feat: misp event reports

docs/plugins/misp/_index.md

@@ -29,3 +29,7 @@ fabric {
 ## Data sources
 
 {{< plugin-resources "misp" "data-source" >}}
+
+## Publishers
+
+{{< plugin-resources "misp" "publisher" >}}

docs/plugins/misp/publishers/misp_event_reports.md

@@ -0,0 +1,101 @@
+---
+title: "`misp_event_reports` publisher"
+plugin:
+  name: blackstork/misp
+  description: "Publishes content to misp event reports"
+  tags: []
+  version: "v0.4.2"
+  source_github: "https://github.com/blackstork-io/fabric/tree/main/internal/misp/"
+resource:
+  type: publisher
+type: docs
+---
+
+{{< breadcrumbs 2 >}}
+
+{{< plugin-resource-header "blackstork/misp" "misp" "v0.4.2" "misp_event_reports" "publisher" >}}
+
+## Installation
+
+To use `misp_event_reports` publisher, you must install the plugin `blackstork/misp`.
+
+To install the plugin, add the full plugin name to the `plugin_versions` map in the Fabric global configuration block (see [Global configuration]({{< ref "configs.md#global-configuration" >}}) for more details), as shown below:
+
+```hcl
+fabric {
+  plugin_versions = {
+    "blackstork/misp" = ">= v0.4.2"
+  }
+}
+```
+
+Note the version constraint set for the plugin.
+
+#### Formats
+
+The publisher supports the following document formats:
+
+- `md`
+
+To set the output format, specify it inside `publish` block with `format` argument.
+
+
+#### Configuration
+
+The publisher supports the following configuration arguments:
+
+```hcl
+config publish misp_event_reports {
+  # misp api key
+  #
+  # Required string.
+  # Must be non-empty
+  # For example:
+  api_key = "some string"
+
+  # misp base url
+  #
+  # Required string.
+  # Must be non-empty
+  # For example:
+  base_url = "some string"
+
+  # skip ssl verification
+  #
+  # Optional bool.
+  # Default value:
+  skip_ssl = false
+}
+
+```
+
+#### Usage
+
+The publisher supports the following execution arguments:
+
+```hcl
+# In addition to the arguments listed, `publish` block accepts `format` argument.
+
+publish misp_event_reports {
+  # Required string.
+  # Must be non-empty
+  # For example:
+  event_id = "some string"
+
+  # Required string.
+  # Must be non-empty
+  # For example:
+  name = "some string"
+
+  # Optional string.
+  # Must be one of: "0", "1", "2", "3", "4", "5"
+  # Default value:
+  distribution = null
+
+  # Optional string.
+  # Default value:
+  sharing_group_id = null
+}
+
+```
+

docs/plugins/plugins.json

@@ -581,6 +581,21 @@
     "version": "v0.4.2",
     "shortname": "misp",
     "resources": [
+      {
+        "name": "misp_event_reports",
+        "type": "publisher",
+        "config_params": [
+          "api_key",
+          "base_url",
+          "skip_ssl"
+        ],
+        "arguments": [
+          "distribution",
+          "event_id",
+          "name",
+          "sharing_group_id"
+        ]
+      },
       {
         "name": "misp_events",
         "type": "data-source",

examples/templates/misp/misp_event_reports.fabric

@@ -0,0 +1,21 @@
+document "misp_event_reports" {
+  meta {
+    name = "example_document"
+  }
+
+  title = "Publish"
+
+  publish misp_event_reports "myreport" {
+    format = "md"
+    event_id = "1"
+    name = "doc.md"
+    distribution = "0"
+    config {
+      api_key = ""
+      base_url = "https://localhost"
+      skip_ssl = true
+    }
+  }
+
+}
+

go.mod

@@ -17,6 +17,7 @@ require (
 	github.com/golang-cz/devslog v0.0.8
 	github.com/google/go-github/v58 v58.0.0
 	github.com/google/go-querystring v1.1.0
+	github.com/google/uuid v1.6.0
 	github.com/hashicorp/go-hclog v1.6.3
 	github.com/hashicorp/go-plugin v1.6.1
 	github.com/hashicorp/hcl/v2 v2.20.1
@@ -107,7 +108,6 @@ require (
 	github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
-	github.com/google/uuid v1.6.0 // indirect
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.1 // indirect
 	github.com/hashicorp/yamux v0.1.1 // indirect
 	github.com/hokaccha/go-prettyjson v0.0.0-20211117102719-0474bc63780f // indirect

internal/misp/client/misp_client.go

@@ -61,6 +61,7 @@ func (client *Client) Do(ctx context.Context, method, path string, payload inter
 
 	req.Header = make(http.Header)
 	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Accept", "application/json")
 	client.auth(req)
 	resp, err = client.client.Do(req)
 	if err != nil {
@@ -86,3 +87,16 @@ func (client *Client) RestSearchEvents(ctx context.Context, req RestSearchEvents
 	}
 	return
 }
+
+func (client *Client) AddEventReport(ctx context.Context, req AddEventReportRequest) (events AddEventReportResponse, err error) {
+	resp, err := client.Do(ctx, http.MethodPost, "/event_reports/add/"+req.EventId, req)
+	if err != nil {
+		return
+	}
+	defer resp.Body.Close()
+	err = json.NewDecoder(resp.Body).Decode(&events)
+	if err != nil {
+		return
+	}
+	return
+}

internal/misp/client/misp_models.go

@@ -50,3 +50,30 @@ type Event struct {
 	SightingTimestamp  string `json:"sighting_timestamp"`
 	DisableCorrelation bool   `json:"disable_correlation"`
 }
+
+type AddEventReportRequest struct {
+	Uuid           string  `json:"uuid"`
+	EventId        string  `json:"event_id"`
+	Name           string  `json:"name"`
+	Content        string  `json:"content"`
+	Distribution   *string `json:"distribution"`
+	SharingGroupId *string `json:"sharing_group_id"`
+	Timestamp      *string `json:"timestamp"`
+	Deleted        bool    `json:"deleted"`
+}
+
+type EventReport struct {
+	Id             string  `json:"id"`
+	Uuid           string  `json:"uuid"`
+	EventId        string  `json:"event_id"`
+	Name           string  `json:"name"`
+	Content        string  `json:"content"`
+	Distribution   string  `json:"distribution"`
+	SharingGroupId *string `json:"sharing_group_id"`
+	Timestamp      *string `json:"timestamp"`
+	Deleted        bool    `json:"deleted"`
+}
+
+type AddEventReportResponse struct {
+	EventReport EventReport `json:"EventReport"`
+}

internal/misp/plugin.go

@@ -18,6 +18,7 @@ import (
 
 type Client interface {
 	RestSearchEvents(ctx context.Context, req client.RestSearchEventsRequest) (events client.RestSearchEventsResponse, err error)
+	AddEventReport(ctx context.Context, req client.AddEventReportRequest) (resp client.AddEventReportResponse, err error)
 }
 
 type ClientLoaderFn func(cfg *dataspec.Block) Client
@@ -49,6 +50,9 @@ func Plugin(version string, loader ClientLoaderFn) *plugin.Schema {
 		DataSources: plugin.DataSources{
 			"misp_events": makeMispEventsDataSource(loader),
 		},
+		Publishers: plugin.Publishers{
+			"misp_event_reports": makeMispEventReportsPublisher(loader),
+		},
 	}
 }