mirror of https://github.com/MISP/PyMISP
new: Add method to get all the events modified in an interval
Raphaël Vinot
parent
9f8f15fb2b
commit
5cbcc09d7d
|
|
@ -6,6 +6,7 @@
|
||||||
import sys
|
import sys
|
||||||
import json
|
import json
|
||||||
import datetime
|
import datetime
|
||||||
|
from dateutil.parser import parse
|
||||||
import os
|
import os
|
||||||
import base64
|
import base64
|
||||||
import re
|
import re
|
||||||
|
|
@ -1051,7 +1052,7 @@ class PyMISP(object):
|
||||||
:param withAttachments: return events with or without the attachments
|
:param withAttachments: return events with or without the attachments
|
||||||
:param uuid: search by uuid
|
:param uuid: search by uuid
|
||||||
:param publish_timestamp: the publish timestamp
|
:param publish_timestamp: the publish timestamp
|
||||||
:param timestamp: the creation timestamp
|
:param timestamp: the timestamp of the last modification. Can be a list (from->to)
|
||||||
:param enforceWarninglist: Enforce the warning lists
|
:param enforceWarninglist: Enforce the warning lists
|
||||||
:param searchall: full text search on the database
|
:param searchall: full text search on the database
|
||||||
:param metadata: return only metadata if True
|
:param metadata: return only metadata if True
|
||||||
|
|
@ -1186,32 +1187,33 @@ class PyMISP(object):
|
||||||
"""
|
"""
|
||||||
return self.search(last=last)
|
return self.search(last=last)
|
||||||
|
|
||||||
|
def _string_to_timestamp(self, date_string):
|
||||||
|
pydate = parse(date_string)
|
||||||
|
if sys.version_info >= (3, 3):
|
||||||
|
# Sane python version
|
||||||
|
timestamp = pydate.timestamp()
|
||||||
|
else:
|
||||||
|
# Whatever
|
||||||
|
from datetime import timezone # Only for Python < 3.3
|
||||||
|
timestamp = (pydate - datetime(1970, 1, 1, tzinfo=timezone.utc)).total_seconds()
|
||||||
|
return timestamp
|
||||||
|
|
||||||
def get_events_last_modified(self, search_from, search_to=None):
|
def get_events_last_modified(self, search_from, search_to=None):
|
||||||
"""Download the last modified events.
|
"""Download the last modified events.
|
||||||
|
|
||||||
:param search_from: timestamp periode to start. can be defined as a date (2000-12-21)
|
:param search_from: Beginning of the interval. Can be either a timestamp, or a date (2000-12-21)
|
||||||
:param search_to: tamestamp periode to stop
|
:param search_to: End of the interval. Can be either a timestamp, or a date (2000-12-21)
|
||||||
"""
|
"""
|
||||||
|
|
||||||
def checkIfDateAndConvert(d):
|
search_from = self._string_to_timestamp(search_from)
|
||||||
"""Check if the format is a date otherwise we keep the temistamp"""
|
|
||||||
if d and len(d) == 10:
|
|
||||||
if d[4] == '-' and d[7] == '-':
|
|
||||||
return int(datetime.datetime.strptime(d, '%Y-%m-%d').strftime("%s"))
|
|
||||||
if d.isnumeric():
|
|
||||||
return d
|
|
||||||
return False
|
|
||||||
|
|
||||||
search_from = checkIfDateAndConvert(search_from)
|
if search_to is not None:
|
||||||
search_to = checkIfDateAndConvert(search_to)
|
search_to = self._string_to_timestamp(search_to)
|
||||||
|
to_search = [search_from, search_to]
|
||||||
if search_from:
|
|
||||||
if search_to:
|
|
||||||
return self.search(timestamp=[search_from, search_to])
|
|
||||||
else:
|
else:
|
||||||
return self.search(timestamp=search_from)
|
to_search = search_from
|
||||||
|
|
||||||
return {'error': '"search_from" or "search_to" are not in a valid format (timestamp or date(2000-12-21'}
|
return self.search(timestamp=to_search)
|
||||||
|
|
||||||
# ########## Tags ##########
|
# ########## Tags ##########
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue