Closed eljeffeg closed 5 years ago
Yep, makes sense. You can either:
Note that PyMISP automatically pops the timestamps when appropriate when you load the event in a MISPEvent. If you don't do that, you have to figure it out yourself.
Ok, so I need to put the event return into a MISPEvent. Something like this, correct? And what about question 2? You just addressed question 1, Thanks
event = MISPEvent(pymisp.create_event(...))
event.info = info
pymisp.update(event)
To update an event, you have a full example here: https://github.com/MISP/PyMISP/blob/master/docs/tutorial/FullOverview.ipynb (search for "Full example", and use the new python 3.6+ API).
Sorry, I miss your second question, I was at a conference.
If you want to add tags to a malware sample, I recommend you to first search for "Use lief to extract indicators out of binaries" (on the same link as I mentioned earlier): it creates objects and extract lots of indicators from a malware sample. Then, you have a MISPEvent that contains objects and more precisely a file object. That file object contains attributes and one of the attributes is the malware sample. To that malware sample, you can add tags. Everything is documented here: https://pymisp.readthedocs.io/modules.html
Couple support questions:
{'name': 'Success', 'message': 'Success, saved all attributes.', 'url': '/events/view/103', 'id': '103'}