Esempio n. 1
0
    def create_content(self, content, service_id=None, inbox_message_id=None,
            collections=None):
        '''Create a content block.

        Methods emits :py:const:`opentaxii.signals.CONTENT_BLOCK_CREATED` signal.

        :param `opentaxii.taxii.entities.ContentBlockEntity` entity:
                content block in question
        :param str service_id: ID of an inbox service via which content
                block was created
        :param `opentaxii.taxii.entities.InboxMessageEntity` inbox_message:
                inbox message that delivered the content block
        :param list collections: a list of destination collections as
                :py:class:`opentaxii.taxii.entities.CollectionEntity`
        :return: updated content block entity
        :rtype: :py:class:`opentaxii.taxii.entities.ContentBlockEntity`
        '''

        if inbox_message_id:
            content.inbox_message_id = inbox_message_id

        collections = collections or []
        collection_ids = [c.id for c in collections]
        content = self.api.create_content_block(content,
                collection_ids=collection_ids, service_id=service_id)

        CONTENT_BLOCK_CREATED.send(self, content_block=content,
                collection_ids=collection_ids, service_id=service_id)

        return content
Esempio n. 2
0
    def create_content(self, content, service_id=None, inbox_message_id=None,
                       collections=None):
        '''Create a content block.

        Methods emits :py:const:`opentaxii.signals.CONTENT_BLOCK_CREATED`
        signal.

        :param `opentaxii.taxii.entities.ContentBlockEntity` entity:
                content block in question
        :param str service_id: ID of an inbox service via which content
                block was created
        :param `opentaxii.taxii.entities.InboxMessageEntity` inbox_message:
                inbox message that delivered the content block
        :param list collections: a list of destination collections as
                :py:class:`opentaxii.taxii.entities.CollectionEntity`
        :return: updated content block entity
        :rtype: :py:class:`opentaxii.taxii.entities.ContentBlockEntity`
        '''

        if inbox_message_id:
            content.inbox_message_id = inbox_message_id

        collections = collections or []
        collection_ids = [c.id for c in collections]
        content = self.api.create_content_block(
            content, collection_ids=collection_ids, service_id=service_id)

        CONTENT_BLOCK_CREATED.send(
            self, content_block=content,
            collection_ids=collection_ids, service_id=service_id)

        return content
Esempio n. 3
0
    # Load the package
    log.info("Posting STIX...")
    package = pymisp.tools.stix.load_stix(content_block.content)
    log.info("STIX loaded succesfully.")
    values = [x.value for x in package.attributes]
    log.info("Extracted %s", values)
    for attrib in values:
        log.info("Checking for existence of %s", attrib)
        search = MISP.search("attributes", values=str(attrib))
        if search["response"] != []:
            # This means we have it!
            log.info("%s is a duplicate, we'll ignore it.", attrib)
            package.attributes.pop([x.value
                                    for x in package.attributes].index(attrib))
        else:
            log.info("%s is unique, we'll keep it", attrib)

    # Push the event to MISP
    # TODO: There's probably a proper method to do this rather than json_full
    # But I don't wanna read docs
    if (len(package.attributes) > 0):
        log.info("Uploading event to MISP with attributes %s",
                 [x.value for x in package.attributes])
        MISP.add_event(package._json_full())
    else:
        log.info("No attributes, not bothering.")


# Make TAXII call our push function whenever it gets new data
CONTENT_BLOCK_CREATED.connect(post_stix)
Esempio n. 4
0
from opentaxii.signals import (
    CONTENT_BLOCK_CREATED, INBOX_MESSAGE_CREATED, SUBSCRIPTION_CREATED
)


def post_create_content_block(manager, content_block, collection_ids,
        service_id):
    print 'Content block id=%s (collections=%s, service_id=%s) was created' % (
            content_block.id, ', '.join(map(str, collection_ids)), service_id)


def post_create_inbox_message(manager, inbox_message):
    print 'Inbox message id=%s was created' % inbox_message.id


def post_create_subscription(manager, subscription):
    print 'Subscription id=%s (service_id=%s) was created' % (subscription.id,
            subscription.service_id)


CONTENT_BLOCK_CREATED.connect(post_create_content_block)
INBOX_MESSAGE_CREATED.connect(post_create_inbox_message)
SUBSCRIPTION_CREATED.connect(post_create_subscription)