Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/python2
- import requests
- import json
- MISPAPI='<misp apikey>'
- MISPURL='<misp url>'
- BASE='/var/www/iocs/' #files under this path need to be served by a web-server
- TYPES=['domain','ip-src','ip-dst','email-src','email-dst','email']
- WHITELIST = "<white list file containing iocs that won't be exported>"
- for ioctype in TYPES:
- MISPQUERY='/attributes/restSearch/timestamp:1d/type:'+ioctype
- response = requests.get(MISPURL+MISPQUERY,headers={"Authorization":MISPAPI})
- whitelist = []
- try:
- with open(WHITELIST) as f:
- whitelist=list(set(f.read().splitlines()))
- except:
- print("Whitelist loading failure")
- if response.status_code == 200:
- jresponse = response.json()
- if jresponse["response"] and jresponse["response"]["Attribute"]:
- with open(BASE+ioctype,"wa+")as f:
- rows={}
- for attribute in jresponse["response"]["Attribute"]:
- if attribute["value"] in whitelist:
- continue
- if not attribute["value"] in rows:
- rows[attribute["value"]]=attribute["id"]+" - "+attribute["Event"]["info"]
- else:
- rows[attribute["value"]]+=";"+attribute["id"]+" - "+attribute["Event"]["info"]
- for row in rows:
- f.write("{},{} - {}\n".format(row,row,rows[row]))
- else:
- print("Status code:"+str(response.status_code))
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement