-
Notifications
You must be signed in to change notification settings - Fork 25
/
Copy pathotx-taxii.py
74 lines (54 loc) · 1.67 KB
/
otx-taxii.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
from StixExport import StixExport
from OTXv2 import OTXv2
from taxii_client import Client
import ConfigParser
import datetime
import sys
OTX_FILE = 'timestamp'
def saveTimestamp(mtimestamp=None):
if not mtimestamp:
mtimestamp = datetime.datetime.now().isoformat()
try:
with open(OTX_FILE, "w") as f:
f.write(mtimestamp)
return mtimestamp
except:
print 'Unable to find/open %s' % OTX_FILE
def readTimestamp():
try:
with open(OTX_FILE, "r") as f:
mtimestamp = f.read()
return mtimestamp
except:
print "No %s found:\n\tIt appears 'otx-taxii.py first_run' has not been run" % OTX_FILE
def sendTAXII(first=True):
config = ConfigParser.ConfigParser()
config.read('config.cfg')
otx = OTXv2(config.get('otx', 'key'))
if first:
pulses = otx.getall_iter()
mtimestamp = None
else:
mtimestamp = readTimestamp()
pulses = otx.getsince(mtimestamp)
if pulses:
client = Client()
client.from_dict(dict(config.items('taxii')))
for pulse in pulses:
if not mtimestamp:
mtimestamp = pulse["modified"]
st = StixExport(pulse)
st.build()
print "Sending %s" % pulse["name"]
if not client.snd_post('inbox', st.to_xml()):
print '######---[ Unable to Send Post ]---######'
saveTimestamp(mtimestamp)
print "%d new pulses" % len(pulses)
def usage():
print "Usage:\n\totx-taxii.py [first_run|check_new]"
sys.exit(0)
if __name__ == "__main__":
if sys.argv[1] == "first_run":
sendTAXII(True)
else:
usage()