def test_have_class(self):
try:
self.test = pyeti.YetiApi()
except NameError as e:
pass # fail appropriately here.
except TypeError as e:
pass # fail appropriately here.
def __init__(self, opts):
super(YetiThreatFeedSearcher, self).__init__(opts)
self.options = opts.get(CONFIG_SECTION)
url = self.options.get("urlbase")
username = self.options.get("username")
password = self.options.get("password")
api_key = self.options.get("api_key")
self.yeti_client = pyeti.YetiApi(url, (username, password), api_key)
def __init__(self, url, key, attribute):
self.misp_mapping = {
'Ip': 'ip-dst',
'Domain': 'domain',
'Hostname': 'hostname',
'Url': 'url',
'AutonomousSystem': 'AS',
'File': 'sha256'
}
self.yeti_client = pyeti.YetiApi(url=url, api_key=key)
self.attribute = attribute
self.misp_event = MISPEvent()
self.misp_event.add_attribute(**attribute)
def check_log_file(file, url, key, **kwargs):
_, file_extension = os.path.splitext(file)
print("reading file", file=sys.stderr)
if file_extension == ".evtx":
log = __read_evtx_file(file)
else:
log = __read_text_file(file)
print("parsing file", file=sys.stderr)
values = parse_log_file(log)
print("looking in database", file=sys.stderr)
results = []
a = kwargs.get("all", False)
api = pyeti.YetiApi(url, api_key=key)
for val, logs in values.items():
result = {"value": val}
yeti = api.observable_search(value=val)
if yeti:
result["tags"] = yeti[0].get("tags", [])
result["created"] = yeti[0].get("created", "")
result["sources"] = yeti[0].get("sources", [])
else:
result["tags"] = []
result["created"] = ""
result["sources"] = []
result["original_log"] = logs
if yeti or a:
results.append(result)
print("writing results", file=sys.stderr)
ret = kwargs.get("ret", False)
if ret:
return results
output = kwargs.get("output", None)
if not output:
output = sys.stdout
j = kwargs.get("json", False)
if j:
json.dump(results, output, indent=4, sort_keys=True)
else:
fields = ["value", "tags", "created", "sources", "original_log"]
results = __flatten(map(__unpack_logs, map(__csv_row, results)))
writer = csv.DictWriter(output, fieldnames=fields, quoting=csv.QUOTE_ALL)
writer.writeheader()
writer.writerows(results)
outfh = kwargs.get("output", None)
if outfh:
outfh.close()
print("finished", file=sys.stderr)
def run(self):
api = pyeti.YetiApi("{}/api/".format(self.url), api_key=self.api_key)
data = self.get_data()
try:
result = api.observable_search(value=data)
if not result:
self.error('Service unavailable, please check if Yeti server is running')
self.report({
'findings': result
})
except Exception:
self.error('An issue occurred while calling Yeti API')
def get_yeti_connection(config=None):
global yeti_connection
if yeti_connection:
return yeti_connection
if not config:
raise MaltegoException("Configuration is empty !")
assert 'Yeti.local.api_url' in config and 'Yeti.local.api_key' in config
try:
api = pyeti.YetiApi(url=config['Yeti.local.api_url'],
api_key=config['Yeti.local.api_key'])
return api
except Exception:
raise MaltegoException("Yeti Error")
def test_has_make_request(self):
api = pyeti.YetiApi(self.url)
with self.assertRaises(TypeError) as context:
api._make_request()
self.assertFalse('This is broken' in str(context.exception))
def test_has_test_connection(self):
api = pyeti.YetiApi(self.url)
try:
api._test_connection()
except:
pass
def test_has_observable_bulk_add(self):
api = pyeti.YetiApi(self.url)
with self.assertRaises(TypeError) as context:
api.observable_bulk_add()
self.assertFalse('This is broken' in str(context.exception))
def test_has_observable_search(self):
api = pyeti.YetiApi(self.url)
try:
api.observable_search()
except:
pass
def test_YetiApi_with_url_ignore_ssl(self):
try:
self.test = pyeti.YetiApi('http://localhost:5000',
verify_ssl=False)
except TypeError as e:
pass # fail appropriately here.
def test_YetiApi_with_url(self):
try:
self.test = pyeti.YetiApi('http://localhost:5000')
except TypeError as e:
pass # fail appropriately here.
def test_YetiApi_without_arg(self):
with self.assertRaises(TypeError) as context:
pyeti.YetiApi()
self.assertFalse('This is broken' in str(context.exception))
import pyeti, json # json is only used for pretty printing in the examples below
api = pyeti.YetiApi("http://192.168.66.137:5000/api/", verify_ssl=False)
#result = api.observable_search(value="applicationzip", regex=True)
#print(json.dumps(result, indent=4, sort_keys=True)
tag = "lokibot"
#api.observable_add([tag])
results = api.observable_search(tags=tag)
#results = api.observable_search(value="myplatonca.com", regex=True)
print(results)
def setUp(self):
self.api = pyeti.YetiApi(self.url)
