diff --git a/pymisp/api.py b/pymisp/api.py index 1a769cd..a2cccb8 100644 --- a/pymisp/api.py +++ b/pymisp/api.py @@ -255,7 +255,7 @@ class PyMISP(object): def add_event(self, event): """Add a new event - + :param event: Event as JSON object / string or XML to add """ session = self.__prepare_session() @@ -327,7 +327,10 @@ class PyMISP(object): return self.get_stix_event(**kwargs) def update(self, event): - eid = event['Event']['id'] + if event['Event'].get('uuid'): + eid = event['Event']['uuid'] + else: + eid = event['Event']['id'] return self.update_event(eid, event) def publish(self, event): @@ -360,7 +363,7 @@ class PyMISP(object): response = session.post(urljoin(self.root_url, 'events/removeTag'), data=json.dumps(to_post)) return self._check_response(response) - def _valid_uuid(self,uuid): + def _valid_uuid(self, uuid): """Test if uuid is valid Will test against CakeText's RFC 4122, i.e "the third group must start with a 4, @@ -422,13 +425,13 @@ class PyMISP(object): return self.add_named_attribute(event, 'filename', filename, category, to_ids, comment, distribution, proposal) def add_attachment(self, event, filename, attachment=None, category='Artifacts dropped', to_ids=False, comment=None, distribution=None, proposal=False): - """Add an attachment to the MISP event + """Add an attachment to the MISP event :param event: The event to add an attachment to :param filename: The name you want to store the file under :param attachment: Either a file handle or a path to a file - will be uploaded """ - + if hasattr(attachment, "read"): # It's a file handle - we can read it fileData = attachment.read() @@ -447,9 +450,10 @@ class PyMISP(object): # we just need to b64 encode it and send it on its way # also, just decode it to utf-8 to avoid the b'string' format encodedData = base64.b64encode(fileData.encode("utf-8")).decode("utf-8") - + # Send it on its way return self.add_named_attribute(event, 'attachment', filename, category, to_ids, comment, distribution, proposal, data=encodedData) + def add_regkey(self, event, regkey, rvalue=None, category='Artifacts dropped', to_ids=True, comment=None, distribution=None, proposal=False): if rvalue: type_value = 'regkey|value' diff --git a/pymisp/mispevent.py b/pymisp/mispevent.py index a2a0f92..6441179 100644 --- a/pymisp/mispevent.py +++ b/pymisp/mispevent.py @@ -78,6 +78,7 @@ class MISPAttribute(object): self.SharingGroup = [] self.ShadowAttribute = [] self.disable_correlation = False + self.RelatedAttribute = [] def _serialize(self): return '{type}{category}{to_ids}{uuid}{timestamp}{comment}{deleted}{value}'.format( @@ -172,7 +173,7 @@ class MISPAttribute(object): if kwargs.get('sig'): self.sig = kwargs['sig'] - # If the user wants to disable correlation, let them. Defaults to False. + # If the user wants to disable correlation, let them. Defaults to False. self.disable_correlation = kwargs.get("disable_correlation", False) def _prepare_new_malware_sample(self): diff --git a/pymisp/tools/stix.py b/pymisp/tools/stix.py index b6463c8..c3a81fb 100644 --- a/pymisp/tools/stix.py +++ b/pymisp/tools/stix.py @@ -3,7 +3,7 @@ try: from misp_stix_converter.converters.buildMISPAttribute import buildEvent - from misp_stix_converter.converters import convert + from misp_stix_converter.converters import convert from misp_stix_converter.converters.convert import MISPtoSTIX has_misp_stix_converter = True except ImportError: