Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add MISP Action #143

Merged
merged 5 commits into from
Oct 27, 2019
Merged

Add MISP Action #143

merged 5 commits into from
Oct 27, 2019

Conversation

Zeroji
Copy link
Contributor

@Zeroji Zeroji commented Oct 9, 2019
edited

Closes #81 : adds a custom action to send found pastes
as events to a MISP instance.

MISPAction(url, access_key, transformer=None, attributes=None)

Allows setting a custom transformer to turn a Paste into a MISP event, as well as extra attributes to add to all sent events (for example your name or organization).

Here are some tests (using misp-docker to run MISP) showing it works properly:

image
Event sent by a MISPAction using test paste values

image
Attributes of the event, used for correlating events

Wrting tests might be possible, but they'd probably require a MISP instance anyway so that's not easily doable. Let me know if there's anything I need to change!

@Zeroji
TASK: Add MISP Action
8dabe5d 
Action that sends matched pastes to a MISP instance
@Zeroji
TASK: Implement default transformer for MISPAction
b3221d9 
Transforms a `pastepwn.Paste` to a dictionary sent to a MIPS instance.
May need modifications, but advanced users should
use their own transformer.
@coveralls
Copy link

coveralls commented Oct 9, 2019
edited

Pull Request Test Coverage Report for Build 277

  • 12 of 45 (26.67%) changed or added relevant lines in 2 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage decreased (-0.8%) to 74.795%
Changes Missing Coverage Covered Lines Changed/Added Lines %
pastepwn/actions/mispaction.py 11 44 25.0%
Totals Coverage Status
Change from base Build 276: -0.8%
Covered Lines: 2009
Relevant Lines: 2686
💛 - Coveralls

d-Rickyy-b
d-Rickyy-b approved these changes Oct 27, 2019
View reviewed changes
Copy link
Owner

@d-Rickyy-b d-Rickyy-b left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have not found time to test it in a local MISP instance yet, but the code looks very clean and you provided screenshots showing that it works fine. Thank you very much!

@d-Rickyy-b d-Rickyy-b merged commit dd37a9a into d-Rickyy-b:master Oct 27, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@d-Rickyy-b d-Rickyy-b d-Rickyy-b approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

MISP Action
3 participants
@Zeroji @coveralls @d-Rickyy-b