PyPI - pymisp - Versions diffs - 2.5.7__py3-none-any.whl → 2.5.8__py3-none-any.whl - Mend

pymisp 2.5.7py3-none-any.whl → 2.5.8py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of pymisp might be problematic. Click here for more details.

Files changed (135) hide show

pymisp/api.py +1 -0
pymisp/data/misp-objects/objects/rmm/definition.json +1 -1
{pymisp-2.5.7.dist-info → pymisp-2.5.8.dist-info}/METADATA +4 -4
{pymisp-2.5.7.dist-info → pymisp-2.5.8.dist-info}/RECORD +6 -135
CHANGELOG.txt +0 -5380
examples/__init__.py +0 -0
examples/add_attributes_from_csv.py +0 -74
examples/add_email_object.py +0 -29
examples/add_fail2ban_object.py +0 -86
examples/add_feed.py +0 -25
examples/add_file_object.py +0 -47
examples/add_filetype_object_from_csv.py +0 -53
examples/add_generic_object.py +0 -26
examples/add_github_user.py +0 -65
examples/add_gitlab_user.py +0 -56
examples/add_named_attribute.py +0 -25
examples/add_organisations.py +0 -57
examples/add_ssh_authorized_keys.py +0 -29
examples/add_user.py +0 -22
examples/add_vehicle_object.py +0 -22
examples/addtag2.py +0 -45
examples/asciidoc_generator.py +0 -114
examples/cache_all.py +0 -10
examples/copyTagsFromAttributesToEvent.py +0 -68
examples/copy_list.py +0 -93
examples/create_events.py +0 -26
examples/cytomic_orion.py +0 -549
examples/del.py +0 -22
examples/delete_user.py +0 -16
examples/edit_organisation.py +0 -20
examples/edit_user.py +0 -20
examples/falsepositive_disabletoids.py +0 -136
examples/fetch_events_feed.py +0 -15
examples/fetch_warninglist_hits.py +0 -38
examples/freetext.py +0 -22
examples/generate_file_objects.py +0 -78
examples/generate_meta_feed.py +0 -15
examples/get.py +0 -37
examples/get_csv.py +0 -37
examples/get_network_activity.py +0 -187
examples/last.py +0 -48
examples/load_csv.py +0 -94
examples/lookup.py +0 -28
examples/misp2cef.py +0 -71
examples/misp2clamav.py +0 -52
examples/openioc_to_misp.py +0 -27
examples/proofpoint_tap.py +0 -203
examples/proofpoint_vap.py +0 -65
examples/search.py +0 -48
examples/search_attributes_yara.py +0 -40
examples/search_sighting.py +0 -42
examples/server_sync_check_conn.py +0 -32
examples/sharing_groups.py +0 -15
examples/show_sightings.py +0 -168
examples/stats_report.py +0 -405
examples/sync_sighting.py +0 -171
examples/tags.py +0 -25
examples/test_sign.py +0 -19
examples/trustar_misp.py +0 -59
examples/up.py +0 -21
examples/upload.py +0 -60
examples/users_list.py +0 -15
examples/vmray_automation.py +0 -281
examples/vt_to_misp.py +0 -182
examples/warninglists.py +0 -22
examples/yara.py +0 -38
examples/yara_dump.py +0 -98
tests/57c4445b-c548-4654-af0b-4be3950d210f.json +0 -1
tests/__init__.py +0 -0
tests/csv_testfiles/invalid_fieldnames.csv +0 -11
tests/csv_testfiles/valid_fieldnames.csv +0 -4
tests/email_testfiles/mail_1.eml.zip +0 -0
tests/email_testfiles/mail_1.msg +0 -0
tests/email_testfiles/mail_1_bom.eml +0 -858
tests/email_testfiles/mail_1_headers_only.eml +0 -28
tests/email_testfiles/mail_2.eml +0 -32
tests/email_testfiles/mail_3.eml +0 -170
tests/email_testfiles/mail_3.msg +0 -0
tests/email_testfiles/mail_4.msg +0 -0
tests/email_testfiles/mail_5.msg +0 -0
tests/email_testfiles/mail_multiple_to.eml +0 -15
tests/email_testfiles/source +0 -1
tests/git-vuln-finder-quagga.json +0 -1493
tests/misp_event.json +0 -76
tests/mispevent_testfiles/attribute.json +0 -21
tests/mispevent_testfiles/attribute_del.json +0 -23
tests/mispevent_testfiles/def_param.json +0 -53
tests/mispevent_testfiles/event.json +0 -8
tests/mispevent_testfiles/event_obj_attr_tag.json +0 -57
tests/mispevent_testfiles/event_obj_def_param.json +0 -62
tests/mispevent_testfiles/event_obj_tag.json +0 -29
tests/mispevent_testfiles/event_tags.json +0 -18
tests/mispevent_testfiles/existing_event.json +0 -4599
tests/mispevent_testfiles/existing_event_edited.json +0 -4601
tests/mispevent_testfiles/galaxy.json +0 -25
tests/mispevent_testfiles/malware.json +0 -19
tests/mispevent_testfiles/malware_exist.json +0 -163
tests/mispevent_testfiles/misp_custom_obj.json +0 -38
tests/mispevent_testfiles/overwrite_file/definition.json +0 -457
tests/mispevent_testfiles/proposals.json +0 -35
tests/mispevent_testfiles/shadow.json +0 -148
tests/mispevent_testfiles/sighting.json +0 -5
tests/mispevent_testfiles/simple.json +0 -2
tests/mispevent_testfiles/test_object_template/definition.json +0 -29
tests/new_misp_event.json +0 -34
tests/reportlab_testfiles/HTML_event.json +0 -1
tests/reportlab_testfiles/galaxy_1.json +0 -1250
tests/reportlab_testfiles/image_event.json +0 -2490
tests/reportlab_testfiles/japanese_test.json +0 -156
tests/reportlab_testfiles/japanese_test_heavy.json +0 -318
tests/reportlab_testfiles/long_event.json +0 -3730
tests/reportlab_testfiles/mainly_objects_1.json +0 -1092
tests/reportlab_testfiles/mainly_objects_2.json +0 -977
tests/reportlab_testfiles/sighting_1.json +0 -305
tests/reportlab_testfiles/sighting_2.json +0 -221
tests/reportlab_testfiles/to_delete1.json +0 -804
tests/reportlab_testfiles/to_delete2.json +0 -1
tests/reportlab_testfiles/to_delete3.json +0 -1
tests/reportlab_testfiles/very_long_event.json +0 -1006
tests/reportlab_testoutputs/to_delete1.json.pdf +0 -391
tests/reportlab_testoutputs/to_delete2.json.pdf +0 -506
tests/reportlab_testoutputs/to_delete3.json.pdf +0 -277
tests/search_index_result.json +0 -69
tests/sharing_groups.json +0 -98
tests/stix1.xml-utf8 +0 -110
tests/stix2.json +0 -1
tests/test_analyst_data.py +0 -123
tests/test_emailobject.py +0 -157
tests/test_fileobject.py +0 -20
tests/test_mispevent.py +0 -473
tests/test_reportlab.py +0 -431
tests/testlive_comprehensive.py +0 -3734
tests/testlive_sync.py +0 -474
{pymisp-2.5.7.dist-info → pymisp-2.5.8.dist-info}/LICENSE +0 -0
{pymisp-2.5.7.dist-info → pymisp-2.5.8.dist-info}/WHEEL +0 -0

