def add_event(self): try: event = MISPEvent() event.distribution = 0 # ATD Threat mapping to MISP Threat Level atd_threat_level = self.query['Summary']['Verdict']['Severity'] if not atd_threat_level: pass else: if atd_threat_level == '3': event.threat_level_id = 1 elif atd_threat_level == '4': event.threat_level_id = 2 elif atd_threat_level == '5': event.threat_level_id = 3 else: event.threat_level_id = 0 event.analysis = 0 # initial event.info = "ATD Analysis Report - {0}".format(self.mainfile) event.attributes = self.attributes event.Tag = 'ATD:Report' event = self.misp.add_event(event, pythonify=True) self.evenid = event.id print('SUCCESS: New MISP Event got created with ID: {}'.format(str(event.id))) except Exception as e: exc_type, exc_obj, exc_tb = sys.exc_info() print("ERROR: Error in {location}.{funct_name}() - line {line_no} : {error}" .format(location=__name__, funct_name=sys._getframe().f_code.co_name, line_no=exc_tb.tb_lineno, error=str(e)))
def create_full_event( self, info, distribution: MISPDistribution = MISPDistribution.ORGANIZATION, threat_level: MISPThreatLevel = MISPThreatLevel.MEDIUM, analysis: MISPAnalysis = MISPAnalysis.INITIAL, attributes: list = None, tags: list = None): new_event = MISPEvent() new_event.distribution = distribution.value new_event.threat_level_id = threat_level.value new_event.analysis = analysis.value new_event.info = info if attributes is not None: new_event.Attribute = list() if tags is not None: new_event.Tag = list() event = self.misp_api.add_event(new_event) self.misp_api.get_all_tags() print(event.to_json()) return event