Docker image for PyMISP (and create MISP data statistical reports)

PyMISP

Installing PyMISP can sometimes be difficult because of a mixup between Python2 and Python3 libraries or problems with pip install. To solve this I created a PyMISP docker container that allows you to run the scripts in the example directory, without the need of installing PyMISP itself.

The Dockerfile is in the Github repository PyMISP-docker. The docker container is available via Docker Hub cudeso/pymisp.

MISP data statistical reports

In a previous post I covered how to create MISP data statistical reports. That version required some inline configuration if you wanted the reports to be send to you automatically.

I altered the script slightly so you can now also provide the mail configuration as an argument to the script. The -o option allows you to provide the smtp_from, smtp_to and smtp_server variables (these where previously configured inline).

-o 'smtp_from=you@example.com;smtp_to=manager@example.be;smtp_server=smtp.example.com'

Docker container

Container info

The container is build on a Python image, fetches the latest repo of PyMISP and installs the PyMISP module.

Tags

Two tags are available:

  • cudeso : an image build on my repository, this is when there’s a PR pending and I already want the container to be ready;
  • misp : an image build on the MISP PyMISP repository.

Run the container

PyMISP requires a key.py file for authentication credentials. You need to make this file available to the container via the mount option. As an example, to run the data statistical reports you can run the container with this command

docker run --rm --mount type=bind,source="$(pwd)"/config/keys.py,target=/PyMISP/examples/keys.py cudeso/pymisp:cudeso python3 /PyMISP/examples/stats_report.py -t 30d -m -o 'smtp_from=you@example.com;smtp_to=manager@example.be;smtp_server=smtp.example.com'

For the above example to work, create a directory /config in the path where you run the docker command and copy the keys.py file in that directory.

If the container is unable to connect to the MISP instance, try adding –network host to make the host network available.

docker run --rm --network host --mount type=bind,source="$(pwd)"/config/keys.py,target=/PyMISP/examples/keys.py cudeso/pymisp:cudeso python3 /PyMISP/examples/stats_report.py -t 30d -m -o 'smtp_from=you@example.com;smtp_to=manager@example.be;smtp_server=smtp.example.com'

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.