pymisp 2.5.7.1__py3-none-any.whl → 2.5.8__py3-none-any.whl

examples/addtag2.py

@@ -1,45 +0,0 @@
-#!/usr/bin/env python3
-
-from pymisp import PyMISP
-from keys import misp_url, misp_key, misp_verifycert
-import argparse
-
-
-def init(url, key):
-    return PyMISP(url, key, misp_verifycert, 'json')
-
-
-if __name__ == '__main__':
-    parser = argparse.ArgumentParser(description='Tag something.')
-    parser.add_argument("-u", "--uuid", help="UUID to tag.")
-    parser.add_argument("-e", "--event", help="Event ID to tag.")
-    parser.add_argument("-a", "--attribute", help="Attribute ID to tag")
-    parser.add_argument("-t", "--tag", required=True, help="Tag ID.")
-    args = parser.parse_args()
-
-    if not args.event and not args.uuid and not args.attribute:
-        print("Please provide at least one of the following : uuid, eventID or attribute ID, see --help")
-        exit()
-
-    misp = init(misp_url, misp_key)
-
-    if args.event and not args.attribute:
-        result = misp.search(eventid=args.event)
-        for event in result:
-            uuid = event['Event']['uuid']
-
-    if args.attribute:
-        if not args.event:
-            print("Please provide event ID also")
-            exit()
-        result = misp.search(eventid=args.event)
-        for event in result:
-            for attribute in event['Event']['Attribute']:
-                if attribute["id"] == args.attribute:
-                    uuid = attribute["uuid"]
-
-    if args.uuid:
-        uuid = args.uuid
-
-    print("UUID tagged: %s" % uuid)
-    misp.tag(uuid, args.tag)

examples/asciidoc_generator.py

@@ -1,114 +0,0 @@
-#!/usr/bin/env python3
-# -*- coding: utf-8 -*-
-
-import argparse
-from datetime import date
-import importlib
-
-from pymisp import MISPEvent
-from defang import defang
-from pytaxonomies import Taxonomies
-
-
-class ReportGenerator():
-    def __init__(self, profile="daily_report"):
-        self.taxonomies = Taxonomies()
-        self.report = ''
-        profile_name = "profiles.{}".format(profile)
-        self.template = importlib.import_module(name=profile_name)
-
-    def from_remote(self, event_id):
-        from pymisp import PyMISP
-        from keys import misp_url, misp_key, misp_verifycert
-        misp = PyMISP(misp_url, misp_key, misp_verifycert)
-        result = misp.get(event_id)
-        self.misp_event = MISPEvent()
-        self.misp_event.load(result)
-
-    def from_file(self, path):
-        self.misp_event = MISPEvent()
-        self.misp_event.load_file(path)
-
-    def attributes(self):
-        if not self.misp_event.attributes:
-            return ''
-        list_attributes = []
-        for attribute in self.misp_event.attributes:
-            if attribute.type in self.template.types_to_attach:
-                list_attributes.append("* {}".format(defang(attribute.value)))
-        for obj in self.misp_event.Object:
-            if obj.name in self.template.objects_to_attach:
-                for attribute in obj.Attribute:
-                    if attribute.type in self.template.types_to_attach:
-                        list_attributes.append("* {}".format(defang(attribute.value)))
-        return self.template.attributes.format(list_attributes="\n".join(list_attributes))
-
-    def _get_tag_info(self, machinetag):
-        return self.taxonomies.revert_machinetag(machinetag)
-
-    def report_headers(self):
-        content = {'org_name': 'name',
-                   'date': date.today().isoformat()}
-        self.report += self.template.headers.format(**content)
-
-    def event_level_tags(self):
-        if not self.misp_event.Tag:
-            return ''
-        for tag in self.misp_event.Tag:
-            # Only look for TLP for now
-            if tag['name'].startswith('tlp'):
-                tax, predicate = self._get_tag_info(tag['name'])
-                return self.template.event_level_tags.format(value=predicate.predicate.upper(), expanded=predicate.expanded)
-
-    def title(self):
-        internal_id = ''
-        summary = ''
-        # Get internal refs for report
-        for obj in self.misp_event.Object:
-            if obj.name != 'report':
-                continue
-            for a in obj.Attribute:
-                if a.object_relation == 'case-number':
-                    internal_id = a.value
-                if a.object_relation == 'summary':
-                    summary = a.value
-
-        return self.template.title.format(internal_id=internal_id, title=self.misp_event.info,
-                                          summary=summary)
-
-    def asciidoc(self, lang='en'):
-        self.report += self.title()
-        self.report += self.event_level_tags()
-        self.report += self.attributes()
-
-
-if __name__ == '__main__':
-    try:
-        parser = argparse.ArgumentParser(description='Create a human-readable report out of a MISP event')
-        parser.add_argument("--profile", default="daily_report", help="Profile template to use")
-        parser.add_argument("-o", "--output", help="Output file to write to (generally ends in .adoc)")
-        group = parser.add_mutually_exclusive_group(required=True)
-        group.add_argument("-e", "--event", default=[], nargs='+', help="Event ID to get.")
-        group.add_argument("-p", "--path", default=[], nargs='+', help="Path to the JSON dump.")
-
-        args = parser.parse_args()
-
-        report = ReportGenerator(args.profile)
-        report.report_headers()
-
-        if args.event:
-            for eid in args.event:
-                report.from_remote(eid)
-                report.asciidoc()
-        else:
-            for f in args.path:
-                report.from_file(f)
-                report.asciidoc()
-
-        if args.output:
-            with open(args.output, "w") as ofile:
-                ofile.write(report.report)
-        else:
-            print(report.report)
-    except ModuleNotFoundError as err:
-        print(err)

examples/cache_all.py

@@ -1,10 +0,0 @@
-#!/usr/bin/env python
-# -*- coding: utf-8 -*-
-
-from keys import misp_url, misp_key, misp_verifycert
-from pymisp import ExpandedPyMISP
-
-
-if __name__ == '__main__':
-    misp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert)
-    misp.cache_all_feeds()

examples/copyTagsFromAttributesToEvent.py

@@ -1,68 +0,0 @@
-#!/usr/bin/env python
-# -*- coding: utf-8 -*-
-
-from pymisp import PyMISP
-from keys import misp_url, misp_key, misp_verifycert
-import argparse
-import os
-
-SILENT = False
-
-
-def getTagToApplyToEvent(event):
-    tags_to_apply = set()
-
-    event_tags = { tag.name for tag in event.tags }
-    for galaxy in event.galaxies:
-        for cluster in galaxy.clusters:
-            event_tags.add(cluster.tag_name)
-
-    for attribute in event.attributes:
-        for attribute_tag in attribute.tags:
-            if attribute_tag.name not in event_tags:
-                tags_to_apply.add(attribute_tag.name)
-
-    return tags_to_apply
-
-
-def TagEvent(event, tags_to_apply):
-    for tag in tags_to_apply:
-        event.add_tag(tag)
-    return event
-
-
-def condPrint(text):
-    if not SILENT:
-        print(text)
-
-
-if __name__ == '__main__':
-    parser = argparse.ArgumentParser(description='Get an event from a MISP instance.')
-    parser.add_argument("-e", "--event", required=True, help="Event ID to get.")
-    parser.add_argument("-y", "--yes", required=False, default=False, action='store_true',  help="Automatically accept prompt.")
-    parser.add_argument("-s", "--silent", required=False, default=False, action='store_true', help="No output to stdin.")
-
-    args = parser.parse_args()
-    SILENT = args.silent
-
-    misp = PyMISP(misp_url, misp_key, misp_verifycert)
-
-    event = misp.get_event(args.event, pythonify=True)
-    tags_to_apply = getTagToApplyToEvent(event)
-    condPrint('Tag to apply at event level:')
-    for tag in tags_to_apply:
-        condPrint(f'- {tag}')
-
-    confirmed = False
-    if args.yes:
-        confirmed = True
-    else:
-        confirm = input('Confirm [Y/n]: ')
-        confirmed = len(confirm) == 0 or confirm == 'Y' or confirm == 'y'
-    if confirmed:
-        event = TagEvent(event, tags_to_apply)
-        condPrint(f'Updating event {args.event}')
-        misp.update_event(event)
-        condPrint(f'Event {args.event} tagged with {len(tags_to_apply)} tags')
-    else:
-        condPrint('Operation cancelled')

