mirror of https://github.com/MISP/PyMISP
chg: [tuto] Update search
Raphaël Vinot
parent
2c0da24437
commit
c2f7c01b5d
|
|
@ -10,7 +10,7 @@
|
||||||
"misp_url = 'http://127.0.0.1:8080'\n",
|
"misp_url = 'http://127.0.0.1:8080'\n",
|
||||||
"# Can be found in the MISP web interface under \n",
|
"# Can be found in the MISP web interface under \n",
|
||||||
"# http://+MISP_URL+/users/view/me -> Authkey\n",
|
"# http://+MISP_URL+/users/view/me -> Authkey\n",
|
||||||
"misp_key = 'xe5okWNY2OB3O9ljR6t2cJPNsv4u1VZB0C1mKwtB'\n",
|
"misp_key = 'BSip0zVadeFDeolkX2g7MHx8mrlr0uE04hh6CQj0'\n",
|
||||||
"# Should PyMISP verify the MISP certificate\n",
|
"# Should PyMISP verify the MISP certificate\n",
|
||||||
"misp_verifycert = False"
|
"misp_verifycert = False"
|
||||||
]
|
]
|
||||||
|
|
@ -52,9 +52,9 @@
|
||||||
"metadata": {},
|
"metadata": {},
|
||||||
"outputs": [],
|
"outputs": [],
|
||||||
"source": [
|
"source": [
|
||||||
"from pymisp import PyMISP\n",
|
"from pymisp import ExpandedPyMISP\n",
|
||||||
"\n",
|
"\n",
|
||||||
"misp = PyMISP(misp_url, misp_key, misp_verifycert, debug=False)"
|
"misp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert, debug=False)"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
|
@ -368,12 +368,53 @@
|
||||||
"r"
|
"r"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"cell_type": "markdown",
|
||||||
|
"metadata": {},
|
||||||
|
"source": [
|
||||||
|
"## Because reason"
|
||||||
|
]
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"cell_type": "code",
|
"cell_type": "code",
|
||||||
"execution_count": null,
|
"execution_count": null,
|
||||||
"metadata": {},
|
"metadata": {},
|
||||||
"outputs": [],
|
"outputs": [],
|
||||||
"source": []
|
"source": [
|
||||||
|
"tag_to_remove = 'foo'\n",
|
||||||
|
"\n",
|
||||||
|
"events = misp.search(tags=tag_to_remove, pythonify=True)\n",
|
||||||
|
"\n",
|
||||||
|
"for event in events:\n",
|
||||||
|
" for tag in event.tags:\n",
|
||||||
|
" if tag.name == tag_to_remove:\n",
|
||||||
|
" print(f'Got {tag_to_remove} in {event.info}')\n",
|
||||||
|
" misp.untag(event.uuid, tag_to_remove)\n",
|
||||||
|
" break\n",
|
||||||
|
" for attribute in event.attributes:\n",
|
||||||
|
" for tag in attribute.tags:\n",
|
||||||
|
" if tag.name == tag_to_remove:\n",
|
||||||
|
" print(f'Got {tag_to_remove} in {attribute.value}')\n",
|
||||||
|
" misp.untag(attribute.uuid, tag_to_remove)\n",
|
||||||
|
" break"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"cell_type": "code",
|
||||||
|
"execution_count": null,
|
||||||
|
"metadata": {},
|
||||||
|
"outputs": [],
|
||||||
|
"source": [
|
||||||
|
"log = misp.search_logs(model='Tag', title=tag_to_remove)[0]\n",
|
||||||
|
"roles = misp.get_roles_list()\n",
|
||||||
|
"for r in roles:\n",
|
||||||
|
" if r['Role']['name'] == 'User':\n",
|
||||||
|
" new_role = r['Role']['id']\n",
|
||||||
|
" break\n",
|
||||||
|
"user = misp.get_user(log['Log']['user_id'])\n",
|
||||||
|
"user['User']['role_id'] = new_role\n",
|
||||||
|
"misp.edit_user(user['User']['id'], **user['User'])"
|
||||||
|
]
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metadata": {
|
"metadata": {
|
||||||
|
|
@ -392,7 +433,7 @@
|
||||||
"name": "python",
|
"name": "python",
|
||||||
"nbconvert_exporter": "python",
|
"nbconvert_exporter": "python",
|
||||||
"pygments_lexer": "ipython3",
|
"pygments_lexer": "ipython3",
|
||||||
"version": "3.6.5"
|
"version": "3.6.7"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nbformat": 4,
|
"nbformat": 4,
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue