def _fill_object(self, obj_def, values): empty_object = self.__new_empty_object(obj_def) if self.links: empty_object["ObjectReference"] = [] for link in self.links: uuid, comment = link empty_object['ObjectReference'].append({ 'referenced_object_uuid': uuid, 'comment': comment }) for object_type, value in values.items(): if value.get('value') is None: continue attribute = MISPAttribute(self.misp_event.describe_types) value['type'] = obj_def['attributes'][object_type][ 'misp-attribute'] if value.get('disable_correlation') is None: value['disable_correlation'] = obj_def['attributes'][ object_type].get('disable_correlation') if value.get('to_ids') is None: value['to_ids'] = obj_def['attributes'][object_type].get( 'to_ids') attribute.set_all_values(**value) empty_object['ObjectAttribute'].append({ 'type': object_type, 'Attribute': attribute._json() }) return empty_object
def find_hashes(htype): r = mymisp.search(controller='attributes', type_attribute=htype) echeck(r) if not r.get('response'): return for a in r['response']['Attribute']: attribute = MISPAttribute(mymisp.describe_types) attribute.set_all_values(**a) if '|' in attribute.type and '|' in attribute.value: c, value = attribute.value.split('|') comment = '{} - {}'.format(attribute.comment, c) else: comment = attribute.comment value = attribute.value mhash = value.replace(':', ';') mfile = 'MISP event {} {}'.format(a['event_id'], comment.replace(':', ';').replace('\r', '').replace('\n', '')) print('{}:*:{}:73'.format(mhash, mfile))
def _fill_object(self, values, strict=True): if strict: self._validate(values) # Create an empty object based om the object definition empty_object = self.__new_empty_object(self.definition) if self.links: # Set the links to other objects empty_object["ObjectReference"] = [] for link in self.links: uuid, comment = link empty_object['ObjectReference'].append({ 'referenced_object_uuid': uuid, 'comment': comment }) for object_type, value in values.items(): # Add all the values as MISPAttributes to the current object if value.get('value') is None: continue # Initialize the new MISPAttribute attribute = MISPAttribute(self.misp_event.describe_types) # Get the misp attribute type from the definition value['type'] = self.definition['attributes'][object_type][ 'misp-attribute'] if value.get('disable_correlation') is None: # The correlation can be disabled by default in the object definition. # Use this value if it isn't overloaded by the object value['disable_correlation'] = self.definition['attributes'][ object_type].get('disable_correlation') if value.get('to_ids') is None: # Same for the to_ids flag value['to_ids'] = self.definition['attributes'][ object_type].get('to_ids') # Set all the values in the MISP attribute attribute.set_all_values(**value) # Finalize the actual MISP Object empty_object['ObjectAttribute'].append({ 'type': object_type, 'Attribute': attribute._json() }) return empty_object
def find_hashes(htype): r = mymisp.search(controller='attributes', type_attribute=htype) echeck(r) if not r.get('response'): return for a in r['response']['Attribute']: attribute = MISPAttribute(mymisp.describe_types) attribute.set_all_values(**a) if '|' in attribute.type and '|' in attribute.value: c, value = attribute.value.split('|') comment = '{} - {}'.format(attribute.comment, c) else: comment = attribute.comment value = attribute.value mhash = value.replace(':', ';') mfile = 'MISP event {} {}'.format( a['event_id'], comment.replace(':', ';').replace('\r', '').replace('\n', '')) print('{}:*:{}:73'.format(mhash, mfile))