From b89a1bc135f44de18f70a29e472fd8ee85766e02 Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <mokaddem.sami@gmail.com>
Date: Wed, 28 Mar 2018 09:30:02 +0200
Subject: [PATCH 1/2] First jupyter notebook tutorial (1 iterations)

---
 docs/tutorial/PyMISP_tutorial.ipynb | 448 ++++++++++++++++++++++++++++
 docs/tutorial/install_notebook.sh   |   2 +
 2 files changed, 450 insertions(+)
 create mode 100644 docs/tutorial/PyMISP_tutorial.ipynb
 create mode 100644 docs/tutorial/install_notebook.sh

diff --git a/docs/tutorial/PyMISP_tutorial.ipynb b/docs/tutorial/PyMISP_tutorial.ipynb
new file mode 100644
index 0000000..af84d24
--- /dev/null
+++ b/docs/tutorial/PyMISP_tutorial.ipynb
@@ -0,0 +1,448 @@
+{
+ "cells": [
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# PyMISP - An interactive tutorial: Basics"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Connecting to MISP\n",
+    "### Your configuration"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 3,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "# The URL of the MISP instance to connect to\n",
+    "misp_url = 'http://127.0.0.1:9090/'\n",
+    "# Can be found in the MISP web interface under \n",
+    "# http://+MISP_URL+/users/view/me -> Authkey\n",
+    "misp_key = 'btm3o1j6SzKUEsHiNz0vTMYzPfcc5eIKpfaWFADj'\n",
+    "# Should PyMISP verify the MISP certificate\n",
+    "misp_verifycert = False"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 4,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "from pymisp import PyMISP\n",
+    "\n",
+    "misp = PyMISP(misp_url, misp_key, misp_verifycert)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Creating a MISP Event"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Directly"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 3,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Event id: 16\n"
+     ]
+    }
+   ],
+   "source": [
+    "event = misp.new_event(distribution=1,\n",
+    "               threat_level_id=1,\n",
+    "               analysis=1,\n",
+    "               info=\"Event from notebook\")\n",
+    "print(\"Event id: %s\" % event['Event']['id'])"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Using the MISPEvent constructor"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 4,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Event id: 17\n"
+     ]
+    }
+   ],
+   "source": [
+    "from pymisp import MISPEvent\n",
+    "\n",
+    "event_obj = MISPEvent()\n",
+    "event_obj.distribution = 1\n",
+    "event_obj.threat_level_id = 1\n",
+    "event_obj.analysis = 1\n",
+    "event_obj.info = \"Event from notebook 2\"\n",
+    "event = misp.add_event(event_obj)\n",
+    "event_id = event['Event']['id']\n",
+    "print(\"Event id: %s\" % event_id)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Fetching a MISP Event"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 9,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "{'Event': {'attribute_count': '1', 'published': False, 'orgc_id': '1', 'disable_correlation': False, 'id': '17', 'Orgc': {'uuid': '5aa4dd31-42e0-4ebb-a65f-776c88efcce7', 'id': '1', 'name': 'ORGNAME'}, 'ShadowAttribute': [], 'threat_level_id': '1', 'info': 'Event from notebook 2', 'analysis': '1', 'date': '2018-03-28', 'org_id': '1', 'publish_timestamp': '0', 'uuid': '5abb3fc8-8b04-4f1f-9454-0eba0a00020f', 'Org': {'uuid': '5aa4dd31-42e0-4ebb-a65f-776c88efcce7', 'id': '1', 'name': 'ORGNAME'}, 'sharing_group_id': '0', 'distribution': '1', 'Attribute': [{'ShadowAttribute': [], 'uuid': '5abb4064-23e8-4087-83ed-0cba0a00020f', 'category': 'Network activity', 'event_id': '17', 'deleted': False, 'disable_correlation': False, 'id': '4928', 'sharing_group_id': '0', 'object_id': '0', 'distribution': '5', 'type': 'ip-src', 'to_ids': False, 'timestamp': '1522221156', 'value': '8.8.8.8', 'comment': '', 'object_relation': None}], 'proposal_email_lock': False, 'locked': False, 'RelatedEvent': [{'Event': {'published': False, 'uuid': '5aa8b0e7-7424-4747-8592-17acc0a83865', 'Org': {'uuid': '5aa4dd31-42e0-4ebb-a65f-776c88efcce7', 'id': '1', 'name': 'ORGNAME'}, 'analysis': '1', 'distribution': '1', 'Orgc': {'uuid': '5aa4dd31-42e0-4ebb-a65f-776c88efcce7', 'id': '1', 'name': 'ORGNAME'}, 'orgc_id': '1', 'threat_level_id': '1', 'id': '9', 'info': 'Event from notebook 2', 'date': '2018-03-14', 'org_id': '1', 'timestamp': '1522058405'}}, {'Event': {'published': False, 'uuid': '5aa63a59-25a4-4cf9-bd93-024dc0a83865', 'Org': {'uuid': '5aa4dd31-42e0-4ebb-a65f-776c88efcce7', 'id': '1', 'name': 'ORGNAME'}, 'analysis': '0', 'distribution': '0', 'Orgc': {'uuid': '5aa4dd31-42e0-4ebb-a65f-776c88efcce7', 'id': '1', 'name': 'ORGNAME'}, 'orgc_id': '1', 'threat_level_id': '3', 'id': '1', 'info': 'Test event', 'date': '2018-03-12', 'org_id': '1', 'timestamp': '1520991310'}}], 'timestamp': '1522221156', 'event_creator_email': 'admin@admin.test', 'Galaxy': [], 'Object': []}}\n"
+     ]
+    }
+   ],
+   "source": [
+    "# Fetch by ID\n",
+    "event = misp.get_event(event_id)\n",
+    "print(event)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Adding Attribute to an event"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Adding directly"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 10,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "[{'errors': {'value': ['A similar attribute already exists for this event.']}, 'message': 'Could not add Attribute', 'url': '/attributes/add', 'name': 'Could not add Attribute'}]\n"
+     ]
+    }
+   ],
+   "source": [
+    "attr_type = \"ip-src\"\n",
+    "value = \"8.8.8.8\"\n",
+    "category = \"Network activity\"\n",
+    "to_ids = False\n",
+    "proposal = False\n",
+    "updated_event = misp.add_named_attribute(event,\n",
+    "                                 attr_type,\n",
+    "                                 value,\n",
+    "                                 category=category,\n",
+    "                                 to_ids=to_ids,\n",
+    "                                 proposal=proposal)\n",
+    "print(updated_event)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Using the MISPAttribute constructor"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 11,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "<MISPAttribute(type=ip-src, value=8.8.8.8)\n"
+     ]
+    }
+   ],
+   "source": [
+    "from pymisp import MISPAttribute\n",
+    "\n",
+    "# Attribute data already defined\n",
+    "attribute = MISPAttribute()\n",
+    "attribute.type = attr_type\n",
+    "attribute.value = value\n",
+    "attribute.category = category\n",
+    "attribute.proposal = proposal\n",
+    "print(attribute)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 12,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "<MISPAttribute(type=ip-dst, value=127.0.0.1)\n"
+     ]
+    }
+   ],
+   "source": [
+    "# An attribute can also be loaded directly from a JSON\n",
+    "json = '''{\n",
+    "    \"type\": \"ip-dst\",\n",
+    "    \"value\": \"127.0.0.1\",\n",
+    "    \"category\": \"Network activity\",\n",
+    "    \"to_ids\": false,\n",
+    "    \"proposal\": false\n",
+    "    }'''\n",
+    "\n",
+    "attribute = MISPAttribute()\n",
+    "attribute.from_json(json)\n",
+    "print(attribute)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### And then, update the event"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 16,
+   "metadata": {
+    "scrolled": false
+   },
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "{'Event': {'attribute_count': '2', 'published': False, 'orgc_id': '1', 'disable_correlation': False, 'id': '17', 'Orgc': {'uuid': '5aa4dd31-42e0-4ebb-a65f-776c88efcce7', 'id': '1', 'name': 'ORGNAME'}, 'ShadowAttribute': [], 'threat_level_id': '1', 'info': 'Event from notebook 2', 'analysis': '1', 'date': '2018-03-28', 'org_id': '1', 'publish_timestamp': '0', 'uuid': '5abb3fc8-8b04-4f1f-9454-0eba0a00020f', 'Org': {'uuid': '5aa4dd31-42e0-4ebb-a65f-776c88efcce7', 'id': '1', 'name': 'ORGNAME'}, 'sharing_group_id': '0', 'distribution': '1', 'Attribute': [{'ShadowAttribute': [], 'uuid': '5abb4064-23e8-4087-83ed-0cba0a00020f', 'category': 'Network activity', 'event_id': '17', 'deleted': False, 'disable_correlation': False, 'id': '4928', 'sharing_group_id': '0', 'object_id': '0', 'distribution': '5', 'type': 'ip-src', 'to_ids': False, 'timestamp': '1522221156', 'value': '8.8.8.8', 'comment': '', 'object_relation': None}, {'ShadowAttribute': [], 'uuid': '5abb4266-5ba0-4ab9-a2ab-0f360a00020f', 'category': 'Network activity', 'event_id': '17', 'deleted': False, 'disable_correlation': False, 'id': '4929', 'sharing_group_id': '0', 'object_id': '0', 'distribution': '0', 'type': 'ip-dst', 'to_ids': False, 'timestamp': '1522221670', 'value': '127.0.0.1', 'comment': '', 'object_relation': None}], 'proposal_email_lock': False, 'locked': False, 'RelatedEvent': [{'Event': {'published': False, 'uuid': '5aa8b0e7-7424-4747-8592-17acc0a83865', 'Org': {'uuid': '5aa4dd31-42e0-4ebb-a65f-776c88efcce7', 'id': '1', 'name': 'ORGNAME'}, 'analysis': '1', 'distribution': '1', 'Orgc': {'uuid': '5aa4dd31-42e0-4ebb-a65f-776c88efcce7', 'id': '1', 'name': 'ORGNAME'}, 'orgc_id': '1', 'threat_level_id': '1', 'id': '9', 'info': 'Event from notebook 2', 'date': '2018-03-14', 'org_id': '1', 'timestamp': '1522058405'}}, {'Event': {'published': False, 'uuid': '5aa63a59-25a4-4cf9-bd93-024dc0a83865', 'Org': {'uuid': '5aa4dd31-42e0-4ebb-a65f-776c88efcce7', 'id': '1', 'name': 'ORGNAME'}, 'analysis': '0', 'distribution': '0', 'Orgc': {'uuid': '5aa4dd31-42e0-4ebb-a65f-776c88efcce7', 'id': '1', 'name': 'ORGNAME'}, 'orgc_id': '1', 'threat_level_id': '3', 'id': '1', 'info': 'Test event', 'date': '2018-03-12', 'org_id': '1', 'timestamp': '1520991310'}}], 'timestamp': '1522221685', 'event_creator_email': 'admin@admin.test', 'Galaxy': [], 'Object': []}}\n"
+     ]
+    }
+   ],
+   "source": [
+    "# Add the attribute to the event\n",
+    "## Fetch the event from MISP\n",
+    "event_dict = misp.get(event_id)['Event']\n",
+    "\n",
+    "## Convert it to a PyMISP Event\n",
+    "event = MISPEvent()\n",
+    "event.from_dict(**event_dict)\n",
+    "## Let MISP update the timestamp. Otherwise, MISP will compare the two timestamps \n",
