Пример #1
0
def get_misp_data(indicator, indicator_type, misp_api_key, misp_url):
    data = {
        'misp_eventid': 'n/a',
        'misp_firstseen': 'n/a',
        'misp_lastseen': 'n/a',
        'misp_eventinfo': 'n/a',
        'misp_dateadded': 'n/a',
        'misp_comment': 'n/a'
    }

    if misp_api_key:
        try:
            misp_key = misp_api_key
            misp = ExpandedPyMISP(misp_url, misp_key, True)
            body = {
                "returnFormat": "json",
                "type": indicator_type,
                "value": indicator
            }  # add type to be passed by the enrichment function to just search for that type
            misp_query = misp.direct_call('attributes/restSearch', body)
            data['misp_eventid'] = misp_query['Attribute'][0]['event_id']
            data['misp_firstseen'] = misp_query['Attribute'][0]['first_seen']
            data['misp_lastseen'] = misp_query['Attribute'][0]['last_seen']
            data['misp_eventinfo'] = misp_query['Attribute'][0]['Event'][
                'info']
            try:
                ts = int(misp_query['Attribute'][0]['timestamp'])
                data['misp_dateadded'] = datetime.fromtimestamp(ts).isoformat()
            except:
                data['misp_dateadded'] = misp_query['Attribute'][0][
                    'timestamp']
            data['misp_comment'] = misp_query['Attribute'][0]['Event'][
                'comment']

        except Exception as err:
            print('MISP error for indicator{}: {}'.format(
                indicator,
                traceback.format_exception(type(err), err, err.__traceback__)))
    return data
Пример #2
0
# this will test simple event extraction in MISP
misp_url = 'https://misp1.kamuning176.com'
misp_key = 'sEAgO9AHWiC04xswoU2g3WQFYWaq4fTM5Hc8ZQ13'
misp_verifycert = True
relative_path = 'attributes/restSearch'
body = {
    "returnFormat": "json",
    "type": {
        "OR": ["ip-src", "ip-dst"]
    },
    "tags": {
        "NOT": ["tlp:red"],
        "OR": ["tlp:%"]
    }
}

from pymisp import ExpandedPyMISP

misp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert)
misp.direct_call(relative_path, body)
Пример #3
0
#!/usr/bin/env python
# -*- coding: utf-8 -*-

from secrets.keys import misps

from pymisp import ExpandedPyMISP
import json

relative_path = 'servers/serverSettings/diagnostics'

body = None

misp = ExpandedPyMISP(misps[0].split('|')[0], misps[0].split('|')[1],
                      misps[0].split('|')[2])

result = misp.direct_call(relative_path, body)

print(result['version']['upToDate'])
print(result['gpgStatus'])
print(result['zmqStatus'])
print(result['moduleStatus']['Enrichment'])
print(result['moduleStatus']['Import'])
print(result['moduleStatus']['Export'])
print(result['dbSchemaDiagnostics']['checked_table_column'])
print(json.dumps(result['dbSchemaDiagnostics'], indent=2, sort_keys=True))

print(len(result['dbSchemaDiagnostics']['diagnostic']))