From c2f7c01b5d866cb9db4dd42ed10cd83913d48e6e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= <raphael@vinot.info>
Date: Tue, 20 Nov 2018 01:22:05 +0100
Subject: [PATCH] chg: [tuto] Update search

---
 docs/tutorial/Search.ipynb | 51 ++++++++++++++++++++++++++++++++++----
 1 file changed, 46 insertions(+), 5 deletions(-)

diff --git a/docs/tutorial/Search.ipynb b/docs/tutorial/Search.ipynb
index 27a7ecc..17e781b 100644
--- a/docs/tutorial/Search.ipynb
+++ b/docs/tutorial/Search.ipynb
@@ -10,7 +10,7 @@
     "misp_url = 'http://127.0.0.1:8080'\n",
     "# Can be found in the MISP web interface under \n",
     "# http://+MISP_URL+/users/view/me -> Authkey\n",
-    "misp_key = 'xe5okWNY2OB3O9ljR6t2cJPNsv4u1VZB0C1mKwtB'\n",
+    "misp_key = 'BSip0zVadeFDeolkX2g7MHx8mrlr0uE04hh6CQj0'\n",
     "# Should PyMISP verify the MISP certificate\n",
     "misp_verifycert = False"
    ]
@@ -52,9 +52,9 @@
    "metadata": {},
    "outputs": [],
    "source": [
-    "from pymisp import PyMISP\n",
+    "from pymisp import ExpandedPyMISP\n",
     "\n",
-    "misp = PyMISP(misp_url, misp_key, misp_verifycert, debug=False)"
+    "misp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert, debug=False)"
    ]
   },
   {
@@ -368,12 +368,53 @@
     "r"
    ]
   },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Because reason"
+   ]
+  },
   {
    "cell_type": "code",
    "execution_count": null,
    "metadata": {},
    "outputs": [],
-   "source": []
+   "source": [
+    "tag_to_remove = 'foo'\n",
+    "\n",
+    "events = misp.search(tags=tag_to_remove, pythonify=True)\n",
+    "\n",
+    "for event in events:\n",
+    "    for tag in event.tags:\n",
+    "        if tag.name == tag_to_remove:\n",
+    "            print(f'Got {tag_to_remove} in {event.info}')\n",
+    "            misp.untag(event.uuid, tag_to_remove)\n",
+    "            break\n",
+    "    for attribute in event.attributes:\n",
+    "        for tag in attribute.tags:\n",
+    "            if tag.name == tag_to_remove:\n",
+    "                print(f'Got {tag_to_remove} in {attribute.value}')\n",
+    "                misp.untag(attribute.uuid, tag_to_remove)\n",
+    "                break"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "log = misp.search_logs(model='Tag', title=tag_to_remove)[0]\n",
+    "roles = misp.get_roles_list()\n",
+    "for r in roles:\n",
+    "    if r['Role']['name'] == 'User':\n",
+    "        new_role = r['Role']['id']\n",
+    "        break\n",
+    "user = misp.get_user(log['Log']['user_id'])\n",
+    "user['User']['role_id'] = new_role\n",
+    "misp.edit_user(user['User']['id'], **user['User'])"
+   ]
   }
  ],
  "metadata": {
@@ -392,7 +433,7 @@
    "name": "python",
    "nbconvert_exporter": "python",
    "pygments_lexer": "ipython3",
-   "version": "3.6.5"
+   "version": "3.6.7"
   }
  },
  "nbformat": 4,