2016-08-08 07:17:44 +00:00
|
|
|
#!/usr/bin/env python2
|
|
|
|
# -*-coding:UTF-8 -*
|
|
|
|
|
|
|
|
"""
|
|
|
|
The Browse_warning_paste module
|
|
|
|
====================
|
|
|
|
|
|
|
|
This module saved signaled paste (logged as 'warning') in redis for further usage
|
|
|
|
like browsing by category
|
|
|
|
|
|
|
|
Its input comes from other modules, namely:
|
|
|
|
Credential, CreditCard, SQLinjection, CVE, Keys, Mail and Phone
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
import redis
|
|
|
|
import time
|
|
|
|
from datetime import datetime, timedelta
|
|
|
|
from packages import Paste
|
|
|
|
from pubsublogger import publisher
|
|
|
|
from Helper import Process
|
|
|
|
|
2017-11-16 08:52:37 +00:00
|
|
|
from pymisp import PyMISP
|
|
|
|
import ailleakObject
|
|
|
|
from ../mispKEYS import misp_url, misp_key, misp_verifycert
|
|
|
|
|
2016-08-08 07:17:44 +00:00
|
|
|
if __name__ == "__main__":
|
|
|
|
publisher.port = 6380
|
|
|
|
publisher.channel = "Script"
|
|
|
|
|
2017-11-15 15:15:43 +00:00
|
|
|
config_section = 'alertHandler'
|
2016-08-08 07:17:44 +00:00
|
|
|
|
|
|
|
p = Process(config_section)
|
2017-11-16 08:52:37 +00:00
|
|
|
pymisp = PyMISP(misp_url, misp_key, misp_verifycert)
|
|
|
|
eventID = "9356"
|
|
|
|
mispTYPE = 'ail-leak'
|
2016-08-08 07:17:44 +00:00
|
|
|
|
2017-08-22 15:52:15 +00:00
|
|
|
# port generated automatically depending on the date
|
|
|
|
curYear = datetime.now().year
|
2016-08-08 07:17:44 +00:00
|
|
|
server = redis.StrictRedis(
|
|
|
|
host=p.config.get("Redis_Level_DB", "host"),
|
2017-08-22 15:52:15 +00:00
|
|
|
port=curYear,
|
2016-08-08 07:17:44 +00:00
|
|
|
db=p.config.get("Redis_Level_DB", "db"))
|
|
|
|
|
|
|
|
# FUNCTIONS #
|
|
|
|
publisher.info("Script duplicate started")
|
|
|
|
|
|
|
|
while True:
|
|
|
|
message = p.get_from_set()
|
|
|
|
if message is not None:
|
|
|
|
module_name, p_path = message.split(';')
|
|
|
|
#PST = Paste.Paste(p_path)
|
|
|
|
else:
|
|
|
|
publisher.debug("Script Attribute is idling 10s")
|
|
|
|
time.sleep(10)
|
|
|
|
continue
|
|
|
|
|
2017-11-15 15:15:43 +00:00
|
|
|
# Add in redis for browseWarningPaste
|
2016-08-08 07:17:44 +00:00
|
|
|
# Format in set: WARNING_moduleName -> p_path
|
|
|
|
key = "WARNING_" + module_name
|
|
|
|
server.sadd(key, p_path)
|
|
|
|
|
2017-11-15 15:15:43 +00:00
|
|
|
publisher.info('Saved warning paste {}'.format(p_path))
|
2016-08-08 07:17:44 +00:00
|
|
|
|
2017-11-16 08:52:37 +00:00
|
|
|
# Create MISP AIL-leak object
|
|
|
|
misp_object = AilleakObject(moduleName, path)
|
|
|
|
print('validate mispobj', misp_object._validate())
|
|
|
|
print(misp_object)
|
|
|
|
|
|
|
|
# Publish object to MISP
|
|
|
|
try:
|
|
|
|
templateID = [x['ObjectTemplate']['id'] for x in pymisp.get_object_templates_list() if x['ObjectTemplate']['name'] == mispTYPE
|
|
|
|
except IndexError:
|
|
|
|
valid_types = ", ".join([x['ObjectTemplate']['name'] for x in pymisp.get_object_templates_list()])
|
|
|
|
print ("Template for type %s not found! Valid types are: %s" % (mispTYPE, valid_types))
|
|
|
|
continue
|
|
|
|
#r = pymisp.add_object(eventID, templateID, misp_object)
|