mirror of https://github.com/MISP/misp-modules
fix: Make flake8 happy.
parent
d24a6e2e24
commit
f5167c2f23
|
@ -11,7 +11,6 @@
|
||||||
|
|
||||||
import json
|
import json
|
||||||
import base64
|
import base64
|
||||||
import csv
|
|
||||||
from urllib.parse import quote
|
from urllib.parse import quote
|
||||||
|
|
||||||
misperrors = {'error': 'Error'}
|
misperrors = {'error': 'Error'}
|
||||||
|
@ -58,11 +57,16 @@ def handler(q=False):
|
||||||
config = request["config"]
|
config = request["config"]
|
||||||
|
|
||||||
# check if config is empty
|
# check if config is empty
|
||||||
if not config['fmc_ip_addr']: config['fmc_ip_addr'] = "0.0.0.0"
|
if not config['fmc_ip_addr']:
|
||||||
if not config['fmc_login']: config['fmc_login'] = "login"
|
config['fmc_ip_addr'] = "0.0.0.0"
|
||||||
if not config['fmc_pass']: config['fmc_pass'] = "password"
|
if not config['fmc_login']:
|
||||||
if not config['domain_id']: config['domain_id'] = "SET_FIRESIGHT_DOMAIN_ID"
|
config['fmc_login'] = "login"
|
||||||
if not config['acpolicy_id']: config['acpolicy_id'] = "SET_FIRESIGHT_ACPOLICY_ID"
|
if not config['fmc_pass']:
|
||||||
|
config['fmc_pass'] = "password"
|
||||||
|
if not config['domain_id']:
|
||||||
|
config['domain_id'] = "SET_FIRESIGHT_DOMAIN_ID"
|
||||||
|
if not config['acpolicy_id']:
|
||||||
|
config['acpolicy_id'] = "SET_FIRESIGHT_ACPOLICY_ID"
|
||||||
|
|
||||||
data = request["data"]
|
data = request["data"]
|
||||||
output = ""
|
output = ""
|
||||||
|
@ -78,25 +82,26 @@ def handler(q=False):
|
||||||
|
|
||||||
for index, attr in enumerate(event):
|
for index, attr in enumerate(event):
|
||||||
if attr["to_ids"] is True:
|
if attr["to_ids"] is True:
|
||||||
|
|
||||||
if attr["type"] in fsmapping:
|
if attr["type"] in fsmapping:
|
||||||
if attr["type"] in "ip-dst":
|
if attr["type"] == "ip-dst":
|
||||||
ipdst.append(BLOCK_DST_JSON_TMPL.format(ipdst=attr["value"]))
|
ipdst.append(BLOCK_DST_JSON_TMPL.format(ipdst=attr["value"]))
|
||||||
else:
|
else:
|
||||||
urls.append(BLOCK_URL_JSON_TMPL.format(url=quote(attr["value"], safe='@/:;?&=-_.,+!*')))
|
urls.append(BLOCK_URL_JSON_TMPL.format(url=quote(attr["value"], safe='@/:;?&=-_.,+!*')))
|
||||||
|
|
||||||
|
|
||||||
# building the .sh file
|
# building the .sh file
|
||||||
output += SH_FILE_HEADER
|
output += SH_FILE_HEADER
|
||||||
output += "FIRESIGHT_IP_ADDR='" + config['fmc_ip_addr'] + "'\n"
|
output += "FIRESIGHT_IP_ADDR='{}'\n".format(config['fmc_ip_addr'])
|
||||||
|
|
||||||
output += "LOGINPASS_BASE64=`echo -n '" + config['fmc_login'] + ":" + config['fmc_pass'] + "' | base64`\n"
|
output += "LOGINPASS_BASE64=`echo -n '{}:{}' | base64`\n".format(config['fmc_login'], config['fmc_pass'])
|
||||||
output += "DOMAIN_ID='" + config['domain_id'] + "'\n"
|
output += "DOMAIN_ID='{}'\n".format(config['domain_id'])
|
||||||
output += "ACPOLICY_ID='" + config['acpolicy_id'] + "'\n\n"
|
output += "ACPOLICY_ID='{}'\n\n".format(config['acpolicy_id'])
|
||||||
|
|
||||||
output += "ACC_TOKEN=`curl -X POST -v -k -sD - -o /dev/null -H \"Authorization: Basic $LOGINPASS_BASE64\" -i \"https://$FIRESIGHT_IP_ADDR/api/fmc_platform/v1/auth/generatetoken\" | grep -i x-auth-acc | sed 's/.*:\\ //g' | tr -d '[:space:]' | tr -d '\\n'`" + "\n"
|
output += "ACC_TOKEN=`curl -X POST -v -k -sD - -o /dev/null -H \"Authorization: Basic $LOGINPASS_BASE64\" -i \"https://$FIRESIGHT_IP_ADDR/api/fmc_platform/v1/auth/generatetoken\" | grep -i x-auth-acc | sed 's/.*:\\ //g' | tr -d '[:space:]' | tr -d '\\n'`\n"
|
||||||
|
|
||||||
output += BLOCK_JSON_TMPL.format(rule_name="misp_event_"+event_id,dst_networks=', '.join(ipdst), urls=', '.join(urls), event_info_comment=event_info) + "\n"
|
output += BLOCK_JSON_TMPL.format(rule_name="misp_event_{}".format(event_id),
|
||||||
|
dst_networks=', '.join(ipdst),
|
||||||
|
urls=', '.join(urls),
|
||||||
|
event_info_comment=event_info) + "\n"
|
||||||
|
|
||||||
output += CURL_ADD_RULE_TMPL
|
output += CURL_ADD_RULE_TMPL
|
||||||
# END building the .sh file
|
# END building the .sh file
|
||||||
|
|
Loading…
Reference in New Issue