+    "## (which are equals) and reject the the update\n",
+    "del event.timestamp\n",
+    "\n",
+    "## Add the attribute to the event\n",
+    "event.attributes.append(attribute)\n",
+    "\n",
+    "## Push the updated event to MISP\n",
+    "event_dict = misp.update(event)\n",
+    "print(event_dict)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Performing search"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Events by their info fields"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 17,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "17 : Event from notebook 2\n",
+      "16 : Event from notebook\n",
+      "9 : Event from notebook 2\n",
+      "8 : Event from notebook 2\n",
+      "7 : Event from notebook\n"
+     ]
+    }
+   ],
+   "source": [
+    "results = misp.search_index(eventinfo='notebook')\n",
+    "# The data is stored in the field 'response'\n",
+    "results = results['response']\n",
+    "\n",
+    "for event in results:\n",
+    "    print(event['id'], ':', event['info'])"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Attributes by their values"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Search in all attributes"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 22,
+   "metadata": {
+    "scrolled": true
+   },
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Event from notebook 2\n"
+     ]
+    }
+   ],
+   "source": [
+    "# Search attributes (specified in controller) where the attribute type is 'ip-src'\n",
+    "# And the to_ids flag is set\n",
+    "response = misp.search(controller='attributes', type_attribute='ip-src', to_ids=False)\n",
+    "# The data is stored in the field 'response'\n",
+    "results = response['response']\n",
+    "\n",
+    "# Get all related event\n",
+    "attributes = results['Attribute']\n",
+    "event_ids = set()\n",
+    "for attr in attributes:\n",
+    "    event_ids.add(event_id)\n",
+    "\n",
+    "# Fetch all related events\n",
+    "for event_id in event_ids:\n",
+    "    event = misp.get_event(event_id)\n",
+    "    print(event['Event']['info'])"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Creating and adding a MISP Object"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 24,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "{'Attribute': [{'uuid': '5abb4316-22a0-446a-a89e-0f260a00020f', 'category': 'Payload delivery', 'event_id': '17', 'distribution': '5', 'value1': 'admin@admin.test', 'disable_correlation': False, 'id': '4933', 'sharing_group_id': '0', 'comment': '', 'deleted': False, 'type': 'email-src', 'to_ids': True, 'timestamp': '1522221846', 'value2': '', 'value': 'admin@admin.test', 'object_id': '1094', 'object_relation': 'from'}, {'uuid': '5abb4316-6594-4ee5-a355-0f260a00020f', 'category': 'Payload delivery', 'event_id': '17', 'distribution': '5', 'value1': 'An email', 'disable_correlation': False, 'id': '4934', 'sharing_group_id': '0', 'comment': '', 'deleted': False, 'type': 'email-subject', 'to_ids': False, 'timestamp': '1522221846', 'value2': '', 'value': 'An email', 'object_id': '1094', 'object_relation': 'subject'}, {'uuid': '5abb4316-80b8-4689-a4e8-0f260a00020f', 'category': 'Network activity', 'event_id': '17', 'distribution': '5', 'value1': 'admin@foo.bar', 'disable_correlation': False, 'id': '4935', 'sharing_group_id': '0', 'comment': '', 'deleted': False, 'type': 'email-dst', 'to_ids': True, 'timestamp': '1522221846', 'value2': '', 'value': 'admin@foo.bar', 'object_id': '1094', 'object_relation': 'to'}], 'Object': {'description': 'Email object describing an email with meta-information', 'template_uuid': 'a0c666e0-fc65-4be8-b48f-3423d788b552', 'event_id': '17', 'distribution': '5', 'template_version': '8', 'name': 'email', 'uuid': '5fabdfaa-3520-4424-987a-2e247797c473', 'id': '1094', 'deleted': False, 'timestamp': '1522221846', 'meta-category': 'network', 'comment': '', 'sharing_group_id': '0'}}\n"
+     ]
+    }
+   ],
+   "source": [
+    "from pymisp import MISPObject\n",
+    "\n",
+    "object_name = 'email'\n",
+    "object_data = {\n",
+    "    'from': 'admin@admin.test',\n",
+    "    'to': 'admin@foo.bar',\n",
+    "    'subject': 'An email',\n",
+    "}\n",
+    "\n",
+    "# Retreive the template ID from the object's name\n",
+    "## Fetch all templates\n",
+    "templates = misp.get_object_templates_list()\n",
+    "## Get the template matching with the object's name\n",
+    "template_id = None\n",
+    "for template in templates:\n",
+    "    cur_name = template['ObjectTemplate']['name']\n",
+    "    cur_id = template['ObjectTemplate']['id']\n",
+    "    if cur_name == object_name:\n",
+    "        template_id = cur_id\n",
+    "        break    \n",
+    "if template_id is None:\n",
+    "    raise Exception('No matching template')\n",
+    "\n",
+    "# Create the MISP Object\n",
+    "misp_obj = MISPObject(object_name)\n",
+    "for obj_relation, value in object_data.items():\n",
+    "    misp_obj.add_attribute(obj_relation, **{'value': value})\n",
+    "\n",
+    "# Add the object to MISP\n",
+    "response = misp.add_object(event_id,\n",
+    "                           template_id,\n",
+    "                           misp_obj)\n",
+    "print(response)"
+   ]
+  }
+ ],
+ "metadata": {
+  "kernelspec": {
+   "display_name": "Python 3",
+   "language": "python",
+   "name": "python3"
+  },
+  "language_info": {
+   "codemirror_mode": {
+    "name": "ipython",
+    "version": 3
+   },
+   "file_extension": ".py",
+   "mimetype": "text/x-python",
+   "name": "python",
+   "nbconvert_exporter": "python",
+   "pygments_lexer": "ipython3",
+   "version": "3.5.3"
+  }
+ },
+ "nbformat": 4,
+ "nbformat_minor": 2
+}
diff --git a/docs/tutorial/install_notebook.sh b/docs/tutorial/install_notebook.sh
new file mode 100644
index 0000000..cd5f670
--- /dev/null
+++ b/docs/tutorial/install_notebook.sh
@@ -0,0 +1,2 @@
+pip3 install --upgrade pip
+pip3 install jupyter

From c7e705d57aa494ceb514e45fb2ae0d93fef50e61 Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <mokaddem.sami@gmail.com>
Date: Wed, 28 Mar 2018 10:11:12 +0200
Subject: [PATCH 2/2] Deleted remaining outputs

---
 docs/tutorial/PyMISP_tutorial.ipynb | 128 +++++-----------------------
 1 file changed, 22 insertions(+), 106 deletions(-)

diff --git a/docs/tutorial/PyMISP_tutorial.ipynb b/docs/tutorial/PyMISP_tutorial.ipynb
index af84d24..7fc32a1 100644
--- a/docs/tutorial/PyMISP_tutorial.ipynb
+++ b/docs/tutorial/PyMISP_tutorial.ipynb
@@ -17,7 +17,7 @@
   },
   {
    "cell_type": "code",
-   "execution_count": 3,
+   "execution_count": null,
    "metadata": {},
    "outputs": [],
    "source": [
@@ -32,7 +32,7 @@
   },
   {
    "cell_type": "code",
-   "execution_count": 4,
+   "execution_count": null,
    "metadata": {},
    "outputs": [],
    "source": [
@@ -57,17 +57,9 @@
   },
   {
    "cell_type": "code",
-   "execution_count": 3,
+   "execution_count": null,
    "metadata": {},
-   "outputs": [
-    {
-     "name": "stdout",
-     "output_type": "stream",
-     "text": [
-      "Event id: 16\n"
-     ]
-    }
-   ],
+   "outputs": [],
    "source": [
     "event = misp.new_event(distribution=1,\n",
     "               threat_level_id=1,\n",
@@ -85,17 +77,9 @@
   },
   {
    "cell_type": "code",
-   "execution_count": 4,
+   "execution_count": null,
    "metadata": {},
-   "outputs": [
-    {
-     "name": "stdout",
-     "output_type": "stream",
-     "text": [
-      "Event id: 17\n"
-     ]
-    }
-   ],
+   "outputs": [],
    "source": [
     "from pymisp import MISPEvent\n",
     "\n",
@@ -118,17 +102,9 @@
   },
   {
    "cell_type": "code",
-   "execution_count": 9,
+   "execution_count": null,
    "metadata": {},
-   "outputs": [
-    {
-     "name": "stdout",
-     "output_type": "stream",
-     "text": [
-      "{'Event': {'attribute_count': '1', 'published': False, 'orgc_id': '1', 'disable_correlation': False, 'id': '17', 'Orgc': {'uuid': '5aa4dd31-42e0-4ebb-a65f-776c88efcce7', 'id': '1', 'name': 'ORGNAME'}, 'ShadowAttribute': [], 'threat_level_id': '1', 'info': 'Event from notebook 2', 'analysis': '1', 'date': '2018-03-28', 'org_id': '1', 'publish_timestamp': '0', 'uuid': '5abb3fc8-8b04-4f1f-9454-0eba0a00020f', 'Org': {'uuid': '5aa4dd31-42e0-4ebb-a65f-776c88efcce7', 'id': '1', 'name': 'ORGNAME'}, 'sharing_group_id': '0', 'distribution': '1', 'Attribute': [{'ShadowAttribute': [], 'uuid': '5abb4064-23e8-4087-83ed-0cba0a00020f', 'category': 'Network activity', 'event_id': '17', 'deleted': False, 'disable_correlation': False, 'id': '4928', 'sharing_group_id': '0', 'object_id': '0', 'distribution': '5', 'type': 'ip-src', 'to_ids': False, 'timestamp': '1522221156', 'value': '8.8.8.8', 'comment': '', 'object_relation': None}], 'proposal_email_lock': False, 'locked': False, 'RelatedEvent': [{'Event': {'published': False, 'uuid': '5aa8b0e7-7424-4747-8592-17acc0a83865', 'Org': {'uuid': '5aa4dd31-42e0-4ebb-a65f-776c88efcce7', 'id': '1', 'name': 'ORGNAME'}, 'analysis': '1', 'distribution': '1', 'Orgc': {'uuid': '5aa4dd31-42e0-4ebb-a65f-776c88efcce7', 'id': '1', 'name': 'ORGNAME'}, 'orgc_id': '1', 'threat_level_id': '1', 'id': '9', 'info': 'Event from notebook 2', 'date': '2018-03-14', 'org_id': '1', 'timestamp': '1522058405'}}, {'Event': {'published': False, 'uuid': '5aa63a59-25a4-4cf9-bd93-024dc0a83865', 'Org': {'uuid': '5aa4dd31-42e0-4ebb-a65f-776c88efcce7', 'id': '1', 'name': 'ORGNAME'}, 'analysis': '0', 'distribution': '0', 'Orgc': {'uuid': '5aa4dd31-42e0-4ebb-a65f-776c88efcce7', 'id': '1', 'name': 'ORGNAME'}, 'orgc_id': '1', 'threat_level_id': '3', 'id': '1', 'info': 'Test event', 'date': '2018-03-12', 'org_id': '1', 'timestamp': '1520991310'}}], 'timestamp': '1522221156', 'event_creator_email': 'admin@admin.test', 'Galaxy': [], 'Object': []}}\n"
-     ]
-    }
-   ],
+   "outputs": [],
    "source": [
     "# Fetch by ID\n",
     "event = misp.get_event(event_id)\n",
@@ -151,17 +127,9 @@
   },
   {
    "cell_type": "code",
-   "execution_count": 10,
+   "execution_count": null,
    "metadata": {},
-   "outputs": [
-    {
-     "name": "stdout",
-     "output_type": "stream",
-     "text": [
-      "[{'errors': {'value': ['A similar attribute already exists for this event.']}, 'message': 'Could not add Attribute', 'url': '/attributes/add', 'name': 'Could not add Attribute'}]\n"
