本文整理汇总了Python中pymisp.MISPEvent类的典型用法代码示例。如果您正苦于以下问题:Python MISPEvent类的具体用法?Python MISPEvent怎么用?Python MISPEvent使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
在下文中一共展示了MISPEvent类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: create_event
def create_event(self):
if self.args.threat is not None:
# Dirty trick to keep consistency in the module: the threat level in the upload
# API can go from 0 import to 3 but it is 1 to 4 in the event mgmt API.
# It will be fixed in a near future, in the meantime, we do that:
self.args.threat += 1
if not self.args.info:
self.log('error', 'Info field is required for a new event')
info = ' '.join(self.args.info)
# Check if the following arguments have been set (and correctly set). If not, take the config values
self.args.distrib = self.distribution if self.args.distrib is None else self.args.distrib
self.args.sharing = self.sharinggroup if self.args.sharing is None else self.args.sharing
if self.args.sharing and self.args.distrib != 4:
self.args.sharing = None
self.log('info', "Sharing group can only be set if distribution is 4. Clearing set value")
misp_event = MISPEvent()
misp_event.set_all_values(info=info, distribution=self.args.distrib,
sharing_group_id=self.args.sharing, threat_level_id=self.args.threat,
analysis=self.args.analysis, date=self.args.date)
self._search_local_hashes(misp_event)
if self.offline_mode:
# New event created locally, no ID
__sessions__.current.misp_event.current_dump_file = self._dump()
__sessions__.current.misp_event.offline()
else:
misp_event = self.misp.add_event(json.dumps(misp_event, cls=EncodeUpdate))
if self._has_error_message(misp_event):
return
__sessions__.new(misp_event=MispEvent(misp_event, self.offline_mode))
self._dump()示例2: load_openioc
def load_openioc(openioc):
# Takes a opened file, or a string
if not has_bs4:
raise Exception('You need to install BeautifulSoup: pip install bs4')
misp_event = MISPEvent()
iocreport = BeautifulSoup(openioc, "html.parser")
# Set event fields
info = extract_field(iocreport, 'short_description')
if info:
misp_event.info = info
date = extract_field(iocreport, 'authored_date')
if date:
misp_event.set_date(date)
# Set special attributes
description = extract_field(iocreport, 'description')
if description:
if not misp_event.info:
misp_event.info = description
else:
misp_event.add_attribute('comment', description)
if not misp_event.info:
misp_event.info = 'OpenIOC import'
author = extract_field(iocreport, 'authored_by')
if author:
misp_event.add_attribute('comment', author)
misp_event = set_all_attributes(iocreport, misp_event)
return misp_event示例3: create_event
def create_event(self):
if self.args.threat is not None:
# Dirty trick to keep consistency in the module: the threat level in the upload
# API can go from 0 import to 3 but it is 1 to 4 in the event mgmt API.
# It will be fixed in a near future, in the meantime, we do that:
self.args.threat += 1
if not self.args.info:
self.log('error', 'Info field is required for a new event')
info = ' '.join(self.args.info)
misp_event = MISPEvent()
misp_event.set_all_values(info=info, distribution=self.args.distrib,
threat_level_id=self.args.threat, analysis=self.args.analysis,
date=self.args.date)
self._search_local_hashes(misp_event)
if self.offline_mode:
# New event created locally, no ID
__sessions__.current.misp_event.current_dump_file = self._dump()
__sessions__.current.misp_event.offline()
else:
misp_event = self.misp.add_event(json.dumps(misp_event, cls=EncodeUpdate))
if self._has_error_message(misp_event):
return
__sessions__.new(misp_event=MispEvent(misp_event, self.offline_mode))
self._dump()示例4: test_eventObject
def test_eventObject(self, m):
self.initURI(m)
pymisp = PyMISP(self.domain, self.key)
misp_event = MISPEvent(pymisp.describe_types)
misp_event.load(open('tests/57c4445b-c548-4654-af0b-4be3950d210f.json', 'r').read())
json.dumps(misp_event, cls=EncodeUpdate)
json.dumps(misp_event, cls=EncodeFull)示例5: _dump
def _dump(self, event=None):
event_path = os.path.join(self.cur_path, 'misp_events')
if not os.path.exists(event_path):
os.makedirs(event_path)
if not event:
to_dump = __sessions__.current.misp_event.event
elif isinstance(event, MISPEvent):
to_dump = event
else:
to_dump = MISPEvent()
to_dump.load(event)
if to_dump.id:
filename = str(to_dump.id)
elif (__sessions__.is_attached_misp(True) and
__sessions__.current.misp_event.current_dump_file):
filename = __sessions__.current.misp_event.current_dump_file
else:
i = 1
while True:
filename = 'new_event_{}.json'.format(i)
if not os.path.exists(os.path.join(event_path, filename)):
break
i += 1
path = os.path.join(event_path, filename)
with open(path, 'w') as f:
f.write(to_dump.to_json())
self.log('success', '{} stored successfully.'.format(filename.rstrip('.json')))
return filename示例6: download
def download(self):
if self.offline_mode:
self.log('error', 'Offline mode, unable to dodnload a sample')
return
ok = False
data = None
if self.args.hash:
ok, data = self.misp.download_samples(sample_hash=self.args.hash)
elif self.args.list is not None:
list_events = []
if len(self.args.list) == 0:
event_path = os.path.join(self.cur_path, 'misp_events')
for eid, path, title in self._get_local_events(event_path):
list_events.append(eid)
else:
list_events = self.args.list
all_data = []
for eid in list_events:
me = MISPEvent()
me.load(self.misp.get(eid))
ok, data = self.misp.download_samples(event_id=me.id)
if not ok:
self.log('error', data)
continue
if data:
all_data += data
data = all_data
else:
event_id = self._get_eventid()
if event_id is None:
return
ok, data = self.misp.download_samples(event_id=event_id)
if not ok:
self.log('error', data)
return
to_print = []
samples_path = os.path.join(self.cur_path, 'misp_samples')
for d in data:
eid, filename, payload = d
path = os.path.join(samples_path, eid, filename)
if not os.path.exists(os.path.dirname(path)):
os.makedirs(os.path.dirname(path))
with open(path, 'wb') as f:
f.write(payload.getvalue())
to_print.append((eid, path))
if len(to_print) == 1:
self.log('success', 'The sample has been downloaded from Event {}'.format(to_print[0][0]))
event = self.misp.get(to_print[0][0])
if not self._has_error_message(event):
return __sessions__.new(to_print[0][1], MispEvent(event, self.offline_mode))
elif len(to_print) > 1:
self.log('success', 'The following files have been downloaded:')
self._display_tmp_files()
else:
self.log('warning', 'No samples available.')示例7: create_massive_dummy_events
def create_massive_dummy_events(misp, nbattribute):
event = MISPEvent()
event.info = 'massive dummy event'
event = misp.add_event(event)
print(event)
eventid = event.id
distribution = '0'
functions = [floodtxt, floodip, flooddomain, flooddomainip, floodemail, floodattachment]
for i in range(nbattribute):
choice = randint(0, 5)
if choice == 5:
floodattachment(misp, eventid, distribution, False, 'Payload delivery', '', event.info, event.analysis, event.threat_level_id)
else:
functions[choice](misp, event)示例8: _change_event
def _change_event(self):
if self.offline_mode:
self._dump()
else:
if __sessions__.current.misp_event.event.id:
event = self.misp.update(__sessions__.current.misp_event.event)
else:
event = self.misp.add_event(__sessions__.current.misp_event.event)
if self._has_error_message(event):
return
try:
me = MISPEvent()
me.load(event)
self._check_add(me)
except Exception as e:
self.log('error', e)示例9: test_batch_OSINT_events
def test_batch_OSINT_events(self):
# Test case ONLY for manual testing. Needs to download a full list of OSINT events !
if self.check_python_2():
self.assertTrue(True)
elif not manual_testing:
self.assertTrue(True)
else:
self.init_event()
file_nb = str(len(os.listdir(self.test_batch_folder)))
i = 0
t = time.time()
for curr_file in os.listdir(self.test_batch_folder):
self.mispevent = MISPEvent()
file_path = self.test_batch_folder + curr_file
print("Current file : " + file_path + " " + str(i) + " over " + file_nb)
i += 1
self.mispevent.load_file(file_path)
reportlab_generator.register_value_to_file(
reportlab_generator.convert_event_in_pdf_buffer(self.mispevent),
self.storage_folder_OSINT + curr_file + ".pdf")
print("Elapsed time : " + str(time.time() - t))示例10: test_batch_OSINT_with_config_events
def test_batch_OSINT_with_config_events(self):
