2019-06-17 13:40:27 +02:00
{
"cells": [
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# Notebook trainer cheatsheet: API and CLI"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"- Automation page\n",
"- Recovering the API KEY (Automation page, User page, RestClient)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Important notice\n",
2019-06-18 08:01:25 +02:00
"\n",
2019-06-17 13:40:27 +02:00
"This notebook various usage of the MISP restAPI.\n",
2019-06-18 08:01:25 +02:00
"\n",
"It should be noted that PyMISP is not required to use the MISP restAPI. We are using PyMISP only to parse the response and inspect the data. So any HTTP client such as curl could do the job a described below.\n",
2019-06-17 13:40:27 +02:00
"\n",
"This command:\n",
"```\n",
"misp_url = URL + '/events/add'\n",
"relative_path = ''\n",
"\n",
"body = {\n",
" \"info\": \"Event\"\n",
"}\n",
"\n",
"misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n",
"res = misp.direct_call(relative_path, body)\n",
"print_result(res)\n",
"```\n",
"\n",
"Will yield the same result as this command:\n",
"```\n",
"!curl \\\n",
" -d '{\"info\": \"Event\"}' \\\n",
" -H \"Authorization: ptU1OggdiLLWlwHPO9B3lzpwEND3hL7gH0uEsyYL\" \\\n",
" -H \"Accept: application/json\" \\\n",
" -H \"Content-type: application/json\" \\\n",
" -X POST 127.0.0.1:8080/events/restSearch\n",
" ```"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"from pymisp import ExpandedPyMISP\n",
"from pprint import pprint\n",
2019-09-05 14:26:47 +02:00
"AUTHKEY = \"AY6Qur7V1kyQ1BTefWiiTx7B6KM7ABln1UVpfDKB\"\n",
"URL = \"https://localhost:8443\"\n",
"misp = ExpandedPyMISP(URL, AUTHKEY, False)\n",
2019-06-17 13:40:27 +02:00
"\n",
"def print_result(result):\n",
" flag_printed = False\n",
" if isinstance(result, list):\n",
" print(\"Count: %s\" % len(result))\n",
" flag_printed = True\n",
" for i in res:\n",
" if 'Event' in i and 'Attribute' in i['Event']:\n",
" print(\" - Attribute count: %s\" % len(i['Event']['Attribute']))\n",
" elif isinstance(result, dict):\n",
" if 'Attribute' in result:\n",
" print(\"Count: %s\" % len(result['Attribute']))\n",
" flag_printed = True\n",
" elif 'Event' in result and 'Attribute' in result['Event']['Attribute']:\n",
" print(\"Attribute count: %s\" % len(result['Event']['Attribute']))\n",
" flag_printed = True\n",
" if flag_printed:\n",
" print('----------')\n",
" pprint(result)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# Events"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Creation and Edition"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"# Creation\n",
2019-09-05 14:26:47 +02:00
"endpoint = '/events/add'\n",
2019-06-17 13:40:27 +02:00
"relative_path = ''\n",
"\n",
"body = {\n",
2019-06-18 08:01:25 +02:00
" \"info\": \"Event created via the API as an example\",\n",
2019-06-17 13:40:27 +02:00
" \"threat_level_id\": 1,\n",
" \"distribution\": 0\n",
"}\n",
"\n",
2019-09-05 14:26:47 +02:00
"res = misp.direct_call(endpoint + relative_path, body)\n",
2019-06-17 13:40:27 +02:00
"print_result(res)"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"# Edition 1\n",
2019-09-05 14:26:47 +02:00
"endpoint = '/events/edit/'\n",
"relative_path = '21'\n",
2019-06-17 13:40:27 +02:00
"\n",
"body = {\n",
2019-09-05 14:26:47 +02:00
" \"distribution\": 3\n",
"# \"sharing_group_id\": 1\n",
2019-06-17 13:40:27 +02:00
"}\n",
"\n",
2019-09-05 14:26:47 +02:00
"res = misp.direct_call(endpoint + relative_path, body)\n",
2019-06-17 13:40:27 +02:00
"print_result(res)"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"# Edition 2 - Adding Attribute\n",
2019-09-05 14:26:47 +02:00
"endpoint = '/events/edit/'\n",
"relative_path = '18'\n",
2019-06-17 13:40:27 +02:00
"\n",
"body = {\n",
" \"distribution\": 0,\n",
" \"Attribute\": [\n",
" {\n",
" \"value\": \"9.9.9.9\",\n",
" \"type\": \"ip-src\"\n",
" }\n",
" ]\n",
"}\n",
"\n",
2019-09-05 14:26:47 +02:00
"res = misp.direct_call(endpoint + relative_path, body)\n",
2019-06-17 13:40:27 +02:00
"print_result(res)"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"# Edition 2 - tagging - The bad way (Fetch the whole event and re-process everything)\n",
2019-09-05 14:26:47 +02:00
"endpoint = '/events/edit/'\n",
2019-06-17 13:40:27 +02:00
"relative_path = '29'\n",
"\n",
"body = {\n",
" \"distribution\": 0,\n",
" \"EventTag\": {\n",
" \"Tag\": [\n",
" {\"name\":\"tlp:red\"}\n",
" ]\n",
" }\n",
"}\n",
"\n",
2019-09-05 14:26:47 +02:00
"res = misp.direct_call(endpoint + relative_path, body)\n",
2019-06-17 13:40:27 +02:00
"print_result(res)"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"# Edition 2 - tagging - The better way\n",
2019-09-05 14:26:47 +02:00
"endpoint = '/tags/attachTagToObject'\n",
2019-06-17 13:40:27 +02:00
"relative_path = ''\n",
"\n",
"body = {\n",
2019-09-05 14:26:47 +02:00
" \"uuid\": \"5d6f857e-698c-4ea0-834a-6db1cfc4a0a0\", # can be anything: event or attribute\n",
2019-06-17 13:40:27 +02:00
" \"tag\": \"tlp:green\"\n",
"}\n",
"\n",
2019-09-05 14:26:47 +02:00
"res = misp.direct_call(endpoint + relative_path, body)\n",
2019-06-17 13:40:27 +02:00
"print_result(res)"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"# Searching the Event index (Move it to the search topic)\n",
2019-09-05 14:26:47 +02:00
"endpoint = '/events/index'\n",
2019-06-17 13:40:27 +02:00
"relative_path = ''\n",
"\n",
"body = {\n",
2019-09-05 14:26:47 +02:00
"# \"eventinfo\": \"api\",\n",
" \"publish_timestamp\": \"2019-05-21\",\n",
"# \"org\": \"ORGNAME\"\n",
2019-06-17 13:40:27 +02:00
"}\n",
"\n",
2019-09-05 14:26:47 +02:00
"res = misp.direct_call(endpoint + relative_path, body)\n",
2019-06-17 13:40:27 +02:00
"print_result(res)"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"# Searching the Event index\n",
2019-09-05 14:26:47 +02:00
"misp_url = '/events/index'\n",
2019-06-17 13:40:27 +02:00
"relative_path = ''\n",
"\n",
"body = {\n",
" \"hasproposal\": 1,\n",
" \"tag\": [\"tlp:amber\"]\n",
"}\n",
"\n",
2019-09-05 14:26:47 +02:00
"res = misp.direct_call(endpoint + relative_path, body)\n",
2019-06-17 13:40:27 +02:00
"\n",
"print('Event number: %s' % len(res))\n",
"print_result(res)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# Attributes"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Creation and edition"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
2019-09-05 14:26:47 +02:00
"event_id = XXXXX"
2019-06-17 13:40:27 +02:00
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"# Adding\n",
2019-09-05 14:26:47 +02:00
"endpoint = '/attributes/add/'\n",
2019-06-17 13:40:27 +02:00
"relative_path = str(event_id)\n",
"\n",
"body = {\n",
" \"value\": \"8.8.8.9\",\n",
" \"type\": \"ip-dst\"\n",
"}\n",
"\n",
2019-09-05 14:26:47 +02:00
"res = misp.direct_call(endpoint + relative_path, body)\n",
2019-06-17 13:40:27 +02:00
"print_result(res)"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"# Adding invalid attribute type\n",
2019-09-05 14:26:47 +02:00
"endpoint = '/attributes/add/'\n",
2019-06-17 13:40:27 +02:00
"relative_path = str(event_id)\n",
"\n",
"body = {\n",
" \"value\": \"8.8.8.9\",\n",
" \"type\": \"md5\"\n",
"}\n",
"\n",
2019-09-05 14:26:47 +02:00
"res = misp.direct_call(endpoint + relative_path, body)\n",
2019-06-17 13:40:27 +02:00
"print_result(res)"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"# Editing\n",
2019-09-05 14:26:47 +02:00
"endpoint = '/attributes/edit/'\n",
2019-06-17 13:40:27 +02:00
"relative_path = '36586'\n",
"\n",
"body = {\n",
" \"value\": \"127.0.0.1\",\n",
" \"to_ids\": 0,\n",
" \"comment\": \"Comment added via the API\",\n",
"}\n",
"\n",
2019-09-05 14:26:47 +02:00
"res = misp.direct_call(endpoint + relative_path, body)\n",
2019-06-17 13:40:27 +02:00
"print_result(res)"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"# Editing with data taken from JSON views. \n",
"# <!> (timestamp) contrast the difference with *PyMISP*\n",
2019-09-05 14:26:47 +02:00
"endpoint = '/attributes/edit/'\n",
"relative_path = 'XXXXXXXX'\n",
2019-06-17 13:40:27 +02:00
"\n",
"body = {\n",
2019-09-05 14:26:47 +02:00
" \"id\": \"XXXXXXXX\",\n",
2019-06-17 13:40:27 +02:00
" \"type\": \"ip-dst\",\n",
" \"category\": \"Network activity\",\n",
" \"to_ids\": False,\n",
" \"uuid\": \"5cf65823-d22c-45ae-af4f-47d80a00020f\",\n",
" \"event_id\": \"33\",\n",
" \"distribution\": \"5\",\n",
" \"comment\": \"Comment added via the API\",\n",
" \"sharing_group_id\": \"0\",\n",
" \"deleted\": False,\n",
" \"disable_correlation\": False,\n",
" \"object_id\": \"0\",\n",
" \"object_relation\": '',\n",
" \"value\": \"1.2.3.5\",\n",
" \"Galaxy\": [],\n",
" \"ShadowAttribute\": [],\n",
" \"Tag\": [\n",
" {\n",
" \"id\": \"4\",\n",
" \"name\": \"tlp:green\",\n",
" \"colour\": \"#14ff00\",\n",
" \"exportable\": True,\n",
" \"user_id\": \"0\",\n",
" \"hide_tag\": False,\n",
" \"numerical_value\": ''\n",
" }\n",
" ]\n",
" }\n",
"\n",
2019-09-05 14:26:47 +02:00
"res = misp.direct_call(endpoint + relative_path, body)\n",
2019-06-17 13:40:27 +02:00
"print_result(res)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# Objects"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"# Example of an un-documented endpoint\n",
2019-09-05 14:26:47 +02:00
"endpoint = '/objects/add/'\n",
2019-06-17 13:40:27 +02:00
"relative_path = str(event_id)\n",
"\n",
"body = {\n",
" \"name\": \"microblog\",\n",
" \"meta-category\": \"misc\",\n",
" \"description\": \"Microblog post like a Twitter tweet or a post on a Facebook wall.\",\n",
" \"template_uuid\": \"8ec8c911-ddbe-4f5b-895b-fbff70c42a60\",\n",
" \"template_version\": \"5\",\n",
" \"event_id\": event_id,\n",
" \"timestamp\": \"1558702173\",\n",
" \"distribution\": \"5\",\n",
" \"sharing_group_id\": \"0\",\n",
" \"comment\": \"\",\n",
" \"deleted\": False,\n",
" \"ObjectReference\": [],\n",
" \"Attribute\": [\n",
" {\n",
" \"type\": \"text\",\n",
" \"category\": \"Other\",\n",
" \"to_ids\": False,\n",
" \"event_id\": event_id,\n",
" \"distribution\": \"5\",\n",
" \"timestamp\": \"1558702173\",\n",
" \"comment\": \"\",\n",
" \"sharing_group_id\": \"0\",\n",
" \"deleted\": False,\n",
" \"disable_correlation\": False,\n",
" \"object_relation\": \"post\",\n",
" \"value\": \"post\",\n",
" \"Galaxy\": [],\n",
" \"ShadowAttribute\": []\n",
" }\n",
" ]\n",
"}\n",
"\n",
2019-09-05 14:26:47 +02:00
"res = misp.direct_call(endpoint + relative_path, body)\n",
2019-06-17 13:40:27 +02:00
"print_result(res)"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"# Go to event Edit 2\n",
"# Go to add tag the bad way"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## RestSearch\n",
2019-06-18 08:01:25 +02:00
"**Aka: Most powerful search tool in MISP**"
2019-06-17 13:40:27 +02:00
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"### RestSearch - Attributes"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
2019-09-05 14:26:47 +02:00
"endpoint = '/attributes/restSearch/'\n",
2019-06-17 13:40:27 +02:00
"relative_path = ''\n",
"\n",
"body = {\n",
" \"returnFormat\": \"json\",\n",
" \"eventid\": event_id\n",
"}\n",
"\n",
2019-09-05 14:26:47 +02:00
"res = misp.direct_call(endpoint + relative_path, body)\n",
2019-06-17 13:40:27 +02:00
"print_result(res)"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"# Searches on Attribute's data\n",
2019-09-05 14:26:47 +02:00
"misp_url = '/attributes/restSearch/'\n",
2019-06-17 13:40:27 +02:00
"relative_path = ''\n",
"\n",
"body = {\n",
" \"returnFormat\": \"json\",\n",
" \"eventid\": event_id,\n",
" \"type\": \"ip-dst\",\n",
" \"value\": \"1.2.3.%\"\n",
"}\n",
"\n",
2019-09-05 14:26:47 +02:00
"res = misp.direct_call(endpoint + relative_path, body)\n",
2019-06-17 13:40:27 +02:00
"print_result(res)"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"# Searches on Attribute's data\n",
2019-09-05 14:26:47 +02:00
"endpoint = '/attributes/restSearch/'\n",
2019-06-17 13:40:27 +02:00
"relative_path = ''\n",
"\n",
"body = {\n",
" \"returnFormat\": \"json\",\n",
" \"eventid\": event_id,\n",
" \"deleted\": [0, 1] # Consider both deleted AND not deleted\n",
"}\n",
"\n",
"# [] == {\"OR\": []}\n",
"\n",
2019-09-05 14:26:47 +02:00
"res = misp.direct_call(endpoint + relative_path, body)\n",
2019-06-17 13:40:27 +02:00
"print_result(res)"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"# Searches on Attribute's data\n",
2019-09-05 14:26:47 +02:00
"endpoint = '/attributes/restSearch/'\n",
2019-06-17 13:40:27 +02:00
"relative_path = ''\n",
"\n",
"body = {\n",
" \"returnFormat\": \"json\",\n",
" \"eventid\": event_id,\n",
"# \"tags\": \"tlp:white\",\n",
"# \"tags\": [\"tlp:white\", \"tlp:green\"]\n",
"# \"tags\": [\"!tlp:green\"]\n",
"# \"tags\": \"tlp:%\",\n",
"# \"includeEventTags\": 1\n",
"# BRAND NEW (only tag)! Prefered way (Most accurate): Distinction between OR and AND!\n",
" \"tags\": {\"AND\": [\"tlp:green\", \"Malware\"], \"NOT\": [\"%ransomware%\"]}\n",
"}\n",
"\n",
2019-09-05 14:26:47 +02:00
"res = misp.direct_call(endpoint + relative_path, body)\n",
2019-06-17 13:40:27 +02:00
"print_result(res)"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"# Paginating\n",
2019-09-05 14:26:47 +02:00
"endpoint = '/attributes/restSearch/'\n",
2019-06-17 13:40:27 +02:00
"relative_path = ''\n",
"\n",
"body = {\n",
" \"returnFormat\": \"json\",\n",
" \"eventid\": event_id,\n",
" \"page\": 2,\n",
" \"limit\": 1\n",
"}\n",
"\n",
2019-09-05 14:26:47 +02:00
"res = misp.direct_call(endpoint + relative_path, body)\n",
2019-06-17 13:40:27 +02:00
"print_result(res)"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"# Searches based on time: Absolute\n",
2019-09-05 14:26:47 +02:00
"endpoint = '/attributes/restSearch/'\n",
2019-06-17 13:40:27 +02:00
