pymisp 2.5.2.dev2__py3-none-any.whl → 2.5.3__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of pymisp might be problematic. Click here for more details.
- pymisp/api.py +8 -0
- pymisp/data/misp-objects/objects/opentide/definition.json +24 -7
- pymisp/mispevent.py +36 -2
- {pymisp-2.5.2.dev2.dist-info → pymisp-2.5.3.dist-info}/METADATA +3 -3
- {pymisp-2.5.2.dev2.dist-info → pymisp-2.5.3.dist-info}/RECORD +7 -7
- {pymisp-2.5.2.dev2.dist-info → pymisp-2.5.3.dist-info}/LICENSE +0 -0
- {pymisp-2.5.2.dev2.dist-info → pymisp-2.5.3.dist-info}/WHEEL +0 -0
pymisp/api.py
CHANGED
|
@@ -3541,6 +3541,14 @@ class PyMISP:
|
|
|
3541
3541
|
response = self._prepare_request('POST', url, data=to_post)
|
|
3542
3542
|
return response
|
|
3543
3543
|
|
|
3544
|
+
def sign_blob(self, blob: str) -> str:
|
|
3545
|
+
"""Sign a blob
|
|
3546
|
+
|
|
3547
|
+
:param blob: blob to sign
|
|
3548
|
+
"""
|
|
3549
|
+
response = self._prepare_request('POST', '/cryptographicKeys/serverSign', data=blob)
|
|
3550
|
+
return self._check_response(response, lenient_response_type=True)
|
|
3551
|
+
|
|
3544
3552
|
# ## END Others ###
|
|
3545
3553
|
|
|
3546
3554
|
# ## BEGIN Statistics ###
|
|
@@ -3,19 +3,25 @@
|
|
|
3
3
|
"name": {
|
|
4
4
|
"description": "Name of the OpenTIDE Object",
|
|
5
5
|
"misp-attribute": "text",
|
|
6
|
-
"ui-priority":
|
|
6
|
+
"ui-priority": 5
|
|
7
7
|
},
|
|
8
8
|
"opentide-object": {
|
|
9
9
|
"description": "YAML Content of the Opentide Object",
|
|
10
10
|
"misp-attribute": "text",
|
|
11
|
-
"ui-priority":
|
|
11
|
+
"ui-priority": 0
|
|
12
|
+
},
|
|
13
|
+
"opentide-relation": {
|
|
14
|
+
"description": "UUID of other OpenTIDE Objects with a relation to this Object",
|
|
15
|
+
"misp-attribute": "text",
|
|
16
|
+
"multiple": true,
|
|
17
|
+
"ui-priority": 1
|
|
12
18
|
},
|
|
13
19
|
"opentide-type": {
|
|
14
20
|
"description": "Type of the OpenTIDE Object",
|
|
15
21
|
"disable_correlation": true,
|
|
16
22
|
"misp-attribute": "text",
|
|
17
23
|
"multiple": false,
|
|
18
|
-
"ui-priority":
|
|
24
|
+
"ui-priority": 1,
|
|
19
25
|
"values_list": [
|
|
20
26
|
"tvm",
|
|
21
27
|
"cdm",
|
|
@@ -25,17 +31,28 @@
|
|
|
25
31
|
"uuid": {
|
|
26
32
|
"description": "UUID of the OpenTIDE Object",
|
|
27
33
|
"misp-attribute": "text",
|
|
28
|
-
"ui-priority":
|
|
34
|
+
"ui-priority": 4
|
|
35
|
+
},
|
|
36
|
+
"version": {
|
|
37
|
+
"description": "Version of the OpenTIDE Object",
|
|
38
|
+
"disable_correlation": true,
|
|
39
|
+
"misp-attribute": "text",
|
|
40
|
+
"sane_default": [
|
|
41
|
+
"1"
|
|
42
|
+
],
|
|
43
|
+
"ui-priority": 3
|
|
29
44
|
}
|
|
30
45
|
},
|
|
31
46
|
"description": "Object that is a container for threat or detection data, in accordance with the OpenTIDE Framework (https://code.europa.eu/ec-digit-s2/opentide)",
