当前位置: 首页>>代码示例>>Python>>正文


Python PyMISP.add_regkey方法代码示例

本文整理汇总了Python中pymisp.PyMISP.add_regkey方法的典型用法代码示例。如果您正苦于以下问题:Python PyMISP.add_regkey方法的具体用法?Python PyMISP.add_regkey怎么用?Python PyMISP.add_regkey使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在pymisp.PyMISP的用法示例。


在下文中一共展示了PyMISP.add_regkey方法的1个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: mispBuildObject

# 需要导入模块: from pymisp import PyMISP [as 别名]
# 或者: from pymisp.PyMISP import add_regkey [as 别名]

#.........这里部分代码省略.........

            # Add to MISP
            if str(hash.type_)=="MD5":
                # Add the hash by itself
                #misp.add_hashes(event, md5=str(hash))
                misp.add_hashes(event, filename=str(properties.file_name), md5=str(hash), comment=comment, to_ids=args.ids)
                
            elif str(hash.type_)=="SHA1":
                # Add the hash by itself
                #misp.add_hashes(event, sha1=str(hash))
                misp.add_hashes(event, filename=str(properties.file_name), sha1=str(hash), comment=comment, to_ids=args.ids)
                
            elif str(hash.type_)=="SHA256":
                # Add the hash by itself
                #misp.add_hashes(event, sha256=str(hash))
                misp.add_hashes(event, filename=str(properties.file_name), sha256=str(hash), comment=comment, to_ids=args.ids)
                
            elif str(hash.type_)=="SSDEEP":
                # Add the hash by itself
                #misp.add_hashes(event, ssdeep=str(hash))
                misp.add_hashes(event, filename=str(properties.file_name), ssdeep=str(hash), comment=comment, to_ids=args.ids)
                
        
    # Grab important info from Mutex Objects
    if "MutexObjectType" in str(object_type):
        print "        name: "+str(properties.name)
        
        # Add to MISP
        misp.add_mutex(event, str(properties.name), to_ids=args.ids)
        
    # Grab important info from Registry Keys:
    if "WindowsRegistryKeyObjectType" in str(object_type):
        print "        key: "+str(properties.key)
        if properties.values:
            for value in properties.values:
                print "        value.datatype: "+str(value.datatype)
                print "        value.data: "+str(value.data)
                #print "        value: "+str(dir(value))
                
                # Add to MISP
                misp.add_regkey(event, str(properties.key), rvalue=str(value.data), to_ids=args.ids)
        else:
            misp.add_regkey(event, str(properties.key), to_ids=args.ids)
                
    # Grab Domain Names:
    if "DomainNameObjectType" in str(object_type):
        print "        domain: "+str(properties.value)
        
        # Add to MISP
        misp.add_domain(event, str(properties.value), to_ids=args.ids)
        
    # Grab URI's
    if "URIObjectType" in str(object_type):
        print "        uri: "+str(properties.value)
        
        # Add to MISP
        misp.add_url(event, str(properties.value), to_ids=args.ids)

    # Grab IP's
    if "AddressObjectType" in str(object_type):
        print "        ip: "+str(properties.address_value)
        
        # Add to MISP
        misp.add_ipsrc(event, str(properties.address_value), to_ids=args.ids)
        
    # Grab Ports
    if "PortObjectType" in str(object_type):
        print "        port: "+str(properties.port_value)

    # Grab Email Info
    if "EmailMessageObjectType" in str(object_type):
        print "        date: "+str(properties.date)
        print "        from: "+str(properties.from_)
        
        print "        sender: "+str(properties.sender)
        if properties.from_:
            misp.add_email_src(event, str(properties.from_), to_ids=args.ids)
        elif properties.sender:
            misp.add_email_src(event, str(properties.sender), to_ids=args.ids)
        
        print "        to: "+str(properties.to)
        if properties.to:
            misp.add_email_dst(event, str(properties.to), to_ids=args.ids)
        
        print "        subject: "+str(properties.subject)
        if properties.subject:
            misp.add_email_subject(event, str(properties.subject), to_ids=args.ids)
        
        
        print "        reply_to: "+str(properties.reply_to)
        if properties.reply_to:
            misp.add_email_src(event, str(properties.reply_to), comment="Reply-To Address", to_ids=args.ids)
            
        print "        message_id: "+str(properties.message_id)
        
        print "        x_originating_ip: "+str(properties.x_originating_ip)
        if properties.x_originating_ip:
            misp.add_ipsrc(event, str(properties.x_originating_ip), comment="MAIL X-Origin-IP", to_ids=args.ids)
        
        print "        email_server: "+str(properties.email_server)
开发者ID:TheDr1ver,项目名称:STIX2MISP,代码行数:104,代码来源:stix2misp.py


注:本文中的pymisp.PyMISP.add_regkey方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。