How to use the pymisp.tools.GenericObjectGenerator function in pymisp
To help you get started, weāve selected a few pymisp examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
MISP / PyMISP / tests / testlive_comprehensive.py View on Github 
def test_unknown_template(self):
first = self.create_simple_event()
attributeAsDict = [{'MyCoolAttribute': {'value': 'critical thing', 'type': 'text'}},
{'MyCoolerAttribute': {'value': 'even worse', 'type': 'text', 'disable_correlation': True}}]
misp_object = GenericObjectGenerator('my-cool-template')
misp_object.generate_attributes(attributeAsDict)
first.add_object(misp_object)
blah_object = MISPObject('BLAH_TEST')
blah_object.add_reference(misp_object.uuid, "test relation")
blah_object.add_attribute('transaction-number', value='foo', type="text", disable_correlation=True)
first.add_object(blah_object)
try:
first = self.user_misp_connector.add_event(first)
self.assertEqual(len(first.objects[0].attributes), 2)
self.assertFalse(first.objects[0].attributes[0].disable_correlation)
self.assertTrue(first.objects[0].attributes[1].disable_correlation)
self.assertTrue(first.objects[1].attributes[0].disable_correlation)
finally:
# Delete event
self.admin_misp_connector.delete_event(first)# add atrributes to event
# get ID from new event
eid = int(my_event['Event']['id'])
# loop for attribute entries
# please note that distribution will be force to 5 = inherit -
# if not provided default to your organisation
for a in event['attribute']:
add_attribute(pymisp, eid, a['type'], a['value'], a['category'], a['to_ids'])
# loop for file object entry
if event['fo_count'] > 0:
try:
template_id = [x['ObjectTemplate']['id'] for x in pymisp.get_object_templates_list() if x['ObjectTemplate']['name'] == 'file'][0]
fo_record = event['fo_count']
while fo_record > 0:
misp_object = GenericObjectGenerator('file')
my_key = 'fo_' + str(fo_record)
misp_object.generate_attributes(event[my_key])
r = pymisp.add_object(eid, template_id, misp_object)
fo_record = fo_record - 1
except IndexError:
valid_types = ", ".join([x['ObjectTemplate']['name'] for x in pymisp.get_object_templates_list()])
print("Template for type %s not found! Valid types are: %s" % ('file', valid_types))
# loop for email object entry
if event['eo_count'] > 0:
try:
template_id = [x['ObjectTemplate']['id'] for x in pymisp.get_object_templates_list() if x['ObjectTemplate']['name'] == 'email'][0]
eo_record = event['eo_count']
while eo_record > 0:
misp_object = GenericObjectGenerator('email')Args:
template_name: template name as described in
args: arguments to create the generic object
Returns:
GenericObjectGenerator: object created in MISP
Example:
args should look like:
[{'analysis_submitted_at': '2018-06-15T06:40:27'},
{'threat_score': {value=95, to_ids=False}},
{'permalink': 'https://panacea.threatgrid.com/mask/samples/2e445ef5389d8b'},
{'heuristic_raw_score': 7.8385159793597}, {'heuristic_score': 96},
{'original_filename': 'juice.exe'}, {'id': '2e445ef5389d8b'}] # guardrails-disable-line
"""
misp_object = GenericObjectGenerator(template_name)
misp_object.generate_attributes(args)
return misp_object
"colour": "#ffffff",
"name": "tlp:white"
},
{
"colour": "#ff00ff",
"name": "my:custom:feed"
}
]
# MISP Object constructor
from ObjectConstructor.CowrieMISPObject import CowrieMISPObject
from pymisp.tools import GenericObjectGenerator
constructor_dict = {
'cowrie': CowrieMISPObject,
'generic': GenericObjectGenerator
}
# Others
## Redis pooling time
sleep=60misp_object = GenericObjectGenerator('email')
my_key = 'eo_' + str(eo_record)
misp_object.generate_attributes(event[my_key])
r = pymisp.add_object(eid, template_id, misp_object)
eo_record = eo_record - 1
except IndexError:
