From 9b7665b39525556313cec5984b0bee8b5f07e721 Mon Sep 17 00:00:00 2001 From: Richard van den Berg Date: Fri, 10 Jul 2020 19:40:24 +0200 Subject: [PATCH] fix: [misp_retention] Support objects, use lists for build_complex_query() --- tools/misp_retention.py | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) mode change 100644 => 100755 tools/misp_retention.py diff --git a/tools/misp_retention.py b/tools/misp_retention.py old mode 100644 new mode 100755 index 6653ae26c..3c198fa02 --- a/tools/misp_retention.py +++ b/tools/misp_retention.py @@ -42,10 +42,19 @@ class misphelper(object): print("Removing IDS flag in event '{}' on attr '{}'".format(mevent.id, attr["value"])) changed = True attr["to_ids"] = False + self.misp.update_attribute(attr) + for obj in mevent.objects: + for attr in obj.Attribute: + if (attr["type"] == "ip-dst" or attr["type"] == "ip-src") and attr["to_ids"]: + print("Removing IDS flag in event '{}' on attr '{}'".format(mevent.id, attr["value"])) + changed = True + attr["to_ids"] = False + self.misp.update_attribute(attr) self.misp.tag(mevent, self.expiredTag, True) if changed: - res = self.misp.update_event(mevent.id, mevent) + self.misp.update_event(mevent.id, mevent) + self.misp.publish(mevent) def findEventsAfterRetention(self, events, retention): for event in events: @@ -70,7 +79,7 @@ class misphelper(object): for tag in res['entries']: m = re.match(r"^retention:([0-9]+)([d,w,m,y])$", tag["tag"]) if m: - tagSearch = self.misp.build_complex_query(and_parameters = tag["tag"], not_parameters = self.expiredTag) + tagSearch = self.misp.build_complex_query(and_parameters = [tag["tag"]], not_parameters = [self.expiredTag]) events = self.misp.search(published=True, tags=tagSearch) self.findEventsAfterRetention(events, (m.group(1), m.group(2)))