Exemplo n.º 1
0
    def add_event(self):
        try:
            event = MISPEvent()
            event.distribution = 0

            # ATD Threat mapping to MISP Threat Level
            atd_threat_level = self.query['Summary']['Verdict']['Severity']
            if not atd_threat_level:
                pass
            else:
                if atd_threat_level == '3':
                    event.threat_level_id = 1
                elif atd_threat_level == '4':
                    event.threat_level_id = 2
                elif atd_threat_level == '5':
                    event.threat_level_id = 3
                else:
                    event.threat_level_id = 0

            event.analysis = 0  # initial
            event.info = "ATD Analysis Report - {0}".format(self.mainfile)
            event.attributes = self.attributes
            event.Tag = 'ATD:Report'

            event = self.misp.add_event(event, pythonify=True)
            self.evenid = event.id
            print('SUCCESS: New MISP Event got created with ID: {}'.format(str(event.id)))

        except Exception as e:
            exc_type, exc_obj, exc_tb = sys.exc_info()
            print("ERROR: Error in {location}.{funct_name}() - line {line_no} : {error}"
                  .format(location=__name__, funct_name=sys._getframe().f_code.co_name, line_no=exc_tb.tb_lineno,
                          error=str(e)))
Exemplo n.º 2
0
    def create_full_event(
            self,
            info,
            distribution: MISPDistribution = MISPDistribution.ORGANIZATION,
            threat_level: MISPThreatLevel = MISPThreatLevel.MEDIUM,
            analysis: MISPAnalysis = MISPAnalysis.INITIAL,
            attributes: list = None,
            tags: list = None):
        new_event = MISPEvent()
        new_event.distribution = distribution.value
        new_event.threat_level_id = threat_level.value
        new_event.analysis = analysis.value
        new_event.info = info
        if attributes is not None:
            new_event.Attribute = list()
        if tags is not None:
            new_event.Tag = list()

        event = self.misp_api.add_event(new_event)

        self.misp_api.get_all_tags()

        print(event.to_json())
        return event