def submit_to_misp(self, misp: PyMISP, misp_event: MISPEvent, misp_objects: list): ''' Submit a list of MISP objects to a MISP event :misp: PyMISP API object for interfacing with MISP :misp_event: MISPEvent object :misp_objects: List of MISPObject objects. Must be a list ''' # go through round one and only add MISP objects misp_objects = [] for misp_object in misp_objects: self.misp_logger.debug(misp_object) if len(misp_object.attributes) > 0: if misp_object.name == 'network-connection': template_id = 'af16764b-f8e5-4603-9de1-de34d272f80b' else: # self.misp_logger.debug(dir(pymisp.api)) # self.misp_logger.debug(dir(self.misp)) # exit() self.misp_logger.debug(misp_object.template_uuid) object_template = self.misp.get_object_template( misp_object.template_uuid) template_id = object_template['ObjectTemplate']['id'] self.misp_logger.debug(template_id) self.misp_logger.debug(dir(misp_event)) self.misp_logger.debug(misp_event) # add the object and get the result result = misp.add_object(event=misp_event, misp_object=misp_object) self.misp_logger.debug(result) misp_objects.append(result) # go through round two and add all the object references for each object misp_object_references = [] for misp_object in misp_objects: for reference in misp_object.ObjectReference: # add the reference and get the result result = misp.add_object_reference(reference) misp_object_references.append(result) return misp_objects, misp_object_references
if __name__ == '__main__': parser = argparse.ArgumentParser(description='Extract indicators out of binaries and add MISP objects to a MISP instance.') parser.add_argument("-e", "--event", required=True, help="Event ID to update.") parser.add_argument("-p", "--path", required=True, help="Path to process (expanded using glob).") args = parser.parse_args() pymisp = PyMISP(misp_url, misp_key, misp_verifycert) for f in glob.glob(args.path): try: fo, peo, seos = make_binary_objects(f) except Exception as e: traceback.print_exc() if seos: for s in seos: template_id = pymisp.get_object_template_id(s.template_uuid) r = pymisp.add_object(args.event, template_id, s) if peo: template_id = pymisp.get_object_template_id(peo.template_uuid) r = pymisp.add_object(args.event, template_id, peo) for ref in peo.ObjectReference: r = pymisp.add_object_reference(ref) if fo: template_id = pymisp.get_object_template_id(fo.template_uuid) response = pymisp.add_object(args.event, template_id, fo) for ref in fo.ObjectReference: r = pymisp.add_object_reference(ref)
# -*- coding: utf-8 -*- from pymisp import PyMISP from pymisp.tools import EMailObject import traceback from keys import misp_url, misp_key, misp_verifycert import glob import argparse if __name__ == '__main__': parser = argparse.ArgumentParser(description='Extract indicators out of binaries and add MISP objects to a MISP instance.') parser.add_argument("-e", "--event", required=True, help="Event ID to update.") parser.add_argument("-p", "--path", required=True, help="Path to process (expanded using glob).") args = parser.parse_args() pymisp = PyMISP(misp_url, misp_key, misp_verifycert, debug=True) for f in glob.glob(args.path): try: eo = EMailObject(f) except Exception as e: traceback.print_exc() continue if eo: template_id = pymisp.get_object_template_id(eo.template_uuid) response = pymisp.add_object(args.event, template_id, eo) for ref in eo.ObjectReference: r = pymisp.add_object_reference(ref)