def create_complex_event(self):
event = MISPEvent()
event.info = 'Complex Event'
event.distribution = Distribution.all_communities
event.add_tag('tlp:white')
event.add_attribute('ip-src', '8.8.8.8')
event.add_attribute('ip-dst', '8.8.8.9')
event.add_attribute('domain', 'google.com')
event.add_attribute('md5', '3c656da41f4645f77e3ec3281b63dd43')
event.attributes[0].distribution = Distribution.your_organisation_only
event.attributes[1].distribution = Distribution.this_community_only
event.attributes[2].distribution = Distribution.connected_communities
event.attributes[0].add_tag('tlp:red')
event.attributes[1].add_tag('tlp:amber')
event.attributes[2].add_tag('tlp:green')
obj = MISPObject('file')
obj.distribution = Distribution.connected_communities
obj.add_attribute('filename', 'testfile')
obj.add_attribute('md5', '3c656da41f4645f77e3ec3281b63dd44')
obj.attributes[0].distribution = Distribution.your_organisation_only
event.add_object(obj)
return event
def parse_passivedns_results(self, query_response):
for query_type, results in query_response.items():
comment = self.comment % (query_type,
TYPE_TO_FEATURE[self.attribute['type']],
self.attribute['value'])
for result in results:
passivedns_object = MISPObject('passive-dns')
passivedns_object.distribution = DEFAULT_DISTRIBUTION_SETTING
if result.get('rdata') and isinstance(result['rdata'], list):
for rdata in result.pop('rdata'):
passivedns_object.add_attribute(
**self._parse_attribute(comment, 'rdata', rdata))
for feature, value in result.items():
passivedns_object.add_attribute(
**self._parse_attribute(comment, feature, value))
if result.get('time_first'):
passivedns_object.first_seen = result['time_first']
if result.get('time_last'):
passivedns_object.last_seen = result['time_last']
passivedns_object.add_reference(self.attribute['uuid'],
'related-to')
self.misp_event.add_object(passivedns_object)