chg: [doc] Added more visual examples for pymisp

pymisp/README.md

@@ -66,6 +66,10 @@ vim keys.py
 
 Once you are done with it, you are ready to start.
 
+This is how **keys.py** looks:
+
+{% codesnippet "/pymisp/keys.py", language="python" %}{% endcodesnippet %}
+
 ### Using PyMISP
 
 To have a better understanding of how to use PyMISP, we will have a look at one of the existing examples: add\_named\_attribute.py
@@ -335,3 +339,7 @@ Allow to import OpenIOC files into MISP easily. It is also possible to set speci
 * attribute_treemap.py generate a tree-map showing the distribution of the attributes on the MISP instance.
 * tags_* : these functions help having statistics and graphs about the tag repartition.
 
+#### Simple example on fetching the last events
+
+{% codesnippet "/pymisp/last.py", language="python" %}{% endcodesnippet %}
+

pymisp/keys.py

@@ -0,0 +1,6 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+misp_url = 'https://<your MISP URL>/'
+misp_key = 'Your MISP auth key' # The MISP auth key can be found on the MISP web interface under the automation section
+misp_verifycert = True

pymisp/last.py

@@ -0,0 +1,43 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+from pymisp import PyMISP
+from keys import misp_url, misp_key, misp_verifycert
+import argparse
+import os
+import json
+
+
+# Usage for pipe masters: ./last.py -l 5h | jq .
+
+
+def init(url, key):
+    return PyMISP(url, key, misp_verifycert, 'json')
+
+
+def download_last(m, last, out=None):
+    result = m.download_last(last)
+    if out is None:
+        if 'response' in result:
+            print(json.dumps(result['response']))
+        else:
+            print('No results for that time period')
+            exit(0)
+    else:
+        with open(out, 'w') as f:
+            f.write(json.dumps(result['response']))
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser(description='Download latest events from a MISP instance.')
+    parser.add_argument("-l", "--last", required=True, help="can be defined in days, hours, minutes (for example 5d or 12h or 30m).")
+    parser.add_argument("-o", "--output", help="Output file")
+
+    args = parser.parse_args()
+
+    if args.output is not None and os.path.exists(args.output):
+        print('Output file already exists, abord.')
+        exit(0)
+
+    misp = init(misp_url, misp_key)
+
+    download_last(misp, args.last, args.output)

quick-start/README.md

@@ -25,7 +25,10 @@ MISP default credentials:
 1. [Change site admin password](https://misp.gitbooks.io/misp-book/content/quick-start/#password-policy)
 2. [Activate Feeds](https://www.circl.lu/doc/misp/managing-feeds/)
 3. [Setup your User](https://misp.gitbooks.io/misp-book/content/user-management/#first-run-of-the-system)
+3.1 Designate a Site Admin and an Org Admin
+3.2 Add some contributing users and assign the corresponding Roles
 4. [MISP Administration](https://www.circl.lu/doc/misp/administration/)
+4.1 Edit your first organisations' name
 
 ## Password Policy 
 - [12]: Ensure that the password is at least 12 characters long
@@ -33,8 +36,6 @@ MISP default credentials:
 - [0-9| ]: includes a digit or a special character 
 - [a-z]: at least one lower-case character.
 
-**Last Updated: April, 2018**
-
 If you need a password generator use:
 - Ubuntu / Debian: [pwgen](https://linux.die.net/man/1/pwgen)
 - Website: [LastPass PW Generator](https://lastpass.com/generatepassword.php)