PyMISP.search does not allow searching for attributes with first_seen as None

[emuradov]

I would like to search for attributes that do not have a set first_seen value (value set to None).

When using the PyMISP search functions as follows: pymisp.search(controller='attributes', first_seen=None)

The returned results are all attributes. If any integer value is supplied that's not a period such as '24h', then all the attributes WITH a first_seen value are returned.

Is there a way to search for attributes ONLY with a first_seen value of None? Can this be implemented if not available now? Also if possible, the args first_seen and last_seen should be added to the documentation under the search function as they do work.

[Rafiot]

None is discarded on PyMISP side. I'm pretty sure MISP is also discarding searching for None, but I'll let one of my colleagues answer on that point (cc @iglocska @righel @mokaddem).

If that is implemented on MISP side, we need to come up with a generic approach for such search requests because they cannot be the default, and might end-up returning crazy amount of data.

[emuradov]

Is there any plan in the future to allow such querying? It would be helpful to quickly segment data.

[github-germ]

Hi... Will this request move forward or should we furgetaboutit? :)