Updated alertHandler and ailleakObject

2024-11-27 00:07:16 +00:00 · 2017-11-16 11:18:13 +01:00 · 2017-11-16 11:18:13 +01:00 · ee7759be91
commit ee7759be91
parent 5c7c07fbea
2 changed files with 40 additions and 10 deletions
--- a/bin/ailleakOject.py
+++ b/bin/ailleakOject.py
@ -1,12 +1,12 @@
-#!/usr/bin/env python3
+#!/usr/bin/env python3.5
 # -*-coding:UTF-8 -*
-from pymisp.tools import GenericObjectGenerator
+from pymisp.tools.abstractgenerator import AbstractMISPObjectGenerator
 from packages import Paste
 class AilleakObject(AbstractMISPObjectGenerator):
    def __init__(self, moduleName, path):
-        super(GenericObject, self).__init__('ail-leak')
+        super(AbstractMISPObjectGenerator, self).__init__('ail-leak')
        self.moduleName = moduleName
        self.path = path
        self.paste = Paste.Paste(path)
@ -16,10 +16,38 @@ class AilleakObject(AbstractMISPObjectGenerator):
        self.add_attribute('type', value=self.moduleName)
        self.add_attribute('origin', value=self.paste.p_source)
        self.add_attribute('last-seen', value=self.paste.p_date)
-        self.add_attribute('raw-data', value=self.paste.get_p_content())
+        #self.add_attribute('raw-data', value=self.paste.get_p_content())
        '''
        # duplicated
        duplicate_list = json.loads(paste._get_p_duplicate())
        is_duplicate = True if len(duplicate_list) > 0 else False
        self.add_attribute('duplicate', value=is_duplicate)
        '''
 if __name__ == "__main__":
    import sys
    sys.path.append('../')
    from mispKEYS import misp_url, misp_key, misp_verifycert
    from pymisp import PyMISP
    pymisp = PyMISP(misp_url, misp_key, misp_verifycert)
    eventID = "9356"
    mispTYPE = 'ail-leak'
    moduleName = "Credentials"
    path = "/home/sami/git/AIL-framework/PASTES/archive/pastebin.com_pro/2017/08/23/bPFaJymf.gz"
    misp_object = AilleakObject(moduleName, path)
    print('validate mispobj', misp_object._validate())
    print(misp_object)
    # Publish object to MISP
    try:
        templateID = [x['ObjectTemplate']['id'] for x in pymisp.get_object_templates_list() if x['ObjectTemplate']['name'] == mispTYPE][0]
    except IndexError:
        valid_types = ", ".join([x['ObjectTemplate']['name'] for x in pymisp.get_object_templates_list()])
        print ("Template for type %s not found! Valid types are: %s" % (mispTYPE, valid_types))
    print(templateID)
    #r = pymisp.add_object(eventID, templateID, misp_object)
--- a/bin/alertHandler.py
+++ b/bin/alertHandler.py
@ -22,7 +22,9 @@ from Helper import Process
 from pymisp import PyMISP
 import ailleakObject
-from ../mispKEYS import misp_url, misp_key, misp_verifycert
+import sys
 sys.path.append('../')
 from mispKEYS import misp_url, misp_key, misp_verifycert
 if __name__ == "__main__":
    publisher.port = 6380
@ -69,9 +71,9 @@ if __name__ == "__main__":
            # Publish object to MISP
            try:
-                    templateID = [x['ObjectTemplate']['id'] for x in pymisp.get_object_templates_list() if x['ObjectTemplate']['name'] == mispTYPE
+                templateID = [x['ObjectTemplate']['id'] for x in pymisp.get_object_templates_list() if x['ObjectTemplate']['name'] == mispTYPE][0]
-                except IndexError:
+            except IndexError:
-                    valid_types = ", ".join([x['ObjectTemplate']['name'] for x in pymisp.get_object_templates_list()])
+                valid_types = ", ".join([x['ObjectTemplate']['name'] for x in pymisp.get_object_templates_list()])
-                    print ("Template for type %s not found! Valid types are: %s" % (mispTYPE, valid_types))
+                print ("Template for type %s not found! Valid types are: %s" % (mispTYPE, valid_types))
-            continue
+                continue
            #r = pymisp.add_object(eventID, templateID, misp_object)