chg: [doc] Added more visual examples for pymisp

pull/150/head
Steve Clement 2018-11-28 15:51:40 +09:00
parent 707b900257
commit 67bccde9eb
4 changed files with 60 additions and 2 deletions

View File

@ -66,6 +66,10 @@ vim keys.py
Once you are done with it, you are ready to start.
This is how **keys.py** looks:
{% codesnippet "/pymisp/keys.py", language="python" %}{% endcodesnippet %}
### Using PyMISP
To have a better understanding of how to use PyMISP, we will have a look at one of the existing examples: add\_named\_attribute.py
@ -335,3 +339,7 @@ Allow to import OpenIOC files into MISP easily. It is also possible to set speci
* attribute_treemap.py generate a tree-map showing the distribution of the attributes on the MISP instance.
* tags_* : these functions help having statistics and graphs about the tag repartition.
#### Simple example on fetching the last events
{% codesnippet "/pymisp/last.py", language="python" %}{% endcodesnippet %}

6
pymisp/keys.py Normal file
View File

@ -0,0 +1,6 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
misp_url = 'https://<your MISP URL>/'
misp_key = 'Your MISP auth key' # The MISP auth key can be found on the MISP web interface under the automation section
misp_verifycert = True

43
pymisp/last.py Executable file
View File

@ -0,0 +1,43 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from pymisp import PyMISP
from keys import misp_url, misp_key, misp_verifycert
import argparse
import os
import json
# Usage for pipe masters: ./last.py -l 5h | jq .
def init(url, key):
return PyMISP(url, key, misp_verifycert, 'json')
def download_last(m, last, out=None):
result = m.download_last(last)
if out is None:
if 'response' in result:
print(json.dumps(result['response']))
else:
print('No results for that time period')
exit(0)
else:
with open(out, 'w') as f:
f.write(json.dumps(result['response']))
if __name__ == '__main__':
parser = argparse.ArgumentParser(description='Download latest events from a MISP instance.')
parser.add_argument("-l", "--last", required=True, help="can be defined in days, hours, minutes (for example 5d or 12h or 30m).")
parser.add_argument("-o", "--output", help="Output file")
args = parser.parse_args()
if args.output is not None and os.path.exists(args.output):
print('Output file already exists, abord.')
exit(0)
misp = init(misp_url, misp_key)
download_last(misp, args.last, args.output)

View File

@ -25,7 +25,10 @@ MISP default credentials:
1. [Change site admin password](https://misp.gitbooks.io/misp-book/content/quick-start/#password-policy)
2. [Activate Feeds](https://www.circl.lu/doc/misp/managing-feeds/)
3. [Setup your User](https://misp.gitbooks.io/misp-book/content/user-management/#first-run-of-the-system)
3.1 Designate a Site Admin and an Org Admin
3.2 Add some contributing users and assign the corresponding Roles
4. [MISP Administration](https://www.circl.lu/doc/misp/administration/)
4.1 Edit your first organisations' name
## Password Policy
- [12]: Ensure that the password is at least 12 characters long
@ -33,8 +36,6 @@ MISP default credentials:
- [0-9| ]: includes a digit or a special character
- [a-z]: at least one lower-case character.
**Last Updated: April, 2018**
If you need a password generator use:
- Ubuntu / Debian: [pwgen](https://linux.die.net/man/1/pwgen)
- Website: [LastPass PW Generator](https://lastpass.com/generatepassword.php)