mirror of
https://github.com/ail-project/ail-framework.git
synced 2024-11-30 09:47:17 +00:00
Updated alertHandler and ailleakObject
This commit is contained in:
parent
5c7c07fbea
commit
ee7759be91
2 changed files with 40 additions and 10 deletions
36
bin/ailleakOject.py
Normal file → Executable file
36
bin/ailleakOject.py
Normal file → Executable file
|
@ -1,12 +1,12 @@
|
||||||
#!/usr/bin/env python3
|
#!/usr/bin/env python3.5
|
||||||
# -*-coding:UTF-8 -*
|
# -*-coding:UTF-8 -*
|
||||||
|
|
||||||
from pymisp.tools import GenericObjectGenerator
|
from pymisp.tools.abstractgenerator import AbstractMISPObjectGenerator
|
||||||
from packages import Paste
|
from packages import Paste
|
||||||
|
|
||||||
class AilleakObject(AbstractMISPObjectGenerator):
|
class AilleakObject(AbstractMISPObjectGenerator):
|
||||||
def __init__(self, moduleName, path):
|
def __init__(self, moduleName, path):
|
||||||
super(GenericObject, self).__init__('ail-leak')
|
super(AbstractMISPObjectGenerator, self).__init__('ail-leak')
|
||||||
self.moduleName = moduleName
|
self.moduleName = moduleName
|
||||||
self.path = path
|
self.path = path
|
||||||
self.paste = Paste.Paste(path)
|
self.paste = Paste.Paste(path)
|
||||||
|
@ -16,10 +16,38 @@ class AilleakObject(AbstractMISPObjectGenerator):
|
||||||
self.add_attribute('type', value=self.moduleName)
|
self.add_attribute('type', value=self.moduleName)
|
||||||
self.add_attribute('origin', value=self.paste.p_source)
|
self.add_attribute('origin', value=self.paste.p_source)
|
||||||
self.add_attribute('last-seen', value=self.paste.p_date)
|
self.add_attribute('last-seen', value=self.paste.p_date)
|
||||||
self.add_attribute('raw-data', value=self.paste.get_p_content())
|
#self.add_attribute('raw-data', value=self.paste.get_p_content())
|
||||||
'''
|
'''
|
||||||
# duplicated
|
# duplicated
|
||||||
duplicate_list = json.loads(paste._get_p_duplicate())
|
duplicate_list = json.loads(paste._get_p_duplicate())
|
||||||
is_duplicate = True if len(duplicate_list) > 0 else False
|
is_duplicate = True if len(duplicate_list) > 0 else False
|
||||||
self.add_attribute('duplicate', value=is_duplicate)
|
self.add_attribute('duplicate', value=is_duplicate)
|
||||||
'''
|
'''
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == "__main__":
|
||||||
|
|
||||||
|
import sys
|
||||||
|
sys.path.append('../')
|
||||||
|
from mispKEYS import misp_url, misp_key, misp_verifycert
|
||||||
|
from pymisp import PyMISP
|
||||||
|
|
||||||
|
pymisp = PyMISP(misp_url, misp_key, misp_verifycert)
|
||||||
|
eventID = "9356"
|
||||||
|
mispTYPE = 'ail-leak'
|
||||||
|
|
||||||
|
moduleName = "Credentials"
|
||||||
|
path = "/home/sami/git/AIL-framework/PASTES/archive/pastebin.com_pro/2017/08/23/bPFaJymf.gz"
|
||||||
|
|
||||||
|
misp_object = AilleakObject(moduleName, path)
|
||||||
|
print('validate mispobj', misp_object._validate())
|
||||||
|
print(misp_object)
|
||||||
|
|
||||||
|
# Publish object to MISP
|
||||||
|
try:
|
||||||
|
templateID = [x['ObjectTemplate']['id'] for x in pymisp.get_object_templates_list() if x['ObjectTemplate']['name'] == mispTYPE][0]
|
||||||
|
except IndexError:
|
||||||
|
valid_types = ", ".join([x['ObjectTemplate']['name'] for x in pymisp.get_object_templates_list()])
|
||||||
|
print ("Template for type %s not found! Valid types are: %s" % (mispTYPE, valid_types))
|
||||||
|
print(templateID)
|
||||||
|
#r = pymisp.add_object(eventID, templateID, misp_object)
|
||||||
|
|
|
@ -22,7 +22,9 @@ from Helper import Process
|
||||||
|
|
||||||
from pymisp import PyMISP
|
from pymisp import PyMISP
|
||||||
import ailleakObject
|
import ailleakObject
|
||||||
from ../mispKEYS import misp_url, misp_key, misp_verifycert
|
import sys
|
||||||
|
sys.path.append('../')
|
||||||
|
from mispKEYS import misp_url, misp_key, misp_verifycert
|
||||||
|
|
||||||
if __name__ == "__main__":
|
if __name__ == "__main__":
|
||||||
publisher.port = 6380
|
publisher.port = 6380
|
||||||
|
@ -69,9 +71,9 @@ if __name__ == "__main__":
|
||||||
|
|
||||||
# Publish object to MISP
|
# Publish object to MISP
|
||||||
try:
|
try:
|
||||||
templateID = [x['ObjectTemplate']['id'] for x in pymisp.get_object_templates_list() if x['ObjectTemplate']['name'] == mispTYPE
|
templateID = [x['ObjectTemplate']['id'] for x in pymisp.get_object_templates_list() if x['ObjectTemplate']['name'] == mispTYPE][0]
|
||||||
except IndexError:
|
except IndexError:
|
||||||
valid_types = ", ".join([x['ObjectTemplate']['name'] for x in pymisp.get_object_templates_list()])
|
valid_types = ", ".join([x['ObjectTemplate']['name'] for x in pymisp.get_object_templates_list()])
|
||||||
print ("Template for type %s not found! Valid types are: %s" % (mispTYPE, valid_types))
|
print ("Template for type %s not found! Valid types are: %s" % (mispTYPE, valid_types))
|
||||||
continue
|
continue
|
||||||
#r = pymisp.add_object(eventID, templateID, misp_object)
|
#r = pymisp.add_object(eventID, templateID, misp_object)
|
||||||
|
|
Loading…
Reference in a new issue