mirror of https://github.com/MISP/PyMISP
Allow to update an event by UUID, syntax fixes.
parent
7c8cde0afd
commit
748136f3f1
|
@ -255,7 +255,7 @@ class PyMISP(object):
|
|||
|
||||
def add_event(self, event):
|
||||
"""Add a new event
|
||||
|
||||
|
||||
:param event: Event as JSON object / string or XML to add
|
||||
"""
|
||||
session = self.__prepare_session()
|
||||
|
@ -327,7 +327,10 @@ class PyMISP(object):
|
|||
return self.get_stix_event(**kwargs)
|
||||
|
||||
def update(self, event):
|
||||
eid = event['Event']['id']
|
||||
if event['Event'].get('uuid'):
|
||||
eid = event['Event']['uuid']
|
||||
else:
|
||||
eid = event['Event']['id']
|
||||
return self.update_event(eid, event)
|
||||
|
||||
def publish(self, event):
|
||||
|
@ -360,7 +363,7 @@ class PyMISP(object):
|
|||
response = session.post(urljoin(self.root_url, 'events/removeTag'), data=json.dumps(to_post))
|
||||
return self._check_response(response)
|
||||
|
||||
def _valid_uuid(self,uuid):
|
||||
def _valid_uuid(self, uuid):
|
||||
"""Test if uuid is valid
|
||||
Will test against CakeText's RFC 4122, i.e
|
||||
"the third group must start with a 4,
|
||||
|
@ -422,13 +425,13 @@ class PyMISP(object):
|
|||
return self.add_named_attribute(event, 'filename', filename, category, to_ids, comment, distribution, proposal)
|
||||
|
||||
def add_attachment(self, event, filename, attachment=None, category='Artifacts dropped', to_ids=False, comment=None, distribution=None, proposal=False):
|
||||
"""Add an attachment to the MISP event
|
||||
"""Add an attachment to the MISP event
|
||||
|
||||
:param event: The event to add an attachment to
|
||||
:param filename: The name you want to store the file under
|
||||
:param attachment: Either a file handle or a path to a file - will be uploaded
|
||||
"""
|
||||
|
||||
|
||||
if hasattr(attachment, "read"):
|
||||
# It's a file handle - we can read it
|
||||
fileData = attachment.read()
|
||||
|
@ -447,9 +450,10 @@ class PyMISP(object):
|
|||
# we just need to b64 encode it and send it on its way
|
||||
# also, just decode it to utf-8 to avoid the b'string' format
|
||||
encodedData = base64.b64encode(fileData.encode("utf-8")).decode("utf-8")
|
||||
|
||||
|
||||
# Send it on its way
|
||||
return self.add_named_attribute(event, 'attachment', filename, category, to_ids, comment, distribution, proposal, data=encodedData)
|
||||
|
||||
def add_regkey(self, event, regkey, rvalue=None, category='Artifacts dropped', to_ids=True, comment=None, distribution=None, proposal=False):
|
||||
if rvalue:
|
||||
type_value = 'regkey|value'
|
||||
|
|
|
@ -78,6 +78,7 @@ class MISPAttribute(object):
|
|||
self.SharingGroup = []
|
||||
self.ShadowAttribute = []
|
||||
self.disable_correlation = False
|
||||
self.RelatedAttribute = []
|
||||
|
||||
def _serialize(self):
|
||||
return '{type}{category}{to_ids}{uuid}{timestamp}{comment}{deleted}{value}'.format(
|
||||
|
@ -172,7 +173,7 @@ class MISPAttribute(object):
|
|||
if kwargs.get('sig'):
|
||||
self.sig = kwargs['sig']
|
||||
|
||||
# If the user wants to disable correlation, let them. Defaults to False.
|
||||
# If the user wants to disable correlation, let them. Defaults to False.
|
||||
self.disable_correlation = kwargs.get("disable_correlation", False)
|
||||
|
||||
def _prepare_new_malware_sample(self):
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
|
||||
try:
|
||||
from misp_stix_converter.converters.buildMISPAttribute import buildEvent
|
||||
from misp_stix_converter.converters import convert
|
||||
from misp_stix_converter.converters import convert
|
||||
from misp_stix_converter.converters.convert import MISPtoSTIX
|
||||
has_misp_stix_converter = True
|
||||
except ImportError:
|
||||
|
|
Loading…
Reference in New Issue