examples/copy_list.py

@@ -1,93 +0,0 @@
-#!/usr/bin/env python
-# -*- coding: utf-8 -*-
-
-import sys
-
-from pymisp import PyMISP
-
-from keys import cert, priv
-
-url_cert = 'https://misp.circl.lu'
-url_priv = 'https://misppriv.circl.lu'
-cert_cert = 'misp.circl.lu.crt'
-cert_priv = 'misppriv.circl.lu.crt'
-source = None
-destination = None
-
-
-def init(cert_to_priv=True):
-    global source
-    global destination
-    print(cert_to_priv)
-    if cert_to_priv:
-        source = PyMISP(url_cert, cert, cert_cert, 'xml')
-        destination = PyMISP(url_priv, priv, cert_priv, 'xml')
-    else:
-        source = PyMISP(url_priv, priv, cert_priv, 'xml')
-        destination = PyMISP(url_cert, cert, cert_cert, 'xml')
-
-
-def copy_event(event_id):
-    e = source.get_event(event_id)
-    return destination.add_event(e)
-
-
-def update_event(event_id, event_to_update):
-    e = source.get_event(event_id)
-    return destination.update_event(event_to_update, e)
-
-
-def list_copy(filename):
-    with open(filename, 'r') as f:
-        for l in f:
-            copy(l)
-
-
-def loop_copy():
-    while True:
-        line = sys.stdin.readline()
-        copy(line)
-
-
-def copy(eventid):
-    eventid = eventid.strip()
-    if len(eventid) == 0 or not eventid.isdigit():
-        print('empty line or NaN.')
-        return
-    eventid = int(eventid)
-    print(eventid, 'copying...')
-    r = copy_event(eventid)
-    if r.status_code >= 400:
-        loc = r.headers['location']
-        if loc is not None:
-            event_to_update = loc.split('/')[-1]
-            print('updating', event_to_update)
-            r = update_event(eventid, event_to_update)
-            if r.status_code >= 400:
-                print(r.status_code, r.headers)
-        else:
-            print(r.status_code, r.headers)
-    print(eventid, 'done.')
-
-
-def export_our_org():
-    circl = source.search(org='CIRCL')
-    return circl
-
-if __name__ == '__main__':
-    import argparse
-    parser = argparse.ArgumentParser(
-        description='Copy the events from one MISP instance to an other.')
-    parser.add_argument('-f', '--filename', type=str,
-                        help='File containing a list of event id.')
-    parser.add_argument(
-        '-l', '--loop', action='store_true',
-        help='Endless loop: eventid in the terminal and it will be copied.')
-    parser.add_argument('--priv_to_cert', action='store_false', default=True,
-                        help='Copy from MISP priv to MISP CERT.')
-    args = parser.parse_args()
-    init(args.priv_to_cert)
-    if args.filename is not None:
-        list_copy(args.filename)
-    else:
-        loop_copy()

examples/create_events.py

@@ -1,26 +0,0 @@
-#!/usr/bin/env python
-# -*- coding: utf-8 -*-
-
-from pymisp import ExpandedPyMISP, MISPEvent
-from keys import misp_url, misp_key, misp_verifycert
-import argparse
-
-
-if __name__ == '__main__':
-    parser = argparse.ArgumentParser(description='Create an event on MISP.')
-    parser.add_argument("-d", "--distrib", type=int, help="The distribution setting used for the attributes and for the newly created event, if relevant. [0-3].")
-    parser.add_argument("-i", "--info", help="Used to populate the event info field if no event ID supplied.")
-    parser.add_argument("-a", "--analysis", type=int, help="The analysis level of the newly created event, if applicable. [0-2]")
-    parser.add_argument("-t", "--threat", type=int, help="The threat level ID of the newly created event, if applicable. [1-4]")
-    args = parser.parse_args()
-
-    misp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert)
-
-    event = MISPEvent()
-    event.distribution = args.distrib
-    event.threat_level_id = args.threat
-    event.analysis = args.analysis
-    event.info = args.info
-
-    event = misp.add_event(event, pythonify=True)
-    print(event)