本文整理汇总了Python中pymisp.PyMISP方法的典型用法代码示例。如果您正苦于以下问题:Python pymisp.PyMISP方法的具体用法?Python pymisp.PyMISP怎么用?Python pymisp.PyMISP使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类pymisp的用法示例。
在下文中一共展示了pymisp.PyMISP方法的9个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: create_misp_event
# 需要导入模块: import pymisp [as 别名]
# 或者: from pymisp import PyMISP [as 别名]
def create_misp_event(event, distribution=0, threat_level_id=4, publish=False, analysis=0, event_info=None):
if event_info:
event.info = event_info
event.distribution = sanitize_event_distribution(distribution)
event.threat_level_id = sanitize_event_threat_level_id(threat_level_id)
event.analysis = sanitize_event_analysis(analysis)
if publish:
event.publish()
# # TODO: handle multiple MISP instance
misp = PyMISP(misp_url, misp_key, misp_verifycert)
#print(event.to_json())
misp_event = misp.add_event(event)
#print(misp_event)
# # TODO: handle error
event_metadata = extract_event_metadata(misp_event)
return event_metadata 示例2: submit_to_misp
# 需要导入模块: import pymisp [as 别名]
# 或者: from pymisp import PyMISP [as 别名]
def submit_to_misp(hash_dict, tweet, tweet_url):
misp = PyMISP(misp_url, misp_key, True, 'json')
event_name = 'New tweet from ' + status.author.screen_name
comment = tweet + '\t' + tweet_url
for malware_hash in hash_dict:
if event == 0:
event = misp.new_event(0, 4, 0, event_name)
eventid = event['Event']['id']
hash_type = hash_dict[malware_hash]
if hash_type == 'sha256':
misp.add_hashes(event, sha256=malware_hash, comment=comment)
elif hash_type == 'sha1':
misp.add_hashes(event, sha1=malware_hash, comment=comment)
elif hash_type == 'md5':
misp.add_hashes(event, md5=malware_hash, comment=comment) 示例3: selftest_function
# 需要导入模块: import pymisp [as 别名]
# 或者: from pymisp import PyMISP [as 别名]
def selftest_function(opts):
"""
Placeholder for selftest function. An example use would be to test package api connectivity.
Suggested return values are be unimplemented, success, or failure.
"""
options = opts.get("fn_misp", {})
verify_cert = True if options.get("verify_cert", "true").lower() == "true" else False
try:
misp_client = PyMISP(options.get("misp_url"), options.get("misp_key"), verify_cert, 'json')
result = misp_client.search_all(None)
return {"state": "success"}
except Exception as err:
print (err)
return {"state": "failed",
"reason": str(err)
} 示例4: ping_misp
# 需要导入模块: import pymisp [as 别名]
# 或者: from pymisp import PyMISP [as 别名]
def ping_misp():
try:
PyMISP(misp_url, misp_key, misp_verifycert)
return True
except Exception as e:
print(e)
return False 示例5: _misp_create_sighting_function
# 需要导入模块: import pymisp [as 别名]
# 或者: from pymisp import PyMISP [as 别名]
def _misp_create_sighting_function(self, event, *args, **kwargs):
"""Function: """
try:
def get_config_option(option_name, optional=False):
"""Given option_name, checks if it is in app.config. Raises ValueError if a mandatory option is missing"""
option = self.options.get(option_name)
if option is None and optional is False:
err = "'{0}' is mandatory and is not set in ~/.resilient/app.config file. You must set this value to run this function".format(option_name)
raise ValueError(err)
else:
return option
API_KEY = get_config_option("misp_key")
URL = get_config_option("misp_url")
VERIFY_CERT = True if get_config_option("verify_cert").lower() == "true" else False
# Get the function parameters:
misp_sighting = kwargs.get("misp_sighting") # text
log = logging.getLogger(__name__)
log.info("misp_sighting: %s", misp_sighting)
misp_client = PyMISP(URL, API_KEY, VERIFY_CERT, 'json')
sighting_json = {
"values":["{}".format(misp_sighting)],
"timestamp": int(time.time())
}
result = misp_client.set_sightings(sighting_json)
results = { "success": True,
"content": result }
# Produce a FunctionResult with the results
yield FunctionResult(results)
except Exception:
yield FunctionError() 示例6: _misp_search_attribute_function
# 需要导入模块: import pymisp [as 别名]
# 或者: from pymisp import PyMISP [as 别名]
def _misp_search_attribute_function(self, event, *args, **kwargs):
"""Function: Search to see if an attribute exists for a given artifact value"""
try:
def get_config_option(option_name, optional=False):
"""Given option_name, checks if it is in app.config. Raises ValueError if a mandatory option is missing"""
option = self.options.get(option_name)
if option is None and optional is False:
err = "'{0}' is mandatory and is not set in ~/.resilient/app.config file. You must set this value to run this function".format(option_name)
raise ValueError(err)
else:
return option
API_KEY = get_config_option("misp_key")
URL = get_config_option("misp_url")
VERIFY_CERT = True if get_config_option("verify_cert").lower() == "true" else False
