From 9d57313bb3d7e5f94805fcdfa32fc14ad2cabdad Mon Sep 17 00:00:00 2001
From: Sebdraven <slarinier@gmail.com>
Date: Mon, 11 Mar 2019 16:46:39 +0100
Subject: [PATCH] add a tranform to have just tags and galaxy on a Event

---
 .../transforms/attributetoevent.py            |  1 +
 .../transforms/eventtoattributes.py           | 29 +++++++++++++++++++
 2 files changed, 30 insertions(+)

diff --git a/src/MISP_maltego/transforms/attributetoevent.py b/src/MISP_maltego/transforms/attributetoevent.py
index c9dbb4f..f40e15b 100644
--- a/src/MISP_maltego/transforms/attributetoevent.py
+++ b/src/MISP_maltego/transforms/attributetoevent.py
@@ -25,6 +25,7 @@ class AttributeToEvent(Transform):
         misp = get_misp_connection(config)
         # misp.
         events_json = misp.search(controller='events', values=maltego_misp_attribute.value, withAttachments=False)
+
         for e in events_json['response']:
             response += event_to_entity(e)
         return response
diff --git a/src/MISP_maltego/transforms/eventtoattributes.py b/src/MISP_maltego/transforms/eventtoattributes.py
index 886a513..e144d2a 100644
--- a/src/MISP_maltego/transforms/eventtoattributes.py
+++ b/src/MISP_maltego/transforms/eventtoattributes.py
@@ -17,7 +17,35 @@ __maintainer__ = 'Christophe Vandeplas'
 __email__ = 'christophe@vandeplas.com'
 __status__ = 'Development'
 
+# @EnableDebugWindow
+class EventToTags(Transform):
+    """"Expands an object to its attributes"""
+    input_type = MISPEvent
+    description = 'Expands an Event with tags'
 
+    def do_transform(self, request, response, config):
+        maltego_misp_event = request.entity
+        misp = get_misp_connection(config)
+        event_json = misp.get_event(maltego_misp_event.id)
+        event_tags = []
+
+        if 'Tag' in event_json['Event']:
+            for t in event_json['Event']['Tag']:
+                event_tags.append(t['name'])
+                # ignore all misp-galaxies
+                if t['name'].startswith('misp-galaxy'):
+                    continue
+                response += Hashtag(t['name'])
+
+        for g in event_json['Event']['Galaxy']:
+            for c in g['GalaxyCluster']:
+                response += galaxycluster_to_entity(c)
+        return response
+
+    def on_terminate(self):
+        """This method gets called when transform execution is prematurely terminated. It is only applicable for local
+        transforms. It can be excluded if you don't need it."""
+        pass
 # @EnableDebugWindow
 class EventToAttributes(Transform):
     """Expands an event to attributes, objects, tags and galaxies."""
@@ -81,3 +109,4 @@ class ObjectToAttributes(Transform):
                         response += entity
 
         return response
+