pymisp 2.5.4__py3-none-any.whl → 2.5.7__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of pymisp might be problematic. Click here for more details.

Files changed (158) hide show
  1. CHANGELOG.txt +5380 -0
  2. examples/__init__.py +0 -0
  3. examples/add_attributes_from_csv.py +74 -0
  4. examples/add_email_object.py +29 -0
  5. examples/add_fail2ban_object.py +86 -0
  6. examples/add_feed.py +25 -0
  7. examples/add_file_object.py +47 -0
  8. examples/add_filetype_object_from_csv.py +53 -0
  9. examples/add_generic_object.py +26 -0
  10. examples/add_github_user.py +65 -0
  11. examples/add_gitlab_user.py +56 -0
  12. examples/add_named_attribute.py +25 -0
  13. examples/add_organisations.py +57 -0
  14. examples/add_ssh_authorized_keys.py +29 -0
  15. examples/add_user.py +22 -0
  16. examples/add_vehicle_object.py +22 -0
  17. examples/addtag2.py +45 -0
  18. examples/asciidoc_generator.py +114 -0
  19. examples/cache_all.py +10 -0
  20. examples/copyTagsFromAttributesToEvent.py +68 -0
  21. examples/copy_list.py +93 -0
  22. examples/create_events.py +26 -0
  23. examples/cytomic_orion.py +549 -0
  24. examples/del.py +22 -0
  25. examples/delete_user.py +16 -0
  26. examples/edit_organisation.py +20 -0
  27. examples/edit_user.py +20 -0
  28. examples/falsepositive_disabletoids.py +136 -0
  29. examples/fetch_events_feed.py +15 -0
  30. examples/fetch_warninglist_hits.py +38 -0
  31. examples/freetext.py +22 -0
  32. examples/generate_file_objects.py +78 -0
  33. examples/generate_meta_feed.py +15 -0
  34. examples/get.py +37 -0
  35. examples/get_csv.py +37 -0
  36. examples/get_network_activity.py +187 -0
  37. examples/last.py +48 -0
  38. examples/load_csv.py +94 -0
  39. examples/lookup.py +28 -0
  40. examples/misp2cef.py +71 -0
  41. examples/misp2clamav.py +52 -0
  42. examples/openioc_to_misp.py +27 -0
  43. examples/proofpoint_tap.py +203 -0
  44. examples/proofpoint_vap.py +65 -0
  45. examples/search.py +48 -0
  46. examples/search_attributes_yara.py +40 -0
  47. examples/search_sighting.py +42 -0
  48. examples/server_sync_check_conn.py +32 -0
  49. examples/sharing_groups.py +15 -0
  50. examples/show_sightings.py +168 -0
  51. examples/stats_report.py +405 -0
  52. examples/sync_sighting.py +171 -0
  53. examples/tags.py +25 -0
  54. examples/test_sign.py +19 -0
  55. examples/trustar_misp.py +59 -0
  56. examples/up.py +21 -0
  57. examples/upload.py +60 -0
  58. examples/users_list.py +15 -0
  59. examples/vmray_automation.py +281 -0
  60. examples/vt_to_misp.py +182 -0
  61. examples/warninglists.py +22 -0
  62. examples/yara.py +38 -0
  63. examples/yara_dump.py +98 -0
  64. pymisp/api.py +33 -5
  65. pymisp/data/misp-objects/objects/instagram-account/definition.json +66 -0
  66. pymisp/data/misp-objects/objects/lnk/definition.json +13 -1
  67. pymisp/data/misp-objects/objects/rmm/definition.json +88 -0
  68. pymisp/data/misp-objects/objects/target-system/definition.json +2 -2
  69. pymisp/data/misp-objects/schema_objects.json +1 -1
  70. pymisp/mispevent.py +8 -0
  71. {pymisp-2.5.4.dist-info → pymisp-2.5.7.dist-info}/METADATA +23 -28
  72. {pymisp-2.5.4.dist-info → pymisp-2.5.7.dist-info}/RECORD +140 -27
