Closed nyx0 closed 5 years ago
So, a few things to look at:
@iglocska any other ideas?
Are you using a version of pymisp later then 2.4.96? If so, please downgrade to 2.4.96 (pip3 install pymisp==2.4.96) and check if that solves your problem.
pymisp 2.4.96 is pretty old, and I would really not use it. Is there any chance you share a code sample that fails? Because it works for me, and I assume I changed a thing I'm not using and would rather not have you stuck with an old version that will definitely start failing on other things in the future.
.... or maybe it doesn't anymore. To me, it looks like a bug in MISP core. poke @iglocska
from pymisp import ExpandedPyMISP
from pymisp import MISPObject
user_defined_obj = MISPObject(name='test_object_template', strict=True, misp_objects_path_custom='../../tests/mispevent_testfiles')
user_defined_obj.add_attribute('member3', value='foo')
user_defined_obj.add_attribute('member1', value='baz')
print(user_defined_obj.to_json())
misp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert, debug=True)
misp.add_object(1204,user_defined_obj)
{'errors': (403,
{'name': 'Could not add object',
'message': 'Could not add object',
'url': '/objects/add/1204/',
'errors': 'No valid template found to edit the object.'})}
DEBUG [api.py:157 - _prepare_request() ] POST - http://127.0.0.1:8080/objects/add/1204
DEBUG [api.py:159 - _prepare_request() ] {
"Attribute": [
{
"category": "Other",
"disable_correlation": false,
"object_relation": "member3",
"to_ids": false,
"type": "text",
"uuid": "d7d3c852-d6a4-4ede-9e26-dcbfb23a1bfd",
"value": "foo"
},
{
"category": "Other",
"disable_correlation": false,
"object_relation": "member1",
"to_ids": false,
"type": "text",
"uuid": "377acfa6-8da6-4866-a665-f43bbf2aedd5",
"value": "baz"
}
],
"description": "TestTemplate.",
"distribution": "5",
"meta-category": "file",
"name": "test_object_template",
"sharing_group_id": "0",
"template_uuid": "4ec55cc6-9e49-4c64-b794-03c25c1a6589",
"template_version": "1",
"uuid": "1d19469d-cc0c-4efb-aaa9-7fcfe4efee63"
}
But that approach will work (push the full event with the object instead of just the object):
from pymisp import ExpandedPyMISP
misp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert)
me = misp.get(1204)
me.add_object(user_defined_obj)
misp.update_event(me)
I'm not sure it is expected, but in the meantime, just get and push the full event.
(this issue has been fixed in MISP)
When I'm trying to push a custom object to MISP I had the following error:
I removed the object on the MISP server but the UUID is the same (saw a related issue)