mirror of https://github.com/MISP/PyMISP
				
				
				
			
		
			
				
	
	
		
			94 lines
		
	
	
		
			2.5 KiB
		
	
	
	
		
			Python
		
	
	
		
			Executable File
		
	
			
		
		
	
	
			94 lines
		
	
	
		
			2.5 KiB
		
	
	
	
		
			Python
		
	
	
		
			Executable File
		
	
| #!/usr/bin/env python
 | |
| # -*- coding: utf-8 -*-
 | |
| 
 | |
| import sys
 | |
| 
 | |
| from pymisp import PyMISP
 | |
| 
 | |
| from keys import cert, priv
 | |
| 
 | |
| url_cert = 'https://misp.circl.lu'
 | |
| url_priv = 'https://misppriv.circl.lu'
 | |
| cert_cert = 'misp.circl.lu.crt'
 | |
| cert_priv = 'misppriv.circl.lu.crt'
 | |
| source = None
 | |
| destination = None
 | |
| 
 | |
| 
 | |
| def init(cert_to_priv=True):
 | |
|     global source
 | |
|     global destination
 | |
|     print(cert_to_priv)
 | |
|     if cert_to_priv:
 | |
|         source = PyMISP(url_cert, cert, cert_cert, 'xml')
 | |
|         destination = PyMISP(url_priv, priv, cert_priv, 'xml')
 | |
|     else:
 | |
|         source = PyMISP(url_priv, priv, cert_priv, 'xml')
 | |
|         destination = PyMISP(url_cert, cert, cert_cert, 'xml')
 | |
| 
 | |
| 
 | |
| def copy_event(event_id):
 | |
|     e = source.get_event(event_id)
 | |
|     return destination.add_event(e)
 | |
| 
 | |
| 
 | |
| def update_event(event_id, event_to_update):
 | |
|     e = source.get_event(event_id)
 | |
|     return destination.update_event(event_to_update, e)
 | |
| 
 | |
| 
 | |
| def list_copy(filename):
 | |
|     with open(filename, 'r') as f:
 | |
|         for l in f:
 | |
|             copy(l)
 | |
| 
 | |
| 
 | |
| def loop_copy():
 | |
|     while True:
 | |
|         line = sys.stdin.readline()
 | |
|         copy(line)
 | |
| 
 | |
| 
 | |
| def copy(eventid):
 | |
|     eventid = eventid.strip()
 | |
|     if len(eventid) == 0 or not eventid.isdigit():
 | |
|         print('empty line or NaN.')
 | |
|         return
 | |
|     eventid = int(eventid)
 | |
|     print(eventid, 'copying...')
 | |
|     r = copy_event(eventid)
 | |
|     if r.status_code >= 400:
 | |
|         loc = r.headers['location']
 | |
|         if loc is not None:
 | |
|             event_to_update = loc.split('/')[-1]
 | |
|             print('updating', event_to_update)
 | |
|             r = update_event(eventid, event_to_update)
 | |
|             if r.status_code >= 400:
 | |
|                 print(r.status_code, r.headers)
 | |
|         else:
 | |
|             print(r.status_code, r.headers)
 | |
|     print(eventid, 'done.')
 | |
| 
 | |
| 
 | |
| def export_our_org():
 | |
|     circl = source.search(org='CIRCL')
 | |
|     return circl
 | |
| 
 | |
| if __name__ == '__main__':
 | |
|     import argparse
 | |
|     parser = argparse.ArgumentParser(
 | |
|         description='Copy the events from one MISP instance to an other.')
 | |
|     parser.add_argument('-f', '--filename', type=str,
 | |
|                         help='File containing a list of event id.')
 | |
|     parser.add_argument(
 | |
|         '-l', '--loop', action='store_true',
 | |
|         help='Endless loop: eventid in the terminal and it will be copied.')
 | |
|     parser.add_argument('--priv_to_cert', action='store_false', default=True,
 | |
|                         help='Copy from MISP priv to MISP CERT.')
 | |
|     args = parser.parse_args()
 | |
|     init(args.priv_to_cert)
 | |
|     if args.filename is not None:
 | |
|         list_copy(args.filename)
 | |
|     else:
 | |
|         loop_copy()
 |