fix hive and misp error

This commit is contained in:
Terrtia 2018-06-19 16:39:49 +02:00
parent af9db53171
commit 6a89fac309
No known key found for this signature in database
GPG key ID: 1E1B1F50D84613D0
4 changed files with 28 additions and 20 deletions

View file

@ -37,7 +37,7 @@ except:
# import The Hive Keys # import The Hive Keys
try: try:
from theHiveKEYS import the_hive_url, the_hive_key from theHiveKEYS import the_hive_url, the_hive_key, the_hive_verifycert
if the_hive_url == '': if the_hive_url == '':
flag_the_hive = False flag_the_hive = False
else: else:
@ -47,6 +47,7 @@ except:
flag_the_hive = False flag_the_hive = False
from thehive4py.api import TheHiveApi from thehive4py.api import TheHiveApi
import thehive4py.exceptions
from thehive4py.models import Alert, AlertArtifact from thehive4py.models import Alert, AlertArtifact
from thehive4py.models import Case, CaseTask, CustomFieldHelper from thehive4py.models import Case, CaseTask, CustomFieldHelper
@ -128,21 +129,40 @@ if __name__ == "__main__":
if flag_misp: if flag_misp:
try: try:
pymisp = PyMISP(misp_url, misp_key, misp_verifycert) pymisp = PyMISP(misp_url, misp_key, misp_verifycert)
except:
flag_misp = False
r_serv_db.set('ail:misp', False)
print('Not connected to MISP')
if flag_misp:
try:
misp_wrapper = ailleakObject.ObjectWrapper(pymisp) misp_wrapper = ailleakObject.ObjectWrapper(pymisp)
r_serv_db.set('ail:misp', True) r_serv_db.set('ail:misp', True)
print('Connected to MISP:', misp_url) print('Connected to MISP:', misp_url)
except: except e:
flag_misp = False flag_misp = False
r_serv_db.set('ail:misp', False)
print(e)
print('Not connected to MISP') print('Not connected to MISP')
# create The HIVE connection # create The HIVE connection
if flag_the_hive: if flag_the_hive:
try: try:
HiveApi = TheHiveApi(the_hive_url, the_hive_key) HiveApi = TheHiveApi(the_hive_url, the_hive_key, cert = the_hive_verifycert)
r_serv_db.set('ail:thehive', True) r_serv_db.set('ail:thehive', True)
print('Connected to The HIVE:', the_hive_url)
except: except:
HiveApi = False HiveApi = False
flag_the_hive = False
r_serv_db.set('ail:thehive', False)
print('Not connected to The HIVE')
if HiveApi != False and flag_the_hive:
try:
HiveApi.get_alert(0)
print('Connected to The HIVE:', the_hive_url)
except thehive4py.exceptions.AlertException:
HiveApi = False
flag_the_hive = False
print('Not connected to The HIVE') print('Not connected to The HIVE')
while True: while True:
@ -155,7 +175,7 @@ if __name__ == "__main__":
continue continue
else: else:
if HiveApi or flag_misp: if flag_the_hive or flag_misp:
tag, path = message.split(';') tag, path = message.split(';')
paste = Paste.Paste(path) paste = Paste.Paste(path)
source = '/'.join(paste.p_path.split('/')[-6:]) source = '/'.join(paste.p_path.split('/')[-6:])

View file

@ -1,6 +0,0 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
misp_url = ''
misp_key = '' # The MISP auth key can be found on the MISP web interface under the automation section
misp_verifycert = True

View file

@ -1,6 +0,0 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
the_hive_url = ''
the_hive_key = '' # The Hive auth key can be found on the The Hive web interface under the User Management
the_hive_verifycert = True

View file

@ -147,7 +147,7 @@ for tag in taxonomies.get('infoleak').machinetags():
if tag.split('=')[0][:] == 'infoleak:automatic-detection': if tag.split('=')[0][:] == 'infoleak:automatic-detection':
r_serv_db.sadd('list_export_tags', tag) r_serv_db.sadd('list_export_tags', tag)
r_serv_db.sadd('list_export_tags', 'submitted') r_serv_db.sadd('list_export_tags', 'infoleak:submission="manual"')
# ============ MAIN ============ # ============ MAIN ============
if __name__ == "__main__": if __name__ == "__main__":