### Install PyMISP (Quick) Source: https://github.com/misp/pymisp/blob/main/docs/tutorial/FullOverview.ipynb Installs the PyMISP library using pip for quick setup. ```bash sudo pip3 install pymisp ``` -------------------------------- ### Install and Run PyMISP Feed Generator Source: https://github.com/misp/pymisp/blob/main/examples/feed-generator/README.md Clone the repository, navigate to the examples directory, copy the default settings, adjust your configuration, and run the generation script. ```bash git clone https://github.com/MISP/PyMISP.git cd examples/feed-generator cp settings.default.py settings.py vi settings.py #adjust your settings python3 generate.py ``` -------------------------------- ### Added edit_organisation Examples Source: https://github.com/misp/pymisp/blob/main/CHANGELOG.txt Includes new examples demonstrating how to use the 'edit_organisation' functionality. These examples serve as practical guides for users. ```python # [example] Added edit_organisation examples. [Steve Clement] ``` -------------------------------- ### Install PyMISP with Basic Dependencies Source: https://github.com/misp/pymisp/blob/main/README.md Install PyMISP using pip with only the basic dependencies. This is the recommended way to install for most users. ```bash pip3 install pymisp ``` -------------------------------- ### Install PyMISP from Repository for Development Source: https://github.com/misp/pymisp/blob/main/README.md Clone the PyMISP repository and install the latest version for development purposes using poetry. Ensure poetry is installed and submodules are updated. ```bash git clone https://github.com/MISP/PyMISP.git && cd PyMISP git submodule update --init poetry install -E fileobjects -E openioc -E virustotal -E docs -E pdfexport -E email ``` -------------------------------- ### Install PyMISP (Developer) Source: https://github.com/misp/pymisp/blob/main/docs/tutorial/FullOverview.ipynb Sets up PyMISP for development, including cloning the repository, creating a virtual environment, and installing in editable mode. ```bash git clone https://github.com/MISP/PyMISP.git cd PyMISP virtualenv -p python3 pymisp-env source pymisp-env/bin/activate pip install -e . ``` -------------------------------- ### Configure MISP API Keys for Examples Source: https://github.com/misp/pymisp/blob/main/README.md Before running example scripts, copy the sample keys file and edit it with your MISP URL and API key. ```bash cd examples cp keys.py.sample keys.py vim keys.py ``` -------------------------------- ### Install and Run Redis Server Source: https://github.com/misp/pymisp/blob/main/examples/feed-generator-from-redis/README.md Commands to install Redis server, check its status, and clone the PyMISP repository. ```bash # redis-server sudo apt install redis-server # Check if redis is running redis-cli ping ``` ```bash # Feed generator git clone https://github.com/MISP/PyMISP cd PyMISP/examples/feed-generator-from-redis cp settings.default.py settings.py vi settings.py # adjust your settings python3 fromredis.py # Serving file to MISP bash install.sh . ./serv-env/bin/activate python3 server.py ``` -------------------------------- ### Bump Examples to Python 3 Source: https://github.com/misp/pymisp/blob/main/CHANGELOG.txt Updates the examples to be compatible with Python 3. This ensures that the provided examples run correctly in modern Python environments. ```python # Bump examples to python3. [Raphaël Vinot] ``` -------------------------------- ### Install PyMISP (User) Source: https://github.com/misp/pymisp/blob/main/docs/tutorial/FullOverview.ipynb Installs the PyMISP library for the current user, avoiding system-wide changes. ```bash pip3 install --user pymisp ``` -------------------------------- ### Download Dependencies for Offline Installation Source: https://github.com/misp/pymisp/blob/main/README.md Download all dependencies listed in requirements.txt to a local directory for offline installation. ```bash poetry run pip download -r offline/requirements.txt -d offline/packages/ ``` -------------------------------- ### Install Jupyter Notebook Source: https://github.com/misp/pymisp/blob/main/docs/tutorial/FullOverview.ipynb Installs Jupyter Notebook within a virtual environment for interactive use. ```bash pip3 install jupyter cd docs/tutorial jupyter-notebook ``` -------------------------------- ### Install PyMISP with Optional Dependencies Source: https://github.com/misp/pymisp/blob/main/README.md Install PyMISP with specific optional dependencies like 