Пример #1
0
    def create_complex_event(self):
        event = MISPEvent()
        event.info = 'Complex Event'
        event.distribution = Distribution.all_communities
        event.add_tag('tlp:white')

        event.add_attribute('ip-src', '8.8.8.8')
        event.add_attribute('ip-dst', '8.8.8.9')
        event.add_attribute('domain', 'google.com')
        event.add_attribute('md5', '3c656da41f4645f77e3ec3281b63dd43')

        event.attributes[0].distribution = Distribution.your_organisation_only
        event.attributes[1].distribution = Distribution.this_community_only
        event.attributes[2].distribution = Distribution.connected_communities

        event.attributes[0].add_tag('tlp:red')
        event.attributes[1].add_tag('tlp:amber')
        event.attributes[2].add_tag('tlp:green')

        obj = MISPObject('file')

        obj.distribution = Distribution.connected_communities
        obj.add_attribute('filename', 'testfile')
        obj.add_attribute('md5', '3c656da41f4645f77e3ec3281b63dd44')
        obj.attributes[0].distribution = Distribution.your_organisation_only

        event.add_object(obj)

        return event
 def parse_passivedns_results(self, query_response):
     for query_type, results in query_response.items():
         comment = self.comment % (query_type,
                                   TYPE_TO_FEATURE[self.attribute['type']],
                                   self.attribute['value'])
         for result in results:
             passivedns_object = MISPObject('passive-dns')
             passivedns_object.distribution = DEFAULT_DISTRIBUTION_SETTING
             if result.get('rdata') and isinstance(result['rdata'], list):
                 for rdata in result.pop('rdata'):
                     passivedns_object.add_attribute(
                         **self._parse_attribute(comment, 'rdata', rdata))
             for feature, value in result.items():
                 passivedns_object.add_attribute(
                     **self._parse_attribute(comment, feature, value))
             if result.get('time_first'):
                 passivedns_object.first_seen = result['time_first']
             if result.get('time_last'):
                 passivedns_object.last_seen = result['time_last']
             passivedns_object.add_reference(self.attribute['uuid'],
                                             'related-to')
             self.misp_event.add_object(passivedns_object)