacsbalu f3cb8c89a6 Remove unused line 2019-07-25 08:08:17 +02:00
kovacsbalu 98610fbafc Fix tag help text 
Minor pycodestyle
 2019-07-25 07:55:25 +02:00
Raphaël Vinot b5226a959c fix: Rename filename 2019-07-23 16:47:32 +02:00
Raphaël Vinot 03a7de794a new: [example] Script to load datasets from Scripps CO2 2019-07-23 16:46:28 +02:00
Raphaël Vinot 1dce91af8f chg: [examples] pythonify properly when needed 2019-07-22 12:41:27 +02:00
Raphaël Vinot 7bd130b506 chg: [tests] Toggle pythonify in create_massive_dummy_events 2019-07-22 12:32:03 +02:00
github-pba 969a9618cc Fix for issue 420 2019-07-18 08:45:55 +02:00
Raphaël Vinot e357ec91e9 Merge branch 'master' of github.com:MISP/PyMISP 2019-07-17 16:47:19 +02:00
Raphaël Vinot 6a48faab73 chg: Bump examples to python3 2019-07-17 16:46:47 +02:00
Raphaël Vinot c9d58dad8a chg: Deprecate everything in PyMISP 2019-07-17 11:44:55 +02:00
Koen Van Impe 71b72f8026 Create statistical reports for MISP 
PyMISP script to run every x-days to get an overview of new
events/attributes ; MISP-Galaxies ; MITRE ; Tags

Output of report is on screen or sent via e-mail ; all stats attached
as CSV
 2019-07-13 00:06:37 +02:00
Raphaël Vinot e0fac90310 new: Allow to pass delimiter & quotechar to the CSV loader 2019-07-02 11:55:51 +02:00
Alexandre Dulaunoy 3e70a90b0d
chg: [last] You can now paginate over multiple results in the last example command 
You can do stuff like this:

python3 last.py  -l 48h  -m 10 -p 2  | jq .[].Event.info

which means the last 10 events on second page which are between a
time range of 0 and 48 hours.
 2019-06-24 15:55:01 +02:00
Steve Clement b871ea2bf0
new: [example] Added edit_organisation examples. 2019-06-17 10:36:49 +09:00
Steve Clement 54a2e8657a
fix: [perms] Added try/except for various permission conditions, also create the output dir if not exist 
fix: [try/except] Catch Ctrl-c keyboard interrupt
fix: [style] isort imports
 2019-06-03 14:06:19 +09:00
Koen Van Impe c6d4d21025 Sync sightings between MISP servers 
Sync sightings between MISP servers
Sync from multiple clients to one authoritative MISP instance.
To be run from cron
(blog docu coming)
 2019-05-29 17:00:13 +02:00
iglocska 4bd9180951
fix: [feed generator] Added missing fields 2019-05-22 16:30:36 +02:00
Raphaël Vinot 3b56b218b5 new: Object generator for ssh authorized_keys files. 2019-05-20 16:40:47 +02:00
Jeroen Pinoy 309b767864 Added includeWarninglistHits as a possible filter for the event level restsearch. 2019-05-12 01:08:21 +02:00
Koen Van Impe d016571336 Use misp_verifycert flag 2019-05-06 18:01:29 +02:00
Koen Van Impe 38a2903fc9 Take 'to_ids' setting in account and PEP8 checks 
- Include check if 'to_ids' is included in the data returned from the
import module
- PEP8 checks
 2019-05-06 17:31:52 +02:00
Koen Van Impe 0f49b27794 Automation script that links vmray_submit and vmray_import 
Import finished VMRay tasks ; add attributes to event
Makes use of the 'incomplete' workflow taxonomy
