本文整理汇总了Python中pymisp.PyMISP.tag方法的典型用法代码示例。如果您正苦于以下问题:Python PyMISP.tag方法的具体用法?Python PyMISP.tag怎么用?Python PyMISP.tag使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类pymisp.PyMISP的用法示例。
在下文中一共展示了PyMISP.tag方法的2个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: test_tag_event
# 需要导入模块: from pymisp import PyMISP [as 别名]
# 或者: from pymisp.PyMISP import tag [as 别名]
def test_tag_event(self, m):
self.initURI(m)
pymisp = PyMISP(self.domain, self.key)
uuid = self.event["Event"]["uuid"]
pymisp.tag(uuid, "foo")
self.assertRaises(pm.PyMISPError, pymisp.tag, "test_uuid", "foo")
self.assertRaises(pm.PyMISPError, pymisp.tag, uuid.replace("a", "z"), "foo")示例2: send_to_misp
# 需要导入模块: from pymisp import PyMISP [as 别名]
# 或者: from pymisp.PyMISP import tag [as 别名]
def send_to_misp(misp_data, misp_configs, user):
debug_log=''
misp_key = misp_configs['MISP API Key']
misp_url = misp_configs['MISP URL']
ssl = False
proxies = ''
distribution = misp_data['misp_distro']
analysis = misp_data['misp_analysis']
threat_level = misp_data['misp_threat']
publish = misp_data['misp_pub']
tags = misp_data['misp_tags']
attributes = misp_data['attribs']
dt = datetime.utcnow()
event_date = dt.strftime('%Y-%m-%d')
'''
TODO:
+ Add other options from configs
(misp_configs['proxies'], misp_configs['ssl'], etc)
+ Get Event Date from CRITs instance, rather than today
'''
from pprint import pformat
# Load the PyMISP functions
misp = PyMISP(misp_url, misp_key, ssl, 'json', proxies=proxies)
# Build the event and tags if applicable
misp_title = misp_data['misp_info']
if misp_title=="None":
# Modify this to build a more-sane Event Info if none was given
for k,v in misp_data['attribs']:
misp_title=k
break
if misp_data['options']['misp_dedup_events']==True:
#Search for the event
event = ''
result = misp.search_index(eventinfo=misp_title)
#debug_log+=pformat(result)
if 'message' in result:
if result['message']=='No matches.':
event = misp.new_event(distribution, threat_level, analysis,
misp_title, date=event_date, published=publish)
else:
for evt in result['response']:
# If the event exists, set 'event' to the event
if evt['info']==misp_title:
event = {}
event['Event'] = evt
break
if event=='':
# Event not found, even though search results were returned
# Build new event
event = misp.new_event(distribution, threat_level, analysis,
misp_title, date=event_date, published=publish)
else:
event = misp.new_event(distribution, threat_level, analysis,
misp_title, date=event_date, published=publish)
misp_data['event']=event['Event']['id']
if tags!=[]:
for tag in tags:
misp.tag(event['Event']['uuid'], str(tag.strip()))
for k, v in attributes.iteritems():
if v['misp-submit']==True:
ind_kwargs = {}
attr = misp.add_named_attribute(event, v['misp-type'], v['ioc'],
category=v['misp-cat'], to_ids=v['misp-toids'],
**ind_kwargs)
#misp_data['debug']=attr
if 'response' in attr:
attrib_uuid = attr['response']['Attribute']['uuid']
elif 'message' in attr:
kwargs = {'uuid': str(event['Event']['uuid'])}
result = misp.search(controller='events', **kwargs)
for evt in result['response']:
if evt['Event']['info']==event['Event']['info']:
event=evt
break
single_attribute = (item for item in event['Event']['Attribute'] if item['value']==v['ioc']
and item['category']==v['misp-cat'] and item['type']==v['misp-type']).next()
attrib_uuid = single_attribute['uuid']
else:
v['tag']=''
#misp_data['debug']=attr
if v['tag']!='':
for t in v['tag']:
t=t.strip()
misp.tag(attrib_uuid, t)
return{
'misp_data': misp_data,
#'misp_configs': misp_configs,
#'user': user,
#'debug': debug_log,
#.........这里部分代码省略.........