chg: [feed-generator] Added exclude malware samples option

examples/feed-generator/generate.py

@@ -12,6 +12,11 @@ try:
 except ImportError:
     include_deleted = False
 
+try:
+    from settings import exclude_malware_samples
+except ImportError:
+    exclude_malware_samples = False
+
 valid_attribute_distributions = []
 
 
@@ -70,9 +75,13 @@ if __name__ == '__main__':
     for event in events:
         try:
             e = misp.get_event(event.uuid, deleted=include_deleted, pythonify=True)
+            if exclude_malware_samples:
+                for i, attribute in enumerate(e.attributes):
+                    if attribute.type == 'malware-sample':
+                        del e.attributes[i]
             e_feed = e.to_feed(valid_distributions=valid_attribute_distributions, with_meta=True)
-        except Exception as e:
+        except Exception as err:
-            print(e, event.uuid)
+            print(err, event.uuid)
             continue
         if not e_feed:
             print(f'Invalid distribution {e.distribution}, skipping')

examples/feed-generator/settings.default.py

@@ -42,3 +42,9 @@ include_deleted = False
 # 5: Inherit Event
 valid_attribute_distribution_levels = ['0', '1', '2', '3', '4', '5']
 
+
+# By default, all attribute passing the filtering rules will be exported.
+# This setting can be used to filter out attributes being of the type `malaware-sample`. 
+# Warning: Keep in mind that if you propagate data (via synchronisation/feeds/...), recipients
+# will not be able to get the malware samples back.
+exclude_malware_samples = False