Needs to be put in a cronjob to run in the background
 2019-05-01 22:48:07 +02:00
Raphaël Vinot e5a42b812f new: Add CSV loader 
Fix #376
 2019-04-03 16:28:31 +02:00
Raphaël Vinot 1e060f669f new: Helper to create MISP Objects for regcheck.org.uk 2019-04-02 17:13:07 +02:00
Raphaël Vinot b9d865b756 fix: Use new API in get_csv.py 
Fix #314
 2019-01-03 11:48:53 +01:00
Raphaël Vinot 4c9e6d0ec8 fix: Create massive event using ExpandedPyMISP 2018-12-26 18:28:33 +01:00
Alexandre Dulaunoy 10ccd637d9
chg: [test] set a default distribution for massive event creation 2018-12-24 20:46:26 +01:00
garanews 35b6fc3cb5
fix for last pymisp version 2018-12-04 16:08:00 +00:00
Raphaël Vinot 444a9f5755 Merge branch 'master' into sightingAPI 2018-10-31 16:42:30 +01:00
Christophe Vandeplas 60575d4cf6 fix: readme update + python3 + pep8 
align python path to readme specifying python3
 2018-10-28 13:01:26 +01:00
Sami Mokaddem 26b601e63b new: [example] Added sighting rest search example 2018-10-23 18:46:15 +02:00
juju4 bcb963da64 align examples on custom usage of misp_verifycert 2018-10-14 13:26:03 -04:00
Sami Mokaddem 7195a19a3e fix: prevent checking length on a integer 2018-10-12 14:04:54 +02:00
Sami Mokaddem 186ad41381 new: [freedFromRedis] try to create an object/attribute out of the incoming data even if not added with the helper 2018-10-11 10:17:23 +02:00
Deborah Servili 515857c37c
Fix print 2018-08-30 12:09:55 +02:00
Alexandre Dulaunoy d13f6fb0c0
fix: [search.py] more example of query type added 2018-08-23 10:02:00 +02:00
Christophe Vandeplas 9999801904 yara_dump - fixed private rules causing issues 2018-07-19 12:31:05 +02:00
Raphaël Vinot e568a0cf00 fix: Typo in the *feed methods 2018-04-26 14:43:21 +02:00
Andras Iklody 78d2ac5778
Added missing field to feed generator 2018-04-23 09:12:31 +02:00
Sami Mokaddem 24964989b3 typo 2018-03-30 08:30:11 +02:00
Sami Mokaddem b2d8ce83ce Changed shebang to python3 2018-03-30 08:15:09 +02:00
Raphaël Vinot f937e844dd chg: Make object helpers more generic, cleanup. 2018-03-27 14:57:12 +02:00
Raphaël Vinot 8125b073a1 chg: Update fail2ban helper & example 2018-03-27 10:29:57 +02:00
Raphaël Vinot fbe3687833
Merge pull request #212 from aparriel/fix_add_named_attribute_regression 
Fix add named attribute regression
 2018-03-27 10:00:49 +02:00
Philippe Langlois 1b9c70028f Example of specifying special attribute type in your search: here yara attribute 2018-03-26 18:17:10 +02:00
user 1503508c16 Fix add_named_attribute regression, update add_named_attribute.py example 2018-03-26 17:37:02 +02:00
Raphaël Vinot 0c3d7ca480 fix: typo 2018-03-26 17:10:31 +02:00
Raphaël Vinot 9e44ec6616 fix: Properly create fail2ban object 2018-03-26 17:03:16 +02:00
Raphaël Vinot 22c874e479 fix: Add Info field to the event 2018-03-26 13:58:33 +02:00
Raphaël Vinot 8ebb963adf new: add preliminary fail2ban object 2018-03-26 12:07:40 +02:00
Raphaël Vinot 5c6314c45c new: Add email object generator 2018-03-18 23:21:29 +01:00
