From 80f242bbea37808875ec2f40ed7ab6f43fa6b27d Mon Sep 17 00:00:00 2001 From: UFOSmuggler Date: Wed, 15 Mar 2023 13:27:59 +1100 Subject: [PATCH 1/2] Add kwarg to allow the inclusion of event reports into to_feed(), honour with_distribution and valid_distributions kwargs --- pymisp/mispevent.py | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/pymisp/mispevent.py b/pymisp/mispevent.py index 63ebb3a..fb1dc81 100644 --- a/pymisp/mispevent.py +++ b/pymisp/mispevent.py @@ -1594,12 +1594,13 @@ class MISPEvent(AbstractMISP): to_return += attribute.hash_values(algorithm) return to_return - def to_feed(self, valid_distributions: List[int] = [0, 1, 2, 3, 4, 5], with_meta: bool = False, with_distribution=False, with_local_tags: bool = True) -> Dict: + def to_feed(self, valid_distributions: List[int] = [0, 1, 2, 3, 4, 5], with_meta: bool = False, with_distribution=False, with_local_tags: bool = True, include_event_reports: bool = False) -> Dict: """ Generate a json output for MISP Feed. :param valid_distributions: only makes sense if the distribution key is set; i.e., the event is exported from a MISP instance. :param with_distribution: exports distribution and Sharing Group info; otherwise all SharingGroup information is discarded (protecting privacy) :param with_local_tags: tag export includes local exportable tags along with global exportable tags + :param include_event_reports: include event reports in the returned MISP event """ required = ['info', 'Orgc'] for r in required: @@ -1653,6 +1654,18 @@ class MISPEvent(AbstractMISP): except AttributeError: pass + if include_event_reports and self.event_reports: + to_return['EventReport'] = [] + for event_report in self.event_reports: + if (valid_distributions and event_report.get('distribution') is not None and event_report.distribution not in valid_distributions): + continue + if not with_distribution: + event_report.pop('distribution', None) + event_report.pop('SharingGroup', None) + event_report.pop('sharing_group_id', None) + to_return['EventReport'].append(event_report.to_dict()) + + return {'Event': to_return} @property From 15e6bc2c180a1551440b106d3b14f11a93ff85d0 Mon Sep 17 00:00:00 2001 From: UFOSmuggler Date: Wed, 15 Mar 2023 13:32:45 +1100 Subject: [PATCH 2/2] Rename include_event_reports kwarg to with_event_reports, in-line with other kwarg naming --- pymisp/mispevent.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pymisp/mispevent.py b/pymisp/mispevent.py index fb1dc81..8d9ed05 100644 --- a/pymisp/mispevent.py +++ b/pymisp/mispevent.py @@ -1594,13 +1594,13 @@ class MISPEvent(AbstractMISP): to_return += attribute.hash_values(algorithm) return to_return - def to_feed(self, valid_distributions: List[int] = [0, 1, 2, 3, 4, 5], with_meta: bool = False, with_distribution=False, with_local_tags: bool = True, include_event_reports: bool = False) -> Dict: + def to_feed(self, valid_distributions: List[int] = [0, 1, 2, 3, 4, 5], with_meta: bool = False, with_distribution=False, with_local_tags: bool = True, with_event_reports: bool = False) -> Dict: """ Generate a json output for MISP Feed. :param valid_distributions: only makes sense if the distribution key is set; i.e., the event is exported from a MISP instance. :param with_distribution: exports distribution and Sharing Group info; otherwise all SharingGroup information is discarded (protecting privacy) :param with_local_tags: tag export includes local exportable tags along with global exportable tags - :param include_event_reports: include event reports in the returned MISP event + :param with_event_reports: include event reports in the returned MISP event """ required = ['info', 'Orgc'] for r in required: @@ -1654,7 +1654,7 @@ class MISPEvent(AbstractMISP): except AttributeError: pass - if include_event_reports and self.event_reports: + if with_event_reports and self.event_reports: to_return['EventReport'] = [] for event_report in self.event_reports: if (valid_distributions and event_report.get('distribution') is not None and event_report.distribution not in valid_distributions):