mirror of https://github.com/MISP/misp-modules
				
				
				
			
		
			
				
	
	
		
			87 lines
		
	
	
		
			2.0 KiB
		
	
	
	
		
			Python
		
	
	
			
		
		
	
	
			87 lines
		
	
	
		
			2.0 KiB
		
	
	
	
		
			Python
		
	
	
| #!/usr/bin/env python3
 | |
| 
 | |
| '''
 | |
| Import VMRay results.
 | |
| 
 | |
| This version supports import from different analyze jobs, starting from one sample
 | |
| (the supplied sample_id).
 | |
| 
 | |
| The expansion module vmray_submit and import module vmray_import are a two step
 | |
| process to import data from VMRay.
 | |
| You can automate this by setting the PyMISP example script 'vmray_automation'
 | |
| as a cron job
 | |
| 
 | |
| '''
 | |
| 
 | |
| import json
 | |
| 
 | |
| from _vmray.parser import VMRayParser, VMRayParseError
 | |
| 
 | |
| 
 | |
| misperrors = {'error': 'Error'}
 | |
| 
 | |
| moduleinfo = {'version': '0.4', 'author': 'Jens Thom (VMRay), Koen van Impe',
 | |
|               'description': 'Import VMRay analysis results from a server',
 | |
|               'module-type': ['import']}
 | |
| 
 | |
| mispattributes = {
 | |
|     'inputSource': [],
 | |
|     'output': ['MISP objects'],
 | |
|     'format': 'misp_standard',
 | |
| }
 | |
| 
 | |
| userConfig = {
 | |
|     "Sample ID": {
 | |
|         "type": "Integer",
 | |
|         "errorMessage": "The VMRay sample ID to download the reports",
 | |
|     },
 | |
|     "VTI": {
 | |
|         "type": "Boolean",
 | |
|         "message": "Include VMRay Threat Identifiers",
 | |
|         "checked": "True"
 | |
|     },
 | |
|     "IOCs": {
 | |
|         "type": "Boolean",
 | |
|         "message": "Include IOCs",
 | |
|         "checked": "True"
 | |
|     },
 | |
|     "Artifacts": {
 | |
|         "type": "Boolean",
 | |
|         "message": "Include other Artifacts",
 | |
|     },
 | |
|     "Analysis Details": {
 | |
|         "type": "Boolean",
 | |
|         "message": "Include Analysis Details",
 | |
|         "checked": "True"
 | |
|     }
 | |
| }
 | |
| 
 | |
| moduleconfig = ["apikey", "url", "disable_tags", "disable_misp_objects", "ignore_analysis_finished"]
 | |
| 
 | |
| 
 | |
| def handler(q=False):
 | |
|     if q is False:
 | |
|         return False
 | |
|     request = json.loads(q)
 | |
| 
 | |
|     parser = VMRayParser()
 | |
|     try:
 | |
|         parser.from_api(request["config"])
 | |
|         parser.parse()
 | |
|     except VMRayParseError as exc:
 | |
|         misperrors["error"] = str(exc)
 | |
|         return misperrors
 | |
| 
 | |
|     event = parser.to_json()
 | |
|     return event
 | |
| 
 | |
| 
 | |
| def introspection():
 | |
|     mispattributes["userConfig"] = userConfig
 | |
|     return mispattributes
 | |
| 
 | |
| 
 | |
| def version():
 | |
|     moduleinfo['config'] = moduleconfig
 | |
|     return moduleinfo
 |