valid_types = ", ".join([x['ObjectTemplate']['name'] for x in pymisp.get_object_templates_list()])
print ("Template for type %s not found! Valid types are: %s" %('file', valid_types))
# loop for domain-ip object entry
if event['no_count'] > 0:
try:
template_id = [x['ObjectTemplate']['id'] for x in pymisp.get_object_templates_list() if x['ObjectTemplate']['name'] == 'domain-ip'][0]
no_record = event['no_count']
while no_record > 0:
misp_object = GenericObjectGenerator('domain-ip')
my_key = 'no_' + str(no_record)
misp_object.generate_attributes(event[my_key])
r = pymisp.add_object(eid, template_id, misp_object)
no_record = no_record - 1
except IndexError:
valid_types = ", ".join([x['ObjectTemplate']['name'] for x in pymisp.get_object_templates_list()])
print("Template for type %s not found! Valid types are: %s" %('file', valid_types))
eventlist['eid'] = uuid
return eventlist# sighting
if key.endswith(self.SUFFIX_SIGH):
pass
# attribute
elif key.endswith(self.SUFFIX_ATTR):
attr_type = data.pop('type')
attr_value = data.pop('value')
self.current_event.add_attribute(attr_type, attr_value, **data)
self.add_hash(attr_type, attr_value)
# object
elif key.endswith(self.SUFFIX_OBJ):
# create the MISP object
obj_name = data.pop('name')
misp_object = GenericObjectGenerator(obj_name)
for k, v in data.items():
if k not in self.sys_templates[obj_name]['attributes']: # attribute is not in the object template definition
# add it with type text
misp_object.add_attribute(k, **{'value': v, 'type': 'text'})
else:
misp_object.add_attribute(k, **{'value': v})
self.current_event.add_object(misp_object)
for attr_type, attr_value in data.items():
self.add_hash(attr_type, attr_value)
else:
raise NoValidKey("Can't define action to perform")my_key = 'fo_' + str(fo_record)
misp_object.generate_attributes(event[my_key])
r = pymisp.add_object(eid, template_id, misp_object)
fo_record = fo_record - 1
except IndexError:
valid_types = ", ".join([x['ObjectTemplate']['name'] for x in pymisp.get_object_templates_list()])
print("Template for type %s not found! Valid types are: %s" % ('file', valid_types))
# loop for email object entry
if event['eo_count'] > 0:
try:
template_id = [x['ObjectTemplate']['id'] for x in pymisp.get_object_templates_list() if x['ObjectTemplate']['name'] == 'email'][0]
eo_record = event['eo_count']
while eo_record > 0:
misp_object = GenericObjectGenerator('email')
my_key = 'eo_' + str(eo_record)
misp_object.generate_attributes(event[my_key])
r = pymisp.add_object(eid, template_id, misp_object)
eo_record = eo_record - 1
except IndexError:
valid_types = ", ".join([x['ObjectTemplate']['name'] for x in pymisp.get_object_templates_list()])
print ("Template for type %s not found! Valid types are: %s" %('file', valid_types))
# loop for domain-ip object entry
if event['no_count'] > 0:
try:
template_id = [x['ObjectTemplate']['id'] for x in pymisp.get_object_templates_list() if x['ObjectTemplate']['name'] == 'domain-ip'][0]
no_record = event['no_count']
while no_record > 0:
misp_object = GenericObjectGenerator('domain-ip')
my_key = 'no_' + str(no_record)
Popular pymisp functions
- pymisp.abstract.AbstractMISP
- pymisp.Distribution
- pymisp.exceptions.InvalidMISPObject
- pymisp.exceptions.PyMISPError
- pymisp.ExpandedPyMISP
- pymisp.MISPAttribute
- pymisp.MISPEvent
- pymisp.mispevent.MISPAttribute
- pymisp.mispevent.MISPEvent
- pymisp.mispevent.MISPFeed
- pymisp.mispevent.MISPOrganisation
- pymisp.mispevent.MISPShadowAttribute
- pymisp.MISPObject
- pymisp.MISPTag
- pymisp.PyMISP
- pymisp.tools.abstractgenerator.AbstractMISPObjectGenerator
- pymisp.tools.GenericObjectGenerator
- pymisp.tools.make_binary_objects
- pymisp.tools.reportlab_generator.convert_event_in_pdf_buffer
- pymisp.tools.reportlab_generator.register_value_to_file