mirror of https://github.com/MISP/PyMISP
new: [example:copyTagsFromAttributesToEvent] Added script to copy tags from attributes to the event level
parent
b1892efb6a
commit
2418373c1f
|
@ -0,0 +1,68 @@
|
||||||
|
#!/usr/bin/env python
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
|
||||||
|
from pymisp import PyMISP
|
||||||
|
from keys import misp_url, misp_key, misp_verifycert
|
||||||
|
import argparse
|
||||||
|
import os
|
||||||
|
|
||||||
|
SILENT = False
|
||||||
|
|
||||||
|
|
||||||
|
def getTagToApplyToEvent(event):
|
||||||
|
tags_to_apply = set()
|
||||||
|
|
||||||
|
event_tags = { tag.name for tag in event.tags }
|
||||||
|
for galaxy in event.galaxies:
|
||||||
|
for cluster in galaxy.clusters:
|
||||||
|
event_tags.add(cluster.tag_name)
|
||||||
|
|
||||||
|
for attribute in event.attributes:
|
||||||
|
for attribute_tag in attribute.tags:
|
||||||
|
if attribute_tag.name not in event_tags:
|
||||||
|
tags_to_apply.add(attribute_tag.name)
|
||||||
|
|
||||||
|
return tags_to_apply
|
||||||
|
|
||||||
|
|
||||||
|
def TagEvent(event, tags_to_apply):
|
||||||
|
for tag in tags_to_apply:
|
||||||
|
event.add_tag(tag)
|
||||||
|
return event
|
||||||
|
|
||||||
|
|
||||||
|
def condPrint(text):
|
||||||
|
if not SILENT:
|
||||||
|
print(text)
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
parser = argparse.ArgumentParser(description='Get an event from a MISP instance.')
|
||||||
|
parser.add_argument("-e", "--event", required=True, help="Event ID to get.")
|
||||||
|
parser.add_argument("-y", "--yes", required=False, default=False, action='store_true', help="Automatically accept prompt.")
|
||||||
|
parser.add_argument("-s", "--silent", required=False, default=False, action='store_true', help="No output to stdin.")
|
||||||
|
|
||||||
|
args = parser.parse_args()
|
||||||
|
SILENT = args.silent
|
||||||
|
|
||||||
|
misp = PyMISP(misp_url, misp_key, misp_verifycert)
|
||||||
|
|
||||||
|
event = misp.get_event(args.event, pythonify=True)
|
||||||
|
tags_to_apply = getTagToApplyToEvent(event)
|
||||||
|
condPrint('Tag to apply at event level:')
|
||||||
|
for tag in tags_to_apply:
|
||||||
|
condPrint(f'- {tag}')
|
||||||
|
|
||||||
|
confirmed = False
|
||||||
|
if args.yes:
|
||||||
|
confirmed = True
|
||||||
|
else:
|
||||||
|
confirm = input('Confirm [Y/n]: ')
|
||||||
|
confirmed = len(confirm) == 0 or confirm == 'Y' or confirm == 'y'
|
||||||
|
if confirmed:
|
||||||
|
event = TagEvent(event, tags_to_apply)
|
||||||
|
condPrint(f'Updating event {args.event}')
|
||||||
|
misp.update_event(event)
|
||||||
|
condPrint(f'Event {args.event} tagged with {len(tags_to_apply)} tags')
|
||||||
|
else:
|
||||||
|
condPrint('Operation cancelled')
|
Loading…
Reference in New Issue