|
|
32
47
|
"meta-category": "misc",
|
|
33
48
|
"name": "opentide",
|
|
34
49
|
"required": [
|
|
35
|
-
"
|
|
50
|
+
"name",
|
|
36
51
|
"opentide-object",
|
|
37
|
-
"opentide-type"
|
|
52
|
+
"opentide-type",
|
|
53
|
+
"uuid",
|
|
54
|
+
"version"
|
|
38
55
|
],
|
|
39
56
|
"uuid": "892fd46a-f69e-455c-8c4f-843a4b8f4295",
|
|
40
|
-
"version":
|
|
57
|
+
"version": 3
|
|
41
58
|
}
|
pymisp/mispevent.py
CHANGED
|
@@ -1559,7 +1559,8 @@ class MISPGalaxy(AbstractMISP):
|
|
|
1559
1559
|
class MISPEvent(AnalystDataBehaviorMixin):
|
|
1560
1560
|
|
|
1561
1561
|
_fields_for_feed: set[str] = {'uuid', 'info', 'threat_level_id', 'analysis', 'timestamp',
|
|
1562
|
-
'publish_timestamp', 'published', 'date', 'extends_uuid'
|
|
1562
|
+
'publish_timestamp', 'published', 'date', 'extends_uuid',
|
|
1563
|
+
'protected'}
|
|
1563
1564
|
|
|
1564
1565
|
_analyst_data_object_type = 'Event'
|
|
1565
1566
|
|
|
@@ -1581,6 +1582,7 @@ class MISPEvent(AnalystDataBehaviorMixin):
|
|
|
1581
1582
|
self.EventReport: list[MISPEventReport] = []
|
|
1582
1583
|
self.Tag: list[MISPTag] = []
|
|
1583
1584
|
self.Galaxy: list[MISPGalaxy] = []
|
|
1585
|
+
self.CryptographicKey: list[MISPCryptographicKey] = []
|
|
1584
1586
|
|
|
1585
1587
|
self.publish_timestamp: float | int | datetime
|
|
1586
1588
|
self.timestamp: float | int | datetime
|
|
@@ -1600,6 +1602,8 @@ class MISPEvent(AnalystDataBehaviorMixin):
|
|
|
1600
1602
|
|
|
1601
1603
|
def _set_default(self) -> None:
|
|
1602
1604
|
"""There are a few keys that could, or need to be set by default for the feed generator"""
|
|
1605
|
+
if not hasattr(self, 'protected'):
|
|
1606
|
+
self.protected = False
|
|
1603
1607
|
if not hasattr(self, 'published'):
|
|
1604
1608
|
self.published = True
|
|
1605
1609
|
if not hasattr(self, 'uuid'):
|
|
@@ -1649,13 +1653,14 @@ class MISPEvent(AnalystDataBehaviorMixin):
|
|
|
1649
1653
|
to_return += attribute.hash_values(algorithm)
|
|
1650
1654
|
return to_return
|
|
1651
1655
|
|
|
1652
|
-
def to_feed(self, valid_distributions: list[int] = [0, 1, 2, 3, 4, 5], with_meta: bool = False, with_distribution: bool=False, with_local_tags: bool = True, with_event_reports: bool = True) -> dict[str, Any]:
|
|
1656
|
+
def to_feed(self, valid_distributions: list[int] = [0, 1, 2, 3, 4, 5], with_meta: bool = False, with_distribution: bool=False, with_local_tags: bool = True, with_event_reports: bool = True, with_cryptographic_keys: bool = True) -> dict[str, Any]:
|
|
1653
1657
|
""" Generate a json output for MISP Feed.
|
|
1654
1658
|
|
|
1655
1659
|
:param valid_distributions: only makes sense if the distribution key is set; i.e., the event is exported from a MISP instance.
|
|
1656
1660
|
:param with_distribution: exports distribution and Sharing Group info; otherwise all SharingGroup information is discarded (protecting privacy)
|
|
1657
1661
|
:param with_local_tags: tag export includes local exportable tags along with global exportable tags
|
|
1658
1662
|
:param with_event_reports: include event reports in the returned MISP event
|
|
1663
|
+
:param with_cryptographic_keys: include the associated cryptographic keys in the returned protected MISP event
|
|
1659
1664
|
"""
|
|
1660
1665
|
required = ['info', 'Orgc']
|
|
1661
1666
|
for r in required:
|
|
@@ -1720,6 +1725,13 @@ class MISPEvent(AnalystDataBehaviorMixin):
|
|
|
1720
1725
|
event_report.pop('sharing_group_id', None)
|
|
1721
1726
|
to_return['EventReport'].append(event_report.to_dict())
|
|
1722
1727
|
|
|
1728
|
+
if with_cryptographic_keys and self.cryptographic_keys:
|
|
1729
|
+
to_return['CryptographicKey'] = []
|
|
1730
|
+
for cryptographic_key in self.cryptographic_keys:
|
|
1731
|
+
cryptographic_key.pop('parent_id', None)
|
|
1732
|
+
cryptographic_key.pop('id', None)
|
|
1733
|
+
to_return['CryptographicKey'].append(cryptographic_key.to_dict())
|
|
1734
|
+
|
|
1723
1735
|
return {'Event': to_return}
|
|
1724
1736
|
|
|
1725
1737
|
@property
|
|
@@ -1756,6 +1768,10 @@ class MISPEvent(AnalystDataBehaviorMixin):
|
|
|
1756
1768
|
def event_reports(self) -> list[MISPEventReport]:
|
|
1757
1769
|
return self.EventReport
|
|
1758
1770
|
|
|
1771
|
+
@property
|
|
1772
|
+
def cryptographic_keys(self) -> list[MISPCryptographicKey]:
|
|
1773
|
+
return self.CryptographicKey
|
|
1774
|
+
|
|
1759
1775
|
@property
|
|
1760
1776
|
def shadow_attributes(self) -> list[MISPShadowAttribute]:
|
|
1761
1777
|
return self.ShadowAttribute
|
|
@@ -1891,6 +1907,8 @@ class MISPEvent(AnalystDataBehaviorMixin):
|
|
|
1891
1907
|
[self.add_galaxy(**e) for e in kwargs.pop('Galaxy')]
|
|
1892
1908
|
if kwargs.get('EventReport'):
|
|
1893
1909
|
[self.add_event_report(**e) for e in kwargs.pop('EventReport')]
|
|
1910
|
+
if kwargs.get('CryptographicKey'):
|
|
1911
|
+
[self.add_cryprographic_key(**e) for e in kwargs.pop('CryptographicKey')]
|
|
1894
1912
|
|
|
1895
1913
|
# All other keys
|
|
1896
1914
|
if kwargs.get('id'):
|
|
@@ -2041,6 +2059,15 @@ class MISPEvent(AnalystDataBehaviorMixin):
|
|
|
2041
2059
|
self.edited = True
|
|
2042
2060
|
return event_report
|
|
2043
2061
|
|
|
2062
|
+
def add_cryprographic_key(self, parent_type: str, key_data: str, type: str, uuid: str, fingerprint: str, timestamp: str, **kwargs) -> MISPCryptographicKey: # type: ignore[no-untyped-def]
|
|
2063
|
+
"""Add a Cryptographic Key. parent_type, key_data, type, uuid, fingerprint, timestamp are required but you can pass all
|
|
2064
|
+
other parameters supported by MISPEventReport"""
|
|
2065
|
+
cryptographic_key = MISPCryptographicKey()
|
|
2066
|
+
cryptographic_key.from_dict(parent_type=parent_type, key_data=key_data, type=type, uuid=uuid, fingerprint=fingerprint, timestamp=timestamp, **kwargs)
|
|
2067
|
+
self.cryptographic_keys.append(cryptographic_key)
|
|
2068
|
+
self.edited = True
|
|
2069
|
+
return cryptographic_key
|
|
2070
|
+
|
|
2044
2071
|
def add_galaxy(self, galaxy: MISPGalaxy | dict[str, Any] | None = None, **kwargs) -> MISPGalaxy: # type: ignore[no-untyped-def]
|
|
2045
2072
|
"""Add a galaxy and sub-clusters into an event, either by passing
|
|
2046
2073
|
a MISPGalaxy or a dictionary.
|
|
@@ -2226,6 +2253,13 @@ class MISPWarninglist(AbstractMISP):
|
|
|
2226
2253
|
super().from_dict(**kwargs)
|
|
2227
2254
|
|
|
2228
2255
|
|
|
2256
|
+
class MISPCryptographicKey(AbstractMISP):
|
|
2257
|
+
def from_dict(self, **kwargs) -> None: # type: ignore[no-untyped-def]
|
|
2258
|
+
if 'CryptographicKey' in kwargs:
|
|
2259
|
+
kwargs = kwargs['CryptographicKey']
|
|
2260
|
+
super().from_dict(**kwargs)
|
|
2261
|
+
|
|
2262
|
+
|
|
2229
2263
|
class MISPTaxonomy(AbstractMISP):
|
|
2230
2264
|
|
|
2231
2265
|
enabled: bool
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.1
|
|
2
2
|
Name: pymisp
|
|
3
|
-
Version: 2.5.
|
|
3
|
+
Version: 2.5.3
|
|
4
4
|
Summary: Python API for MISP.
|
|
5
5
|
Home-page: https://github.com/MISP/PyMISP
|
|
6
6
|
License: BSD-2-Clause
|
|
@@ -33,12 +33,12 @@ Provides-Extra: virustotal
|
|
|
33
33
|
Requires-Dist: RTFDE (>=0.1.1,<0.2.0) ; extra == "email"
|
|
34
34
|
Requires-Dist: Sphinx (>=8,<9) ; (python_version >= "3.10") and (extra == "docs")
|
|
35
35
|
Requires-Dist: beautifulsoup4 (>=4.12.3,<5.0.0) ; extra == "openioc"
|
|
36
|
-
Requires-Dist: deprecated (>=1.2.
|
|
36
|
+
Requires-Dist: deprecated (>=1.2.15,<2.0.0)
|
|
37
37
|
Requires-Dist: docutils (>=0.21.1,<0.22.0) ; (python_version >= "3.10") and (extra == "docs")
|
|
38
38
|
Requires-Dist: extract_msg (>=0.52,<0.53) ; extra == "email"
|
|
39
39
|
Requires-Dist: lief (>=0.15.0,<0.16.0) ; extra == "fileobjects"
|
|
40
40
|
Requires-Dist: oletools (>=0.60.1,<0.61.0) ; extra == "email"
|
|
41
|
-
Requires-Dist: publicsuffixlist (>=1.0.2.
|
|
41
|
+
Requires-Dist: publicsuffixlist (>=1.0.2.20241216,<2.0.0.0)
|
|
42
42
|
Requires-Dist: pydeep2 (>=0.5.1,<0.6.0) ; extra == "fileobjects"
|
|
43
43
|
Requires-Dist: pyfaup (>=1.2,<2.0) ; extra == "url"
|
|
44
44
|
Requires-Dist: python-dateutil (>=2.9.0.post0,<3.0.0)
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
pymisp/__init__.py,sha256=NxD9URYrwmEvYsZdUDTtBqBuIsvzRjXnRr8QVPsuOGE,4004
|
|
2
2
|
pymisp/abstract.py,sha256=hdf3heAGnEi3rFIxaAsCOKfO4Y1kT_UoDNpr564GiIk,15745
|
|
3
|
-
pymisp/api.py,sha256=
|
|
3
|
+
pymisp/api.py,sha256=ocZXH-sgLy-q0g7dlxV6TZu0uKo5ZAdwEIja33ZSQ68,208104
|
|
4
4
|
pymisp/data/describeTypes.json,sha256=hoOy6U_FDVmfk9EdaFgGfEe_GMifmRnIrW8FAJ1ylJ4,45889
|
|
5
5
|
pymisp/data/misp-objects/.git,sha256=NZIIWPWRiUFN6wy7MhT0zLzu8WP8PKqbMxWaO0by0dY,55
|
|
6
6
|
pymisp/data/misp-objects/.gitchangelog.rc,sha256=27iB5X06HaLaMpDdZWMkg_YWLyZRm9H1qBOsqFntuV0,10009
|
|
@@ -222,7 +222,7 @@ pymisp/data/misp-objects/objects/network-traffic/definition.json,sha256=jZSGhItw
|
|
|
222
222
|