# Test case ONLY for manual testing. Needs to download a full list of OSINT events !
if self.check_python_2():
self.assertTrue(True)
elif not manual_testing:
self.assertTrue(True)
else:
self.init_event()
config = {}
config[self.moduleconfig[0]] = "http://localhost:8080"
config[self.moduleconfig[1]] = "My Wonderful CERT"
config[self.moduleconfig[2]] = True
config[self.moduleconfig[3]] = True
config[self.moduleconfig[4]] = True
config[self.moduleconfig[5]] = True
file_nb = str(len(os.listdir(self.test_batch_folder)))
i = 0
t = time.time()
for curr_file in os.listdir(self.test_batch_folder):
self.mispevent = MISPEvent()
file_path = self.test_batch_folder + curr_file
print("Current file : " + file_path + " " + str(i) + " over " + file_nb)
i += 1
self.mispevent.load_file(file_path)
reportlab_generator.register_value_to_file(
reportlab_generator.convert_event_in_pdf_buffer(self.mispevent, config),
self.storage_folder_OSINT + curr_file + ".pdf")
print("Elapsed time : " + str(time.time() - t))示例11: from_remote
def from_remote(self, event_id):
from pymisp import PyMISP
from keys import misp_url, misp_key, misp_verifycert
misp = PyMISP(misp_url, misp_key, misp_verifycert)
result = misp.get(event_id)
self.misp_event = MISPEvent()
self.misp_event.load(result)示例12: MispEvent
class MispEvent(object):
def __init__(self, event, offline=False):
if isinstance(event, MISPEvent):
self.event = event
else:
self.event = MISPEvent()
if isinstance(event, six.string_types) and os.path.exists(event):
self.event.load_file(event)
else:
self.event.load(event)
self.off = offline
if self.event.id:
self.current_dump_file = '{}.json'.format(self.event.id)
else:
self.current_dump_file = None
def online(self):
self.off = False
def offline(self):
self.off = True
def get_all_ips(self):
return [a.value for a in self.event.attributes if a.type in ['ip-dst', 'ip-src']]
def get_all_domains(self):
return [a.value for a in self.event.attributes if a.type in ['domain', 'hostname']]
def get_all_urls(self):
return [a.value for a in self.event.attributes if a.type == 'url']
def get_all_hashes(self):
event_hashes = []
sample_hashes = []
for a in self.event.attributes:
h = None
if a.type in ('md5', 'sha1', 'sha256'):
h = a.value
event_hashes.append(h)
elif a.type in ('filename|md5', 'filename|sha1', 'filename|sha256'):
h = a.value.split('|')[1]
event_hashes.append(h)
elif a.type == 'malware-sample':
h = a.value.split('|')[1]
sample_hashes.append(h)
return event_hashes, sample_hashes示例13: __init__
def __init__(self, event, offline=False):
if isinstance(event, MISPEvent):
self.event = event
else:
self.event = MISPEvent()
self.event.load(event)
self.off = offline
if self.event.id:
self.current_dump_file = '{}.json'.format(self.event.id)
else:
self.current_dump_file = None示例14: _search
def _search(self, query):
if self.offline_mode:
self.log('error', 'Offline mode, unable to search')
return
result = self.misp.search_all(query)
if self._has_error_message(result):
return
self.log('success', '{} matches on the following events:'.format(query))
for e in result['response']:
nb_samples = 0
nb_hashes = 0
me = MISPEvent()
me.load(e)
for a in me.attributes + [attribute for obj in me.objects for attribute in obj.attributes]:
if a.type == 'malware-sample':
nb_samples += 1
if a.type in ('md5', 'sha1', 'sha256', 'filename|md5', 'filename|sha1', 'filename|sha256'):
nb_hashes += 1
self.log('item', '{} ({} samples, {} hashes) - {}{}{}'.format(me.info, nb_samples, nb_hashes, self.url, '/events/view/', me.id))示例15: _search_local_hashes
def _search_local_hashes(self, event, open_session=True):
local = []
samples_count = 0
if isinstance(event, MISPEvent):
misp_event = event
elif event.get('Event') is None:
self.log('error', event)
return
else:
misp_event = MISPEvent()
misp_event.load(event)
if not hasattr(misp_event, 'id'):
# The event doesn't exists upstream, breaking.
return
for a in misp_event.attributes + [attribute for obj in misp_event.objects for attribute in obj.attributes]:
row = None
if a.type == 'malware-sample':
samples_count += 1
if a.type in ('md5', 'sha1', 'sha256'):
row = Database().find(key=a.type, value=a.value)
elif a.type in ('filename|md5', 'filename|sha1', 'filename|sha256'):
row = Database().find(key=a.type.split('|')[1], value=a.value.split('|')[1])
elif a.type == 'malware-sample':
row = Database().find(key='md5', value=a.value.split('|')[1])
if row:
local.append(row[0])
self.log('info', 'Event {} contains {} samples.'.format(misp_event.id, samples_count))
if not open_session:
return
shas = set([l.sha256 for l in local])
if len(shas) == 1:
__sessions__.new(get_sample_path(shas.pop()), MispEvent(misp_event, self.offline_mode))
elif len(shas) > 1:
self.log('success', 'The following samples are in this viper instance:')
__sessions__.new(misp_event=MispEvent(misp_event, self.offline_mode))
for s in shas:
self.log('item', s)
else:
__sessions__.new(misp_event=MispEvent(misp_event, self.offline_mode))
self.log('info', 'No known (in Viper) samples in that event.')