new: Check if an event with the same lookyloo capture is already on MISP

Fix #181

lookyloo/modules.py

@@ -63,6 +63,13 @@ class MISP():
         else:
             return {'error': 'Module not available or push not enabled.'}
 
+    def get_existing_event(self, permaurl: str) -> Optional[str]:
+        attributes = self.client.search('attributes', value=permaurl, limit=1, page=1, pythonify=True)
+        if not attributes:
+            return None
+        url = f'{self.client.root_url}/events/{attributes[0].event_id}'
+        return url
+
 
 class SaneJavaScript():
 

website/web/__init__.py

@@ -898,11 +898,15 @@ def web_misp_push_view(tree_uuid: str):
         else:
             flash(f'Unable to create event: {event}', 'error')
         return redirect(url_for('tree', tree_uuid=tree_uuid))
+    else:
+        # the 1st attribute in the event is the link to lookyloo
+        existing_misp_url = lookyloo.misp.get_existing_event(event.attributes[0].value)
 
     fav_tags = lookyloo.misp.get_fav_tags()
 
     return render_template('misp_push_view.html', tree_uuid=tree_uuid,
                            event=event, fav_tags=fav_tags,
+                           existing_event=existing_misp_url,
                            auto_publish=lookyloo.misp.auto_publish,
                            default_tags=lookyloo.misp.default_tags)
 

website/web/templates/misp_push_view.html

@@ -1,4 +1,7 @@
 <div>
+  {% if existing_event %}
+  <p>There is already an <a href="{{existing_event}}">event</a> on your MISP instance with this lookyloo capture.</p>
+  {% endif %}
   <p>Event to push: {{event.info}}</p>
   <p>Auto Publish: {{auto_publish}}</p>
   <p>Default tags: {{', '.join(default_tags)}}</p>