diff --git a/LICENSE b/LICENSE
index 6af04d8..a7dfdbd 100644
--- a/LICENSE
+++ b/LICENSE
@@ -186,7 +186,7 @@
same "printed page" as the copyright notice for easier
identification within third-party archives.
- Copyright (c) 2017-2022 Splunk Inc.
+ Copyright (c) 2017-2024 Splunk Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@@ -198,4 +198,4 @@
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
- limitations under the License.
\ No newline at end of file
+ limitations under the License.
diff --git a/NOTICE b/NOTICE
index 70532d8..8aa514d 100644
--- a/NOTICE
+++ b/NOTICE
@@ -1,5 +1,5 @@
Splunk SOAR MISP
-Copyright (c) 2017-2022 Splunk Inc.
+Copyright (c) 2017-2024 Splunk Inc.
Third-party Software Attributions:
diff --git a/README.md b/README.md
index 33788a4..cce4c92 100644
--- a/README.md
+++ b/README.md
@@ -2,16 +2,16 @@
# MISP
Publisher: Splunk
-Connector Version: 2\.2\.0
+Connector Version: 2.2.1
Product Vendor: MISP
Product Name: MISP
-Product Version Supported (regex): "\.\*"
-Minimum Product Version: 5\.2\.0
+Product Version Supported (regex): ".\*"
+Minimum Product Version: 5.2.0
Take action with Malware Information Sharing Platform
[comment]: # "File: README.md"
-[comment]: # "Copyright (c) 2017-2022 Splunk Inc."
+[comment]: # "Copyright (c) 2017-2024 Splunk Inc."
[comment]: # ""
[comment]: # "Licensed under the Apache License, Version 2.0 (the 'License');"
[comment]: # "you may not use this file except in compliance with the License."
@@ -110,9 +110,9 @@ The below configuration variables are required for this Connector to operate. T
VARIABLE | REQUIRED | TYPE | DESCRIPTION
-------- | -------- | ---- | -----------
-**base\_url** | required | string | MISP instance URL \(http\://misp\_instance\.company\.com/\)
-**verify\_server\_cert** | optional | boolean | Verify server certificate
-**api\_key** | required | password | API Key found under Event Actions\: Automation
+**base_url** | required | string | MISP instance URL (http://misp_instance.company.com/)
+**verify_server_cert** | optional | boolean | Verify server certificate
+**api_key** | required | password | API Key found under Event Actions: Automation
### Supported Actions
[test connectivity](#action-test-connectivity) - Validate the asset configuration for connectivity
@@ -139,83 +139,83 @@ Create a new event in MISP
Type: **generic**
Read only: **False**
-This action first creates an event, then adds attributes to that event\. Parameters urls, domains, source\_ips, dest\_ips, source\_emails, dest\_emails accept comma\-separated values\.
+This action first creates an event, then adds attributes to that event. Parameters urls, domains, source_ips, dest_ips, source_emails, dest_emails accept comma-separated values.
#### Action Parameters
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
--------- | -------- | ----------- | ---- | --------
**distribution** | required | Distribution level for sharing | string |
-**threat\_level\_id** | required | Threat level id | string |
+**threat_level_id** | required | Threat level id | string |
**analysis** | required | Current stage of analysis for event | string |
**info** | required | Information / Description for Event | string |
-**add\_attributes** | optional | Add attributes upon event creation | boolean |
-**to\_ids** | optional | Set 'to\_IDS' flag=True in MISP | boolean |
-**source\_ips** | optional | Source IPs to be added as attributes | string | `ip`
-**dest\_ips** | optional | Destination IPs to be added as attributes | string | `ip`
+**add_attributes** | optional | Add attributes upon event creation | boolean |
+**to_ids** | optional | Set 'to_IDS' flag=True in MISP | boolean |
+**source_ips** | optional | Source IPs to be added as attributes | string | `ip`
+**dest_ips** | optional | Destination IPs to be added as attributes | string | `ip`
**domains** | optional | Domains to be added as attributes | string | `domain`
-**source\_emails** | optional | Source email addresses to be added as attributes | string | `email`
-**dest\_emails** | optional | Destination email addresses to be added as attributes | string | `email`
+**source_emails** | optional | Source email addresses to be added as attributes | string | `email`
+**dest_emails** | optional | Destination email addresses to be added as attributes | string | `email`
**urls** | optional | URLs to be added as attributes | string | `url`
**json** | optional | JSON key value list of attributes | string |
#### Action Output
-DATA PATH | TYPE | CONTAINS
---------- | ---- | --------
-action\_result\.status | string |
-action\_result\.parameter\.add\_attributes | boolean |
-action\_result\.parameter\.analysis | string |
-action\_result\.parameter\.dest\_emails | string | `email`
-action\_result\.parameter\.dest\_ips | string | `ip`
-action\_result\.parameter\.distribution | string |
-action\_result\.parameter\.domains | string | `domain`
-action\_result\.parameter\.info | string |
-action\_result\.parameter\.json | string |
-action\_result\.parameter\.source\_emails | string | `email`
-action\_result\.parameter\.source\_ips | string | `ip`
-action\_result\.parameter\.threat\_level\_id | string |
-action\_result\.parameter\.to\_ids | boolean |
-action\_result\.parameter\.urls | string | `url`
-action\_result\.data\.\*\.Org\.id | string |
-action\_result\.data\.\*\.Org\.local | boolean |
-action\_result\.data\.\*\.Org\.name | string |
-action\_result\.data\.\*\.Org\.uuid | string |
-action\_result\.data\.\*\.Orgc\.id | string |
-action\_result\.data\.\*\.Orgc\.local | boolean |
-action\_result\.data\.\*\.Orgc\.name | string |
-action\_result\.data\.\*\.Orgc\.uuid | string |
-action\_result\.data\.\*\.analysis | string |
-action\_result\.data\.\*\.attribute\_count | string |
-action\_result\.data\.\*\.category | string |
-action\_result\.data\.\*\.comment | string |
-action\_result\.data\.\*\.date | string |
-action\_result\.data\.\*\.deleted | boolean |
-action\_result\.data\.\*\.disable\_correlation | boolean |
-action\_result\.data\.\*\.distribution | string |
-action\_result\.data\.\*\.event\_creator\_email | string |
-action\_result\.data\.\*\.event\_id | string | `misp event id`
-action\_result\.data\.\*\.extends\_uuid | string |
-action\_result\.data\.\*\.id | string |
-action\_result\.data\.\*\.info | string |
-action\_result\.data\.\*\.locked | boolean |
-action\_result\.data\.\*\.object\_id | string |
-action\_result\.data\.\*\.org\_id | string |
-action\_result\.data\.\*\.orgc\_id | string |
-action\_result\.data\.\*\.proposal\_email\_lock | boolean |
-action\_result\.data\.\*\.publish\_timestamp | numeric |
-action\_result\.data\.\*\.published | boolean |
-action\_result\.data\.\*\.sharing\_group\_id | string |
-action\_result\.data\.\*\.threat\_level\_id | string |
-action\_result\.data\.\*\.timestamp | string |
-action\_result\.data\.\*\.to\_ids | boolean |
-action\_result\.data\.\*\.type | string |
-action\_result\.data\.\*\.uuid | string |
-action\_result\.data\.\*\.value | string | `url` `domain` `ip` `email` `hash` `md5` `sha256` `md1`
-action\_result\.data\.0\.id | string | `misp event id`
-action\_result\.summary\.errors | string |
-action\_result\.summary\.message | string |
-action\_result\.message | string |
-summary\.total\_objects | numeric |
-summary\.total\_objects\_successful | numeric |
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.status | string | | success failed
+action_result.parameter.add_attributes | boolean | | True False
+action_result.parameter.analysis | string | | Initial
+action_result.parameter.dest_emails | string | `email` | test@test.com
+action_result.parameter.dest_ips | string | `ip` | 122.122.122.122
+action_result.parameter.distribution | string | | This Community Only
+action_result.parameter.domains | string | `domain` | www.test.com
+action_result.parameter.info | string | | Event Info Goes Here
+action_result.parameter.json | string | | {"ip-src|port":"1.1.1.1:888"}
+action_result.parameter.source_emails | string | `email` | test@test.com
+action_result.parameter.source_ips | string | `ip` | 122.122.122.122
+action_result.parameter.threat_level_id | string | | undefined
+action_result.parameter.to_ids | boolean | | True False
+action_result.parameter.urls | string | `url` | https://test.com
+action_result.data.\*.Org.id | string | | 1
+action_result.data.\*.Org.local | boolean | | True False
+action_result.data.\*.Org.name | string | | ORGNAME
+action_result.data.\*.Org.uuid | string | | 2af87aa3-a713-4ca5-83f7-03ae949c8459
+action_result.data.\*.Orgc.id | string | | 1
+action_result.data.\*.Orgc.local | boolean | | True False
+action_result.data.\*.Orgc.name | string | | ORGNAME
+action_result.data.\*.Orgc.uuid | string | | 2af87aa3-a713-4ca5-83f7-03ae949c8459
+action_result.data.\*.analysis | string | | 0
+action_result.data.\*.attribute_count | string | |
+action_result.data.\*.category | string | | Network activity
+action_result.data.\*.comment | string | |
+action_result.data.\*.date | string | | 2021-06-09
+action_result.data.\*.deleted | boolean | | True False
+action_result.data.\*.disable_correlation | boolean | | True False
+action_result.data.\*.distribution | string | |
+action_result.data.\*.event_creator_email | string | | test@test.com
+action_result.data.\*.event_id | string | `misp event id` | 2052
+action_result.data.\*.extends_uuid | string | |
+action_result.data.\*.id | string | |
+action_result.data.\*.info | string | |
+action_result.data.\*.locked | boolean | | True False
+action_result.data.\*.object_id | string | | 0
+action_result.data.\*.org_id | string | | 1
+action_result.data.\*.orgc_id | string | | 1
+action_result.data.\*.proposal_email_lock | boolean | | True False
+action_result.data.\*.publish_timestamp | numeric | | 0
+action_result.data.\*.published | boolean | | True False
+action_result.data.\*.sharing_group_id | string | | 0
+action_result.data.\*.threat_level_id | string | |
+action_result.data.\*.timestamp | string | | 1623206691
+action_result.data.\*.to_ids | boolean | | True False
+action_result.data.\*.type | string | | url
+action_result.data.\*.uuid | string | | 82c82204-4ebd-42cb-a913-4df726b5d7fe
+action_result.data.\*.value | string | `url` `domain` `ip` `email` `hash` `md5` `sha256` `md1` | 8.8.8.8
+action_result.data.0.id | string | `misp event id` |
+action_result.summary.errors | string | | 'test' is/are invalid attribute name/names in 'json' action parameter
+action_result.summary.message | string | | Event created with id: 2139
+action_result.message | string | | Message: Event created with id: 2139, Errors: 'test' is/are invalid attribute name/names in 'json' action parameter
+summary.total_objects | numeric | | 1
+summary.total_objects_successful | numeric | | 1
## action: 'update event'
Add attributes / IOCs to an event in MISP
@@ -223,54 +223,54 @@ Add attributes / IOCs to an event in MISP
Type: **generic**
Read only: **False**
-Parameters urls, domains, source\_ips, dest\_ips, source\_emails, dest\_emails accept comma\-separated values\.
+Parameters urls, domains, source_ips, dest_ips, source_emails, dest_emails accept comma-separated values.
#### Action Parameters
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
--------- | -------- | ----------- | ---- | --------
-**event\_id** | required | MISP event ID for adding attributes | numeric | `misp event id`
-**to\_ids** | optional | Set 'to\_IDS' flag=True in MISP | boolean |
-**source\_ips** | optional | Source IPs to be added as attributes | string | `ip`
-**dest\_ips** | optional | Destination IPs to be added as attributes | string | `ip`
+**event_id** | required | MISP event ID for adding attributes | numeric | `misp event id`
+**to_ids** | optional | Set 'to_IDS' flag=True in MISP | boolean |
+**source_ips** | optional | Source IPs to be added as attributes | string | `ip`
+**dest_ips** | optional | Destination IPs to be added as attributes | string | `ip`
**domains** | optional | Domains to be added as attributes | string | `domain`
-**source\_emails** | optional | Source email addresses to be added as attributes | string | `email`
-**dest\_emails** | optional | Destination email addresses to be added as attributes | string | `email`
+**source_emails** | optional | Source email addresses to be added as attributes | string | `email`
+**dest_emails** | optional | Destination email addresses to be added as attributes | string | `email`
**urls** | optional | URLs to be added as attributes | string | `url`
**json** | optional | JSON key value list of attributes | string |
#### Action Output
-DATA PATH | TYPE | CONTAINS
---------- | ---- | --------
-action\_result\.status | string |
-action\_result\.parameter\.dest\_emails | string | `email`
-action\_result\.parameter\.dest\_ips | string | `ip`
-action\_result\.parameter\.domains | string | `domain`
-action\_result\.parameter\.event\_id | numeric | `misp event id`
-action\_result\.parameter\.json | string |
-action\_result\.parameter\.source\_emails | string | `email`
-action\_result\.parameter\.source\_ips | string | `ip`
-action\_result\.parameter\.to\_ids | boolean |
-action\_result\.parameter\.urls | string | `url`
-action\_result\.data\.\*\.category | string |
-action\_result\.data\.\*\.comment | string |
-action\_result\.data\.\*\.deleted | boolean |
-action\_result\.data\.\*\.disable\_correlation | boolean |
-action\_result\.data\.\*\.distribution | string |
-action\_result\.data\.\*\.event\_id | string | `misp event id`
-action\_result\.data\.\*\.id | string | `misp attribute id`
-action\_result\.data\.\*\.object\_id | string |
-action\_result\.data\.\*\.sharing\_group\_id | string |
-action\_result\.data\.\*\.timestamp | string |
-action\_result\.data\.\*\.to\_ids | boolean |
-action\_result\.data\.\*\.type | string |
-action\_result\.data\.\*\.uuid | string |
-action\_result\.data\.\*\.value | string | `url` `domain` `ip` `email` `hash` `md5` `sha256` `md1`
-action\_result\.summary | string |
-action\_result\.summary\.errors | string |
-action\_result\.summary\.message | string |
-action\_result\.message | string |
-summary\.total\_objects | numeric |
-summary\.total\_objects\_successful | numeric |
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.status | string | | success failed
+action_result.parameter.dest_emails | string | `email` | test@test.com
+action_result.parameter.dest_ips | string | `ip` | 122.122.122.122
+action_result.parameter.domains | string | `domain` | www.test.com
+action_result.parameter.event_id | numeric | `misp event id` | 686
+action_result.parameter.json | string | | {"comment":["email_1,email11","email_2"], "soufds":"jflkl"}
+action_result.parameter.source_emails | string | `email` | test@test.com
+action_result.parameter.source_ips | string | `ip` | 122.122.122.122
+action_result.parameter.to_ids | boolean | | True False
+action_result.parameter.urls | string | `url` | http://test.com
+action_result.data.\*.category | string | | Other
+action_result.data.\*.comment | string | |
+action_result.data.\*.deleted | boolean | | True False
+action_result.data.\*.disable_correlation | boolean | | True False
+action_result.data.\*.distribution | string | | 5
+action_result.data.\*.event_id | string | `misp event id` | 2121
+action_result.data.\*.id | string | `misp attribute id` | 5360
+action_result.data.\*.object_id | string | | 0
+action_result.data.\*.sharing_group_id | string | | 0
+action_result.data.\*.timestamp | string | | 1623038555
+action_result.data.\*.to_ids | boolean | | True False
+action_result.data.\*.type | string | | port
+action_result.data.\*.uuid | string | | 68e219ee-5727-4cb2-a32f-8dc27aa4231f
+action_result.data.\*.value | string | `url` `domain` `ip` `email` `hash` `md5` `sha256` `md1` | email1@email.com
+action_result.summary | string | |
+action_result.summary.errors | string | | 'soufds' is/are invalid attribute name/names in 'json' action parameter
+action_result.summary.message | string | | Attributes added to event: 2121
+action_result.message | string | | Message: Attributes added to event: 2121, Errors: 'soufds' is/are invalid attribute name/names in 'json' action parameter
+summary.total_objects | numeric | | 1
+summary.total_objects_successful | numeric | | 1
## action: 'run query'
Run a query to find events or attributes
@@ -278,160 +278,160 @@ Run a query to find events or attributes
Type: **investigate**
Read only: **True**
-By setting max\_results to 0, you can get every result\. It is recommended you do not do this, as MISP can return a lot of data\. The default is 10, and this will be the oldest 10 results\.
The other field expects a json string, which can have the key value pairs of any field which the search API supports\.
By giving max results as a negative number, n, it will take the last n results from the query\. From there, you can take the timestamp from the first object in the resulting list, then pass it in the other field like so\: \{"timestamp"\: <timestamp \+ 1>\}\. All the results will now be after that specified timestamp\.
Also note that when searching for events, events with no attributes will not be returned\.
+By setting max_results to 0, you can get every result. It is recommended you do not do this, as MISP can return a lot of data. The default is 10, and this will be the oldest 10 results.
The other field expects a json string, which can have the key value pairs of any field which the search API supports.
By giving max results as a negative number, n, it will take the last n results from the query. From there, you can take the timestamp from the first object in the resulting list, then pass it in the other field like so: {"timestamp": <timestamp + 1>}. All the results will now be after that specified timestamp.
Also note that when searching for events, events with no attributes will not be returned.
#### Action Parameters
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
--------- | -------- | ----------- | ---- | --------
**controller** | required | Search for events or attributes | string |
-**max\_results** | optional | Max results to return | numeric |
-**event\_id** | optional | Comma seperated list of Event IDs | string | `misp event id`
+**max_results** | optional | Max results to return | numeric |
+**event_id** | optional | Comma seperated list of Event IDs | string | `misp event id`
**tags** | optional | Comma seperated list of tags | string |
**other** | optional | Other search parameters, as a JSON object | string |
#### Action Output
-DATA PATH | TYPE | CONTAINS
---------- | ---- | --------
-action\_result\.status | string |
-action\_result\.parameter\.controller | string |
-action\_result\.parameter\.event\_id | string | `misp event id`
-action\_result\.parameter\.max\_results | numeric |
-action\_result\.parameter\.other | string |
-action\_result\.parameter\.tags | string |
-action\_result\.data\.\*\.\*\.Event\.Attribute\.\*\.category | string |
-action\_result\.data\.\*\.\*\.Event\.Attribute\.\*\.comment | string |
-action\_result\.data\.\*\.\*\.Event\.Attribute\.\*\.deleted | numeric |
-action\_result\.data\.\*\.\*\.Event\.Attribute\.\*\.disable\_correlation | numeric |
-action\_result\.data\.\*\.\*\.Event\.Attribute\.\*\.distribution | string |
-action\_result\.data\.\*\.\*\.Event\.Attribute\.\*\.event\_id | string |
-action\_result\.data\.\*\.\*\.Event\.Attribute\.\*\.first\_seen | string |
-action\_result\.data\.\*\.\*\.Event\.Attribute\.\*\.id | string |
-action\_result\.data\.\*\.\*\.Event\.Attribute\.\*\.last\_seen | string |
-action\_result\.data\.\*\.\*\.Event\.Attribute\.\*\.object\_id | string |
-action\_result\.data\.\*\.\*\.Event\.Attribute\.\*\.object\_relation | string |
-action\_result\.data\.\*\.\*\.Event\.Attribute\.\*\.sharing\_group\_id | string |
-action\_result\.data\.\*\.\*\.Event\.Attribute\.\*\.timestamp | string |
-action\_result\.data\.\*\.\*\.Event\.Attribute\.\*\.to\_ids | numeric |
-action\_result\.data\.\*\.\*\.Event\.Attribute\.\*\.type | string | `url`
-action\_result\.data\.\*\.\*\.Event\.Attribute\.\*\.uuid | string |
-action\_result\.data\.\*\.\*\.Event\.Attribute\.\*\.value | string | `url` `domain` `ip` `email` `hash` `md5` `sha256` `md1`
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.Attribute\.\*\.category | string |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.Attribute\.\*\.comment | string |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.Attribute\.\*\.deleted | numeric |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.Attribute\.\*\.disable\_correlation | numeric |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.Attribute\.\*\.distribution | string |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.Attribute\.\*\.event\_id | string |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.Attribute\.\*\.first\_seen | string |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.Attribute\.\*\.id | string |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.Attribute\.\*\.last\_seen | string |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.Attribute\.\*\.object\_id | string |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.Attribute\.\*\.object\_relation | string |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.Attribute\.\*\.sharing\_group\_id | string |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.Attribute\.\*\.timestamp | string |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.Attribute\.\*\.to\_ids | numeric |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.Attribute\.\*\.type | string |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.Attribute\.\*\.uuid | string |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.Attribute\.\*\.value | string | `url` `domain` `ip` `email` `hash` `md5` `sha256` `md1`
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.comment | string |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.deleted | numeric |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.description | string |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.distribution | string |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.event\_id | string |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.first\_seen | string |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.id | string |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.last\_seen | string |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.meta\-category | string |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.name | string |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.sharing\_group\_id | string |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.template\_uuid | string |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.template\_version | string |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.timestamp | string |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.uuid | string |
-action\_result\.data\.\*\.\*\.Event\.Org\.id | string |
-action\_result\.data\.\*\.\*\.Event\.Org\.local | numeric |
-action\_result\.data\.\*\.\*\.Event\.Org\.name | string |
-action\_result\.data\.\*\.\*\.Event\.Org\.uuid | string |
-action\_result\.data\.\*\.\*\.Event\.Orgc\.id | string |
-action\_result\.data\.\*\.\*\.Event\.Orgc\.local | numeric |
-action\_result\.data\.\*\.\*\.Event\.Orgc\.name | string |
-action\_result\.data\.\*\.\*\.Event\.Orgc\.uuid | string |
-action\_result\.data\.\*\.\*\.Event\.RelatedEvent\.\*\.Event\.Org\.id | string |
-action\_result\.data\.\*\.\*\.Event\.RelatedEvent\.\*\.Event\.Org\.name | string |
-action\_result\.data\.\*\.\*\.Event\.RelatedEvent\.\*\.Event\.Org\.uuid | string |
-action\_result\.data\.\*\.\*\.Event\.RelatedEvent\.\*\.Event\.Orgc\.id | string |
-action\_result\.data\.\*\.\*\.Event\.RelatedEvent\.\*\.Event\.Orgc\.name | string |
-action\_result\.data\.\*\.\*\.Event\.RelatedEvent\.\*\.Event\.Orgc\.uuid | string |
-action\_result\.data\.\*\.\*\.Event\.RelatedEvent\.\*\.Event\.analysis | string |
-action\_result\.data\.\*\.\*\.Event\.RelatedEvent\.\*\.Event\.date | string |
-action\_result\.data\.\*\.\*\.Event\.RelatedEvent\.\*\.Event\.distribution | string |
-action\_result\.data\.\*\.\*\.Event\.RelatedEvent\.\*\.Event\.id | string |
-action\_result\.data\.\*\.\*\.Event\.RelatedEvent\.\*\.Event\.info | string |
-action\_result\.data\.\*\.\*\.Event\.RelatedEvent\.\*\.Event\.org\_id | string |
-action\_result\.data\.\*\.\*\.Event\.RelatedEvent\.\*\.Event\.orgc\_id | string |
-action\_result\.data\.\*\.\*\.Event\.RelatedEvent\.\*\.Event\.published | numeric |
-action\_result\.data\.\*\.\*\.Event\.RelatedEvent\.\*\.Event\.threat\_level\_id | string |
-action\_result\.data\.\*\.\*\.Event\.RelatedEvent\.\*\.Event\.timestamp | string |
-action\_result\.data\.\*\.\*\.Event\.RelatedEvent\.\*\.Event\.uuid | string |
-action\_result\.data\.\*\.\*\.Event\.Tag\.\*\.colour | string |
-action\_result\.data\.\*\.\*\.Event\.Tag\.\*\.exportable | numeric |
-action\_result\.data\.\*\.\*\.Event\.Tag\.\*\.hide\_tag | numeric |
-action\_result\.data\.\*\.\*\.Event\.Tag\.\*\.id | string |
-action\_result\.data\.\*\.\*\.Event\.Tag\.\*\.is\_custom\_galaxy | numeric |
-action\_result\.data\.\*\.\*\.Event\.Tag\.\*\.is\_galaxy | numeric |
-action\_result\.data\.\*\.\*\.Event\.Tag\.\*\.local | numeric |
-action\_result\.data\.\*\.\*\.Event\.Tag\.\*\.name | string |
-action\_result\.data\.\*\.\*\.Event\.Tag\.\*\.numerical\_value | string |
-action\_result\.data\.\*\.\*\.Event\.Tag\.\*\.user\_id | string |
-action\_result\.data\.\*\.\*\.Event\.analysis | string |
-action\_result\.data\.\*\.\*\.Event\.attribute\_count | string |
-action\_result\.data\.\*\.\*\.Event\.date | string |
-action\_result\.data\.\*\.\*\.Event\.disable\_correlation | numeric |
-action\_result\.data\.\*\.\*\.Event\.distribution | string |
-action\_result\.data\.\*\.\*\.Event\.event\_creator\_email | string | `email`
-action\_result\.data\.\*\.\*\.Event\.extends\_uuid | string |
-action\_result\.data\.\*\.\*\.Event\.id | string |
-action\_result\.data\.\*\.\*\.Event\.info | string |
-action\_result\.data\.\*\.\*\.Event\.locked | numeric |
-action\_result\.data\.\*\.\*\.Event\.org\_id | string |
-action\_result\.data\.\*\.\*\.Event\.orgc\_id | string |
-action\_result\.data\.\*\.\*\.Event\.proposal\_email\_lock | numeric |
-action\_result\.data\.\*\.\*\.Event\.publish\_timestamp | string |
-action\_result\.data\.\*\.\*\.Event\.published | numeric |
-action\_result\.data\.\*\.\*\.Event\.sharing\_group\_id | string |
-action\_result\.data\.\*\.\*\.Event\.threat\_level\_id | string |
-action\_result\.data\.\*\.\*\.Event\.timestamp | string |
-action\_result\.data\.\*\.\*\.Event\.uuid | string |
-action\_result\.data\.\*\.Attribute\.\*\.Event\.distribution | string |
-action\_result\.data\.\*\.Attribute\.\*\.Event\.id | string |
-action\_result\.data\.\*\.Attribute\.\*\.Event\.info | string |
-action\_result\.data\.\*\.Attribute\.\*\.Event\.org\_id | string |
-action\_result\.data\.\*\.Attribute\.\*\.Event\.orgc\_id | string |
-action\_result\.data\.\*\.Attribute\.\*\.Event\.uuid | string |
-action\_result\.data\.\*\.Attribute\.\*\.Object\.distribution | string |
-action\_result\.data\.\*\.Attribute\.\*\.Object\.id | string |
-action\_result\.data\.\*\.Attribute\.\*\.Object\.sharing\_group\_id | string |
-action\_result\.data\.\*\.Attribute\.\*\.category | string |
-action\_result\.data\.\*\.Attribute\.\*\.comment | string |
-action\_result\.data\.\*\.Attribute\.\*\.deleted | numeric |
-action\_result\.data\.\*\.Attribute\.\*\.disable\_correlation | numeric |
-action\_result\.data\.\*\.Attribute\.\*\.distribution | string |
-action\_result\.data\.\*\.Attribute\.\*\.event\_id | string | `misp event id`
-action\_result\.data\.\*\.Attribute\.\*\.first\_seen | string |
-action\_result\.data\.\*\.Attribute\.\*\.id | string | `misp attribute id`
-action\_result\.data\.\*\.Attribute\.\*\.last\_seen | string |
-action\_result\.data\.\*\.Attribute\.\*\.object\_id | string |
-action\_result\.data\.\*\.Attribute\.\*\.object\_relation | string |
-action\_result\.data\.\*\.Attribute\.\*\.sharing\_group\_id | string |
-action\_result\.data\.\*\.Attribute\.\*\.timestamp | string |
-action\_result\.data\.\*\.Attribute\.\*\.to\_ids | boolean |
-action\_result\.data\.\*\.Attribute\.\*\.type | string |
-action\_result\.data\.\*\.Attribute\.\*\.uuid | string |
-action\_result\.data\.\*\.Attribute\.\*\.value | string | `url` `domain` `ip` `email` `hash` `md5` `sha256` `md1`
-action\_result\.data\.\*\.attribute\_count | string |
-action\_result\.summary | string |
-action\_result\.message | string |
-summary\.total\_objects | numeric |
-summary\.total\_objects\_successful | numeric |
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.status | string | | success failed
+action_result.parameter.controller | string | | events attributes
+action_result.parameter.event_id | string | `misp event id` | 1
+action_result.parameter.max_results | numeric | | 1000
+action_result.parameter.other | string | |
+action_result.parameter.tags | string | | test_1
+action_result.data.\*.\*.Event.Attribute.\*.category | string | | Network activity
+action_result.data.\*.\*.Event.Attribute.\*.comment | string | |
+action_result.data.\*.\*.Event.Attribute.\*.deleted | numeric | | True False
+action_result.data.\*.\*.Event.Attribute.\*.disable_correlation | numeric | | True False
+action_result.data.\*.\*.Event.Attribute.\*.distribution | string | | 5
+action_result.data.\*.\*.Event.Attribute.\*.event_id | string | | 1
+action_result.data.\*.\*.Event.Attribute.\*.first_seen | string | |
+action_result.data.\*.\*.Event.Attribute.\*.id | string | | 4265
+action_result.data.\*.\*.Event.Attribute.\*.last_seen | string | |
+action_result.data.\*.\*.Event.Attribute.\*.object_id | string | | 0
+action_result.data.\*.\*.Event.Attribute.\*.object_relation | string | |
+action_result.data.\*.\*.Event.Attribute.\*.sharing_group_id | string | | 0
+action_result.data.\*.\*.Event.Attribute.\*.timestamp | string | | 1622191169
+action_result.data.\*.\*.Event.Attribute.\*.to_ids | numeric | | True False
+action_result.data.\*.\*.Event.Attribute.\*.type | string | `url` | email-dst
+action_result.data.\*.\*.Event.Attribute.\*.uuid | string | | 03fa856e-b6f9-4e34-82ac-1e50dd058f37
+action_result.data.\*.\*.Event.Attribute.\*.value | string | `url` `domain` `ip` `email` `hash` `md5` `sha256` `md1` | abc@abc.com
+action_result.data.\*.\*.Event.Object.\*.Attribute.\*.category | string | | Payload delivery
+action_result.data.\*.\*.Event.Object.\*.Attribute.\*.comment | string | |
+action_result.data.\*.\*.Event.Object.\*.Attribute.\*.deleted | numeric | | True False
+action_result.data.\*.\*.Event.Object.\*.Attribute.\*.disable_correlation | numeric | | True False
+action_result.data.\*.\*.Event.Object.\*.Attribute.\*.distribution | string | | 5
+action_result.data.\*.\*.Event.Object.\*.Attribute.\*.event_id | string | | 2020
+action_result.data.\*.\*.Event.Object.\*.Attribute.\*.first_seen | string | |
+action_result.data.\*.\*.Event.Object.\*.Attribute.\*.id | string | | 4953
+action_result.data.\*.\*.Event.Object.\*.Attribute.\*.last_seen | string | |
+action_result.data.\*.\*.Event.Object.\*.Attribute.\*.object_id | string | | 10
+action_result.data.\*.\*.Event.Object.\*.Attribute.\*.object_relation | string | | filename
+action_result.data.\*.\*.Event.Object.\*.Attribute.\*.sharing_group_id | string | | 0
+action_result.data.\*.\*.Event.Object.\*.Attribute.\*.timestamp | string | | 1623078296
+action_result.data.\*.\*.Event.Object.\*.Attribute.\*.to_ids | numeric | | True False
+action_result.data.\*.\*.Event.Object.\*.Attribute.\*.type | string | | filename
+action_result.data.\*.\*.Event.Object.\*.Attribute.\*.uuid | string | | 2fd53a9b-44fd-4ebc-af93-0e1605cf3b64
+action_result.data.\*.\*.Event.Object.\*.Attribute.\*.value | string | `url` `domain` `ip` `email` `hash` `md5` `sha256` `md1` | 6.43.3.2
+action_result.data.\*.\*.Event.Object.\*.comment | string | |
+action_result.data.\*.\*.Event.Object.\*.deleted | numeric | | True False
+action_result.data.\*.\*.Event.Object.\*.description | string | | File object describing a file with meta-information
+action_result.data.\*.\*.Event.Object.\*.distribution | string | | 5
+action_result.data.\*.\*.Event.Object.\*.event_id | string | | 2020
+action_result.data.\*.\*.Event.Object.\*.first_seen | string | |
+action_result.data.\*.\*.Event.Object.\*.id | string | | 10
+action_result.data.\*.\*.Event.Object.\*.last_seen | string | |
+action_result.data.\*.\*.Event.Object.\*.meta-category | string | | file
+action_result.data.\*.\*.Event.Object.\*.name | string | | file
+action_result.data.\*.\*.Event.Object.\*.sharing_group_id | string | | 0
+action_result.data.\*.\*.Event.Object.\*.template_uuid | string | | 688c46fb-5edb-40a3-8273-1af7923e2215
+action_result.data.\*.\*.Event.Object.\*.template_version | string | | 24
+action_result.data.\*.\*.Event.Object.\*.timestamp | string | | 1623078296
+action_result.data.\*.\*.Event.Object.\*.uuid | string | | 4b5cb238-9e55-40eb-b60e-b30f71cab6f6
+action_result.data.\*.\*.Event.Org.id | string | | 1
+action_result.data.\*.\*.Event.Org.local | numeric | | True False
+action_result.data.\*.\*.Event.Org.name | string | | ORGNAME
+action_result.data.\*.\*.Event.Org.uuid | string | | 2af87aa3-a713-4ca5-83f7-03ae949c8459
+action_result.data.\*.\*.Event.Orgc.id | string | | 1
+action_result.data.\*.\*.Event.Orgc.local | numeric | | True False
+action_result.data.\*.\*.Event.Orgc.name | string | | ORGNAME
+action_result.data.\*.\*.Event.Orgc.uuid | string | | 2af87aa3-a713-4ca5-83f7-03ae949c8459
+action_result.data.\*.\*.Event.RelatedEvent.\*.Event.Org.id | string | | 1
+action_result.data.\*.\*.Event.RelatedEvent.\*.Event.Org.name | string | | ORGNAME
+action_result.data.\*.\*.Event.RelatedEvent.\*.Event.Org.uuid | string | | 2af87aa3-a713-4ca5-83f7-03ae949c8459
+action_result.data.\*.\*.Event.RelatedEvent.\*.Event.Orgc.id | string | | 1
+action_result.data.\*.\*.Event.RelatedEvent.\*.Event.Orgc.name | string | | ORGNAME
+action_result.data.\*.\*.Event.RelatedEvent.\*.Event.Orgc.uuid | string | | 2af87aa3-a713-4ca5-83f7-03ae949c8459
+action_result.data.\*.\*.Event.RelatedEvent.\*.Event.analysis | string | | 0
+action_result.data.\*.\*.Event.RelatedEvent.\*.Event.date | string | | 2021-06-14
+action_result.data.\*.\*.Event.RelatedEvent.\*.Event.distribution | string | | 1
+action_result.data.\*.\*.Event.RelatedEvent.\*.Event.id | string | | 2161
+action_result.data.\*.\*.Event.RelatedEvent.\*.Event.info | string | | Event created by test
+action_result.data.\*.\*.Event.RelatedEvent.\*.Event.org_id | string | | 1
+action_result.data.\*.\*.Event.RelatedEvent.\*.Event.orgc_id | string | | 1
+action_result.data.\*.\*.Event.RelatedEvent.\*.Event.published | numeric | | True False
+action_result.data.\*.\*.Event.RelatedEvent.\*.Event.threat_level_id | string | | 4
+action_result.data.\*.\*.Event.RelatedEvent.\*.Event.timestamp | string | | 1623645286
+action_result.data.\*.\*.Event.RelatedEvent.\*.Event.uuid | string | | f346cd43-ef47-4401-b725-a5f4f45a4ed3
+action_result.data.\*.\*.Event.Tag.\*.colour | string | | #7ab870
+action_result.data.\*.\*.Event.Tag.\*.exportable | numeric | | True False
+action_result.data.\*.\*.Event.Tag.\*.hide_tag | numeric | | True False
+action_result.data.\*.\*.Event.Tag.\*.id | string | | 8
+action_result.data.\*.\*.Event.Tag.\*.is_custom_galaxy | numeric | | True False
+action_result.data.\*.\*.Event.Tag.\*.is_galaxy | numeric | | True False
+action_result.data.\*.\*.Event.Tag.\*.local | numeric | | 1
+action_result.data.\*.\*.Event.Tag.\*.name | string | | test_1
+action_result.data.\*.\*.Event.Tag.\*.numerical_value | string | |
+action_result.data.\*.\*.Event.Tag.\*.user_id | string | | 1
