mirror of https://github.com/MISP/PyMISP
35 lines
1.2 KiB
Python
Executable File
35 lines
1.2 KiB
Python
Executable File
#!/usr/bin/env python
|
|
# -*- coding: utf-8 -*-
|
|
|
|
from pymisp import PyMISP
|
|
from keys import url_priv, key_priv
|
|
# from keys import url_cert, key_cert
|
|
import argparse
|
|
|
|
# For python2 & 3 compat, a bit dirty, but it seems to be the least bad one
|
|
try:
|
|
input = raw_input
|
|
except NameError:
|
|
pass
|
|
|
|
|
|
def init(url, key):
|
|
return PyMISP(url, key, True, 'json')
|
|
|
|
if __name__ == '__main__':
|
|
parser = argparse.ArgumentParser(description='Send malware sample to MISP.')
|
|
parser.add_argument("-d", "--distrib", type=int, help="The distribution setting used for the attributes and for the newly created event, if relevant. [0-3].")
|
|
parser.add_argument("-i", "--info", help="Used to populate the event info field if no event ID supplied.")
|
|
parser.add_argument("-a", "--analysis", type=int, help="The analysis level of the newly created event, if applicatble. [0-2]")
|
|
parser.add_argument("-t", "--threat", type=int, help="The threat level ID of the newly created event, if applicatble. [0-3]")
|
|
args = parser.parse_args()
|
|
|
|
misp = init(url_priv, key_priv)
|
|
# misp = init(url_cert, key_cert)
|
|
|
|
event = misp.new_event(args.distrib, args.threat, args.analysis, args.info)
|
|
print event
|
|
|
|
response = misp.add_mutex(event, 'booh')
|
|
print response
|