'virustotal' and 'email' using pip. ```bash pip3 install pymisp[virustotal,email] ``` -------------------------------- ### Paginate Multiple Results in Last Example Source: https://github.com/misp/pymisp/blob/main/CHANGELOG.txt Enhances the 'last' example command to support pagination over multiple results. This allows users to retrieve data in chunks, improving performance and manageability. ```python # [last] You can now paginate over multiple results in the last example # command. [Alexandre Dulaunoy] ``` -------------------------------- ### Download Dependencies for Offline Installation Source: https://github.com/misp/pymisp/blob/main/docs/source/README.md Use these commands to download all necessary dependencies for offline installation. Ensure you have cloned the PyMISP repository. ```bash mkdir offline poetry export --all-extras > offline/requirements.txt poetry run pip download -r offline/requirements.txt -d offline/packages/ ``` -------------------------------- ### Install PyMISP Offline Source: https://github.com/misp/pymisp/blob/main/README.md Install PyMISP and its dependencies on a machine without internet access using the pre-downloaded packages. ```bash python -m pip install --no-index --no-deps packages/*.whl ``` -------------------------------- ### Add Generic Object Script Examples Source: https://github.com/misp/pymisp/blob/main/CHANGELOG.txt Examples demonstrating the usage of the add_generic_object.py script to add various types of objects to MISP events. Ensure the correct event ID, object type, and data dictionary are provided. ```python python3 add_generic_object.py -e 1683 -t email -d '{"subject":"The Pink Letter", "to":"jon@snow.org"}' ``` ```python python3 add_generic_object.py -e 2343 -t person -d '{"first-name":"Daenerys", "last-name":"Targaryen", "place-of-birth":"Dragonstone"}' ``` ```python python3 add_generic_object.py -e 3596 -t "domain|ip" -d '{"domain":"stormborn.org", "ip":"50.63.202.33"}' ``` -------------------------------- ### Get Users Source: https://github.com/misp/pymisp/blob/main/docs/tutorial/FullOverview.ipynb Retrieve a list of all users in the MISP instance. ```python misp.users() ``` -------------------------------- ### Install LIEF on Python < 3.7 with Pipenv Source: https://github.com/misp/pymisp/blob/main/CHANGELOG.txt Provides instructions or a fix for installing the LIEF library on Python versions older than 3.7 when using Pipenv. This addresses potential compatibility issues. ```python # Install lief on python < 3.7 with pipenv. [Raphaël Vinot] ``` -------------------------------- ### Paginate Last Events with jq Source: https://github.com/misp/pymisp/blob/main/CHANGELOG.txt Demonstrates how to paginate over multiple results in the 'last' example command and pipe the output to jq for JSON parsing. Useful for extracting specific event data within a time range. ```bash python3 last.py -l 48h -m 10 -p 2 | jq .[].Event.info ``` -------------------------------- ### get Source: https://github.com/misp/pymisp/blob/main/docs/source/tools.md Retrieves a value by key, returning a default if the key is not found. ```APIDOC ## get ### Description Retrieves a value associated with a key. ### Parameters - **k** - The key to retrieve. ### Returns D[k] if k in D, else d. `d` defaults to None. ``` -------------------------------- ### start_worker Source: https://github.com/misp/pymisp/blob/main/docs/source/modules.md Starts a MISP worker process of a specified type. ```APIDOC ## start_worker ### Description Start a worker. ### Parameters * **worker_type** (str) - The type of worker to start. Must be one of: "default", "email", "scheduler", "cache", "prio", "update". ### Method POST ### Endpoint /servers/restAPI/startWorker ``` -------------------------------- ### Get Roles Source: https://github.com/misp/pymisp/blob/main/docs/tutorial/FullOverview.ipynb Retrieve a list of all available roles within MISP. ```python misp.roles() ``` -------------------------------- ### Fetch Events Published in the Last X Time Source: https://github.com/misp/pymisp/blob/main/README.md Use the 'last.py' example script to fetch MISP events published within a specified time frame (hours, days, or minutes). ```bash cd examples python3 last.py -l 10h # 10 hours python3 last.py -l 5d # 5 days python3 last.py -l 45m # 45 minutes ``` -------------------------------- ### Initialize MISP Connection Variables Source: https://github.com/misp/pymisp/blob/main/docs/tutorial/FullOverview.ipynb Set up the necessary variables for connecting to a MISP instance, including URL, API key, and certificate verification preference. ```python # The URL of the MISP instance to connect to misp_url = 'https://127.0.0.1:8443/' # Can be found in the MISP web interface under # http://+MISP_URL+/users/view/me -> Authkey misp_key = 'd6OmdDFvU3Seau3UjwvHS1y3tFQbaRNhJhDX0tjh' # Should PyMISP verify the MISP certificate misp_verifycert = False ``` -------------------------------- ### Initialize PyMISP Connection Source: https://github.com/misp/pymisp/blob/main/docs/tutorial/Search-FullOverview.ipynb Set up your MISP connection details including URL, API key, and certificate verification preference. The API key can be retrieved from your MISP user profile. ```python from pathlib import Path api_file = Path('apikey') if api_file.exists(): misp_url = 'http://127.0.0.1' misp_verifycert = False with open(api_file) as f: misp_key = f.read().strip() print(misp_key) ``` ```python from pymisp import PyMISP misp = PyMISP(misp_url, misp_key, misp_verifycert, debug=False) ``` -------------------------------- ### Import Single IOC with Tags Source: https://github.com/misp/pymisp/blob/main/examples/ioc_2_misp/README.md Use this command to import a single IOC with specific tags. Ensure the IOC file and tags are correctly formatted. ```bash python ioc2misp.py -i myioc -t "tag:mytag='sample','tag:other='foo'" ``` -------------------------------- ### Initialize PyMISP Connection Source: https://github.com/misp/pymisp/blob/main/docs/tutorial/a.7-rest-api-extensive-restsearch.ipynb Establishes a connection to the MISP instance. Ensure your MISP URL, API key, and certificate verification settings are correctly configured. ```python from pymisp import PyMISP import urllib3 urllib3.disable_warnings() misp_url = 'https://localhost:8443/' misp_key = 'GqfuZo444EFlylND0XaKZsEXgWgkPgguUZ6KVRuq' # Should PyMISP verify the MISP certificate misp_verifycert = False misp = PyMISP(misp_url, misp_key, misp_verifycert) ``` -------------------------------- ### Get Organisations Source: https://github.com/misp/pymisp/blob/main/docs/tutorial/FullOverview.ipynb Retrieve a list of all organisations registered in MISP. ```python misp.organisations() ``` -------------------------------- ### Import Multiple IOCs from Files Source: https://github.com/misp/pymisp/blob/main/examples/ioc_2_misp/README.md This command processes all files in a directory, importing each as an IOC. It's useful for batch imports. ```bash time find /iocsample -type f|while read line ;do python ioc2misp.py -i ${line};done ``` -------------------------------- ### Use PyPI Pydeep and Add Test Source: https://github.com/misp/pymisp/blob/main/CHANGELOG.txt Switches to using the 'pydeep' library from PyPI and adds a corresponding test case. This ensures the project utilizes the official distribution and verifies its functionality. ```python # Use pydeep from pypi, add test. [Raphaël Vinot] ``` -------------------------------- ### Initialize PyMISP Connection Source: https://github.com/misp/pymisp/blob/main/docs/tutorial/FullOverview.ipynb Establish a connection to the MISP instance using the PyMISP library with the provided URL, API key, and certificate verification settings. ```python from pymisp import PyMISP misp = PyMISP(misp_url, misp_key, misp_verifycert) ``` -------------------------------- ### event_delegations Source: https://github.com/misp/pymisp/blob/main/docs/source/modules.md Get all the event delegations. Can return a PyMISP Object or plain JSON. ```APIDOC ## event_delegations ### Description Get all the event delegations. ### Parameters * **pythonify** (bool) - Optional - Returns a PyMISP Objects instead of the plain json output. Warning: it might use a lot of RAM ### Returns dict[str, Any] | list[MISPEventDelegation] | list[dict[str, Any]] ``` -------------------------------- ### MISPUserSetting.from_dict Source: https://github.com/misp/pymisp/blob/main/docs/source/modules.md Loads all parameters as class properties from a dictionary. This method is intended for initializing objects with existing data. ```APIDOC ## MISPUserSetting.from_dict ### Description Loading all the parameters as class properties, if they aren’t None. This method aims to be called when all the properties requiring a special treatment are processed. This method is used when you initialize an object with existing data so by default, the class is flaged as not edited. ### Method `from_dict(**kwargs: Any)` ### Parameters #### Keyword Arguments - **kwargs** (Any) - Additional keyword arguments. ``` -------------------------------- ### server_settings Source: https://github.com/misp/pymisp/blob/main/docs/source/modules.md Retrieves all settings from the MISP server. ```APIDOC ## server_settings ### Description Get all the settings from the server. ### Method GET ### Endpoint /servers/restAPI/settings ``` -------------------------------- ### event_blocklists Source: https://github.com/misp/pymisp/blob/main/docs/source/modules.md Get all the blocklisted events. Can return a PyMISP Object or plain JSON. ```APIDOC ## event_blocklists ### Description Get all the blocklisted events. ### Parameters * **pythonify** (bool) - Optional - Returns a PyMISP Object instead of the plain json output. Warning: it might use a lot of RAM ### Returns dict[str, Any] | list[MISPEventBlocklist] | list[dict[str, Any]] ``` -------------------------------- ### get Source: https://github.com/misp/pymisp/blob/main/docs/source/tools.md Retrieves a value from the object by key. Returns None if the key is not found. ```APIDOC ## get ### Description Get a value from the object by key. ### Parameters - **k** - The key to retrieve. ### Returns D[k] if k in D, else d. d defaults to None. ``` -------------------------------- ### PyMISP Class Initialization Source: https://github.com/misp/pymisp/blob/main/docs/source/modules.md Initialize the PyMISP client to connect to a MISP instance. ```APIDOC ## PyMISP(url: str, key: str, ssl: bool | str = True, debug: bool = False, proxies: MutableMapping[str, str] | None = None, cert: str | tuple[str, str] | None = None, auth: AuthBase | None = None, tool: str = '', timeout: float | tuple[float, float] | None = None, http_headers: dict[str, str] | None = None, https_adapter: BaseAdapter | None = None, http_auth_header_name: str = 'Authorization') ### Description Python API for MISP. ### Parameters: * **url** – URL of the MISP instance you want to connect to * **key** – API key of the user you want to use * **ssl** – can be True or False (to check or to not check the validity of the certificate. Or a CA_BUNDLE in case of self signed or other certificate (the concatenation of all the crt of the chain) * **debug** – Write all the debug information to stderr * **proxies** – Proxy dict, as described here: [http://docs.python-requests.org/en/master/user/advanced/#proxies](http://docs.python-requests.org/en/master/user/advanced/#proxies) * **cert** – Client certificate, as described here: [http://docs.python-requests.org/en/master/user/advanced/#client-side-certificates](http://docs.python-requests.org/en/master/user/advanced/#client-side-certificates) * **auth** – The auth parameter is passed directly to requests, as described here: [http://docs.python-requests.org/en/master/user/authentication/](http://docs.python-requests.org/en/master/user/authentication/) * **tool** – The software using PyMISP (string), used to set a unique user-agent * **http_headers** – Arbitrary headers to pass to all the requests. * **https_adapter** – Arbitrary HTTPS adapter for the requests session. * **http_auth_header_name** – The name of the HTTP header to use for the API key. Can be either “Authorization” or “X-MISP-AUTH”. * **timeout** – Timeout, as described here: [https://requests.readthedocs.io/en/master/user/advanced/#timeouts](https://requests.readthedocs.io/en/master/user/advanced/#timeouts) ``` -------------------------------- ### get Source: https://github.com/misp/pymisp/blob/main/docs/source/tools.md Retrieves a value from the object by key. Returns None if the key is not found. ```APIDOC ## get ### Description Retrieves a value by key from the object. ### Parameters - **k** - Required - The key to retrieve. ### Returns - The value associated with the key, or None if the key is not found. ``` -------------------------------- ### get Source: https://github.com/misp/pymisp/blob/main/docs/source/tools.md Retrieves a value from the object by key. Returns None if the key is not found. ```APIDOC ## get ### Description Get a value from the object by key. ### Parameters * **k** - The key to retrieve. ### Returns D[k] if k in D, else d (defaults to None). ``` -------------------------------- ### Run Live PyMISP Tests Source: https://github.com/misp/pymisp/blob/main/README.md Execute live PyMISP tests against a running MISP instance using poetry. Ensure you update the automation key in `tests/testlive_comprehensive.py`. ```bash poetry run pytest --cov=pymisp tests/testlive_comprehensive.py ``` -------------------------------- ### Build PyMISP Package Source: https://github.com/misp/pymisp/blob/main/README.md Build the PyMISP package into a wheel file for distribution. ```bash poetry build mv dist/*.whl offline/packages/ ``` -------------------------------- ### Attribute Proposals Source: https://github.com/misp/pymisp/blob/main/docs/tutorial/FullOverview.ipynb Manage attribute proposals, including getting, accepting, and discarding them. ```APIDOC ## Get Attribute Proposal ### Description Retrieves a specific attribute proposal. ### Method `misp.get_attribute_proposal(proposal_id)` ### Parameters - **proposal_id** (int) - Required - The ID of the attribute proposal to retrieve. ### Response Example ```json { "proposal": { "id": 1, "attribute_id": 123, "event_id": 456, "proposal_type": "edit", "old_value": "1.1.1.1", "new_value": "1.1.1.2", "timestamp": 1678886400, "user_id": 1, "event_timestamp": 1678886400, "object_id": null, "object_relation": null, "shadow_attribute": { "id": 123, "event_id": 456, "object_id": null, "object_relation": null, "category": "Network activity", "type": "ip-dst", "value": "1.1.1.2", "to_ids": true, "uuid": "...", "timestamp": 1678886400, "event_uuid": "..." } } } ``` ## Accept Attribute Proposal ### Description Accepts a proposed change to an attribute. ### Method `misp.accept_attribute_proposal(proposal_id)` ### Parameters - **proposal_id** (int) - Required - The ID of the attribute proposal to accept. ### Response Example ```json { "message": "Proposal accepted successfully." } ``` ## Discard Attribute Proposal ### Description Discards a proposed change to an attribute. ### Method `misp.discard_attribute_proposal(proposal_id)` ### Parameters - **proposal_id** (int) - Required - The ID of the attribute proposal to discard. ### Response Example ```json { "message": "Proposal discarded successfully." } ``` ``` -------------------------------- ### Get Sharing Groups Source: https://github.com/misp/pymisp/blob/main/docs/tutorial/FullOverview.ipynb Retrieve a list of all sharing groups configured in MISP. ```python misp.sharing_groups() ``` -------------------------------- ### server_settings Source: https://github.com/misp/pymisp/blob/main/docs/source/modules.md Retrieves all configuration settings from the MISP server. This is useful for understanding the current server configuration. ```APIDOC ## server_settings ### Description Get all the settings from the server. ### Method GET ### Endpoint /servers/settings ### Parameters None ### Response #### Success Response (200) Returns a dictionary or list of dictionaries containing server settings. #### Response Example ```json { "setting_name": "setting_value" } ``` ``` -------------------------------- ### events Source: https://github.com/misp/pymisp/blob/main/docs/source/modules.md Get all the events from the MISP instance. Can return a PyMISP Object or plain JSON. ```APIDOC ## events ### Description Get all the events from the MISP instance. ### Parameters * **pythonify** (bool) - Optional - Returns a list of PyMISP Objects instead of the plain json output. Warning: it might use a lot of RAM ### Returns dict[str, Any] | list[MISPEvent] | list[dict[str, Any]] ``` -------------------------------- ### server_push Source: https://github.com/misp/pymisp/blob/main/docs/source/modules.md Initializes a push to a sync server, optionally limited to one event. Refer to the MISP API documentation for more details. ```APIDOC ## server_push ### Description Initializes a push to a sync server, optionally limited to one event. ### Parameters * **server** (MISPServer | int | str | UUID) - The sync server configuration. * **event** (MISPEvent | int | str | UUID | None) - Optional. The event to push. ``` -------------------------------- ### get Source: https://github.com/misp/pymisp/blob/main/docs/source/tools.md Retrieves a value from the object's internal dictionary using a specified key. ```APIDOC ## get ### Description Retrieves a value from the object's dictionary. ### Parameters * **k** - Required - The key of the item to retrieve. ### Returns The value associated with the key `k` if `k` is in the dictionary, otherwise defaults to `None`. ``` -------------------------------- ### Export Dependencies to requirements.txt Source: https://github.com/misp/pymisp/blob/main/README.md Use this command to export all project dependencies, including extras, to a requirements.txt file for offline use. ```bash mkdir offline poetry export --all-extras > offline/requirements.txt ``` -------------------------------- ### Get Attribute Proposal Source: https://github.com/misp/pymisp/blob/main/docs/tutorial/FullOverview.ipynb