コード例 #1
0
    def pull(self, id_=None, tags=None, from_=None, to=None):
        """
          Pull the requested events from the MISP server

          :param id_: Only export events with matching IDs
          :param tags: Only export events matching these tags
          :param from_: Only export events created after this date (YYYY-MM-DD)
          :param to: Only export events created before this date (YYYY-MM-DD)
        """

        log.debug("MISP PULL")
        log.debug("IDS:  %s", id_)
        log.debug("TAGS: %s", tags)
        log.debug("FROM: %s", from_)
        log.debug("TO:   %s", to)

        # Attempt to request the data
        try:
            log.info("Sending now...")

            recent = self.mispAPI.search_index(
                eventid=id_,
                tag=tags,
                datefrom=from_,
                dateuntil=to,
            )

        except requests.exceptions.HTTPError as ex:
            # 500 Internal -- Usually when there's no results
            log.error("MISP returned an error")
            log.error(ex)
            # Just send back nothing
            return []

        except AttributeError as ex:
            log.warning(ex)
            log.error("Server error - no data recieved")
        log.info("Response recieved, MISP pull complete.")

        log.info("%s packages recieved", len(recent["response"]))
        packages = [
            convert.MISPtoSTIX(self.mispAPI.get(x["id"]))
            for x in recent["response"]
        ]
        return packages
コード例 #2
0
    args.format = args.format.lower()
    if args.format not in ["json", "xml"]:
        print("Only possible output formats are JSON and XML.")
        print("{} is not valid".format(args.format))
        sys.exit()
else:
    args.format = "json"

if (args.file):
    # This is just a file conversion
    # Relatively quick and easy
    # Create a non-connected misp instance
    try:
        with open(args.file, "r") as f:
            jsondata = f.read()
        package = convert.MISPtoSTIX(jsondata)
    except FileNotFoundError:
        print("Could not open {}".format(args.file))
        sys.exit()

else:
    # This requires a connection to MISP
    # As we need to pull an event
    # Connect to MISP
    MISP = misp.MISP(CONFIG["MISP"]["URL"], CONFIG["MISP"]["KEY"])
    package = MISP.pull(args.eid)[0]

# Set the version
if args.stix_version:
    if args.stix_version == "1.1.1":
        objs = lint_roller.lintRoll(package)
コード例 #3
0
def test_convert():
    mispfile = "test_files/test.json"
    convert.MISPtoSTIX(open(mispfile).read())