Merge pull request #806 from MISP/feature-feedgenerator-exclude-malwares

Feature feedgenerator exclude malwares
2021-11-17 15:08:41 +01:00 · 2021-11-17 15:08:41 +01:00 · 72fb17c350
parent cac1bc34e4 57de6de139
commit 72fb17c350
2 changed files with 21 additions and 8 deletions
--- a/examples/feed-generator/generate.py
+++ b/examples/feed-generator/generate.py
@ -5,13 +5,18 @@ import sys
 import json
 import os
 from pymisp import ExpandedPyMISP
-from settings import entries, url, key, ssl, outputdir, filters, valid_attribute_distribution_levels
+from settings import url, key, ssl, outputdir, filters, valid_attribute_distribution_levels

 try:
    from settings import include_deleted
 except ImportError:
    include_deleted = False

+try:
+    from settings import exclude_attribute_types
+except ImportError:
+    exclude_attribute_types = []
+
 valid_attribute_distributions = []


@ -57,7 +62,7 @@ def saveManifest(manifest):
 if __name__ == '__main__':
    misp = init()
    try:
-        events = misp.search(metadata=True, limit=entries, **filters, pythonify=True)
+        events = misp.search_index(minimal=True, **filters, pythonify=False)
    except Exception as e:
        print(e)
        sys.exit("Invalid response received from MISP.")
@ -69,10 +74,14 @@ if __name__ == '__main__':
    total = len(events)
    for event in events:
        try:
-            e = misp.get_event(event.uuid, deleted=include_deleted, pythonify=True)
+            e = misp.get_event(event['uuid'], deleted=include_deleted, pythonify=True)
+            if exclude_attribute_types:
+                for i, attribute in enumerate(e.attributes):
+                    if attribute.type in exclude_attribute_types:
+                        e.attributes.pop(i)
            e_feed = e.to_feed(valid_distributions=valid_attribute_distributions, with_meta=True)
-        except Exception as e:
-            print(e, event.uuid)
+        except Exception as err:
+            print(err, event['uuid'])
            continue
        if not e_feed:
            print(f'Invalid distribution {e.distribution}, skipping')
--- a/examples/feed-generator/settings.default.py
+++ b/examples/feed-generator/settings.default.py
@ -12,9 +12,6 @@ ssl = False
 # sure that you use a directory dedicated to the feed
 outputdir = 'output'

-# Determine the number of entries to output
-entries = 200
-
 # The filters to be used for by the feed. You can use any filter that
 # you can use on the event index, such as organisation, tags, etc.
 # It uses the same joining and condition rules as the API parameters
@ -42,3 +39,10 @@ include_deleted = False
 # 5: Inherit Event
 valid_attribute_distribution_levels = ['0', '1', '2', '3', '4', '5']

+# By default, all attribute passing the filtering rules will be exported.
+# This setting can be used to filter out any attributes being of the type contained in the list. 
+# Warning: Keep in mind that if you propagate data (via synchronisation/feeds/...), recipients
+# will not be able to get these attributes back unless their events get updated.
+# For example:
+# exclude_attribute_types = ['malware-sample']
+exclude_attribute_types = []