def __init__(self, url, username, password, map_file, proxies=None, verify=True): # Ruleset to map fields from MISP to ArcSight # For each field of MISP attribute convert function (example: self._convertComma) will be executed # If dots are in misp field name threat it as a nested dict. Example A.B.C -> misp_entry[A][B][C] self.test = False self.helper = Helper() self.maps = yaml.load(open(map_file, 'r')) if not self._verifyMap(self.maps): logging.error('There is an error in the map file: {}'.format(map_file)) exit() self.default_merge_function = 'space' self.default_convert_function = 'return' self.active_lists = ActiveLists(url, username, password, proxies=proxies, verify=False) if not self.active_lists: logging.error('Could not connect to ArcSight ESM') exit() self.entries = {} self.to_add = {} self.to_delete = {} self.attributes_to_skip = [] for i in range(len(self.maps)): active_list = self.maps[i] # Select active list primary key if there is none if 'primary_key' not in active_list: for rule in active_list['map']: if rule['misp'] == 'value': self.maps[i]['primary_key'] = rule['arcsight'] break self.to_add[active_list['id']] = [] self.to_delete[active_list['id']] = [] self.entries[active_list['id']] = self.active_lists.getEntries(active_list['id'])
def __init__(self, url, key, verify_cert): self.pymisp = PyMISP(url, key, verify_cert) self.helper = Helper()