MISP
/
misp-training
mirror of https://github.com/MISP/misp-training
2
0
Fork 0
Code Issues Releases Wiki Activity

fix: [API notebook] updated to match PyMISP `direct_call` signature

changes-actionable
mokaddem 2019-09-05 14:26:47 +02:00
parent 0ec0d5ef82
commit 103d8682d0
1 changed files with 87 additions and 119 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

206
a.7-rest-API/Training - Using the API in MISP.ipynb
View File

@ -56,8 +56,9 @@
"source": [
"from pymisp import ExpandedPyMISP\n",
"from pprint import pprint\n",
"AUTHKEY = \"ptU1OggdiLLWlwHPO9B3lzpwEND3hL7gH0uEsyYL\"\n",
"URL = \"http://127.0.0.1:8080\"\n",
"AUTHKEY = \"AY6Qur7V1kyQ1BTefWiiTx7B6KM7ABln1UVpfDKB\"\n",
"URL = \"https://localhost:8443\"\n",
"misp = ExpandedPyMISP(URL, AUTHKEY, False)\n",
"\n",
"def print_result(result):\n",
" flag_printed = False\n",
@ -100,17 +101,16 @@
"outputs": [],
"source": [
"# Creation\n",
"misp_url = URL + '/events/add'\n",
"endpoint = '/events/add'\n",
"relative_path = ''\n",
"\n",
"body = {\n",
" \"info\": \"Event created via the API for Telindus training\",\n",
" \"info\": \"Event created via the API for the CA training 4\",\n",
" \"threat_level_id\": 1,\n",
" \"distribution\": 0\n",
"}\n",
"\n",
"misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n",
"res = misp.direct_call(relative_path, body)\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
@ -121,16 +121,15 @@
"outputs": [],
"source": [
"# Edition 1\n",
"misp_url = URL + '/events/edit/'\n",
"relative_path = '33'\n",
"endpoint = '/events/edit/'\n",
"relative_path = '21'\n",
"\n",
"body = {\n",
" \"distribution\": 4,\n",
" \"sharing_group_id\": 1\n",
" \"distribution\": 3\n",
"# \"sharing_group_id\": 1\n",
"}\n",
"\n",
"misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n",
"res = misp.direct_call(relative_path, body) \n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
@ -141,8 +140,8 @@
"outputs": [],
"source": [
"# Edition 2 - Adding Attribute\n",
"misp_url = URL + '/events/edit/'\n",
"relative_path = '29'\n",
"endpoint = '/events/edit/'\n",
"relative_path = '18'\n",
"\n",
"body = {\n",
" \"distribution\": 0,\n",
@ -154,8 +153,7 @@
" ]\n",
"}\n",
"\n",
"misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n",
"res = misp.direct_call(relative_path, body)\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
@ -166,7 +164,7 @@
"outputs": [],
"source": [
"# Edition 2 - tagging - The bad way (Fetch the whole event and re-process everything)\n",
"misp_url = URL + '/events/edit/'\n",
"endpoint = '/events/edit/'\n",
"relative_path = '29'\n",
"\n",
"body = {\n",
@ -178,8 +176,7 @@
" }\n",
"}\n",
"\n",
"misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n",
"res = misp.direct_call(relative_path, body)\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
@ -190,16 +187,15 @@
"outputs": [],
"source": [
"# Edition 2 - tagging - The better way\n",
"misp_url = URL + '/tags/attachTagToObject'\n",
"endpoint = '/tags/attachTagToObject'\n",
"relative_path = ''\n",
"\n",
"body = {\n",
" \"uuid\": \"5cf65823-d22c-45ae-af4f-47d80a00020f\", # can be anything: event or attribute\n",
" \"uuid\": \"5d6f857e-698c-4ea0-834a-6db1cfc4a0a0\", # can be anything: event or attribute\n",
" \"tag\": \"tlp:green\"\n",
"}\n",
"\n",
"misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n",
"res = misp.direct_call(relative_path, body)\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
@ -210,17 +206,16 @@
"outputs": [],
"source": [
"# Searching the Event index (Move it to the search topic)\n",
"misp_url = URL + '/events/index'\n",
"endpoint = '/events/index'\n",
"relative_path = ''\n",
"\n",
"body = {\n",
" \"eventinfo\": \"api\",\n",
" \"publish_timestamp\": \"10d\",\n",
" \"org\": \"ORGNAME\"\n",
"# \"eventinfo\": \"api\",\n",
" \"publish_timestamp\": \"2019-05-21\",\n",
"# \"org\": \"ORGNAME\"\n",
"}\n",
"\n",
"misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n",
"res = misp.direct_call(relative_path, body)\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
@ -231,7 +226,7 @@
"outputs": [],
"source": [
"# Searching the Event index\n",
"misp_url = URL + '/events/index'\n",
"misp_url = '/events/index'\n",
"relative_path = ''\n",
"\n",
"body = {\n",
@ -239,8 +234,7 @@
" \"tag\": [\"tlp:amber\"]\n",
"}\n",
"\n",
"misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n",
"res = misp.direct_call(relative_path, body)\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"\n",
"print('Event number: %s' % len(res))\n",
"print_result(res)"
@ -266,7 +260,7 @@
"metadata": {},
"outputs": [],
"source": [
"event_id = 33"
"event_id = XXXXX"
]
},
{
@ -276,7 +270,7 @@
"outputs": [],
"source": [
"# Adding\n",
"misp_url = URL + '/attributes/add/'\n",
"endpoint = '/attributes/add/'\n",
"relative_path = str(event_id)\n",
"\n",
"body = {\n",
@ -284,8 +278,7 @@
" \"type\": \"ip-dst\"\n",
"}\n",
"\n",
"misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n",
"res = misp.direct_call(relative_path, body)\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
@ -296,7 +289,7 @@
"outputs": [],
"source": [
"# Adding invalid attribute type\n",
"misp_url = URL + '/attributes/add/'\n",
"endpoint = '/attributes/add/'\n",
"relative_path = str(event_id)\n",
"\n",
"body = {\n",
@ -304,8 +297,7 @@
" \"type\": \"md5\"\n",
"}\n",
"\n",
"misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n",
"res = misp.direct_call(relative_path, body)\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
@ -316,7 +308,7 @@
"outputs": [],
"source": [
"# Editing\n",
"misp_url = URL + '/attributes/edit/'\n",
"endpoint = '/attributes/edit/'\n",
"relative_path = '36586'\n",
"\n",
"body = {\n",
@ -325,8 +317,7 @@
" \"comment\": \"Comment added via the API\",\n",
"}\n",
"\n",
"misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n",
"res = misp.direct_call(relative_path, body)\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
@ -338,11 +329,11 @@
"source": [
"# Editing with data taken from JSON views. \n",
"# <!> (timestamp) contrast the difference with *PyMISP*\n",
"misp_url = URL + '/attributes/edit/'\n",
"relative_path = '36586'\n",
"endpoint = '/attributes/edit/'\n",
"relative_path = 'XXXXXXXX'\n",
"\n",
"body = {\n",
" \"id\": \"36586\",\n",
" \"id\": \"XXXXXXXX\",\n",
" \"type\": \"ip-dst\",\n",
" \"category\": \"Network activity\",\n",
" \"to_ids\": False,\n",
@ -371,8 +362,7 @@
" ]\n",
" }\n",
"\n",
"misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n",
"res = misp.direct_call(relative_path, body)\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
@ -390,7 +380,7 @@
"outputs": [],
"source": [
"# Example of an un-documented endpoint\n",
"misp_url = URL + '/objects/add/'\n",
"endpoint = '/objects/add/'\n",
"relative_path = str(event_id)\n",
"\n",
"body = {\n",
@ -426,8 +416,7 @@
" ]\n",
"}\n",
"\n",
"misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n",
"res = misp.direct_call(relative_path, body)\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
@ -462,7 +451,7 @@
"metadata": {},
"outputs": [],
"source": [
"misp_url = URL + '/attributes/restSearch/'\n",
"endpoint = '/attributes/restSearch/'\n",
"relative_path = ''\n",
"\n",
"body = {\n",
@ -470,8 +459,7 @@
" \"eventid\": event_id\n",
"}\n",
"\n",
"misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n",
"res = misp.direct_call(relative_path, body)\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
@ -482,7 +470,7 @@
"outputs": [],
"source": [
"# Searches on Attribute's data\n",
"misp_url = URL + '/attributes/restSearch/'\n",
"misp_url = '/attributes/restSearch/'\n",
"relative_path = ''\n",
"\n",
"body = {\n",
@ -492,8 +480,7 @@
" \"value\": \"1.2.3.%\"\n",
"}\n",
"\n",
"misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n",
"res = misp.direct_call(relative_path, body)\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
@ -504,7 +491,7 @@
"outputs": [],
"source": [
"# Searches on Attribute's data\n",
"misp_url = URL + '/attributes/restSearch/'\n",
"endpoint = '/attributes/restSearch/'\n",
"relative_path = ''\n",
"\n",
"body = {\n",
@ -515,8 +502,7 @@
"\n",
"# [] == {\"OR\": []}\n",
"\n",
"misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n",
"res = misp.direct_call(relative_path, body)\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
@ -527,7 +513,7 @@
"outputs": [],
"source": [
"# Searches on Attribute's data\n",
"misp_url = URL + '/attributes/restSearch/'\n",
