本文整理汇总了Python中pymisp.PyMISP.add_ipsrc方法的典型用法代码示例。如果您正苦于以下问题:Python PyMISP.add_ipsrc方法的具体用法?Python PyMISP.add_ipsrc怎么用?Python PyMISP.add_ipsrc使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类pymisp.PyMISP
的用法示例。
在下文中一共展示了PyMISP.add_ipsrc方法的1个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: mispBuildObject
# 需要导入模块: from pymisp import PyMISP [as 别名]
# 或者: from pymisp.PyMISP import add_ipsrc [as 别名]
#.........这里部分代码省略.........
# Add to MISP
if str(hash.type_)=="MD5":
# Add the hash by itself
#misp.add_hashes(event, md5=str(hash))
misp.add_hashes(event, filename=str(properties.file_name), md5=str(hash), comment=comment, to_ids=args.ids)
elif str(hash.type_)=="SHA1":
# Add the hash by itself
#misp.add_hashes(event, sha1=str(hash))
misp.add_hashes(event, filename=str(properties.file_name), sha1=str(hash), comment=comment, to_ids=args.ids)
elif str(hash.type_)=="SHA256":
# Add the hash by itself
#misp.add_hashes(event, sha256=str(hash))
misp.add_hashes(event, filename=str(properties.file_name), sha256=str(hash), comment=comment, to_ids=args.ids)
elif str(hash.type_)=="SSDEEP":
# Add the hash by itself
#misp.add_hashes(event, ssdeep=str(hash))
misp.add_hashes(event, filename=str(properties.file_name), ssdeep=str(hash), comment=comment, to_ids=args.ids)
# Grab important info from Mutex Objects
if "MutexObjectType" in str(object_type):
print " name: "+str(properties.name)
# Add to MISP
misp.add_mutex(event, str(properties.name), to_ids=args.ids)
# Grab important info from Registry Keys:
if "WindowsRegistryKeyObjectType" in str(object_type):
print " key: "+str(properties.key)
if properties.values:
for value in properties.values:
print " value.datatype: "+str(value.datatype)
print " value.data: "+str(value.data)
#print " value: "+str(dir(value))
# Add to MISP
misp.add_regkey(event, str(properties.key), rvalue=str(value.data), to_ids=args.ids)
else:
misp.add_regkey(event, str(properties.key), to_ids=args.ids)
# Grab Domain Names:
if "DomainNameObjectType" in str(object_type):
print " domain: "+str(properties.value)
# Add to MISP
misp.add_domain(event, str(properties.value), to_ids=args.ids)
# Grab URI's
if "URIObjectType" in str(object_type):
print " uri: "+str(properties.value)
# Add to MISP
misp.add_url(event, str(properties.value), to_ids=args.ids)
# Grab IP's
if "AddressObjectType" in str(object_type):
print " ip: "+str(properties.address_value)
# Add to MISP
misp.add_ipsrc(event, str(properties.address_value), to_ids=args.ids)
# Grab Ports
if "PortObjectType" in str(object_type):
print " port: "+str(properties.port_value)
# Grab Email Info
if "EmailMessageObjectType" in str(object_type):
print " date: "+str(properties.date)
print " from: "+str(properties.from_)
print " sender: "+str(properties.sender)
if properties.from_:
misp.add_email_src(event, str(properties.from_), to_ids=args.ids)
elif properties.sender:
misp.add_email_src(event, str(properties.sender), to_ids=args.ids)
print " to: "+str(properties.to)
if properties.to:
misp.add_email_dst(event, str(properties.to), to_ids=args.ids)
print " subject: "+str(properties.subject)
if properties.subject:
misp.add_email_subject(event, str(properties.subject), to_ids=args.ids)
print " reply_to: "+str(properties.reply_to)
if properties.reply_to:
misp.add_email_src(event, str(properties.reply_to), comment="Reply-To Address", to_ids=args.ids)
print " message_id: "+str(properties.message_id)
print " x_originating_ip: "+str(properties.x_originating_ip)
if properties.x_originating_ip:
misp.add_ipsrc(event, str(properties.x_originating_ip), comment="MAIL X-Origin-IP", to_ids=args.ids)
print " email_server: "+str(properties.email_server)