  73. {pymisp-2.5.4.dist-info → pymisp-2.5.7.dist-info}/WHEEL +1 -1
  74. tests/57c4445b-c548-4654-af0b-4be3950d210f.json +1 -0
  75. tests/__init__.py +0 -0
  76. tests/csv_testfiles/invalid_fieldnames.csv +11 -0
  77. tests/csv_testfiles/valid_fieldnames.csv +4 -0
  78. tests/email_testfiles/mail_1.eml.zip +0 -0
  79. tests/email_testfiles/mail_1.msg +0 -0
  80. tests/email_testfiles/mail_1_bom.eml +858 -0
  81. tests/email_testfiles/mail_1_headers_only.eml +28 -0
  82. tests/email_testfiles/mail_2.eml +32 -0
  83. tests/email_testfiles/mail_3.eml +170 -0
  84. tests/email_testfiles/mail_3.msg +0 -0
  85. tests/email_testfiles/mail_4.msg +0 -0
  86. tests/email_testfiles/mail_5.msg +0 -0
  87. tests/email_testfiles/mail_multiple_to.eml +15 -0
  88. tests/email_testfiles/source +1 -0
  89. tests/git-vuln-finder-quagga.json +1493 -0
  90. tests/misp_event.json +76 -0
  91. tests/mispevent_testfiles/attribute.json +21 -0
  92. tests/mispevent_testfiles/attribute_del.json +23 -0
  93. tests/mispevent_testfiles/def_param.json +53 -0
  94. tests/mispevent_testfiles/event.json +8 -0
  95. tests/mispevent_testfiles/event_obj_attr_tag.json +57 -0
  96. tests/mispevent_testfiles/event_obj_def_param.json +62 -0
  97. tests/mispevent_testfiles/event_obj_tag.json +29 -0
  98. tests/mispevent_testfiles/event_tags.json +18 -0
  99. tests/mispevent_testfiles/existing_event.json +4599 -0
  100. tests/mispevent_testfiles/existing_event_edited.json +4601 -0
  101. tests/mispevent_testfiles/galaxy.json +25 -0
  102. tests/mispevent_testfiles/malware.json +19 -0
  103. tests/mispevent_testfiles/malware_exist.json +163 -0
  104. tests/mispevent_testfiles/misp_custom_obj.json +38 -0
  105. tests/mispevent_testfiles/overwrite_file/definition.json +457 -0
  106. tests/mispevent_testfiles/proposals.json +35 -0
  107. tests/mispevent_testfiles/shadow.json +148 -0
  108. tests/mispevent_testfiles/sighting.json +5 -0
  109. tests/mispevent_testfiles/simple.json +2 -0
  110. tests/mispevent_testfiles/test_object_template/definition.json +29 -0
  111. tests/new_misp_event.json +34 -0
  112. tests/reportlab_testfiles/HTML_event.json +1 -0
  113. tests/reportlab_testfiles/galaxy_1.json +1250 -0
  114. tests/reportlab_testfiles/image_event.json +2490 -0
  115. tests/reportlab_testfiles/japanese_test.json +156 -0
  116. tests/reportlab_testfiles/japanese_test_heavy.json +318 -0
  117. tests/reportlab_testfiles/long_event.json +3730 -0
  118. tests/reportlab_testfiles/mainly_objects_1.json +1092 -0
  119. tests/reportlab_testfiles/mainly_objects_2.json +977 -0
  120. tests/reportlab_testfiles/sighting_1.json +305 -0
  121. tests/reportlab_testfiles/sighting_2.json +221 -0
  122. tests/reportlab_testfiles/to_delete1.json +804 -0
  123. tests/reportlab_testfiles/to_delete2.json +1 -0
  124. tests/reportlab_testfiles/to_delete3.json +1 -0
  125. tests/reportlab_testfiles/very_long_event.json +1006 -0
  126. tests/reportlab_testoutputs/to_delete1.json.pdf +391 -0
  127. tests/reportlab_testoutputs/to_delete2.json.pdf +506 -0
  128. tests/reportlab_testoutputs/to_delete3.json.pdf +277 -0
  129. tests/search_index_result.json +69 -0
  130. tests/sharing_groups.json +98 -0
  131. tests/stix1.xml-utf8 +110 -0
  132. tests/stix2.json +1 -0
