Skip to content

fix: attach pdfs to reports #197

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
DocArmoryTech wants to merge 6 commits into
base: main
Choose a base branch
from
Open

fix: attach pdfs to reports #197

DocArmoryTech wants to merge 6 commits into from

Conversation

@DocArmoryTech
Copy link

@DocArmoryTech DocArmoryTech commented Feb 28, 2025

Resolves #190

Currently, when MISP report objects are being created, the report-file object includes only the url for the PDF of the report, and not the actual data.

This PR:

  • exposes the falconpy Intel.get_report_pdf() through a new IntelAPIClient.get_report_pdf() function.
  • updates generation of the report-file (attachment) to MISP report objects to include the PDF document

DocArmoryTech and others added 6 commits February 21, 2025 15:30
@DocArmoryTech
expose get_report_pdf
34c411e 
introduces `IntelAPIClient.get_report_pdf(report_id)` in order to expose the falconpy `Intel.get_report_pdf()` function.
@DocArmoryTech
pull and attach report pdfs
b462e3b 
Uses the newly exposed `IntelAPIClient.get_report_pdf(report_id)` function to download Crowdstrike-report attachments and includes them as `report-file` attachments (alongside the url)
@DocArmoryTech
byte to bytesio
26972ee
@DocArmoryTech
ensure pdf is byte
625527d 
In an as yet undetermined/undiagnosed scenario, `get_pdf_report(...)` returns a `dict` and thereby causes an error in converting the expect byte array to an IO stream.

This commit: 
- ensures a `pdfreport` is in fact a `byte` array before attempting upload to misp via an IO stream.
- reverts to the original (no `add_attributed( ..., data=...`) if `pdfreport` is not a `byte` array generation of `attachments`
@DocArmoryTech
Refactor add_report_content
d363143 
- Removed unnecessary `attributes` list and directly added attributes to `rpt`
- Improved handling of `attachments` for various report types:
 - CSA and CSIT `report.details` contains `attachments` 
 - CSECR, CSDR, CSID `report` contains `attachments`)
@DocArmoryTech
add report_type
f14e6c1 
CSECR = "Courtesy Report"
CSID = "Intrusion Digest"
@DocArmoryTech DocArmoryTech mentioned this pull request Feb 28, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

unable to download pdf

1 participant

@DocArmoryTech