Sami Mokaddem fdd9833cd0
Update README.md 
Replaced WHAT by Description
 2018-03-13 17:26:55 +01:00
Sami Mokaddem cd85238b29
Update README.md 
Added example of flush operation
 2018-03-13 17:24:19 +01:00
Alexandre Dulaunoy ba98c71abc
Merge pull request #204 from mokaddem/redis-feed-generator 
Realtime feed generator
 2018-03-12 17:07:57 +01:00
Sami Mokaddem 6553519e3b Added more examples 2018-03-12 16:55:21 +01:00
Sami Mokaddem 364d685e0c Added usage in README 2018-03-12 16:40:06 +01:00
Sami Mokaddem 91262662c4 Added MISPItemToRedis and updated readme accordingly 2018-03-12 16:13:34 +01:00
Sami Mokaddem 39fc05aad9 Updated readme 2 2018-03-12 15:41:02 +01:00
Sami Mokaddem 80517aaf41 Updated readme 2018-03-12 15:34:12 +01:00
Sami Mokaddem 38c22ba954 Moved object constructor into their own folder 2018-03-12 15:22:58 +01:00
Sami Mokaddem d898bb3857 feature: Added support of MISP object constructor instead of the generic_generator 2018-03-12 15:17:25 +01:00
Sami Mokaddem 81d3532877 Added brief object description 2018-03-12 10:25:25 +01:00
Sami Mokaddem aa3f3b85f0 removed unused function 2018-03-12 10:19:05 +01:00
weslambert 58dd9878de
fix typo(s) 2018-03-10 08:04:18 -05:00
Sami Mokaddem e1a9fe1d85 Generator handles file flushing itself 2018-03-09 17:06:00 +01:00
Sami Mokaddem f6828c4394 Added description of generator object 2018-03-09 15:51:26 +01:00
Sami Mokaddem 828aa8e6e3 Updated README 2018-03-09 15:39:19 +01:00
Sami Mokaddem fdaa4c790c Creation of the generator object which permit to easily add attributes 
and objects to daily events, stored as a MISP feed.
Plus, script fromredis which pops queue element in redis to put them in
the feed
 2018-03-09 15:31:13 +01:00
Sami Mokaddem 61ce67cd1c Added install script 2018-03-08 17:39:14 +01:00
Sami Mokaddem c04a3709f9 Added support of MISP Object 2018-03-08 17:33:39 +01:00
Sami Mokaddem 22efb64f14 Overhall seems to work, need testing 2018-03-08 14:19:28 +01:00
Sami Mokaddem 188c452a39 Init draft of redis to feed 2018-03-08 12:01:35 +01:00
Raphaël Vinot 7195c6580a
Merge pull request #197 from RichieB2B/misp2cef 
Add misp2cef example
 2018-02-26 17:26:54 +01:00
Richard van den Berg 7dd2f54196 Add misp2cef example 2018-02-26 16:51:14 +01:00
Richard van den Berg a04388f99a Use from_dict 2018-02-26 11:25:14 +01:00
Raphaël Vinot 6a3b05fd25 fix: do not try to upload objects in case make_binary_objects fails 
Fix #192
 2018-02-23 11:17:54 +01:00
Koen Van Impe b6eb65c77f Prevent unpublished events to be included in feed 
Change default proposed config
 2018-02-06 21:41:03 +01:00
Raphaël Vinot e937c3ae81 new: Add bindings for Galaxies and Taxonimies 2018-01-26 17:02:47 +01:00
Raphaël Vinot 250190e8a8 new: Add bindings to PyMISPWarninglists 2018-01-25 17:56:30 +01:00
Raphaël Vinot e2bb66d01c chg: Cleanup new sbsignature generator 2018-01-23 11:07:36 +01:00
garanews db235899bf sb-signature library 
Created sb-signature library with relative example for testing.
