Config file entries not being applied

[tom564]

Description

When certain options are set via a config file and otx-misp is used like otx-misp -c /etc/otx.conf certain options don't seem to apply. these include to_ids = yes, author = yes, discover_tags = yes.

When ran with the bellow config file tags are not discovered, alienvault is not added to the info field and the IDS flag is not set. running with otx-misp -a --discover-tags --to-ids --dedup-titles -c /etc/otx.conf works as expected.

The config file was initially generated using the -w argument.

Versions

• otx-misp: 1.4.2
• PyMISP: 2.4.95
• MISP:2.4.96
• Python (Python 2 will not be supported): 3.6.6
• Operating system: Ubuntu 18.04

Config File

[otx_misp]

tlp = yes

dedup_titles = yes

author = yes

timestamp = 2019-02-05T06:02:24.516501

to_ids = yes

bulk_tag = otx,test

server = https://127.0.0.1

otx =

publish = yes

stop_on_error = no

author_tag = no

discover_tags = yes

misp =

update_timestamp = yes

[github-germ]

Same issue experienced here. Part of the issue may be rooted here https://github.com/gcrahay/otx_misp/blob/master/src/otx_misp/cli.py#L145 in cli.py where kwargs are set for the call to create_events, i.e. notice that not all config are included:

   145         kwargs = {
   146             'server': config.server,
   147             'key': config.misp,
   148             'distribution': config.distribution,
   149             'threat_level': config.threat_level,
   150             'analysis': config.analysis,
   151             'tlp': config.tlp,
   152             'discover_tags': config.discover_tags,
   153             'to_ids': config.to_ids,
   154             'author_tag': config.author_tag,
   155             'bulk_tag': config.bulk_tag,
   156             'dedup_titles': config.dedup_titles,
   157             'stop_on_error': config.stop_on_error
   158         }

And here's the signature to create_events where missing args are defaulted:

def create_events(
    pulse_or_list, author=False, server=False, key=False,
    misp=False, distribution=0, threat_level=4, analysis=2,
    publish=True, tlp=True, discover_tags=False, to_ids=False,
    author_tag=False, bulk_tag=None, dedup_titles=False,
    stop_on_error=False):

Looks like publish is missing from kwargs.

Will need to dig further on why some others are not seemingly being acted upon.

[github-germ]

OK, I think the remainder of the issue is as follows (and yes, the missing publish in kwargs abov is a separate issue):

• cli.py using argparse.ArgumentParser sets every bool command line option to either True or False.
• configuration.Configuration._populate_config looks to see if a command line option is set and if so uses that value, and does not use the equivalent setting in the config file.
• However, every bool command line option will be set by the ArgumentParser and hence, it appears that no bool variable in the config file is ever used.
• Until this code is fixed, we must use explicit command line options explicitly for bool args that we were hoping the config file would set.

[chrisinmtown]

is otx_misp still active? It seems like this might have been an easy fix, but there has been no action for 18 months. @gcrahay are you still maintaining this?