def _fill_object(self, obj_def, values):
empty_object = self.__new_empty_object(obj_def)
if self.links:
empty_object["ObjectReference"] = []
for link in self.links:
uuid, comment = link
empty_object['ObjectReference'].append({
'referenced_object_uuid':
uuid,
'comment':
comment
})
for object_type, value in values.items():
if value.get('value') is None:
continue
attribute = MISPAttribute(self.misp_event.describe_types)
value['type'] = obj_def['attributes'][object_type][
'misp-attribute']
if value.get('disable_correlation') is None:
value['disable_correlation'] = obj_def['attributes'][
object_type].get('disable_correlation')
if value.get('to_ids') is None:
value['to_ids'] = obj_def['attributes'][object_type].get(
'to_ids')
attribute.set_all_values(**value)
empty_object['ObjectAttribute'].append({
'type':
object_type,
'Attribute':
attribute._json()
})
return empty_object
def find_hashes(htype):
r = mymisp.search(controller='attributes', type_attribute=htype)
echeck(r)
if not r.get('response'):
return
for a in r['response']['Attribute']:
attribute = MISPAttribute(mymisp.describe_types)
attribute.set_all_values(**a)
if '|' in attribute.type and '|' in attribute.value:
c, value = attribute.value.split('|')
comment = '{} - {}'.format(attribute.comment, c)
else:
comment = attribute.comment
value = attribute.value
mhash = value.replace(':', ';')
mfile = 'MISP event {} {}'.format(a['event_id'], comment.replace(':', ';').replace('\r', '').replace('\n', ''))
print('{}:*:{}:73'.format(mhash, mfile))
def _fill_object(self, values, strict=True):
if strict:
self._validate(values)
# Create an empty object based om the object definition
empty_object = self.__new_empty_object(self.definition)
if self.links:
# Set the links to other objects
empty_object["ObjectReference"] = []
for link in self.links:
uuid, comment = link
empty_object['ObjectReference'].append({
'referenced_object_uuid':
uuid,
'comment':
comment
})
for object_type, value in values.items():
# Add all the values as MISPAttributes to the current object
if value.get('value') is None:
continue
# Initialize the new MISPAttribute
attribute = MISPAttribute(self.misp_event.describe_types)
# Get the misp attribute type from the definition
value['type'] = self.definition['attributes'][object_type][
'misp-attribute']
if value.get('disable_correlation') is None:
# The correlation can be disabled by default in the object definition.
# Use this value if it isn't overloaded by the object
value['disable_correlation'] = self.definition['attributes'][
object_type].get('disable_correlation')
if value.get('to_ids') is None:
# Same for the to_ids flag
value['to_ids'] = self.definition['attributes'][
object_type].get('to_ids')
# Set all the values in the MISP attribute
attribute.set_all_values(**value)
# Finalize the actual MISP Object
empty_object['ObjectAttribute'].append({
'type':
object_type,
'Attribute':
attribute._json()
})
return empty_object
def find_hashes(htype):
r = mymisp.search(controller='attributes', type_attribute=htype)
echeck(r)
if not r.get('response'):
return
for a in r['response']['Attribute']:
attribute = MISPAttribute(mymisp.describe_types)
attribute.set_all_values(**a)
if '|' in attribute.type and '|' in attribute.value:
c, value = attribute.value.split('|')
comment = '{} - {}'.format(attribute.comment, c)
else:
comment = attribute.comment
value = attribute.value
mhash = value.replace(':', ';')
mfile = 'MISP event {} {}'.format(
a['event_id'],
comment.replace(':', ';').replace('\r', '').replace('\n', ''))
print('{}:*:{}:73'.format(mhash, mfile))
