MISP
/
PyMISP
mirror of https://github.com/MISP/PyMISP
2
0
Fork 0
Code Issues Releases Wiki Activity
1,869 Commits
13 Branches
166 Tags
93 MiB
Commit Graph

284 Commits (70dca1d4087cd6e30f2d3403dbc997d3eb2bab26)

Author SHA1 Message Date
Raphaël Vinot 1dce91af8f chg: [examples] pythonify properly when needed 2019-07-22 12:41:27 +02:00
Raphaël Vinot 7bd130b506 chg: [tests] Toggle pythonify in create_massive_dummy_events 2019-07-22 12:32:03 +02:00
github-pba 969a9618cc Fix for issue 420 2019-07-18 08:45:55 +02:00
Raphaël Vinot e357ec91e9 Merge branch 'master' of github.com:MISP/PyMISP 2019-07-17 16:47:19 +02:00
Raphaël Vinot 6a48faab73 chg: Bump examples to python3 2019-07-17 16:46:47 +02:00
Raphaël Vinot c9d58dad8a chg: Deprecate everything in PyMISP 2019-07-17 11:44:55 +02:00
Koen Van Impe 71b72f8026 Create statistical reports for MISP 
PyMISP script to run every x-days to get an overview of new
events/attributes ; MISP-Galaxies ; MITRE ; Tags

Output of report is on screen or sent via e-mail ; all stats attached
as CSV
 2019-07-13 00:06:37 +02:00
Raphaël Vinot e0fac90310 new: Allow to pass delimiter & quotechar to the CSV loader 2019-07-02 11:55:51 +02:00
Alexandre Dulaunoy 3e70a90b0d
chg: [last] You can now paginate over multiple results in the last example command 
You can do stuff like this:

