From 97dfe2a4f6542bf031c65f1eabede114720df53c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Wed, 5 Aug 2015 17:20:59 +0200 Subject: [PATCH] Add last param to restSearch + example script --- examples/last.py | 44 ++++++++++++++++++++++++++++++++++++++++++++ pymisp/api.py | 14 ++++++++++++-- 2 files changed, 56 insertions(+), 2 deletions(-) create mode 100755 examples/last.py diff --git a/examples/last.py b/examples/last.py new file mode 100755 index 000000000..64eac40a3 --- /dev/null +++ b/examples/last.py @@ -0,0 +1,44 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +from pymisp import PyMISP +from keys import url_priv, key_priv +# from keys import url_cert, key_cert +import argparse +import os +import json + + +# Usage for pipe masters: ./last.py -l 5h | jq . + + +def init(url, key): + return PyMISP(url, key, True, 'json') + + +def download_last(m, last, out=None): + result = m.download_last(last) + if out is None: + for e in result['response']: + print(json.dumps(e) + '\n') + else: + with open(out, 'w') as f: + for e in result['response']: + f.write(json.dumps(e) + '\n') + + +if __name__ == '__main__': + parser = argparse.ArgumentParser(description='Download latest events from a MISP instance.') + parser.add_argument("-l", "--last", required=True, help="can be defined in days, hours, minutes (for example 5d or 12h or 30m).") + parser.add_argument("-o", "--output", help="Output file") + + args = parser.parse_args() + + if args.output is not None and os.path.exists(args.output): + print('Output file already exists, abord.') + exit(0) + + misp = init(url_priv, key_priv) + # misp = init(url_cert, key_cert) + + download_last(misp, args.last, args.output) diff --git a/pymisp/api.py b/pymisp/api.py index 2582dad43..22b36992b 100644 --- a/pymisp/api.py +++ b/pymisp/api.py @@ -69,7 +69,6 @@ def __query(self, session, path, query): return query url = self.rest.format(path) query = {'request': query} - print(json.dumps(query)) r = session.post(url, data=json.dumps(query)) return r.json() @@ -207,7 +206,7 @@ def __prepare_rest_search(self, values, not_values): def search(self, values=None, not_values=None, type_attribute=None, category=None, org=None, tags=None, not_tags=None, date_from=None, - date_to=None): + date_to=None, last=None): """ Search via the Rest API @@ -220,6 +219,7 @@ def search(self, values=None, not_values=None, type_attribute=None, :param not_tags: Tags *not* to search for :param date_from: First date :param date_to: Last date + :param last: Last updated events (for example 5d or 12h or 30m) """ val = self.__prepare_rest_search(values, not_values).replace('/', '|') @@ -245,6 +245,8 @@ def search(self, values=None, not_values=None, type_attribute=None, query['to'] = date_to.strftime('%Y-%m-%d') else: query['to'] = date_to + if last is not None: + query['last'] = last session = self.__prepare_session() return self.__query(session, 'restSearch/download', query) @@ -260,6 +262,14 @@ def get_attachement(self, event_id): session = self.__prepare_session() return session.get(attach.format(event_id)) + def download_last(self, last): + """ + Download the last updated events. + + :param last: can be defined in days, hours, minutes (for example 5d or 12h or 30m) + """ + return self.search(last=last) + # ############## Export ############### def download_all(self):