Git Product home page Git Product logo

mispy's Introduction

MispPy

Basic pythonic implementation for querying the FireEye Intelligence api for automated MISP injestion.

For exporting to CSV, see FirePy

Leverages:

FireEye Intel APIv3
MISP

Requires:

Python3.9 or newer
pymisp
python-dotenv

pip3 install python-dotenv
pip3 install pymisp

Usage:

Add required variables to your .env file, in the same directory as FirePy.
The APP_NAME variable is used to identify Api activety by FireEye.

PUB=FireEyePublicKeyHere
PRIV=FireEyePrivateKeyHere
OUTPATH=/Path/To/Output/Here/
APP_NAME=OrganizationalNameHere

Add required MISP variables to keys.py

#!/usr/bin/env python
# -*- coding: utf-8 -*-

misp_url = 'https:///'
misp_key = 'Your MISP auth key' # The MISP auth key can be found on the MISP web interface under the automation section
misp_verifycert = True

Execute the python file MisPy.py

python3 MisPy.py

Output will be directed to your MISP instance as unpublished events. You can use PyMisp to automate publishing them. Replace x/y with the event ID range you wish to publish\

misp=ExpandedPyMISP(misp_url, misp_key, misp_verifycert)
try:
  for i in range(x,y):
    misp.publish(i)
except Exception as e:
  print(e)

Limitations:

50,000 queries per day, 1000 queries per second. Reference comments in the python file for individual endpoint limitations. All lengths are set to the maximum by default.

Recommended to run as schtask or cronjob. Edit to your paths to update events at 2:30am daily via cron.

#!/bin/bash

line="30 2 * * * /path/to/python3 /path/to/MisPy.py"
(crontab -u $(whoami) -l; echo "$line" ) | crontab -u $(whoami) -

Or install dependencies and MisPy, create a MisPy user, and run the cronjob as that user:

apt-get install python-pip3;pip3 install python-dotenv pymisp;cd /opt && git clone https://github.com/RpNull/MisPy;useradd MisPy -s /bin/bash;chmod -R 770 /opt/MisPy;chown -R MisPy:MisPy /opt/MisPy;mkdir /var/log/MisPy && touch /var/log/MisPy;chmod -R 770 /var/log/MisPy;chown -R MisPy:MisPy /var/log/MisPy && su MisPy;line="30 2 * * * /usr/bin/python3 /opt/MisPy/MisPy.py 1";(crontab -u $(whoami) -l; echo "$line" ) | crontab -u $(whoami) -

mispy's People

Contributors

rpnull avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.