def submit_to_misp(self, misp: PyMISP, misp_event: MISPEvent,
misp_objects: list):
'''
Submit a list of MISP objects to a MISP event
:misp: PyMISP API object for interfacing with MISP
:misp_event: MISPEvent object
:misp_objects: List of MISPObject objects. Must be a list
'''
# go through round one and only add MISP objects
misp_objects = []
for misp_object in misp_objects:
self.misp_logger.debug(misp_object)
if len(misp_object.attributes) > 0:
if misp_object.name == 'network-connection':
template_id = 'af16764b-f8e5-4603-9de1-de34d272f80b'
else:
# self.misp_logger.debug(dir(pymisp.api))
# self.misp_logger.debug(dir(self.misp))
# exit()
self.misp_logger.debug(misp_object.template_uuid)
object_template = self.misp.get_object_template(
misp_object.template_uuid)
template_id = object_template['ObjectTemplate']['id']
self.misp_logger.debug(template_id)
self.misp_logger.debug(dir(misp_event))
self.misp_logger.debug(misp_event)
# add the object and get the result
result = misp.add_object(event=misp_event,
misp_object=misp_object)
self.misp_logger.debug(result)
misp_objects.append(result)
# go through round two and add all the object references for each object
misp_object_references = []
for misp_object in misp_objects:
for reference in misp_object.ObjectReference:
# add the reference and get the result
result = misp.add_object_reference(reference)
misp_object_references.append(result)
return misp_objects, misp_object_references
if __name__ == '__main__':
parser = argparse.ArgumentParser(description='Extract indicators out of binaries and add MISP objects to a MISP instance.')
parser.add_argument("-e", "--event", required=True, help="Event ID to update.")
parser.add_argument("-p", "--path", required=True, help="Path to process (expanded using glob).")
args = parser.parse_args()
pymisp = PyMISP(misp_url, misp_key, misp_verifycert)
for f in glob.glob(args.path):
try:
fo, peo, seos = make_binary_objects(f)
except Exception as e:
traceback.print_exc()
if seos:
for s in seos:
template_id = pymisp.get_object_template_id(s.template_uuid)
r = pymisp.add_object(args.event, template_id, s)
if peo:
template_id = pymisp.get_object_template_id(peo.template_uuid)
r = pymisp.add_object(args.event, template_id, peo)
for ref in peo.ObjectReference:
r = pymisp.add_object_reference(ref)
if fo:
template_id = pymisp.get_object_template_id(fo.template_uuid)
response = pymisp.add_object(args.event, template_id, fo)
for ref in fo.ObjectReference:
r = pymisp.add_object_reference(ref)
# -*- coding: utf-8 -*-
from pymisp import PyMISP
from pymisp.tools import EMailObject
import traceback
from keys import misp_url, misp_key, misp_verifycert
import glob
import argparse
if __name__ == '__main__':
parser = argparse.ArgumentParser(description='Extract indicators out of binaries and add MISP objects to a MISP instance.')
parser.add_argument("-e", "--event", required=True, help="Event ID to update.")
parser.add_argument("-p", "--path", required=True, help="Path to process (expanded using glob).")
args = parser.parse_args()
pymisp = PyMISP(misp_url, misp_key, misp_verifycert, debug=True)
for f in glob.glob(args.path):
try:
eo = EMailObject(f)
except Exception as e:
traceback.print_exc()
continue
if eo:
template_id = pymisp.get_object_template_id(eo.template_uuid)
response = pymisp.add_object(args.event, template_id, eo)
for ref in eo.ObjectReference:
r = pymisp.add_object_reference(ref)
