new: Add feed generation example in notebook

docs/tutorial/FullOverview.ipynb

@@ -419,6 +419,40 @@
     "print(event.to_json())\n"
    ]
   },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## New first/last seen"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "from pymisp import MISPObject\n",
+    "\n",
+    "misp_object = event.add_object(name='domain-ip', comment='My Fancy new object, in one line')\n",
+    "\n",
+    "obj_attr = misp_object.add_attribute('domain', value='circl.lu')\n",
+    "obj_attr.add_tag('tlp:green')\n",
+    "misp_object.add_attribute('ip', value='149.13.33.14')\n",
+    "\n",
+    "misp_object.first_seen = '2018-04-11'\n",
+    "misp_object.last_seen = '2018-06-11T23:27:40.23356+07:00'\n",
+    "\n",
+    "print(misp_object.last_seen)\n",
+    "\n",
+    "misp_object.add_attributes('ip', {'value': '10.8.8.8', 'to_ids': False}, '10.9.8.8')\n",
+    "\n",
+    "\n",
+    "misp_object.add_reference(obj_attr.uuid, 'related-to', 'Expanded with passive DNS entry')\n",
+    "\n",
+    "print(event.to_json(indent=2))"
+   ]
+  },
   {
    "cell_type": "markdown",
    "metadata": {},
@@ -714,6 +748,78 @@
     "print(event.to_json())"
    ]
   },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# Generate a feed"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "from pymisp import MISPEvent, MISPOrganisation\n",
+    "from pymisp.tools import feed_meta_generator\n",
+    "from pathlib import Path\n",
+    "import json\n",
+    "\n",
+    "out_dir = Path('feed_test')\n",
+    "out_dir.mkdir(exist_ok=True)\n",
+    "\n",
+    "org = MISPOrganisation()\n",
+    "org.name = \"Test Org\"\n",
+    "org.uuid = \"972360d2-2c96-4004-937c-ba010d03f925\"\n",
+    "\n",
+    "event = MISPEvent()\n",
+    "\n",
+    "event.info = 'This is my new MISP event for a feed'\n",
+    "event.distribution = 1\n",
+    "event.Orgc = org\n",
+    "event.add_attribute('ip-dst', \"8.8.8.8\")\n",
+    "\n",
+    "feed_event = event.to_feed()\n",
+    "\n",
+    "with (out_dir / f'{event.uuid}.json').open('w') as f:\n",
+    "    json.dump(feed_event, f)\n",
+    "\n",
+    "\n",
+    "feed_meta_generator(out_dir)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "!ls feed_test"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "!cat feed_test/manifest.json\n",
+    "\n",
+    "!echo ''\n",
+    "\n",
+    "!cat feed_test/hashes.csv"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "!rm feed_test/*"
+   ]
+  },
   {
    "cell_type": "markdown",
    "metadata": {},
@@ -853,10 +959,9 @@
    "metadata": {},
    "outputs": [],
    "source": [
-    "from pymisp import ExpandedPyMISP, PyMISP\n",
+    "from pymisp import PyMISP\n",
     "\n",
-    "misp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert)\n",
-    "misp_old = PyMISP(misp_url, misp_key, misp_verifycert)"
+    "misp = PyMISP(misp_url, misp_key, misp_verifycert)"
    ]
   },
   {

docs/tutorial/Search-FullOverview.ipynb

@@ -52,9 +52,9 @@
    "metadata": {},
    "outputs": [],
    "source": [
-    "from pymisp import ExpandedPyMISP\n",
+    "from pymisp import PyMISP\n",
     "\n",
-    "misp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert, debug=False)"
+    "misp = PyMISP(misp_url, misp_key, misp_verifycert, debug=False)"
    ]
   },
   {
@@ -364,7 +364,16 @@
    "metadata": {},
    "outputs": [],
    "source": [
-    "print(r)"
+    "r = misp.search(tags=['%tlp:amber%'], pythonify=True)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "print(r[0].tags)"
    ]
   },
   {