+action_result.data.\*.\*.Event.analysis | string | | 0
+action_result.data.\*.\*.Event.attribute_count | string | | 7
+action_result.data.\*.\*.Event.date | string | | 2021-03-17
+action_result.data.\*.\*.Event.disable_correlation | numeric | | True False
+action_result.data.\*.\*.Event.distribution | string | | 1
+action_result.data.\*.\*.Event.event_creator_email | string | `email` | test@test.com
+action_result.data.\*.\*.Event.extends_uuid | string | |
+action_result.data.\*.\*.Event.id | string | | 1
+action_result.data.\*.\*.Event.info | string | | Event created by test
+action_result.data.\*.\*.Event.locked | numeric | | True False
+action_result.data.\*.\*.Event.org_id | string | | 1
+action_result.data.\*.\*.Event.orgc_id | string | | 1
+action_result.data.\*.\*.Event.proposal_email_lock | numeric | | True False
+action_result.data.\*.\*.Event.publish_timestamp | string | | 0
+action_result.data.\*.\*.Event.published | numeric | | True False
+action_result.data.\*.\*.Event.sharing_group_id | string | | 0
+action_result.data.\*.\*.Event.threat_level_id | string | | 4
+action_result.data.\*.\*.Event.timestamp | string | | 1623657727
+action_result.data.\*.\*.Event.uuid | string | | 15483d56-fc32-4e54-a8b4-e9f56e7818bd
+action_result.data.\*.Attribute.\*.Event.distribution | string | | 1
+action_result.data.\*.Attribute.\*.Event.id | string | | 2020
+action_result.data.\*.Attribute.\*.Event.info | string | | Event created by test
+action_result.data.\*.Attribute.\*.Event.org_id | string | | 1
+action_result.data.\*.Attribute.\*.Event.orgc_id | string | | 1
+action_result.data.\*.Attribute.\*.Event.uuid | string | | 342c12ab-32ad-41d0-aea2-1c3dccc6ce09
+action_result.data.\*.Attribute.\*.Object.distribution | string | | 5
+action_result.data.\*.Attribute.\*.Object.id | string | | 10
+action_result.data.\*.Attribute.\*.Object.sharing_group_id | string | | 0
+action_result.data.\*.Attribute.\*.category | string | | Other Payload delivery
+action_result.data.\*.Attribute.\*.comment | string | |
+action_result.data.\*.Attribute.\*.deleted | numeric | | True False
+action_result.data.\*.Attribute.\*.disable_correlation | numeric | | False True
+action_result.data.\*.Attribute.\*.distribution | string | | 5
+action_result.data.\*.Attribute.\*.event_id | string | `misp event id` | 1
+action_result.data.\*.Attribute.\*.first_seen | string | |
+action_result.data.\*.Attribute.\*.id | string | `misp attribute id` | 164201
+action_result.data.\*.Attribute.\*.last_seen | string | |
+action_result.data.\*.Attribute.\*.object_id | string | | 0 10
+action_result.data.\*.Attribute.\*.object_relation | string | | filename
+action_result.data.\*.Attribute.\*.sharing_group_id | string | | 0
+action_result.data.\*.Attribute.\*.timestamp | string | | 1498505296
+action_result.data.\*.Attribute.\*.to_ids | boolean | | True False
+action_result.data.\*.Attribute.\*.type | string | | comment filename
+action_result.data.\*.Attribute.\*.uuid | string | | 56e96919-ad18-4f68-8aa1-539002de0b81
+action_result.data.\*.Attribute.\*.value | string | `url` `domain` `ip` `email` `hash` `md5` `sha256` `md1` | email1@gmail.com
+action_result.data.\*.attribute_count | string | | 103
+action_result.summary | string | |
+action_result.message | string | | Successfully ran query
+summary.total_objects | numeric | | 1
+summary.total_objects_successful | numeric | | 1
## action: 'get attributes'
Get attributes for a specific event
@@ -439,47 +439,47 @@ Get attributes for a specific event
Type: **investigate**
Read only: **True**
-download\_samples will only download files which are marked as a 'malware\-sample'\.
+download_samples will only download files which are marked as a 'malware-sample'.
#### Action Parameters
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
--------- | -------- | ----------- | ---- | --------
-**event\_id** | required | An Event ID | numeric | `misp event id`
-**download\_samples** | optional | Download malware samples to vault | boolean |
+**event_id** | required | An Event ID | numeric | `misp event id`
+**download_samples** | optional | Download malware samples to vault | boolean |
#### Action Output
-DATA PATH | TYPE | CONTAINS
---------- | ---- | --------
-action\_result\.status | string |
-action\_result\.parameter\.download\_samples | boolean |
-action\_result\.parameter\.event\_id | numeric | `misp event id`
-action\_result\.data\.\*\.Attribute\.\*\.Event\.distribution | string |
-action\_result\.data\.\*\.Attribute\.\*\.Event\.id | string | `misp event id`
-action\_result\.data\.\*\.Attribute\.\*\.Event\.info | string |
-action\_result\.data\.\*\.Attribute\.\*\.Event\.org\_id | string |
-action\_result\.data\.\*\.Attribute\.\*\.Event\.orgc\_id | string |
-action\_result\.data\.\*\.Attribute\.\*\.Event\.uuid | string |
-action\_result\.data\.\*\.Attribute\.\*\.Object\.distribution | string |
-action\_result\.data\.\*\.Attribute\.\*\.Object\.id | string |
-action\_result\.data\.\*\.Attribute\.\*\.Object\.sharing\_group\_id | string |
-action\_result\.data\.\*\.Attribute\.\*\.category | string |
-action\_result\.data\.\*\.Attribute\.\*\.comment | string |
-action\_result\.data\.\*\.Attribute\.\*\.deleted | boolean |
-action\_result\.data\.\*\.Attribute\.\*\.disable\_correlation | boolean |
-action\_result\.data\.\*\.Attribute\.\*\.distribution | string |
-action\_result\.data\.\*\.Attribute\.\*\.event\_id | string | `misp event id`
-action\_result\.data\.\*\.Attribute\.\*\.first\_seen | string |
-action\_result\.data\.\*\.Attribute\.\*\.id | string | `misp attribute id`
-action\_result\.data\.\*\.Attribute\.\*\.last\_seen | string |
-action\_result\.data\.\*\.Attribute\.\*\.object\_id | string |
-action\_result\.data\.\*\.Attribute\.\*\.object\_relation | string |
-action\_result\.data\.\*\.Attribute\.\*\.sharing\_group\_id | string |
-action\_result\.data\.\*\.Attribute\.\*\.timestamp | string |
-action\_result\.data\.\*\.Attribute\.\*\.to\_ids | boolean |
-action\_result\.data\.\*\.Attribute\.\*\.type | string |
-action\_result\.data\.\*\.Attribute\.\*\.uuid | string |
-action\_result\.data\.\*\.Attribute\.\*\.value | string | `url` `domain` `ip` `email` `hash` `md5` `sha256` `md1`
-action\_result\.summary | string |
-action\_result\.message | string |
-summary\.total\_objects | numeric |
-summary\.total\_objects\_successful | numeric |
\ No newline at end of file
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.status | string | | success failed
+action_result.parameter.download_samples | boolean | | True False
+action_result.parameter.event_id | numeric | `misp event id` | 686
+action_result.data.\*.Attribute.\*.Event.distribution | string | | 1
+action_result.data.\*.Attribute.\*.Event.id | string | `misp event id` | 2028
+action_result.data.\*.Attribute.\*.Event.info | string | | Event created by test
+action_result.data.\*.Attribute.\*.Event.org_id | string | | 1
+action_result.data.\*.Attribute.\*.Event.orgc_id | string | | 1
+action_result.data.\*.Attribute.\*.Event.uuid | string | | 552d93e4-fa0d-48cb-810e-a5f56c0af5ea 342c12ab-32ad-41d0-aea2-1c3dccc6ce09
+action_result.data.\*.Attribute.\*.Object.distribution | string | | 5
+action_result.data.\*.Attribute.\*.Object.id | string | | 10
+action_result.data.\*.Attribute.\*.Object.sharing_group_id | string | | 0
+action_result.data.\*.Attribute.\*.category | string | | Network activity
+action_result.data.\*.Attribute.\*.comment | string | |
+action_result.data.\*.Attribute.\*.deleted | boolean | | False True
+action_result.data.\*.Attribute.\*.disable_correlation | boolean | | False True
+action_result.data.\*.Attribute.\*.distribution | string | | 5
+action_result.data.\*.Attribute.\*.event_id | string | `misp event id` | 686
+action_result.data.\*.Attribute.\*.first_seen | string | |
+action_result.data.\*.Attribute.\*.id | string | `misp attribute id` | 164191
+action_result.data.\*.Attribute.\*.last_seen | string | |
+action_result.data.\*.Attribute.\*.object_id | string | | 0 10
+action_result.data.\*.Attribute.\*.object_relation | string | | filename
+action_result.data.\*.Attribute.\*.sharing_group_id | string | | 0
+action_result.data.\*.Attribute.\*.timestamp | string | | 1498002097
+action_result.data.\*.Attribute.\*.to_ids | boolean | | True False
+action_result.data.\*.Attribute.\*.type | string | | ip-src
+action_result.data.\*.Attribute.\*.uuid | string | | 5949b2b1-35b4-4152-a633-7e530a10000d
+action_result.data.\*.Attribute.\*.value | string | `url` `domain` `ip` `email` `hash` `md5` `sha256` `md1` | 192.162.8.1
+action_result.summary | string | |
+action_result.message | string | | Successfully retrieved attributes
+summary.total_objects | numeric | | 1
+summary.total_objects_successful | numeric | | 1
\ No newline at end of file
diff --git a/__init__.py b/__init__.py
index 7a7c38d..04fd24e 100644
--- a/__init__.py
+++ b/__init__.py
@@ -1,6 +1,6 @@
# File: __init__.py
#
-# Copyright (c) 2017-2022 Splunk Inc.
+# Copyright (c) 2017-2024 Splunk Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/exclude_files.txt b/exclude_files.txt
deleted file mode 100644
index e9cafef..0000000
--- a/exclude_files.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-docker-compose.yml
-Makefile
-.git*
-.gitlab-ci.yml
-whitesource-results
diff --git a/manual_readme_content.md b/manual_readme_content.md
index 00c7346..e55c712 100644
--- a/manual_readme_content.md
+++ b/manual_readme_content.md
@@ -1,5 +1,5 @@
[comment]: # "File: README.md"
-[comment]: # "Copyright (c) 2017-2022 Splunk Inc."
+[comment]: # "Copyright (c) 2017-2024 Splunk Inc."
[comment]: # ""
[comment]: # "Licensed under the Apache License, Version 2.0 (the 'License');"
[comment]: # "you may not use this file except in compliance with the License."
diff --git a/misp.json b/misp.json
index 0e44549..b3ba7fd 100644
--- a/misp.json
+++ b/misp.json
@@ -5,9 +5,9 @@
"publisher": "Splunk",
"package_name": "phantom_misp",
"type": "threat intel",
- "license": "Copyright (c) 2017-2022 Splunk Inc.",
+ "license": "Copyright (c) 2017-2024 Splunk Inc.",
"main_module": "misp_connector.py",
- "app_version": "2.2.0",
+ "app_version": "2.2.1",
"utctime_updated": "2022-02-03T21:33:46.000000Z",
"product_vendor": "MISP",
"product_name": "MISP",
@@ -28,7 +28,7 @@
},
{
"module": "attrs",
- "input_file": "wheels/shared/attrs-21.4.0-py2.py3-none-any.whl"
+ "input_file": "wheels/py3/attrs-22.2.0-py3-none-any.whl"
},
{
"module": "beautifulsoup4",
@@ -40,15 +40,15 @@
},
{
"module": "certifi",
- "input_file": "wheels/shared/certifi-2021.10.8-py2.py3-none-any.whl"
+ "input_file": "wheels/py3/certifi-2023.11.17-py3-none-any.whl"
},
{
- "module": "chardet",
- "input_file": "wheels/shared/chardet-3.0.4-py2.py3-none-any.whl"
+ "module": "charset_normalizer",
+ "input_file": "wheels/py3/charset_normalizer-2.0.12-py3-none-any.whl"
},
{
"module": "idna",
- "input_file": "wheels/shared/idna-2.10-py2.py3-none-any.whl"
+ "input_file": "wheels/py3/idna-3.6-py3-none-any.whl"
},
{
"module": "importlib_metadata",
@@ -72,7 +72,7 @@
},
{
"module": "requests",
- "input_file": "wheels/shared/requests-2.25.0-py2.py3-none-any.whl"
+ "input_file": "wheels/shared/requests-2.27.1-py2.py3-none-any.whl"
},
{
"module": "setuptools",
@@ -84,7 +84,7 @@
},
{
"module": "soupsieve",
- "input_file": "wheels/py3/soupsieve-2.3.2-py3-none-any.whl"
+ "input_file": "wheels/py3/soupsieve-2.3.2.post1-py3-none-any.whl"
},
{
"module": "typing_extensions",
@@ -92,11 +92,11 @@
},
{
"module": "urllib3",
- "input_file": "wheels/shared/urllib3-1.26.9-py2.py3-none-any.whl"
+ "input_file": "wheels/shared/urllib3-1.26.18-py2.py3-none-any.whl"
},
{
"module": "wrapt",
- "input_file": "wheels/py36/wrapt-1.14.0-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl"
+ "input_file": "wheels/py36/wrapt-1.16.0-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl"
},
{
"module": "zipp",
@@ -2390,7 +2390,7 @@
},
{
"module": "attrs",
- "input_file": "wheels/shared/attrs-21.4.0-py2.py3-none-any.whl"
+ "input_file": "wheels/py3/attrs-23.1.0-py3-none-any.whl"
},
{
"module": "beautifulsoup4",
@@ -2402,15 +2402,15 @@
},
{
"module": "certifi",
- "input_file": "wheels/shared/certifi-2021.10.8-py2.py3-none-any.whl"
+ "input_file": "wheels/py3/certifi-2023.11.17-py3-none-any.whl"
},
{
- "module": "chardet",
- "input_file": "wheels/shared/chardet-3.0.4-py2.py3-none-any.whl"
+ "module": "charset_normalizer",
+ "input_file": "wheels/py39/charset_normalizer-3.3.2-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl"
},
{
"module": "idna",
- "input_file": "wheels/shared/idna-2.10-py2.py3-none-any.whl"
+ "input_file": "wheels/py3/idna-3.6-py3-none-any.whl"
},
{
"module": "jsonschema",
@@ -2422,7 +2422,7 @@
},
{
"module": "pyrsistent",
- "input_file": "wheels/py39/pyrsistent-0.18.1-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl"
+ "input_file": "wheels/py39/pyrsistent-0.20.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl"
},
{
"module": "python_dateutil",
@@ -2430,11 +2430,11 @@
},
{
"module": "requests",
- "input_file": "wheels/shared/requests-2.25.0-py2.py3-none-any.whl"
+ "input_file": "wheels/py3/requests-2.31.0-py3-none-any.whl"
},
{
"module": "setuptools",
- "input_file": "wheels/py3/setuptools-62.1.0-py3-none-any.whl"
+ "input_file": "wheels/py3/setuptools-69.0.2-py3-none-any.whl"
},
{
"module": "six",
@@ -2442,15 +2442,15 @@
},
{
"module": "soupsieve",
- "input_file": "wheels/py3/soupsieve-2.3.2-py3-none-any.whl"
+ "input_file": "wheels/py3/soupsieve-2.5-py3-none-any.whl"
},
{
"module": "urllib3",
- "input_file": "wheels/shared/urllib3-1.26.9-py2.py3-none-any.whl"
+ "input_file": "wheels/py3/urllib3-2.1.0-py3-none-any.whl"
},
{
"module": "wrapt",
- "input_file": "wheels/py39/wrapt-1.14.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl"
+ "input_file": "wheels/py39/wrapt-1.16.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl"
}
]
}
diff --git a/misp_connector.py b/misp_connector.py
index 9a62314..9342ced 100644
--- a/misp_connector.py
+++ b/misp_connector.py
@@ -1,6 +1,6 @@
# File: misp_connector.py
#
-# Copyright (c) 2017-2022 Splunk Inc.
