2016-11-13 21:43:59 +01:00
|
|
|
#!/usr/bin/env python3
|
|
|
|
|
|
|
|
|
|
'''
|
|
|
|
|
Import VMRay results.
|
|
|
|
|
|
|
|
|
|
This version supports import from different analyze jobs, starting from one sample
|
|
|
|
|
(the supplied sample_id).
|
|
|
|
|
|
2019-05-01 22:44:24 +02:00
|
|
|
The expansion module vmray_submit and import module vmray_import are a two step
|
|
|
|
|
process to import data from VMRay.
|
|
|
|
|
You can automate this by setting the PyMISP example script 'vmray_automation'
|
|
|
|
|
as a cron job
|
2016-11-13 21:43:59 +01:00
|
|
|
|
|
|
|
|
'''
|
|
|
|
|
|
|
|
|
|
import json
|
2016-11-15 16:43:11 +01:00
|
|
|
|
2020-11-30 12:06:19 +01:00
|
|
|
from _vmray.parser import VMRayParser, VMRayParseError
|
|
|
|
|
|
2016-11-13 21:43:59 +01:00
|
|
|
|
|
|
|
|
misperrors = {'error': 'Error'}
|
2019-05-01 22:44:24 +02:00
|
|
|
|
2020-11-30 12:06:19 +01:00
|
|
|
moduleinfo = {'version': '0.4', 'author': 'Jens Thom (VMRay), Koen van Impe',
|
|
|
|
|
'description': 'Import VMRay analysis results from a server',
|
|
|
|
|
'module-type': ['import']}
|
2016-11-15 16:43:11 +01:00
|
|
|
|
2020-11-30 12:06:19 +01:00
|
|
|
mispattributes = {
|
|
|
|
|
'inputSource': [],
|
|
|
|
|
'output': ['MISP objects'],
|
|
|
|
|
'format': 'misp_standard',
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
userConfig = {
|
|
|
|
|
"Sample ID": {
|
|
|
|
|
"type": "Integer",
|
|
|
|
|
"errorMessage": "The VMRay sample ID to download the reports",
|
|
|
|
|
},
|
|
|
|
|
"VTI": {
|
|
|
|
|
"type": "Boolean",
|
|
|
|
|
"message": "Include VMRay Threat Identifiers",
|
|
|
|
|
"checked": "True"
|
|
|
|
|
},
|
|
|
|
|
"IOCs": {
|
|
|
|
|
"type": "Boolean",
|
|
|
|
|
"message": "Include IOCs",
|
|
|
|
|
"checked": "True"
|
|
|
|
|
},
|
|
|
|
|
"Artifacts": {
|
|
|
|
|
"type": "Boolean",
|
|
|
|
|
"message": "Include other Artifacts",
|
|
|
|
|
},
|
|
|
|
|
"Analysis Details": {
|
|
|
|
|
"type": "Boolean",
|
|
|
|
|
"message": "Include Analysis Details",
|
|
|
|
|
"checked": "True"
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
moduleconfig = ["apikey", "url", "disable_tags", "disable_misp_objects", "ignore_analysis_finished"]
|
2016-11-15 16:43:11 +01:00
|
|
|
|
2019-05-02 04:23:49 +02:00
|
|
|
|
2016-11-13 21:43:59 +01:00
|
|
|
def handler(q=False):
|
|
|
|
|
if q is False:
|
|
|
|
|
return False
|
|
|
|
|
request = json.loads(q)
|
|
|
|
|
|
2020-11-30 12:06:19 +01:00
|
|
|
parser = VMRayParser()
|
|
|
|
|
try:
|
|
|
|
|
parser.from_api(request["config"])
|
|
|
|
|
parser.parse()
|
|
|
|
|
except VMRayParseError as exc:
|
|
|
|
|
misperrors["error"] = str(exc)
|
2016-11-13 21:43:59 +01:00
|
|
|
return misperrors
|
|
|
|
|
|
2020-11-30 12:06:19 +01:00
|
|
|
event = parser.to_json()
|
|
|
|
|
return event
|
2016-11-13 21:43:59 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
|
def introspection():
|
2020-11-30 12:06:19 +01:00
|
|
|
mispattributes["userConfig"] = userConfig
|
|
|
|
|
return mispattributes
|
2016-11-13 21:43:59 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
|
def version():
|
|
|
|
|
moduleinfo['config'] = moduleconfig
|
|
|
|
|
return moduleinfo
|
