From 7975c03774ab57fddf44989ebf1d0c66133a4df9 Mon Sep 17 00:00:00 2001 From: Sami Mokaddem Date: Tue, 23 Oct 2018 18:23:11 +0200 Subject: [PATCH] new: [sighting] Added support of sighting REST API --- pymisp/api.py | 53 ++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 50 insertions(+), 3 deletions(-) diff --git a/pymisp/api.py b/pymisp/api.py index 4a5f555..294c679 100644 --- a/pymisp/api.py +++ b/pymisp/api.py @@ -1021,8 +1021,8 @@ class PyMISP(object): """Helper to prepare a search query""" if query.get('error') is not None: return query - if controller not in ['events', 'attributes', 'objects']: - raise ValueError('Invalid controller. Can only be {}'.format(', '.join(['events', 'attributes', 'objects']))) + if controller not in ['events', 'attributes', 'objects', 'sightings']: + raise ValueError('Invalid controller. Can only be {}'.format(', '.join(['events', 'attributes', 'objects', 'sightings']))) url = urljoin(self.root_url, '{}/{}'.format(controller, path.lstrip('/'))) if ASYNC_OK and async_callback: @@ -1434,7 +1434,7 @@ class PyMISP(object): :value: Value of the attribute the sighting is related too. Pushing this object will update the sighting count of each attriutes with thifs value on the instance :uuid: UUID of the attribute to update - :id: ID of the attriute to update + :id: ID of the attribute to update :source: Source of the sighting :type: Type of the sighting :timestamp: Timestamp associated to the sighting @@ -1473,6 +1473,53 @@ class PyMISP(object): response = self._prepare_request('POST', url) return self._check_response(response) + def sighting_search(self, context='', async_callback=None, **kwargs): + """Search sightings via the REST API + :context: The context of the search, could be attribute, event or False + :param id: ID of the attribute or event if context is specified + :param type: Type of the sighting + :param from: From date + :param to: To date + :param last: Last published sighting (e.g. 5m, 3h, 7d) + :param org_id: The org_id + :param source: The source of the sighting + :param includeAttribute: Should the result include attribute data + :param includeEvent: Should the result include event data + :param async_callback: The function to run when results are returned + + :Example: + + >>> misp.sighting_search({'last': '30d'}) # search sightings for the last 30 days on the instance + [ ... ] + >>> misp.sighting_search('attribute', {'id': 6, 'includeAttribute': 1}) # return list of sighting for attribute 6 along with the attribute itself + [ ... ] + >>> misp.sighting_search('event', {'id': 17, 'includeEvent': 1, 'org_id': 2}) # return list of sighting for event 17 filtered with org id 2 + """ + if context not in ['', 'attribute', 'event']: + raise Exception('Context parameter must be empty, "attribute" or "event"') + query = {} + # Sighting: array('id', 'type', 'from', 'to', 'last', 'org_id', 'includeAttribute', 'includeEvent'); + query['returnFormat'] = kwargs.pop('returnFormat', 'json') + query['id'] = kwargs.pop('id', None) + query['type'] = kwargs.pop('type', None) + query['from'] = kwargs.pop('from', None) + query['to'] = kwargs.pop('to', None) + query['last'] = kwargs.pop('last', None) + query['org_id'] = kwargs.pop('org_id', None) + query['source'] = kwargs.pop('source', None) + query['includeAttribute'] = kwargs.pop('includeAttribute', None) + query['includeEvent'] = kwargs.pop('includeEvent', None) + + # Cleanup + query = {k: v for k, v in query.items() if v is not None} + + if kwargs: + raise SearchError('Unused parameter: {}'.format(', '.join(kwargs.keys()))) + + # Create a session, make it async if and only if we have a callback + controller = 'sightings' + return self.__query('restSearch/'+context, query, controller, async_callback) + # ############## Sharing Groups ################## def get_sharing_groups(self):