-     ]
-    }
-   ],
+   "outputs": [],
    "source": [
     "attr_type = \"ip-src\"\n",
     "value = \"8.8.8.8\"\n",
@@ -186,17 +154,9 @@
   },
   {
    "cell_type": "code",
-   "execution_count": 11,
+   "execution_count": null,
    "metadata": {},
-   "outputs": [
-    {
-     "name": "stdout",
-     "output_type": "stream",
-     "text": [
-      "<MISPAttribute(type=ip-src, value=8.8.8.8)\n"
-     ]
-    }
-   ],
+   "outputs": [],
    "source": [
     "from pymisp import MISPAttribute\n",
     "\n",
@@ -211,17 +171,9 @@
   },
   {
    "cell_type": "code",
-   "execution_count": 12,
+   "execution_count": null,
    "metadata": {},
-   "outputs": [
-    {
-     "name": "stdout",
-     "output_type": "stream",
-     "text": [
-      "<MISPAttribute(type=ip-dst, value=127.0.0.1)\n"
-     ]
-    }
-   ],
+   "outputs": [],
    "source": [
     "# An attribute can also be loaded directly from a JSON\n",
     "json = '''{\n",
@@ -246,19 +198,11 @@
   },
   {
    "cell_type": "code",
-   "execution_count": 16,
+   "execution_count": null,
    "metadata": {
     "scrolled": false
    },
-   "outputs": [
-    {
-     "name": "stdout",
-     "output_type": "stream",
-     "text": [
-      "{'Event': {'attribute_count': '2', 'published': False, 'orgc_id': '1', 'disable_correlation': False, 'id': '17', 'Orgc': {'uuid': '5aa4dd31-42e0-4ebb-a65f-776c88efcce7', 'id': '1', 'name': 'ORGNAME'}, 'ShadowAttribute': [], 'threat_level_id': '1', 'info': 'Event from notebook 2', 'analysis': '1', 'date': '2018-03-28', 'org_id': '1', 'publish_timestamp': '0', 'uuid': '5abb3fc8-8b04-4f1f-9454-0eba0a00020f', 'Org': {'uuid': '5aa4dd31-42e0-4ebb-a65f-776c88efcce7', 'id': '1', 'name': 'ORGNAME'}, 'sharing_group_id': '0', 'distribution': '1', 'Attribute': [{'ShadowAttribute': [], 'uuid': '5abb4064-23e8-4087-83ed-0cba0a00020f', 'category': 'Network activity', 'event_id': '17', 'deleted': False, 'disable_correlation': False, 'id': '4928', 'sharing_group_id': '0', 'object_id': '0', 'distribution': '5', 'type': 'ip-src', 'to_ids': False, 'timestamp': '1522221156', 'value': '8.8.8.8', 'comment': '', 'object_relation': None}, {'ShadowAttribute': [], 'uuid': '5abb4266-5ba0-4ab9-a2ab-0f360a00020f', 'category': 'Network activity', 'event_id': '17', 'deleted': False, 'disable_correlation': False, 'id': '4929', 'sharing_group_id': '0', 'object_id': '0', 'distribution': '0', 'type': 'ip-dst', 'to_ids': False, 'timestamp': '1522221670', 'value': '127.0.0.1', 'comment': '', 'object_relation': None}], 'proposal_email_lock': False, 'locked': False, 'RelatedEvent': [{'Event': {'published': False, 'uuid': '5aa8b0e7-7424-4747-8592-17acc0a83865', 'Org': {'uuid': '5aa4dd31-42e0-4ebb-a65f-776c88efcce7', 'id': '1', 'name': 'ORGNAME'}, 'analysis': '1', 'distribution': '1', 'Orgc': {'uuid': '5aa4dd31-42e0-4ebb-a65f-776c88efcce7', 'id': '1', 'name': 'ORGNAME'}, 'orgc_id': '1', 'threat_level_id': '1', 'id': '9', 'info': 'Event from notebook 2', 'date': '2018-03-14', 'org_id': '1', 'timestamp': '1522058405'}}, {'Event': {'published': False, 'uuid': '5aa63a59-25a4-4cf9-bd93-024dc0a83865', 'Org': {'uuid': '5aa4dd31-42e0-4ebb-a65f-776c88efcce7', 'id': '1', 'name': 'ORGNAME'}, 'analysis': '0', 'distribution': '0', 'Orgc': {'uuid': '5aa4dd31-42e0-4ebb-a65f-776c88efcce7', 'id': '1', 'name': 'ORGNAME'}, 'orgc_id': '1', 'threat_level_id': '3', 'id': '1', 'info': 'Test event', 'date': '2018-03-12', 'org_id': '1', 'timestamp': '1520991310'}}], 'timestamp': '1522221685', 'event_creator_email': 'admin@admin.test', 'Galaxy': [], 'Object': []}}\n"
-     ]
-    }
-   ],
+   "outputs": [],
    "source": [
     "# Add the attribute to the event\n",
     "## Fetch the event from MISP\n",
@@ -295,21 +239,9 @@
   },
   {
    "cell_type": "code",
-   "execution_count": 17,
+   "execution_count": null,
    "metadata": {},
-   "outputs": [
-    {
-     "name": "stdout",
-     "output_type": "stream",
-     "text": [
-      "17 : Event from notebook 2\n",
-      "16 : Event from notebook\n",
-      "9 : Event from notebook 2\n",
-      "8 : Event from notebook 2\n",
-      "7 : Event from notebook\n"
-     ]
-    }
-   ],
+   "outputs": [],
    "source": [
     "results = misp.search_index(eventinfo='notebook')\n",
     "# The data is stored in the field 'response'\n",
@@ -335,19 +267,11 @@
   },
   {
    "cell_type": "code",
-   "execution_count": 22,
+   "execution_count": null,
    "metadata": {
     "scrolled": true
    },
-   "outputs": [
-    {
-     "name": "stdout",
-     "output_type": "stream",
-     "text": [
-      "Event from notebook 2\n"
-     ]
-    }
-   ],
+   "outputs": [],
    "source": [
     "# Search attributes (specified in controller) where the attribute type is 'ip-src'\n",
     "# And the to_ids flag is set\n",
@@ -376,17 +300,9 @@
   },
   {
    "cell_type": "code",
-   "execution_count": 24,
+   "execution_count": null,
    "metadata": {},
-   "outputs": [
-    {
-     "name": "stdout",
-     "output_type": "stream",
-     "text": [
-      "{'Attribute': [{'uuid': '5abb4316-22a0-446a-a89e-0f260a00020f', 'category': 'Payload delivery', 'event_id': '17', 'distribution': '5', 'value1': 'admin@admin.test', 'disable_correlation': False, 'id': '4933', 'sharing_group_id': '0', 'comment': '', 'deleted': False, 'type': 'email-src', 'to_ids': True, 'timestamp': '1522221846', 'value2': '', 'value': 'admin@admin.test', 'object_id': '1094', 'object_relation': 'from'}, {'uuid': '5abb4316-6594-4ee5-a355-0f260a00020f', 'category': 'Payload delivery', 'event_id': '17', 'distribution': '5', 'value1': 'An email', 'disable_correlation': False, 'id': '4934', 'sharing_group_id': '0', 'comment': '', 'deleted': False, 'type': 'email-subject', 'to_ids': False, 'timestamp': '1522221846', 'value2': '', 'value': 'An email', 'object_id': '1094', 'object_relation': 'subject'}, {'uuid': '5abb4316-80b8-4689-a4e8-0f260a00020f', 'category': 'Network activity', 'event_id': '17', 'distribution': '5', 'value1': 'admin@foo.bar', 'disable_correlation': False, 'id': '4935', 'sharing_group_id': '0', 'comment': '', 'deleted': False, 'type': 'email-dst', 'to_ids': True, 'timestamp': '1522221846', 'value2': '', 'value': 'admin@foo.bar', 'object_id': '1094', 'object_relation': 'to'}], 'Object': {'description': 'Email object describing an email with meta-information', 'template_uuid': 'a0c666e0-fc65-4be8-b48f-3423d788b552', 'event_id': '17', 'distribution': '5', 'template_version': '8', 'name': 'email', 'uuid': '5fabdfaa-3520-4424-987a-2e247797c473', 'id': '1094', 'deleted': False, 'timestamp': '1522221846', 'meta-category': 'network', 'comment': '', 'sharing_group_id': '0'}}\n"
-     ]
-    }
-   ],
+   "outputs": [],
    "source": [
     "from pymisp import MISPObject\n",
     "\n",