本文整理汇总了Python中pymisp.PyMISP.search方法的典型用法代码示例。如果您正苦于以下问题:Python PyMISP.search方法的具体用法?Python PyMISP.search怎么用?Python PyMISP.search使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类pymisp.PyMISP的用法示例。
在下文中一共展示了PyMISP.search方法的7个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: MISPCollectorBot
# 需要导入模块: from pymisp import PyMISP [as 别名]
# 或者: from pymisp.PyMISP import search [as 别名]
class MISPCollectorBot(CollectorBot):
def init(self):
if PyMISP is None:
self.logger.error('Could not import pymisp. Please install it.')
self.stop()
# Initialise MISP connection
self.misp = PyMISP(self.parameters.misp_url,
self.parameters.misp_key,
self.parameters.misp_verify)
# URLs used for deleting and adding MISP event tags
self.misp_add_tag_url = urljoin(self.parameters.misp_url,
'events/addTag')
self.misp_del_tag_url = urljoin(self.parameters.misp_url,
'events/removeTag')
def process(self):
# Grab the events from MISP
misp_result = self.misp.search(
tags=self.parameters.misp_tag_to_process
)
# Process the response and events
if 'response' in misp_result:
# Extract the MISP event details
for e in misp_result['response']:
misp_event = e['Event']
# Send the results to the parser
report = self.new_report()
report.add('raw', json.dumps(misp_event, sort_keys=True))
report.add('feed.url', self.parameters.misp_url)
self.send_message(report)
# Finally, update the tags on the MISP events.
# Note PyMISP does not currently support this so we use
# the API URLs directly with the requests module.
for misp_event in misp_result['response']:
# Remove the 'to be processed' tag
self.misp.remove_tag(misp_event,
self.parameters.misp_tag_to_process)
# Add a 'processed' tag to the event
self.misp.add_tag(misp_event,
self.parameters.misp_tag_processed)示例2: PyMISP
# 需要导入模块: from pymisp import PyMISP [as 别名]
# 或者: from pymisp.PyMISP import search [as 别名]
import date_tools
import bokeh_tools
import time
if __name__ == '__main__':
parser = argparse.ArgumentParser(description='Show the evolution of trend of tags.')
parser.add_argument("-d", "--days", type=int, required=True, help='')
parser.add_argument("-s", "--begindate", required=True, help='format yyyy-mm-dd')
parser.add_argument("-e", "--enddate", required=True, help='format yyyy-mm-dd')
args = parser.parse_args()
misp = PyMISP(misp_url, misp_key, misp_verifycert)
result = misp.search(date_from=args.begindate, date_to=args.enddate, metadata=False)
# Getting data
if 'response' in result:
events = tools.eventsListBuildFromArray(result)
NbTags = []
dates = []
enddate = date_tools.toDatetime(args.enddate)
begindate = date_tools.toDatetime(args.begindate)
for i in range(round(date_tools.days_between(enddate, begindate)/args.days)):
begindate = date_tools.getNDaysBefore(enddate, args.days)
eventstemp = tools.selectInRange(events, begindate, enddate)
if eventstemp is not None:
for event in eventstemp.iterrows():示例3: MISPCollectorBot
# 需要导入模块: from pymisp import PyMISP [as 别名]
# 或者: from pymisp.PyMISP import search [as 别名]
class MISPCollectorBot(Bot):
def init(self):
# Initialise MISP connection
self.misp = PyMISP(self.parameters.misp_url,
self.parameters.misp_key, 'json')
# URLs used for deleting and adding MISP event tags
self.misp_add_tag_url = urljoin(self.parameters.misp_url,
'events/addTag')
self.misp_del_tag_url = urljoin(self.parameters.misp_url,
'events/removeTag')
def process(self):
# Grab the events from MISP
misp_result = self.misp.search(
tags=self.parameters.misp_tag_to_process
)
# Process the response and events
if 'response' in misp_result:
# Extract the MISP event details
misp_events = list()
for result in misp_result['response']:
misp_events.append(result['Event'])
# Send the results to the parser
report = Report()
report.add('raw', json.dumps(misp_events, sort_keys=True))
report.add('feed.name', self.parameters.feed)
report.add('feed.url', self.parameters.misp_url)
report.add('feed.accuracy', self.parameters.accuracy)
self.send_message(report)
# Finally, update the tags on the MISP events.
# Note PyMISP does not currently support this so we use
# the API URLs directly with the requests module.
session = requests.Session()
session.headers.update({
'Authorization': self.misp.key,
'Accept': 'application/json',
'Content-Type': 'application/json',
})
post_data = {
'request': {
'Event': {
'tag': None,
'id': None,
}}}
for misp_event in misp_events:
post_data['request']['Event']['id'] = misp_event['id']
# Remove the 'to be processed' tag
tag = self.parameters.misp_tag_to_process
post_data['request']['Event']['tag'] = tag
session.post(self.misp_del_tag_url, data=json.dumps(post_data))
# Add a 'processed' tag to the event
tag = self.parameters.misp_tag_processed
post_data['request']['Event']['tag'] = tag
session.post(self.misp_add_tag_url, data=json.dumps(post_data))示例4: PyMISP
# 需要导入模块: from pymisp import PyMISP [as 别名]
# 或者: from pymisp.PyMISP import search [as 别名]
('“', '"'),
('″', '"'),
('`', "'"),
('\r', '')
# ('$ ', '$'), # this breaks rules
# ('\t\t', '\n'), # this breaks rules
)
for substitution in substitutions:
if substitution[0] in value:
changed = True
value = value.replace(substitution[0], substitution[1])
return value, changed
misp = PyMISP(keys.misp_url, keys.misp_key, keys.misp_verify, 'json')
result = misp.search(controller='attributes', type_attribute='yara')
attr_cnt = 0
attr_cnt_invalid = 0
attr_cnt_duplicate = 0
attr_cnt_changed = 0
yara_rules = []
yara_rule_names = []
if 'response' in result and 'Attribute' in result['response']:
for attribute in result['response']['Attribute']:
value = attribute['value']
event_id = attribute['event_id']
attribute_id = attribute['id']
value = re.sub('^[ \t]*rule ', 'rule misp_e{}_'.format(event_id), value, flags=re.MULTILINE)
value, changed = dirty_cleanup(value)示例5: attributes
# 需要导入模块: from pymisp import PyMISP [as 别名]
# 或者: from pymisp.PyMISP import search [as 别名]
import json
from pymisp import PyMISP
argParser = argparse.ArgumentParser(description='misp-search - search MISP from command line')
argParser.add_argument('-a', action='store_true', help='Add an event based on file attributes (default: False)', default=False)
argParser.add_argument('-u', type=str, help='URL of the MISP instance', required=True)
argParser.add_argument('-k', type=str, help='MISP API key', required=True)
argParser.add_argument('-c', type=str, help='MISP SSL certificate file', required=True)
argParser.add_argument('-o', type=str, help='Output format: json (default) or event_id', default='json')
argParser.add_argument('-q', type=str, action='append', help='One or more value(s) to query', required=True)
argParser.add_argument('-d', action='store_true', help='Debug mode', default=False)
args = argParser.parse_args()
misp = PyMISP(args.u , args.k, args.c, "json")
for q in args.q:
r = misp.search(q)
if r.status_code == 200:
if args.o == "event_id":
response = json.loads(r.text)
for event in response['response']['Event']:
print "%s,%s" % (event['id'],q)
else:
print r.text
else:
if args.d:
print "Query %s -> HTTP error code %d " % (q,r.status_code)
示例6: range
# 需要导入模块: from pymisp import PyMISP [as 别名]
# 或者: from pymisp.PyMISP import search [as 别名]
elif args.period == "m":
if args.accuracy == "d":
split = 28
size = 1
else:
split = 4
size = 7
last = '28d'
title = 'Tags repartition over the last 28 days'
else:
split = 7
size = 1
last = '7d'
title = 'Tags repartition over the last 7 days'
result = misp.search(last=last, metadata=True)
if 'response' in result:
events = tools.eventsListBuildFromArray(result)
result = []
dates = []
enddate = tools.getToday()
colourDict = {}
faketag = False
for i in range(split):
begindate = tools.getNDaysBefore(enddate, size)
dates.append(str(enddate.date()))
eventstemp = tools.selectInRange(events, begin=begindate, end=enddate)
if eventstemp is not None:
tags = tools.tagsListBuild(eventstemp)
if tags is not None:示例7: send_to_misp
# 需要导入模块: from pymisp import PyMISP [as 别名]
# 或者: from pymisp.PyMISP import search [as 别名]
def send_to_misp(misp_data, misp_configs, user):
debug_log=''
misp_key = misp_configs['MISP API Key']
misp_url = misp_configs['MISP URL']
ssl = False
proxies = ''
distribution = misp_data['misp_distro']
analysis = misp_data['misp_analysis']
threat_level = misp_data['misp_threat']
publish = misp_data['misp_pub']
tags = misp_data['misp_tags']
attributes = misp_data['attribs']
dt = datetime.utcnow()
event_date = dt.strftime('%Y-%m-%d')
'''
TODO:
+ Add other options from configs
(misp_configs['proxies'], misp_configs['ssl'], etc)
+ Get Event Date from CRITs instance, rather than today
'''
from pprint import pformat
# Load the PyMISP functions
misp = PyMISP(misp_url, misp_key, ssl, 'json', proxies=proxies)
# Build the event and tags if applicable
misp_title = misp_data['misp_info']
if misp_title=="None":
# Modify this to build a more-sane Event Info if none was given
for k,v in misp_data['attribs']:
misp_title=k
break
if misp_data['options']['misp_dedup_events']==True:
#Search for the event
event = ''
result = misp.search_index(eventinfo=misp_title)
#debug_log+=pformat(result)
if 'message' in result:
if result['message']=='No matches.':
event = misp.new_event(distribution, threat_level, analysis,
misp_title, date=event_date, published=publish)
else:
for evt in result['response']:
# If the event exists, set 'event' to the event
if evt['info']==misp_title:
event = {}
event['Event'] = evt
break
if event=='':
# Event not found, even though search results were returned
# Build new event
event = misp.new_event(distribution, threat_level, analysis,
misp_title, date=event_date, published=publish)
else:
event = misp.new_event(distribution, threat_level, analysis,
misp_title, date=event_date, published=publish)
misp_data['event']=event['Event']['id']
if tags!=[]:
for tag in tags:
misp.tag(event['Event']['uuid'], str(tag.strip()))
for k, v in attributes.iteritems():
if v['misp-submit']==True:
ind_kwargs = {}
attr = misp.add_named_attribute(event, v['misp-type'], v['ioc'],
category=v['misp-cat'], to_ids=v['misp-toids'],
**ind_kwargs)
#misp_data['debug']=attr
if 'response' in attr:
attrib_uuid = attr['response']['Attribute']['uuid']
elif 'message' in attr:
kwargs = {'uuid': str(event['Event']['uuid'])}
result = misp.search(controller='events', **kwargs)
for evt in result['response']:
if evt['Event']['info']==event['Event']['info']:
event=evt
break
single_attribute = (item for item in event['Event']['Attribute'] if item['value']==v['ioc']
and item['category']==v['misp-cat'] and item['type']==v['misp-type']).next()
attrib_uuid = single_attribute['uuid']
else:
v['tag']=''
#misp_data['debug']=attr
if v['tag']!='':
for t in v['tag']:
t=t.strip()
misp.tag(attrib_uuid, t)
return{
'misp_data': misp_data,
#'misp_configs': misp_configs,
#'user': user,
#'debug': debug_log,
#.........这里部分代码省略.........