MISP
/
misp-book
mirror of https://github.com/MISP/misp-book
2
0
Fork 0
Code Issues Releases Wiki Activity

pymisp part - add Syntax Highlighting

pull/30/head
Déborah Servili 2016-11-15 13:54:23 +01:00
parent 59fa54df5b
commit 7cf15e78b0
1 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
pymisp/README.md
View File

@ -70,7 +70,7 @@ Once you are done with it, you are ready to start.
To have a better understanding of how to use PyMISP, we will have a look at one of the existing examples: add\_named\_attribute.py To have a better understanding of how to use PyMISP, we will have a look at one of the existing examples: add\_named\_attribute.py
This script allow us to add an attribute to an existing event while knowing only its type (the category is determined by default). This script allow us to add an attribute to an existing event while knowing only its type (the category is determined by default).
~~~~ ~~~~python
#!/usr/bin/env python #!/usr/bin/env python
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
@ -81,7 +81,7 @@ import argparse
First of all, it is obvious that we need to import PyMISP. First of all, it is obvious that we need to import PyMISP.
Then we also need to know both the instance with which we will work and the API key to use: Both should be stored in the keys.py file. Then we also need to know both the instance with which we will work and the API key to use: Both should be stored in the keys.py file.
Finally we import argparse so the script can handle arguments. Finally we import argparse so the script can handle arguments.
~~~~ ~~~~python
# For python2 & 3 compat, a bit dirty, but it seems to be the least bad one # For python2 & 3 compat, a bit dirty, but it seems to be the least bad one
try: try:
input = raw_input input = raw_input
@ -89,13 +89,13 @@ except NameError:
pass pass
~~~~ ~~~~
Just a few lines to be sure that pyhon 2 and 3 are supported Just a few lines to be sure that pyhon 2 and 3 are supported
~~~~ ~~~~python
def init(url, key): def init(url, key):
return PyMISP(url, key, True, 'json', debug=True) return PyMISP(url, key, True, 'json', debug=True)
~~~~ ~~~~
This function will create a PyMISP object that will be used later to interact with the MISP instance. This function will create a PyMISP object that will be used later to interact with the MISP instance.
As seen in the [api.py](https://github.com/CIRCL/PyMISP/blob/master/pymisp/api.py#L85), a PyMISP object need to know both the url of the MISP instance and the API key to use. It can also take additionnal and not mandatory data, such as the use or not of SSL or the name of the export format. As seen in the [api.py](https://github.com/CIRCL/PyMISP/blob/master/pymisp/api.py#L85), a PyMISP object need to know both the url of the MISP instance and the API key to use. It can also take additionnal and not mandatory data, such as the use or not of SSL or the name of the export format.
~~~~ ~~~~python
if __name__ == '__main__': if __name__ == '__main__':
parser = argparse.ArgumentParser(description='Create an event on MISP.') parser = argparse.ArgumentParser(description='Create an event on MISP.')
parser.add_argument("-e", "--event", type=int, help="The id of the event to update.") parser.add_argument("-e", "--event", type=int, help="The id of the event to update.")
@ -107,17 +107,17 @@ Then the function start by preparing the awaited arguments:
* event: The event that will get a new attribute * event: The event that will get a new attribute
* type: The type of the attribute that will be added. See [here](../categories-and-types/README.md) for more informations * type: The type of the attribute that will be added. See [here](../categories-and-types/README.md) for more informations
* value: The value of the new attribute * value: The value of the new attribute
~~~~ ~~~~python
misp = init(misp_url, misp_key) misp = init(misp_url, misp_key)
~~~~ ~~~~
Thanks to the previously created function, we create a PyMISP object. Thanks to the previously created function, we create a PyMISP object.
~~~~ ~~~~python
event = misp.get_event(args.event) event = misp.get_event(args.event)
event = misp.add_named_attribute(event, args.type, args.value) event = misp.add_named_attribute(event, args.type, args.value)
~~~~ ~~~~
In order to add the new argument, we first need to fetch the event in the MISP database using the [get\_event](https://github.com/CIRCL/PyMISP/blob/master/pymisp/api.py#L223) function which only need the event\_id. Then only once we have it, we can call the function [add\_named\_attribute](https://github.com/CIRCL/PyMISP/blob/master/pymisp/api.py#L372) that will add the argument. In order to add the new argument, we first need to fetch the event in the MISP database using the [get\_event](https://github.com/CIRCL/PyMISP/blob/master/pymisp/api.py#L223) function which only need the event\_id. Then only once we have it, we can call the function [add\_named\_attribute](https://github.com/CIRCL/PyMISP/blob/master/pymisp/api.py#L372) that will add the argument.
~~~~ ~~~~python
print(event) print(event)
~~~~ ~~~~
Finally the new event is printed, so we can check that the attribute was correctly added, and that a category was give to it automatically.. Finally the new event is printed, so we can check that the attribute was correctly added, and that a category was give to it automatically..