From ee7759be91d0e1c9ae9b696e74263c07519ac4d0 Mon Sep 17 00:00:00 2001 From: Sami Mokaddem Date: Thu, 16 Nov 2017 11:18:13 +0100 Subject: [PATCH] Updated alertHandler and ailleakObject --- bin/ailleakOject.py | 36 ++++++++++++++++++++++++++++++++---- bin/alertHandler.py | 14 ++++++++------ 2 files changed, 40 insertions(+), 10 deletions(-) mode change 100644 => 100755 bin/ailleakOject.py diff --git a/bin/ailleakOject.py b/bin/ailleakOject.py old mode 100644 new mode 100755 index 03cb6c7f..d8475779 --- a/bin/ailleakOject.py +++ b/bin/ailleakOject.py @@ -1,12 +1,12 @@ -#!/usr/bin/env python3 +#!/usr/bin/env python3.5 # -*-coding:UTF-8 -* -from pymisp.tools import GenericObjectGenerator +from pymisp.tools.abstractgenerator import AbstractMISPObjectGenerator from packages import Paste class AilleakObject(AbstractMISPObjectGenerator): def __init__(self, moduleName, path): - super(GenericObject, self).__init__('ail-leak') + super(AbstractMISPObjectGenerator, self).__init__('ail-leak') self.moduleName = moduleName self.path = path self.paste = Paste.Paste(path) @@ -16,10 +16,38 @@ class AilleakObject(AbstractMISPObjectGenerator): self.add_attribute('type', value=self.moduleName) self.add_attribute('origin', value=self.paste.p_source) self.add_attribute('last-seen', value=self.paste.p_date) - self.add_attribute('raw-data', value=self.paste.get_p_content()) + #self.add_attribute('raw-data', value=self.paste.get_p_content()) ''' # duplicated duplicate_list = json.loads(paste._get_p_duplicate()) is_duplicate = True if len(duplicate_list) > 0 else False self.add_attribute('duplicate', value=is_duplicate) ''' + + +if __name__ == "__main__": + + import sys + sys.path.append('../') + from mispKEYS import misp_url, misp_key, misp_verifycert + from pymisp import PyMISP + + pymisp = PyMISP(misp_url, misp_key, misp_verifycert) + eventID = "9356" + mispTYPE = 'ail-leak' + + moduleName = "Credentials" + path = "/home/sami/git/AIL-framework/PASTES/archive/pastebin.com_pro/2017/08/23/bPFaJymf.gz" + + misp_object = AilleakObject(moduleName, path) + print('validate mispobj', misp_object._validate()) + print(misp_object) + + # Publish object to MISP + try: + templateID = [x['ObjectTemplate']['id'] for x in pymisp.get_object_templates_list() if x['ObjectTemplate']['name'] == mispTYPE][0] + except IndexError: + valid_types = ", ".join([x['ObjectTemplate']['name'] for x in pymisp.get_object_templates_list()]) + print ("Template for type %s not found! Valid types are: %s" % (mispTYPE, valid_types)) + print(templateID) + #r = pymisp.add_object(eventID, templateID, misp_object) diff --git a/bin/alertHandler.py b/bin/alertHandler.py index cb654639..d5f23545 100755 --- a/bin/alertHandler.py +++ b/bin/alertHandler.py @@ -22,7 +22,9 @@ from Helper import Process from pymisp import PyMISP import ailleakObject -from ../mispKEYS import misp_url, misp_key, misp_verifycert +import sys +sys.path.append('../') +from mispKEYS import misp_url, misp_key, misp_verifycert if __name__ == "__main__": publisher.port = 6380 @@ -69,9 +71,9 @@ if __name__ == "__main__": # Publish object to MISP try: - templateID = [x['ObjectTemplate']['id'] for x in pymisp.get_object_templates_list() if x['ObjectTemplate']['name'] == mispTYPE - except IndexError: - valid_types = ", ".join([x['ObjectTemplate']['name'] for x in pymisp.get_object_templates_list()]) - print ("Template for type %s not found! Valid types are: %s" % (mispTYPE, valid_types)) - continue + templateID = [x['ObjectTemplate']['id'] for x in pymisp.get_object_templates_list() if x['ObjectTemplate']['name'] == mispTYPE][0] + except IndexError: + valid_types = ", ".join([x['ObjectTemplate']['name'] for x in pymisp.get_object_templates_list()]) + print ("Template for type %s not found! Valid types are: %s" % (mispTYPE, valid_types)) + continue #r = pymisp.add_object(eventID, templateID, misp_object)