analyst-scripts/misp/mispcopy.py at master · Te-k/analyst-scripts · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
#!/usr/bin/env python2
# -*- coding: utf-8 -*-
import argparse
import sys
import requests
from collections import Counter
from misp import MispServer, MispEvent, MispTransportError, MispAttribute
from misplib import parse_config

if __name__ == "__main__":
    parser = argparse.ArgumentParser(description='Command line interface to MISP servers')
    parser.add_argument('SERVER_SOURCE',  help='Server source for the copy')
    parser.add_argument('EVENT_SOURCE', help='Event source', type=int)
    parser.add_argument('SERVER_DEST', help='Server destination')
    parser.add_argument('EVENT_DEST', type=int,  help='Event destination')
    parser.add_argument('--no-cleaning', '-c', action='store_true', help='Do not clean attributes (personal rules)')
    args = parser.parse_args()

    config = parse_config()

    if args.SERVER_SOURCE.lower() not in config.keys():
        print("Unknown source server, quitting...")
        sys.exit(1)
    else:
        source_server = MispServer(url=config[args.SERVER_SOURCE.lower()]['url'],
                    apikey=config[args.SERVER_SOURCE.lower()]['key'],
                    ssl_chain=False)

    if args.SERVER_DEST.lower() not in config.keys():
        print("Unknown destination server, quitting...")
        sys.exit(1)
    else:
        dest_server = MispServer(url=config[args.SERVER_DEST.lower()]['url'],
                    apikey=config[args.SERVER_DEST.lower()]['key'],
                    ssl_chain=False)

    try:
        source_event = source_server.events.get(args.EVENT_SOURCE)
    except MispTransportError:
        print("Impossible to find the event source, quitting")
        sys.exit(1)


    try:
        dest_event = dest_server.events.get(args.EVENT_DEST)
    except MispTransportError:
        print("Impossible to find the event destination, quitting")
        sys.exit(1)

    for attr in source_event.attributes:
        new_attr = MispAttribute()
        new_attr.value = attr.value
        new_attr.category = attr.category
        new_attr.to_ids = attr.to_ids
	if args.no_cleaning is False:
	    if attr.type == "hostname":
		new_attr.type = "domain"
	    elif attr.type == "ip-src":
		new_attr.type = "ip-dst"
	    else:
		new_attr.type = attr.type
            try:
                if "Imported via" in str(attr.comment):
                    new_attr.comment = ""
            except UnicodeEncodeError:
		new_attr.comment = attr.comment
	    else:
		new_attr.comment = attr.comment
            new_attr.distribution = 5
        else:
            new_attr.comment = attr.comment
            new_attr.type = attr.type
            new_attr.distribution = attr.distribution

        dest_event.attributes.add(new_attr)
        try:
            dest_server.events.update(dest_event)
        except requests.exceptions.ConnectionError:
            print("Failed connection")
        except MispTransportError:
            print("Failed connection")
        print("Uploaded %s / %s / %s" % (attr.type, attr.category, attr.value))