#!/usr/bin/env python # -*- coding: utf-8 -*- from pymisp import ExpandedPyMISP from keys import misp_url, misp_key, misp_verifycert import argparse if __name__ == '__main__': parser = argparse.ArgumentParser(description='Delete the user with the given id. Keep in mind that disabling users (by setting the disabled flag via an edit) is always prefered to keep user associations to events intact.') parser.add_argument("-i", "--user_id", help="The id of the user you want to delete.") args = parser.parse_args() misp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert) print(misp.delete_user(args.user_id))
class MISPInstance(): def __init__(self, params): self.initial_user_connector = ExpandedPyMISP(params['url'], params['key'], ssl=False, debug=False) # Git pull self.initial_user_connector.update_misp() # Set the default role (id 3 on the VM is normal user) self.initial_user_connector.set_default_role(3) # Restart workers self.initial_user_connector.restart_workers() if not fast_mode: # Load submodules self.initial_user_connector.update_object_templates() self.initial_user_connector.update_galaxies() self.initial_user_connector.update_noticelists() self.initial_user_connector.update_warninglists() self.initial_user_connector.update_taxonomies() self.initial_user_connector.toggle_global_pythonify() # Create organisation organisation = MISPOrganisation() organisation.name = params['orgname'] self.test_org = self.initial_user_connector.add_organisation( organisation) print(self.test_org.name, self.test_org.uuid) # Create Site admin in new org user = MISPUser() user.email = params['email_site_admin'] user.org_id = self.test_org.id user.role_id = 1 # Site admin self.test_site_admin = self.initial_user_connector.add_user(user) self.site_admin_connector = ExpandedPyMISP( params['url'], self.test_site_admin.authkey, ssl=False, debug=False) self.site_admin_connector.toggle_global_pythonify() # Create org admin user = MISPUser() user.email = params['email_admin'] user.org_id = self.test_org.id user.role_id = 2 # Org admin self.test_org_admin = self.site_admin_connector.add_user(user) self.org_admin_connector = ExpandedPyMISP(params['url'], self.test_org_admin.authkey, ssl=False, debug=False) self.org_admin_connector.toggle_global_pythonify() # Create user user = MISPUser() user.email = params['email_user'] user.org_id = self.test_org.id self.test_usr = self.org_admin_connector.add_user(user) self.user_connector = ExpandedPyMISP(params['url'], self.test_usr.authkey, ssl=False, debug=False) self.user_connector.toggle_global_pythonify() # Setup external_baseurl self.site_admin_connector.set_server_setting( 'MISP.external_baseurl', params['external_baseurl'], force=True) # Setup baseurl self.site_admin_connector.set_server_setting('MISP.baseurl', params['url'], force=True) # Setup host org self.site_admin_connector.set_server_setting('MISP.host_org_id', self.test_org.id) self.external_base_url = params['external_baseurl'] self.sync = [] self.sync_servers = [] def __repr__(self): return f'<{self.__class__.__name__}(external={self.external_base_url})' def create_sync_user(self, organisation): sync_org = self.site_admin_connector.add_organisation(organisation) short_org_name = sync_org.name.lower().replace(' ', '-') user = MISPUser() user.email = f"sync_user@{short_org_name}.local" user.org_id = sync_org.id user.role_id = 5 # Org admin sync_user = self.site_admin_connector.add_user(user) sync_user_connector = ExpandedPyMISP( self.site_admin_connector.root_url, sync_user.authkey, ssl=False, debug=False) sync_server_config = sync_user_connector.get_sync_config( pythonify=True) self.sync.append((sync_org, sync_user, sync_server_config)) def create_sync_server(self, name, server): server = self.site_admin_connector.import_server(server) server.self_signed = True server.pull = True # Not automatic, but allows to do a pull server = self.site_admin_connector.update_server(server) r = self.site_admin_connector.test_server(server) if r['status'] != 1: raise Exception(f'Sync test failed: {r}') self.sync_servers.append(server) def cleanup(self): for org, user, _ in self.sync: self.site_admin_connector.delete_user( user) # Delete user from other org self.site_admin_connector.delete_organisation(org) # Delete sync servers for server in self.site_admin_connector.servers(): self.site_admin_connector.delete_server(server) # Delete users self.org_admin_connector.delete_user(self.test_usr.id) self.site_admin_connector.delete_user(self.test_org_admin.id) self.initial_user_connector.delete_user(self.test_site_admin.id) # Delete org self.initial_user_connector.delete_organisation(self.test_org.id) # Make sure the instance is back to a clean state if self.initial_user_connector.events(): raise Exception( f'Events still on the instance {self.external_base_url}') if self.initial_user_connector.attributes(): raise Exception( f'Attributes still on the instance {self.external_base_url}') if self.initial_user_connector.attribute_proposals(): raise Exception( f'AttributeProposals still on the instance {self.external_base_url}' ) if self.initial_user_connector.sightings(): raise Exception( f'Sightings still on the instance {self.external_base_url}') if self.initial_user_connector.servers(): raise Exception( f'Servers still on the instance {self.external_base_url}') if self.initial_user_connector.sharing_groups(): raise Exception( f'SharingGroups still on the instance {self.external_base_url}' ) if len(self.initial_user_connector.organisations()) > 1: raise Exception( f'Organisations still on the instance {self.external_base_url}' ) if len(self.initial_user_connector.users()) > 1: raise Exception( f'Users still on the instance {self.external_base_url}')
class MISPInstance(): def __init__(self, params): self.site_admin_connector = ExpandedPyMISP(params['url'], params['key'], ssl=False, debug=False) # Set the default role (id 3 on the VM is normal user) self.site_admin_connector.set_default_role(3) if not fast_mode: # Git pull self.site_admin_connector.update_misp() # Load submodules self.site_admin_connector.update_object_templates() self.site_admin_connector.update_galaxies() self.site_admin_connector.update_noticelists() self.site_admin_connector.update_warninglists() self.site_admin_connector.update_taxonomies() self.site_admin_connector.toggle_global_pythonify() # Create organisation organisation = MISPOrganisation() organisation.name = params['orgname'] self.test_org = self.site_admin_connector.add_organisation( organisation) print(self.test_org.name, self.test_org.uuid) # Create org admin user = MISPUser() user.email = params['email_admin'] user.org_id = self.test_org.id user.role_id = 2 # Org admin self.test_admin = self.site_admin_connector.add_user(user) self.org_admin_connector = ExpandedPyMISP(params['url'], self.test_admin.authkey, ssl=False, debug=False) self.org_admin_connector.toggle_global_pythonify() # Create user user = MISPUser() user.email = params['email_user'] user.org_id = self.test_org.id self.test_usr = self.org_admin_connector.add_user(user) self.usr_connector = ExpandedPyMISP(params['url'], self.test_admin.authkey, ssl=False, debug=False) self.usr_connector.toggle_global_pythonify() # Setup external_baseurl self.site_admin_connector.set_server_setting( 'MISP.external_baseurl', params['external_baseurl'], force=True) self.external_base_url = params['external_baseurl'] self.sync = [] def create_sync_user(self, organisation): sync_org = self.site_admin_connector.add_organisation(organisation) short_org_name = sync_org.name.lower().replace(' ', '-') user = MISPUser() user.email = f"sync_user@{short_org_name}.local" user.org_id = sync_org.id user.role_id = 5 # Org admin sync_user = self.site_admin_connector.add_user(user) self.sync.append((sync_org, sync_user, self.external_base_url)) def create_sync_server(self, name, remote_url, authkey, organisation): server = MISPServer() server.name = name server.self_signed = True server.url = remote_url server.authkey = authkey server.remote_org_id = organisation.id server = self.site_admin_connector.add_server(server) r = self.site_admin_connector.test_server(server) print(r) def cleanup(self): for org, user, remote_url in self.sync: self.site_admin_connector.delete_user( user) # Delete user from other org self.site_admin_connector.delete_organisation(org) # Delete sync servers for server in self.site_admin_connector.servers(): self.site_admin_connector.delete_server(server) # Delete users self.org_admin_connector.delete_user(self.test_usr.id) self.site_admin_connector.delete_user(self.test_admin.id) # Delete org self.site_admin_connector.delete_organisation(self.test_org.id)