Thanks @dadokkio
 2018-01-23 10:35:21 +01:00
Andras Iklody 89e900671c
Update settings.default.py 2018-01-11 11:58:50 +01:00
Eric Jaw 66ccf54c12 fix: Typo in error output text description 2017-12-06 11:07:36 -05:00
Raphaël Vinot 9c7923fe0a new: Add get CSV method. 2017-12-01 12:01:42 +01:00
Raphaël Vinot 0875ad4a5f chg: Add example file to push OpenIOC file to MISP 
chg: Add some imports in the tool's init file
 2017-11-28 11:54:08 +01:00
Raphaël Vinot bfe9867b2e chg: Add a generic MISP object generator 2017-11-15 17:37:17 +01:00
Raphaël Vinot 0f21a561b0 chg: Allow to add multiple attribute of the same type 2017-11-15 09:41:20 +01:00
iglocska 195cd6d7fc Rework of the feed generator 
- use objects, attribute tags and object references correctly
- generate quickhashlist for fast lookups / future MISP caching mechanism
- saner structure (herp-a-derp)
 2017-11-04 14:18:15 +01:00
Raphaël Vinot ea327ceffb chg: Update asciidoctor generator 2017-10-28 16:58:50 -04:00
Thomas Gardner d293476c6a Merge branch 'master' of https://github.com/MISP/PyMISP 2017-10-25 11:34:23 -04:00
Thomas Gardner e2d690d0ef added vtreportobject and vt_to_misp example 2017-10-25 09:48:18 -04:00
garanews 4152435250 Created add_generic_object.py 
usage: add_generic_object.py [-h] -e EVENT -t TYPE -d DICT

Examples:
python3 add_generic_object.py -e 1683 -t email -d '{"subject":"The Pink Letter", "to":"jon@snow.org"}'
python3 add_generic_object.py -e 2343 -t person -d '{"first-name":"Daenerys", "last-name":"Targaryen", "place-of-birth":"Dragonstone"}'
python3 add_generic_object.py -e 3596 -t "domain|ip" -d '{"domain":"stormborn.org", "ip":"50.63.202.33"}'
 2017-10-25 09:43:17 -04:00
Raphaël Vinot 2bfd091774 Merge branch 'master' of github.com:MISP/PyMISP 2017-10-24 18:09:27 -04:00
Raphaël Vinot 6517081fab chg: Add simple asciidoc generator for MISP event 2017-10-24 18:09:10 -04:00
garanews 94e3419c39 Created add_generic_object.py 
usage: add_generic_object.py [-h] -e EVENT -t TYPE -d DICT

Examples:
python3 add_generic_object.py -e 1683 -t email -d '{"subject":"The Pink Letter", "to":"jon@snow.org"}'
python3 add_generic_object.py -e 2343 -t person -d '{"first-name":"Daenerys", "last-name":"Targaryen", "place-of-birth":"Dragonstone"}'
python3 add_generic_object.py -e 3596 -t "domain|ip" -d '{"domain":"stormborn.org", "ip":"50.63.202.33"}'
 2017-10-20 09:55:46 +02:00
Raphaël Vinot b1989f16f2 Merge branch 'objects' 2017-09-18 11:43:48 +01:00
Raphaël Vinot 2bc0745fbf Refactoring in order to load objects 2017-08-28 19:16:20 +02:00
Raphaël Vinot f06bfd310b Do not fail if pymisp is not installed 2017-08-25 16:38:12 +02:00
Raphaël Vinot f66af15c62 Update get_template_id, cleanup 2017-08-25 09:45:56 +02:00
Raphaël Vinot c09ce0032c Refactor all the things 
Add script for MISP core, make everything generic.
 2017-08-24 19:21:52 +02:00
Raphaël Vinot 77845bd813 Update file/pe/pe-sections objects creator. 2017-08-23 15:37:04 +02:00
Raphaël Vinot 2fd3b05202 Update accordingly to the current server implementation 2017-07-24 17:16:40 +02:00
Sebastian Wagner 5a85788c5d
Fix shebangs and executable permissions 
Files containing a shebang should be executable (examples/*.py)
Non-executable files should not contain a shebang (pymisp/...)