python3 last.py  -l 48h  -m 10 -p 2  | jq .[].Event.info

which means the last 10 events on second page which are between a
time range of 0 and 48 hours.
 2019-06-24 15:55:01 +02:00
Steve Clement b871ea2bf0
new: [example] Added edit_organisation examples. 2019-06-17 10:36:49 +09:00
Steve Clement 54a2e8657a
fix: [perms] Added try/except for various permission conditions, also create the output dir if not exist 
fix: [try/except] Catch Ctrl-c keyboard interrupt
fix: [style] isort imports
 2019-06-03 14:06:19 +09:00
Koen Van Impe c6d4d21025 Sync sightings between MISP servers 
Sync sightings between MISP servers
Sync from multiple clients to one authoritative MISP instance.
To be run from cron
(blog docu coming)
 2019-05-29 17:00:13 +02:00
iglocska 4bd9180951
fix: [feed generator] Added missing fields 2019-05-22 16:30:36 +02:00
Raphaël Vinot 3b56b218b5 new: Object generator for ssh authorized_keys files. 2019-05-20 16:40:47 +02:00
Jeroen Pinoy 309b767864 Added includeWarninglistHits as a possible filter for the event level restsearch. 2019-05-12 01:08:21 +02:00
Koen Van Impe d016571336 Use misp_verifycert flag 2019-05-06 18:01:29 +02:00
Koen Van Impe 38a2903fc9 Take 'to_ids' setting in account and PEP8 checks 
- Include check if 'to_ids' is included in the data returned from the
import module
- PEP8 checks
 2019-05-06 17:31:52 +02:00
Koen Van Impe 0f49b27794 Automation script that links vmray_submit and vmray_import 
Import finished VMRay tasks ; add attributes to event
Makes use of the 'incomplete' workflow taxonomy
Needs to be put in a cronjob to run in the background
 2019-05-01 22:48:07 +02:00
Raphaël Vinot e5a42b812f new: Add CSV loader 
Fix #376
 2019-04-03 16:28:31 +02:00
Raphaël Vinot 1e060f669f new: Helper to create MISP Objects for regcheck.org.uk 2019-04-02 17:13:07 +02:00
Raphaël Vinot b9d865b756 fix: Use new API in get_csv.py 
Fix #314
 2019-01-03 11:48:53 +01:00
Raphaël Vinot 4c9e6d0ec8 fix: Create massive event using ExpandedPyMISP 2018-12-26 18:28:33 +01:00
Alexandre Dulaunoy 10ccd637d9
chg: [test] set a default distribution for massive event creation 2018-12-24 20:46:26 +01:00
garanews 35b6fc3cb5
fix for last pymisp version 2018-12-04 16:08:00 +00:00
Raphaël Vinot 444a9f5755 Merge branch 'master' into sightingAPI 2018-10-31 16:42:30 +01:00
Christophe Vandeplas 60575d4cf6 fix: readme update + python3 + pep8 
align python path to readme specifying python3
 2018-10-28 13:01:26 +01:00
Sami Mokaddem 26b601e63b new: [example] Added sighting rest search example 2018-10-23 18:46:15 +02:00
juju4 bcb963da64 align examples on custom usage of misp_verifycert 2018-10-14 13:26:03 -04:00
Sami Mokaddem 7195a19a3e fix: prevent checking length on a integer 2018-10-12 14:04:54 +02:00
Sami Mokaddem 186ad41381 new: [freedFromRedis] try to create an object/attribute out of the incoming data even if not added with the helper 2018-10-11 10:17:23 +02:00
Deborah Servili 515857c37c
Fix print 2018-08-30 12:09:55 +02:00
Alexandre Dulaunoy d13f6fb0c0
fix: [search.py] more example of query type added 2018-08-23 10:02:00 +02:00
Christophe Vandeplas 9999801904 yara_dump - fixed private rules causing issues 2018-07-19 12:31:05 +02:00
Raphaël Vinot e568a0cf00 fix: Typo in the *feed methods 2018-04-26 14:43:21 +02:00
Andras Iklody 78d2ac5778
Added missing field to feed generator 2018-04-23 09:12:31 +02:00
Sami Mokaddem 24964989b3 typo 2018-03-30 08:30:11 +02:00
Sami Mokaddem b2d8ce83ce Changed shebang to python3 2018-03-30 08:15:09 +02:00
Raphaël Vinot f937e844dd chg: Make object helpers more generic, cleanup. 2018-03-27 14:57:12 +02:00
Raphaël Vinot 8125b073a1 chg: Update fail2ban helper & example 2018-03-27 10:29:57 +02:00
Raphaël Vinot fbe3687833
Merge pull request #212 from aparriel/fix_add_named_attribute_regression 
Fix add named attribute regression
 2018-03-27 10:00:49 +02:00
Philippe Langlois 1b9c70028f Example of specifying special attribute type in your search: here yara attribute 2018-03-26 18:17:10 +02:00
user 1503508c16 Fix add_named_attribute regression, update add_named_attribute.py example 2018-03-26 17:37:02 +02:00
Raphaël Vinot 0c3d7ca480 fix: typo 2018-03-26 17:10:31 +02:00
Raphaël Vinot 9e44ec6616 fix: Properly create fail2ban object 2018-03-26 17:03:16 +02:00
Raphaël Vinot 22c874e479 fix: Add Info field to the event 2018-03-26 13:58:33 +02:00
Raphaël Vinot 8ebb963adf new: add preliminary fail2ban object 2018-03-26 12:07:40 +02:00
Raphaël Vinot 5c6314c45c new: Add email object generator 2018-03-18 23:21:29 +01:00
Sami Mokaddem fdd9833cd0
Update README.md 
Replaced WHAT by Description
 2018-03-13 17:26:55 +01:00
Sami Mokaddem cd85238b29
Update README.md 
Added example of flush operation
 2018-03-13 17:24:19 +01:00
Alexandre Dulaunoy ba98c71abc
Merge pull request #204 from mokaddem/redis-feed-generator 
Realtime feed generator
 2018-03-12 17:07:57 +01:00
Sami Mokaddem 6553519e3b Added more examples 2018-03-12 16:55:21 +01:00
Sami Mokaddem 364d685e0c Added usage in README 2018-03-12 16:40:06 +01:00
Sami Mokaddem 91262662c4 Added MISPItemToRedis and updated readme accordingly 2018-03-12 16:13:34 +01:00
Sami Mokaddem 39fc05aad9 Updated readme 2 2018-03-12 15:41:02 +01:00
Sami Mokaddem 80517aaf41 Updated readme 2018-03-12 15:34:12 +01:00
Sami Mokaddem 38c22ba954 Moved object constructor into their own folder 2018-03-12 15:22:58 +01:00
Sami Mokaddem d898bb3857 feature: Added support of MISP object constructor instead of the generic_generator 2018-03-12 15:17:25 +01:00
Sami Mokaddem 81d3532877 Added brief object description 2018-03-12 10:25:25 +01:00
Sami Mokaddem aa3f3b85f0 removed unused function 2018-03-12 10:19:05 +01:00
weslambert 58dd9878de
fix typo(s) 2018-03-10 08:04:18 -05:00
Sami Mokaddem e1a9fe1d85 Generator handles file flushing itself 2018-03-09 17:06:00 +01:00
Sami Mokaddem f6828c4394 Added description of generator object 2018-03-09 15:51:26 +01:00
Sami Mokaddem 828aa8e6e3 Updated README 2018-03-09 15:39:19 +01:00
Sami Mokaddem fdaa4c790c Creation of the generator object which permit to easily add attributes 
and objects to daily events, stored as a MISP feed.
Plus, script fromredis which pops queue element in redis to put them in
the feed
 2018-03-09 15:31:13 +01:00
Sami Mokaddem 61ce67cd1c Added install script 2018-03-08 17:39:14 +01:00
Sami Mokaddem c04a3709f9 Added support of MISP Object 2018-03-08 17:33:39 +01:00
Sami Mokaddem 22efb64f14 Overhall seems to work, need testing 2018-03-08 14:19:28 +01:00
Sami Mokaddem 188c452a39 Init draft of redis to feed 2018-03-08 12:01:35 +01:00
Raphaël Vinot 7195c6580a
Merge pull request #197 from RichieB2B/misp2cef 
Add misp2cef example
 2018-02-26 17:26:54 +01:00
Richard van den Berg 7dd2f54196 Add misp2cef example 2018-02-26 16:51:14 +01:00
Richard van den Berg a04388f99a Use from_dict 2018-02-26 11:25:14 +01:00
Raphaël Vinot 6a3b05fd25 fix: do not try to upload objects in case make_binary_objects fails 
Fix #192
 2018-02-23 11:17:54 +01:00
Koen Van Impe b6eb65c77f Prevent unpublished events to be included in feed 
Change default proposed config
 2018-02-06 21:41:03 +01:00
Raphaël Vinot e937c3ae81 new: Add bindings for Galaxies and Taxonimies 2018-01-26 17:02:47 +01:00
Raphaël Vinot 250190e8a8 new: Add bindings to PyMISPWarninglists 2018-01-25 17:56:30 +01:00
Raphaël Vinot e2bb66d01c chg: Cleanup new sbsignature generator 2018-01-23 11:07:36 +01:00
garanews db235899bf sb-signature library 
Created sb-signature library with relative example for testing.
Thanks @dadokkio
 2018-01-23 10:35:21 +01:00
Andras Iklody 89e900671c
Update settings.default.py 2018-01-11 11:58:50 +01:00
Eric Jaw 66ccf54c12 fix: Typo in error output text description 2017-12-06 11:07:36 -05:00
Raphaël Vinot 9c7923fe0a new: Add get CSV method. 2017-12-01 12:01:42 +01:00
Raphaël Vinot 0875ad4a5f chg: Add example file to push OpenIOC file to MISP 
chg: Add some imports in the tool's init file
 2017-11-28 11:54:08 +01:00
Raphaël Vinot bfe9867b2e chg: Add a generic MISP object generator 2017-11-15 17:37:17 +01:00
Raphaël Vinot 0f21a561b0 chg: Allow to add multiple attribute of the same type 2017-11-15 09:41:20 +01:00
iglocska 195cd6d7fc Rework of the feed generator 
- use objects, attribute tags and object references correctly
- generate quickhashlist for fast lookups / future MISP caching mechanism
- saner structure (herp-a-derp)
 2017-11-04 14:18:15 +01:00
Raphaël Vinot ea327ceffb chg: Update asciidoctor generator 2017-10-28 16:58:50 -04:00
Thomas Gardner d293476c6a Merge branch 'master' of https://github.com/MISP/PyMISP 2017-10-25 11:34:23 -04:00
Thomas Gardner e2d690d0ef added vtreportobject and vt_to_misp example 2017-10-25 09:48:18 -04:00
garanews 4152435250 Created add_generic_object.py 
usage: add_generic_object.py [-h] -e EVENT -t TYPE -d DICT