"endpoint = '/attributes/restSearch/'\n",
"relative_path = ''\n",
"\n",
"body = {\n",
@ -542,8 +528,7 @@
" \"tags\": {\"AND\": [\"tlp:green\", \"Malware\"], \"NOT\": [\"%ransomware%\"]}\n",
"}\n",
"\n",
"misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n",
"res = misp.direct_call(relative_path, body)\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
@ -554,7 +539,7 @@
"outputs": [],
"source": [
"# Paginating\n",
"misp_url = URL + '/attributes/restSearch/'\n",
"endpoint = '/attributes/restSearch/'\n",
"relative_path = ''\n",
"\n",
"body = {\n",
@ -564,8 +549,7 @@
" \"limit\": 1\n",
"}\n",
"\n",
"misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n",
"res = misp.direct_call(relative_path, body)\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
@ -576,8 +560,9 @@
"outputs": [],
"source": [
"# Searches based on time: Absolute\n",
"misp_url = URL + '/attributes/restSearch/'\n",
"endpoint = '/attributes/restSearch/'\n",
"relative_path = ''\n",
"event_id = 13\n",
"\n",
"body = {\n",
" \"returnFormat\": \"json\",\n",
@ -586,8 +571,7 @@
" # from and to NOT REALLY USEFULL.. \n",
"}\n",
"\n",
"misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n",
"res = misp.direct_call(relative_path, body)\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
@ -598,7 +582,7 @@
"outputs": [],
"source": [
"# Searches based on time: Relative\n",
"misp_url = URL + '/attributes/restSearch/'\n",
"endpoint = '/attributes/restSearch/'\n",
"relative_path = ''\n",
"\n",
"# /!\\ Last: works on the publish_timestamp -> may be confusing\n",
@ -606,12 +590,11 @@
"body = {\n",
" \"returnFormat\": \"json\",\n",
" \"eventid\": event_id,\n",
" \"to_ids\": 1,\n",
" \"last\": \"10d\"\n",
"# \"to_ids\": 1,\n",
" \"last\": \"2019-08-28\"\n",
"}\n",
"\n",
"misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n",
"res = misp.direct_call(relative_path, body)\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
@ -637,7 +620,7 @@
"outputs": [],
"source": [
"# Searches with attachments\n",
"misp_url = URL + '/attributes/restSearch/'\n",
"endpoint = '/attributes/restSearch/'\n",
"relative_path = ''\n",
"\n",
"body = {\n",
@ -647,8 +630,7 @@
"# \"withAttachments\": 1\n",
"}\n",
"\n",
"misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n",
"res = misp.direct_call(relative_path, body)\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
@ -659,7 +641,7 @@
"outputs": [],
"source": [
"# Searches - Others\n",
"misp_url = URL + '/attributes/restSearch/'\n",
"endpoint = '/attributes/restSearch/'\n",
"relative_path = ''\n",
"\n",
"body = {\n",
@ -669,8 +651,7 @@
"# \"enforceWarninglist\": 1\n",
"}\n",
"\n",
"misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n",
"res = misp.direct_call(relative_path, body)\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
@ -688,7 +669,7 @@
"outputs": [],
"source": [
"# Searching using the RestSearch\n",
"misp_url = URL + '/events/restSearch'\n",
"endpoint = '/events/restSearch'\n",
"relative_path = ''\n",
"\n",
"body = {\n",
@ -696,8 +677,7 @@
" \"eventid\": 31,\n",
"}\n",
"\n",
"misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n",
"res = misp.direct_call(relative_path, body)\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
@ -738,7 +718,7 @@
"outputs": [],
"source": [
"# Searching using the RestSearch - Filtering\n",
"misp_url = URL + '/events/restSearch'\n",
"endpoint = '/events/restSearch'\n",
"relative_path = ''\n",
"\n",
"body = {\n",
@ -746,8 +726,7 @@
" \"value\": \"parsed-ail.json\"\n",
"}\n",
"\n",
"misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n",
"res = misp.direct_call(relative_path, body)\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
@ -758,7 +737,7 @@
"outputs": [],
"source": [
"# Searching using the RestSearch\n",
"misp_url = URL + '/events/restSearch'\n",
"endpoint = '/events/restSearch'\n",
"relative_path = ''\n",
"\n",
"body = {\n",
@ -768,8 +747,7 @@
" \"metadata\": 1\n",
"}\n",
"\n",
"misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n",
"res = misp.direct_call(relative_path, body)\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
@ -780,7 +758,7 @@
"outputs": [],
"source": [