+# Copyright (c) 2017-2024 Splunk Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -102,22 +102,22 @@ def _get_error_message_from_exception(self, e):
:return: error message
"""
error_code = None
- error_msg = MISP_ERR_MSG_UNAVAILABLE
+ error_message = MISP_ERR_MSG_UNAVAILABLE
try:
if hasattr(e, "args"):
if len(e.args) > 1:
error_code = e.args[0]
- error_msg = e.args[1]
+ error_message = e.args[1]
elif len(e.args) == 1:
- error_msg = e.args[0]
+ error_message = e.args[0]
except Exception:
pass
if not error_code:
- error_text = "Error Message: {}".format(error_msg)
+ error_text = "Error Message: {}".format(error_message)
else:
- error_text = "Error Code: {}. Error Message: {}".format(error_code, error_msg)
+ error_text = "Error Code: {}. Error Message: {}".format(error_code, error_message)
return error_text
@@ -212,8 +212,8 @@ def initialize(self):
try:
self._misp = PyMISP(self._misp_url, api_key, ssl=self._verify)
except Exception as e:
- error_msg = self._get_error_message_from_exception(e)
- return self.set_status(phantom.APP_ERROR, "Failed to create API session:{0}".format(error_msg))
+ error_message = self._get_error_message_from_exception(e)
+ return self.set_status(phantom.APP_ERROR, "Failed to create API session:{0}".format(error_message))
self.set_validator('ip', self._validate_ip)
self.set_validator('domain', self._validate_domain)
@@ -285,14 +285,14 @@ def _create_event(self, param):
self._event = self._misp.add_event(event, pythonify=True)
except Exception as e:
- error_msg = self._get_error_message_from_exception(e)
- return action_result.set_status(phantom.APP_ERROR, "Failed to create MISP event:{0}".format(error_msg))
+ error_message = self._get_error_message_from_exception(e)
+ return action_result.set_status(phantom.APP_ERROR, "Failed to create MISP event:{0}".format(error_message))
try:
action_result.add_data(json.loads(self._event.to_json()))
except Exception as e:
- error_msg = self._get_error_message_from_exception(e)
- return action_result.set_status(phantom.APP_ERROR, "Failed to add data of MISP event:{0}".format(error_msg))
+ error_message = self._get_error_message_from_exception(e)
+ return action_result.set_status(phantom.APP_ERROR, "Failed to add data of MISP event:{0}".format(error_message))
action_result.set_summary({"message": "Event created with id: {0}".format(self._event.id)})
@@ -300,11 +300,11 @@ def _create_event(self, param):
if addAttributes:
ret_val = self._perform_adds(param, action_result, add_data=True)
- error_msg = action_result.get_message()
+ error_message = action_result.get_message()
- if error_msg is not None:
+ if error_message is not None:
summary = action_result.get_summary()
- summary["errors"] = error_msg
+ summary["errors"] = error_message
action_result.update_summary(summary)
if phantom.is_fail(ret_val):
@@ -313,8 +313,8 @@ def _create_event(self, param):
try:
event_dict = json.loads(self._event.to_json())
except Exception as e:
- error_msg = self._get_error_message_from_exception(e)
- return action_result.set_status(phantom.APP_ERROR, "Failed to load data of MISP event:{0}".format(error_msg))
+ error_message = self._get_error_message_from_exception(e)
+ return action_result.set_status(phantom.APP_ERROR, "Failed to load data of MISP event:{0}".format(error_message))
attributes = event_dict.get('Attribute', [])
for attribute in attributes:
@@ -394,8 +394,8 @@ def _perform_adds(self, param, action_result, add_data=False):
try:
d = json.loads(json_str)
except Exception as e:
- error_msg = self._get_error_message_from_exception(e)
- return action_result.set_status(phantom.APP_ERROR, "Invalid JSON parameter. {0}".format(error_msg))
+ error_message = self._get_error_message_from_exception(e)
+ return action_result.set_status(phantom.APP_ERROR, "Invalid JSON parameter. {0}".format(error_message))
if not isinstance(d, dict):
return action_result.set_status(phantom.APP_ERROR, "Invalid JSON parameter")
for k, v in d.items():
@@ -408,44 +408,44 @@ def _perform_adds(self, param, action_result, add_data=False):
ret_val, cust_error_code = self._add_indicator(indicator_list, action_result, k, param.get('to_ids', False))
if phantom.is_fail(ret_val):
- status_msg = action_result.get_message()
+ status_message = action_result.get_message()
if cust_error_code == 1:
- errors["invalid_value"].append(status_msg)
+ errors["invalid_value"].append(status_message)
elif cust_error_code == 2:
- errors["invalid_key"].append(status_msg)
+ errors["invalid_key"].append(status_message)
else:
return action_result.get_status()
else:
is_added = True
- error_msg = None
+ error_message = None
if errors["invalid_value"]:
invalid_values = ', '.join(errors["invalid_value"])
- error_msg = "{} key/keys has invalid value".format(invalid_values)
+ error_message = "{} key/keys has invalid value".format(invalid_values)
if errors["invalid_key"]:
invalid_keys = ', '.join(errors["invalid_key"])
- if error_msg is not None:
- error_msg = "{} and ".format(error_msg)
+ if error_message is not None:
+ error_message = "{} and ".format(error_message)
else:
- error_msg = ''
- error_msg = "{} {} is/are invalid attribute name/names".format(error_msg, invalid_keys)
+ error_message = ''
+ error_message = "{} {} is/are invalid attribute name/names".format(error_message, invalid_keys)
- if error_msg is not None:
- error_msg = "{} in 'json' action parameter".format(error_msg)
+ if error_message is not None:
+ error_message = "{} in 'json' action parameter".format(error_message)
if self.get_action_identifier() == self.ACTION_ID_ADD_ATTRIBUTES:
status = phantom.APP_SUCCESS
# if not a single attribute is provided to update event
if is_empty:
status = phantom.APP_ERROR
- error_msg = "Please provide at least one attribute"
+ error_message = "Please provide at least one attribute"
# if not a single attribute is attached then "update event" task is completely failed
if not is_added:
status = phantom.APP_ERROR
- return action_result.set_status(status, error_msg)
+ return action_result.set_status(status, error_message)
# Event is already created so it should be success regardless of the number of attributes attached
else:
- return action_result.set_status(phantom.APP_SUCCESS, error_msg)
+ return action_result.set_status(phantom.APP_SUCCESS, error_message)
def _add_attributes(self, param):
@@ -463,12 +463,12 @@ def _add_attributes(self, param):
else:
raise Exception
except Exception as e:
- error_msg = self._get_error_message_from_exception(e)
- return action_result.set_status(phantom.APP_ERROR, "Failed to get event for adding attributes:{0}".format(error_msg))
+ error_message = self._get_error_message_from_exception(e)
+ return action_result.set_status(phantom.APP_ERROR, "Failed to get event for adding attributes:{0}".format(error_message))
ret_val = self._perform_adds(param, action_result, add_data=True)
- error_msg = action_result.get_message()
+ error_message = action_result.get_message()
if phantom.is_fail(ret_val):
return action_result.get_status()
@@ -476,8 +476,8 @@ def _add_attributes(self, param):
try:
event_dict = json.loads(self._event.to_json())
except Exception as e:
- error_msg = self._get_error_message_from_exception(e)
- return action_result.set_status(phantom.APP_ERROR, "Failed to load data of MISP event:{0}".format(error_msg))
+ error_message = self._get_error_message_from_exception(e)
+ return action_result.set_status(phantom.APP_ERROR, "Failed to load data of MISP event:{0}".format(error_message))
attributes = event_dict.get('Attribute', [])
for attribute in attributes:
@@ -486,8 +486,8 @@ def _add_attributes(self, param):
if hasattr(self._event, "id"):
summary = {}
summary["message"] = "Attributes added to event: {0}".format(self._event.id)
- if error_msg is not None:
- summary["errors"] = error_msg
+ if error_message is not None:
+ summary["errors"] = error_message
action_result.set_summary(summary)
else:
return action_result.set_status(phantom.APP_ERROR, "Failed to get event '{0}' for adding attributes".format(param["event_id"]))
@@ -498,8 +498,8 @@ def _do_search(self, action_result, **kwargs):
try:
resp = self._misp.search(**kwargs)
except Exception as e:
- error_msg = self._get_error_message_from_exception(e)
- return RetVal(action_result.set_status(phantom.APP_ERROR, error_msg), None)
+ error_message = self._get_error_message_from_exception(e)
+ return RetVal(action_result.set_status(phantom.APP_ERROR, error_message), None)
return RetVal(phantom.APP_SUCCESS, resp)
@@ -534,8 +534,8 @@ def _run_query(self, param):
try:
other = json.loads(param['other'])
except Exception as e:
- error_msg = self._get_error_message_from_exception(e)
- return action_result.set_status(phantom.APP_ERROR, "Unable to parse JSON object{0}".format(error_msg))
+ error_message = self._get_error_message_from_exception(e)
+ return action_result.set_status(phantom.APP_ERROR, "Unable to parse JSON object{0}".format(error_message))
if not isinstance(other, dict):
return action_result.set_status(phantom.APP_ERROR, "Invalid JSON in 'other' action parameter")
@@ -607,8 +607,8 @@ def _download_malware_samples(self, action_result):
fp.write(attrib.malware_binary.read())
ph_rules.vault_add(container=self.get_container_id(), file_location=file_path, file_name=attrib.malware_filename)
except Exception as e:
- error_msg = self._get_error_message_from_exception(e)
- return action_result.set_status(phantom.APP_ERROR, "Failed to download malware samples: {0}".format(error_msg))
+ error_message = self._get_error_message_from_exception(e)
+ return action_result.set_status(phantom.APP_ERROR, "Failed to download malware samples: {0}".format(error_message))
return phantom.APP_SUCCESS
@@ -633,8 +633,8 @@ def _get_event(self, param):
else:
raise Exception
except Exception as e:
- error_msg = self._get_error_message_from_exception(e)
- return action_result.set_status(phantom.APP_ERROR, "Failed to get event for getting attachment:{0}".format(error_msg))
+ error_message = self._get_error_message_from_exception(e)
+ return action_result.set_status(phantom.APP_ERROR, "Failed to get event for getting attachment:{0}".format(error_message))
query_dict = {}
query_dict['eventid'] = event_id
@@ -682,8 +682,8 @@ def _process_json_response(self, r, action_result):
try:
resp_json = r.json()
except Exception as e:
- error_msg = self._get_error_message_from_exception(e)
- return action_result.set_status(phantom.APP_ERROR, "Unable to parse response as JSON {0}".format(error_msg)), None
+ error_message = self._get_error_message_from_exception(e)
+ return action_result.set_status(phantom.APP_ERROR, "Unable to parse response as JSON {0}".format(error_message)), None
if 200 <= r.status_code < 205:
return phantom.APP_SUCCESS, resp_json
@@ -732,15 +732,15 @@ def _make_rest_call(self, endpoint, result, headers={}, params={}, json={}, meth
# Set the action_result status to error, the handler function will most probably return as is
return result.set_status(phantom.APP_ERROR, "Unsupported method: {0}".format(method)), None
except Exception as e:
- error_msg = self._get_error_message_from_exception(e)
+ error_message = self._get_error_message_from_exception(e)
# Set the action_result status to error, the handler function will most probably return as is
- return result.set_status(phantom.APP_ERROR, "Handled exception: {0}".format(error_msg)), None
+ return result.set_status(phantom.APP_ERROR, "Handled exception: {0}".format(error_message)), None
try:
r = request_func(url, params=params, json=json, headers=headers, verify=self._verify)
except Exception as e:
- error_msg = self._get_error_message_from_exception(e)
- return result.set_status(phantom.APP_ERROR, "REST API to server failed: {0}".format(error_msg)), None
+ error_message = self._get_error_message_from_exception(e)
+ return result.set_status(phantom.APP_ERROR, "REST API to server failed: {0}".format(error_message)), None
return self._process_response(r, result)
diff --git a/misp_consts.py b/misp_consts.py
index 409d312..fab4380 100644
--- a/misp_consts.py
+++ b/misp_consts.py
@@ -1,6 +1,6 @@
# File: misp_consts.py
#
-# Copyright (c) 2017-2022 Splunk Inc.
