Merge branch 'LDO-CERT-master'

MISP · Jan 23, 2018 · 19fa34c · 19fa34c
2 parents 8026d0f + e2bb66d
commit 19fa34c
Show file tree

Hide file tree

Showing 4 changed files with 39 additions and 1 deletion.
diff --git a/examples/add_sbsignature.py b/examples/add_sbsignature.py
@@ -0,0 +1,16 @@
+import json
+from pymisp import PyMISP
+from keys import misp_url, misp_key, misp_verifycert
+from pymisp.tools import SBSignatureObject
+
+pymisp = PyMISP(misp_url, misp_key, misp_verifycert)
+a = json.loads('{"signatures":[{"new_data":[],"confidence":100,"families":[],"severity":1,"weight":0,"description":"AttemptstoconnecttoadeadIP:Port(2uniquetimes)","alert":false,"references":[],"data":[{"IP":"95.101.39.58:80(Europe)"},{"IP":"192.35.177.64:80(UnitedStates)"}],"name":"dead_connect"},{"new_data":[],"confidence":30,"families":[],"severity":2,"weight":1,"description":"PerformssomeHTTPrequests","alert":false,"references":[],"data":[{"url":"http://cert.int-x3.letsencrypt.org/"},{"url":"http://apps.identrust.com/roots/dstrootcax3.p7c"}],"name":"network_http"},{"new_data":[],"confidence":100,"families":[],"severity":2,"weight":1,"description":"Theofficefilehasaunconventionalcodepage:ANSICyrillic;Cyrillic(Windows)","alert":false,"references":[],"data":[],"name":"office_code_page"}]}')
+a = [(x['name'], x['description']) for x in a["signatures"]]
+
+
+b = SBSignatureObject(a)
+
+
+template_id = [x['ObjectTemplate']['id'] for x in pymisp.get_object_templates_list() if x['ObjectTemplate']['name'] == 'sb-signature'][0]
+
+pymisp.add_object(234111, template_id, b)
diff --git a/pymisp/data/misp-objects b/pymisp/data/misp-objects
diff --git a/pymisp/tools/__init__.py b/pymisp/tools/__init__.py
@@ -8,3 +8,4 @@
 from .abstractgenerator import AbstractMISPObjectGenerator  # noqa
 from .genericgenerator import GenericObjectGenerator  # noqa
 from .openioc import load_openioc, load_openioc_file  # noqa
+from .sbsignatureobject import SBSignatureObject  # noqa
diff --git a/pymisp/tools/sbsignatureobject.py b/pymisp/tools/sbsignatureobject.py
@@ -0,0 +1,21 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+
+from .abstractgenerator import AbstractMISPObjectGenerator
+
+
+class SBSignatureObject(AbstractMISPObjectGenerator):
+    '''
+    Sandbox Analyzer
+    '''
+    def __init__(self, software, report, standalone=True, **kwargs):
+        super(SBSignatureObject, self).__init__("sb-signature", **kwargs)
+        self._software = software
+        self._report = report
+        self.generate_attributes()
+
+    def generate_attributes(self):
+        ''' Parse the report for relevant attributes '''
+        self.add_attribute("software", value=self._software)
+        for (signature_name, description) in self._report:
+            self.add_attribute("signature", value=signature_name, comment=description)