chg: [transform] reverse link for toEvent transform

src/MISP_maltego/transforms/attributetoevent.py

@@ -2,6 +2,7 @@ from canari.maltego.entities import Unknown
 from canari.maltego.transform import Transform
 # from canari.framework import EnableDebugWindow
 from MISP_maltego.transforms.common.util import get_misp_connection, event_to_entity, object_to_entity, get_attribute_in_event, get_attribute_in_object, attribute_to_entity, get_entity_property
+from canari.maltego.message import LinkDirection
 
 __author__ = 'Christophe Vandeplas'
 __copyright__ = 'Copyright 2018, MISP_maltego Project'
@@ -97,16 +98,15 @@ class AttributeToEvent(Transform):
             events_json = misp.search(controller='events', values=request.entity.value, withAttachments=False)
 
         # return the MISPEvent or MISPObject of the attribute
-
         for e in events_json['response']:
             # find the value as attribute
             attr = get_attribute_in_event(e, request.entity.value)
             if attr:
-                response += event_to_entity(e)
+                response += event_to_entity(e, link_direction=LinkDirection.OutputToInput)
             # find the value as object
             if 'Object' in e['Event']:
                 for o in e['Event']['Object']:
                     if get_attribute_in_object(o, attribute_value=request.entity.value).get('value'):
-                        response += object_to_entity(o)
+                        response += object_to_entity(o, link_direction=LinkDirection.OutputToInput)
 
         return response

src/MISP_maltego/transforms/common/util.py

@@ -376,13 +376,20 @@ def tag_matches_note_prefix(tag):
     return False
 
 
-def event_to_entity(e, link_style=LinkStyle.Normal):
+def event_to_entity(e, link_style=LinkStyle.Normal, link_direction=LinkDirection.InputToOutput):
     tags = []
     if 'Tag' in e['Event']:
         for t in e['Event']['Tag']:
             tags.append(t['name'])
     notes = convert_tags_to_note(tags)
-    return MISPEvent(e['Event']['id'], uuid=e['Event']['uuid'], info=e['Event']['info'], link_style=link_style, notes=notes, bookmark=Bookmark.Green)
+    return MISPEvent(
+        e['Event']['id'],
+        uuid=e['Event']['uuid'],
+        info=e['Event']['info'],
+        link_style=link_style,
+        link_direction=link_direction,
+        notes=notes,
+        bookmark=Bookmark.Green)
 
 
 def galaxycluster_to_entity(c, link_label=None, link_direction=LinkDirection.InputToOutput):

src/MISP_maltego/transforms/galaxytoevent.py

@@ -32,14 +32,9 @@ class GalaxyToEvents(Transform):
             tag_name = maltego_misp_galaxy.value
         events_json = misp.search(controller='events', tags=tag_name, withAttachments=False)
         for e in events_json['response']:
-            response += MISPEvent(e['Event']['id'], uuid=e['Event']['uuid'], info=e['Event']['info'])
+            response += MISPEvent(e['Event']['id'], uuid=e['Event']['uuid'], info=e['Event']['info'], link_direction=LinkDirection.OutputToInput)
         return response
 
-    def on_terminate(self):
-        """This method gets called when transform execution is prematurely terminated. It is only applicable for local
-        transforms. It can be excluded if you don't need it."""
-        pass
-
 
 # @EnableDebugWindow
 class GalaxyToRelations(Transform):
@@ -66,8 +61,6 @@ class GalaxyToRelations(Transform):
                     response += galaxycluster_to_entity(potential_cluster, link_label='Search result')
                 return response
 
-        # import json
-        # print(json.dumps(current_cluster))
         if not current_cluster:
             response += UIMessage("Galaxy Cluster UUID not in local mapping. Please update local cache; non-public UUID are not supported yet.", type=UIMessageType.Inform)
             return response