Adding custom object to event #462
Assignees
Labels
T: support
Type: support. This issue is seeking support on a problem or question
Comments
|
The problem is that MISP
when the two conditions are true, the error is expected. You can either add the template on MISP, or create a new object (by changing the UUID). |
Rafiot
added
the
T: support
|
Hi, The object template is present on MISP? Like I said, I can add the object to an event using the web app. |
|
Yes, you can add it, but you should not be able to update it from the web interface (?) If you can, I'm confused and will ask @iglocska to the rescue. |
|
Hi, I can add the object to an event and edit it (on the web app). Okay haha - thank you. |
|
Hi, I've found a less than ideal workaround. Hopefully the above issue is fixed because these methods are deprecated. Instead of using the new ExpandedPyMISP API, revert to PyMISP API and provide the template UUID when adding the object to the event. |
|
Hi @thomasb454, I tried to reproduce you issue. There is no error for me. |
|
Hi @kovacsbalu, 9 is the ID of the event that I'm trying to add the object to. |
|
My debug output is only differ in this request: |
|
@kovacsbalu That's strange, could you try on the same version as me and report the results? |
|
@thomasb454 I created MISP 2.4.99 in docker env and I could reproduce So probably you need to upgrade your MISP. |
|
MISP 2.4.116 |
|
Hi @kovacsbalu, |
|
Yes, and as I wrote before also works with 2.4.109 |
|
Hi, After revisiting this I believe I found the cause of this bug. My code is as follows: for result in results:
new_event = MISPEvent()
new_event.extends_uuid = result.uuid
new_event.info = "TESTING EXTENDS"
res = misp.add_event(new_event)
new_uuid = res['Event']['uuid']
new_id = res['Event']['id']
mopr_obj = MISPObject(name='mopr-report', misp_objects_path_custom='mopr')
mopr_obj.add_attribute('score', value=result.score)
misp.add_object(new_id, misp_object=mopr_obj)This doesn't work and produces the following debug output: As you can see it's sending the request to /objects/add/33 - but if you try to do the same via the MISP UI it will send the request to /objects/add/[event id]/[object template id]. I fixed this issue by changing the following line in new_object = self._prepare_request('POST', f'objects/add/{event_id}', data=misp_object)AFTER: new_object = self._prepare_request('POST', f'objects/add/{event_id}/116', data=misp_object)In this case I hard-coded 116, which is the ID of my object template - when fixed this obviously needs to be dynamically applied. |
Rafiot
added a commit
that referenced
this issue
Nov 15, 2019
|
You should never pass the template ID when you're using PyMISP, I'm not sure how you end-up in this situation. I patched ExpandedPyMISP to print the json blob and make the debug easier, but canyou show me the content of |
|
This commit may also solve your problem: MISP/MISP@e4c82eb |
|
Hi, |
|
Oh, right, PyMISP will not be fixed at this point, as it will go away in ~45 days. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
I'm having issues when trying to update an event with a custom object.
PyMISP version: 2.4.114
Python version: 3.7
The object template is present on the web server (I can manually add the object to an event), however when using ExpandedPyMISP it returns a 403.
ERROR [aping.py:2039 - _check_response() ] Something went wrong (403): {'name': 'Could not add object', 'message': 'Could not add object', 'url': '/objects/add/9/', 'errors': 'No valid template found to edit the object.'}Any advice is appreciated.
The text was updated successfully, but these errors were encountered: