Merge pull request #12 from sebdraven/master

Add  a tranform to have just tags on an event

src/MISP_maltego/transforms/eventtoattributes.py

@@ -16,7 +16,35 @@ __maintainer__ = 'Christophe Vandeplas'
 __email__ = 'christophe@vandeplas.com'
 __status__ = 'Development'
 
+# @EnableDebugWindow
+class EventToTags(Transform):
+    """"Expands an object to its attributes"""
+    input_type = MISPEvent
+    description = 'Expands an Event with tags'
 
+    def do_transform(self, request, response, config):
+        maltego_misp_event = request.entity
+        misp = get_misp_connection(config)
+        event_json = misp.get_event(maltego_misp_event.id)
+        event_tags = []
+
+        if 'Tag' in event_json['Event']:
+            for t in event_json['Event']['Tag']:
+                event_tags.append(t['name'])
+                # ignore all misp-galaxies
+                if t['name'].startswith('misp-galaxy'):
+                    continue
+                response += Hashtag(t['name'])
+
+        for g in event_json['Event']['Galaxy']:
+            for c in g['GalaxyCluster']:
+                response += galaxycluster_to_entity(c)
+        return response
+
+    def on_terminate(self):
+        """This method gets called when transform execution is prematurely terminated. It is only applicable for local
+        transforms. It can be excluded if you don't need it."""
+        pass
 # @EnableDebugWindow
 class EventToAttributes(Transform):
     """Expands an event to attributes, objects, tags and galaxies."""
@@ -93,3 +121,4 @@ class ObjectToAttributes(Transform):
                         response += entity
 
         return response
+