本文整理汇总了Python中pymisp.MISPEvent.load_file方法的典型用法代码示例。如果您正苦于以下问题:Python MISPEvent.load_file方法的具体用法?Python MISPEvent.load_file怎么用?Python MISPEvent.load_file使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类pymisp.MISPEvent的用法示例。
在下文中一共展示了MISPEvent.load_file方法的4个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: MispEvent
# 需要导入模块: from pymisp import MISPEvent [as 别名]
# 或者: from pymisp.MISPEvent import load_file [as 别名]
class MispEvent(object):
def __init__(self, event, offline=False):
if isinstance(event, MISPEvent):
self.event = event
else:
self.event = MISPEvent()
if isinstance(event, six.string_types) and os.path.exists(event):
self.event.load_file(event)
else:
self.event.load(event)
self.off = offline
if self.event.id:
self.current_dump_file = '{}.json'.format(self.event.id)
else:
self.current_dump_file = None
def online(self):
self.off = False
def offline(self):
self.off = True
def get_all_ips(self):
return [a.value for a in self.event.attributes if a.type in ['ip-dst', 'ip-src']]
def get_all_domains(self):
return [a.value for a in self.event.attributes if a.type in ['domain', 'hostname']]
def get_all_urls(self):
return [a.value for a in self.event.attributes if a.type == 'url']
def get_all_hashes(self):
event_hashes = []
sample_hashes = []
for a in self.event.attributes:
h = None
if a.type in ('md5', 'sha1', 'sha256'):
h = a.value
event_hashes.append(h)
elif a.type in ('filename|md5', 'filename|sha1', 'filename|sha256'):
h = a.value.split('|')[1]
event_hashes.append(h)
elif a.type == 'malware-sample':
h = a.value.split('|')[1]
sample_hashes.append(h)
return event_hashes, sample_hashes示例2: TestPDFExport
# 需要导入模块: from pymisp import MISPEvent [as 别名]
# 或者: from pymisp.MISPEvent import load_file [as 别名]
class TestPDFExport(unittest.TestCase):
def setUp(self):
self.maxDiff = None
self.mispevent = MISPEvent()
if not manual_testing:
self.root = "tests/"
else:
self.root = ""
self.test_folder = self.root + "reportlab_testfiles/"
self.test_batch_folder = self.root + "OSINT_output/"
self.storage_folder_OSINT = self.root + "OSINT_PDF/"
self.test_image_folder = self.root + "image_json/"
self.storage_folder = self.root + "reportlab_testoutputs/"
self.storage_image_folder = self.root + "reportlab_test_image_outputs/"
self.moduleconfig = ["MISP_base_url_for_dynamic_link", "MISP_name_for_metadata", "Activate_textual_description",
"Activate_galaxy_description", "Activate_related_events", "Activate_internationalization_fonts", "Custom_fonts_path"]
def init_event(self):
self.mispevent.info = 'This is a test'
self.mispevent.distribution = 1
self.mispevent.threat_level_id = 1
self.mispevent.analysis = 1
self.mispevent.set_date("2017-12-31") # test the set date method
def check_python_2(self):
if sys.version_info.major < 3:
# we want Python2 test to pass
return True
def test_basic_event(self):
if self.check_python_2():
self.assertTrue(True)
else:
self.init_event()
reportlab_generator.register_value_to_file(reportlab_generator.convert_event_in_pdf_buffer(self.mispevent),
self.storage_folder + "basic_event.pdf")
def test_event(self):
if self.check_python_2():
self.assertTrue(True)
else:
self.init_event()
self.mispevent.load_file(self.test_folder + 'to_delete1.json')
reportlab_generator.register_value_to_file(reportlab_generator.convert_event_in_pdf_buffer(self.mispevent),
self.storage_folder + "normal_event.pdf")
def test_HTML_json(self):
if self.check_python_2():
self.assertTrue(True)
else:
self.init_event()
self.mispevent.load_file(self.test_folder + 'HTML_event.json')
reportlab_generator.register_value_to_file(reportlab_generator.convert_event_in_pdf_buffer(self.mispevent),
self.storage_folder + "HTML_event.pdf")
def test_long_json(self):
if self.check_python_2():
self.assertTrue(True)
else:
self.init_event()
self.mispevent.load_file(self.test_folder + 'long_event.json')
reportlab_generator.register_value_to_file(reportlab_generator.convert_event_in_pdf_buffer(self.mispevent),
self.storage_folder + "long_event.pdf")
# Issue report : "We are not smart enough" : https://pairlist2.pair.net/pipermail/reportlab-users/2010-May/009529.html
# Not nice but working solution exposed there: https://pairlist2.pair.net/pipermail/reportlab-users/2016-March/011525.html
def test_very_long_json(self):
if self.check_python_2():
self.assertTrue(True)
else:
self.init_event()
self.mispevent.load_file(self.test_folder + 'very_long_event.json')
reportlab_generator.register_value_to_file(reportlab_generator.convert_event_in_pdf_buffer(self.mispevent),
self.storage_folder + "very_long_event.pdf")
def test_full_config_json(self):
if self.check_python_2():
self.assertTrue(True)
else:
config = {}
config[self.moduleconfig[0]] = "http://localhost:8080"
config[self.moduleconfig[1]] = "My Wonderful CERT"
self.init_event()
self.mispevent.load_file(self.test_folder + 'very_long_event.json')
reportlab_generator.register_value_to_file(
reportlab_generator.convert_event_in_pdf_buffer(self.mispevent, config),
self.storage_folder + "config_complete_event.pdf")
def test_partial_0_config_json(self):
if self.check_python_2():
self.assertTrue(True)
else:
config = {}
config[self.moduleconfig[0]] = "http://localhost:8080"
self.init_event()
#.........这里部分代码省略.........
示例3: TestMISPEvent
# 需要导入模块: from pymisp import MISPEvent [as 别名]
# 或者: from pymisp.MISPEvent import load_file [as 别名]
class TestMISPEvent(unittest.TestCase):
def setUp(self):
self.maxDiff = None
self.mispevent = MISPEvent()
def init_event(self):
self.mispevent.info = 'This is a test'
self.mispevent.distribution = 1
self.mispevent.threat_level_id = 1
self.mispevent.analysis = 1
self.mispevent.set_date("2017-12-31") # test the set date method
def test_simple(self):
with open('tests/mispevent_testfiles/simple.json', 'r') as f:
ref_json = json.load(f)
self.assertEqual(self.mispevent.to_json(), json.dumps(ref_json, sort_keys=True, indent=2))
def test_event(self):
self.init_event()
self.mispevent.publish()
with open('tests/mispevent_testfiles/event.json', 'r') as f:
ref_json = json.load(f)
self.assertEqual(self.mispevent.to_json(), json.dumps(ref_json, sort_keys=True, indent=2))
def test_loadfile(self):
self.mispevent.load_file('tests/mispevent_testfiles/event.json')
with open('tests/mispevent_testfiles/event.json', 'r') as f:
ref_json = json.load(f)
self.assertEqual(self.mispevent.to_json(), json.dumps(ref_json, sort_keys=True, indent=2))
def test_event_tag(self):
self.init_event()
self.mispevent.add_tag('bar')
self.mispevent.add_tag(name='baz')
new_tag = MISPTag()
new_tag.from_dict(name='foo')
self.mispevent.add_tag(new_tag)
with open('tests/mispevent_testfiles/event_tags.json', 'r') as f:
ref_json = json.load(f)
self.assertEqual(self.mispevent.to_json(), json.dumps(ref_json, sort_keys=True, indent=2))
def test_attribute(self):
self.init_event()
self.mispevent.add_attribute('filename', 'bar.exe')
self.mispevent.add_attribute_tag('osint', 'bar.exe')
attr_tags = self.mispevent.get_attribute_tag('bar.exe')
self.assertEqual(self.mispevent.attributes[0].tags[0].name, 'osint')
self.assertEqual(attr_tags[0].name, 'osint')
with open('tests/mispevent_testfiles/attribute.json', 'r') as f:
ref_json = json.load(f)
self.assertEqual(self.mispevent.to_json(), json.dumps(ref_json, sort_keys=True, indent=2))
# Fake setting an attribute ID for testing
self.mispevent.attributes[0].id = 42
self.mispevent.delete_attribute(42)
with open('tests/mispevent_testfiles/attribute_del.json', 'r') as f:
ref_json = json.load(f)
self.assertEqual(self.mispevent.to_json(), json.dumps(ref_json, sort_keys=True, indent=2))
def test_object_tag(self):
self.mispevent.add_object(name='file', strict=True)
self.mispevent.objects[0].add_attribute('filename', value='bar', Tag=[{'name': 'blah'}])
self.assertEqual(self.mispevent.objects[0].attributes[0].tags[0].name, 'blah')
self.assertTrue(self.mispevent.objects[0].has_attributes_by_relation(['filename']))
self.assertEqual(len(self.mispevent.objects[0].get_attributes_by_relation('filename')), 1)
self.mispevent.add_object(name='url', strict=True)
self.mispevent.objects[1].add_attribute('url', value='https://www.circl.lu')
self.mispevent.objects[0].uuid = 'a'
self.mispevent.objects[1].uuid = 'b'
self.mispevent.objects[0].add_reference('b', 'baz', comment='foo')
self.assertEqual(self.mispevent.objects[0].references[0].relationship_type, 'baz')
with open('tests/mispevent_testfiles/event_obj_attr_tag.json', 'r') as f:
ref_json = json.load(f)
self.assertEqual(self.mispevent.to_json(), json.dumps(ref_json, sort_keys=True, indent=2))
@unittest.skip("Not supported on MISP: https://github.com/MISP/MISP/issues/2638 - https://github.com/MISP/PyMISP/issues/168")
def test_object_level_tag(self):
self.mispevent.add_object(name='file', strict=True)
self.mispevent.objects[0].add_attribute('filename', value='bar')
self.mispevent.objects[0].add_tag('osint')
self.mispevent.objects[0].uuid = 'a'
with open('tests/mispevent_testfiles/event_obj_tag.json', 'r') as f:
ref_json = json.load(f)
self.assertEqual(self.mispevent.to_json(), json.dumps(ref_json, sort_keys=True, indent=2))
def test_malware(self):
with open('tests/mispevent_testfiles/simple.json', 'rb') as f:
pseudofile = BytesIO(f.read())
self.init_event()
self.mispevent.add_attribute('malware-sample', 'bar.exe', data=pseudofile)
attribute = self.mispevent.attributes[0]
self.assertEqual(attribute.malware_binary, pseudofile)
with open('tests/mispevent_testfiles/malware.json', 'r') as f:
ref_json = json.load(f)
self.assertEqual(self.mispevent.to_json(), json.dumps(ref_json, sort_keys=True, indent=2))
def test_existing_malware(self):
self.mispevent.load_file('tests/mispevent_testfiles/malware_exist.json')
with open('tests/mispevent_testfiles/simple.json', 'rb') as f:
pseudofile = BytesIO(f.read())
#.........这里部分代码省略.........
示例4: ReportGenerator
# 需要导入模块: from pymisp import MISPEvent [as 别名]
# 或者: from pymisp.MISPEvent import load_file [as 别名]
class ReportGenerator():
def __init__(self, profile="daily_report"):
self.taxonomies = Taxonomies()
self.report = ''
profile_name = "profiles.{}".format(profile)
self.template = importlib.import_module(name=profile_name)
def from_remote(self, event_id):
from pymisp import PyMISP
from keys import misp_url, misp_key, misp_verifycert
misp = PyMISP(misp_url, misp_key, misp_verifycert)
result = misp.get(event_id)
self.misp_event = MISPEvent()
self.misp_event.load(result)
def from_file(self, path):
self.misp_event = MISPEvent()
self.misp_event.load_file(path)
def attributes(self):
if not self.misp_event.attributes:
return ''
list_attributes = []
for attribute in self.misp_event.attributes:
if attribute.type in self.template.types_to_attach:
list_attributes.append("* {}".format(defang(attribute.value)))
for obj in self.misp_event.Object:
if obj.name in self.template.objects_to_attach:
for attribute in obj.Attribute:
if attribute.type in self.template.types_to_attach:
list_attributes.append("* {}".format(defang(attribute.value)))
return self.template.attributes.format(list_attributes="\n".join(list_attributes))
def _get_tag_info(self, machinetag):
return self.taxonomies.revert_machinetag(machinetag)
def report_headers(self):
content = {'org_name': 'name',
'date': date.today().isoformat()}
self.report += self.template.headers.format(**content)
def event_level_tags(self):
if not self.misp_event.Tag:
return ''
for tag in self.misp_event.Tag:
# Only look for TLP for now
if tag['name'].startswith('tlp'):
tax, predicate = self._get_tag_info(tag['name'])
return self.template.event_level_tags.format(value=predicate.predicate.upper(), expanded=predicate.expanded)
def title(self):
internal_id = ''
summary = ''
# Get internal refs for report
for obj in self.misp_event.Object:
if obj.name != 'report':
continue
for a in obj.Attribute:
if a.object_relation == 'case-number':
internal_id = a.value
if a.object_relation == 'summary':
summary = a.value
return self.template.title.format(internal_id=internal_id, title=self.misp_event.info,
summary=summary)
def asciidoc(self, lang='en'):
self.report += self.title()
self.report += self.event_level_tags()
self.report += self.attributes()