"relative_path = ''\n",
2019-09-05 14:26:47 +02:00
"event_id = 13\n",
2019-06-17 13:40:27 +02:00
"\n",
"body = {\n",
" \"returnFormat\": \"json\",\n",
" \"eventid\": event_id,\n",
" \"from\": \"2019/05/21\" # or \"2019-05-21\"\n",
" # from and to NOT REALLY USEFULL.. \n",
"}\n",
"\n",
2019-09-05 14:26:47 +02:00
"res = misp.direct_call(endpoint + relative_path, body)\n",
2019-06-17 13:40:27 +02:00
"print_result(res)"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"# Searches based on time: Relative\n",
2019-09-05 14:26:47 +02:00
"endpoint = '/attributes/restSearch/'\n",
2019-06-17 13:40:27 +02:00
"relative_path = ''\n",
"\n",
"# /!\\ Last: works on the publish_timestamp -> may be confusing\n",
"# Units: days, hours, minutes and secondes\n",
"body = {\n",
" \"returnFormat\": \"json\",\n",
" \"eventid\": event_id,\n",
2019-09-05 14:26:47 +02:00
"# \"to_ids\": 1,\n",
" \"last\": \"2019-08-28\"\n",
2019-06-17 13:40:27 +02:00
"}\n",
"\n",
2019-09-05 14:26:47 +02:00
"res = misp.direct_call(endpoint + relative_path, body)\n",
2019-06-17 13:40:27 +02:00
"print_result(res)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Precision regarding the different timestamps\n",
"- ``publish_timestamp`` = Time at which the event was published\n",
" - Usage: get data that arrived in my system since x\n",
" - E.g.: New data from a feed\n",
"- ``timestamp`` = Time of the last modification on the data\n",
" - data was modified in the last x hours\n",
" - E.g.: Last updated data from a feed\n",
"- ``event_timestamp``: Used in the Attribute scope\n",
" - Event modified in the last x hours"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"# Searches with attachments\n",
2019-09-05 14:26:47 +02:00
"endpoint = '/attributes/restSearch/'\n",
2019-06-17 13:40:27 +02:00
"relative_path = ''\n",
"\n",
"body = {\n",
" \"returnFormat\": \"json\",\n",
" \"eventid\": event_id,\n",
" \"type\": \"attachment\",\n",
"# \"withAttachments\": 1\n",
"}\n",
"\n",
2019-09-05 14:26:47 +02:00
"res = misp.direct_call(endpoint + relative_path, body)\n",
2019-06-17 13:40:27 +02:00
"print_result(res)"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"# Searches - Others\n",
2019-09-05 14:26:47 +02:00
"endpoint = '/attributes/restSearch/'\n",
2019-06-17 13:40:27 +02:00
"relative_path = ''\n",
"\n",
"body = {\n",
" \"returnFormat\": \"json\",\n",
" \"eventid\": 31,\n",
" \"type\": \"ip-src\",\n",
"# \"enforceWarninglist\": 1\n",
"}\n",
"\n",
2019-09-05 14:26:47 +02:00
"res = misp.direct_call(endpoint + relative_path, body)\n",
2019-06-17 13:40:27 +02:00
"print_result(res)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"### RestSearch - Events"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"# Searching using the RestSearch\n",
2019-09-05 14:26:47 +02:00
"endpoint = '/events/restSearch'\n",
2019-06-17 13:40:27 +02:00
"relative_path = ''\n",
"\n",
"body = {\n",
" \"returnFormat\": \"json\",\n",
" \"eventid\": 31,\n",
"}\n",
"\n",
2019-09-05 14:26:47 +02:00
"res = misp.direct_call(endpoint + relative_path, body)\n",
2019-06-17 13:40:27 +02:00
"print_result(res)"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"# Searching using the RestSearch - Other return format\n",
"!curl \\\n",
" -d '{\"returnFormat\":\"rpz\",\"eventid\":31}' \\\n",
" -H \"Authorization: ptU1OggdiLLWlwHPO9B3lzpwEND3hL7gH0uEsyYL\" \\\n",
" -H \"Accept: application/json\" \\\n",
