chg: [MISP] Added possibility to specify the return format.

bin/main.py

@@ -82,6 +82,31 @@ def main():
         action="store_true",
         help="Returns a list of PyMISP Objects instead of the plain json output.",
     )
+    parser_misp.add_argument(
+        "--return-format",
+        choices=[
+            "openioc",
+            "json",
+            "xml",
+            "suricata",
+            "snort",
+            "text",
+            "rpz",
+            "csv",
+            "cache",
+            "stix-xml",
+            "stix",
+            "stix2",
+            "yara",
+            "yara-json",
+            "attack",
+            "attack-sightings",
+            "context",
+            "context-markdown",
+        ],
+        default="json",
+        help="Set the return format of the search.",
+    )
 
     # Subparser: Yara
     subparsers.add_parser("yara", help="Uses Yara in order to verify the files.")
@@ -115,7 +140,7 @@ def main():
     elif arguments.command == "pandora":
         pandora()
     elif arguments.command == "misp":
-        misp(arguments.pythonify)
+        misp(return_format=arguments.return_format, pythonify=arguments.pythonify)
     elif arguments.command == "yara":
         yara()
     elif arguments.command == "export":

pyhids/misp.py

@@ -20,7 +20,7 @@
 values = {}
 
 
-def main(pythonify: bool = False):
+def main(return_format: str = "json", pythonify: bool = False):
     misp = PyMISP(misp_url, misp_key, misp_verifycert)
     # alerts = []
     base = utils.load_base()
@@ -32,7 +32,12 @@ def main(pythonify: bool = False):
         # result = misp.direct_call(relative_path, body)
         # if result["Attribute"]:
         #     alerts.append(result)
-    result = misp.search(controller="attributes", value=values, pythonify=pythonify)
+    result = misp.search(
+        controller="attributes",
+        value=values,
+        pythonify=pythonify,
+        return_format=return_format,
+    )
     if result:
         print(result)