Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/bnouailhac/misp_simple_scripts

A suite of python scripts to perform various actions on a local instance of MISP using PyMISP.
https://github.com/bnouailhac/misp_simple_scripts

misp pymisp python

Last synced: about 1 month ago
JSON representation

A suite of python scripts to perform various actions on a local instance of MISP using PyMISP.

Host: GitHub
URL: https://github.com/bnouailhac/misp_simple_scripts
Owner: BNouailhac
Created: 2024-10-22T15:14:59.000Z (2 months ago)
Default Branch: main
Last Pushed: 2024-10-23T20:50:13.000Z (2 months ago)
Last Synced: 2024-10-24T08:41:51.249Z (2 months ago)
Topics: misp, pymisp, python
Language: Python
Homepage:
Size: 27.3 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# MISP Simple Scripts
This code provides several scripts for exploiting data from a local MISP installation.

## Python packages used :
- json
- csv
- datetime
- pandas

## Usage
The local MISP api connection variables are in the ‘src/conf/misp_conf.py’ file.

### misp_create_event.py
Script to create a new event in misp

```
$ python3 ./src/create_event.py
```

### misp_attribute_csv.py
Takes all the events from the MISP instance to extract the IOCs and create a .csv file for each type of IOC (in the attribute/ folder)

```
$ python3 ./src/misp_attribute_csv.py
```

### misp_suricata.py
Takes all the events from the MISP instance and creates suricata rules to detect them (in the rule/misp.rules file)

```
$ python3 ./src/misp_suricata.py
```

### misp_hash_rules.py
Takes all suricata-compatible file hash IOCs (md5, sha1 and sha256) from the MISP instance to create files collecting them (in the hash/ folder) and a suricata rules file detecting file hashes from these files (in the rule/hash.rules file)

```
$ python3 ./src/misp_hash_rules.py
```

### misp_warninglist_csv.py
Takes all the warninglists in the MISP instance, extracts the IOCs and creates a .csv file for each type (in the warninglist/ folder)

```
$ python3 ./src/misp_warninglist_csv.py
```

### misp_pull_feeds.py
From online IOC feeds url (list of feeds available for MISP found on our local instance at : /feeds/index) and drop the files found in the feeds/ folder.

```
$ python3 ./src/misp_pull_feeds.py
```
### misp_push_event.py
Take all the files in the feeds folder and import them into the local misp instance

```
$ python3 ./src/misp_push_event.py
```