Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Issue with Adding a Tag to Event via PyMISP #1133

Closed
cybercitizen7 opened this issue Jan 15, 2024 · 5 comments
Closed

Issue with Adding a Tag to Event via PyMISP #1133

cybercitizen7 opened this issue Jan 15, 2024 · 5 comments

Comments

@cybercitizen7
Copy link

Hey everyone,

I am trying to create a new event via PyMISP. I have an error that I cannot debug whenever a tag wants to be added to the newly created MISP Event. The tag exists in our MISP Instance. I would appreciated help with this.

I am using following code.

def create_misp_event(misp_instance, event_info):
    print("Creating MISP Event.")
    event = MISPEvent()
    event.info = event_info
    event.distribution = 0  # Change as per your requirement
    event.threat_level_id = 4  # Change as per your requirement
    event.analysis = 0  # Change as per your requirement
    return misp_instance.add_event(event)

def add_tag_to_event(misp_instance, event, tagName):
    print("Adding Tag To Event.")
    tag = MISPTag()
    tag.name = tagName
    
    print(tag)
    misp_instance.add_tag(event, tag)

After running my script, I receive the following error message:

Unknown error: the response is not in JSON.
Something is broken server-side, please send us everything that follows (careful with the auth key):

Request headers:
{'User-Agent': 'PyMISP 2.4.172 - Python 3.11', 'Accept-Encoding': 'gzip, deflate', 'Accept': 'application/json', 'Connection': 'keep-alive', 'Cookie': 'AWSALBTG=<some_value>; AWSALBTGCORS=<some_value>; CAKEPHP=<some_value>', 'Content-Length': '827', 'content-type': 'application/json'}

Request body:
{"Event": {"id": "187289", "orgc_id": "2", "org_id": "2", "date": "2024-01-15", "threat_level_id": "4", "info": "EventName", "published": false, "uuid": "fbfa1830-4874-47a0-aef0-ac9b8fb9a022", "attribute_count": "0", "analysis": "0", "timestamp": "1705307661", "distribution": "0", "proposal_email_lock": false, "locked": false, "publish_timestamp": "0", "sharing_group_id": "0", "disable_correlation": false, "extends_uuid": "", "protected": null, "event_creator_email": "my_email", "Org": {"id": "2", "name": "org_name", "uuid": "b58b67fc-e2ee-4bc2-951b-79d1148b730c", "local": true}, "Orgc": {"id": "2", "name": "org_name", "uuid": "b58b67fc-e2ee-4bc2-951b-79d1148b730c", "local": true}, "Attribute": [], "ShadowAttribute": [], "RelatedEvent": [], "Galaxy": [], "Object": [], "EventReport": [], "CryptographicKey": []}}


Response (if any):
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/tags\/add"}
@Rafiot
Copy link
Member

Rafiot commented Jan 15, 2024

Yep, makes sense, the add_tag methods is there to add (create) a new tag on the MISP instance.

You want to do misp_instance.add(event, tag) instead, and it should work (if the tag exists on the platform, or the account you're using has the appropriate role).

@cybercitizen7
Copy link
Author

Hey @Rafiot ,

I believe there is no attribute or method add to MISPInstance object or?

I initiate it like this:
misp_instance = PyMISP(misp_url, misp_key, misp_verifycert)

@Rafiot
Copy link
Member

Rafiot commented Jan 15, 2024

sorry, I meant misp_instance.tag(event, tag)...

@cybercitizen7
Copy link
Author

That works @Rafiot , thanks! Before we close the issue - which is the best PyMISP documentation to refer to?

I tried using this:
https://pymisp.readthedocs.io/en/latest/modules.html

But I cannot find for example the tag method on MISPEvent or MISPObject.

@Rafiot
Copy link
Member

Rafiot commented Jan 15, 2024

Yep, it's this one: https://pymisp.readthedocs.io/en/latest/modules.html#pymisp.PyMISP.tag

(the method is in PyMISP, not in MISPEvent)

@Rafiot Rafiot closed this as completed Jan 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants