diff --git a/pymisp/README.md b/pymisp/README.md index 861f8aa..aad3083 100644 --- a/pymisp/README.md +++ b/pymisp/README.md @@ -66,6 +66,10 @@ vim keys.py Once you are done with it, you are ready to start. +This is how **keys.py** looks: + +{% codesnippet "/pymisp/keys.py", language="python" %}{% endcodesnippet %} + ### Using PyMISP To have a better understanding of how to use PyMISP, we will have a look at one of the existing examples: add\_named\_attribute.py @@ -335,3 +339,7 @@ Allow to import OpenIOC files into MISP easily. It is also possible to set speci * attribute_treemap.py generate a tree-map showing the distribution of the attributes on the MISP instance. * tags_* : these functions help having statistics and graphs about the tag repartition. +#### Simple example on fetching the last events + +{% codesnippet "/pymisp/last.py", language="python" %}{% endcodesnippet %} + diff --git a/pymisp/keys.py b/pymisp/keys.py new file mode 100644 index 0000000..168b765 --- /dev/null +++ b/pymisp/keys.py @@ -0,0 +1,6 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +misp_url = 'https:///' +misp_key = 'Your MISP auth key' # The MISP auth key can be found on the MISP web interface under the automation section +misp_verifycert = True diff --git a/pymisp/last.py b/pymisp/last.py new file mode 100755 index 0000000..ed07be5 --- /dev/null +++ b/pymisp/last.py @@ -0,0 +1,43 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +from pymisp import PyMISP +from keys import misp_url, misp_key, misp_verifycert +import argparse +import os +import json + + +# Usage for pipe masters: ./last.py -l 5h | jq . + + +def init(url, key): + return PyMISP(url, key, misp_verifycert, 'json') + + +def download_last(m, last, out=None): + result = m.download_last(last) + if out is None: + if 'response' in result: + print(json.dumps(result['response'])) + else: + print('No results for that time period') + exit(0) + else: + with open(out, 'w') as f: + f.write(json.dumps(result['response'])) + +if __name__ == '__main__': + parser = argparse.ArgumentParser(description='Download latest events from a MISP instance.') + parser.add_argument("-l", "--last", required=True, help="can be defined in days, hours, minutes (for example 5d or 12h or 30m).") + parser.add_argument("-o", "--output", help="Output file") + + args = parser.parse_args() + + if args.output is not None and os.path.exists(args.output): + print('Output file already exists, abord.') + exit(0) + + misp = init(misp_url, misp_key) + + download_last(misp, args.last, args.output) diff --git a/quick-start/README.md b/quick-start/README.md index b7cd189..791ae14 100644 --- a/quick-start/README.md +++ b/quick-start/README.md @@ -25,7 +25,10 @@ MISP default credentials: 1. [Change site admin password](https://misp.gitbooks.io/misp-book/content/quick-start/#password-policy) 2. [Activate Feeds](https://www.circl.lu/doc/misp/managing-feeds/) 3. [Setup your User](https://misp.gitbooks.io/misp-book/content/user-management/#first-run-of-the-system) +3.1 Designate a Site Admin and an Org Admin +3.2 Add some contributing users and assign the corresponding Roles 4. [MISP Administration](https://www.circl.lu/doc/misp/administration/) +4.1 Edit your first organisations' name ## Password Policy - [12]: Ensure that the password is at least 12 characters long @@ -33,8 +36,6 @@ MISP default credentials: - [0-9| ]: includes a digit or a special character - [a-z]: at least one lower-case character. -**Last Updated: April, 2018** - If you need a password generator use: - Ubuntu / Debian: [pwgen](https://linux.die.net/man/1/pwgen) - Website: [LastPass PW Generator](https://lastpass.com/generatepassword.php)