pymisp/data/misp-objects/objects/news-agency/definition.json,sha256=yo-x2a7rei3tFIwHEisW2Hf3cGAQieEAs1QRGOQjSYE,2090
|
|
223
223
|
pymisp/data/misp-objects/objects/news-media/definition.json,sha256=Mb4TQz-Cj035HtfyuhVyRTCUlxkzCizBZghLxgD6rGA,4024
|
|
224
224
|
pymisp/data/misp-objects/objects/open-data-security/definition.json,sha256=fNTNdk-Hjd83DkmhbhGst6PJv09ZJzuXC6RitsEinZg,3052
|
|
225
|
-
pymisp/data/misp-objects/objects/opentide/definition.json,sha256=
|
|
225
|
+
pymisp/data/misp-objects/objects/opentide/definition.json,sha256=KAhBYWYMp_PF0lTMjanOBKZirdju2120Y9tNOlpMzy8,1496
|
|
226
226
|
pymisp/data/misp-objects/objects/organization/definition.json,sha256=2Dq4Gs4ynlcaP1rnxfvDCU8cCARO39_Z3azkHYJjhh4,3956
|
|
227
227
|
pymisp/data/misp-objects/objects/original-imported-file/definition.json,sha256=lip2yP3wdLoCGxsiCrNMcBC6nyQJUPcJFZYzlkpxeOA,921
|
|
228
228
|
pymisp/data/misp-objects/objects/paloalto-threat-event/definition.json,sha256=F1qMo6LN32i3e7ODjv38twX3BEzrgdLIqXN9PqL-3x4,2597
|
|
@@ -381,7 +381,7 @@ pymisp/data/misp-objects/validate_all.sh,sha256=0wWn-qZS9Pp0voEHK2QBCUxjvlaYj_kb
|
|
|
381
381
|
pymisp/data/schema-lax.json,sha256=2QICdCbtfXRJkTVjwb7xjF3ypys2wOtrUyE1ZDz_qes,8561
|
|
382
382
|
pymisp/data/schema.json,sha256=79N2hObemthb_syUHksDqM4djFttsWZQDg1sTYZYxys,9178
|
|
383
383
|
pymisp/exceptions.py,sha256=IgGGadv5lnLAvO7Q6AjF0vEbjoWwwDWLYwMn-8pkU_k,1965
|
|
384
|
-
pymisp/mispevent.py,sha256=
|
|
384
|
+
pymisp/mispevent.py,sha256=n-HvUYM4KT6IvOiDFjsCtWdivIiFDwZDB6anUmkCOyc,118503
|
|
385
385
|
pymisp/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
386
386
|
pymisp/tools/__init__.py,sha256=_KCihYo82e8G5cHV321ak2sgbao2GyFjf4sSTMiN_IM,2233
|
|
387
387
|
pymisp/tools/_psl_faup.py,sha256=JyK8RQm8DPWvNuoF4rQpiE0rBm-Az-sr38Kl46dmWcs,7034
|
|
@@ -412,7 +412,7 @@ pymisp/tools/update_objects.py,sha256=sp_XshzgtRjAU0Mqg8FgRTaokjVKLImyQ02xIcPSrH
|
|
|
412
412
|
pymisp/tools/urlobject.py,sha256=PIucy1356zaljUm1NbeKmEpHpAUK9yiK2lAugcMp2t8,2489
|
|
413
413
|
pymisp/tools/vehicleobject.py,sha256=bs7f4d47IBi2-VumssSM3HlqkH0viyHTLmIHQxe8Iz8,3687
|
|
414
414
|
pymisp/tools/vtreportobject.py,sha256=NsdYzgqm47dywYeW8UnWmEDeIsf07xZreD2iJzFm2wg,3217
|
|
415
|
-
pymisp-2.5.
|
|
416
|
-
pymisp-2.5.
|
|
417
|
-
pymisp-2.5.
|
|
418
|
-
pymisp-2.5.
|
|
415
|
+
pymisp-2.5.3.dist-info/LICENSE,sha256=1oPSVvs96qLjbJVi3mPn0yvWs-6aoIF6BNXi6pVlFmY,1615
|
|
416
|
+
pymisp-2.5.3.dist-info/METADATA,sha256=VntgmJQEy43KC2_8Bw6W3wURZMfe6OUTPMlGSWQsnjQ,9166
|
|
417
|
+
pymisp-2.5.3.dist-info/WHEEL,sha256=Nq82e9rUAnEjt98J6MlVmMCZb-t9cYE2Ir1kpBmnWfs,88
|
|
418
|
+
pymisp-2.5.3.dist-info/RECORD,,
|
|
File without changes
|
|
File without changes
|