diff --git a/a.7-rest-API/Training - Using the API in MISP.ipynb b/a.7-rest-API/Training - Using the API in MISP.ipynb index a074057..9c616a0 100644 --- a/a.7-rest-API/Training - Using the API in MISP.ipynb +++ b/a.7-rest-API/Training - Using the API in MISP.ipynb @@ -56,8 +56,9 @@ "source": [ "from pymisp import ExpandedPyMISP\n", "from pprint import pprint\n", - "AUTHKEY = \"ptU1OggdiLLWlwHPO9B3lzpwEND3hL7gH0uEsyYL\"\n", - "URL = \"http://127.0.0.1:8080\"\n", + "AUTHKEY = \"AY6Qur7V1kyQ1BTefWiiTx7B6KM7ABln1UVpfDKB\"\n", + "URL = \"https://localhost:8443\"\n", + "misp = ExpandedPyMISP(URL, AUTHKEY, False)\n", "\n", "def print_result(result):\n", " flag_printed = False\n", @@ -100,17 +101,16 @@ "outputs": [], "source": [ "# Creation\n", - "misp_url = URL + '/events/add'\n", + "endpoint = '/events/add'\n", "relative_path = ''\n", "\n", "body = {\n", - " \"info\": \"Event created via the API for Telindus training\",\n", + " \"info\": \"Event created via the API for the CA training 4\",\n", " \"threat_level_id\": 1,\n", " \"distribution\": 0\n", "}\n", "\n", - "misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n", - "res = misp.direct_call(relative_path, body)\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, @@ -121,16 +121,15 @@ "outputs": [], "source": [ "# Edition 1\n", - "misp_url = URL + '/events/edit/'\n", - "relative_path = '33'\n", + "endpoint = '/events/edit/'\n", + "relative_path = '21'\n", "\n", "body = {\n", - " \"distribution\": 4,\n", - " \"sharing_group_id\": 1\n", + " \"distribution\": 3\n", + "# \"sharing_group_id\": 1\n", "}\n", "\n", - "misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n", - "res = misp.direct_call(relative_path, body) \n", + "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, @@ -141,8 +140,8 @@ "outputs": [], "source": [ "# Edition 2 - Adding Attribute\n", - "misp_url = URL + '/events/edit/'\n", - "relative_path = '29'\n", + "endpoint = '/events/edit/'\n", + "relative_path = '18'\n", "\n", "body = {\n", " \"distribution\": 0,\n", @@ -154,8 +153,7 @@ " ]\n", "}\n", "\n", - "misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n", - "res = misp.direct_call(relative_path, body)\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, @@ -166,7 +164,7 @@ "outputs": [], "source": [ "# Edition 2 - tagging - The bad way (Fetch the whole event and re-process everything)\n", - "misp_url = URL + '/events/edit/'\n", + "endpoint = '/events/edit/'\n", "relative_path = '29'\n", "\n", "body = {\n", @@ -178,8 +176,7 @@ " }\n", "}\n", "\n", - "misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n", - "res = misp.direct_call(relative_path, body)\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, @@ -190,16 +187,15 @@ "outputs": [], "source": [ "# Edition 2 - tagging - The better way\n", - "misp_url = URL + '/tags/attachTagToObject'\n", + "endpoint = '/tags/attachTagToObject'\n", "relative_path = ''\n", "\n", "body = {\n", - " \"uuid\": \"5cf65823-d22c-45ae-af4f-47d80a00020f\", # can be anything: event or attribute\n", + " \"uuid\": \"5d6f857e-698c-4ea0-834a-6db1cfc4a0a0\", # can be anything: event or attribute\n", " \"tag\": \"tlp:green\"\n", "}\n", "\n", - "misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n", - "res = misp.direct_call(relative_path, body)\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, @@ -210,17 +206,16 @@ "outputs": [], "source": [ "# Searching the Event index (Move it to the search topic)\n", - "misp_url = URL + '/events/index'\n", + "endpoint = '/events/index'\n", "relative_path = ''\n", "\n", "body = {\n", - " \"eventinfo\": \"api\",\n", - " \"publish_timestamp\": \"10d\",\n", - " \"org\": \"ORGNAME\"\n", + "# \"eventinfo\": \"api\",\n", + " \"publish_timestamp\": \"2019-05-21\",\n", + "# \"org\": \"ORGNAME\"\n", "}\n", "\n", - "misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n", - "res = misp.direct_call(relative_path, body)\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, @@ -231,7 +226,7 @@ "outputs": [], "source": [ "# Searching the Event index\n", - "misp_url = URL + '/events/index'\n", + "misp_url = '/events/index'\n", "relative_path = ''\n", "\n", "body = {\n", @@ -239,8 +234,7 @@ " \"tag\": [\"tlp:amber\"]\n", "}\n", "\n", - "misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n", - "res = misp.direct_call(relative_path, body)\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", "\n", "print('Event number: %s' % len(res))\n", "print_result(res)" @@ -266,7 +260,7 @@ "metadata": {}, "outputs": [], "source": [ - "event_id = 33" + "event_id = XXXXX" ] }, { @@ -276,7 +270,7 @@ "outputs": [], "source": [ "# Adding\n", - "misp_url = URL + '/attributes/add/'\n", + "endpoint = '/attributes/add/'\n", "relative_path = str(event_id)\n", "\n", "body = {\n", @@ -284,8 +278,7 @@ " \"type\": \"ip-dst\"\n", "}\n", "\n", - "misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n", - "res = misp.direct_call(relative_path, body)\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, @@ -296,7 +289,7 @@ "outputs": [], "source": [ "# Adding invalid attribute type\n", - "misp_url = URL + '/attributes/add/'\n", + "endpoint = '/attributes/add/'\n", "relative_path = str(event_id)\n", "\n", "body = {\n", @@ -304,8 +297,7 @@ " \"type\": \"md5\"\n", "}\n", "\n", - "misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n", - "res = misp.direct_call(relative_path, body)\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, @@ -316,7 +308,7 @@ "outputs": [], "source": [ "# Editing\n", - "misp_url = URL + '/attributes/edit/'\n", + "endpoint = '/attributes/edit/'\n", "relative_path = '36586'\n", "\n", "body = {\n", @@ -325,8 +317,7 @@ " \"comment\": \"Comment added via the API\",\n", "}\n", "\n", - "misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n", - "res = misp.direct_call(relative_path, body)\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, @@ -338,11 +329,11 @@ "source": [ "# Editing with data taken from JSON views. \n", "# (timestamp) contrast the difference with *PyMISP*\n", - "misp_url = URL + '/attributes/edit/'\n", - "relative_path = '36586'\n", + "endpoint = '/attributes/edit/'\n", + "relative_path = 'XXXXXXXX'\n", "\n", "body = {\n", - " \"id\": \"36586\",\n", + " \"id\": \"XXXXXXXX\",\n", " \"type\": \"ip-dst\",\n", " \"category\": \"Network activity\",\n", " \"to_ids\": False,\n", @@ -371,8 +362,7 @@ " ]\n", " }\n", "\n", - "misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n", - "res = misp.direct_call(relative_path, body)\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, @@ -390,7 +380,7 @@ "outputs": [], "source": [ "# Example of an un-documented endpoint\n", - "misp_url = URL + '/objects/add/'\n", + "endpoint = '/objects/add/'\n", "relative_path = str(event_id)\n", "\n", "body = {\n", @@ -426,8 +416,7 @@ " ]\n", "}\n", "\n", - "misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n", - "res = misp.direct_call(relative_path, body)\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, @@ -462,7 +451,7 @@ "metadata": {}, "outputs": [], "source": [ - "misp_url = URL + '/attributes/restSearch/'\n", + "endpoint = '/attributes/restSearch/'\n", "relative_path = ''\n", "\n", "body = {\n", @@ -470,8 +459,7 @@ " \"eventid\": event_id\n", "}\n", "\n", - "misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n", - "res = misp.direct_call(relative_path, body)\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, @@ -482,7 +470,7 @@ "outputs": [], "source": [ "# Searches on Attribute's data\n", - "misp_url = URL + '/attributes/restSearch/'\n", + "misp_url = '/attributes/restSearch/'\n", "relative_path = ''\n", "\n", "body = {\n", @@ -492,8 +480,7 @@ " \"value\": \"1.2.3.%\"\n", "}\n", "\n", - "misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n", - "res = misp.direct_call(relative_path, body)\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, @@ -504,7 +491,7 @@ "outputs": [], "source": [ "# Searches on Attribute's data\n", - "misp_url = URL + '/attributes/restSearch/'\n", + "endpoint = '/attributes/restSearch/'\n", "relative_path = ''\n", "\n", "body = {\n", @@ -515,8 +502,7 @@ "\n", "# [] == {\"OR\": []}\n", "\n", - "misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n", - "res = misp.direct_call(relative_path, body)\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, @@ -527,7 +513,7 @@ "outputs": [], "source": [ "# Searches on Attribute's data\n", - "misp_url = URL + '/attributes/restSearch/'\n", + "endpoint = '/attributes/restSearch/'\n", "relative_path = ''\n", "\n", "body = {\n", @@ -542,8 +528,7 @@ " \"tags\": {\"AND\": [\"tlp:green\", \"Malware\"], \"NOT\": [\"%ransomware%\"]}\n", "}\n", "\n", - "misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n", - "res = misp.direct_call(relative_path, body)\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, @@ -554,7 +539,7 @@ "outputs": [], "source": [ "# Paginating\n", - "misp_url = URL + '/attributes/restSearch/'\n", + "endpoint = '/attributes/restSearch/'\n", "relative_path = ''\n", "\n", "body = {\n", @@ -564,8 +549,7 @@ " \"limit\": 1\n", "}\n", "\n", - "misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n", - "res = misp.direct_call(relative_path, body)\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, @@ -576,8 +560,9 @@ "outputs": [], "source": [ "# Searches based on time: Absolute\n", - "misp_url = URL + '/attributes/restSearch/'\n", + "endpoint = '/attributes/restSearch/'\n", "relative_path = ''\n", + "event_id = 13\n", "\n", "body = {\n", " \"returnFormat\": \"json\",\n", @@ -586,8 +571,7 @@ " # from and to NOT REALLY USEFULL.. \n", "}\n", "\n", - "misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n", - "res = misp.direct_call(relative_path, body)\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, @@ -598,7 +582,7 @@ "outputs": [], "source": [ "# Searches based on time: Relative\n", - "misp_url = URL + '/attributes/restSearch/'\n", + "endpoint = '/attributes/restSearch/'\n", "relative_path = ''\n", "\n", "# /!\\ Last: works on the publish_timestamp -> may be confusing\n", @@ -606,12 +590,11 @@ "body = {\n", " \"returnFormat\": \"json\",\n", " \"eventid\": event_id,\n", - " \"to_ids\": 1,\n", - " \"last\": \"10d\"\n", + "# \"to_ids\": 1,\n", + " \"last\": \"2019-08-28\"\n", "}\n", "\n", - "misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n", - "res = misp.direct_call(relative_path, body)\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, @@ -637,7 +620,7 @@ "outputs": [], "source": [ "# Searches with attachments\n", - "misp_url = URL + '/attributes/restSearch/'\n", + "endpoint = '/attributes/restSearch/'\n", "relative_path = ''\n", "\n", "body = {\n", @@ -647,8 +630,7 @@ "# \"withAttachments\": 1\n", "}\n", "\n", - "misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n", - "res = misp.direct_call(relative_path, body)\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, @@ -659,7 +641,7 @@ "outputs": [], "source": [ "# Searches - Others\n", - "misp_url = URL + '/attributes/restSearch/'\n", + "endpoint = '/attributes/restSearch/'\n", "relative_path = ''\n", "\n", "body = {\n", @@ -669,8 +651,7 @@ "# \"enforceWarninglist\": 1\n", "}\n", "\n", - "misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n", - "res = misp.direct_call(relative_path, body)\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, @@ -688,7 +669,7 @@ "outputs": [], "source": [ "# Searching using the RestSearch\n", - "misp_url = URL + '/events/restSearch'\n", + "endpoint = '/events/restSearch'\n", "relative_path = ''\n", "\n", "body = {\n", @@ -696,8 +677,7 @@ " \"eventid\": 31,\n", "}\n", "\n", - "misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n", - "res = misp.direct_call(relative_path, body)\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, @@ -738,7 +718,7 @@ "outputs": [], "source": [ "# Searching using the RestSearch - Filtering\n", - "misp_url = URL + '/events/restSearch'\n", + "endpoint = '/events/restSearch'\n", "relative_path = ''\n", "\n", "body = {\n", @@ -746,8 +726,7 @@ " \"value\": \"parsed-ail.json\"\n", "}\n", "\n", - "misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n", - "res = misp.direct_call(relative_path, body)\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, @@ -758,7 +737,7 @@ "outputs": [], "source": [ "# Searching using the RestSearch\n", - "misp_url = URL + '/events/restSearch'\n", + "endpoint = '/events/restSearch'\n", "relative_path = ''\n", "\n", "body = {\n", @@ -768,8 +747,7 @@ " \"metadata\": 1\n", "}\n", "\n", - "misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n", - "res = misp.direct_call(relative_path, body)\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, @@ -780,7 +758,7 @@ "outputs": [], "source": [ "# Searching using the RestSearch\n", - "misp_url = URL + '/events/restSearch'\n", + "endpoint = '/events/restSearch'\n", "relative_path = ''\n", "\n", "body = {\n", @@ -789,8 +767,7 @@ " \"published\": 1\n", "}\n", "\n", - "misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n", - "res = misp.direct_call(relative_path, body)\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, @@ -808,7 +785,7 @@ "outputs": [], "source": [ "# Creating sightings\n", - "misp_url = URL + '/sightings/add'\n", + "endpoint = '/sightings/add'\n", "relative_path = ''\n", "\n", "body = {\n", @@ -816,8 +793,7 @@ " \"value\": \"parsed-ail.json\"\n", "}\n", "\n", - "misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n", - "res = misp.direct_call(relative_path, body)\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, @@ -828,7 +804,7 @@ "outputs": [], "source": [ "# Searching for sighted elements\n", - "misp_url = URL + '/sightings/restSearch/event'\n", + "endpoint = '/sightings/restSearch/event'\n", "relative_path = ''\n", "\n", "body = {\n", @@ -838,8 +814,7 @@ " \"includeEvent\": 1\n", "}\n", "\n", - "misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n", - "res = misp.direct_call(relative_path, body)\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, @@ -857,13 +832,12 @@ "outputs": [], "source": [ "# Checking values against the warining list\n", - "misp_url = URL + '/warninglists/checkValue'\n", + "endpoint = '/warninglists/checkValue'\n", "relative_path = ''\n", "\n", "body = [\"8.8.8.8\", \"yolo\", \"test\"]\n", "\n", - "misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n", - "res = misp.direct_call(relative_path, body)\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, @@ -881,15 +855,14 @@ "outputs": [], "source": [ "# Creating Organisation\n", - "misp_url = URL + '/admin/organisations/add'\n", + "endpoint = '/admin/organisations/add'\n", "relative_path = ''\n", "\n", "body = {\n", " \"name\": \"TEMP_ORG2\"\n", "}\n", "\n", - "misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n", - "res = misp.direct_call(relative_path, body)\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, @@ -900,7 +873,7 @@ "outputs": [], "source": [ "# Creating Users\n", - "misp_url = URL + '/admin/users/add'\n", + "endpoint = '/admin/users/add'\n", "relative_path = ''\n", "\n", "body = {\n", @@ -912,8 +885,7 @@ " \"password\": \"~~UlTrA_SeCuRe_PaSsWoRd~~\"\n", "}\n", "\n", - "misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n", - "res = misp.direct_call(relative_path, body)\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, @@ -924,7 +896,7 @@ "outputs": [], "source": [ "# Creating Sharing Groups\n", - "misp_url = URL + '/sharing_groups/add'\n", + "endpoint = '/sharing_groups/add'\n", "relative_path = ''\n", "\n", "body = {\n", @@ -942,8 +914,7 @@ " ]\n", "}\n", "\n", - "misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n", - "res = misp.direct_call(relative_path, body)\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, @@ -956,7 +927,7 @@ "outputs": [], "source": [ "# Server\n", - "misp_url = URL + '/servers/add'\n", + "endpoint = '/servers/add'\n", "relative_path = ''\n", "\n", "body = {\n", @@ -967,8 +938,7 @@ " \n", "}\n", "\n", - "misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n", - "res = misp.direct_call(relative_path, body)\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, @@ -979,13 +949,12 @@ "outputs": [], "source": [ "# Server settings\n", - "misp_url = URL + '/servers/serverSettings'\n", + "endpoint = '/servers/serverSettings'\n", "relative_path = ''\n", "\n", "body = {}\n", "\n", - "misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n", - "res = misp.direct_call(relative_path, body)\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, @@ -996,13 +965,12 @@ "outputs": [], "source": [ "# Statistics\n", - "misp_url = URL + '/users/statistics'\n", + "endpoint = '/users/statistics'\n", "relative_path = ''\n", "\n", "body = {}\n", "\n", - "misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n", - "res = misp.direct_call(relative_path, body)\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, @@ -1031,7 +999,7 @@ "name": "python", "nbconvert_exporter": "python", "pygments_lexer": "ipython3", - "version": "3.6.7" + "version": "3.7.3" } }, "nbformat": 4,