  133. tests/test_analyst_data.py +123 -0
  134. tests/test_emailobject.py +157 -0
  135. tests/test_fileobject.py +20 -0
  136. tests/test_mispevent.py +473 -0
  137. tests/test_reportlab.py +431 -0
  138. tests/testlive_comprehensive.py +3734 -0
  139. tests/testlive_sync.py +474 -0
  140. pymisp/data/misp-objects/.git +0 -1
  141. pymisp/data/misp-objects/.gitchangelog.rc +0 -289
  142. pymisp/data/misp-objects/.github/workflows/codeql.yml +0 -41
  143. pymisp/data/misp-objects/.github/workflows/nosetests.yml +0 -39
  144. pymisp/data/misp-objects/.travis.yml +0 -16
  145. pymisp/data/misp-objects/LICENSE-software-only.md +0 -661
  146. pymisp/data/misp-objects/LICENSE.md +0 -36
  147. pymisp/data/misp-objects/README.md +0 -567
  148. pymisp/data/misp-objects/docs/time-related-objects.ods +0 -0
  149. pymisp/data/misp-objects/docs/time-related-objects.pdf +0 -0
  150. pymisp/data/misp-objects/jq_all_the_things.sh +0 -29
  151. pymisp/data/misp-objects/tools/adoc_objects.py +0 -145
  152. pymisp/data/misp-objects/tools/alfred_links_to_relarelationships.py +0 -48
  153. pymisp/data/misp-objects/tools/list_of_objects.py +0 -50
  154. pymisp/data/misp-objects/tools/updated.sh +0 -6
  155. pymisp/data/misp-objects/tools/validate_opposites.sh +0 -17
  156. pymisp/data/misp-objects/unique_uuid.py +0 -16
  157. pymisp/data/misp-objects/validate_all.sh +0 -38
  158. {pymisp-2.5.4.dist-info → pymisp-2.5.7.dist-info}/LICENSE +0 -0
tests/misp_event.json ADDED
@@ -0,0 +1,76 @@
1
+ {
2
+ "Attribute": [
3
+ {
4
+ "ShadowAttribute": [],
5
+ "category": "Payload delivery",
6
+ "comment": "",
7
+ "deleted": false,
8
+ "distribution": "5",
9
+ "event_id": "2",
10
+ "id": "7",
11
+ "sharing_group_id": "0",
12
+ "timestamp": "1465681304",
13
+ "to_ids": false,
14
+ "type": "url",
15
+ "uuid": "575c8598-f1f0-4c16-a94a-0612c0a83866",
16
+ "value": "http://fake.website.com/malware/is/here"
17
+ },
18
+ {
19
+ "ShadowAttribute": [],
20
+ "category": "Payload type",
21
+ "comment": "",
22
+ "deleted": false,
23
+ "distribution": "5",
24
+ "event_id": "2",
25
+ "id": "6",
26
+ "sharing_group_id": "0",
27
+ "timestamp": "1465681801",
28
+ "to_ids": false,
29
+ "type": "text",
30
+ "uuid": "575c8549-9010-4555-8b37-057ac0a83866",
31
+ "value": "Locky"
32
+ }
33
+ ],
34
+ "Org": {
35
+ "id": "1",
36
+ "name": "ORGNAME",
37
+ "uuid": "57586e9a-4a64-4f79-9009-4dc1c0a83866"
38
+ },
39
+ "Orgc": {
40
+ "id": "1",
41
+ "name": "ORGNAME",
42
+ "uuid": "57586e9a-4a64-4f79-9009-4dc1c0a83866"
43
+ },
44
+ "RelatedEvent": [],
45
+ "ShadowAttribute": [],
46
+ "Tag": [
47
+ {
48
+ "colour": "#005a5a",
49
+ "exportable": true,
50
+ "id": "6",
51
+ "name": "ecsirt:malicious-code=\"ransomware\""
52
+ },
53
+ {
54
+ "colour": "#142bf7",
55
+ "exportable": true,
56
+ "id": "1",
57
+ "name": "for_intelmq_processing"
58
+ }
59
+ ],
60
+ "analysis": "0",
61
+ "attribute_count": "2",
62
+ "date": "2016-06-09",
63
+ "distribution": "0",
64
+ "id": "2",
65
+ "info": "A Random Event",
66
+ "locked": false,
67
+ "org_id": "1",
68
+ "orgc_id": "1",
69
+ "proposal_email_lock": false,
70
+ "publish_timestamp": "0",
71
+ "published": false,
72
+ "sharing_group_id": "0",
73
+ "threat_level_id": "1",
74
+ "timestamp": "1465681801",
75
+ "uuid": "5758ebf5-c898-48e6-9fe9-5665c0a83866"
76
+ }
tests/mispevent_testfiles/attribute.json ADDED
@@ -0,0 +1,21 @@
1
+ {
2
+ "Attribute": [
3
+ {
4
+ "Tag": [
5
+ {
6
+ "name": "osint"
7
+ }
8
+ ],
9
+ "category": "Payload delivery",
10
+ "disable_correlation": false,
11
+ "to_ids": true,
12
+ "type": "filename",
13
+ "value": "bar.exe"
14
+ }
15
+ ],
16
+ "analysis": "1",
17
+ "date": "2017-12-31",
18
+ "distribution": "1",
19
+ "info": "This is a test",
20
+ "threat_level_id": "1"
21
+ }
tests/mispevent_testfiles/attribute_del.json ADDED
@@ -0,0 +1,23 @@
1
+ {
2
+ "Attribute": [
3
+ {
4
+ "Tag": [
5
+ {
6
+ "name": "osint"
7
+ }
8
+ ],
9
+ "category": "Payload delivery",
10
+ "deleted": true,
11
+ "disable_correlation": false,
12
+ "id": "42",
13
+ "to_ids": true,
14
+ "type": "filename",
15
+ "value": "bar.exe"
16
+ }
17
+ ],
18
+ "analysis": "1",
19
+ "date": "2017-12-31",
20
+ "distribution": "1",
21
+ "info": "This is a test",
22
+ "threat_level_id": "1"
23
+ }
tests/mispevent_testfiles/def_param.json ADDED
@@ -0,0 +1,53 @@
1
+ {
2
+ "Object": [
3
+ {
4
+ "Attribute": [
5
+ {
6
+ "category": "Attribution",
7
+ "disable_correlation": false,
8
+ "object_relation": "registrar",
9
+ "to_ids": false,
10
+ "type": "whois-registrar",
11
+ "value": "registar.example.com"
12
+ },
13
+ {
14
+ "category": "Network activity",
15
+ "disable_correlation": false,
16
+ "object_relation": "domain",
17
+ "to_ids": true,
18
+ "type": "domain",
19
+ "value": "domain.example.com"
20
+ },
21
+ {
22
+ "category": "Network activity",
23
+ "disable_correlation": true,
24
+ "object_relation": "nameserver",
25
+ "to_ids": false,
26
+ "type": "hostname",
27
+ "value": "ns1.example.com"
28
+ },
29
+ {
30
+ "category": "External analysis",
31
+ "disable_correlation": false,
32
+ "object_relation": "nameserver",
33
+ "to_ids": true,
34
+ "type": "hostname",
35
+ "value": "ns2.example.com"
36
+ }
37
+ ],
38
+ "description": "Whois records information for a domain name or an IP address.",
39
+ "distribution": "5",
40
+ "meta-category": "network",
41
+ "name": "whois",
42
+ "sharing_group_id": "0",
43
+ "template_uuid": "429faea1-34ff-47af-8a00-7c62d3be5a6a",
44
+ "template_version": "10",
45
+ "uuid": "a"
46
+ }
47
+ ],
48
+ "analysis": "1",
49
+ "date": "2017-12-31",
50
+ "distribution": "1",
51
+ "info": "This is a test",
52
+ "threat_level_id": "1"
53
+ }
tests/mispevent_testfiles/event.json ADDED
@@ -0,0 +1,8 @@
1
+ {
2
+ "analysis": "1",
3
+ "date": "2017-12-31",
4
+ "distribution": "1",
5
+ "info": "This is a test",
6
+ "published": true,
7
+ "threat_level_id": "1"
8
+ }
tests/mispevent_testfiles/event_obj_attr_tag.json ADDED
@@ -0,0 +1,57 @@
1
+ {
2
+ "Object": [
3
+ {
4
+ "Attribute": [
5
+ {
6
+ "Tag": [
7
+ {
8
+ "name": "blah"
9
+ }
10
+ ],
11
+ "category": "Payload delivery",
12
+ "disable_correlation": true,
13
+ "object_relation": "filename",
14
+ "to_ids": true,
15
+ "type": "filename",
16
+ "value": "bar"
17
+ }
18
+ ],
19
+ "ObjectReference": [
20
+ {
21
+ "comment": "foo",
22
+ "object_uuid": "a",
23
+ "referenced_uuid": "b",
24
+ "relationship_type": "baz"
25
+ }
26
+ ],
27
+ "description": "File object describing a file with meta-information",