" -H \"Content-type: application/json\" \\\n",
" -X POST 127.0.0.1:8080/events/restSearch 2> /dev/null"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"# Searching using the RestSearch - Other return format\n",
"!curl \\\n",
" -d '{\"returnFormat\":\"csv\",\"eventid\":31}' \\\n",
" -H \"Authorization: ptU1OggdiLLWlwHPO9B3lzpwEND3hL7gH0uEsyYL\" \\\n",
" -H \"Accept: application/json\" \\\n",
" -H \"Content-type: application/json\" \\\n",
" -X POST 127.0.0.1:8080/events/restSearch 2> /dev/null"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"# Searching using the RestSearch - Filtering\n",
2019-09-05 14:26:47 +02:00
"endpoint = '/events/restSearch'\n",
2019-06-17 13:40:27 +02:00
"relative_path = ''\n",
"\n",
"body = {\n",
" \"returnFormat\": \"json\",\n",
" \"value\": \"parsed-ail.json\"\n",
"}\n",
"\n",
2019-09-05 14:26:47 +02:00
"res = misp.direct_call(endpoint + relative_path, body)\n",
2019-06-17 13:40:27 +02:00
"print_result(res)"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"# Searching using the RestSearch\n",
2019-09-05 14:26:47 +02:00
"endpoint = '/events/restSearch'\n",
2019-06-17 13:40:27 +02:00
"relative_path = ''\n",
"\n",
"body = {\n",
" \"returnFormat\": \"json\",\n",
" \"org\": \"CIRCL\",\n",
" \"id\": 33,\n",
" \"metadata\": 1\n",
"}\n",
"\n",
2019-09-05 14:26:47 +02:00
"res = misp.direct_call(endpoint + relative_path, body)\n",
2019-06-17 13:40:27 +02:00
"print_result(res)"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"# Searching using the RestSearch\n",
2019-09-05 14:26:47 +02:00
"endpoint = '/events/restSearch'\n",
2019-06-17 13:40:27 +02:00
"relative_path = ''\n",
"\n",
"body = {\n",
" \"returnFormat\": \"json\",\n",
" \"eventinfo\": \"%via the API%\",\n",
" \"published\": 1\n",
"}\n",
"\n",
2019-09-05 14:26:47 +02:00
"res = misp.direct_call(endpoint + relative_path, body)\n",
2019-06-17 13:40:27 +02:00
"print_result(res)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# Sightings"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"# Creating sightings\n",
2019-09-05 14:26:47 +02:00
"endpoint = '/sightings/add'\n",
2019-06-17 13:40:27 +02:00
"relative_path = ''\n",
"\n",
"body = {\n",
"# \"id\": \"36578\"\n",
" \"value\": \"parsed-ail.json\"\n",
"}\n",
"\n",
2019-09-05 14:26:47 +02:00
"res = misp.direct_call(endpoint + relative_path, body)\n",
2019-06-17 13:40:27 +02:00
"print_result(res)"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"# Searching for sighted elements\n",
2019-09-05 14:26:47 +02:00
"endpoint = '/sightings/restSearch/event'\n",
2019-06-17 13:40:27 +02:00
"relative_path = ''\n",
"\n",
"body = {\n",
" \"returnFormat\": \"json\",\n",
" \"id\": 33,\n",
" \"includeAttribute\": 1,\n",
" \"includeEvent\": 1\n",
"}\n",
"\n",
2019-09-05 14:26:47 +02:00
"res = misp.direct_call(endpoint + relative_path, body)\n",
2019-06-17 13:40:27 +02:00
"print_result(res)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# Warning lists"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"# Checking values against the warining list\n",
2019-09-05 14:26:47 +02:00
"endpoint = '/warninglists/checkValue'\n",
2019-06-17 13:40:27 +02:00
"relative_path = ''\n",
"\n",
"body = [\"8.8.8.8\", \"yolo\", \"test\"]\n",
"\n",
2019-09-05 14:26:47 +02:00
"res = misp.direct_call(endpoint + relative_path, body)\n",
2019-06-17 13:40:27 +02:00
"print_result(res)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# Instance management"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"# Creating Organisation\n",
2019-09-05 14:26:47 +02:00
"endpoint = '/admin/organisations/add'\n",
2019-06-17 13:40:27 +02:00
"relative_path = ''\n",
"\n",
"body = {\n",
" \"name\": \"TEMP_ORG2\"\n",
"}\n",
"\n",
2019-09-05 14:26:47 +02:00
"res = misp.direct_call(endpoint + relative_path, body)\n",
2019-06-17 13:40:27 +02:00
"print_result(res)"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"# Creating Users\n",
2019-09-05 14:26:47 +02:00
"endpoint = '/admin/users/add'\n",
2019-06-17 13:40:27 +02:00
"relative_path = ''\n",
"\n",
"body = {\n",
" \"email\": \"from_api2@admin.test\",\n",
" \"org_id\": 1009,\n",
" \"role_id\": 3,\n",
" \"termsaccepted\": 1,\n",
" \"change_pw\": 0, # User prompted to change the psswd once logged in\n",
" \"password\": \"~~UlTrA_SeCuRe_PaSsWoRd~~\"\n",
"}\n",
"\n",
2019-09-05 14:26:47 +02:00
"res = misp.direct_call(endpoint + relative_path, body)\n",
2019-06-17 13:40:27 +02:00
"print_result(res)"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"# Creating Sharing Groups\n",
2019-09-05 14:26:47 +02:00
"endpoint = '/sharing_groups/add'\n",
2019-06-17 13:40:27 +02:00
"relative_path = ''\n",
"\n",
"body = {\n",
" \"name\": \"TEMP_SG2\",\n",
" \"releasability\": \"To nobody\",\n",
" \"SharingGroupOrg\": [\n",
" {\n",
" \"name\": \"ORGNAME\",\n",
" \"extend\": 1\n",
" },\n",
" {\n",
" \"name\": \"CIRCL\",\n",
" \"extend\": 1\n",
" }\n",
" ]\n",
"}\n",
"\n",
2019-09-05 14:26:47 +02:00
"res = misp.direct_call(endpoint + relative_path, body)\n",
2019-06-17 13:40:27 +02:00
"print_result(res)"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"scrolled": true
},
"outputs": [],
"source": [
"# Server\n",
2019-09-05 14:26:47 +02:00
"endpoint = '/servers/add'\n",
2019-06-17 13:40:27 +02:00
"relative_path = ''\n",
"\n",
"body = {\n",
" \"url\": \"http://127.0.0.1:80/\",\n",
" \"name\": \"Myself\",\n",
" \"remote_org_id\": \"2\",\n",
" \"authkey\": \"UHwmZCH4QdSKqPVunxTzfSes8n7ibBhUlsd0dmx9\"\n",
" \n",
"}\n",
"\n",
2019-09-05 14:26:47 +02:00
"res = misp.direct_call(endpoint + relative_path, body)\n",
2019-06-17 13:40:27 +02:00
"print_result(res)"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"# Server settings\n",
2019-09-05 14:26:47 +02:00
"endpoint = '/servers/serverSettings'\n",
2019-06-17 13:40:27 +02:00
"relative_path = ''\n",
"\n",
"body = {}\n",
"\n",
2019-09-05 14:26:47 +02:00
"res = misp.direct_call(endpoint + relative_path, body)\n",
2019-06-17 13:40:27 +02:00
"print_result(res)"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"# Statistics\n",
2019-09-05 14:26:47 +02:00
"endpoint = '/users/statistics'\n",
2019-06-17 13:40:27 +02:00
"relative_path = ''\n",
"\n",
"body = {}\n",
"\n",
2019-09-05 14:26:47 +02:00
"res = misp.direct_call(endpoint + relative_path, body)\n",
2019-06-17 13:40:27 +02:00
"print_result(res)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"Not Available:\n",
"- misp-module"
]
}
],
"metadata": {
"kernelspec": {
"display_name": "Python 3",
"language": "python",
"name": "python3"
},
"language_info": {
"codemirror_mode": {
"name": "ipython",
"version": 3
},
"file_extension": ".py",
"mimetype": "text/x-python",
"name": "python",
"nbconvert_exporter": "python",
"pygments_lexer": "ipython3",
2019-06-18 08:01:25 +02:00
"version": "3.6.8"
2019-06-17 13:40:27 +02:00
}
},
"nbformat": 4,
"nbformat_minor": 2
}
