From cf45bf0c461bcc25bc8e082f74428310f6cbf781 Mon Sep 17 00:00:00 2001 From: Tom King Date: Tue, 26 Nov 2019 12:21:24 +0000 Subject: [PATCH 1/3] new: Delete tags via update_attribute, search by sharing group --- pymisp/abstract.py | 4 ++++ pymisp/aping.py | 2 ++ 2 files changed, 6 insertions(+) diff --git a/pymisp/abstract.py b/pymisp/abstract.py index 29e027c..8a6917b 100644 --- a/pymisp/abstract.py +++ b/pymisp/abstract.py @@ -422,3 +422,7 @@ class MISPTag(AbstractMISP): if hasattr(self, 'exportable') and not self.exportable: return False return super(MISPTag, self)._to_feed() + + def delete(self): + self.deleted = True + self.edited = True diff --git a/pymisp/aping.py b/pymisp/aping.py index bc84afc..b4b876b 100644 --- a/pymisp/aping.py +++ b/pymisp/aping.py @@ -1392,6 +1392,7 @@ class ExpandedPyMISP(PyMISP): headerless: Optional[bool]=None, include_sightings: Optional[bool]=None, includeSightings: Optional[bool]=None, include_correlations: Optional[bool]=None, includeCorrelations: Optional[bool]=None, + sharinggroup: Optional[SearchType]=None, pythonify: Optional[bool]=False, **kwargs): '''Search in the MISP instance @@ -1585,6 +1586,7 @@ class ExpandedPyMISP(PyMISP): analysis: Optional[List[SearchType]]=None, org: Optional[SearchParameterTypes]=None, timestamp: Optional[DateInterval]=None, + sharinggroup: Optional[SearchType]=None, pythonify: Optional[bool]=None): """Search only at the index level. Using ! in front of a value means NOT (default is OR) From 415e06f37598b15a247d9564338be057cd581218 Mon Sep 17 00:00:00 2001 From: Tom King Date: Thu, 13 Feb 2020 16:20:14 +0000 Subject: [PATCH 2/3] fix: merge SG params to allow search --- pymisp/aping.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/pymisp/aping.py b/pymisp/aping.py index b4b876b..6e29ea9 100644 --- a/pymisp/aping.py +++ b/pymisp/aping.py @@ -1488,6 +1488,7 @@ class ExpandedPyMISP(PyMISP): query['eventid'] = eventid query['withAttachments'] = self._make_misp_bool(with_attachments) query['metadata'] = self._make_misp_bool(metadata) + query['sharinggroup'] = sharinggroup query['uuid'] = uuid if publish_timestamp is not None: if isinstance(publish_timestamp, (list, tuple)): @@ -1586,7 +1587,7 @@ class ExpandedPyMISP(PyMISP): analysis: Optional[List[SearchType]]=None, org: Optional[SearchParameterTypes]=None, timestamp: Optional[DateInterval]=None, - sharinggroup: Optional[SearchType]=None, + sharinggroup: Optional[List[SearchType]]=None, pythonify: Optional[bool]=None): """Search only at the index level. Using ! in front of a value means NOT (default is OR) @@ -1610,7 +1611,8 @@ class ExpandedPyMISP(PyMISP): query['datefrom'] = self._make_timestamp(query.pop('date_from')) if query.get('date_to'): query['dateuntil'] = self._make_timestamp(query.pop('date_to')) - + if isinstance(query.get('sharinggroup'), list): + query['sharinggroup'] = '|'.join([str(sg) for sg in query['sharinggroup']]) if query.get('timestamp') is not None: timestamp = query.pop('timestamp') if isinstance(timestamp, (list, tuple)): From b08d26d762c351661f19a366aa581b66b2fc2344 Mon Sep 17 00:00:00 2001 From: Tom King Date: Thu, 13 Feb 2020 16:35:11 +0000 Subject: [PATCH 3/3] chg: Remove SG search for search() func as this doesn't support SG searching, but the index does --- pymisp/api.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/pymisp/api.py b/pymisp/api.py index a614fae..46a9ac9 100644 --- a/pymisp/api.py +++ b/pymisp/api.py @@ -1379,7 +1379,6 @@ class PyMISP: include_sightings: Optional[bool]=None, includeSightings: Optional[bool]=None, include_correlations: Optional[bool]=None, includeCorrelations: Optional[bool]=None, include_decay_score: Optional[bool] = None, includeDecayScore: Optional[bool] = None, - sharinggroup: Optional[SearchType]=None, pythonify: Optional[bool]=False, **kwargs) -> Union[dict, str, List[Union[MISPEvent, MISPAttribute]]]: '''Search in the MISP instance @@ -1417,7 +1416,6 @@ class PyMISP: :param include_sightings: [JSON Only - Attribute] Include the sightings of the matching attributes. :param include_decay_score: Include the decay score at attribute level. :param include_correlations: [JSON Only - attribute] Include the correlations of the matching attributes. - :param sharinggroup: Restrict by a sharing group :param pythonify: Returns a list of PyMISP Objects instead of the plain json output. Warning: it might use a lot of RAM Deprecated: @@ -1479,7 +1477,6 @@ class PyMISP: query['eventid'] = eventid query['withAttachments'] = self._make_misp_bool(with_attachments) query['metadata'] = self._make_misp_bool(metadata) - query['sharinggroup'] = sharinggroup query['uuid'] = uuid if publish_timestamp is not None: if isinstance(publish_timestamp, (list, tuple)): @@ -1599,6 +1596,7 @@ class PyMISP: :param analysis: Analysis level(s) (0,1,2) | list :param org: Search by the creator organisation by supplying the organisation identifier. :param timestamp: Restrict the results by the timestamp (last edit). Any event with a timestamp newer than the given timestamp will be returned. In case you are dealing with /attributes as scope, the attribute's timestamp will be used for the lookup. + :param sharinggroup: Restrict by a sharing group | list :param pythonify: Returns a list of PyMISP Objects instead or the plain json output. Warning: it might use a lot of RAM """ query = locals()