def __init__(self, url, username, password, map_file, proxies=None, verify=True):
# Ruleset to map fields from MISP to ArcSight
# For each field of MISP attribute convert function (example: self._convertComma) will be executed
# If dots are in misp field name threat it as a nested dict. Example A.B.C -> misp_entry[A][B][C]
self.test = False
self.helper = Helper()
self.maps = yaml.load(open(map_file, 'r'))
if not self._verifyMap(self.maps):
logging.error('There is an error in the map file: {}'.format(map_file))
exit()
self.default_merge_function = 'space'
self.default_convert_function = 'return'
self.active_lists = ActiveLists(url, username, password, proxies=proxies, verify=False)
if not self.active_lists:
logging.error('Could not connect to ArcSight ESM')
exit()
self.entries = {}
self.to_add = {}
self.to_delete = {}
self.attributes_to_skip = []
for i in range(len(self.maps)):
active_list = self.maps[i]
# Select active list primary key if there is none
if 'primary_key' not in active_list:
for rule in active_list['map']:
if rule['misp'] == 'value':
self.maps[i]['primary_key'] = rule['arcsight']
break
self.to_add[active_list['id']] = []
self.to_delete[active_list['id']] = []
self.entries[active_list['id']] = self.active_lists.getEntries(active_list['id'])
def __init__(self, url, key, verify_cert):
self.pymisp = PyMISP(url, key, verify_cert)
self.helper = Helper()
