forked from MISP/misp-modules
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvmray_import.py
86 lines (66 loc) · 1.96 KB
/
vmray_import.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
#!/usr/bin/env python3
'''
Import VMRay results.
This version supports import from different analyze jobs, starting from one sample
(the supplied sample_id).
The expansion module vmray_submit and import module vmray_import are a two step
process to import data from VMRay.
You can automate this by setting the PyMISP example script 'vmray_automation'
as a cron job
'''
import json
from _vmray.parser import VMRayParser, VMRayParseError
misperrors = {'error': 'Error'}
moduleinfo = {'version': '0.4', 'author': 'Jens Thom (VMRay), Koen van Impe',
'description': 'Import VMRay analysis results from a server',
'module-type': ['import']}
mispattributes = {
'inputSource': [],
'output': ['MISP objects'],
'format': 'misp_standard',
}
userConfig = {
"Sample ID": {
"type": "Integer",
"errorMessage": "The VMRay sample ID to download the reports",
},
"VTI": {
"type": "Boolean",
"message": "Include VMRay Threat Identifiers",
"checked": "True"
},
"IOCs": {
"type": "Boolean",
"message": "Include IOCs",
"checked": "True"
},
"Artifacts": {
"type": "Boolean",
"message": "Include other Artifacts",
},
"Analysis Details": {
"type": "Boolean",
"message": "Include Analysis Details",
"checked": "True"
}
}
moduleconfig = ["apikey", "url", "disable_tags", "disable_misp_objects", "ignore_analysis_finished"]
def handler(q=False):
if q is False:
return False
request = json.loads(q)
parser = VMRayParser()
try:
parser.from_api(request["config"])
parser.parse()
except VMRayParseError as exc:
misperrors["error"] = str(exc)
return misperrors
event = parser.to_json()
return event
def introspection():
mispattributes["userConfig"] = userConfig
return mispattributes
def version():
moduleinfo['config'] = moduleconfig
return moduleinfo