From 7569972ac9f38f51c3a5e8ce043263ebd2c7afaa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Wed, 20 Jun 2018 16:05:47 +0800 Subject: [PATCH 1/3] chg: Add few more calls --- docs/tutorial/PyMISP Objects.ipynb | 41 +++++++++++++++++++++++++++++- 1 file changed, 40 insertions(+), 1 deletion(-) diff --git a/docs/tutorial/PyMISP Objects.ipynb b/docs/tutorial/PyMISP Objects.ipynb index d7ee112..9b139b4 100644 --- a/docs/tutorial/PyMISP Objects.ipynb +++ b/docs/tutorial/PyMISP Objects.ipynb @@ -146,7 +146,7 @@ "metadata": {}, "outputs": [], "source": [ - "attribute.add_tag('tlp:amber')\n", + "attribute_second.add_tag('tlp:amber')\n", "\n", "print(attribute_second.to_json())" ] @@ -291,6 +291,45 @@ "print(bin_obj.references[0].to_json())" ] }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "## Change creator" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "from pymisp import MISPOrganisation\n", + "orgc = MISPOrganisation()\n", + "orgc.name = 'bazbaz'\n", + "orgc.id = 15\n", + "orgc.uuid = '5888a98d-a7e8-4183-94bb-4d19950d210f'\n", + "# NOTE: Pushing this object will only work if the user has sync right (if not, the orgc key will be ignored)\n", + "event.Orgc = orgc" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "## Mark event as published" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "event.publish()\n", + "print(event.published)" + ] + }, { "cell_type": "markdown", "metadata": {}, From e956860449d89ba6bfed3518e2943e5898e9cff3 Mon Sep 17 00:00:00 2001 From: Paul Stark Date: Wed, 20 Jun 2018 09:54:00 -0400 Subject: [PATCH 2/3] new:Add the ability to add Other attributes via the API --- .gitignore | 1 + pymisp/api.py | 14 ++++++++++++++ 2 files changed, 15 insertions(+) diff --git a/.gitignore b/.gitignore index 39eab06..d9fd1f1 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,4 @@ examples/feed-generator/output/*.json build/* dist/* pymisp.egg-info/* +.idea diff --git a/pymisp/api.py b/pymisp/api.py index 96b0c38..3754eb2 100644 --- a/pymisp/api.py +++ b/pymisp/api.py @@ -816,6 +816,20 @@ class PyMISP(object): """Add an internal reference (type other)""" return self.add_named_attribute(event, 'other', reference, category, to_ids, comment, distribution, proposal, **kwargs) + # ##### Other attributes ##### + + def add_other_comment(self, event, reference, category='Other', to_ids=False, comment=None, distribution=None, proposal=False, **kwargs): + """Add other comment""" + return self.add_named_attribute(event, 'comment', reference, category, to_ids, comment, distribution, proposal, **kwargs) + + def add_other_counter(self, event, reference, category='Other', to_ids=False, comment=None, distribution=None, proposal=False, **kwargs): + """Add other counter""" + return self.add_named_attribute(event, 'counter', reference, category, to_ids, comment, distribution, proposal, **kwargs) + + def add_other_text(self, event, reference, category='Other', to_ids=False, comment=None, distribution=None, proposal=False, **kwargs): + """Add other text""" + return self.add_named_attribute(event, 'text', reference, category, to_ids, comment, distribution, proposal, **kwargs) + # ################################################## # ######### Upload samples through the API ######### # ################################################## From 6514e06e0ad0dedb1509633520728502e9d90a98 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Thu, 21 Jun 2018 06:49:03 +0800 Subject: [PATCH 3/3] chg: Add full example --- docs/tutorial/PyMISP Objects.ipynb | 44 ++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/docs/tutorial/PyMISP Objects.ipynb b/docs/tutorial/PyMISP Objects.ipynb index 9b139b4..7d08e6f 100644 --- a/docs/tutorial/PyMISP Objects.ipynb +++ b/docs/tutorial/PyMISP Objects.ipynb @@ -386,6 +386,50 @@ "existing_event.attributes[0].add_tag('tlp:white')\n", "print(existing_event.attributes[0].to_json())" ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "## Full example" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "from pymisp import MISPEvent, MISPObject\n", + "from pymisp import PyMISP\n", + "\n", + "event = MISPEvent()\n", + "\n", + "event.info = 'This is my new MISP event' # Required\n", + "event.distribution = 0 # Optional, defaults to MISP.default_event_distribution in MISP config\n", + "event.threat_level_id = 2 # Optional, defaults to MISP.default_event_threat_level in MISP config\n", + "event.analysis = 1 # Optional, defaults to 0 (initial analysis)\n", + "\n", + "mispObject = MISPObject('file')\n", + "mispObject.add_attribute('filename', type='filename',\n", + " value='filename.exe',\n", + " Tag=[{'name':'tlp:amber'}]) \n", + "event.add_object(mispObject)\n", + "\n", + "# The URL of the MISP instance to connect to\n", + "misp_url = 'https:///'\n", + "# Can be found in the MISP web interface under \n", + "# http://+MISP_URL+/users/view/me -> Authkey\n", + "misp_key = ''\n", + "# Should PyMISP verify the MISP certificate\n", + "misp_verifycert = True\n", + "\n", + "misp = PyMISP(misp_url, misp_key, misp_verifycert)\n", + "res = misp.add_event(event)\n", + "existing_event = MISPEvent()\n", + "existing_event.load(res)\n", + "print(existing_event.to_json())" + ] } ], "metadata": {