def test_sighting(self):
sighting = MISPSighting()
sighting.from_dict(value='1', type='bar', timestamp=11111111)
with open('tests/mispevent_testfiles/sighting.json', 'r') as f:
ref_json = json.load(f)
self.assertEqual(sighting.to_json(sort_keys=True, indent=2),
json.dumps(ref_json, sort_keys=True, indent=2))
def sighting(self, value, source):
if self.offline:
raise Exception('The script is running in offline mode, ')
'''Add a sighting'''
s = MISPSighting()
s.from_dict(value=value, source=source)
self.misp.add_sighting(s)
def create_misp_sighting(misp_client, my_misp_sighting):
misp_sighting = MISPSighting()
misp_sighting.value = my_misp_sighting
misp_sighting.timestamp = int(time.time())
misp_sighting.source = "IBM Resilient SOAR"
sighting_response = misp_client.add_sighting(misp_sighting)
return sighting_response
def add_sighting(self, entry, attribute):
if self.is_python2:
self.misp_api.sighting(uuid=attribute["uuid"],
source="{} (Cowrie)".format(
entry["sensor"]))
else:
sighting = MISPSighting()
sighting.source = "{} (Cowrie)".format(entry["sensor"])
self.misp_api.add_sighting(sighting, attribute)
def test_sighting(self):
sighting = MISPSighting()
sighting.from_dict(value='1', type='bar', timestamp=11111111)
with open('tests/mispevent_testfiles/sighting.json', 'r') as f:
ref_json = json.load(f)
self.assertEqual(sighting.to_json(), json.dumps(ref_json, sort_keys=True, indent=2))
def add_sighting(self, entry, attribute):
sighting = MISPSighting()
sighting.source = "{} (Cowrie)".format(entry["sensor"])
self.misp_api.add_sighting(sighting, attribute)
def add_sigthing(self, id):
sighting = MISPSighting()
self.misp.add_sighting(sighting, id)