-
Notifications
You must be signed in to change notification settings - Fork 279
/
fetch_warninglist_hits.py
38 lines (31 loc) · 1.6 KB
/
fetch_warninglist_hits.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from pymisp import PyMISP
from keys import misp_url, misp_key
import argparse
def init(url, key):
return PyMISP(url, key)
def loop_attributes(elem):
if 'Attribute' in elem.keys():
for attribute in elem['Attribute']:
if 'warnings' in attribute.keys():
for warning in attribute['warnings']:
print("Value {} has a hit in warninglist with name '{}' and id '{}'".format(warning['value'],
warning[
'warninglist_name'],
warning[
'warninglist_id']))
if __name__ == '__main__':
parser = argparse.ArgumentParser(description='Print all warninglist hits for an event.')
parser.add_argument("eventid", type=str, help="The event id of the event to get info of")
args = parser.parse_args()
misp = init(misp_url, misp_key)
evt = misp.search('events', eventid=args.eventid, includeWarninglistHits=1)['response'][0]['Event']
if 'warnings' in evt.keys():
print('warnings in entire event:')
print(str(evt['warnings']) + '\n')
print('Warnings at attribute levels:')
loop_attributes(evt)
if 'Object' in evt.keys():
for obj in evt['Object']:
loop_attributes(obj)