Merge remote-tracking branch 'upstream/master'

2018-06-25 04:14:13 +02:00 · 2018-06-25 04:14:13 +02:00 · b96653c74e
parent 400d89c042 454ec18c58
commit b96653c74e
3 changed files with 99 additions and 1 deletions
--- a/.gitignore
+++ b/.gitignore
@ -7,3 +7,4 @@ examples/feed-generator/output/*.json
 build/*
 dist/*
 pymisp.egg-info/*
+.idea
--- a/docs/tutorial/PyMISP
+++ b/docs/tutorial/PyMISP
@ -146,7 +146,7 @@
   "metadata": {},
   "outputs": [],
   "source": [
-    "attribute.add_tag('tlp:amber')\n",
+    "attribute_second.add_tag('tlp:amber')\n",
    "\n",
    "print(attribute_second.to_json())"
   ]
@ -291,6 +291,45 @@
    "print(bin_obj.references[0].to_json())"
   ]
  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Change creator"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "from pymisp import MISPOrganisation\n",
+    "orgc = MISPOrganisation()\n",
+    "orgc.name = 'bazbaz'\n",
+    "orgc.id = 15\n",
+    "orgc.uuid = '5888a98d-a7e8-4183-94bb-4d19950d210f'\n",
+    "# NOTE: Pushing this object will only work if the user has sync right (if not, the orgc key will be ignored)\n",
+    "event.Orgc = orgc"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Mark event as published"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "event.publish()\n",
+    "print(event.published)"
+   ]
+  },
  {
   "cell_type": "markdown",
   "metadata": {},
@ -347,6 +386,50 @@
    "existing_event.attributes[0].add_tag('tlp:white')\n",
    "print(existing_event.attributes[0].to_json())"
   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Full example"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "from pymisp import MISPEvent, MISPObject\n",
+    "from pymisp import PyMISP\n",
+    "\n",
+    "event = MISPEvent()\n",
+    "\n",
+    "event.info = 'This is my new MISP event'  # Required\n",
+    "event.distribution = 0  # Optional, defaults to MISP.default_event_distribution in MISP config\n",
+    "event.threat_level_id = 2  # Optional, defaults to MISP.default_event_threat_level in MISP config\n",
+    "event.analysis = 1  # Optional, defaults to 0 (initial analysis)\n",
+    "\n",
+    "mispObject = MISPObject('file')\n",
+    "mispObject.add_attribute('filename', type='filename',\n",
+    "                                         value='filename.exe',\n",
+    "                                         Tag=[{'name':'tlp:amber'}]) \n",
+    "event.add_object(mispObject)\n",
+    "\n",
+    "# The URL of the MISP instance to connect to\n",
+    "misp_url = 'https://<URL>/'\n",
+    "# Can be found in the MISP web interface under \n",
+    "# http://+MISP_URL+/users/view/me -> Authkey\n",
+    "misp_key = '<key>'\n",
+    "# Should PyMISP verify the MISP certificate\n",
+    "misp_verifycert = True\n",
+    "\n",
+    "misp = PyMISP(misp_url, misp_key, misp_verifycert)\n",
+    "res = misp.add_event(event)\n",
+    "existing_event = MISPEvent()\n",
+    "existing_event.load(res)\n",
+    "print(existing_event.to_json())"
+   ]
  }
 ],
 "metadata": {
--- a/pymisp/api.py
+++ b/pymisp/api.py
@ -816,6 +816,20 @@ class PyMISP(object):
        """Add an internal reference (type other)"""
        return self.add_named_attribute(event, 'other', reference, category, to_ids, comment, distribution, proposal, **kwargs)

+    # ##### Other attributes #####
+
+    def add_other_comment(self, event, reference, category='Other', to_ids=False, comment=None, distribution=None, proposal=False, **kwargs):
+        """Add other comment"""
+        return self.add_named_attribute(event, 'comment', reference, category, to_ids, comment, distribution, proposal, **kwargs)
+
+    def add_other_counter(self, event, reference, category='Other', to_ids=False, comment=None, distribution=None, proposal=False, **kwargs):
+        """Add other counter"""
+        return self.add_named_attribute(event, 'counter', reference, category, to_ids, comment, distribution, proposal, **kwargs)
+
+    def add_other_text(self, event, reference, category='Other', to_ids=False, comment=None, distribution=None, proposal=False, **kwargs):
+        """Add other text"""
+        return self.add_named_attribute(event, 'text', reference, category, to_ids, comment, distribution, proposal, **kwargs)
+
    # ##################################################
    # ######### Upload samples through the API #########
    # ##################################################