More code modification regarding MISP integration
This commit is contained in:
Félix Aime
@@ -19,8 +19,7 @@ def add_instance():
|
||||
:return: status of the operation in JSON
|
||||
"""
|
||||
data = json.loads(request.data)
|
||||
instance = data["data"]["instance"]
|
||||
res = misp.add_instance(instance)
|
||||
res = misp.add_instance(data["data"]["instance"])
|
||||
return jsonify(res)
|
||||
|
||||
@misp_bp.route('/delete/<misp_id>', methods=['GET'])
|
||||
|
||||
@@ -27,6 +27,7 @@ class MISP(object):
|
||||
name = instance["name"]
|
||||
apikey = instance["key"]
|
||||
verify = instance["ssl"]
|
||||
last_sync = int(time.time()-31536000) # One year
|
||||
|
||||
sameinstances = db.session.query(MISPInst).filter(
|
||||
MISPInst.url == url, MISPInst.apikey == apikey)
|
||||
@@ -36,14 +37,11 @@ class MISP(object):
|
||||
if name:
|
||||
if self.test_instance(url, apikey, verify):
|
||||
added_on = int(time.time())
|
||||
db.session.add(MISPInst(name, escape(url), apikey, verify, added_on))
|
||||
db.session.add(MISPInst(name, escape(
|
||||
url), apikey, verify, added_on, last_sync))
|
||||
db.session.commit()
|
||||
return {"status": True,
|
||||
"message": "MISP instance added",
|
||||
"name": escape(name),
|
||||
"url": escape(url),
|
||||
"apikey": escape(apikey),
|
||||
"verifycert": escape(verify)}
|
||||
"message": "MISP instance added"}
|
||||
else:
|
||||
return {"status": False,
|
||||
"message": "Please verify the connection to the MISP instance"}
|
||||
@@ -78,7 +76,8 @@ class MISP(object):
|
||||
"url": misp["url"],
|
||||
"apikey": misp["apikey"],
|
||||
"verifycert": True if misp["verifycert"] else False,
|
||||
"connected": self.test_instance(misp["url"], misp["apikey"], misp["verifycert"]) }
|
||||
"connected": self.test_instance(misp["url"], misp["apikey"], misp["verifycert"]),
|
||||
"lastsync": misp["last_sync"]}
|
||||
|
||||
@staticmethod
|
||||
def test_instance(url, apikey, verify):
|
||||
@@ -92,11 +91,23 @@ class MISP(object):
|
||||
except:
|
||||
return False
|
||||
|
||||
def update_sync(misp_id):
|
||||
"""
|
||||
Update the last synchronization date by the actual date.
|
||||
:return: bool, True if updated.
|
||||
"""
|
||||
try:
|
||||
misp = MISPInst.query.get(int(misp_id))
|
||||
misp.last_sync = int(time.time())
|
||||
db.session.commit()
|
||||
return True
|
||||
except:
|
||||
return False
|
||||
|
||||
@staticmethod
|
||||
def get_iocs(misp_id):
|
||||
"""
|
||||
Get all IOCs from specific MISP instance
|
||||
/!\ Todo: NEED TO ADD LAST SYNCHRO DATE + page etc. stuff.
|
||||
:return: generator containing the IOCs.
|
||||
"""
|
||||
misp = MISPInst.query.get(int(misp_id))
|
||||
@@ -105,7 +116,7 @@ class MISP(object):
|
||||
try:
|
||||
# Connect to MISP instance and get network activity attributes.
|
||||
m = PyMISP(misp.url, misp.apikey, misp.verifycert)
|
||||
r = m.search("attributes", category="Network activity")
|
||||
r = m.search("attributes", category="Network activity", date_from=misp.lastsync)
|
||||
except:
|
||||
print("Unable to connect to the MISP instance ({}/{}).".format(misp.url, misp.apikey))
|
||||
return []
|
||||
|
||||
@@ -20,12 +20,13 @@ class Whitelist(db.Model):
|
||||
|
||||
|
||||
class MISPInst(db.Model):
|
||||
def __init__(self, name, url, key, ssl, added_on):
|
||||
def __init__(self, name, url, key, ssl, added_on, last_sync):
|
||||
self.name = name
|
||||
self.url = url
|
||||
self.apikey = key
|
||||
self.verifycert = ssl
|
||||
self.added_on = added_on
|
||||
self.last_sync = last_sync
|
||||
|
||||
|
||||
db.mapper(Whitelist, db.Table('whitelist', db.metadata, autoload=True))
|
||||
|
||||
@@ -133,6 +133,7 @@ def watch_misp():
|
||||
instances.pop(i)
|
||||
if instances: time.sleep(60)
|
||||
|
||||
|
||||
p1 = Process(target=watch_iocs)
|
||||
p2 = Process(target=watch_whitelists)
|
||||
p3 = Process(target=watch_misp)
|
||||
|
||||
Reference in New Issue
Block a user