spotted with rpmlint
 2017-07-24 13:27:28 +02:00
Raphaël Vinot 9f595251d5 Add sample for get_attachment 2017-07-18 11:15:28 +02:00
Raphaël Vinot a0273b8a43 Merge branch 'master' of github.com:CIRCL/PyMISP 2017-07-11 16:15:59 +02:00
obsidianpentesting 17e44c1c74 Example script to invoke the cache_all_feeds() from PyMISP. 2017-07-06 16:07:34 -05:00
raw-data 8b90a85254 fix args.quiet and status msgs 2017-07-03 21:16:38 +01:00
raw-data 73b66af0d3 add multithreaded suricata search code, fetching ids rules based on parameters and terms 2017-06-28 14:21:43 +01:00
Alexandre Dulaunoy 4f66996366 Merge pull request #92 from deralexxx/patch-4 
use misp_verifycert
 2017-06-20 12:00:32 +02:00
Alexander J ef1eda5028 Create README.md 2017-06-20 11:24:02 +02:00
Alexander J 41b159b596 use misp_verifycert 
misp_verifycert
 2017-06-19 16:27:07 +02:00
Raphaël Vinot 72a484ca32 Add support for freetext import in the API. 2017-06-13 15:37:39 +02:00
CheYenBzh 5c74a2474f Create fetch_events_feed.py 2017-05-29 14:03:21 +02:00
Paul A 36cf46acd9 Fixed the JSON output format (\n breaks JSON loading afterwards) 2017-05-02 16:27:37 +02:00
Hannah Ward 3e3e8b1306 Merge branch 'master' of github.com:MISP/PyMISP 2017-04-07 16:28:17 +01:00
Hannah Ward 3da2a54ea1
fix: Update script had `latest`'s docstrings 2017-04-07 16:09:38 +01:00
Paul dd3ce6c758 Update last.py 2017-04-06 14:23:04 +02:00
Paul 51f49ddcaa Updated last.py to dump json results straight away 
Output was not usable with cli utilities such as: ```cat results.json | python -m simplejson.tool```. 
It's now usable and works perfectly.
 2017-04-06 14:20:00 +02:00
Student CIRCL 4d2861780e Treemap.py requirements updated in the README.MD file 2017-04-03 17:07:52 +02:00
Raphaël Vinot 6dc422de72 Cleanup misp2clamav 2017-03-27 17:43:11 +02:00
Richard van den Berg 9fb9715c8e Add misp2clamav 2017-03-27 16:50:56 +02:00
Nick Driver 9aec74b01c Example using the search() function 
Accepts specific parameters from search() instead of just using search_all().
 2017-03-09 15:57:15 -05:00
Raphaël Vinot fc80e711a9 Merge branch 'master' of github.com:MISP/PyMISP 2017-03-09 16:33:29 +01:00
Raphaël Vinot 1da447abf2 Reorganisation, make add attribute more flexible 2017-03-09 16:32:51 +01:00
rmarsollier 8ae32703e8 example using tag() function instead of add_tag() 2017-03-08 10:51:47 +01:00
Déborah Servili a4f90a7ac1 add legend 2017-02-03 16:34:50 +01:00
Déborah Servili 03089ea7da Merge branch 'master' of https://github.com/MISP/PyMISP 2017-02-03 16:16:58 +01:00
Déborah Servili 910cfda4bc restore file deleted by mistake 2017-02-03 16:16:18 +01:00
Déborah Servili f8be16a905 add ta_scatter.py script & reorganise tools 2017-02-03 16:12:02 +01:00
Christophe Vandeplas ff921ec6a6 YARA dumper for all rules 
This dumper also does YARA rule validation, ignores invalid rules and prevents duplicate rule names. The output is a file called misp.yara which can be used with your favorite YARA tool.
 2017-02-03 10:43:57 +01:00
Alexander J 7b0e3b521a make it little more readable 
guess that way it is easier to understand
 2017-01-26 10:39:10 +01:00
Déborah Servili 87b5eb84bb exemple addtag (dirty) 2017-01-24 15:31:50 +01:00
Raphaël Vinot 35a4dd52bc Add signing support for MISP events 2016-11-17 17:07:29 +01:00
Déborah Servili 3cadc1a78d Improvements in the user api 2016-11-04 12:00:42 +01:00
Déborah Servili a11e26f80b Improvements in the user api 2016-11-04 11:58:21 +01:00
Alexandre Dulaunoy 55b4a0725b Neo4j stuff moved into graphdb directory 2016-11-04 09:31:52 +01:00
Alexandre Dulaunoy bbf9198787 Moving Neo4j into graphdb 2016-11-04 09:31:31 +01:00