From c8d633f15b6f5b09fc72557b6fad5af2967469d6 Mon Sep 17 00:00:00 2001 From: deku Date: Wed, 19 Jan 2022 21:30:30 +0000 Subject: [PATCH] Add feed option for local tag exclusion #817 --- examples/feed-generator/generate.py | 7 ++++++- examples/feed-generator/settings.default.py | 5 ++++- pymisp/abstract.py | 5 ++++- pymisp/mispevent.py | 5 +++-- 4 files changed, 17 insertions(+), 5 deletions(-) diff --git a/examples/feed-generator/generate.py b/examples/feed-generator/generate.py index 7916dab..48c28e8 100755 --- a/examples/feed-generator/generate.py +++ b/examples/feed-generator/generate.py @@ -11,6 +11,11 @@ try: except ImportError: with_distribution = False +try: + from settings import with_local_tags +except ImportError: + with_local_tags = True + try: from settings import include_deleted except ImportError: @@ -83,7 +88,7 @@ if __name__ == '__main__': for i, attribute in enumerate(e.attributes): if attribute.type in exclude_attribute_types: e.attributes.pop(i) - e_feed = e.to_feed(valid_distributions=valid_attribute_distributions, with_meta=True, with_distribution=with_distribution) + e_feed = e.to_feed(valid_distributions=valid_attribute_distributions, with_meta=True, with_distribution=with_distribution, with_local_tags=with_local_tags) except Exception as err: print(err, event['uuid']) continue diff --git a/examples/feed-generator/settings.default.py b/examples/feed-generator/settings.default.py index 5426e99..408b6c8 100755 --- a/examples/feed-generator/settings.default.py +++ b/examples/feed-generator/settings.default.py @@ -50,4 +50,7 @@ exclude_attribute_types = [] # Include the distribution and sharing group information (and names/UUIDs of organisations in those Sharing Groups) # Set this to False if you want to discard the distribution metadata. That way all data will inherit the distribution # the feed -with_distribution = False \ No newline at end of file +with_distribution = False + +# Include the exportable local tags along with the global tags. The default is True. +with_local_tags = True \ No newline at end of file diff --git a/pymisp/abstract.py b/pymisp/abstract.py index 47b9cf7..f6b5d66 100644 --- a/pymisp/abstract.py +++ b/pymisp/abstract.py @@ -365,6 +365,7 @@ class MISPTag(AbstractMISP): super().__init__(**kwargs) self.name: str self.exportable: bool + self.local: bool def from_dict(self, **kwargs): if kwargs.get('Tag'): @@ -375,9 +376,11 @@ class MISPTag(AbstractMISP): if not hasattr(self, 'colour'): self.colour = '#ffffff' - def _to_feed(self) -> Dict: + def _to_feed(self, with_local: bool = True) -> Dict: if hasattr(self, 'exportable') and not self.exportable: return {} + if with_local is False and hasattr(self, 'local') and self.local: + return {} return super()._to_feed() def delete(self): diff --git a/pymisp/mispevent.py b/pymisp/mispevent.py index f67322c..549a926 100644 --- a/pymisp/mispevent.py +++ b/pymisp/mispevent.py @@ -1558,11 +1558,12 @@ class MISPEvent(AbstractMISP): to_return += attribute.hash_values(algorithm) return to_return - def to_feed(self, valid_distributions: List[int] = [0, 1, 2, 3, 4, 5], with_meta: bool = False, with_distribution=False) -> Dict: + def to_feed(self, valid_distributions: List[int] = [0, 1, 2, 3, 4, 5], with_meta: bool = False, with_distribution=False, with_local_tags: bool = True) -> Dict: """ Generate a json output for MISP Feed. :param valid_distributions: only makes sense if the distribution key is set; i.e., the event is exported from a MISP instance. :param with_distribution: exports distribution and Sharing Group info; otherwise all SharingGroup information is discarded (protecting privacy) + :param with_local_tags: tag export includes local exportable tags along with global exportable tags """ required = ['info', 'Orgc'] for r in required: @@ -1583,7 +1584,7 @@ class MISPEvent(AbstractMISP): to_return['_manifest'] = self.manifest to_return['Orgc'] = self.Orgc._to_feed() - to_return['Tag'] = list(filter(None, [tag._to_feed() for tag in self.tags])) + to_return['Tag'] = list(filter(None, [tag._to_feed(with_local_tags) for tag in self.tags])) if self.attributes: to_return['Attribute'] = [] for attribute in self.attributes: