[Bro] [bro] misp2bro
Tim Desrochers
tgdesrochers at gmail.com
Sun Apr 17 07:35:38 PDT 2016
I've attached the error log and the xml. I don't see any issues with the
XML and the error log just shows that it started processing the XML. The
script errors out after beginning to process the XML so thats why I assume
there are no more entries in the log.
Thanks for the pointer to the PyMISP. I will look into it
On Sun, Apr 17, 2016 at 10:28 AM, David André <elhoim at gmail.com> wrote:
> Is there an error message in the xml file?
> If yes, could you post it?
>
> If you want to write your own script to download IOCs, there is the
> PyMISP library @ https://github.com/MISP/PyMISP/
> This library is really great because it abstracts most of the details
> needed to create a script for interacting with a MISP instance.
>
> Then you can just grep your bro logs, or generate bro IOCs lists that
> can be used to match.
>
> On Sun, Apr 17, 2016 at 6:19 AM, Tim Desrochers <tgdesrochers at gmail.com>
> wrote:
> > Anyone using MISP? I installed MISP as a test and it seems pretty
> useful.
> > What I can't seem to get working is the misp2bro script written to export
> > indicators in MISP to bro format.
> >
> > https://github.com/unusedPhD/misp2bro
> >
> > When I run the script it appears to crash and give the error:
> > Traceback (most recent call last):
> > File "misp2bro.py", line 288, in <module>
> > if makeBroFiles(parseXML(EXPORT_FILE)):
> > File "misp2bro.py", line 168, in makeBroFiles
> > if int(event.find('attribute_count').text):
> > AttributeError: 'NoneType' object has no attribute 'text'
> >
> > If I run it again there is no crash but that is because the md5 it
> generates
> > matches the previous hash so no action is taken on the downloaded xml.
> >
> > Has anyone used this, I could use a hand getting it working.
> >
> > Thanks
> > Tim
> >
> > _______________________________________________
> > Bro mailing list
> > bro at bro-ids.org
> > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160417/5e712ba2/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: misp2bro.log
Type: application/octet-stream
Size: 351 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160417/5e712ba2/attachment-0001.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: misp-export.xml
Type: text/xml
Size: 141039 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160417/5e712ba2/attachment-0001.xml
More information about the Bro
mailing list