mirror of https://github.com/MISP/PyMISP
Add last param to restSearch + example script
Raphaël Vinot
parent
effd8084a7
commit
97dfe2a4f6
|
|
@ -0,0 +1,44 @@
|
|||
#!/usr/bin/env python
|
||||
# -*- coding: utf-8 -*-
|
||||
|
||||
from pymisp import PyMISP
|
||||
from keys import url_priv, key_priv
|
||||
# from keys import url_cert, key_cert
|
||||
import argparse
|
||||
import os
|
||||
import json
|
||||
|
||||
|
||||
# Usage for pipe masters: ./last.py -l 5h | jq .
|
||||
|
||||
|
||||
def init(url, key):
|
||||
return PyMISP(url, key, True, 'json')
|
||||
|
||||
|
||||
def download_last(m, last, out=None):
|
||||
result = m.download_last(last)
|
||||
if out is None:
|
||||
for e in result['response']:
|
||||
print(json.dumps(e) + '\n')
|
||||
else:
|
||||
with open(out, 'w') as f:
|
||||
for e in result['response']:
|
||||
f.write(json.dumps(e) + '\n')
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
parser = argparse.ArgumentParser(description='Download latest events from a MISP instance.')
|
||||
parser.add_argument("-l", "--last", required=True, help="can be defined in days, hours, minutes (for example 5d or 12h or 30m).")
|
||||
parser.add_argument("-o", "--output", help="Output file")
|
||||
|
||||
args = parser.parse_args()
|
||||
|
||||
if args.output is not None and os.path.exists(args.output):
|
||||
print('Output file already exists, abord.')
|
||||
exit(0)
|
||||
|
||||
misp = init(url_priv, key_priv)
|
||||
# misp = init(url_cert, key_cert)
|
||||
|
||||
download_last(misp, args.last, args.output)
|
||||
|
|
@ -69,7 +69,6 @@ class PyMISP(object):
|
|||
return query
|
||||
url = self.rest.format(path)
|
||||
query = {'request': query}
|
||||
print(json.dumps(query))
|
||||
r = session.post(url, data=json.dumps(query))
|
||||
return r.json()
|
||||
|
||||
|
|
@ -207,7 +206,7 @@ class PyMISP(object):
|
|||
|
||||
def search(self, values=None, not_values=None, type_attribute=None,
|
||||
category=None, org=None, tags=None, not_tags=None, date_from=None,
|
||||
date_to=None):
|
||||
date_to=None, last=None):
|
||||
"""
|
||||
Search via the Rest API
|
||||
|
||||
|
|
@ -220,6 +219,7 @@ class PyMISP(object):
|
|||
:param not_tags: Tags *not* to search for
|
||||
:param date_from: First date
|
||||
:param date_to: Last date
|
||||
:param last: Last updated events (for example 5d or 12h or 30m)
|
||||
|
||||
"""
|
||||
val = self.__prepare_rest_search(values, not_values).replace('/', '|')
|
||||
|
|
@ -245,6 +245,8 @@ class PyMISP(object):
|
|||
query['to'] = date_to.strftime('%Y-%m-%d')
|
||||
else:
|
||||
query['to'] = date_to
|
||||
if last is not None:
|
||||
query['last'] = last
|
||||
|
||||
session = self.__prepare_session()
|
||||
return self.__query(session, 'restSearch/download', query)
|
||||
|
|
@ -260,6 +262,14 @@ class PyMISP(object):
|
|||
session = self.__prepare_session()
|
||||
return session.get(attach.format(event_id))
|
||||
|
||||
def download_last(self, last):
|
||||
"""
|
||||
Download the last updated events.
|
||||
|
||||
:param last: can be defined in days, hours, minutes (for example 5d or 12h or 30m)
|
||||
"""
|
||||
return self.search(last=last)
|
||||
|
||||
# ############## Export ###############
|
||||
|
||||
def download_all(self):
|
||||
|
|
|
|||
Loading…
Reference in New Issue