diff --git a/docs/tutorial/PyMISP Objects.ipynb b/docs/tutorial/PyMISP Objects.ipynb index 62a3476..e4f3a6d 100644 --- a/docs/tutorial/PyMISP Objects.ipynb +++ b/docs/tutorial/PyMISP Objects.ipynb @@ -53,6 +53,30 @@ "```" ] }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "# Getting the API key (automatically generated on the trainig VM)" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "from pathlib import Path\n", + "\n", + "api_file = Path('apikey')\n", + "if api_file.exists():\n", + " misp_url = 'http://127.0.0.1'\n", + " misp_verifycert = False\n", + " with open(api_file) as f:\n", + " misp_key = f.read().strip()\n", + " print(misp_key)" + ] + }, { "cell_type": "markdown", "metadata": {}, @@ -350,7 +374,7 @@ "misp_object.add_attribute('ip', value='149.13.33.14')\n", "misp_object.add_attribute('first-seen', value='2018-04-11')\n", "misp_object.add_attribute('last-seen', value='2018-06-11')\n", - "misp_object.add_reference(circl_attr.uuid, 'related-to', 'Expanded with passive DNS entry')\n", + "misp_object.add_reference(obj_attr.uuid, 'related-to', 'Expanded with passive DNS entry')\n", "\n", "print(event.to_json())\n" ] @@ -656,7 +680,7 @@ "misp_url = 'http://127.0.0.1:8080'\n", "# Can be found in the MISP web interface under \n", "# http://+MISP_URL+/users/view/me -> Authkey\n", - "misp_key = 'yB8DMS8LkfYYpcVX8bN2v7xwDZDMp4bpW0sNqNGj'\n", + "misp_key = 'xe5okWNY2OB3O9ljR6t2cJPNsv4u1VZB0C1mKwtB'\n", "# Should PyMISP verify the MISP certificate\n", "misp_verifycert = False\n", "\n", @@ -763,7 +787,7 @@ "name": "python", "nbconvert_exporter": "python", "pygments_lexer": "ipython3", - "version": "3.6.3" + "version": "3.6.5" } }, "nbformat": 4, diff --git a/docs/tutorial/PyMISP_tutorial.ipynb b/docs/tutorial/PyMISP_tutorial.ipynb index 0ada011..0b0ace5 100644 --- a/docs/tutorial/PyMISP_tutorial.ipynb +++ b/docs/tutorial/PyMISP_tutorial.ipynb @@ -30,6 +30,37 @@ "misp_verifycert = False" ] }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "# Getting the API key (automatically generated on the trainig VM)" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "from pathlib import Path\n", + "\n", + "api_file = Path('apikey')\n", + "if api_file.exists():\n", + " misp_url = 'http://127.0.0.1'\n", + " misp_verifycert = False\n", + " with open(api_file) as f:\n", + " misp_key = f.read().strip()\n", + " print(misp_key)" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "# Initialize PyMISP" + ] + }, { "cell_type": "code", "execution_count": null, diff --git a/docs/tutorial/Search.ipynb b/docs/tutorial/Search.ipynb index 47b420b..27a7ecc 100644 --- a/docs/tutorial/Search.ipynb +++ b/docs/tutorial/Search.ipynb @@ -7,12 +7,43 @@ "outputs": [], "source": [ "# The URL of the MISP instance to connect to\n", - "misp_url = 'https:///'\n", + "misp_url = 'http://127.0.0.1:8080'\n", "# Can be found in the MISP web interface under \n", "# http://+MISP_URL+/users/view/me -> Authkey\n", - "misp_key = ''\n", + "misp_key = 'xe5okWNY2OB3O9ljR6t2cJPNsv4u1VZB0C1mKwtB'\n", "# Should PyMISP verify the MISP certificate\n", - "misp_verifycert = True" + "misp_verifycert = False" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "# Getting the API key (automatically generated on the trainig VM)" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "from pathlib import Path\n", + "\n", + "api_file = Path('apikey')\n", + "if api_file.exists():\n", + " misp_url = 'http://127.0.0.1'\n", + " misp_verifycert = False\n", + " with open(api_file) as f:\n", + " misp_key = f.read().strip()\n", + " print(misp_key)" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "# Initialize PyMISP" ] }, { @@ -48,7 +79,8 @@ "metadata": {}, "outputs": [], "source": [ - "r = misp.search_index(published=False)" + "r = misp.search_index(published=False)\n", + "print(r)" ] }, { @@ -130,7 +162,8 @@ "metadata": {}, "outputs": [], "source": [ - "r = misp.search_index(attribute='8.8.8.8')" + "r = misp.search_index(attribute='8.8.8.8')\n", + "print(r)" ] }, { @@ -162,7 +195,8 @@ "metadata": {}, "outputs": [], "source": [ - "r = misp.search_index(timestamp='1h')" + "r = misp.search_index(timestamp='1h')\n", + "print(r)" ] }, { @@ -206,7 +240,8 @@ "metadata": {}, "outputs": [], "source": [ - "r = misp.search(values='8.8.8.8')" + "r = misp.search(values='8.8.8.8')\n", + "print(r)" ] }, { @@ -357,7 +392,7 @@ "name": "python", "nbconvert_exporter": "python", "pygments_lexer": "ipython3", - "version": "3.6.3" + "version": "3.6.5" } }, "nbformat": 4, diff --git a/docs/tutorial/Usage.ipynb b/docs/tutorial/Usage.ipynb index 765f848..3eced66 100644 --- a/docs/tutorial/Usage.ipynb +++ b/docs/tutorial/Usage.ipynb @@ -25,8 +25,46 @@ "# http://+MISP_URL+/users/view/me -> Authkey\n", "misp_key = 'yB8DMS8LkfYYpcVX8bN2v7xwDZDMp4bpW0sNqNGj'\n", "# Should PyMISP verify the MISP certificate\n", - "misp_verifycert = False\n", + "misp_verifycert = False" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "# Getting the API key (automatically generated on the trainig VM)" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "from pathlib import Path\n", "\n", + "api_file = Path('apikey')\n", + "if api_file.exists():\n", + " misp_url = 'http://127.0.0.1'\n", + " misp_verifycert = False\n", + " with open(api_file) as f:\n", + " misp_key = f.read().strip()\n", + " print(misp_key)" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "# Initialize PyMISP" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ "misp = PyMISP(misp_url, misp_key, misp_verifycert)" ] }, @@ -460,7 +498,7 @@ "name": "python", "nbconvert_exporter": "python", "pygments_lexer": "ipython3", - "version": "3.6.3" + "version": "3.6.5" } }, "nbformat": 4, diff --git a/pymisp/api.py b/pymisp/api.py index 3011ec0..ef21f20 100644 --- a/pymisp/api.py +++ b/pymisp/api.py @@ -468,6 +468,12 @@ class PyMISP(object): e.analysis = analysis_status return self.update(e) + def change_distribution(self, event, distribution): + """Change the distribution of an event""" + e = self._make_mispevent(event) + e.distribution = distribution + return self.update(e) + def change_sharing_group(self, event, sharing_group_id): """Change the sharing group of an event""" e = self._make_mispevent(event) @@ -1054,8 +1060,8 @@ class PyMISP(object): :param normalize: Normalize output | True or False :param timestamp: Interval since last update (in second, or 1d, 1h, ...) """ - allowed = {'published': published, 'eventid': eventid, 'tag': tag, 'Dateuntil': dateuntil, - 'Datefrom': datefrom, 'eventinfo': eventinfo, 'threatlevel': threatlevel, + allowed = {'published': published, 'eventid': eventid, 'tag': tag, 'dateuntil': dateuntil, + 'datefrom': datefrom, 'eventinfo': eventinfo, 'threatlevel': threatlevel, 'distribution': distribution, 'analysis': analysis, 'attribute': attribute, 'org': org, 'timestamp': timestamp} rule_levels = {'distribution': ["0", "1", "2", "3", "!0", "!1", "!2", "!3"], diff --git a/tests/testlive_comprehensive.py b/tests/testlive_comprehensive.py index 562c49c..deb9111 100644 --- a/tests/testlive_comprehensive.py +++ b/tests/testlive_comprehensive.py @@ -14,7 +14,7 @@ try: except ImportError as e: print(e) url = 'http://localhost:8080' - key = 'fk5BodCZw8owbscW8pQ4ykMASLeJ4NYhuAbshNjo' + key = 'y0rs3LNOP0Y3v6dfSMMdhxj5Oxx9MfaInpRP2pBC' from uuid import uuid4 @@ -916,6 +916,16 @@ class TestComprehensive(unittest.TestCase): self.assertEqual(r['Galaxy']['name'], list_name_test) self.assertTrue('GalaxyCluster' in r) + def test_zmq(self): + first = self.create_simple_event() + try: + first = self.user_misp_connector.add_event(first) + r = self.admin_misp_connector.pushEventToZMQ(first.id) + self.assertEqual(r['message'], 'Event published to ZMQ') + finally: + # Delete event + self.admin_misp_connector.delete_event(first.id) + @unittest.skip("Currently failing") def test_search_type_event_csv(self): try: