PyMISP icon indicating copy to clipboard operation
PyMISP copied to clipboard

Published 20 hours ago verified publisher icon MISP

Feature Request: Mark taxonomies as required via PyMISP

Open JoePJisc opened this issue 2 years ago • 2 comments

Hi,

I'm trying to write a Python script to take a clean install of MISP to a fully configured production instnace, the bit I'm currently stuck on is making a taxonomy required.

This is where I've got to so far, any advice on the last step of pushing the required taxonomy back to MISP - or another way of doing so woud be appreciatd.

Thanks

from pymisp import PyMISP

AuthKey = "***"
MISP = PyMISP("https://misp.***", AuthKey)
MISP.update_taxonomies()
ToEnable = ["admiralty-scale", "PAP", "tlp"]
ToRequire = ["tlp"]
for taxonomy in MISP.taxonomies(True):
    if taxonomy.namespace in ToEnable:
        MISP.enable_taxonomy(taxonomy.id)
        MISP.enable_taxonomy_tags(taxonomy.id)
        if taxonomy.namespace in ToRequire:
            taxonomy.required = True
            # TODO Push back to MISP

JoePJisc avatar Mar 31 '22 08:03 JoePJisc

Currently PyMISP doesn't have the ability to enable this, but it's a very simple fix to make. I'm happy to take a look at this for you, might take me a few days to get around to it.

If you fancy the challenge (the MISP team always welcome new contributors!), a new function is required in PyMISP that performs a GET request to /taxonomies/toggleRequired/<id>, where id is the ID of the taxonomy local to the MISP instance. It's a toggle, so creating one of the two functions would be sufficient:

  1. Function of toggle_taxonomy(taxonomy: MISPTaxonomy) to toggle, handling the check in your own code
  2. Function of set_taxonomy_required(taxonomy: MISPTaxonomy, required: bool) which only toggles if the taxonomy flag is differs to the required param.

Let me know if you want to take it on yourself.

tomking2 avatar Sep 13 '22 16:09 tomking2

@JoeP-oss,

I had a bit of time to look into this further and have added this functionality into PyMISP, please refer to the PR above. Once merged and released, you will be able to do something like this (continuing on your script):

from pymisp import PyMISP

AuthKey = "***"
MISP = PyMISP("https://misp.***", AuthKey)
MISP.update_taxonomies()
ToEnable = ["admiralty-scale", "PAP", "tlp"]
ToRequire = ["tlp"]
for taxonomy in MISP.taxonomies(True):
    if taxonomy.namespace in ToEnable:
        MISP.enable_taxonomy(taxonomy.id)
        MISP.enable_taxonomy_tags(taxonomy.id)
        if taxonomy.namespace in ToRequire and not taxonomy.required:
            MISP.set_taxonomy_required(taxonomy, True)
            # Optional - Only if you require the up-to-date taxonomy with the correct flag
            taxonomy = MISP.get_taxonomy(taxonomy)

tomking2 avatar Sep 14 '22 09:09 tomking2

Merged, thank you @tomking2 !

Rafiot avatar Oct 02 '22 23:10 Rafiot