本文整理汇总了Python中pymisp.PyMISP.search_index方法的典型用法代码示例。如果您正苦于以下问题:Python PyMISP.search_index方法的具体用法?Python PyMISP.search_index怎么用?Python PyMISP.search_index使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类pymisp.PyMISP的用法示例。
在下文中一共展示了PyMISP.search_index方法的4个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: test_searchIndexByTagName
# 需要导入模块: from pymisp import PyMISP [as 别名]
# 或者: from pymisp.PyMISP import search_index [as 别名]
def test_searchIndexByTagName(self, m):
self.initURI(m)
pymisp = PyMISP(self.domain, self.key)
response = pymisp.search_index(tag='ecsirt:malicious-code="ransomware"')
self.assertEqual(response["response"], self.search_index_result)示例2: PyMISP
# 需要导入模块: from pymisp import PyMISP [as 别名]
# 或者: from pymisp.PyMISP import search_index [as 别名]
parser.add_argument("-f", "--failures", help="Amount of failures that lead to the ban.")
parser.add_argument("-s", "--sensor", help="Sensor identifier.")
parser.add_argument("-v", "--victim", help="Victim identifier.")
parser.add_argument("-l", "--logline", help="Logline (base64 encoded).")
parser.add_argument("-F", "--logfile", help="Path to a logfile to attach.")
parser.add_argument("-n", "--force_new", action='store_true', default=False, help="Force new MISP event.")
parser.add_argument("-d", "--disable_new", action='store_true', default=False, help="Do not create a new Event.")
args = parser.parse_args()
pymisp = PyMISP(misp_url, misp_key, misp_verifycert, debug=True)
event_id = -1
me = None
if args.force_new:
me = create_new_event()
else:
response = pymisp.search_index(tag=args.tag, timestamp='1h')
if response['response']:
if args.disable_new:
event_id = response['response'][0]['id']
else:
last_event_date = parse(response['response'][0]['date']).date()
nb_attr = response['response'][0]['attribute_count']
if last_event_date < date.today() or int(nb_attr) > 1000:
me = create_new_event()
else:
event_id = response['response'][0]['id']
else:
me = create_new_event()
parameters = {'banned-ip': args.banned_ip, 'attack-type': args.attack_type}
if args.processing_timestamp:示例3: test_searchIndexByTagId
# 需要导入模块: from pymisp import PyMISP [as 别名]
# 或者: from pymisp.PyMISP import search_index [as 别名]
def test_searchIndexByTagId(self, m):
self.initURI(m)
pymisp = PyMISP(self.domain, self.key)
response = pymisp.search_index(tag="1")
self.assertEqual(response["response"], self.search_index_result)示例4: send_to_misp
# 需要导入模块: from pymisp import PyMISP [as 别名]
# 或者: from pymisp.PyMISP import search_index [as 别名]
def send_to_misp(misp_data, misp_configs, user):
debug_log=''
misp_key = misp_configs['MISP API Key']
misp_url = misp_configs['MISP URL']
ssl = False
proxies = ''
distribution = misp_data['misp_distro']
analysis = misp_data['misp_analysis']
threat_level = misp_data['misp_threat']
publish = misp_data['misp_pub']
tags = misp_data['misp_tags']
attributes = misp_data['attribs']
dt = datetime.utcnow()
event_date = dt.strftime('%Y-%m-%d')
'''
TODO:
+ Add other options from configs
(misp_configs['proxies'], misp_configs['ssl'], etc)
+ Get Event Date from CRITs instance, rather than today
'''
from pprint import pformat
# Load the PyMISP functions
misp = PyMISP(misp_url, misp_key, ssl, 'json', proxies=proxies)
# Build the event and tags if applicable
misp_title = misp_data['misp_info']
if misp_title=="None":
# Modify this to build a more-sane Event Info if none was given
for k,v in misp_data['attribs']:
misp_title=k
break
if misp_data['options']['misp_dedup_events']==True:
#Search for the event
event = ''
result = misp.search_index(eventinfo=misp_title)
#debug_log+=pformat(result)
if 'message' in result:
if result['message']=='No matches.':
event = misp.new_event(distribution, threat_level, analysis,
misp_title, date=event_date, published=publish)
else:
for evt in result['response']:
# If the event exists, set 'event' to the event
if evt['info']==misp_title:
event = {}
event['Event'] = evt
break
if event=='':
# Event not found, even though search results were returned
# Build new event
event = misp.new_event(distribution, threat_level, analysis,
misp_title, date=event_date, published=publish)
else:
event = misp.new_event(distribution, threat_level, analysis,
misp_title, date=event_date, published=publish)
misp_data['event']=event['Event']['id']
if tags!=[]:
for tag in tags:
misp.tag(event['Event']['uuid'], str(tag.strip()))
for k, v in attributes.iteritems():
if v['misp-submit']==True:
ind_kwargs = {}
attr = misp.add_named_attribute(event, v['misp-type'], v['ioc'],
category=v['misp-cat'], to_ids=v['misp-toids'],
**ind_kwargs)
#misp_data['debug']=attr
if 'response' in attr:
attrib_uuid = attr['response']['Attribute']['uuid']
elif 'message' in attr:
kwargs = {'uuid': str(event['Event']['uuid'])}
result = misp.search(controller='events', **kwargs)
for evt in result['response']:
if evt['Event']['info']==event['Event']['info']:
event=evt
break
single_attribute = (item for item in event['Event']['Attribute'] if item['value']==v['ioc']
and item['category']==v['misp-cat'] and item['type']==v['misp-type']).next()
attrib_uuid = single_attribute['uuid']
else:
v['tag']=''
#misp_data['debug']=attr
if v['tag']!='':
for t in v['tag']:
t=t.strip()
misp.tag(attrib_uuid, t)
return{
'misp_data': misp_data,
#'misp_configs': misp_configs,
#'user': user,
#'debug': debug_log,
#.........这里部分代码省略.........