added new functionality to update an event

2019-07-18 11:02:42 +02:00 · 2019-07-18 11:02:42 +02:00 · f84c9eadee
parent 69a04243e7
commit f84c9eadee
2 changed files with 18 additions and 1 deletions
--- a/mail2misp/mail2misp.py
+++ b/mail2misp/mail2misp.py
@ -367,3 +367,15 @@ class Mail2MISP():
            for value, source in self.sightings_to_add:
                self.sighting(value, source)
        return event
+
+    def update_event(self, event_id=None):
+        '''Update event on the remote MISP instance.'''
+
+        if self.offline:
+            return self.misp_event.to_json()
+        event = self.misp.update_event(self.misp_event, event_id=event_id)
+        if self.config.sighting:
+            for value, source in self.sightings_to_add:
+                self.sighting(value, source)
+        return event
+
--- a/mail_to_misp.py
+++ b/mail_to_misp.py
@ -15,6 +15,7 @@ if __name__ == '__main__':
    parser = argparse.ArgumentParser(description='Push a Mail into a MISP instance')
    parser.add_argument("-r", "--read", help="Read from tempfile.")
    parser.add_argument("-t", "--trap", action='store_true', default=False, help="Import the Email as-is.")
+    parser.add_argument("-e", "--event", default=False, help="Add indicators to this MISP event.")
    parser.add_argument('infile', nargs='?', type=argparse.FileType('rb'))
    args = parser.parse_args()

@ -66,5 +67,9 @@ if __name__ == '__main__':

    mail2misp.process_body_iocs()

-    mail2misp.add_event()
+    if args.event:
+        misp_event = args.event
+        mail2misp.update_event(event_id=misp_event)
+    else:
+        mail2misp.add_event()
    syslog.syslog("Job finished.")