-
Notifications
You must be signed in to change notification settings - Fork 6
/
so-misp-download
executable file
·57 lines (49 loc) · 2.02 KB
/
so-misp-download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
#!/bin/bash
#
# Copyright (C) 2018 Wes Lambert
#
# This file is part of Security Onion MISP Import Wizard.
# Security Onion MISP Import Wizard is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
# Security Onion MISP Import Wizard is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with Foobar. If not, see <https://www.gnu.org/licenses/>.
#
# Description: Configure Security Onion to Import NIDS Rules and Zeek Intel from MISP
source /etc/misp/mispcfg
ENGINE='suricata'
for i in $MISP $APIKEY $RULE_PATH; do
if [ $i == "" ]; then
echo $i is null!
exit 0
fi
done
# if NIDS_RULES enabled, then get NIDS rules
if [[ $NIDS_RULES == "yes" ]];then
# get NIDS rules
wget -q --no-check-certificate --header="Authorization: $APIKEY" $MISP/events/nids/$ENGINE/download -O $RULE_PATH
else
:
fi
# if Zeek Intel enabled, then get Zeek Intel
if [[ $INTEL == "yes" ]];then
wget -q --no-check-certificate --header="Authorization: $APIKEY" $MISP/attributes/bro/download/all -O $INTEL_PATH
LOAD_ZEEK="/opt/so/saltstack/local/salt/zeek/policy/intel/__load__.zeek"
if grep -q misp $LOAD_ZEEK; then
# Already appended to list of intel files
echo "Already configured!"
:
else
# Add misp-intel to list of intel files
cp /opt/so/saltstack/default/salt/zeek/policy/intel/__load__.zeek $LOAD_ZEEK
sed -i 's#.*"/opt/zeek/share/zeek/policy/intel/intel.dat"# "/opt/zeek/share/zeek/policy/intel/intel.dat",#' $LOAD_ZEEK
sed -i '/.*intel.dat",/a \ \ \ \ \ \ \ \ "\/opt\/zeek\/share\/zeek\/policy\/intel\/misp-intel.dat\"' $LOAD_ZEEK
fi
else
:
fi