Examples:
python3 add_generic_object.py -e 1683 -t email -d '{"subject":"The Pink Letter", "to":"jon@snow.org"}'
python3 add_generic_object.py -e 2343 -t person -d '{"first-name":"Daenerys", "last-name":"Targaryen", "place-of-birth":"Dragonstone"}'
python3 add_generic_object.py -e 3596 -t "domain|ip" -d '{"domain":"stormborn.org", "ip":"50.63.202.33"}'
 2017-10-25 09:43:17 -04:00
Raphaël Vinot 2bfd091774 Merge branch 'master' of github.com:MISP/PyMISP 2017-10-24 18:09:27 -04:00
Raphaël Vinot 6517081fab chg: Add simple asciidoc generator for MISP event 2017-10-24 18:09:10 -04:00
garanews 94e3419c39 Created add_generic_object.py 
usage: add_generic_object.py [-h] -e EVENT -t TYPE -d DICT

Examples:
python3 add_generic_object.py -e 1683 -t email -d '{"subject":"The Pink Letter", "to":"jon@snow.org"}'
python3 add_generic_object.py -e 2343 -t person -d '{"first-name":"Daenerys", "last-name":"Targaryen", "place-of-birth":"Dragonstone"}'
python3 add_generic_object.py -e 3596 -t "domain|ip" -d '{"domain":"stormborn.org", "ip":"50.63.202.33"}'
 2017-10-20 09:55:46 +02:00
Raphaël Vinot b1989f16f2 Merge branch 'objects' 2017-09-18 11:43:48 +01:00
Raphaël Vinot 2bc0745fbf Refactoring in order to load objects 2017-08-28 19:16:20 +02:00
Raphaël Vinot f06bfd310b Do not fail if pymisp is not installed 2017-08-25 16:38:12 +02:00
Raphaël Vinot f66af15c62 Update get_template_id, cleanup 2017-08-25 09:45:56 +02:00
Raphaël Vinot c09ce0032c Refactor all the things 
Add script for MISP core, make everything generic.
 2017-08-24 19:21:52 +02:00
Raphaël Vinot 77845bd813 Update file/pe/pe-sections objects creator. 2017-08-23 15:37:04 +02:00
Raphaël Vinot 2fd3b05202 Update accordingly to the current server implementation 2017-07-24 17:16:40 +02:00
Sebastian Wagner 5a85788c5d
Fix shebangs and executable permissions 
Files containing a shebang should be executable (examples/*.py)
Non-executable files should not contain a shebang (pymisp/...)

spotted with rpmlint
 2017-07-24 13:27:28 +02:00
Raphaël Vinot 9f595251d5 Add sample for get_attachment 2017-07-18 11:15:28 +02:00