Add last param to restSearch + example script

jkerai1 · Aug 5, 2015 · 97dfe2a · 97dfe2a
1 parent effd808
commit 97dfe2a
Show file tree

Hide file tree

Showing 2 changed files with 56 additions and 2 deletions.
diff --git a/examples/last.py b/examples/last.py
@@ -0,0 +1,44 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+from pymisp import PyMISP
+from keys import url_priv, key_priv
+# from keys import url_cert, key_cert
+import argparse
+import os
+import json
+
+
+# Usage for pipe masters: ./last.py -l 5h | jq .
+
+
+def init(url, key):
+    return PyMISP(url, key, True, 'json')
+
+
+def download_last(m, last, out=None):
+    result = m.download_last(last)
+    if out is None:
+        for e in result['response']:
+            print(json.dumps(e) + '\n')
+    else:
+        with open(out, 'w') as f:
+            for e in result['response']:
+                f.write(json.dumps(e) + '\n')
+
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser(description='Download latest events from a MISP instance.')
+    parser.add_argument("-l", "--last", required=True, help="can be defined in days, hours, minutes (for example 5d or 12h or 30m).")
+    parser.add_argument("-o", "--output", help="Output file")
+
+    args = parser.parse_args()
+
+    if args.output is not None and os.path.exists(args.output):
+        print('Output file already exists, abord.')
+        exit(0)
+
+    misp = init(url_priv, key_priv)
+    # misp = init(url_cert, key_cert)
+
+    download_last(misp, args.last, args.output)
diff --git a/pymisp/api.py b/pymisp/api.py
@@ -69,7 +69,6 @@ def __query(self, session, path, query):
             return query
         url = self.rest.format(path)
         query = {'request': query}
-        print(json.dumps(query))
         r = session.post(url, data=json.dumps(query))
         return r.json()
 
@@ -207,7 +206,7 @@ def __prepare_rest_search(self, values, not_values):
 
     def search(self, values=None, not_values=None, type_attribute=None,
                category=None, org=None, tags=None, not_tags=None, date_from=None,
-               date_to=None):
+               date_to=None, last=None):
         """
             Search via the Rest API
 
@@ -220,6 +219,7 @@ def search(self, values=None, not_values=None, type_attribute=None,
             :param not_tags: Tags *not* to search for
             :param date_from: First date
             :param date_to: Last date
+            :param last: Last updated events (for example 5d or 12h or 30m)
 
         """
         val = self.__prepare_rest_search(values, not_values).replace('/', '|')
@@ -245,6 +245,8 @@ def search(self, values=None, not_values=None, type_attribute=None,
                 query['to'] = date_to.strftime('%Y-%m-%d')
             else:
                 query['to'] = date_to
+        if last is not None:
+            query['last'] = last
 
         session = self.__prepare_session()
         return self.__query(session, 'restSearch/download', query)
@@ -260,6 +262,14 @@ def get_attachement(self, event_id):
         session = self.__prepare_session()
         return session.get(attach.format(event_id))
 
+    def download_last(self, last):
+        """
+            Download the last updated events.
+
+            :param last: can be defined in days, hours, minutes (for example 5d or 12h or 30m)
+        """
+        return self.search(last=last)
+
     # ############## Export ###############
 
     def download_all(self):