When I'm tapping into the 0mq feed and get a misp_json_event coupled with {'action': 'delete'}, I would like to do something with all the contained events that also get deleted. However, this doesn't seem to be possible, because this is what I get back:

{'Event': {'id': '1363', 'org_id': '1', 'date': '2019-04-09', 'info': 'testing', 'user_id': '1', 'uuid': '5cacb329-421c-4d52-9b11-6281c0a8a88c', 'published': False, 'analysis': '0', 'attribute_count': '1', 'orgc_id': '1', 'timestamp': '1554908832', 'distribution': '0', 'sharing_group_id': '0', 'proposal_email_lock
': False, 'locked': False, 'threat_level_id': '4', 'publish_timestamp': '0', 'disable_correlation': False, 'extends_uuid': ''}, 'action': 'delete'}

All I have to work with is attribute_count, but neither attribute IDs nor the attributes themselves.

I showed this to @Rafiot at the CERN MISP workshop, and we discussed the following options:

1. Prior to the DELETE of the event, send a DELETE of all attributes.
2. After the DELETE of the event, send a DELETE of all attributes.
3. Include all attributes in the DELETE event
4. Include the attribute IDs in the DELETE event.

Personally, I think (1) and (3) would make the most sense. (3) has the benefit of solving the problem without spreading the operation across multiple messages, making it more self-contained.