# Get the function parameters:
search_attribute = kwargs.get("misp_attribute_value") # text
log = logging.getLogger(__name__)
log.info("search_attribute: %s", search_attribute)
misp_client = PyMISP(URL, API_KEY, VERIFY_CERT, 'json')
result = misp_client.search('attributes', values=search_attribute)
results = { "success": True,
"content": result }
# Produce a FunctionResult with the results
yield FunctionResult(results)
except Exception:
yield FunctionError() 示例7: _misp_sighting_list_function
# 需要导入模块: import pymisp [as 别名]
# 或者: from pymisp import PyMISP [as 别名]
def _misp_sighting_list_function(self, event, *args, **kwargs):
"""Function: Return a list of sightings associated with a given event"""
try:
def get_config_option(option_name, optional=False):
"""Given option_name, checks if it is in app.config. Raises ValueError if a mandatory option is missing"""
option = self.options.get(option_name)
if option is None and optional is False:
err = "'{0}' is mandatory and is not set in ~/.resilient/app.config file. You must set this value to run this function".format(option_name)
raise ValueError(err)
else:
return option
API_KEY = get_config_option("misp_key")
URL = get_config_option("misp_url")
VERIFY_CERT = True if get_config_option("verify_cert").lower() == "true" else False
# Get the function parameters:
event_id = int(kwargs.get("misp_event_id")) # text
log = logging.getLogger(__name__)
log.info("event_id: %s", event_id)
misp_client = PyMISP(URL, API_KEY, VERIFY_CERT, 'json')
result = misp_client.sighting_list(event_id, 'event')
results = { "success": True,
"content": result }
# Produce a FunctionResult with the results
yield FunctionResult(results)
except Exception:
yield FunctionError() 示例8: run
# 需要导入模块: import pymisp [as 别名]
# 或者: from pymisp import PyMISP [as 别名]
def run(self):
super(MISP, self).run()
if self.args is None:
return
if not HAVE_PYMISP:
self.log('error', "Missing dependency, install requests (`pip install pymisp`)")
return
if self.args.url is None:
self.url = MISP_URL
else:
self.url = self.args.url
if self.args.key is None:
self.key = MISP_KEY
else:
self.key = self.args.key
if self.url is None:
self.log('error', "This command requires the URL of the MISP instance you want to query.")
return
if self.key is None:
self.log('error', "This command requires a MISP private API key.")
return
self.misp = PyMISP(self.url, self.key, True, 'json')
if self.args.subname == 'upload':
self.upload()
elif self.args.subname == 'search':
self.searchall()
elif self.args.subname == 'download':
self.download()
elif self.args.subname == 'check_hashes':
self.check_hashes()
elif self.args.subname == 'yara':
self.yara()
elif self.args.subname == 'get_event':
self.get_event()
elif self.args.subname == 'create_event':
self.create_event()
elif self.args.subname == 'add':
self.add()
elif self.args.subname == 'show':
self.show() 示例9: _misp_create_event_function
# 需要导入模块: import pymisp [as 别名]
# 或者: from pymisp import PyMISP [as 别名]
def _misp_create_event_function(self, event, *args, **kwargs):
"""Function: create a MISP event from an incident """
try:
def get_config_option(option_name, optional=False):
"""Given option_name, checks if it is in app.config. Raises ValueError if a mandatory option is missing"""
option = self.options.get(option_name)
if option is None and optional is False:
err = "'{0}' is mandatory and is not set in ~/.resilient/app.config file. You must set this value to run this function".format(option_name)
raise ValueError(err)
else:
return option
API_KEY = get_config_option("misp_key")
URL = get_config_option("misp_url")
VERIFY_CERT = True if get_config_option("verify_cert").lower() == "true" else False
# Get the function parameters:
misp_event_name = kwargs.get("misp_event_name") # text
misp_distribution = kwargs.get("misp_distribution") # number
misp_analysis_level = kwargs.get("misp_analysis_level") # number
misp_threat_level = kwargs.get("misp_threat_level") # number
log = logging.getLogger(__name__)
log.info("misp_event_name: %s", misp_event_name)
log.info("misp_distribution: %s", misp_distribution)
log.info("misp_analysis_level: %s", misp_analysis_level)
log.info("misp_threat_level: %s", misp_threat_level)
yield StatusMessage("Setting up connection to MISP")
misp_client = PyMISP(URL, API_KEY, VERIFY_CERT, 'json')
eventJson = {"Event": {"info": misp_event_name,
"analysis": misp_analysis_level,
"distribution": misp_distribution,
"threat_level_id": misp_threat_level}}
event = misp_client.add_event(eventJson)
log.info(event)
yield StatusMessage("Event has been created")
results = {
"success": True,
"content": event
}
# Produce a FunctionResult with the results
yield FunctionResult(results)
except Exception:
yield FunctionError()