"# Searching using the RestSearch\n",
"misp_url = URL + '/events/restSearch'\n",
"endpoint = '/events/restSearch'\n",
"relative_path = ''\n",
"\n",
"body = {\n",
@ -789,8 +767,7 @@
" \"published\": 1\n",
"}\n",
"\n",
"misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n",
"res = misp.direct_call(relative_path, body)\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
@ -808,7 +785,7 @@
"outputs": [],
"source": [
"# Creating sightings\n",
"misp_url = URL + '/sightings/add'\n",
"endpoint = '/sightings/add'\n",
"relative_path = ''\n",
"\n",
"body = {\n",
@ -816,8 +793,7 @@
" \"value\": \"parsed-ail.json\"\n",
"}\n",
"\n",
"misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n",
"res = misp.direct_call(relative_path, body)\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
@ -828,7 +804,7 @@
"outputs": [],
"source": [
"# Searching for sighted elements\n",
"misp_url = URL + '/sightings/restSearch/event'\n",
"endpoint = '/sightings/restSearch/event'\n",
"relative_path = ''\n",
"\n",
"body = {\n",
@ -838,8 +814,7 @@
" \"includeEvent\": 1\n",
"}\n",
"\n",
"misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n",
"res = misp.direct_call(relative_path, body)\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
@ -857,13 +832,12 @@
"outputs": [],
"source": [
"# Checking values against the warining list\n",
"misp_url = URL + '/warninglists/checkValue'\n",
"endpoint = '/warninglists/checkValue'\n",
"relative_path = ''\n",
"\n",
"body = [\"8.8.8.8\", \"yolo\", \"test\"]\n",
"\n",
"misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n",
"res = misp.direct_call(relative_path, body)\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
@ -881,15 +855,14 @@
"outputs": [],
"source": [
"# Creating Organisation\n",
"misp_url = URL + '/admin/organisations/add'\n",
"endpoint = '/admin/organisations/add'\n",
"relative_path = ''\n",
"\n",
"body = {\n",
" \"name\": \"TEMP_ORG2\"\n",
"}\n",
"\n",
"misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n",
"res = misp.direct_call(relative_path, body)\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
@ -900,7 +873,7 @@
"outputs": [],
"source": [
"# Creating Users\n",
"misp_url = URL + '/admin/users/add'\n",
"endpoint = '/admin/users/add'\n",
"relative_path = ''\n",
"\n",
"body = {\n",
@ -912,8 +885,7 @@
" \"password\": \"~~UlTrA_SeCuRe_PaSsWoRd~~\"\n",
"}\n",
"\n",
"misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n",
"res = misp.direct_call(relative_path, body)\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
@ -924,7 +896,7 @@
"outputs": [],
"source": [
"# Creating Sharing Groups\n",
"misp_url = URL + '/sharing_groups/add'\n",
"endpoint = '/sharing_groups/add'\n",
"relative_path = ''\n",
"\n",
"body = {\n",
@ -942,8 +914,7 @@
" ]\n",
"}\n",
"\n",
"misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n",
"res = misp.direct_call(relative_path, body)\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
@ -956,7 +927,7 @@
"outputs": [],
"source": [
"# Server\n",
"misp_url = URL + '/servers/add'\n",
"endpoint = '/servers/add'\n",
"relative_path = ''\n",
"\n",
"body = {\n",
@ -967,8 +938,7 @@
" \n",
"}\n",
"\n",
"misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n",
"res = misp.direct_call(relative_path, body)\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
@ -979,13 +949,12 @@
"outputs": [],
"source": [
"# Server settings\n",
"misp_url = URL + '/servers/serverSettings'\n",
"endpoint = '/servers/serverSettings'\n",
"relative_path = ''\n",
"\n",
"body = {}\n",
"\n",
"misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n",
"res = misp.direct_call(relative_path, body)\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
@ -996,13 +965,12 @@
"outputs": [],
"source": [
"# Statistics\n",
"misp_url = URL + '/users/statistics'\n",
"endpoint = '/users/statistics'\n",
"relative_path = ''\n",
"\n",
"body = {}\n",
"\n",
"misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n",
"res = misp.direct_call(relative_path, body)\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
@ -1031,7 +999,7 @@
"name": "python",
"nbconvert_exporter": "python",
"pygments_lexer": "ipython3",
"version": "3.6.7"
"version": "3.7.3"
}
},
"nbformat": 4,