From 58d2ac0daf2f5502323dbb96c2f00d33306b5d55 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9dric=20Bonhomme?= <cedric@cedricbonhomme.org>
Date: Mon, 30 Oct 2023 08:41:47 +0100
Subject: [PATCH] chg: [MISP] Added possibility to specify the return format.

---
 bin/main.py    | 27 ++++++++++++++++++++++++++-
 pyhids/misp.py |  9 +++++++--
 2 files changed, 33 insertions(+), 3 deletions(-)

diff --git a/bin/main.py b/bin/main.py
index ab6035e..e142231 100644
--- a/bin/main.py
+++ b/bin/main.py
@@ -82,6 +82,31 @@ def main():
         action="store_true",
         help="Returns a list of PyMISP Objects instead of the plain json output.",
     )
+    parser_misp.add_argument(
+        "--return-format",
+        choices=[
+            "openioc",
+            "json",
+            "xml",
+            "suricata",
+            "snort",
+            "text",
+            "rpz",
+            "csv",
+            "cache",
+            "stix-xml",
+            "stix",
+            "stix2",
+            "yara",
+            "yara-json",
+            "attack",
+            "attack-sightings",
+            "context",
+            "context-markdown",
+        ],
+        default="json",
+        help="Set the return format of the search.",
+    )
 
     # Subparser: Yara
     subparsers.add_parser("yara", help="Uses Yara in order to verify the files.")
@@ -115,7 +140,7 @@ def main():
     elif arguments.command == "pandora":
         pandora()
     elif arguments.command == "misp":
-        misp(arguments.pythonify)
+        misp(return_format=arguments.return_format, pythonify=arguments.pythonify)
     elif arguments.command == "yara":
         yara()
     elif arguments.command == "export":
diff --git a/pyhids/misp.py b/pyhids/misp.py
index 510384c..f3a5cc0 100644
--- a/pyhids/misp.py
+++ b/pyhids/misp.py
@@ -20,7 +20,7 @@
 values = {}
 
 
-def main(pythonify: bool = False):
+def main(return_format: str = "json", pythonify: bool = False):
     misp = PyMISP(misp_url, misp_key, misp_verifycert)
     # alerts = []
     base = utils.load_base()
@@ -32,7 +32,12 @@ def main(pythonify: bool = False):
         # result = misp.direct_call(relative_path, body)
         # if result["Attribute"]:
         #     alerts.append(result)
-    result = misp.search(controller="attributes", value=values, pythonify=pythonify)
+    result = misp.search(
+        controller="attributes",
+        value=values,
+        pythonify=pythonify,
+        return_format=return_format,
+    )
     if result:
         print(result)