public/misp-topcontrib
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Modify query defs,config

Browse source
This commit is contained in:
Felipe Luis Quezada Valenzuela 2024-12-04 11:09:10 -03:00
parent 5bb6197c9e
commit f48678770d
2 changed files with 17 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
config.py
View file

@ -34,3 +34,5 @@ IOC_TIPOS_OMITIR = [
'pgp-private-key' 'pgp-private-key'
] ]
WORKERS_THR = 4

23
defs.py
View file

@ -10,6 +10,7 @@ from concurrent.futures import ThreadPoolExecutor, as_completed
from sqlalchemy import create_engine from sqlalchemy import create_engine
from sqlalchemy.orm import sessionmaker from sqlalchemy.orm import sessionmaker
from pymisp import PyMISP from pymisp import PyMISP
from pymisp.exceptions import PyMISPError
import config import config
import urllib3 import urllib3
import requests import requests
@ -120,7 +121,7 @@ class MISPProcessorTop:
return False return False
except Exception as err: except (Exception, PyMISPError) as err:
logging.error(str(err)) logging.error(str(err))
return True return True
@ -291,7 +292,7 @@ class MISPProcessorTop:
# Se elimina evento con cero atributo... # Se elimina evento con cero atributo...
self.misp.delete_event(int(e['Event']['id'])) self.misp.delete_event(int(e['Event']['id']))
logging.info("Eliminando evento #" +e['Event']['id']+" por carencia de atributos") logging.info("Eliminando evento #" +e['Event']['id']+" por carencia de atributos")
except Exception as err: except (Exception, PyMISPError) as err:
logging.error(str(err)) logging.error(str(err))
return resultados return resultados
@ -350,17 +351,23 @@ class MISPProcessorTop:
# Rango completo de fechas.... # Rango completo de fechas....
logging.info("Buscando IoC Desde :" + desde + " Hasta :" + hasta) logging.info("Buscando IoC Desde :" + desde + " Hasta :" + hasta)
eventos_tmp = self.misp.search(publish_timestamp=desde) #eventos_tmp = self.misp.search(publish_timestamp=desde)
#eventos = self.misp.search(date_from=desde, date_to=hasta, published=True) #eventos_tmp = self.misp.search(date_from=desde, published=True)
eventos_tmp = self.misp.search_index(publish_timestamp=desde)
# Si existen eventos, se realiza proceso... # Si existen eventos, se realiza proceso...
if eventos_tmp: if eventos_tmp:
logging.info("Recolectando eventos para procesar")
eventos = [] eventos = []
# Se seleccionan eventos para establecer limite de fechas # Se seleccionan eventos para establecer limite de fechas
for e in eventos_tmp: for e in eventos_tmp:
if datetime.fromtimestamp(int(e['Event']['publish_timestamp'])).date() <= datetime.strptime(hasta, '%Y-%m-%d').date(): if datetime.fromtimestamp(int(e['publish_timestamp'])).date() <= datetime.strptime(hasta, '%Y-%m-%d').date():
eventos.append(e)
# Event get
ev = self.misp.get_event(int(e['id']))
eventos.append(ev)
# Atributos por evento es None, se calcula promedio... # Atributos por evento es None, se calcula promedio...
if a_por_evento is None: if a_por_evento is None:
@ -381,7 +388,7 @@ class MISPProcessorTop:
logging.info("Eventos por procesar :" + str(len(eventos))) logging.info("Eventos por procesar :" + str(len(eventos)))
logging.info("Máximo de atributos a procesar por evento :" + str(prom)) logging.info("Máximo de atributos a procesar por evento :" + str(prom))
num_workers = 4 num_workers = config.WORKERS_THR
logging.info(f"Usando {num_workers} workers") logging.info(f"Usando {num_workers} workers")
with ThreadPoolExecutor(max_workers=num_workers) as executor: with ThreadPoolExecutor(max_workers=num_workers) as executor:
@ -409,7 +416,7 @@ class MISPProcessorTop:
logging.error("No se encuentran cuentas asociadas a MISP. Se detiene proceso") logging.error("No se encuentran cuentas asociadas a MISP. Se detiene proceso")
return output return output
except Exception as err: except (Exception, PyMISPError) as err:
logging.error(str(err)) logging.error(str(err))
def guarda_ioc_json(self, data: list, filename: str): def guarda_ioc_json(self, data: list, filename: str):