def search_all(s_item):
misp = misp_conn.MakeConn().get()
result = misp.search_all(s_item['search'])
if json_data['quiet']:
for e in result['response']:
return '{}{}{}\n'.format(url, '/events/view/', e['Event']['id'])
elif out is None:
return json.dumps(result['response'])
else:
with open(s_item['output'],'w') as search_res:
search_res.write(json.dumps(result['response']))
def search_params(json_data):
if json_data['attributes']:
controller = 'attributes'
else:
controller = 'events'
misp = misp_conn.MakeConn().get()
kwargs = {json_data['param']:json_data['search']}
result = misp.search(controller, **kwargs)
if json_data['quiet']:
for e in result['response']:
return '{}{}{}\n'.format(url, '/events/view/', e['Event']['id'])
elif out is None:
return json.dumps(result['response'])
else:
with open(json_data['output'],'w') as search_res:
search_res.write(json.dumps(result['response']))
def make_conn():
return misp_conn.MakeConn().get()
def add_attr(evattr):
misp = misp_conn.MakeConn().get()
past_event = misp.get_event(evattr.get("attr", "event"))
new_event = misp.add_named_attribute(past_event,
evattr.get("attr", "type"),
evattr.get("attr", "value"))
def get_event(eids): if eids >0: misp = misp_conn.MakeConn().get() json_event = misp.get_event(eids) return json_event
def get_all_feeds(): misp = misp_conn.MakeConn().get() return misp.cache_all_feeds()
def connect_misp():
return misp_conn.MakeConn().get()
def feed_event(events):
misp = misp_conn.MakeConn().get()
feed_id = events.get("fetch", "feedid")
return misp.fetch_feed(feed_id)