misp-modules/misp_modules/modules/import_mod/vmray_import.py

#!/usr/bin/env python3

'''
Import VMRay results.

This version supports import from different analyze jobs, starting from one sample
(the supplied sample_id).

The expansion module vmray_submit and import module vmray_import are a two step
process to import data from VMRay.
You can automate this by setting the PyMISP example script 'vmray_automation'
as a cron job

'''

import json

from _vmray.parser import VMRayParser, VMRayParseError


misperrors = {'error': 'Error'}

moduleinfo = {
    'version': '0.4',
    'author': 'Jens Thom (VMRay), Koen van Impe',
    'description': 'Module to import VMRay (VTI) results.',
    'module-type': ['import'],
    'name': 'VMRay API Import',
    'logo': 'vmray.png',
    'requirements': ['vmray_rest_api'],
    'features': 'The module imports MISP Attributes from VMRay format, using the VMRay api.\nUsers should then provide as the module configuration the API Key as well as the server url in order to fetch their data to import.',
    'references': ['https://www.vmray.com/'],
    'input': 'VMRay format',
    'output': 'MISP Event attributes',
}

mispattributes = {
    'inputSource': [],
    'output': ['MISP objects'],
    'format': 'misp_standard',
}

userConfig = {
    "Sample ID": {
        "type": "Integer",
        "errorMessage": "The VMRay sample ID to download the reports",
    },
    "VTI": {
        "type": "Boolean",
        "message": "Include VMRay Threat Identifiers",
        "checked": "True"
    },
    "IOCs": {
        "type": "Boolean",
        "message": "Include IOCs",
        "checked": "True"
    },
    "Artifacts": {
        "type": "Boolean",
        "message": "Include other Artifacts",
    },
    "Analysis Details": {
        "type": "Boolean",
        "message": "Include Analysis Details",
        "checked": "True"
    }
}

moduleconfig = ["apikey", "url", "disable_tags", "disable_misp_objects", "ignore_analysis_finished"]


def handler(q=False):
    if q is False:
        return False
    request = json.loads(q)

    parser = VMRayParser()
    try:
        parser.from_api(request["config"])
        parser.parse()
    except VMRayParseError as exc:
        misperrors["error"] = str(exc)
        return misperrors

    event = parser.to_json()
    return event


def introspection():
    mispattributes["userConfig"] = userConfig
    return mispattributes


def version():
    moduleinfo['config'] = moduleconfig
    return moduleinfo
VMRay Import & Submit module * First commit * No support for archives (yet) submit 2016-11-13 21:43:59 +01:00			`#!/usr/bin/env python3`

			`'''`
			`Import VMRay results.`

			`This version supports import from different analyze jobs, starting from one sample`
			`(the supplied sample_id).`

New VMRay modules New JSON output format of VMRay Prepare for automation (via PyMISP) with workflow taxonomy tags 2019-05-01 22:44:24 +02:00			`The expansion module vmray_submit and import module vmray_import are a two step`
			`process to import data from VMRay.`
			`You can automate this by setting the PyMISP example script 'vmray_automation'`
			`as a cron job`
VMRay Import & Submit module * First commit * No support for archives (yet) submit 2016-11-13 21:43:59 +01:00
			`'''`

			`import json`
Multiple clanges in the vmray modules. * Generic fix to load modules requiring a local library * Fix python3 support * PEP8 related cleanups 2016-11-15 16:43:11 +01:00
* add parser for report version v1 and v2 * add summary JSON import module 2020-11-30 12:06:19 +01:00			`from _vmray.parser import VMRayParser, VMRayParseError`

VMRay Import & Submit module * First commit * No support for archives (yet) submit 2016-11-13 21:43:59 +01:00
			`misperrors = {'error': 'Error'}`
New VMRay modules New JSON output format of VMRay Prepare for automation (via PyMISP) with workflow taxonomy tags 2019-05-01 22:44:24 +02:00
chg: [doc] Big doc revamp #680 2024-08-12 11:23:10 +02:00			`moduleinfo = {`
			`'version': '0.4',`
			`'author': 'Jens Thom (VMRay), Koen van Impe',`
			`'description': 'Module to import VMRay (VTI) results.',`
			`'module-type': ['import'],`
			`'name': 'VMRay API Import',`
			`'logo': 'vmray.png',`
			`'requirements': ['vmray_rest_api'],`
			`'features': 'The module imports MISP Attributes from VMRay format, using the VMRay api.\nUsers should then provide as the module configuration the API Key as well as the server url in order to fetch their data to import.',`
			`'references': ['https://www.vmray.com/'],`
			`'input': 'VMRay format',`
			`'output': 'MISP Event attributes',`
			`}`
Multiple clanges in the vmray modules. * Generic fix to load modules requiring a local library * Fix python3 support * PEP8 related cleanups 2016-11-15 16:43:11 +01:00
* add parser for report version v1 and v2 * add summary JSON import module 2020-11-30 12:06:19 +01:00			`mispattributes = {`
			`'inputSource': [],`
			`'output': ['MISP objects'],`
			`'format': 'misp_standard',`
			`}`

			`userConfig = {`
			`"Sample ID": {`
			`"type": "Integer",`
			`"errorMessage": "The VMRay sample ID to download the reports",`
			`},`
			`"VTI": {`
			`"type": "Boolean",`
			`"message": "Include VMRay Threat Identifiers",`
			`"checked": "True"`
			`},`
			`"IOCs": {`
			`"type": "Boolean",`
			`"message": "Include IOCs",`
			`"checked": "True"`
			`},`
			`"Artifacts": {`
			`"type": "Boolean",`
			`"message": "Include other Artifacts",`
			`},`
			`"Analysis Details": {`
			`"type": "Boolean",`
			`"message": "Include Analysis Details",`
			`"checked": "True"`
			`}`
			`}`

			`moduleconfig = ["apikey", "url", "disable_tags", "disable_misp_objects", "ignore_analysis_finished"]`
Multiple clanges in the vmray modules. * Generic fix to load modules requiring a local library * Fix python3 support * PEP8 related cleanups 2016-11-15 16:43:11 +01:00
fix: [pep8] More fixes 2019-05-02 04:23:49 +02:00
VMRay Import & Submit module * First commit * No support for archives (yet) submit 2016-11-13 21:43:59 +01:00			`def handler(q=False):`
			`if q is False:`
			`return False`
			`request = json.loads(q)`

* add parser for report version v1 and v2 * add summary JSON import module 2020-11-30 12:06:19 +01:00			`parser = VMRayParser()`
			`try:`
			`parser.from_api(request["config"])`
			`parser.parse()`
			`except VMRayParseError as exc:`
			`misperrors["error"] = str(exc)`
VMRay Import & Submit module * First commit * No support for archives (yet) submit 2016-11-13 21:43:59 +01:00			`return misperrors`

* add parser for report version v1 and v2 * add summary JSON import module 2020-11-30 12:06:19 +01:00			`event = parser.to_json()`
			`return event`
VMRay Import & Submit module * First commit * No support for archives (yet) submit 2016-11-13 21:43:59 +01:00

			`def introspection():`
* add parser for report version v1 and v2 * add summary JSON import module 2020-11-30 12:06:19 +01:00			`mispattributes["userConfig"] = userConfig`
			`return mispattributes`
VMRay Import & Submit module * First commit * No support for archives (yet) submit 2016-11-13 21:43:59 +01:00

			`def version():`
			`moduleinfo['config'] = moduleconfig`
			`return moduleinfo`