chrisinmtown
commented
3 years ago I have to correct what I wrote above. The rate for deleting attributes from an event seems to vary with the number of attributes on the event. A PyMISP script can delete multiple attributes per second from an event with a small (fewer than 1,000) attributes. But if the event has 100K attributes, a delete operation can take 5..10 seconds. I don't know what is responsible for the large execution-time cost, if it's locking, queries or whatever. I hope the CIRCL team can advise if a single delete-id-list function would be faster than successive REST calls.
Rafiot
github-germ
Request a PyMISP method that accepts a list of attributes to be deleted. In version 2.4.133 api.py exposes method
delete_attribute(id)which works fine. If run on the MISP server host the rate is about 22 per second, which is tolerable. Still it seems silly to POST 100,000 or other horribly large number of times when I could POST once. FWIW, we would like to use this feature to clean the mess of soft-deleted attributes left by the delta-merge algorithm on fixed-event feeds.I'm hoping this is trivial bcos apparently the MISP server supports this already according to this comment thread; it requires an event ID (altho the delete_attribute method does not), but that doesn't seem hugely onerous:
https://github.com/MISP/MISP/issues/6010#issuecomment-660891990
What's the right way - extend the delete_attribute method to accept a list or add a new method? If you will please reply with the team's preference then I will make a proposal for a change to api.py. Thanks for listening.