28
+ "distribution": "5",
29
+ "meta-category": "file",
30
+ "name": "file",
31
+ "sharing_group_id": "0",
32
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
33
+ "template_version": "25",
34
+ "uuid": "a"
35
+ },
36
+ {
37
+ "Attribute": [
38
+ {
39
+ "category": "Network activity",
40
+ "disable_correlation": false,
41
+ "object_relation": "url",
42
+ "to_ids": true,
43
+ "type": "url",
44
+ "value": "https://www.circl.lu"
45
+ }
46
+ ],
47
+ "description": "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.",
48
+ "distribution": "5",
49
+ "meta-category": "network",
50
+ "name": "url",
51
+ "sharing_group_id": "0",
52
+ "template_uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5",
53
+ "template_version": "10",
54
+ "uuid": "b"
55
+ }
56
+ ]
57
+ }
tests/mispevent_testfiles/event_obj_def_param.json ADDED
@@ -0,0 +1,62 @@
1
+ {
2
+ "Object": [
3
+ {
4
+ "Attribute": [
5
+ {
6
+ "Tag": [
7
+ {
8
+ "name": "blah"
9
+ }
10
+ ],
11
+ "category": "Payload delivery",
12
+ "disable_correlation": true,
13
+ "object_relation": "filename",
14
+ "to_ids": true,
15
+ "type": "filename",
16
+ "value": "bar"
17
+ },
18
+ {
19
+ "category": "Artifacts dropped",
20
+ "disable_correlation": false,
21
+ "object_relation": "pattern-in-file",
22
+ "to_ids": true,
23
+ "type": "pattern-in-file",
24
+ "value": "baz"
25
+ }
26
+ ],
27
+ "description": "File object describing a file with meta-information",
28
+ "distribution": "5",
29
+ "meta-category": "file",
30
+ "name": "file",
31
+ "sharing_group_id": "0",
32
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
33
+ "template_version": "25",
34
+ "uuid": "a"
35
+ },
36
+ {
37
+ "Attribute": [
38
+ {
39
+ "Tag": [
40
+ {
41
+ "name": "blah"
42
+ }
43
+ ],
44
+ "category": "Payload delivery",
45
+ "disable_correlation": true,
46
+ "object_relation": "filename",
47
+ "to_ids": true,
48
+ "type": "filename",
49
+ "value": "baz"
50
+ }
51
+ ],
52
+ "description": "File object describing a file with meta-information",
53
+ "distribution": "5",
54
+ "meta-category": "file",
55
+ "name": "file",
56
+ "sharing_group_id": "0",
57
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
58
+ "template_version": "25",
59
+ "uuid": "b"
60
+ }
61
+ ]
62
+ }
tests/mispevent_testfiles/event_obj_tag.json ADDED
@@ -0,0 +1,29 @@
1
+ {
2
+ "Object": [
3
+ {
4
+ "Attribute": [
5
+ {
6
+ "category": "Payload delivery",
7
+ "disable_correlation": false,
8
+ "object_relation": "filename",
9
+ "to_ids": true,
10
+ "type": "filename",
11
+ "value": "bar"
12
+ }
13
+ ],
14
+ "Tag": [
15
+ {
16
+ "name": "osint"
17
+ }
18
+ ],
19
+ "description": "File object describing a file with meta-information",
20
+ "distribution": 5,
21
+ "meta-category": "file",
22
+ "name": "file",
23
+ "sharing_group_id": 0,
24
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
25
+ "template_version": 9,
26
+ "uuid": "a"
27
+ }
28
+ ]
29
+ }
tests/mispevent_testfiles/event_tags.json ADDED
@@ -0,0 +1,18 @@
1
+ {
2
+ "Tag": [
3
+ {
4
+ "name": "bar"
5
+ },
6
+ {
7
+ "name": "baz"
8
+ },
9
+ {
10
+ "name": "foo"
11
+ }
12
+ ],
13
+ "analysis": "1",
14
+ "date": "2017-12-31",
15
+ "distribution": "1",
16
+ "info": "This is a test",
17
+ "threat_level_id": "1"
18
+ }