Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PAPP-34531 MISP: Feature - Tags Allowance Added for Event Create and Update #12

Merged
merged 6 commits into from
Aug 19, 2024
Merged
Show file tree
Hide file tree
Changes from 4 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -156,6 +156,7 @@ PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
**source_emails** | optional | Source email addresses to be added as attributes | string | `email`
**dest_emails** | optional | Destination email addresses to be added as attributes | string | `email`
**urls** | optional | URLs to be added as attributes | string | `url`
**tags** | optional | Comma separated list of tags | string |
**json** | optional | JSON key value list of attributes | string |

#### Action Output
Expand All @@ -175,6 +176,7 @@ action_result.parameter.source_ips | string | `ip` | 122.122.122.122
action_result.parameter.threat_level_id | string | | undefined
action_result.parameter.to_ids | boolean | | True False
action_result.parameter.urls | string | `url` | https://test.com
action_result.parameter.tags | string | | test_1,test_2
action_result.data.\*.Org.id | string | | 1
action_result.data.\*.Org.local | boolean | | True False
action_result.data.\*.Org.name | string | | ORGNAME
Expand Down Expand Up @@ -236,6 +238,7 @@ PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
**source_emails** | optional | Source email addresses to be added as attributes | string | `email`
**dest_emails** | optional | Destination email addresses to be added as attributes | string | `email`
**urls** | optional | URLs to be added as attributes | string | `url`
**tags** | optional | Comma separated list of tags | string |
**json** | optional | JSON key value list of attributes | string |

#### Action Output
Expand All @@ -246,6 +249,7 @@ action_result.parameter.dest_emails | string | `email` | [email protected]
action_result.parameter.dest_ips | string | `ip` | 122.122.122.122
action_result.parameter.domains | string | `domain` | www.test.com
action_result.parameter.event_id | numeric | `misp event id` | 686
action_result.parameter.tags | string | | test_1,test2
action_result.parameter.json | string | | {"comment":["email_1,email11","email_2"], "soufds":"jflkl"}
action_result.parameter.source_emails | string | `email` | [email protected]
action_result.parameter.source_ips | string | `ip` | 122.122.122.122
Expand Down
28 changes: 26 additions & 2 deletions misp.json
Original file line number Diff line number Diff line change
Expand Up @@ -238,10 +238,15 @@
"order": 11,
"primary": true
},
"tags": {
"description": "Comma separated list of tags",
"data_type": "string",
"order": 12
},
"json": {
"description": "JSON key value list of attributes",
"data_type": "string",
"order": 12
"order": 13
}
},
"render": {
Expand Down Expand Up @@ -370,6 +375,13 @@
"https://test.com"
]
},
{
"data_path": "action_result.parameter.tags",
"data_type": "string",
"example_values": [
"test_1,test_2"
]
},
{
"data_path": "action_result.data.*.Org.id",
"data_type": "string",
Expand Down Expand Up @@ -750,10 +762,15 @@
"order": 7,
"primary": true
},
"tags": {
"description": "Comma separated list of tags",
"data_type": "string",
"order": 8
},
"json": {
"description": "JSON key value list of attributes",
"data_type": "string",
"order": 8
"order": 9
}
},
"render": {
Expand Down Expand Up @@ -811,6 +828,13 @@
686
]
},
{
"data_path": "action_result.parameter.tags",
"data_type": "string",
"example_values": [
"test_1,test2"
]
},
{
"data_path": "action_result.parameter.json",
"data_type": "string",
Expand Down
20 changes: 20 additions & 0 deletions misp_connector.py
Original file line number Diff line number Diff line change
Expand Up @@ -296,6 +296,16 @@ def _create_event(self, param):

action_result.set_summary({"message": "Event created with id: {0}".format(self._event.id)})

tags = param.get("tags", "")
tag_list = [tag.strip() for tag in tags.split(",")] if tags else []
if tag_list:
try:
for tag in tag_list:
self._misp.tag(self._event, tag)
except Exception as e:
error_message = self._get_error_message_from_exception(e)
return action_result.set_status(phantom.APP_ERROR, "Failed to add tags to MISP event:{0}".format(error_message))

addAttributes = param.get("add_attributes", True)
if addAttributes:
ret_val = self._perform_adds(param, action_result, add_data=True)
Expand Down Expand Up @@ -483,6 +493,16 @@ def _add_attributes(self, param):
for attribute in attributes:
action_result.add_data(attribute)

tags = param.get("tags", "")
tag_list = [tag.strip() for tag in tags.split(",")] if tags else []
if tag_list:
try:
for tag in tag_list:
self._misp.tag(self._event, tag)
except Exception as e:
error_message = self._get_error_message_from_exception(e)
return action_result.set_status(phantom.APP_ERROR, "Failed to add tags to MISP event:{0}".format(error_message))

if hasattr(self._event, "id"):
summary = {}
summary["message"] = "Attributes added to event: {0}".format(self._event.id)
Expand Down
2 changes: 2 additions & 0 deletions release_notes/unreleased.md
Original file line number Diff line number Diff line change
@@ -1 +1,3 @@
**Unreleased**

* Tags can now be added during an event create or update [PAPP-34531]