本文整理汇总了Python中pymisp.MISPEvent类的典型用法代码示例。如果您正苦于以下问题:Python MISPEvent类的具体用法?Python MISPEvent怎么用?Python MISPEvent使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
在下文中一共展示了MISPEvent类的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Python代码示例。
示例1: create_event
def create_event(self):
if self.args.threat is not None:
# Dirty trick to keep consistency in the module: the threat level in the upload
# API can go from 0 import to 3 but it is 1 to 4 in the event mgmt API.
# It will be fixed in a near future, in the meantime, we do that:
self.args.threat += 1
if not self.args.info:
self.log('error', 'Info field is required for a new event')
info = ' '.join(self.args.info)
# Check if the following arguments have been set (and correctly set). If not, take the config values
self.args.distrib = self.distribution if self.args.distrib is None else self.args.distrib
self.args.sharing = self.sharinggroup if self.args.sharing is None else self.args.sharing
if self.args.sharing and self.args.distrib != 4:
self.args.sharing = None
self.log('info', "Sharing group can only be set if distribution is 4. Clearing set value")
misp_event = MISPEvent()
misp_event.set_all_values(info=info, distribution=self.args.distrib,
sharing_group_id=self.args.sharing, threat_level_id=self.args.threat,
analysis=self.args.analysis, date=self.args.date)
self._search_local_hashes(misp_event)
if self.offline_mode:
# New event created locally, no ID
__sessions__.current.misp_event.current_dump_file = self._dump()
__sessions__.current.misp_event.offline()
else:
misp_event = self.misp.add_event(json.dumps(misp_event, cls=EncodeUpdate))
if self._has_error_message(misp_event):
return
__sessions__.new(misp_event=MispEvent(misp_event, self.offline_mode))
self._dump()
开发者ID:kevthehermit,项目名称:viper,代码行数:34,代码来源:create_event.py
示例2: load_openioc
def load_openioc(openioc):
# Takes a opened file, or a string
if not has_bs4:
raise Exception('You need to install BeautifulSoup: pip install bs4')
misp_event = MISPEvent()
iocreport = BeautifulSoup(openioc, "html.parser")
# Set event fields
info = extract_field(iocreport, 'short_description')
if info:
misp_event.info = info
date = extract_field(iocreport, 'authored_date')
if date:
misp_event.set_date(date)
# Set special attributes
description = extract_field(iocreport, 'description')
if description:
if not misp_event.info:
misp_event.info = description
else:
misp_event.add_attribute('comment', description)
if not misp_event.info:
misp_event.info = 'OpenIOC import'
author = extract_field(iocreport, 'authored_by')
if author:
misp_event.add_attribute('comment', author)
misp_event = set_all_attributes(iocreport, misp_event)
return misp_event
开发者ID:TheDr1ver,项目名称:PyMISP,代码行数:27,代码来源:openioc.py
示例3: create_event
def create_event(self):
if self.args.threat is not None:
# Dirty trick to keep consistency in the module: the threat level in the upload
# API can go from 0 import to 3 but it is 1 to 4 in the event mgmt API.
# It will be fixed in a near future, in the meantime, we do that:
self.args.threat += 1
if not self.args.info:
self.log('error', 'Info field is required for a new event')
info = ' '.join(self.args.info)
misp_event = MISPEvent()
misp_event.set_all_values(info=info, distribution=self.args.distrib,
threat_level_id=self.args.threat, analysis=self.args.analysis,
date=self.args.date)
self._search_local_hashes(misp_event)
if self.offline_mode:
# New event created locally, no ID
__sessions__.current.misp_event.current_dump_file = self._dump()
__sessions__.current.misp_event.offline()
else:
misp_event = self.misp.add_event(json.dumps(misp_event, cls=EncodeUpdate))
if self._has_error_message(misp_event):
return
__sessions__.new(misp_event=MispEvent(misp_event, self.offline_mode))
self._dump()
开发者ID:cwtaylor,项目名称:viper,代码行数:26,代码来源:misp.py
示例4: test_eventObject
def test_eventObject(self, m):
self.initURI(m)
pymisp = PyMISP(self.domain, self.key)
misp_event = MISPEvent(pymisp.describe_types)
misp_event.load(open('tests/57c4445b-c548-4654-af0b-4be3950d210f.json', 'r').read())
json.dumps(misp_event, cls=EncodeUpdate)
json.dumps(misp_event, cls=EncodeFull)
开发者ID:FloatingGhost,项目名称:PyMISP,代码行数:7,代码来源:test_offline.py
示例5: _dump
def _dump(self, event=None):
event_path = os.path.join(self.cur_path, 'misp_events')
if not os.path.exists(event_path):
os.makedirs(event_path)
if not event:
to_dump = __sessions__.current.misp_event.event
elif isinstance(event, MISPEvent):
to_dump = event
else:
to_dump = MISPEvent()
to_dump.load(event)
if to_dump.id:
filename = str(to_dump.id)
elif (__sessions__.is_attached_misp(True) and
__sessions__.current.misp_event.current_dump_file):
filename = __sessions__.current.misp_event.current_dump_file
else:
i = 1
while True:
filename = 'new_event_{}.json'.format(i)
if not os.path.exists(os.path.join(event_path, filename)):
break
i += 1
path = os.path.join(event_path, filename)
with open(path, 'w') as f:
f.write(to_dump.to_json())
self.log('success', '{} stored successfully.'.format(filename.rstrip('.json')))
return filename
开发者ID:emdel,项目名称:viper,代码行数:30,代码来源:misp.py
示例6: download
def download(self):
if self.offline_mode:
self.log('error', 'Offline mode, unable to dodnload a sample')
return
ok = False
data = None
if self.args.hash:
ok, data = self.misp.download_samples(sample_hash=self.args.hash)
elif self.args.list is not None:
list_events = []
if len(self.args.list) == 0:
event_path = os.path.join(self.cur_path, 'misp_events')
for eid, path, title in self._get_local_events(event_path):
list_events.append(eid)
else:
list_events = self.args.list
all_data = []
for eid in list_events:
me = MISPEvent()
me.load(self.misp.get(eid))
ok, data = self.misp.download_samples(event_id=me.id)
if not ok:
self.log('error', data)
continue
if data:
all_data += data
data = all_data
else:
event_id = self._get_eventid()
if event_id is None:
return
ok, data = self.misp.download_samples(event_id=event_id)
if not ok:
self.log('error', data)
return
to_print = []
samples_path = os.path.join(self.cur_path, 'misp_samples')
for d in data:
eid, filename, payload = d
path = os.path.join(samples_path, eid, filename)
if not os.path.exists(os.path.dirname(path)):
os.makedirs(os.path.dirname(path))
with open(path, 'wb') as f:
f.write(payload.getvalue())
to_print.append((eid, path))
if len(to_print) == 1:
self.log('success', 'The sample has been downloaded from Event {}'.format(to_print[0][0]))
event = self.misp.get(to_print[0][0])
if not self._has_error_message(event):
return __sessions__.new(to_print[0][1], MispEvent(event, self.offline_mode))
elif len(to_print) > 1:
self.log('success', 'The following files have been downloaded:')
self._display_tmp_files()
else:
self.log('warning', 'No samples available.')
开发者ID:Rafiot,项目名称:viper,代码行数:58,代码来源:download.py
示例7: create_massive_dummy_events
def create_massive_dummy_events(misp, nbattribute):
event = MISPEvent()
event.info = 'massive dummy event'
event = misp.add_event(event)
print(event)
eventid = event.id
distribution = '0'
functions = [floodtxt, floodip, flooddomain, flooddomainip, floodemail, floodattachment]
for i in range(nbattribute):
choice = randint(0, 5)
if choice == 5:
floodattachment(misp, eventid, distribution, False, 'Payload delivery', '', event.info, event.analysis, event.threat_level_id)
else:
functions[choice](misp, event)
开发者ID:Delta-Sierra,项目名称:PyMISP,代码行数:14,代码来源:tools.py
示例8: _change_event
def _change_event(self):
if self.offline_mode:
self._dump()
else:
if __sessions__.current.misp_event.event.id:
event = self.misp.update(__sessions__.current.misp_event.event)
else:
event = self.misp.add_event(__sessions__.current.misp_event.event)
if self._has_error_message(event):
return
try:
me = MISPEvent()
me.load(event)
self._check_add(me)
except Exception as e:
self.log('error', e)
开发者ID:Rafiot,项目名称:viper,代码行数:16,代码来源:add.py
示例9: test_batch_OSINT_events
def test_batch_OSINT_events(self):
# Test case ONLY for manual testing. Needs to download a full list of OSINT events !
if self.check_python_2():
self.assertTrue(True)
elif not manual_testing:
self.assertTrue(True)
else:
self.init_event()
file_nb = str(len(os.listdir(self.test_batch_folder)))
i = 0
t = time.time()
for curr_file in os.listdir(self.test_batch_folder):
self.mispevent = MISPEvent()
file_path = self.test_batch_folder + curr_file
print("Current file : " + file_path + " " + str(i) + " over " + file_nb)
i += 1
self.mispevent.load_file(file_path)
reportlab_generator.register_value_to_file(
reportlab_generator.convert_event_in_pdf_buffer(self.mispevent),
self.storage_folder_OSINT + curr_file + ".pdf")
print("Elapsed time : " + str(time.time() - t))
开发者ID:MISP,项目名称:PyMISP,代码行数:26,代码来源:test_reportlab.py
示例10: test_batch_OSINT_with_config_events
def test_batch_OSINT_with_config_events(self):
# Test case ONLY for manual testing. Needs to download a full list of OSINT events !
if self.check_python_2():
self.assertTrue(True)
elif not manual_testing:
self.assertTrue(True)
else:
self.init_event()
config = {}
config[self.moduleconfig[0]] = "http://localhost:8080"
config[self.moduleconfig[1]] = "My Wonderful CERT"
config[self.moduleconfig[2]] = True
config[self.moduleconfig[3]] = True
config[self.moduleconfig[4]] = True
config[self.moduleconfig[5]] = True
file_nb = str(len(os.listdir(self.test_batch_folder)))
i = 0
t = time.time()
for curr_file in os.listdir(self.test_batch_folder):
self.mispevent = MISPEvent()
file_path = self.test_batch_folder + curr_file
print("Current file : " + file_path + " " + str(i) + " over " + file_nb)
i += 1
self.mispevent.load_file(file_path)
reportlab_generator.register_value_to_file(
reportlab_generator.convert_event_in_pdf_buffer(self.mispevent, config),
self.storage_folder_OSINT + curr_file + ".pdf")
print("Elapsed time : " + str(time.time() - t))
开发者ID:MISP,项目名称:PyMISP,代码行数:34,代码来源:test_reportlab.py
示例11: from_remote
def from_remote(self, event_id):
from pymisp import PyMISP
from keys import misp_url, misp_key, misp_verifycert
misp = PyMISP(misp_url, misp_key, misp_verifycert)
result = misp.get(event_id)
self.misp_event = MISPEvent()
self.misp_event.load(result)
开发者ID:3c7,项目名称:PyMISP,代码行数:7,代码来源:asciidoc_generator.py
示例12: MispEvent
class MispEvent(object):
def __init__(self, event, offline=False):
if isinstance(event, MISPEvent):
self.event = event
else:
self.event = MISPEvent()
if isinstance(event, six.string_types) and os.path.exists(event):
self.event.load_file(event)
else:
self.event.load(event)
self.off = offline
if self.event.id:
self.current_dump_file = '{}.json'.format(self.event.id)
else:
self.current_dump_file = None
def online(self):
self.off = False
def offline(self):
self.off = True
def get_all_ips(self):
return [a.value for a in self.event.attributes if a.type in ['ip-dst', 'ip-src']]
def get_all_domains(self):
return [a.value for a in self.event.attributes if a.type in ['domain', 'hostname']]
def get_all_urls(self):
return [a.value for a in self.event.attributes if a.type == 'url']
def get_all_hashes(self):