examples/addtag2.py DELETED Viewed

@@ -1,45 +0,0 @@
-#!/usr/bin/env python3
-from pymisp import PyMISP
-from keys import misp_url, misp_key, misp_verifycert
-import argparse
-def init(url, key):
-    return PyMISP(url, key, misp_verifycert, 'json')
-if __name__ == '__main__':
-    parser = argparse.ArgumentParser(description='Tag something.')
-    parser.add_argument("-u", "--uuid", help="UUID to tag.")
-    parser.add_argument("-e", "--event", help="Event ID to tag.")
-    parser.add_argument("-a", "--attribute", help="Attribute ID to tag")
-    parser.add_argument("-t", "--tag", required=True, help="Tag ID.")
-    args = parser.parse_args()
-    if not args.event and not args.uuid and not args.attribute:
-        print("Please provide at least one of the following : uuid, eventID or attribute ID, see --help")
-        exit()
-    misp = init(misp_url, misp_key)
-    if args.event and not args.attribute:
-        result = misp.search(eventid=args.event)
-        for event in result:
-            uuid = event['Event']['uuid']
-    if args.attribute:
-        if not args.event:
-            print("Please provide event ID also")
-            exit()
-        result = misp.search(eventid=args.event)
-        for event in result:
-            for attribute in event['Event']['Attribute']:
-                if attribute["id"] == args.attribute:
-                    uuid = attribute["uuid"]
-    if args.uuid:
-        uuid = args.uuid
-    print("UUID tagged: %s" % uuid)
-    misp.tag(uuid, args.tag)

examples/asciidoc_generator.py DELETED Viewed

@@ -1,114 +0,0 @@
-#!/usr/bin/env python3
-# -*- coding: utf-8 -*-
-import argparse
-from datetime import date
-import importlib
-from pymisp import MISPEvent
-from defang import defang
-from pytaxonomies import Taxonomies
-class ReportGenerator():
-    def __init__(self, profile="daily_report"):
-        self.taxonomies = Taxonomies()
-        self.report = ''
-        profile_name = "profiles.{}".format(profile)
-        self.template = importlib.import_module(name=profile_name)
-    def from_remote(self, event_id):
-        from pymisp import PyMISP
-        from keys import misp_url, misp_key, misp_verifycert
-        misp = PyMISP(misp_url, misp_key, misp_verifycert)
-        result = misp.get(event_id)
-        self.misp_event = MISPEvent()
-        self.misp_event.load(result)
-    def from_file(self, path):
-        self.misp_event = MISPEvent()
-        self.misp_event.load_file(path)
-    def attributes(self):
-        if not self.misp_event.attributes:
-            return ''
-        list_attributes = []
-        for attribute in self.misp_event.attributes:
-            if attribute.type in self.template.types_to_attach:
-                list_attributes.append("* {}".format(defang(attribute.value)))
-        for obj in self.misp_event.Object:
-            if obj.name in self.template.objects_to_attach:
-                for attribute in obj.Attribute:
-                    if attribute.type in self.template.types_to_attach:
-                        list_attributes.append("* {}".format(defang(attribute.value)))
-        return self.template.attributes.format(list_attributes="\n".join(list_attributes))
-    def _get_tag_info(self, machinetag):
-        return self.taxonomies.revert_machinetag(machinetag)
-    def report_headers(self):
-        content = {'org_name': 'name',
-                   'date': date.today().isoformat()}
-        self.report += self.template.headers.format(**content)
-    def event_level_tags(self):
-        if not self.misp_event.Tag:
-            return ''
-        for tag in self.misp_event.Tag:
-            # Only look for TLP for now
-            if tag['name'].startswith('tlp'):
-                tax, predicate = self._get_tag_info(tag['name'])
-                return self.template.event_level_tags.format(value=predicate.predicate.upper(), expanded=predicate.expanded)
-    def title(self):
-        internal_id = ''
-        summary = ''
-        # Get internal refs for report
-        for obj in self.misp_event.Object:
-            if obj.name != 'report':
-                continue
-            for a in obj.Attribute:
-                if a.object_relation == 'case-number':
-                    internal_id = a.value
-                if a.object_relation == 'summary':
-                    summary = a.value
-        return self.template.title.format(internal_id=internal_id, title=self.misp_event.info,
-                                          summary=summary)
-    def asciidoc(self, lang='en'):
-        self.report += self.title()
-        self.report += self.event_level_tags()
-        self.report += self.attributes()
-if __name__ == '__main__':
-    try:
-        parser = argparse.ArgumentParser(description='Create a human-readable report out of a MISP event')
-        parser.add_argument("--profile", default="daily_report", help="Profile template to use")
-        parser.add_argument("-o", "--output", help="Output file to write to (generally ends in .adoc)")
-        group = parser.add_mutually_exclusive_group(required=True)
-        group.add_argument("-e", "--event", default=[], nargs='+', help="Event ID to get.")
-        group.add_argument("-p", "--path", default=[], nargs='+', help="Path to the JSON dump.")
-        args = parser.parse_args()
-        report = ReportGenerator(args.profile)
-        report.report_headers()
-        if args.event:
-            for eid in args.event:
-                report.from_remote(eid)
-                report.asciidoc()
-        else:
-            for f in args.path:
-                report.from_file(f)
-                report.asciidoc()
-        if args.output:
-            with open(args.output, "w") as ofile:
-                ofile.write(report.report)
-        else:
-            print(report.report)
-    except ModuleNotFoundError as err:
-        print(err)

examples/cache_all.py DELETED Viewed

@@ -1,10 +0,0 @@
-#!/usr/bin/env python
-# -*- coding: utf-8 -*-
-from keys import misp_url, misp_key, misp_verifycert
-from pymisp import ExpandedPyMISP
-if __name__ == '__main__':
-    misp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert)
-    misp.cache_all_feeds()

examples/copyTagsFromAttributesToEvent.py DELETED Viewed

@@ -1,68 +0,0 @@
-#!/usr/bin/env python
-# -*- coding: utf-8 -*-
-from pymisp import PyMISP
-from keys import misp_url, misp_key, misp_verifycert
-import argparse
-import os
-SILENT = False
-def getTagToApplyToEvent(event):
-    tags_to_apply = set()
-    event_tags = { tag.name for tag in event.tags }
-    for galaxy in event.galaxies:
-        for cluster in galaxy.clusters:
-            event_tags.add(cluster.tag_name)
-    for attribute in event.attributes:
-        for attribute_tag in attribute.tags:
-            if attribute_tag.name not in event_tags:
-                tags_to_apply.add(attribute_tag.name)
-    return tags_to_apply
-def TagEvent(event, tags_to_apply):
-    for tag in tags_to_apply:
-        event.add_tag(tag)
-    return event
-def condPrint(text):
-    if not SILENT:
-        print(text)
-if __name__ == '__main__':
-    parser = argparse.ArgumentParser(description='Get an event from a MISP instance.')
-    parser.add_argument("-e", "--event", required=True, help="Event ID to get.")
-    parser.add_argument("-y", "--yes", required=False, default=False, action='store_true',  help="Automatically accept prompt.")
-    parser.add_argument("-s", "--silent", required=False, default=False, action='store_true', help="No output to stdin.")
-    args = parser.parse_args()
-    SILENT = args.silent
-    misp = PyMISP(misp_url, misp_key, misp_verifycert)
-    event = misp.get_event(args.event, pythonify=True)
-    tags_to_apply = getTagToApplyToEvent(event)
-    condPrint('Tag to apply at event level:')
-    for tag in tags_to_apply:
-        condPrint(f'- {tag}')
-    confirmed = False
-    if args.yes:
-        confirmed = True
-    else:
-        confirm = input('Confirm [Y/n]: ')
-        confirmed = len(confirm) == 0 or confirm == 'Y' or confirm == 'y'
-    if confirmed:
-        event = TagEvent(event, tags_to_apply)
-        condPrint(f'Updating event {args.event}')
-        misp.update_event(event)
-        condPrint(f'Event {args.event} tagged with {len(tags_to_apply)} tags')
-    else:
-        condPrint('Operation cancelled')

examples/copy_list.py DELETED Viewed

@@ -1,93 +0,0 @@
-#!/usr/bin/env python
-# -*- coding: utf-8 -*-
-import sys
-from pymisp import PyMISP
-from keys import cert, priv
-url_cert = 'https://misp.circl.lu'
-url_priv = 'https://misppriv.circl.lu'
-cert_cert = 'misp.circl.lu.crt'
-cert_priv = 'misppriv.circl.lu.crt'
-source = None
-destination = None
-def init(cert_to_priv=True):
-    global source
-    global destination
-    print(cert_to_priv)
-    if cert_to_priv:
-        source = PyMISP(url_cert, cert, cert_cert, 'xml')
-        destination = PyMISP(url_priv, priv, cert_priv, 'xml')
-    else:
-        source = PyMISP(url_priv, priv, cert_priv, 'xml')
-        destination = PyMISP(url_cert, cert, cert_cert, 'xml')
-def copy_event(event_id):
-    e = source.get_event(event_id)
-    return destination.add_event(e)
-def update_event(event_id, event_to_update):
-    e = source.get_event(event_id)
-    return destination.update_event(event_to_update, e)
-def list_copy(filename):
-    with open(filename, 'r') as f:
-        for l in f:
-            copy(l)
-def loop_copy():
-    while True:
-        line = sys.stdin.readline()
-        copy(line)
-def copy(eventid):
-    eventid = eventid.strip()
-    if len(eventid) == 0 or not eventid.isdigit():
-        print('empty line or NaN.')
-        return
-    eventid = int(eventid)
-    print(eventid, 'copying...')
-    r = copy_event(eventid)
-    if r.status_code >= 400:
-        loc = r.headers['location']
-        if loc is not None:
-            event_to_update = loc.split('/')[-1]
-            print('updating', event_to_update)
-            r = update_event(eventid, event_to_update)
-            if r.status_code >= 400:
-                print(r.status_code, r.headers)
-        else:
-            print(r.status_code, r.headers)
-    print(eventid, 'done.')
-def export_our_org():
-    circl = source.search(org='CIRCL')
-    return circl
-if __name__ == '__main__':
-    import argparse
-    parser = argparse.ArgumentParser(
-        description='Copy the events from one MISP instance to an other.')
-    parser.add_argument('-f', '--filename', type=str,
-                        help='File containing a list of event id.')
-    parser.add_argument(
-        '-l', '--loop', action='store_true',
-        help='Endless loop: eventid in the terminal and it will be copied.')
-    parser.add_argument('--priv_to_cert', action='store_false', default=True,
-                        help='Copy from MISP priv to MISP CERT.')
-    args = parser.parse_args()
-    init(args.priv_to_cert)
-    if args.filename is not None:
-        list_copy(args.filename)
-    else:
-        loop_copy()

examples/create_events.py DELETED Viewed

@@ -1,26 +0,0 @@
-#!/usr/bin/env python
-# -*- coding: utf-8 -*-
-from pymisp import ExpandedPyMISP, MISPEvent
-from keys import misp_url, misp_key, misp_verifycert
-import argparse
-if __name__ == '__main__':
-    parser = argparse.ArgumentParser(description='Create an event on MISP.')
-    parser.add_argument("-d", "--distrib", type=int, help="The distribution setting used for the attributes and for the newly created event, if relevant. [0-3].")
-    parser.add_argument("-i", "--info", help="Used to populate the event info field if no event ID supplied.")
-    parser.add_argument("-a", "--analysis", type=int, help="The analysis level of the newly created event, if applicable. [0-2]")
-    parser.add_argument("-t", "--threat", type=int, help="The threat level ID of the newly created event, if applicable. [1-4]")
-    args = parser.parse_args()
-    misp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert)
-    event = MISPEvent()
-    event.distribution = args.distrib
-    event.threat_level_id = args.threat
-    event.analysis = args.analysis
-    event.info = args.info
-    event = misp.add_event(event, pythonify=True)
-    print(event)

pymisp 2.5.7__py3-none-any.whl → 2.5.8__py3-none-any.whl

Potentially problematic release.

pymisp 2.5.7py3-none-any.whl → 2.5.8py3-none-any.whl