new: [sighting] Added support of sighting REST API

pull/291/head
Sami Mokaddem 2018-10-23 18:23:11 +02:00
parent 0a2a6b3d6b
commit 7975c03774
1 changed files with 50 additions and 3 deletions

View File

@ -1021,8 +1021,8 @@ class PyMISP(object):
"""Helper to prepare a search query""" """Helper to prepare a search query"""
if query.get('error') is not None: if query.get('error') is not None:
return query return query
if controller not in ['events', 'attributes', 'objects']: if controller not in ['events', 'attributes', 'objects', 'sightings']:
raise ValueError('Invalid controller. Can only be {}'.format(', '.join(['events', 'attributes', 'objects']))) raise ValueError('Invalid controller. Can only be {}'.format(', '.join(['events', 'attributes', 'objects', 'sightings'])))
url = urljoin(self.root_url, '{}/{}'.format(controller, path.lstrip('/'))) url = urljoin(self.root_url, '{}/{}'.format(controller, path.lstrip('/')))
if ASYNC_OK and async_callback: if ASYNC_OK and async_callback:
@ -1434,7 +1434,7 @@ class PyMISP(object):
:value: Value of the attribute the sighting is related too. Pushing this object :value: Value of the attribute the sighting is related too. Pushing this object
will update the sighting count of each attriutes with thifs value on the instance will update the sighting count of each attriutes with thifs value on the instance
:uuid: UUID of the attribute to update :uuid: UUID of the attribute to update
:id: ID of the attriute to update :id: ID of the attribute to update
:source: Source of the sighting :source: Source of the sighting
:type: Type of the sighting :type: Type of the sighting
:timestamp: Timestamp associated to the sighting :timestamp: Timestamp associated to the sighting
@ -1473,6 +1473,53 @@ class PyMISP(object):
response = self._prepare_request('POST', url) response = self._prepare_request('POST', url)
return self._check_response(response) return self._check_response(response)
def sighting_search(self, context='', async_callback=None, **kwargs):
"""Search sightings via the REST API
:context: The context of the search, could be attribute, event or False
:param id: ID of the attribute or event if context is specified
:param type: Type of the sighting
:param from: From date
:param to: To date
:param last: Last published sighting (e.g. 5m, 3h, 7d)
:param org_id: The org_id
:param source: The source of the sighting
:param includeAttribute: Should the result include attribute data
:param includeEvent: Should the result include event data
:param async_callback: The function to run when results are returned
:Example:
>>> misp.sighting_search({'last': '30d'}) # search sightings for the last 30 days on the instance
[ ... ]
>>> misp.sighting_search('attribute', {'id': 6, 'includeAttribute': 1}) # return list of sighting for attribute 6 along with the attribute itself
[ ... ]
>>> misp.sighting_search('event', {'id': 17, 'includeEvent': 1, 'org_id': 2}) # return list of sighting for event 17 filtered with org id 2
"""
if context not in ['', 'attribute', 'event']:
raise Exception('Context parameter must be empty, "attribute" or "event"')
query = {}
# Sighting: array('id', 'type', 'from', 'to', 'last', 'org_id', 'includeAttribute', 'includeEvent');
query['returnFormat'] = kwargs.pop('returnFormat', 'json')
query['id'] = kwargs.pop('id', None)
query['type'] = kwargs.pop('type', None)
query['from'] = kwargs.pop('from', None)
query['to'] = kwargs.pop('to', None)
query['last'] = kwargs.pop('last', None)
query['org_id'] = kwargs.pop('org_id', None)
query['source'] = kwargs.pop('source', None)
query['includeAttribute'] = kwargs.pop('includeAttribute', None)
query['includeEvent'] = kwargs.pop('includeEvent', None)
# Cleanup
query = {k: v for k, v in query.items() if v is not None}
if kwargs:
raise SearchError('Unused parameter: {}'.format(', '.join(kwargs.keys())))
# Create a session, make it async if and only if we have a callback
controller = 'sightings'
return self.__query('restSearch/'+context, query, controller, async_callback)
# ############## Sharing Groups ################## # ############## Sharing Groups ##################
def get_sharing_groups(self): def get_sharing_groups(self):