def run(self, conf, args, plugins):
server = ExpandedPyMISP(conf['Misp']['url'], conf['Misp']['key'],
not args.no_tls)
if args.list:
# List events
events = server.events(pythonify=True)
for event in sorted(events, key=lambda x: x.id):
print("%i : %s" % (event.id, event.info))
elif args.event is not None:
event = server.get_event(args.event, pythonify=True)
if args.attr is None and args.type is None:
if args.raw:
for a in event.attributes:
print(a.value)
else:
print("Event {} : {}".format(event.id, event.info))
print("Tags : {}".format(", ".join(
map(lambda x: str(x.name), event.tags))))
print("{} Attributes including:".format(
len(event.attributes)))
attrs = Counter(map(lambda x: x.type, event.attributes))
attrs_ids = Counter(
map(lambda x: x.type,
filter(lambda x: x.to_ids, event.attributes)))
for type in attrs:
print("- %i %s (%i for detection)" %
(attrs[type], type, attrs_ids[type]))
else:
if args.type is not None:
# Display all attributes from this type
for attr in event.attributes:
if attr.type == args.type:
if args.raw:
print("%s" % attr.value)
else:
print("{:20}{:10}{:40}{}{}".format(
attr.category, attr.type, attr.value,
attr.comment, attr.to_ids))
elif args.attr is not None:
# search by attribute value
for attr in event.attributes:
if args.attr in str(attr.value):
print("%s\t%s\t%s\t%s\t%s" %
(attr.category, attr.type, attr.value,
attr.comment, attr.to_ids))
elif args.attr is not None:
res = server.search('attributes', value=args.attr)
if len(res['Attribute']) == 0:
print("Search %s: no results" % args.attr)
else:
print("Search %s, result founds" % args.attr)
for attr in res['Attribute']:
print('{} - {}'.format(attr['Event']['id'],
attr['Event']['info']))
else:
self.parser.print_help()
class MISPInstance():
def __init__(self, params):
self.initial_user_connector = ExpandedPyMISP(params['url'],
params['key'],
ssl=False,
debug=False)
# Git pull
self.initial_user_connector.update_misp()
# Set the default role (id 3 on the VM is normal user)
self.initial_user_connector.set_default_role(3)
# Restart workers
self.initial_user_connector.restart_workers()
if not fast_mode:
# Load submodules
self.initial_user_connector.update_object_templates()
self.initial_user_connector.update_galaxies()
self.initial_user_connector.update_noticelists()
self.initial_user_connector.update_warninglists()
self.initial_user_connector.update_taxonomies()
self.initial_user_connector.toggle_global_pythonify()
# Create organisation
organisation = MISPOrganisation()
organisation.name = params['orgname']
self.test_org = self.initial_user_connector.add_organisation(
organisation)
print(self.test_org.name, self.test_org.uuid)
# Create Site admin in new org
user = MISPUser()
user.email = params['email_site_admin']
user.org_id = self.test_org.id
user.role_id = 1 # Site admin
self.test_site_admin = self.initial_user_connector.add_user(user)
self.site_admin_connector = ExpandedPyMISP(
params['url'],
self.test_site_admin.authkey,
ssl=False,
debug=False)
self.site_admin_connector.toggle_global_pythonify()
# Create org admin
user = MISPUser()
user.email = params['email_admin']
user.org_id = self.test_org.id
user.role_id = 2 # Org admin
self.test_org_admin = self.site_admin_connector.add_user(user)
self.org_admin_connector = ExpandedPyMISP(params['url'],
self.test_org_admin.authkey,
ssl=False,
debug=False)
self.org_admin_connector.toggle_global_pythonify()
# Create user
user = MISPUser()
user.email = params['email_user']
user.org_id = self.test_org.id
self.test_usr = self.org_admin_connector.add_user(user)
self.user_connector = ExpandedPyMISP(params['url'],
self.test_usr.authkey,
ssl=False,
debug=False)
self.user_connector.toggle_global_pythonify()
# Setup external_baseurl
self.site_admin_connector.set_server_setting(
'MISP.external_baseurl', params['external_baseurl'], force=True)
# Setup baseurl
self.site_admin_connector.set_server_setting('MISP.baseurl',
params['url'],
force=True)
# Setup host org
self.site_admin_connector.set_server_setting('MISP.host_org_id',
self.test_org.id)
self.external_base_url = params['external_baseurl']
self.sync = []
self.sync_servers = []
def __repr__(self):
return f'<{self.__class__.__name__}(external={self.external_base_url})'
def create_sync_user(self, organisation):
sync_org = self.site_admin_connector.add_organisation(organisation)
short_org_name = sync_org.name.lower().replace(' ', '-')
user = MISPUser()
user.email = f"sync_user@{short_org_name}.local"
user.org_id = sync_org.id
user.role_id = 5 # Org admin
sync_user = self.site_admin_connector.add_user(user)
sync_user_connector = ExpandedPyMISP(
self.site_admin_connector.root_url,
sync_user.authkey,
ssl=False,
debug=False)
sync_server_config = sync_user_connector.get_sync_config(
pythonify=True)
self.sync.append((sync_org, sync_user, sync_server_config))
def create_sync_server(self, name, server):
server = self.site_admin_connector.import_server(server)
server.self_signed = True
server.pull = True # Not automatic, but allows to do a pull
server = self.site_admin_connector.update_server(server)
r = self.site_admin_connector.test_server(server)
if r['status'] != 1:
raise Exception(f'Sync test failed: {r}')
self.sync_servers.append(server)
def cleanup(self):
for org, user, _ in self.sync:
self.site_admin_connector.delete_user(
user) # Delete user from other org
self.site_admin_connector.delete_organisation(org)
# Delete sync servers
for server in self.site_admin_connector.servers():
self.site_admin_connector.delete_server(server)
# Delete users
self.org_admin_connector.delete_user(self.test_usr.id)
self.site_admin_connector.delete_user(self.test_org_admin.id)
self.initial_user_connector.delete_user(self.test_site_admin.id)
# Delete org
self.initial_user_connector.delete_organisation(self.test_org.id)
# Make sure the instance is back to a clean state
if self.initial_user_connector.events():
raise Exception(
f'Events still on the instance {self.external_base_url}')
if self.initial_user_connector.attributes():
raise Exception(
f'Attributes still on the instance {self.external_base_url}')
if self.initial_user_connector.attribute_proposals():
raise Exception(
f'AttributeProposals still on the instance {self.external_base_url}'
)
if self.initial_user_connector.sightings():
raise Exception(
f'Sightings still on the instance {self.external_base_url}')
if self.initial_user_connector.servers():
raise Exception(
f'Servers still on the instance {self.external_base_url}')
if self.initial_user_connector.sharing_groups():
raise Exception(
f'SharingGroups still on the instance {self.external_base_url}'
)
if len(self.initial_user_connector.organisations()) > 1:
raise Exception(
f'Organisations still on the instance {self.external_base_url}'
)
if len(self.initial_user_connector.users()) > 1:
raise Exception(
f'Users still on the instance {self.external_base_url}')
