Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Bulk MISP threat_level_id Update
import requests
import json
# ======== config ========
auth_key = ""
url = "misp.test.local"
# ========================
data= []
headers = {"Authorization": "{}".format(auth_key),
"Accept": "application/json",
"Content-Type": "application/json"}
number_level = {'HIGH': '1', 'MEDIUM': '2', 'LOW': '3', 'UNDEFINED': '4'}
with open('local.csv', 'r') as threat_level_file:
for line in threat_level_file:
line = line.rstrip()
data.append(line.split(','))
for source in data:
if source[2] != 'Event ID':
event_id = source[2]
feed_format = source[3]
if int(event_id) != 0:
r = requests.get(
'https://{}/events/{}'.format(url, event_id),
headers=headers,
verify=False)
print('========== FOUND ==========')
print('Info: {}'.format(r.json()['Event']['info']))
print('Format: {}'.format(feed_format))
print('Event ID: {}'.format(event_id))
current_threat_level = r.json()['Event']['threat_level_id']
if current_threat_level == '4':
if source[7] in ['HIGH', 'MEDIUM', 'LOW']:
print('Current Threat Level: UNDEFINED')
print('Apply New Threat Level: {}'.format(
number_level[source[7]]))
r = requests.post(
'https://{}/events/{}'.format(url, event_id),
headers=headers,
verify=False,
data=json.dumps({
"threat_level_id": number_level[source[7]],
"published": True
})
)
else:
print('Current Threat Level: {}'.format(
r.json()['Event']['threat_level_id']))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment