PyMISP icon indicating copy to clipboard operation
PyMISP copied to clipboard

Published 20 hours ago verified publisher icon MISP

Event creation and publishing with python program

Open roberto-carlos-leonardo opened this issue 2 years ago • 2 comments

I'm successfully creating events via python, but due to performance issues, I create the events with published=False and in a separate process, I change all the events to published=True. The problem is that the events are not published automatically. Here's part of the code used:

for i in range(max_line):
    me = misp.get_event(uuid_list[i], pythonify=True)
    me.published = True
    misp.update_event(me, uuid_list[i])
    me.publish()

result: Event #16418 ... Published YesN/A #Attributes 1 (0 Objects) First recorded change 2022-02-15 10:29:09 Last change 2022-02-15 10:29:10

In this scenario, the event is not being published/distributed to other instances.

Does anyone have any suggestions to fix this problem?

thanks

roberto-carlos-leonardo avatar Feb 15 '22 15:02 roberto-carlos-leonardo

Hi @roberto-carlos-leonardo,

If memory serves me right, the publish function against a MISP event just sets the field to 'True', and doesn't actually update MISP. I also have a sneaky feeling that setting the publish field to True and updating the event will not in fact publish it.

Have a go trying the following:

for i in range(max_line):
    me = misp.get_event(uuid_list[i], pythonify=True)
    misp.publish(me, alert=False)

The alert parameter is defined as follows:

:param alert: whether to send an email.  The default is to not send a mail as it is assumed this method is called on update.

Also worth making sure your MISP workers are running, I believe they are responsible for publishing events

tomking2 avatar Sep 14 '22 09:09 tomking2

Thank you.

Em qua., 14 de set. de 2022 06:40, Tom King @.***> escreveu:

Hi @roberto-carlos-leonardo https://github.com/roberto-carlos-leonardo,

If memory serves me right, the publish function against a MISP event just sets the field to 'True', and doesn't actually update MISP. I also have a sneaky feeling that setting the publish field to True and updating the event will not in fact publish it.

Have a go trying the following:

for i in range(max_line): me = misp.get_event(uuid_list[i], pythonify=True) misp.publish(me, alert=False)

The alert parameter is defined as follows:

:param alert: whether to send an email. The default is to not send a mail as it is assumed this method is called on update.

— Reply to this email directly, view it on GitHub https://github.com/MISP/PyMISP/issues/826#issuecomment-1246504790, or unsubscribe https://github.com/notifications/unsubscribe-auth/AIYHLHVCHVFUOFVL2C3C4ATV6GMSLANCNFSM5OOZIKRQ . You are receiving this because you were mentioned.Message ID: @.***>

roberto-carlos-leonardo avatar Sep 14 '22 11:09 roberto-carlos-leonardo