示例#1
0
    def get_misp_stix(self,
                      from_dt=None,
                      to_dt=None,
                      identity=default_identity_name):
        # identity を更新
        self.mc.identity_name = identity
        # misp アダプタの設定を取得
        misp_conf = MispAdapter.get()
        url = misp_conf.url
        stix_id_prefix = misp_conf.stix_id_prefix
        apikey = misp_conf.apikey
        published_only = misp_conf.published_only
        # 登録情報を取得
        community = misp_conf.community
        uploader = misp_conf.uploader
        via = Vias.get_via_adapter_misp(uploader)

        # mispから取得
        try:
            if url[-1] != '/':
                url += '/'
            url = url + 'events/xml/download.json'
            md = MISPDownloader(url, apikey)
            text = md.get(from_dt=from_dt, to_dt=to_dt)
            if text is None:
                return 0
            stix_packages = self.mc.convert(text=text.encode(),
                                            published_only=published_only,
                                            stix_id_prefix=stix_id_prefix)
        except Exception as e:
            traceback.print_exc()
            raise e

        # last_requested更新
        misp_conf.modify_last_requested()

        count = 0
        # ひとつずつ取得する
        for stix_package in stix_packages:
            try:
                # stix一つごとに登録処理
                # 取得したSTIXを登録
                try:
                    StixFiles.objects.get(package_id=stix_package.id_)
                except DoesNotExist:
                    # 存在しない場合は登録する
                    _regist_stix(stix_package.to_xml(), community, via)
                    count += 1
            except Exception as e:
                # エラーが発生した場合はログを表示して処理は実行する
                traceback.print_exc()

        # 件数を返却
        return count
示例#2
0
    def get_misp_stix(self, from_dt=None, to_dt=None):
        # misp アダプタの設定を取得
        misp_conf = MispAdapter.get()
        url = misp_conf.url
        apikey = misp_conf.apikey
        published_only = misp_conf.published_only
        if misp_conf.stix_version.startswith('1.'):
            stix_version = 'stix'
        else:
            stix_version = 'stix2'
        # 登録情報を取得
        community = misp_conf.community
        uploader = misp_conf.uploader
        via = Vias.get_via_adapter_misp(uploader)

        # mispから取得
        try:
            if url[-1] != '/':
                url += '/'
            url = url + 'events/restSearch'
            md = MISPDownloader(url, apikey)
            stix_packages = md.get(from_dt=from_dt,
                                   to_dt=to_dt,
                                   published_only=published_only,
                                   stix_version=stix_version)
        except Exception as e:
            traceback.print_exc()
            raise e

        # last_requested更新
        misp_conf.modify_last_requested()

        if stix_packages is None:
            return 0

        count = 0
        # ひとつずつ取得する
        for stix_package in stix_packages:
            try:
                if misp_conf.stix_version.startswith('1.'):
                    regist_flag = self._regist_12(stix_package, community, via)
                elif misp_conf.stix_version.startswith('2.'):
                    regist_flag = self._regist_20(stix_package, community, via)
                if regist_flag:
                    count += 1
            except Exception:
                # エラーが発生した場合はログを表示して処理は実行する
                traceback.print_exc()

        # 件数を返却
        return count