From 60f3111f47878f349f7a05f0f7df5b0e008465b1 Mon Sep 17 00:00:00 2001
From: Tristan METAYER <truckydev@gmail.com>
Date: Wed, 29 Nov 2017 16:46:41 +0100
Subject: [PATCH 1/2] - Correction for 'last' param. 'last' gives the latest
 events that have been published - add get_events_last_modified() this
 function returns the modified events based on timestamp

---
 pymisp/api.py | 31 +++++++++++++++++++++++++++++--
 1 file changed, 29 insertions(+), 2 deletions(-)

diff --git a/pymisp/api.py b/pymisp/api.py
index c7b43ef..cb890a5 100644
--- a/pymisp/api.py
+++ b/pymisp/api.py
@@ -1033,7 +1033,7 @@ class PyMISP(object):
         :param not_tags: Tags *not* to search for
         :param date_from: First date
         :param date_to: Last date
-        :param last: Last updated events (for example 5d or 12h or 30m)
+        :param last: Last published events (for example 5d or 12h or 30m)
         :param eventid: Last date
         :param withAttachments: return events with or without the attachments
         :param uuid: search by uuid
@@ -1167,12 +1167,39 @@ class PyMISP(object):
         return True, details
 
     def download_last(self, last):
-        """Download the last updated events.
+        """Download the last published events.
 
         :param last: can be defined in days, hours, minutes (for example 5d or 12h or 30m)
         """
         return self.search(last=last)
 
+    def get_events_last_modified(self, search_from, search_to=None):
+        """Download the last modified events.
+
+        :param search_from: timestamp periode to start. can be defined as a date (2000-12-21)
+        :param search_to: tamestamp periode to stop
+        """
+        
+        def checkIfDateAndConvert(d):
+            """Check if the format is a date otherwise we keep the temistamp"""
+            if d and len(d) == 10:
+                if d[4] == '-' and d[7] == '-':
+                    return int(datetime.datetime.strptime(d, '%Y-%m-%d').strftime("%s"))
+                if d.isnumeric():
+                    return d
+            return False
+
+        search_from = checkIfDateAndConvert(search_from)
+        search_to = checkIfDateAndConvert(search_to)
+
+        if search_from:
+            if search_to:
+                return self.search(timestamp=[search_from, search_to])
+            else:
+                return self.search(timestamp=search_from)
+
+        return {'error': '"search_from" or "search_to" are not in a valid format (timestamp or date(2000-12-21'}
+
     # ########## Tags ##########
 
     def get_all_tags(self, quiet=False):

From 5cbcc09d7d9ee3bfad1b761984aa58fd957bfc38 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= <raphael@vinot.info>
Date: Mon, 11 Dec 2017 15:01:25 +0100
Subject: [PATCH 2/2] new: Add method to get all the events modified in an
 interval

---
 pymisp/api.py | 42 ++++++++++++++++++++++--------------------
 1 file changed, 22 insertions(+), 20 deletions(-)

diff --git a/pymisp/api.py b/pymisp/api.py
index f89fc23..6b265e9 100644
--- a/pymisp/api.py
+++ b/pymisp/api.py
@@ -6,6 +6,7 @@
 import sys
 import json
 import datetime
+from dateutil.parser import parse
 import os
 import base64
 import re
@@ -1051,7 +1052,7 @@ class PyMISP(object):
         :param withAttachments: return events with or without the attachments
         :param uuid: search by uuid
         :param publish_timestamp: the publish timestamp
-        :param timestamp: the creation timestamp
+        :param timestamp: the timestamp of the last modification. Can be a list (from->to)
         :param enforceWarninglist: Enforce the warning lists
         :param searchall: full text search on the database
         :param metadata: return only metadata if True
@@ -1186,32 +1187,33 @@ class PyMISP(object):
         """
         return self.search(last=last)
 
+    def _string_to_timestamp(self, date_string):
+        pydate = parse(date_string)
+        if sys.version_info >= (3, 3):
+            # Sane python version
+            timestamp = pydate.timestamp()
+        else:
+            # Whatever
+            from datetime import timezone  # Only for Python < 3.3
+            timestamp = (pydate - datetime(1970, 1, 1, tzinfo=timezone.utc)).total_seconds()
+        return timestamp
+
     def get_events_last_modified(self, search_from, search_to=None):
         """Download the last modified events.
 
-        :param search_from: timestamp periode to start. can be defined as a date (2000-12-21)
-        :param search_to: tamestamp periode to stop
+        :param search_from: Beginning of the interval. Can be either a timestamp, or a date (2000-12-21)
+        :param search_to: End of the interval. Can be either a timestamp, or a date (2000-12-21)
         """
-        
-        def checkIfDateAndConvert(d):
-            """Check if the format is a date otherwise we keep the temistamp"""
-            if d and len(d) == 10:
-                if d[4] == '-' and d[7] == '-':
-                    return int(datetime.datetime.strptime(d, '%Y-%m-%d').strftime("%s"))
-                if d.isnumeric():
-                    return d
-            return False
 
-        search_from = checkIfDateAndConvert(search_from)
-        search_to = checkIfDateAndConvert(search_to)
+        search_from = self._string_to_timestamp(search_from)
 
-        if search_from:
-            if search_to:
-                return self.search(timestamp=[search_from, search_to])
-            else:
-                return self.search(timestamp=search_from)
+        if search_to is not None:
+            search_to = self._string_to_timestamp(search_to)
+            to_search = [search_from, search_to]
+        else:
+            to_search = search_from
 
-        return {'error': '"search_from" or "search_to" are not in a valid format (timestamp or date(2000-12-21'}
+        return self.search(timestamp=to_search)
 
     # ########## Tags ##########