class MISPInstance():
def __init__(self, params):
self.initial_user_connector = ExpandedPyMISP(params['url'],
params['key'],
ssl=False,
debug=False)
# Git pull
self.initial_user_connector.update_misp()
# Set the default role (id 3 on the VM is normal user)
self.initial_user_connector.set_default_role(3)
# Restart workers
self.initial_user_connector.restart_workers()
if not fast_mode:
# Load submodules
self.initial_user_connector.update_object_templates()
self.initial_user_connector.update_galaxies()
self.initial_user_connector.update_noticelists()
self.initial_user_connector.update_warninglists()
self.initial_user_connector.update_taxonomies()
self.initial_user_connector.toggle_global_pythonify()
# Create organisation
organisation = MISPOrganisation()
organisation.name = params['orgname']
self.test_org = self.initial_user_connector.add_organisation(
organisation)
print(self.test_org.name, self.test_org.uuid)
# Create Site admin in new org
user = MISPUser()
user.email = params['email_site_admin']
user.org_id = self.test_org.id
user.role_id = 1 # Site admin
self.test_site_admin = self.initial_user_connector.add_user(user)
self.site_admin_connector = ExpandedPyMISP(
params['url'],
self.test_site_admin.authkey,
ssl=False,
debug=False)
self.site_admin_connector.toggle_global_pythonify()
# Create org admin
user = MISPUser()
user.email = params['email_admin']
user.org_id = self.test_org.id
user.role_id = 2 # Org admin
self.test_org_admin = self.site_admin_connector.add_user(user)
self.org_admin_connector = ExpandedPyMISP(params['url'],
self.test_org_admin.authkey,
ssl=False,
debug=False)
self.org_admin_connector.toggle_global_pythonify()
# Create user
user = MISPUser()
user.email = params['email_user']
user.org_id = self.test_org.id
self.test_usr = self.org_admin_connector.add_user(user)
self.user_connector = ExpandedPyMISP(params['url'],
self.test_usr.authkey,
ssl=False,
debug=False)
self.user_connector.toggle_global_pythonify()
# Setup external_baseurl
self.site_admin_connector.set_server_setting(
'MISP.external_baseurl', params['external_baseurl'], force=True)
# Setup baseurl
self.site_admin_connector.set_server_setting('MISP.baseurl',
params['url'],
force=True)
# Setup host org
self.site_admin_connector.set_server_setting('MISP.host_org_id',
self.test_org.id)
self.external_base_url = params['external_baseurl']
self.sync = []
self.sync_servers = []
def __repr__(self):
return f'<{self.__class__.__name__}(external={self.external_base_url})'
def create_sync_user(self, organisation):
sync_org = self.site_admin_connector.add_organisation(organisation)
short_org_name = sync_org.name.lower().replace(' ', '-')
user = MISPUser()
user.email = f"sync_user@{short_org_name}.local"
user.org_id = sync_org.id
user.role_id = 5 # Org admin
sync_user = self.site_admin_connector.add_user(user)
sync_user_connector = ExpandedPyMISP(
self.site_admin_connector.root_url,
sync_user.authkey,
ssl=False,
debug=False)
sync_server_config = sync_user_connector.get_sync_config(
pythonify=True)
self.sync.append((sync_org, sync_user, sync_server_config))
def create_sync_server(self, name, server):
server = self.site_admin_connector.import_server(server)
server.self_signed = True
server.pull = True # Not automatic, but allows to do a pull
server = self.site_admin_connector.update_server(server)
r = self.site_admin_connector.test_server(server)
if r['status'] != 1:
raise Exception(f'Sync test failed: {r}')
self.sync_servers.append(server)
def cleanup(self):
for org, user, _ in self.sync:
self.site_admin_connector.delete_user(
user) # Delete user from other org
self.site_admin_connector.delete_organisation(org)
# Delete sync servers
for server in self.site_admin_connector.servers():
self.site_admin_connector.delete_server(server)
# Delete users
self.org_admin_connector.delete_user(self.test_usr.id)
self.site_admin_connector.delete_user(self.test_org_admin.id)
self.initial_user_connector.delete_user(self.test_site_admin.id)
# Delete org
self.initial_user_connector.delete_organisation(self.test_org.id)
# Make sure the instance is back to a clean state
if self.initial_user_connector.events():
raise Exception(
f'Events still on the instance {self.external_base_url}')
if self.initial_user_connector.attributes():
raise Exception(
f'Attributes still on the instance {self.external_base_url}')
if self.initial_user_connector.attribute_proposals():
raise Exception(
f'AttributeProposals still on the instance {self.external_base_url}'
)
if self.initial_user_connector.sightings():
raise Exception(
f'Sightings still on the instance {self.external_base_url}')
if self.initial_user_connector.servers():
raise Exception(
f'Servers still on the instance {self.external_base_url}')
if self.initial_user_connector.sharing_groups():
raise Exception(
f'SharingGroups still on the instance {self.external_base_url}'
)
if len(self.initial_user_connector.organisations()) > 1:
raise Exception(
f'Organisations still on the instance {self.external_base_url}'
)
if len(self.initial_user_connector.users()) > 1:
raise Exception(
f'Users still on the instance {self.external_base_url}')
event_import_uuid = str(uuid.uuid4()) # Unique ID
event_import_date = date.today() # Create event with current data
event_import_distribution = 2 # Connected
# Check if organisation already exist
org = MISPOrganisation()
try:
org.id = api.get_organisation(event_import_org, pythonify=True).id
except:
# We need to create a new one
org_new = MISPOrganisation()
org_new.name = event_import_org
org_new.uuid = str(uuid.uuid4())
org_new.type = "CSIRT"
org_new.sector = "Government"
org.id = api.add_organisation(org_new, pythonify=True).id
# Create the MISP event by loading the JSON file
# This will not add the attributes, but does add the event tags and galaxies
# We also add a random UUID for uniqueness
event = MISPEvent()
event.load_file(json_import)
event.uuid = event_import_uuid
if not event_import_info:
event_import_info = event.info
event.info = event_import_info
event.date = event_import_date
event.distribution = event_import_distribution
event.orgc = api.get_organisation(org, pythonify=True)
event = api.add_event(event, pythonify=True)
class MISPInstance():
def __init__(self, params):
self.site_admin_connector = ExpandedPyMISP(params['url'],
params['key'],
ssl=False,
debug=False)
# Set the default role (id 3 on the VM is normal user)
self.site_admin_connector.set_default_role(3)
if not fast_mode:
# Git pull
self.site_admin_connector.update_misp()
# Load submodules
self.site_admin_connector.update_object_templates()
self.site_admin_connector.update_galaxies()
self.site_admin_connector.update_noticelists()
self.site_admin_connector.update_warninglists()
self.site_admin_connector.update_taxonomies()
self.site_admin_connector.toggle_global_pythonify()
# Create organisation
organisation = MISPOrganisation()
organisation.name = params['orgname']
self.test_org = self.site_admin_connector.add_organisation(
organisation)
print(self.test_org.name, self.test_org.uuid)
# Create org admin
user = MISPUser()
user.email = params['email_admin']
user.org_id = self.test_org.id
user.role_id = 2 # Org admin
self.test_admin = self.site_admin_connector.add_user(user)
self.org_admin_connector = ExpandedPyMISP(params['url'],
self.test_admin.authkey,
ssl=False,
debug=False)
self.org_admin_connector.toggle_global_pythonify()
# Create user
user = MISPUser()
user.email = params['email_user']
user.org_id = self.test_org.id
self.test_usr = self.org_admin_connector.add_user(user)
self.usr_connector = ExpandedPyMISP(params['url'],
self.test_admin.authkey,
ssl=False,
debug=False)
self.usr_connector.toggle_global_pythonify()
# Setup external_baseurl
self.site_admin_connector.set_server_setting(
'MISP.external_baseurl', params['external_baseurl'], force=True)
self.external_base_url = params['external_baseurl']
self.sync = []
def create_sync_user(self, organisation):
sync_org = self.site_admin_connector.add_organisation(organisation)
short_org_name = sync_org.name.lower().replace(' ', '-')
user = MISPUser()
user.email = f"sync_user@{short_org_name}.local"
user.org_id = sync_org.id
user.role_id = 5 # Org admin
sync_user = self.site_admin_connector.add_user(user)
self.sync.append((sync_org, sync_user, self.external_base_url))
def create_sync_server(self, name, remote_url, authkey, organisation):
server = MISPServer()
server.name = name
server.self_signed = True
server.url = remote_url
server.authkey = authkey
server.remote_org_id = organisation.id
server = self.site_admin_connector.add_server(server)
r = self.site_admin_connector.test_server(server)
print(r)
def cleanup(self):
for org, user, remote_url in self.sync:
self.site_admin_connector.delete_user(
user) # Delete user from other org
self.site_admin_connector.delete_organisation(org)
# Delete sync servers
for server in self.site_admin_connector.servers():
self.site_admin_connector.delete_server(server)
# Delete users
self.org_admin_connector.delete_user(self.test_usr.id)
self.site_admin_connector.delete_user(self.test_admin.id)
# Delete org
self.site_admin_connector.delete_organisation(self.test_org.id)
with open(args.csv_import) as csv_file:
count_orgs = 0
csv_reader = csv.reader(csv_file, delimiter=',')
for row in csv_reader:
org = MISPOrganisation()
org.name = row[0]
print("Process {}".format(org.name))
org.nationality = row[1]
org.sector = row[2]
org.type = row[3]
org.contacts = row[4]
org.uuid = row[5]
org.local = row[6]
add_org = misp.add_organisation(org, pythonify=True)
if 'errors' in add_org:
print(add_org['errors'])
else:
count_orgs = count_orgs + 1
org_uuid = add_org.uuid
if org_uuid:
sharinggroup = MISPSharingGroup()
sharinggroup_uuid = row[7]
if sharinggroup_uuid:
sharinggroup.uuid = sharinggroup_uuid
add_sharing = misp.add_org_to_sharing_group(sharinggroup, org)
else:
