ail-framework/bin/modules/MISP_Thehive_Auto_Push.py

#!/usr/bin/env python3
# -*-coding:UTF-8 -*

"""
module
====================

This module send tagged pastes to MISP or THE HIVE Project

"""
import os
import sys
import time

sys.path.append(os.environ['AIL_BIN'])
##################################
# Import Project packages
##################################
from modules.abstract_module import AbstractModule
from lib.exceptions import MISPConnectionError
from lib.objects.Items import Item
from lib import Tag
from exporter.MISPExporter import MISPExporterAutoDaily
from exporter.TheHiveExporter import TheHiveExporterAlertTag

class MISP_Thehive_Auto_Push(AbstractModule):
    """MISP_Hive_Feeder module for AIL framework"""

    def __init__(self):
        super(MISP_Thehive_Auto_Push, self).__init__()

        # refresh Tracked Regex
        self.tags = Tag.refresh_auto_push()
        self.last_refresh = time.time()

        self.misp_exporter = MISPExporterAutoDaily()
        self.the_hive_exporter = TheHiveExporterAlertTag()

        # Send module state to logs
        self.logger.info(f"Module {self.module_name} initialized")

    def compute(self, message):
        if self.last_refresh < Tag.get_last_auto_push_refreshed() < 0:
            self.tags = Tag.refresh_auto_push()
            self.last_refresh = time.time()
            self.redis_logger.info('Tags Auto Push refreshed')

        item_id, tag = message.split(' ', 1)
        item = Item(item_id)

        # enabled
        if 'misp' in self.tags:
            if tag in self.tags['misp']:
                r = self.misp_exporter.export(item, tag)
                if r == -1:
                    Tag.set_auto_push_status('misp', 'ConnectionError')
                else:
                    Tag.set_auto_push_status('misp', '')
                    self.logger.info('MISP Pushed:', tag, '->', item_id)

        if 'thehive' in self.tags:
            if tag in self.tags['thehive']:
                r = self.the_hive_exporter.export(item, tag)
                if r == -1:
                    Tag.set_auto_push_status('thehive', 'ConnectionError')
                elif r == -2:
                    Tag.set_auto_push_status('thehive', 'Request Entity Too Large')
                else:
                    Tag.set_auto_push_status('thehive', '')
                    self.logger.info('thehive Pushed:', tag, '->', item_id)


if __name__ == "__main__":
    module = MISP_Thehive_Auto_Push()
    module.run()
chg: [MISP] refactor MISP thehive auto push 2023-05-16 14:34:22 +00:00			`#!/usr/bin/env python3`
			`# --coding:UTF-8 -`

			`"""`
			`module`
			`====================`

			`This module send tagged pastes to MISP or THE HIVE Project`

			`"""`
			`import os`
			`import sys`
			`import time`

			`sys.path.append(os.environ['AIL_BIN'])`
			`##################################`
			`# Import Project packages`
			`##################################`
			`from modules.abstract_module import AbstractModule`
			`from lib.exceptions import MISPConnectionError`
			`from lib.objects.Items import Item`
			`from lib import Tag`
			`from exporter.MISPExporter import MISPExporterAutoDaily`
			`from exporter.TheHiveExporter import TheHiveExporterAlertTag`

			`class MISP_Thehive_Auto_Push(AbstractModule):`
			`"""MISP_Hive_Feeder module for AIL framework"""`

			`def __init__(self):`
			`super(MISP_Thehive_Auto_Push, self).__init__()`

			`# refresh Tracked Regex`
			`self.tags = Tag.refresh_auto_push()`
			`self.last_refresh = time.time()`

			`self.misp_exporter = MISPExporterAutoDaily()`
			`self.the_hive_exporter = TheHiveExporterAlertTag()`

			`# Send module state to logs`
			`self.logger.info(f"Module {self.module_name} initialized")`

			`def compute(self, message):`
			`if self.last_refresh < Tag.get_last_auto_push_refreshed() < 0:`
			`self.tags = Tag.refresh_auto_push()`
			`self.last_refresh = time.time()`
			`self.redis_logger.info('Tags Auto Push refreshed')`

			`item_id, tag = message.split(' ', 1)`
			`item = Item(item_id)`

			`# enabled`
			`if 'misp' in self.tags:`
			`if tag in self.tags['misp']:`
			`r = self.misp_exporter.export(item, tag)`
			`if r == -1:`
			`Tag.set_auto_push_status('misp', 'ConnectionError')`
			`else:`
			`Tag.set_auto_push_status('misp', '')`
			`self.logger.info('MISP Pushed:', tag, '->', item_id)`

			`if 'thehive' in self.tags:`
			`if tag in self.tags['thehive']:`
			`r = self.the_hive_exporter.export(item, tag)`
			`if r == -1:`
			`Tag.set_auto_push_status('thehive', 'ConnectionError')`
			`elif r == -2:`
			`Tag.set_auto_push_status('thehive', 'Request Entity Too Large')`
			`else:`
			`Tag.set_auto_push_status('thehive', '')`
			`self.logger.info('thehive Pushed:', tag, '->', item_id)`


			`if __name__ == "__main__":`
			`module = MISP_Thehive_Auto_Push()`
			`module.run()`