PyMISP/examples/events
Raphaël Vinot 6cd0c70679 fix: dummy event example
Fix #598
2020-07-16 11:30:47 +02:00
..
README.md
create_dummy_event.py Make scripts executable 2016-07-01 13:52:31 +02:00
create_massive_dummy_events.py fix: Add missing variable in dummy creator 2020-01-13 11:51:58 +01:00
dummy
tools.py fix: dummy event example 2020-07-16 11:30:47 +02:00

README.md

Explanation

This folder contains scripts made to create dummy events in order to test MISP instances.

  • dummy is a containing text only file used as uploaded attachement.
  • create_dummy_event.py will create a given number of events (default: 1)with a randomly generated domain|ip attribute as well as a copy of dummy file.
  • create_massive_dummy_events.py will create a given number of events (default: 1) with a given number of randomly generated attributes(default: 3000).

Tools description

  • randomStringGenerator: generate a random string of a given size, characters used to build the string can be chosen, default are characters from string.ascii_lowercase and string.digits

  • randomIpGenerator: generate a random ip

  • floodtxt: add a generated string as attribute of the given event. The added attributes can be of the following category/type:

    • Internal reference/comment
    • Internal reference/text
    • Internal reference/other
    • Payload delivery/email-subject
    • Artifact dropped/mutex
    • Artifact dropped/filename
  • floodip: add a generated ip as attribute of the given event. The added attributes can be of the following category/type:

    • Network activity/ip-src
    • Network activity/ip.dst
  • flooddomain: add a generated domain-like string as attribute of the given event. The added attributes can be of the following category/type:

    • Network activity/hostname
    • Network activity/domain
  • flooddomainip: add a generated domain|ip-like string as attribute of the given event. The added attribute is of the following category/type:

    • Network activity/domain|ip
  • floodemail: add a generated email-like string as attribute of the given event. The added attributes can be of the following category/type:

    • Payload delivery/email-src
    • Payload delivery/email-dst
  • floodattachmentent: add a dummy file as attribute of the given event. The added attribute is of the following category/type:

    • Payload delivery/attachment
  • create_dummy_event: create a dummy event named "dummy event" with these caracteristics:

    • Distribution: Your organisation only
    • Analysis: Initial
    • Threat Level: Undefined
    • Number of Attributes: 2
    • Attribute:
      • category/type: Network activity/domain|ip
      • value: Randomly generated
    • Attribute: -category/type: Payload delivery/attachment
      • value: 'dummy' file
  • create_massive_dummy_events: create a dummy event named "massive dummy event" with these caracteristics:

    • Distribution: Your organisation only
    • Analysis: Initial
    • Threat Level: Undefined
    • Number of Attributes: Given as argument
    • Attribute:
      • category/type: Randomly chosen
      • value: Randomly generated or dummy file