diff --git a/docs/tutorial/FullOverview.ipynb b/docs/tutorial/FullOverview.ipynb index 14be242..fae177b 100644 --- a/docs/tutorial/FullOverview.ipynb +++ b/docs/tutorial/FullOverview.ipynb @@ -419,6 +419,40 @@ "print(event.to_json())\n" ] }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "## New first/last seen" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "from pymisp import MISPObject\n", + "\n", + "misp_object = event.add_object(name='domain-ip', comment='My Fancy new object, in one line')\n", + "\n", + "obj_attr = misp_object.add_attribute('domain', value='circl.lu')\n", + "obj_attr.add_tag('tlp:green')\n", + "misp_object.add_attribute('ip', value='149.13.33.14')\n", + "\n", + "misp_object.first_seen = '2018-04-11'\n", + "misp_object.last_seen = '2018-06-11T23:27:40.23356+07:00'\n", + "\n", + "print(misp_object.last_seen)\n", + "\n", + "misp_object.add_attributes('ip', {'value': '10.8.8.8', 'to_ids': False}, '10.9.8.8')\n", + "\n", + "\n", + "misp_object.add_reference(obj_attr.uuid, 'related-to', 'Expanded with passive DNS entry')\n", + "\n", + "print(event.to_json(indent=2))" + ] + }, { "cell_type": "markdown", "metadata": {}, @@ -714,6 +748,78 @@ "print(event.to_json())" ] }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "# Generate a feed" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "from pymisp import MISPEvent, MISPOrganisation\n", + "from pymisp.tools import feed_meta_generator\n", + "from pathlib import Path\n", + "import json\n", + "\n", + "out_dir = Path('feed_test')\n", + "out_dir.mkdir(exist_ok=True)\n", + "\n", + "org = MISPOrganisation()\n", + "org.name = \"Test Org\"\n", + "org.uuid = \"972360d2-2c96-4004-937c-ba010d03f925\"\n", + "\n", + "event = MISPEvent()\n", + "\n", + "event.info = 'This is my new MISP event for a feed'\n", + "event.distribution = 1\n", + "event.Orgc = org\n", + "event.add_attribute('ip-dst', \"8.8.8.8\")\n", + "\n", + "feed_event = event.to_feed()\n", + "\n", + "with (out_dir / f'{event.uuid}.json').open('w') as f:\n", + " json.dump(feed_event, f)\n", + "\n", + "\n", + "feed_meta_generator(out_dir)" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "!ls feed_test" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "!cat feed_test/manifest.json\n", + "\n", + "!echo ''\n", + "\n", + "!cat feed_test/hashes.csv" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "!rm feed_test/*" + ] + }, { "cell_type": "markdown", "metadata": {}, @@ -853,10 +959,9 @@ "metadata": {}, "outputs": [], "source": [ - "from pymisp import ExpandedPyMISP, PyMISP\n", + "from pymisp import PyMISP\n", "\n", - "misp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert)\n", - "misp_old = PyMISP(misp_url, misp_key, misp_verifycert)" + "misp = PyMISP(misp_url, misp_key, misp_verifycert)" ] }, { diff --git a/docs/tutorial/Search-FullOverview.ipynb b/docs/tutorial/Search-FullOverview.ipynb index 3d9abba..85d5909 100644 --- a/docs/tutorial/Search-FullOverview.ipynb +++ b/docs/tutorial/Search-FullOverview.ipynb @@ -52,9 +52,9 @@ "metadata": {}, "outputs": [], "source": [ - "from pymisp import ExpandedPyMISP\n", + "from pymisp import PyMISP\n", "\n", - "misp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert, debug=False)" + "misp = PyMISP(misp_url, misp_key, misp_verifycert, debug=False)" ] }, { @@ -364,7 +364,16 @@ "metadata": {}, "outputs": [], "source": [ - "print(r)" + "r = misp.search(tags=['%tlp:amber%'], pythonify=True)" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "print(r[0].tags)" ] }, {