Merge branch 'master' of github.com:MISP/PyMISP

2019-05-13 10:13:21 +02:00 · 2019-05-13 10:13:21 +02:00 · f55add5a6d
parent 21ec93582a 9f7f848d55
commit f55add5a6d
2 changed files with 43 additions and 1 deletions
--- a/examples/fetch_warninglist_hits.py
+++ b/examples/fetch_warninglist_hits.py
@ -0,0 +1,38 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+from pymisp import PyMISP
+from keys import misp_url, misp_key
+import argparse
+
+
+def init(url, key):
+    return PyMISP(url, key)
+
+
+def loop_attributes(elem):
+    if 'Attribute' in elem.keys():
+        for attribute in elem['Attribute']:
+            if 'warnings' in attribute.keys():
+                for warning in attribute['warnings']:
+                    print("Value {} has a hit in warninglist with name '{}' and id '{}'".format(warning['value'],
+                                                                                                warning[
+                                                                                                    'warninglist_name'],
+                                                                                                warning[
+                                                                                                    'warninglist_id']))
+
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser(description='Print all warninglist hits for an event.')
+    parser.add_argument("eventid", type=str, help="The event id of the event to get info of")
+    args = parser.parse_args()
+    misp = init(misp_url, misp_key)
+    evt = misp.search('events', eventid=args.eventid, includeWarninglistHits=1)['response'][0]['Event']
+    if 'warnings' in evt.keys():
+        print('warnings in entire event:')
+        print(str(evt['warnings']) + '\n')
+        print('Warnings at attribute levels:')
+        loop_attributes(evt)
+        if 'Object' in evt.keys():
+            for obj in evt['Object']:
+                loop_attributes(obj)
--- a/pymisp/api.py
+++ b/pymisp/api.py
@ -513,7 +513,9 @@ class PyMISP(object):
        """Change the sharing group of an event"""
        e = self._make_mispevent(event)
        e.distribution = 4      # Needs to be 'Sharing group'
-        e.sharing_group_id = sharing_group_id
+        if e.SharingGroup:      # Delete former SharingGroup information
+            del e.SharingGroup
+        e.sharing_group_id = sharing_group_id # Set new sharing group id
        return self.update(e)

    def new_event(self, distribution=None, threat_level_id=None, analysis=None, info=None, date=None, published=False, orgc_id=None, org_id=None, sharing_group_id=None):
@ -1188,6 +1190,7 @@ class PyMISP(object):
        :param publish_timestamp: the publish timestamp
        :param timestamp: the timestamp of the last modification. Can be a list (from->to)
        :param enforceWarninglist: Enforce the warning lists
+        :param includeWarninglistHits: Include the warning list hits
        :param searchall: full text search on the database
        :param metadata: return only metadata if True
        :param published: return only published events
@ -1249,6 +1252,7 @@ class PyMISP(object):
        query['publish_timestamp'] = kwargs.pop('publish_timestamp', None)
        query['timestamp'] = kwargs.pop('timestamp', None)
        query['enforceWarninglist'] = kwargs.pop('enforceWarninglist', None)
+        query['includeWarninglistHits'] = kwargs.pop('includeWarninglistHits', None)
        query['to_ids'] = kwargs.pop('to_ids', None)
        query['deleted'] = kwargs.pop('deleted', None)
        query['published'] = kwargs.pop('published', None)