2024-06-26 13:30:47 +00:00
|
|
|
#!/usr/bin/env python3
|
|
|
|
|
|
|
|
import json
|
2024-07-02 11:44:01 +00:00
|
|
|
from datetime import timedelta
|
2024-06-26 13:30:47 +00:00
|
|
|
from typing import Union
|
|
|
|
from urllib.parse import urljoin
|
2024-07-03 09:51:44 +00:00
|
|
|
import asyncio
|
2024-06-26 13:30:47 +00:00
|
|
|
import requests # type: ignore
|
|
|
|
import requests.adapters # type: ignore
|
2024-07-02 11:44:01 +00:00
|
|
|
from requests_cache import CachedSession
|
2024-06-26 13:30:47 +00:00
|
|
|
from requests.packages.urllib3.exceptions import InsecureRequestWarning # type: ignore
|
|
|
|
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
|
|
|
|
|
2024-07-02 11:46:15 +00:00
|
|
|
from config import misp_url, misp_apikey, misp_skipssl, logger
|
2024-06-26 13:30:47 +00:00
|
|
|
|
2024-07-02 11:44:01 +00:00
|
|
|
requestSession = CachedSession(cache_name='misp_cache', expire_after=timedelta(seconds=5))
|
|
|
|
adapterCache = requests.adapters.HTTPAdapter(pool_connections=50, pool_maxsize=50)
|
|
|
|
requestSession.mount('https://', adapterCache)
|
|
|
|
requestSession.mount('http://', adapterCache)
|
|
|
|
|
2024-06-26 13:30:47 +00:00
|
|
|
|
2024-07-03 09:51:44 +00:00
|
|
|
async def get(url, data={}, api_key=misp_apikey):
|
2024-06-26 13:30:47 +00:00
|
|
|
headers = {
|
|
|
|
'User-Agent': 'misp-exercise-dashboard',
|
|
|
|
"Authorization": api_key,
|
|
|
|
"Accept": "application/json",
|
|
|
|
"Content-Type": "application/json"
|
|
|
|
}
|
|
|
|
full_url = urljoin(misp_url, url)
|
2024-07-01 12:40:32 +00:00
|
|
|
try:
|
2024-07-03 09:51:44 +00:00
|
|
|
loop = asyncio.get_event_loop()
|
|
|
|
job = lambda: requestSession.get(full_url, data=data, headers=headers, verify=not misp_skipssl)
|
|
|
|
runningJob = loop.run_in_executor(None, job)
|
|
|
|
response = await runningJob
|
2024-07-01 12:48:00 +00:00
|
|
|
except requests.exceptions.ConnectionError as e:
|
2024-07-02 11:56:10 +00:00
|
|
|
logger.info('Could not perform request on MISP. %s', e)
|
2024-07-01 12:40:32 +00:00
|
|
|
return None
|
2024-07-03 09:51:44 +00:00
|
|
|
except Exception as e:
|
|
|
|
logger.warning('Could not perform request on MISP. %s', e)
|
2024-07-02 13:05:44 +00:00
|
|
|
try:
|
|
|
|
return response.json() if response.headers['content-type'].startswith('application/json') else response.text
|
|
|
|
except requests.exceptions.JSONDecodeError:
|
|
|
|
return response.text
|
2024-06-26 13:30:47 +00:00
|
|
|
|
|
|
|
|
2024-07-03 09:51:44 +00:00
|
|
|
async def post(url, data={}, api_key=misp_apikey):
|
2024-06-26 13:30:47 +00:00
|
|
|
headers = {
|
|
|
|
'User-Agent': 'misp-exercise-dashboard',
|
|
|
|
"Authorization": api_key,
|
|
|
|
"Accept": "application/json",
|
|
|
|
"Content-Type": "application/json"
|
|
|
|
}
|
|
|
|
full_url = urljoin(misp_url, url)
|
2024-07-01 12:40:32 +00:00
|
|
|
try:
|
2024-07-03 09:51:44 +00:00
|
|
|
loop = asyncio.get_event_loop()
|
|
|
|
job = lambda: requestSession.post(full_url, data=json.dumps(data), headers=headers, verify=not misp_skipssl)
|
|
|
|
runningJob = loop.run_in_executor(None, job)
|
|
|
|
response = await runningJob
|
2024-07-01 12:48:00 +00:00
|
|
|
except requests.exceptions.ConnectionError as e:
|
2024-07-02 11:56:10 +00:00
|
|
|
logger.info('Could not perform request on MISP. %s', e)
|
2024-07-01 12:40:32 +00:00
|
|
|
return None
|
2024-07-03 09:51:44 +00:00
|
|
|
except Exception as e:
|
|
|
|
logger.warning('Could not perform request on MISP. %s', e)
|
2024-07-02 13:05:44 +00:00
|
|
|
try:
|
|
|
|
return response.json() if response.headers['content-type'].startswith('application/json') else response.text
|
|
|
|
except requests.exceptions.JSONDecodeError:
|
|
|
|
return response.text
|
2024-06-26 13:30:47 +00:00
|
|
|
|
|
|
|
|
2024-07-03 09:51:44 +00:00
|
|
|
async def getEvent(event_id: int) -> Union[None, dict]:
|
|
|
|
return await get(f'/events/view/{event_id}')
|
2024-06-26 13:30:47 +00:00
|
|
|
|
|
|
|
|
2024-07-03 09:51:44 +00:00
|
|
|
async def doRestQuery(authkey: str, request_method: str, url: str, payload: dict = {}) -> Union[None, dict]:
|
2024-06-26 13:30:47 +00:00
|
|
|
if request_method == 'POST':
|
2024-07-03 09:51:44 +00:00
|
|
|
return await post(url, payload, api_key=authkey)
|
2024-06-26 13:30:47 +00:00
|
|
|
else:
|
2024-07-03 09:51:44 +00:00
|
|
|
return await get(url, payload, api_key=authkey)
|
2024-07-01 11:12:23 +00:00
|
|
|
|
|
|
|
|
2024-07-03 09:51:44 +00:00
|
|
|
async def getVersion() -> Union[None, dict]:
|
|
|
|
return await get(f'/servers/getVersion.json')
|
2024-07-01 12:31:29 +00:00
|
|
|
|
|
|
|
|
2024-07-03 09:51:44 +00:00
|
|
|
async def getSettings() -> Union[None, dict]:
|
2024-07-01 11:12:23 +00:00
|
|
|
SETTING_TO_QUERY = [
|
|
|
|
'Plugin.ZeroMQ_enable',
|
|
|
|
'Plugin.ZeroMQ_audit_notifications_enable',
|
|
|
|
'Plugin.ZeroMQ_event_notifications_enable',
|
|
|
|
'Plugin.ZeroMQ_attribute_notifications_enable',
|
|
|
|
'MISP.log_paranoid',
|
|
|
|
'MISP.log_paranoid_skip_db',
|
|
|
|
'MISP.log_paranoid_include_post_body',
|
|
|
|
'MISP.log_auth',
|
|
|
|
'Security.allow_unsafe_cleartext_apikey_logging',
|
|
|
|
]
|
2024-07-03 09:51:44 +00:00
|
|
|
settings = await get(f'/servers/serverSettings.json')
|
2024-07-01 11:12:23 +00:00
|
|
|
if not settings:
|
|
|
|
return None
|
|
|
|
return {
|
|
|
|
setting['setting']: setting['value'] for setting in settings.get('finalSettings', []) if setting['setting'] in SETTING_TO_QUERY
|
|
|
|
}
|