chg: [doc] Added more visual examples for pymisp

2018-11-28 15:51:40 +09:00 · 2018-11-28 15:51:40 +09:00 · 67bccde9eb
parent 707b900257
commit 67bccde9eb
4 changed files with 60 additions and 2 deletions
--- a/pymisp/README.md
+++ b/pymisp/README.md
@ -66,6 +66,10 @@ vim keys.py
 Once you are done with it, you are ready to start.
 This is how **keys.py** looks:
 {% codesnippet "/pymisp/keys.py", language="python" %}{% endcodesnippet %}
 ### Using PyMISP
 To have a better understanding of how to use PyMISP, we will have a look at one of the existing examples: add\_named\_attribute.py
@ -335,3 +339,7 @@ Allow to import OpenIOC files into MISP easily. It is also possible to set speci
 * attribute_treemap.py generate a tree-map showing the distribution of the attributes on the MISP instance.
 * tags_* : these functions help having statistics and graphs about the tag repartition.
 #### Simple example on fetching the last events
 {% codesnippet "/pymisp/last.py", language="python" %}{% endcodesnippet %}
--- a/pymisp/keys.py
+++ b/pymisp/keys.py
@ -0,0 +1,6 @@
 #!/usr/bin/env python
 # -*- coding: utf-8 -*-
 misp_url = 'https://<your MISP URL>/'
 misp_key = 'Your MISP auth key' # The MISP auth key can be found on the MISP web interface under the automation section
 misp_verifycert = True
--- a/pymisp/last.py
+++ b/pymisp/last.py
@ -0,0 +1,43 @@
 #!/usr/bin/env python
 # -*- coding: utf-8 -*-
 from pymisp import PyMISP
 from keys import misp_url, misp_key, misp_verifycert
 import argparse
 import os
 import json
 # Usage for pipe masters: ./last.py -l 5h | jq .
 def init(url, key):
    return PyMISP(url, key, misp_verifycert, 'json')
 def download_last(m, last, out=None):
    result = m.download_last(last)
    if out is None:
        if 'response' in result:
            print(json.dumps(result['response']))
        else:
            print('No results for that time period')
            exit(0)
    else:
        with open(out, 'w') as f:
            f.write(json.dumps(result['response']))
 if __name__ == '__main__':
    parser = argparse.ArgumentParser(description='Download latest events from a MISP instance.')
    parser.add_argument("-l", "--last", required=True, help="can be defined in days, hours, minutes (for example 5d or 12h or 30m).")
    parser.add_argument("-o", "--output", help="Output file")
    args = parser.parse_args()
    if args.output is not None and os.path.exists(args.output):
        print('Output file already exists, abord.')
        exit(0)
    misp = init(misp_url, misp_key)
    download_last(misp, args.last, args.output)
--- a/quick-start/README.md
+++ b/quick-start/README.md
@ -25,7 +25,10 @@ MISP default credentials:
 1. [Change site admin password](https://misp.gitbooks.io/misp-book/content/quick-start/#password-policy)
 2. [Activate Feeds](https://www.circl.lu/doc/misp/managing-feeds/)
 3. [Setup your User](https://misp.gitbooks.io/misp-book/content/user-management/#first-run-of-the-system)
 3.1 Designate a Site Admin and an Org Admin
 3.2 Add some contributing users and assign the corresponding Roles
 4. [MISP Administration](https://www.circl.lu/doc/misp/administration/)
 4.1 Edit your first organisations' name
 ## Password Policy 
 - [12]: Ensure that the password is at least 12 characters long
@ -33,8 +36,6 @@ MISP default credentials:
 - [0-9| ]: includes a digit or a special character 
 - [a-z]: at least one lower-case character.
 **Last Updated: April, 2018**
 If you need a password generator use:
 - Ubuntu / Debian: [pwgen](https://linux.die.net/man/1/pwgen)
 - Website: [LastPass PW Generator](https://lastpass.com/generatepassword.php)