~cedric/pyHIDS

58d2ac0daf2f5502323dbb96c2f00d33306b5d55 — C├ędric Bonhomme 7 months ago c7c8c65
chg: [MISP] Added possibility to specify the return format.
2 files changed, 33 insertions(+), 3 deletions(-)

M bin/main.py
M pyhids/misp.py
M bin/main.py => bin/main.py +26 -1
@@ 82,6 82,31 @@ def main():
        action="store_true",
        help="Returns a list of PyMISP Objects instead of the plain json output.",
    )
    parser_misp.add_argument(
        "--return-format",
        choices=[
            "openioc",
            "json",
            "xml",
            "suricata",
            "snort",
            "text",
            "rpz",
            "csv",
            "cache",
            "stix-xml",
            "stix",
            "stix2",
            "yara",
            "yara-json",
            "attack",
            "attack-sightings",
            "context",
            "context-markdown",
        ],
        default="json",
        help="Set the return format of the search.",
    )

    # Subparser: Yara
    subparsers.add_parser("yara", help="Uses Yara in order to verify the files.")


@@ 115,7 140,7 @@ def main():
    elif arguments.command == "pandora":
        pandora()
    elif arguments.command == "misp":
        misp(arguments.pythonify)
        misp(return_format=arguments.return_format, pythonify=arguments.pythonify)
    elif arguments.command == "yara":
        yara()
    elif arguments.command == "export":

M pyhids/misp.py => pyhids/misp.py +7 -2
@@ 20,7 20,7 @@ relative_path = "attributes/restSearch"
values = {}


def main(pythonify: bool = False):
def main(return_format: str = "json", pythonify: bool = False):
    misp = PyMISP(misp_url, misp_key, misp_verifycert)
    # alerts = []
    base = utils.load_base()


@@ 32,7 32,12 @@ def main(pythonify: bool = False):
        # result = misp.direct_call(relative_path, body)
        # if result["Attribute"]:
        #     alerts.append(result)
    result = misp.search(controller="attributes", value=values, pythonify=pythonify)
    result = misp.search(
        controller="attributes",
        value=values,
        pythonify=pythonify,
        return_format=return_format,
    )
    if result:
        print(result)