From f48678770d2857fe8c26c6149faa8507c630737d Mon Sep 17 00:00:00 2001 From: Felipe Luis Quezada Valenzuela Date: Wed, 4 Dec 2024 11:09:10 -0300 Subject: [PATCH] Modify query defs,config --- config.py | 2 ++ defs.py | 23 +++++++++++++++-------- 2 files changed, 17 insertions(+), 8 deletions(-) diff --git a/config.py b/config.py index c34f085..f199a37 100644 --- a/config.py +++ b/config.py @@ -34,3 +34,5 @@ IOC_TIPOS_OMITIR = [ 'pgp-private-key' ] +WORKERS_THR = 4 + diff --git a/defs.py b/defs.py index 5db2a7f..5ee5702 100644 --- a/defs.py +++ b/defs.py @@ -10,6 +10,7 @@ from concurrent.futures import ThreadPoolExecutor, as_completed from sqlalchemy import create_engine from sqlalchemy.orm import sessionmaker from pymisp import PyMISP +from pymisp.exceptions import PyMISPError import config import urllib3 import requests @@ -120,7 +121,7 @@ class MISPProcessorTop: return False - except Exception as err: + except (Exception, PyMISPError) as err: logging.error(str(err)) return True @@ -291,7 +292,7 @@ class MISPProcessorTop: # Se elimina evento con cero atributo... self.misp.delete_event(int(e['Event']['id'])) logging.info("Eliminando evento #" +e['Event']['id']+" por carencia de atributos") - except Exception as err: + except (Exception, PyMISPError) as err: logging.error(str(err)) return resultados @@ -350,17 +351,23 @@ class MISPProcessorTop: # Rango completo de fechas.... logging.info("Buscando IoC Desde :" + desde + " Hasta :" + hasta) - eventos_tmp = self.misp.search(publish_timestamp=desde) - #eventos = self.misp.search(date_from=desde, date_to=hasta, published=True) + #eventos_tmp = self.misp.search(publish_timestamp=desde) + #eventos_tmp = self.misp.search(date_from=desde, published=True) + + eventos_tmp = self.misp.search_index(publish_timestamp=desde) # Si existen eventos, se realiza proceso... if eventos_tmp: + logging.info("Recolectando eventos para procesar") eventos = [] # Se seleccionan eventos para establecer limite de fechas for e in eventos_tmp: - if datetime.fromtimestamp(int(e['Event']['publish_timestamp'])).date() <= datetime.strptime(hasta, '%Y-%m-%d').date(): - eventos.append(e) + if datetime.fromtimestamp(int(e['publish_timestamp'])).date() <= datetime.strptime(hasta, '%Y-%m-%d').date(): + + # Event get + ev = self.misp.get_event(int(e['id'])) + eventos.append(ev) # Atributos por evento es None, se calcula promedio... if a_por_evento is None: @@ -381,7 +388,7 @@ class MISPProcessorTop: logging.info("Eventos por procesar :" + str(len(eventos))) logging.info("Máximo de atributos a procesar por evento :" + str(prom)) - num_workers = 4 + num_workers = config.WORKERS_THR logging.info(f"Usando {num_workers} workers") with ThreadPoolExecutor(max_workers=num_workers) as executor: @@ -409,7 +416,7 @@ class MISPProcessorTop: logging.error("No se encuentran cuentas asociadas a MISP. Se detiene proceso") return output - except Exception as err: + except (Exception, PyMISPError) as err: logging.error(str(err)) def guarda_ioc_json(self, data: list, filename: str):