def get_all(self, page=1, count=10, complete=False):
url = "/events"
url = '{0}?count={1}&page={2}&sorting%5Bcreated_at%5D=desc'.format(url, count, page).replace('&', 'BLA')
events_json = self.__request(url,
'GET',
None
)
events_json = json.loads(events_json)
events_json = events_json.get('data', list())
result = list()
for event_json in events_json:
event = Event()
event.populate(event_json)
result.append(event)
return result
def populate(self, json):
item = json['event']
self.event = Event()
self.event.populate(item)
# Check if not a report
if json.get('report', None) or json.get('reference', None):
item = json.get('report', None)
if item:
self.report = Report()
self.report.populate(item)
item = json.get('reference', None)
if item:
self.reference = Reference()
self.reference.populate(item)
else:
item = json.get('observable', None)
if item:
self.observable = Observable()
self.observable.populate(item)
item = json.get('object', None)
if item:
self.object = Object()
self.object.populate(item)
item = json.get('attribute', None)
if item:
self.attribute = Attribute()
self.attribute.populate(item)
def get_unvalidated_events(self, count=10, page=1):
url = "/validate/unvalidated?count={0}&page={1}&sorting%5Bcreated_at%5D=desc".format(count, page)
events_json = self.__request(url,
'GET',
None
)
event_dict = json.loads(events_json)
events_dict = event_dict.get('data', list())
result = list()
for event_dict in events_dict:
event = Event()
event.populate(event_dict)
result.append(event)
return result
def parse_events(self, xml, full=True):
events = xml.iterfind('./Event')
rest_events = []
for event in events:
rest_event = Event()
event_id = self.set_event_header(event, rest_event)
if full:
observables = self.parse_attributes(rest_event, event)
rest_event.observables = observables
# Append reference
# check if there aren't any empty reports
result = list()
for event_report in rest_event.reports:
if event_report.references:
result.append(event_report)
report = Report()
report.identifier = uuid4()
self.set_properties(report, False)
# self.set_extended_logging(report, rest_event)
# IMPORTANT logging of this should not be set, as this should onbly be visible for the owner/inserter
value = u'{0}{1} Event ID {2}'.format('', self.tag, event_id)
reference = self.create_reference(None, uuid4(), None, 'reference_external_identifier', value, None, False, rest_event, False)
report.references.append(reference)
value = u'{0}/events/view/{1}'.format(self.api_url, event_id)
reference = self.create_reference(None, uuid4(), None, 'link', value, None, False, rest_event, False)
report.references.append(reference)
result.append(report)
rest_event.reports = result
setattr(rest_event, 'misp_id', event_id)
rest_events.append(rest_event)
return rest_events
class SearchResult(RestBase):
def __init__(self):
RestBase.__init__(self)
self.event = None
self.object = None
self.observable = None
self.attribute = None
self.report = None
self.reference = None
def populate(self, json):
item = json['event']
self.event = Event()
self.event.populate(item)
# Check if not a report
if json.get('report', None) or json.get('reference', None):
item = json.get('report', None)
if item:
self.report = Report()
self.report.populate(item)
item = json.get('reference', None)
if item:
self.reference = Reference()
self.reference.populate(item)
else:
item = json.get('observable', None)
if item:
self.observable = Observable()
self.observable.populate(item)
item = json.get('object', None)
if item:
self.object = Object()
self.object.populate(item)
item = json.get('attribute', None)
if item:
self.attribute = Attribute()
self.attribute.populate(item)