event_hashes = []
sample_hashes = []
for a in self.event.attributes:
h = None
if a.type in ('md5', 'sha1', 'sha256'):
h = a.value
event_hashes.append(h)
elif a.type in ('filename|md5', 'filename|sha1', 'filename|sha256'):
h = a.value.split('|')[1]
event_hashes.append(h)
elif a.type == 'malware-sample':
h = a.value.split('|')[1]
sample_hashes.append(h)
return event_hashes, sample_hashes
开发者ID:Rafiot,项目名称:viper,代码行数:46,代码来源:objects.py
示例13: __init__
def __init__(self, event, offline=False):
if isinstance(event, MISPEvent):
self.event = event
else:
self.event = MISPEvent()
self.event.load(event)
self.off = offline
if self.event.id:
self.current_dump_file = '{}.json'.format(self.event.id)
else:
self.current_dump_file = None
开发者ID:chubbymaggie,项目名称:viper,代码行数:11,代码来源:objects.py
示例14: _search
def _search(self, query):
if self.offline_mode:
self.log('error', 'Offline mode, unable to search')
return
result = self.misp.search_all(query)
if self._has_error_message(result):
return
self.log('success', '{} matches on the following events:'.format(query))
for e in result['response']:
nb_samples = 0
nb_hashes = 0
me = MISPEvent()
me.load(e)
for a in me.attributes + [attribute for obj in me.objects for attribute in obj.attributes]:
if a.type == 'malware-sample':
nb_samples += 1
if a.type in ('md5', 'sha1', 'sha256', 'filename|md5', 'filename|sha1', 'filename|sha256'):
nb_hashes += 1
self.log('item', '{} ({} samples, {} hashes) - {}{}{}'.format(me.info, nb_samples, nb_hashes, self.url, '/events/view/', me.id))
开发者ID:emdel,项目名称:viper,代码行数:20,代码来源:misp.py
示例15: _search_local_hashes
def _search_local_hashes(self, event, open_session=True):
local = []
samples_count = 0
if isinstance(event, MISPEvent):
misp_event = event
elif event.get('Event') is None:
self.log('error', event)
return
else:
misp_event = MISPEvent()
misp_event.load(event)
if not hasattr(misp_event, 'id'):
# The event doesn't exists upstream, breaking.
return
for a in misp_event.attributes + [attribute for obj in misp_event.objects for attribute in obj.attributes]:
row = None
if a.type == 'malware-sample':
samples_count += 1
if a.type in ('md5', 'sha1', 'sha256'):
row = Database().find(key=a.type, value=a.value)
elif a.type in ('filename|md5', 'filename|sha1', 'filename|sha256'):
row = Database().find(key=a.type.split('|')[1], value=a.value.split('|')[1])
elif a.type == 'malware-sample':
row = Database().find(key='md5', value=a.value.split('|')[1])
if row:
local.append(row[0])
self.log('info', 'Event {} contains {} samples.'.format(misp_event.id, samples_count))
if not open_session:
return
shas = set([l.sha256 for l in local])
if len(shas) == 1:
__sessions__.new(get_sample_path(shas.pop()), MispEvent(misp_event, self.offline_mode))
elif len(shas) > 1:
self.log('success', 'The following samples are in this viper instance:')
__sessions__.new(misp_event=MispEvent(misp_event, self.offline_mode))
for s in shas:
self.log('item', s)
else:
__sessions__.new(misp_event=MispEvent(misp_event, self.offline_mode))
self.log('info', 'No known (in Viper) samples in that event.')
开发者ID:emdel,项目名称:viper,代码行数:40,代码来源:misp.py
示例16: create_new_event
def create_new_event():
me = MISPEvent()
me.info = "Fail2Ban blocking"
me.add_tag(args.tag)
start = datetime.now()
me.add_attribute('datetime', start.isoformat(), comment='Start Time')
return me
开发者ID:3c7,项目名称:PyMISP,代码行数:7,代码来源:add_fail2ban_object.py
示例17: __init__
def __init__(self, event, offline=False):
if isinstance(event, MISPEvent):
self.event = event
else:
self.event = MISPEvent()
if isinstance(event, six.string_types) and os.path.exists(event):
self.event.load_file(event)
else:
self.event.load(event)
self.off = offline
if self.event.id:
self.current_dump_file = '{}.json'.format(self.event.id)
else:
self.current_dump_file = None
开发者ID:Rafiot,项目名称:viper,代码行数:14,代码来源:objects.py
示例18: setUp
def setUp(self):
self.maxDiff = None
self.mispevent = MISPEvent()
if not manual_testing:
self.root = "tests/"
else:
self.root = ""
self.test_folder = self.root + "reportlab_testfiles/"
self.test_batch_folder = self.root + "OSINT_output/"
self.storage_folder_OSINT = self.root + "OSINT_PDF/"
self.test_image_folder = self.root + "image_json/"
self.storage_folder = self.root + "reportlab_testoutputs/"
self.storage_image_folder = self.root + "reportlab_test_image_outputs/"
self.moduleconfig = ["MISP_base_url_for_dynamic_link", "MISP_name_for_metadata", "Activate_textual_description",
"Activate_galaxy_description", "Activate_related_events", "Activate_internationalization_fonts", "Custom_fonts_path"]
开发者ID:MISP,项目名称:PyMISP,代码行数:15,代码来源:test_reportlab.py
示例19: load_openioc
def load_openioc(openioc):
if not has_bs4:
raise Exception('You need to install BeautifulSoup: pip install bs4')
misp_event = MISPEvent()
with open(openioc, "r") as ioc_file:
iocreport = BeautifulSoup(ioc_file, "lxml")
# Set event fields
info = extract_field(iocreport, 'short_description')
if info:
misp_event.info = info
date = extract_field(iocreport, 'authored_date')
if date:
misp_event.set_date(date)
# Set special attributes
description = extract_field(iocreport, 'description')
if description:
misp_event.add_attribute('comment', description)
author = extract_field(iocreport, 'authored_by')
if author:
misp_event.add_attribute('comment', author)
misp_event = set_all_attributes(iocreport, misp_event)
return misp_event
开发者ID:CIRCL,项目名称:PyMISP,代码行数:22,代码来源:openioc.py
示例20: ReportGenerator
class ReportGenerator():
def __init__(self, profile="daily_report"):
self.taxonomies = Taxonomies()
self.report = ''
profile_name = "profiles.{}".format(profile)
self.template = importlib.import_module(name=profile_name)
def from_remote(self, event_id):
from pymisp import PyMISP
from keys import misp_url, misp_key, misp_verifycert
misp = PyMISP(misp_url, misp_key, misp_verifycert)
result = misp.get(event_id)
self.misp_event = MISPEvent()
self.misp_event.load(result)
def from_file(self, path):
self.misp_event = MISPEvent()
self.misp_event.load_file(path)
def attributes(self):
if not self.misp_event.attributes:
return ''
list_attributes = []
for attribute in self.misp_event.attributes:
if attribute.type in self.template.types_to_attach:
list_attributes.append("* {}".format(defang(attribute.value)))
for obj in self.misp_event.Object:
if obj.name in self.template.objects_to_attach:
for attribute in obj.Attribute:
if attribute.type in self.template.types_to_attach:
list_attributes.append("* {}".format(defang(attribute.value)))
return self.template.attributes.format(list_attributes="\n".join(list_attributes))
def _get_tag_info(self, machinetag):
return self.taxonomies.revert_machinetag(machinetag)
def report_headers(self):
content = {'org_name': 'name',
'date': date.today().isoformat()}
self.report += self.template.headers.format(**content)
def event_level_tags(self):
if not self.misp_event.Tag:
return ''
for tag in self.misp_event.Tag:
# Only look for TLP for now
if tag['name'].startswith('tlp'):
tax, predicate = self._get_tag_info(tag['name'])
return self.template.event_level_tags.format(value=predicate.predicate.upper(), expanded=predicate.expanded)
def title(self):
internal_id = ''
summary = ''
# Get internal refs for report
for obj in self.misp_event.Object:
if obj.name != 'report':
continue
for a in obj.Attribute:
if a.object_relation == 'case-number':
internal_id = a.value
if a.object_relation == 'summary':
summary = a.value
return self.template.title.format(internal_id=internal_id, title=self.misp_event.info,
summary=summary)
def asciidoc(self, lang='en'):
self.report += self.title()
self.report += self.event_level_tags()
self.report += self.attributes()
开发者ID:3c7,项目名称:PyMISP,代码行数:70,代码来源:asciidoc_generator.py
注:本文中的pymisp.MISPEvent类示例由纯净天空整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
客服电话
APP下载
官方微信
请发表评论