當前位置: 首頁>>代碼示例>>Python>>正文


Python pymisp.MISPEvent類代碼示例

本文整理匯總了Python中pymisp.MISPEvent的典型用法代碼示例。如果您正苦於以下問題:Python MISPEvent類的具體用法?Python MISPEvent怎麽用?Python MISPEvent使用的例子?那麽, 這裏精選的類代碼示例或許可以為您提供幫助。


在下文中一共展示了MISPEvent類的15個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Python代碼示例。

示例1: create_event

def create_event(self):
    if self.args.threat is not None:
        # Dirty trick to keep consistency in the module: the threat level in the upload
        # API can go from 0 import to 3 but it is 1 to 4 in the event mgmt API.
        # It will be fixed in a near future, in the meantime, we do that:
        self.args.threat += 1

    if not self.args.info:
        self.log('error', 'Info field is required for a new event')
    info = ' '.join(self.args.info)

    # Check if the following arguments have been set (and correctly set). If not, take the config values
    self.args.distrib = self.distribution if self.args.distrib is None else self.args.distrib
    self.args.sharing = self.sharinggroup if self.args.sharing is None else self.args.sharing

    if self.args.sharing and self.args.distrib != 4:
        self.args.sharing = None
        self.log('info', "Sharing group can only be set if distribution is 4. Clearing set value")

    misp_event = MISPEvent()
    misp_event.set_all_values(info=info, distribution=self.args.distrib,
                              sharing_group_id=self.args.sharing, threat_level_id=self.args.threat,
                              analysis=self.args.analysis, date=self.args.date)
    self._search_local_hashes(misp_event)
    if self.offline_mode:
        # New event created locally, no ID
        __sessions__.current.misp_event.current_dump_file = self._dump()
        __sessions__.current.misp_event.offline()
    else:
        misp_event = self.misp.add_event(json.dumps(misp_event, cls=EncodeUpdate))
        if self._has_error_message(misp_event):
            return
        __sessions__.new(misp_event=MispEvent(misp_event, self.offline_mode))
        self._dump()
開發者ID:kevthehermit,項目名稱:viper,代碼行數:34,代碼來源:create_event.py

示例2: load_openioc

def load_openioc(openioc):
    # Takes a opened file, or a string
    if not has_bs4:
        raise Exception('You need to install BeautifulSoup: pip install bs4')
    misp_event = MISPEvent()
    iocreport = BeautifulSoup(openioc, "html.parser")
    # Set event fields
    info = extract_field(iocreport, 'short_description')
    if info:
        misp_event.info = info
    date = extract_field(iocreport, 'authored_date')
    if date:
        misp_event.set_date(date)
    # Set special attributes
    description = extract_field(iocreport, 'description')
    if description:
        if not misp_event.info:
            misp_event.info = description
        else:
            misp_event.add_attribute('comment', description)
    if not misp_event.info:
        misp_event.info = 'OpenIOC import'
    author = extract_field(iocreport, 'authored_by')
    if author:
        misp_event.add_attribute('comment', author)
    misp_event = set_all_attributes(iocreport, misp_event)
    return misp_event
開發者ID:TheDr1ver,項目名稱:PyMISP,代碼行數:27,代碼來源:openioc.py

示例3: create_event

    def create_event(self):
        if self.args.threat is not None:
            # Dirty trick to keep consistency in the module: the threat level in the upload
            # API can go from 0 import to 3 but it is 1 to 4 in the event mgmt API.
            # It will be fixed in a near future, in the meantime, we do that:
            self.args.threat += 1

        if not self.args.info:
            self.log('error', 'Info field is required for a new event')
        info = ' '.join(self.args.info)

        misp_event = MISPEvent()
        misp_event.set_all_values(info=info, distribution=self.args.distrib,
                                  threat_level_id=self.args.threat, analysis=self.args.analysis,
                                  date=self.args.date)
        self._search_local_hashes(misp_event)
        if self.offline_mode:
            # New event created locally, no ID
            __sessions__.current.misp_event.current_dump_file = self._dump()
            __sessions__.current.misp_event.offline()
        else:
            misp_event = self.misp.add_event(json.dumps(misp_event, cls=EncodeUpdate))
            if self._has_error_message(misp_event):
                return
            __sessions__.new(misp_event=MispEvent(misp_event, self.offline_mode))
            self._dump()
開發者ID:cwtaylor,項目名稱:viper,代碼行數:26,代碼來源:misp.py

示例4: test_eventObject

 def test_eventObject(self, m):
     self.initURI(m)
     pymisp = PyMISP(self.domain, self.key)
     misp_event = MISPEvent(pymisp.describe_types)
     misp_event.load(open('tests/57c4445b-c548-4654-af0b-4be3950d210f.json', 'r').read())
     json.dumps(misp_event, cls=EncodeUpdate)
     json.dumps(misp_event, cls=EncodeFull)
開發者ID:FloatingGhost,項目名稱:PyMISP,代碼行數:7,代碼來源:test_offline.py

示例5: _dump

    def _dump(self, event=None):
        event_path = os.path.join(self.cur_path, 'misp_events')
        if not os.path.exists(event_path):
            os.makedirs(event_path)

        if not event:
            to_dump = __sessions__.current.misp_event.event
        elif isinstance(event, MISPEvent):
            to_dump = event
        else:
            to_dump = MISPEvent()
            to_dump.load(event)
        if to_dump.id:
            filename = str(to_dump.id)
        elif (__sessions__.is_attached_misp(True) and
                __sessions__.current.misp_event.current_dump_file):
            filename = __sessions__.current.misp_event.current_dump_file
        else:
            i = 1
            while True:
                filename = 'new_event_{}.json'.format(i)
                if not os.path.exists(os.path.join(event_path, filename)):
                    break
                i += 1

        path = os.path.join(event_path, filename)
        with open(path, 'w') as f:
            f.write(to_dump.to_json())
        self.log('success', '{} stored successfully.'.format(filename.rstrip('.json')))
        return filename
開發者ID:emdel,項目名稱:viper,代碼行數:30,代碼來源:misp.py

示例6: download

def download(self):
    if self.offline_mode:
        self.log('error', 'Offline mode, unable to dodnload a sample')
        return
    ok = False
    data = None
    if self.args.hash:
        ok, data = self.misp.download_samples(sample_hash=self.args.hash)
    elif self.args.list is not None:
        list_events = []
        if len(self.args.list) == 0:
            event_path = os.path.join(self.cur_path, 'misp_events')
            for eid, path, title in self._get_local_events(event_path):
                list_events.append(eid)
        else:
            list_events = self.args.list

        all_data = []
        for eid in list_events:
            me = MISPEvent()
            me.load(self.misp.get(eid))
            ok, data = self.misp.download_samples(event_id=me.id)
            if not ok:
                self.log('error', data)
                continue
            if data:
                all_data += data
        data = all_data
    else:
        event_id = self._get_eventid()
        if event_id is None:
            return
        ok, data = self.misp.download_samples(event_id=event_id)

        if not ok:
            self.log('error', data)
            return
    to_print = []
    samples_path = os.path.join(self.cur_path, 'misp_samples')
    for d in data:
        eid, filename, payload = d
        path = os.path.join(samples_path, eid, filename)
        if not os.path.exists(os.path.dirname(path)):
            os.makedirs(os.path.dirname(path))
        with open(path, 'wb') as f:
            f.write(payload.getvalue())
        to_print.append((eid, path))

    if len(to_print) == 1:
        self.log('success', 'The sample has been downloaded from Event {}'.format(to_print[0][0]))
        event = self.misp.get(to_print[0][0])
        if not self._has_error_message(event):
            return __sessions__.new(to_print[0][1], MispEvent(event, self.offline_mode))
    elif len(to_print) > 1:
        self.log('success', 'The following files have been downloaded:')
        self._display_tmp_files()
    else:
        self.log('warning', 'No samples available.')
開發者ID:Rafiot,項目名稱:viper,代碼行數:58,代碼來源:download.py

示例7: create_massive_dummy_events

def create_massive_dummy_events(misp, nbattribute):
    event = MISPEvent()
    event.info = 'massive dummy event'
    event = misp.add_event(event)
    print(event)
    eventid = event.id
    distribution = '0'
    functions = [floodtxt, floodip, flooddomain, flooddomainip, floodemail, floodattachment]
    for i in range(nbattribute):
        choice = randint(0, 5)
        if choice == 5:
            floodattachment(misp, eventid, distribution, False, 'Payload delivery', '', event.info, event.analysis, event.threat_level_id)
        else:
            functions[choice](misp, event)
開發者ID:Delta-Sierra,項目名稱:PyMISP,代碼行數:14,代碼來源:tools.py

示例8: _change_event

def _change_event(self):
    if self.offline_mode:
        self._dump()
    else:
        if __sessions__.current.misp_event.event.id:
            event = self.misp.update(__sessions__.current.misp_event.event)
        else:
            event = self.misp.add_event(__sessions__.current.misp_event.event)
        if self._has_error_message(event):
            return
        try:
            me = MISPEvent()
            me.load(event)
            self._check_add(me)
        except Exception as e:
            self.log('error', e)
開發者ID:Rafiot,項目名稱:viper,代碼行數:16,代碼來源:add.py

示例9: test_batch_OSINT_events

    def test_batch_OSINT_events(self):
        # Test case ONLY for manual testing. Needs to download a full list of OSINT events !

        if self.check_python_2():
            self.assertTrue(True)
        elif not manual_testing:
            self.assertTrue(True)
        else:
            self.init_event()

            file_nb = str(len(os.listdir(self.test_batch_folder)))
            i = 0
            t = time.time()
            for curr_file in os.listdir(self.test_batch_folder):
                self.mispevent = MISPEvent()
                file_path = self.test_batch_folder + curr_file

                print("Current file : " + file_path + " " + str(i) + " over " + file_nb)
                i += 1

                self.mispevent.load_file(file_path)

                reportlab_generator.register_value_to_file(
                    reportlab_generator.convert_event_in_pdf_buffer(self.mispevent),
                    self.storage_folder_OSINT + curr_file + ".pdf")
            print("Elapsed time : " + str(time.time() - t))
開發者ID:MISP,項目名稱:PyMISP,代碼行數:26,代碼來源:test_reportlab.py

示例10: test_batch_OSINT_with_config_events

    def test_batch_OSINT_with_config_events(self):
        # Test case ONLY for manual testing. Needs to download a full list of OSINT events !

        if self.check_python_2():
            self.assertTrue(True)
        elif not manual_testing:
            self.assertTrue(True)
        else:
            self.init_event()

            config = {}
            config[self.moduleconfig[0]] = "http://localhost:8080"
            config[self.moduleconfig[1]] = "My Wonderful CERT"
            config[self.moduleconfig[2]] = True
            config[self.moduleconfig[3]] = True
            config[self.moduleconfig[4]] = True
            config[self.moduleconfig[5]] = True

            file_nb = str(len(os.listdir(self.test_batch_folder)))
            i = 0
            t = time.time()
            for curr_file in os.listdir(self.test_batch_folder):
                self.mispevent = MISPEvent()
                file_path = self.test_batch_folder + curr_file

                print("Current file : " + file_path + " " + str(i) + " over " + file_nb)
                i += 1

                self.mispevent.load_file(file_path)

                reportlab_generator.register_value_to_file(
                    reportlab_generator.convert_event_in_pdf_buffer(self.mispevent, config),
                    self.storage_folder_OSINT + curr_file + ".pdf")
            print("Elapsed time : " + str(time.time() - t))
開發者ID:MISP,項目名稱:PyMISP,代碼行數:34,代碼來源:test_reportlab.py

示例11: from_remote

 def from_remote(self, event_id):
     from pymisp import PyMISP
     from keys import misp_url, misp_key, misp_verifycert
     misp = PyMISP(misp_url, misp_key, misp_verifycert)
     result = misp.get(event_id)
     self.misp_event = MISPEvent()
     self.misp_event.load(result)
開發者ID:3c7,項目名稱:PyMISP,代碼行數:7,代碼來源:asciidoc_generator.py

示例12: MispEvent

class MispEvent(object):
    def __init__(self, event, offline=False):
        if isinstance(event, MISPEvent):
            self.event = event
        else:
            self.event = MISPEvent()
            if isinstance(event, six.string_types) and os.path.exists(event):
                self.event.load_file(event)
            else:
                self.event.load(event)
        self.off = offline
        if self.event.id:
            self.current_dump_file = '{}.json'.format(self.event.id)
        else:
            self.current_dump_file = None

    def online(self):
        self.off = False

    def offline(self):
        self.off = True

    def get_all_ips(self):
        return [a.value for a in self.event.attributes if a.type in ['ip-dst', 'ip-src']]

    def get_all_domains(self):
        return [a.value for a in self.event.attributes if a.type in ['domain', 'hostname']]

    def get_all_urls(self):
        return [a.value for a in self.event.attributes if a.type == 'url']

    def get_all_hashes(self):
        event_hashes = []
        sample_hashes = []
        for a in self.event.attributes:
            h = None
            if a.type in ('md5', 'sha1', 'sha256'):
                h = a.value
                event_hashes.append(h)
            elif a.type in ('filename|md5', 'filename|sha1', 'filename|sha256'):
                h = a.value.split('|')[1]
                event_hashes.append(h)
            elif a.type == 'malware-sample':
                h = a.value.split('|')[1]
                sample_hashes.append(h)
        return event_hashes, sample_hashes
開發者ID:Rafiot,項目名稱:viper,代碼行數:46,代碼來源:objects.py

示例13: __init__

 def __init__(self, event, offline=False):
     if isinstance(event, MISPEvent):
         self.event = event
     else:
         self.event = MISPEvent()
         self.event.load(event)
     self.off = offline
     if self.event.id:
         self.current_dump_file = '{}.json'.format(self.event.id)
     else:
         self.current_dump_file = None
開發者ID:chubbymaggie,項目名稱:viper,代碼行數:11,代碼來源:objects.py

示例14: _search

    def _search(self, query):
        if self.offline_mode:
            self.log('error', 'Offline mode, unable to search')
            return
        result = self.misp.search_all(query)

        if self._has_error_message(result):
            return
        self.log('success', '{} matches on the following events:'.format(query))
        for e in result['response']:
            nb_samples = 0
            nb_hashes = 0
            me = MISPEvent()
            me.load(e)
            for a in me.attributes + [attribute for obj in me.objects for attribute in obj.attributes]:
                if a.type == 'malware-sample':
                    nb_samples += 1
                if a.type in ('md5', 'sha1', 'sha256', 'filename|md5', 'filename|sha1', 'filename|sha256'):
                    nb_hashes += 1
            self.log('item', '{} ({} samples, {} hashes) - {}{}{}'.format(me.info, nb_samples, nb_hashes, self.url, '/events/view/', me.id))
開發者ID:emdel,項目名稱:viper,代碼行數:20,代碼來源:misp.py

示例15: _search_local_hashes

 def _search_local_hashes(self, event, open_session=True):
     local = []
     samples_count = 0
     if isinstance(event, MISPEvent):
         misp_event = event
     elif event.get('Event') is None:
         self.log('error', event)
         return
     else:
         misp_event = MISPEvent()
         misp_event.load(event)
     if not hasattr(misp_event, 'id'):
         # The event doesn't exists upstream, breaking.
         return
     for a in misp_event.attributes + [attribute for obj in misp_event.objects for attribute in obj.attributes]:
         row = None
         if a.type == 'malware-sample':
             samples_count += 1
         if a.type in ('md5', 'sha1', 'sha256'):
             row = Database().find(key=a.type, value=a.value)
         elif a.type in ('filename|md5', 'filename|sha1', 'filename|sha256'):
             row = Database().find(key=a.type.split('|')[1], value=a.value.split('|')[1])
         elif a.type == 'malware-sample':
             row = Database().find(key='md5', value=a.value.split('|')[1])
         if row:
             local.append(row[0])
     self.log('info', 'Event {} contains {} samples.'.format(misp_event.id, samples_count))
     if not open_session:
         return
     shas = set([l.sha256 for l in local])
     if len(shas) == 1:
         __sessions__.new(get_sample_path(shas.pop()), MispEvent(misp_event, self.offline_mode))
     elif len(shas) > 1:
         self.log('success', 'The following samples are in this viper instance:')
         __sessions__.new(misp_event=MispEvent(misp_event, self.offline_mode))
         for s in shas:
             self.log('item', s)
     else:
         __sessions__.new(misp_event=MispEvent(misp_event, self.offline_mode))
         self.log('info', 'No known (in Viper) samples in that event.')
開發者ID:emdel,項目名稱:viper,代碼行數:40,代碼來源:misp.py


注:本文中的pymisp.MISPEvent類示例由純淨天空整理自Github/MSDocs等開源代碼及文檔管理平台,相關代碼片段篩選自各路編程大神貢獻的開源項目,源碼版權歸原作者所有,傳播和使用請參考對應項目的License;未經允許,請勿轉載。