search

remg427 / misp42splunk

A Splunk app to use MISP in background
GNU Lesser General Public License v3.0
109 stars 30 forks source link

mispgetioc.py #22

Closed ykorkmaz closed 5 years ago

ykorkmaz commented 6 years ago

Hi,

mispgetioc.py has imported modules ConfigParser and cPickle, but those modules no longer exist in Python3. How do you make it work and give Python3 path to the app?

remg427 commented 6 years ago
Hi, Splunk ships with a custom version of python 2.7 PyMISP requires python 3 so there is the following process Splunk command (py2.7) \ mispgetioc (py2.7) parse request using ConfigParser \ write config data using cPickle to temp file \ call subprocess pymisp_getioc.py (py3) \ pymisp_getioc gets config data from temp file \ calls PyMISP (requires py3) \ parse results and write to temp file / / return from pymisp_getioc / 
   / get results from temp file
 / pass the results to splunk

/ results are displayed in Splunk

so I introduced a setting so if python3 is not at /usr/bin/python3 it can be easiliy adapted; there is no need for python2.7 as Splunk controls this path

the same mechanism applies for the alerts Hope it is clearer