MISP
/
PyMISP
mirror of https://github.com/MISP/PyMISP
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #952 from UFOSmuggler/feature/to_feed-add-event-reports 

Add kwarg to to_feed() that allows users to include event reports
pull/955/head
Raphaël Vinot 2023-03-15 10:11:09 +01:00 committed by GitHub
parent 9c17289d93 15e6bc2c18
commit 5d2d1da31f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
pymisp/mispevent.py
View File

@ -1594,12 +1594,13 @@ class MISPEvent(AbstractMISP):
to_return += attribute.hash_values(algorithm)
return to_return
def to_feed(self, valid_distributions: List[int] = [0, 1, 2, 3, 4, 5], with_meta: bool = False, with_distribution=False, with_local_tags: bool = True) -> Dict:
def to_feed(self, valid_distributions: List[int] = [0, 1, 2, 3, 4, 5], with_meta: bool = False, with_distribution=False, with_local_tags: bool = True, with_event_reports: bool = False) -> Dict:
""" Generate a json output for MISP Feed.
:param valid_distributions: only makes sense if the distribution key is set; i.e., the event is exported from a MISP instance.
:param with_distribution: exports distribution and Sharing Group info; otherwise all SharingGroup information is discarded (protecting privacy)
:param with_local_tags: tag export includes local exportable tags along with global exportable tags
:param with_event_reports: include event reports in the returned MISP event
"""
required = ['info', 'Orgc']
for r in required:
@ -1653,6 +1654,18 @@ class MISPEvent(AbstractMISP):
except AttributeError:
pass
if with_event_reports and self.event_reports:
to_return['EventReport'] = []
for event_report in self.event_reports:
if (valid_distributions and event_report.get('distribution') is not None and event_report.distribution not in valid_distributions):
continue
if not with_distribution:
event_report.pop('distribution', None)
event_report.pop('SharingGroup', None)
event_report.pop('sharing_group_id', None)
to_return['EventReport'].append(event_report.to_dict())
return {'Event': to_return}
@property