+# Copyright (c) 2017-2024 Splunk Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/release_notes/unreleased.md b/release_notes/unreleased.md
index fbcb2fd..0096275 100644
--- a/release_notes/unreleased.md
+++ b/release_notes/unreleased.md
@@ -1 +1,2 @@
**Unreleased**
+* Updated requests dependencies in order to use platform packages [PAPP-30822]
diff --git a/requirements.txt b/requirements.txt
index 4c97589..803bd7d 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -2,5 +2,4 @@ beautifulsoup4==4.9.1
cachetools==4.2.2
Deprecated==1.2.12
jsonschema==3.2.0
-pymisp==2.4.138
-requests==2.25.0
+
diff --git a/wheels/py3/attrs-22.2.0-py3-none-any.whl b/wheels/py3/attrs-22.2.0-py3-none-any.whl
new file mode 100644
index 0000000..3fcb9e1
Binary files /dev/null and b/wheels/py3/attrs-22.2.0-py3-none-any.whl differ
diff --git a/wheels/py3/attrs-23.1.0-py3-none-any.whl b/wheels/py3/attrs-23.1.0-py3-none-any.whl
new file mode 100644
index 0000000..6991e6a
Binary files /dev/null and b/wheels/py3/attrs-23.1.0-py3-none-any.whl differ
diff --git a/wheels/py3/certifi-2023.11.17-py3-none-any.whl b/wheels/py3/certifi-2023.11.17-py3-none-any.whl
new file mode 100644
index 0000000..de0787f
Binary files /dev/null and b/wheels/py3/certifi-2023.11.17-py3-none-any.whl differ
diff --git a/wheels/py3/charset_normalizer-2.0.12-py3-none-any.whl b/wheels/py3/charset_normalizer-2.0.12-py3-none-any.whl
new file mode 100644
index 0000000..17a2dfb
Binary files /dev/null and b/wheels/py3/charset_normalizer-2.0.12-py3-none-any.whl differ
diff --git a/wheels/py3/idna-3.6-py3-none-any.whl b/wheels/py3/idna-3.6-py3-none-any.whl
new file mode 100644
index 0000000..fdf65ae
Binary files /dev/null and b/wheels/py3/idna-3.6-py3-none-any.whl differ
diff --git a/wheels/py3/pymisp-2.4.138-py3-none-any.whl b/wheels/py3/pymisp-2.4.138-py3-none-any.whl
index 257da1b..2dca5ee 100644
Binary files a/wheels/py3/pymisp-2.4.138-py3-none-any.whl and b/wheels/py3/pymisp-2.4.138-py3-none-any.whl differ
diff --git a/wheels/py3/requests-2.31.0-py3-none-any.whl b/wheels/py3/requests-2.31.0-py3-none-any.whl
new file mode 100644
index 0000000..bfd5d2e
Binary files /dev/null and b/wheels/py3/requests-2.31.0-py3-none-any.whl differ
diff --git a/wheels/py3/setuptools-62.1.0-py3-none-any.whl b/wheels/py3/setuptools-62.1.0-py3-none-any.whl
deleted file mode 100644
index 0a56be0..0000000
Binary files a/wheels/py3/setuptools-62.1.0-py3-none-any.whl and /dev/null differ
diff --git a/wheels/py3/setuptools-69.0.2-py3-none-any.whl b/wheels/py3/setuptools-69.0.2-py3-none-any.whl
new file mode 100644
index 0000000..a609341
Binary files /dev/null and b/wheels/py3/setuptools-69.0.2-py3-none-any.whl differ
diff --git a/wheels/py3/soupsieve-2.3.2-py3-none-any.whl b/wheels/py3/soupsieve-2.3.2.post1-py3-none-any.whl
similarity index 78%
rename from wheels/py3/soupsieve-2.3.2-py3-none-any.whl
rename to wheels/py3/soupsieve-2.3.2.post1-py3-none-any.whl
index 0eefa9e..b363a9b 100644
Binary files a/wheels/py3/soupsieve-2.3.2-py3-none-any.whl and b/wheels/py3/soupsieve-2.3.2.post1-py3-none-any.whl differ
diff --git a/wheels/py3/soupsieve-2.5-py3-none-any.whl b/wheels/py3/soupsieve-2.5-py3-none-any.whl
new file mode 100644
index 0000000..e1be128
Binary files /dev/null and b/wheels/py3/soupsieve-2.5-py3-none-any.whl differ
diff --git a/wheels/py3/urllib3-2.1.0-py3-none-any.whl b/wheels/py3/urllib3-2.1.0-py3-none-any.whl
new file mode 100644
index 0000000..0951ac3
Binary files /dev/null and b/wheels/py3/urllib3-2.1.0-py3-none-any.whl differ
diff --git a/wheels/py36/wrapt-1.14.0-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl b/wheels/py36/wrapt-1.14.0-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl
deleted file mode 100644
index e0df030..0000000
Binary files a/wheels/py36/wrapt-1.14.0-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl and /dev/null differ
diff --git a/wheels/py36/wrapt-1.16.0-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl b/wheels/py36/wrapt-1.16.0-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl
new file mode 100644
index 0000000..3a28a3a
Binary files /dev/null and b/wheels/py36/wrapt-1.16.0-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl differ
diff --git a/wheels/py39/charset_normalizer-3.3.2-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl b/wheels/py39/charset_normalizer-3.3.2-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
new file mode 100644
index 0000000..1739590
Binary files /dev/null and b/wheels/py39/charset_normalizer-3.3.2-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl differ
diff --git a/wheels/py39/pyrsistent-0.18.1-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl b/wheels/py39/pyrsistent-0.18.1-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
deleted file mode 100644
index 22e3f17..0000000
Binary files a/wheels/py39/pyrsistent-0.18.1-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl and /dev/null differ
diff --git a/wheels/py39/pyrsistent-0.20.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl b/wheels/py39/pyrsistent-0.20.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
new file mode 100644
index 0000000..5be1af8
Binary files /dev/null and b/wheels/py39/pyrsistent-0.20.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl differ
diff --git a/wheels/py39/wrapt-1.14.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl b/wheels/py39/wrapt-1.14.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl
deleted file mode 100644
index 6a6e04f..0000000
Binary files a/wheels/py39/wrapt-1.14.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl and /dev/null differ
diff --git a/wheels/py39/wrapt-1.16.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl b/wheels/py39/wrapt-1.16.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl
new file mode 100644
index 0000000..6187991
Binary files /dev/null and b/wheels/py39/wrapt-1.16.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl differ
diff --git a/wheels/shared/attrs-21.4.0-py2.py3-none-any.whl b/wheels/shared/attrs-21.4.0-py2.py3-none-any.whl
deleted file mode 100644
index 097aacc..0000000
Binary files a/wheels/shared/attrs-21.4.0-py2.py3-none-any.whl and /dev/null differ
diff --git a/wheels/shared/certifi-2021.10.8-py2.py3-none-any.whl b/wheels/shared/certifi-2021.10.8-py2.py3-none-any.whl
deleted file mode 100644
index fbcb86b..0000000
Binary files a/wheels/shared/certifi-2021.10.8-py2.py3-none-any.whl and /dev/null differ
diff --git a/wheels/shared/chardet-3.0.4-py2.py3-none-any.whl b/wheels/shared/chardet-3.0.4-py2.py3-none-any.whl
deleted file mode 100644
index d276977..0000000
Binary files a/wheels/shared/chardet-3.0.4-py2.py3-none-any.whl and /dev/null differ
diff --git a/wheels/shared/idna-2.10-py2.py3-none-any.whl b/wheels/shared/idna-2.10-py2.py3-none-any.whl
deleted file mode 100644
index 41225cb..0000000
Binary files a/wheels/shared/idna-2.10-py2.py3-none-any.whl and /dev/null differ
diff --git a/wheels/shared/requests-2.25.0-py2.py3-none-any.whl b/wheels/shared/requests-2.25.0-py2.py3-none-any.whl
deleted file mode 100644
index c3f28e5..0000000
Binary files a/wheels/shared/requests-2.25.0-py2.py3-none-any.whl and /dev/null differ
diff --git a/wheels/shared/requests-2.27.1-py2.py3-none-any.whl b/wheels/shared/requests-2.27.1-py2.py3-none-any.whl
new file mode 100644
index 0000000..807fc61
Binary files /dev/null and b/wheels/shared/requests-2.27.1-py2.py3-none-any.whl differ
diff --git a/wheels/shared/urllib3-1.26.18-py2.py3-none-any.whl b/wheels/shared/urllib3-1.26.18-py2.py3-none-any.whl
new file mode 100644
index 0000000..c7337c7
Binary files /dev/null and b/wheels/shared/urllib3-1.26.18-py2.py3-none-any.whl differ
diff --git a/wheels/shared/urllib3-1.26.9-py2.py3-none-any.whl b/wheels/shared/urllib3-1.26.9-py2.py3-none-any.whl
deleted file mode 100644
index 5019453..0000000
Binary files a/wheels/shared/urllib3-1.26.9-py2.py3-none-any.whl and /dev/null differ