Commit of initial MISP TA for Splunk

stricaud · Dec 27, 2017 · ff10cb3 · ff10cb3
commit ff10cb3
Show file tree

Hide file tree

Showing 152 changed files with 75,484 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -0,0 +1,11 @@
+MISP TA for Splunk
+==================
+
+This TA allows to check if objects in your MISP instance matches your data in Splunk.
+
+This is Work In Progress. You can enjoy this version 0.0 and I am more than happy to take ideas of improvements / pull requests etc.
+
+ChangeLog
+---------
+ * version 0.0: initial release that downloads some attributes and creates lookups
+
diff --git a/README/inputs.conf.spec b/README/inputs.conf.spec
@@ -0,0 +1,4 @@
+[input_misp://<name>]
+misp_url = Please provide the URL where you access to your MISP instance
+automation_key = Please provide your automation key, which you can get from your MISP instance, such as: https://misp.example.com/events/automation
+
diff --git a/bin/certifi/__init__.py b/bin/certifi/__init__.py
@@ -0,0 +1,3 @@
+from .core import where, old_where
+
+__version__ = "2017.11.05"
diff --git a/bin/certifi/__main__.py b/bin/certifi/__main__.py
@@ -0,0 +1,2 @@
+from certifi import where
+print(where())
diff --git a/bin/certifi/cacert.pem b/bin/certifi/cacert.pem
diff --git a/bin/certifi/core.py b/bin/certifi/core.py
@@ -0,0 +1,37 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+"""
+certifi.py
+~~~~~~~~~~
+
+This module returns the installation location of cacert.pem.
+"""
+import os
+import warnings
+
+
+class DeprecatedBundleWarning(DeprecationWarning):
+    """
+    The weak security bundle is being deprecated. Please bother your service
+    provider to get them to stop using cross-signed roots.
+    """
+
+
+def where():
+    f = os.path.dirname(__file__)
+
+    return os.path.join(f, 'cacert.pem')
+
+
+def old_where():
+    warnings.warn(
+        "The weak security bundle is being deprecated. It will be removed in "
+        "2018.",
+        DeprecatedBundleWarning
+    )
+    f = os.path.dirname(__file__)
+    return os.path.join(f, 'weak.pem')
+
+if __name__ == '__main__':
+    print(where())
diff --git a/bin/certifi/old_root.pem b/bin/certifi/old_root.pem
diff --git a/bin/certifi/weak.pem b/bin/certifi/weak.pem
diff --git a/bin/chardet/__init__.py b/bin/chardet/__init__.py
@@ -0,0 +1,82 @@
+######################## BEGIN LICENSE BLOCK ########################
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+# 02110-1301  USA
+######################### END LICENSE BLOCK #########################
+
+
+from .universaldetector import UniversalDetector
+from .enums import InputState
+from .version import __version__, VERSION
+
+
+__all__ = ['UniversalDetector', 'detect', 'detect_all', '__version__', 'VERSION']
+
+
+def detect(byte_str):
+    """
+    Detect the encoding of the given byte string.
+
+    :param byte_str:     The byte sequence to examine.
+    :type byte_str:      ``bytes`` or ``bytearray``
+    """
+    if not isinstance(byte_str, bytearray):
+        if not isinstance(byte_str, bytes):
+            raise TypeError('Expected object of type bytes or bytearray, got: '
+                            '{0}'.format(type(byte_str)))
+        else:
+            byte_str = bytearray(byte_str)
+    detector = UniversalDetector()
+    detector.feed(byte_str)
+    return detector.close()
+
+
+def detect_all(byte_str):
+    """
+    Detect all the possible encodings of the given byte string.
+
+    :param byte_str:     The byte sequence to examine.
+    :type byte_str:      ``bytes`` or ``bytearray``
+    """
+    if not isinstance(byte_str, bytearray):
+        if not isinstance(byte_str, bytes):
+            raise TypeError('Expected object of type bytes or bytearray, got: '
+                            '{0}'.format(type(byte_str)))
+        else:
+            byte_str = bytearray(byte_str)
+
+    detector = UniversalDetector()
+    detector.feed(byte_str)
+    detector.close()
+
+    if detector._input_state == InputState.HIGH_BYTE:
+        results = []
+        for prober in detector._charset_probers:
+            if prober.get_confidence() > detector.MINIMUM_THRESHOLD:
+                charset_name = prober.charset_name
+                lower_charset_name = prober.charset_name.lower()
+                # Use Windows encoding name instead of ISO-8859 if we saw any
+                # extra Windows-specific bytes
+                if lower_charset_name.startswith('iso-8859'):
+                    if detector._has_win_bytes:
+                        charset_name = detector.ISO_WIN_MAP.get(lower_charset_name,
+                                                            charset_name)
+                results.append({
+                    'encoding': charset_name,
+                    'confidence': prober.get_confidence()
+                })
+        if len(results) > 0:
+            return sorted(results, key=lambda result: -result['confidence'])
+
+    return [detector.result]