本文整理汇总了Python中pymisp.PyMISP.download_last方法的典型用法代码示例。如果您正苦于以下问题:Python PyMISP.download_last方法的具体用法?Python PyMISP.download_last怎么用?Python PyMISP.download_last使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类pymisp.PyMISP的用法示例。
在下文中一共展示了PyMISP.download_last方法的6个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: getMISPData
# 需要导入模块: from pymisp import PyMISP [as 别名]
# 或者: from pymisp.PyMISP import download_last [as 别名]
def getMISPData(self, since=None):
# Connect to your MISP API
misp = PyMISP(self.url, self.key, True, 'json')
since = since if since else "5d"
if since.lower() == "all": since = ""
misp_last = misp.download_last(since)
# Verify output
if 'message' in misp_last.keys():
if misp_last['message'].lower().startswith('no matches'):
return [] # No output
elif misp_last['message'].startswith('Authentication failed.'):
raise Exception("[-] MISP Authentication failed")
if not 'response' in misp_last:
raise Exception("[-] Error occured while fetching MISP data")
return misp_last['response']示例2: onDatabaseUpdate
# 需要导入模块: from pymisp import PyMISP [as 别名]
# 或者: from pymisp.PyMISP import download_last [as 别名]
def onDatabaseUpdate(self):
lastUpdate = db.p_readSetting(self.collectionName, "last_update")
now = datetime.utcnow().replace(tzinfo = pytz.utc)
if lastUpdate:
last = dateutil.parser.parse(lastUpdate)
delta = now - last
since = "%sm"%math.ceil(delta.total_seconds()/60)
else:
since = ""
if self.url and self.key:
try:
# Misp interface
misp = PyMISP(self.url, self.key, True, 'json')
except:
return "[-] Failed to connect to MISP. Wrong URL?"
try:
# Fetch data
misp_last = misp.download_last(since)
# Check data
if 'message' in misp_last.keys():
if misp_last['message'].lower().startswith('no matches'): return "[+] MISP collection updated (0 updates)"
elif misp_last['message'].startswith('Authentication failed.'): return "[-] MISP Authentication failed"
if not 'response' in misp_last: print(misp_last); return "[-] Error occured while fetching MISP data"
# Nothing wrong so far, so let's continue
bulk =[]
for entry in progressbar(misp_last['response']):
# Get info
attrs=entry['Event']['Attribute']
CVEs= [x['value'] for x in attrs if x['type'] == 'vulnerability']
if len(CVEs) == 0: continue
threats= [x['value'] for x in attrs if x['category'] == 'Attribution' and x['type'] == 'threat-actor']
tags = [x['value'] for x in attrs if x['category'] == 'Other' and x['type'] == 'text']
tags.extend([x['value'] for x in attrs if x['category'] == 'External analysis' and x['type'] == 'text'])
# Add info to each CVE
for cve in CVEs:
item={'id':cve}
if len(threats) !=0: item['threats'] = threats
if len(tags) !=0: item['tags'] = tags
if len(item.keys())>1: bulk.append(item) # Avoid empty collections
db.p_bulkUpdate(self.collectionName, "id", bulk)
#update database info after successful program-run
db.p_writeSetting(self.collectionName, "last_update", now.strftime("%a, %d %h %Y %H:%M:%S %Z"))
return "[+] MISP collection updated (%s updates)"%len(bulk)
except Exception as e: print(e);print(e);return "[-] Something went wrong..."
else: return "[-] MISP credentials not specified"示例3: MISPReceiver
# 需要导入模块: from pymisp import PyMISP [as 别名]
# 或者: from pymisp.PyMISP import download_last [as 别名]
class MISPReceiver():
hash_iocs = {}
filename_iocs = {}
c2_iocs = {}
yara_rules = {}
debugon = False
# Output
siem_mode = False
separator = ";"
use_headers = False
use_filename_regex = True
def __init__(self, misp_key, misp_url, misp_verify_cert, siem_mode=False, debugon=False):
self.misp = PyMISP(misp_url, misp_key, misp_verify_cert, 'json')
self.debugon = debugon
if siem_mode:
self.siem_mode = True
self.separator = ","
self.use_headers = True
self.use_filename_regex = False
def get_iocs_last(self, last):
# Retrieve events from MISP
result = self.misp.download_last(last)
self.events = result['response']
# Process each element (without related eevents)
for event_element in self.events:
event = event_element["Event"]
# Info for Comment
info = event['info']
uuid = event['uuid']
comment = "{0} - UUID: {1}".format(info.encode('unicode_escape'), uuid)
# Event data
for attribute in event['Attribute']:
# Skip iocs that are not meant for ioc detection
if attribute['to_ids'] == False:
continue
# Value
value = attribute['value']
# Non split type
if '|' not in attribute['type']:
self.add_ioc(attribute['type'], value, comment, uuid, info)
# Split type
else:
# Prepare values
type1, type2 = attribute['type'].split('|')
value1, value2 = value.split('|')
# self.add_ioc(type1, value1, comment)
self.add_ioc(type2, value2, comment, uuid, info)
def add_ioc(self, ioc_type, value, comment, uuid, info):
# Cleanup value
value = value.encode('unicode_escape')
# Debug
if self.debugon:
print "{0} = {1}".format(ioc_type, value)
# C2s
if ioc_type in ('hostname', 'ip-dst', 'domain'):
if value == '127.0.0.1':
return
self.c2_iocs[value] = comment
# Hash
if ioc_type in ('md5', 'sha1', 'sha256'):
# No empty files
if value == 'd41d8cd98f00b204e9800998ecf8427e' or \
value == 'da39a3ee5e6b4b0d3255bfef95601890afd80709' or \
value == 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855':
return
self.hash_iocs[value] = comment
# Filenames
if ioc_type in ('filename', 'filepath'):
# Add prefix to filenames
if not re.search(r'^([a-zA-Z]:|%)', value):
if not self.siem_mode:
value = "\\\\{0}".format(value)
if self.use_filename_regex:
self.filename_iocs[my_escape(value)] = comment
else:
self.filename_iocs[value.decode('string_escape')] = comment
# Yara
if ioc_type in ('yara'):
self.add_yara_rule(value, uuid, info)
def add_yara_rule(self, yara_rule, uuid, info):
identifier = generate_identifier(info)
self.yara_rules[identifier] = ur'%s' % repair_yara_rule(yara_rule.decode('string_escape'), uuid)
def write_iocs(self, output_path, output_path_yara):
# Write C2 IOCs
self.write_file(os.path.join(output_path, "misp-c2-iocs.txt"), self.c2_iocs, "c2")
#.........这里部分代码省略.........
示例4: events
# 需要导入模块: from pymisp import PyMISP [as 别名]
# 或者: from pymisp.PyMISP import download_last [as 别名]
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from pymisp import PyMISP
from keys import misp_url, misp_key, misp_verifycert
import argparse
import tools
if __name__ == '__main__':
parser = argparse.ArgumentParser(description='Take a sample of events (based on last.py of searchall.py) and create a treemap epresenting the distribution of attributes in this sample.')
parser.add_argument("-f", "--function", required=True, help='The parameter can be either set to "last" or "searchall". If the parameter is not valid, "last" will be the default setting.')
parser.add_argument("-a", "--argument", required=True, help='if function is "last", time can be defined in days, hours, minutes (for example 5d or 12h or 30m). Otherwise, this argument is the string to search')
args = parser.parse_args()
misp = PyMISP(misp_url, misp_key, misp_verifycert, 'json')
if args.function == "searchall":
result = misp.search_all(args.argument)
else:
result = misp.download_last(args.argument)
events = tools.eventsListBuildFromArray(result)
attributes = tools.attributesListBuild(events)
temp = tools.getNbAttributePerEventCategoryType(attributes)
temp = temp.groupby(level=['category', 'type']).sum()
tools.createTreemap(temp, 'Attributes Distribution', 'attribute_treemap.svg', 'attribute_table.html')
示例5: range
# 需要导入模块: from pymisp import PyMISP [as 别名]
# 或者: from pymisp.PyMISP import download_last [as 别名]
elif args.period == "m":
if args.accuracy == "d":
split = 28
size = 1
else:
split = 4
size = 7
last = '28d'
title = 'Tags repartition over the last 28 days'
else:
split = 7
size = 1
last = '7d'
title = 'Tags repartition over the last 7 days'
result = misp.download_last(last)
events = tools.eventsListBuildFromArray(result)
result = []
dates = []
enddate = tools.getToday()
colourDict = {}
faketag = False
for i in range(split):
begindate = tools.getNDaysBefore(enddate, size)
dates.append(str(enddate.date()))
eventstemp = tools.selectInRange(events, begin=begindate, end=enddate)
if eventstemp is not None:
tags = tools.tagsListBuild(eventstemp)
if tags is not None:
tools.createDictTagsColour(colourDict, tags)示例6: print
# 需要导入模块: from pymisp import PyMISP [as 别名]
# 或者: from pymisp.PyMISP import download_last [as 别名]
since = "%sm"%math.ceil(delta.total_seconds()/60)
else: since=""
# Misp interface
misp_url, misp_key = conf.getMISPCredentials()
if not misp_url:
print("MISP credentials not specified")
sys.exit(1)
try:
misp = PyMISP(misp_url, misp_key, True, 'json')
except:
print("Failed to connect to MISP. Wrong URL?")
sys.exit(1)
# Fetch data
misp_last = misp.download_last(since)
# Check data
if 'message' in misp_last.keys():
if misp_last['message'] == 'No matches':
sys.exit(0)
elif misp_last['message'].startswith('Authentication failed.'):
print("MISP Authentication failed")
sys.exit(1)
if not 'response' in misp_last:
print("Error occured while fetching MISP data")
sys.exit(1)
bulk =[]
for entry in progressbar(misp_last['response']):
# Get info