#!/usr/bin/env python # -*- coding: utf-8 -*- from pymisp import ExpandedPyMISP, MISPOrganisation from keys import misp_url, misp_key, misp_verifycert import argparse if __name__ == '__main__': parser = argparse.ArgumentParser( description= 'Edit the email of the organisation designed by the organisation_id.') parser.add_argument( "-i", "--organisation_id", required=True, help= "The name of the json file describing the organisation you want to modify." ) parser.add_argument("-e", "--email", help="Email linked to the organisation.") args = parser.parse_args() misp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert) org = MISPOrganisation() org.id = args.organisation_id org.email = args.email print(misp.update_organisation(org, pythonify=True))
# initialize PyMISP and set url for Panorama misp = ExpandedPyMISP(url=misp_url, key=misp_key, ssl=misp_verifycert) urlVap = "https://tap-api-v2.proofpoint.com/v2/people/vap?window=30" # Window can be 14, 30, and 90 Days headers = {'Authorization': "Basic " + proofpoint_key} responseVap = requests.request("GET", urlVap, headers=headers) jsonDataVap = json.loads(responseVap.text) for alert in jsonDataVap["users"]: orgc = MISPOrganisation() orgc.name = 'Proofpoint' orgc.id = '#{ORGC.ID}' # organisation id orgc.uuid = '#{ORGC.UUID}' # organisation uuid # initialize and set MISPEvent() event = MISPEvent() event.Orgc = orgc event.info = 'Very Attacked Person ' + jsonDataVap["interval"] event.distribution = 0 # Optional, defaults to MISP.default_event_distribution in MISP config event.threat_level_id = 2 # setting this to 0 breaks the integration event.analysis = 0 # Optional, defaults to 0 (initial analysis) totalVapUsers = event.add_attribute('counter', jsonDataVap["totalVapUsers"], comment="Total VAP Users") averageAttackIndex = event.add_attribute('counter', jsonDataVap["averageAttackIndex"],
sys.exit() if len(sys.argv) == 4: event_import_info = sys.argv[3] else: event_import_info = False json_import = sys.argv[1] event_import_org = sys.argv[2] event_import_uuid = str(uuid.uuid4()) # Unique ID event_import_date = date.today() # Create event with current data event_import_distribution = 2 # Connected # Check if organisation already exist org = MISPOrganisation() try: org.id = api.get_organisation(event_import_org, pythonify=True).id except: # We need to create a new one org_new = MISPOrganisation() org_new.name = event_import_org org_new.uuid = str(uuid.uuid4()) org_new.type = "CSIRT" org_new.sector = "Government" org.id = api.add_organisation(org_new, pythonify=True).id # Create the MISP event by loading the JSON file # This will not add the attributes, but does add the event tags and galaxies # We also add a random UUID for uniqueness event = MISPEvent() event.load_file(json_import) event.uuid = event_import_uuid