MISP
/
PyMISP
mirror of https://github.com/MISP/PyMISP
2
0
Fork 0
Code Issues Releases Wiki Activity
PyMISP/examples/events/README.md

2.7 KiB
Raw Permalink Blame History

Explanation

This folder contains scripts made to create dummy events in order to test MISP instances.

  • dummy is a containing text only file used as uploaded attachement.
  • create_dummy_event.py will create a given number of events (default: 1)with a randomly generated domain|ip attribute as well as a copy of dummy file.
  • create_massive_dummy_events.py will create a given number of events (default: 1) with a given number of randomly generated attributes(default: 3000).

Tools description

  • randomStringGenerator: generate a random string of a given size, characters used to build the string can be chosen, default are characters from string.ascii_lowercase and string.digits

  • randomIpGenerator: generate a random ip

  • floodtxt: add a generated string as attribute of the given event. The added attributes can be of the following category/type:

    • Internal reference/comment
    • Internal reference/text
    • Internal reference/other
    • Payload delivery/email-subject
    • Artifact dropped/mutex
    • Artifact dropped/filename

  • floodip: add a generated ip as attribute of the given event. The added attributes can be of the following category/type:

    • Network activity/ip-src
    • Network activity/ip.dst

  • flooddomain: add a generated domain-like string as attribute of the given event. The added attributes can be of the following category/type:

    • Network activity/hostname
    • Network activity/domain

  • flooddomainip: add a generated domain|ip-like string as attribute of the given event. The added attribute is of the following category/type:

    • Network activity/domain|ip

  • floodemail: add a generated email-like string as attribute of the given event. The added attributes can be of the following category/type:

    • Payload delivery/email-src
    • Payload delivery/email-dst

  • floodattachmentent: add a dummy file as attribute of the given event. The added attribute is of the following category/type:

    • Payload delivery/attachment

  • create_dummy_event: create a dummy event named "dummy event" with these caracteristics:

    • Distribution: Your organisation only
    • Analysis: Initial
    • Threat Level: Undefined
    • Number of Attributes: 2
    • Attribute:
      • category/type: Network activity/domain|ip
      • value: Randomly generated
    • Attribute: -category/type: Payload delivery/attachment
      • value: 'dummy' file

  • create_massive_dummy_events: create a dummy event named "massive dummy event" with these caracteristics:

    • Distribution: Your organisation only
    • Analysis: Initial
    • Threat Level: Undefined
    • Number of Attributes: Given as argument
    • Attribute:
      • category/type: Randomly chosen
      • value: Randomly generated or dummy file