new: [sighting] Added support of sighting REST API

pull/291/head
Sami Mokaddem 2018-10-23 18:23:11 +02:00
parent 0a2a6b3d6b
commit 7975c03774
1 changed files with 50 additions and 3 deletions

View File

@ -1021,8 +1021,8 @@ class PyMISP(object):
"""Helper to prepare a search query"""
if query.get('error') is not None:
return query
if controller not in ['events', 'attributes', 'objects']:
raise ValueError('Invalid controller. Can only be {}'.format(', '.join(['events', 'attributes', 'objects'])))
if controller not in ['events', 'attributes', 'objects', 'sightings']:
raise ValueError('Invalid controller. Can only be {}'.format(', '.join(['events', 'attributes', 'objects', 'sightings'])))
url = urljoin(self.root_url, '{}/{}'.format(controller, path.lstrip('/')))
if ASYNC_OK and async_callback:
@ -1434,7 +1434,7 @@ class PyMISP(object):
:value: Value of the attribute the sighting is related too. Pushing this object
will update the sighting count of each attriutes with thifs value on the instance
:uuid: UUID of the attribute to update
:id: ID of the attriute to update
:id: ID of the attribute to update
:source: Source of the sighting
:type: Type of the sighting
:timestamp: Timestamp associated to the sighting
@ -1473,6 +1473,53 @@ class PyMISP(object):
response = self._prepare_request('POST', url)
return self._check_response(response)
def sighting_search(self, context='', async_callback=None, **kwargs):
"""Search sightings via the REST API
:context: The context of the search, could be attribute, event or False
:param id: ID of the attribute or event if context is specified
:param type: Type of the sighting
:param from: From date
:param to: To date
:param last: Last published sighting (e.g. 5m, 3h, 7d)
:param org_id: The org_id
:param source: The source of the sighting
:param includeAttribute: Should the result include attribute data
:param includeEvent: Should the result include event data
:param async_callback: The function to run when results are returned
:Example:
>>> misp.sighting_search({'last': '30d'}) # search sightings for the last 30 days on the instance
[ ... ]
>>> misp.sighting_search('attribute', {'id': 6, 'includeAttribute': 1}) # return list of sighting for attribute 6 along with the attribute itself
[ ... ]
>>> misp.sighting_search('event', {'id': 17, 'includeEvent': 1, 'org_id': 2}) # return list of sighting for event 17 filtered with org id 2
"""
if context not in ['', 'attribute', 'event']:
raise Exception('Context parameter must be empty, "attribute" or "event"')
query = {}
# Sighting: array('id', 'type', 'from', 'to', 'last', 'org_id', 'includeAttribute', 'includeEvent');
query['returnFormat'] = kwargs.pop('returnFormat', 'json')
query['id'] = kwargs.pop('id', None)
query['type'] = kwargs.pop('type', None)
query['from'] = kwargs.pop('from', None)
query['to'] = kwargs.pop('to', None)
query['last'] = kwargs.pop('last', None)
query['org_id'] = kwargs.pop('org_id', None)
query['source'] = kwargs.pop('source', None)
query['includeAttribute'] = kwargs.pop('includeAttribute', None)
query['includeEvent'] = kwargs.pop('includeEvent', None)
# Cleanup
query = {k: v for k, v in query.items() if v is not None}
if kwargs:
raise SearchError('Unused parameter: {}'.format(', '.join(kwargs.keys())))
# Create a session, make it async if and only if we have a callback
controller = 'sightings'
return self.__query('restSearch/'+context, query, controller, async_callback)
# ############## Sharing Groups ##################
def get_sharing_groups(self):