PyMISP/examples/feed-generator-from-redis
Steve Clement 54a2e8657a
fix: [perms] Added try/except for various permission conditions, also create the output dir if not exist
fix: [try/except] Catch Ctrl-c keyboard interrupt
fix: [style] isort imports
2019-06-03 14:06:19 +09:00
..
ObjectConstructor fix: prevent checking length on a integer 2018-10-12 14:04:54 +02:00
MISPItemToRedis.py typo 2018-03-30 08:30:11 +02:00
README.md Update README.md 2018-03-13 17:26:55 +01:00
fromredis.py fix: [perms] Added try/except for various permission conditions, also create the output dir if not exist 2019-06-03 14:06:19 +09:00
generator.py fix: [perms] Added try/except for various permission conditions, also create the output dir if not exist 2019-06-03 14:06:19 +09:00
install.sh Added install script 2018-03-08 17:39:14 +01:00
server.py feature: Added support of MISP object constructor instead of the generic_generator 2018-03-12 15:17:25 +01:00
settings.default.py new: [freedFromRedis] try to create an object/attribute out of the incoming data even if not added with the helper 2018-10-11 10:17:23 +02:00

README.md

Generic MISP feed generator

Description

  • generator.py exposes a class allowing to generate a MISP feed in real time, where each items can be added on daily generated events.
  • fromredis.py uses generator.py to generate a MISP feed based on data stored in redis.
  • server.py is a simple script using Flask_autoindex to serve data to MISP.
  • MISPItemToRedis.py permits to push (in redis) items to be added in MISP by the fromredis.py script.

Installation

#  Feed generator
git clone https://github.com/CIRCL/PyMISP
cd examples/feed-generator-from-redis
cp settings.default.py settings.py
vi settings.py  # adjust your settings

python3 fromredis.py

# Serving file to MISP
bash install.sh
. ./serv-env/bin/activate
python3 server.py

Usage

# Activate virtualenv
. ./serv-env/bin/activate

Adding items to MISP

# create helper object
>>> helper = MISPItemToRedis("redis_list_keyname")

# push an attribute to redis
>>> helper.push_attribute("ip-src", "8.8.8.8", category="Network activity")

# push an object to redis
>>> helper.push_object({ "name": "cowrie", "session": "session_id", "username": "admin", "password": "admin", "protocol": "telnet" })

# push a sighting to redis
>>> helper.push_sighting(uuid="5a9e9e26-fe40-4726-8563-5585950d210f")

Generate the feed

# Create the FeedGenerator object using the configuration provided in the file settings.py
# It will create daily event in which attributes and object will be added
>>> generator = FeedGenerator()

# Add an attribute to the daily event
>>> attr_type = "ip-src"
>>> attr_value = "8.8.8.8"
>>> additional_data = {}
>>> generator.add_attribute_to_event(attr_type, attr_value, **additional_data)

# Add a cowrie object to the daily event
>>> obj_name = "cowrie"
>>> obj_data = { "session": "session_id", "username": "admin", "password": "admin", "protocol": "telnet" }
>>> generator.add_object_to_event(obj_name, **obj_data)

# Immediatly write the event to the disk (Bypassing the default flushing behavior)
>>> generator.flush_event()

Consume stored data in redis

# Configuration provided in the file settings.py
>>> python3 fromredis.py

Serve data to MISP

>>> python3 server.py