From 79e3af08d2f6b9522a8c9b2728499479f8ba1823 Mon Sep 17 00:00:00 2001 From: Deborah Servili Date: Thu, 30 Aug 2018 14:54:08 +0200 Subject: [PATCH 1/2] fix print in sharing_groups.py --- examples/sharing_groups.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/examples/sharing_groups.py b/examples/sharing_groups.py index 3bf4fa9f6..f05ae584a 100755 --- a/examples/sharing_groups.py +++ b/examples/sharing_groups.py @@ -21,5 +21,4 @@ def init(url, key): misp = init(misp_url, misp_key) sharing_groups = misp.get_sharing_groups() - print sharing_groups - + print (sharing_groups) From 399d65f15062460fd98845e7370907d43e724790 Mon Sep 17 00:00:00 2001 From: Delta-Sierra Date: Mon, 9 Dec 2024 09:37:36 +0100 Subject: [PATCH 2/2] add a more flexible example for adding file type object --- examples/add_filetype_object_from_csv_v2.py | 56 +++++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 examples/add_filetype_object_from_csv_v2.py diff --git a/examples/add_filetype_object_from_csv_v2.py b/examples/add_filetype_object_from_csv_v2.py new file mode 100644 index 000000000..8486988fe --- /dev/null +++ b/examples/add_filetype_object_from_csv_v2.py @@ -0,0 +1,56 @@ +#!/usr/bin/env python3 +# -*- coding: utf-8 -*- + +import csv +from pymisp import ExpandedPyMISP, MISPObject +from keys import misp_url, misp_key, misp_verifycert +import argparse + + +""" + +Sample usage: + +python3 ./add_filetype_object_from_csv_v2.py -e event_id/event_uuid -f files_attributes.csv + +files_attributes.csv have at least 2 lines +First line as header containing at least one of [filename;md5;sha1;sha256] +Each other line will be used to create a file MISP Object +Uses ; as delimiter + +Note : also works if there are multiple filename columns associated with a unique hash (each column must be named), +""" + + +if __name__ == '__main__': + parser = argparse.ArgumentParser(description='Create a file type MISP Object starting from attributes in a csv file') + parser.add_argument("-e", "--event_uuid", required=True, help="Event UUID to update") + parser.add_argument("-f", "--attr_file", required=True, help="Attribute CSV file path") + args = parser.parse_args() + + pymisp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert) + + f = open(args.attr_file, newline='', encoding="utf-8-sig") + csv_reader = csv.reader(f, delimiter=";") + + header = next(csv_reader) + normalized_header = [col.strip().lower() for col in header] + expected_columns = {"filename", "md5", "sha1", "sha256"} + + matching_columns = { + index: col for index, col in enumerate(normalized_header) if col in expected_columns + } + if not matching_columns: + raise ValueError(f"File must have at least one of those fields: {', '.join(expected_columns)}") + + print(matching_columns) + count = 0 + + for line, row in enumerate(csv_reader, start=2): + misp_object = MISPObject(name='file') + for idx, col in matching_columns.items(): + value = row[idx] + misp_object.add_attribute(col, value = value) + r = pymisp.add_object(args.event_uuid, misp_object) + count = count+1 + print(f'\n{count} Objects created :)')