Retrieve a specific attribute proposal from MISP using its ID. ```python proposal = misp.get_attribute_proposal(1) print(proposal.to_json()) ``` -------------------------------- ### enable_feed Source: https://github.com/misp/pymisp/blob/main/docs/source/modules.md Enable a feed; fetching it will create event(s). Can return a PyMISP Object or plain JSON. ```APIDOC ## enable_feed ### Description Enable a feed; fetching it will create event(s). ### Parameters * **feed** (MISPFeed | int | str | UUID) - feed to enable * **pythonify** (bool) - Optional - Returns a PyMISP Object instead of the plain json output ### Returns dict[str, Any] | list[MISPFeed] | list[dict[str, Any]] ``` -------------------------------- ### get Source: https://github.com/misp/pymisp/blob/main/docs/source/tools.md Retrieves a value from the object's internal dictionary using a key. Returns None if the key is not found. ```APIDOC ## get ### Description Get a value from the object's dictionary. ### Parameters - **k** - Required - The key to retrieve. ### Returns - The value associated with the key, or None if the key is not found. ``` -------------------------------- ### enable_taxonomy Source: https://github.com/misp/pymisp/blob/main/docs/source/modules.md Enable a taxonomy. Can return a PyMISP Object or plain JSON. ```APIDOC ## enable_taxonomy ### Description Enable a taxonomy. ### Parameters * **taxonomy** (MISPTaxonomy | int | str | UUID) - taxonomy to enable ### Returns dict[str, Any] | list[dict[str, Any]] ``` -------------------------------- ### get Source: https://github.com/misp/pymisp/blob/main/docs/source/tools.md Retrieves a value from the object's dictionary-like storage using a key. Returns None if the key is not found. ```APIDOC ## get ### Description Get a value from the object's dictionary-like storage. ### Parameters - **k** - The key to retrieve. ### Returns D[k] if k in D, else d. d defaults to None. ``` -------------------------------- ### add_server Source: https://github.com/misp/pymisp/blob/main/docs/source/modules.md Adds a server for synchronization. Note: PyMISP.get_sync_config and PyMISP.import_server are recommended alternatives. ```APIDOC ## add_server ### Description Add a server to synchronise with. ### Method add_server ### Parameters #### Path Parameters None #### Query Parameters * **pythonify** (bool) - Optional - Returns a PyMISP Object instead of the plain json output #### Request Body * **server** ([MISPServer](#id317)) - sync server config ### Request Example None ### Response #### Success Response (200) - **dict[str, Any] | [MISPServer](#id317)** - The added server configuration or a PyMISP Object representation. #### Response Example None ``` -------------------------------- ### Get Feeds (Pythonified) Source: https://github.com/misp/pymisp/blob/main/docs/tutorial/FullOverview.ipynb Retrieve a list of configured feeds in MISP, with the option to return them as Python objects for easier manipulation. ```python misp.feeds(pythonify=True) ``` -------------------------------- ### enable_noticelist Source: https://github.com/misp/pymisp/blob/main/docs/source/modules.md Enable a noticelist by id. Can return a PyMISP Object or plain JSON. ```APIDOC ## enable_noticelist ### Description Enable a noticelist by id. ### Parameters * **noticelist** (MISPNoticelist | int | str | UUID) - Noticelist to enable ### Returns dict[str, Any] | list[dict[str, Any]] ``` -------------------------------- ### get Source: https://github.com/misp/pymisp/blob/main/docs/source/tools.md Retrieves the value associated with a given key from the object's internal dictionary. Returns `None` if the key is not found and no default value is provided. ```APIDOC ## get ### Description Retrieves the value for a specified key from the object's dictionary. Returns the default value (None if not specified) if the key does not exist. ### Method Signature `get(k) -> D[k] if k in D, else d` ### Parameters * **k** - The key whose value is to be retrieved. * **d** (optional) - The default value to return if the key is not found. ``` -------------------------------- ### start_worker Source: https://github.com/misp/pymisp/blob/main/docs/source/modules.md Starts a specific type of worker process on the MISP server. Workers handle background tasks like email notifications, scheduling, and updates. ```APIDOC ## start_worker ### Description Start a worker. ### Method POST ### Endpoint /workers/start ### Parameters #### Path Parameters None #### Query Parameters * **worker_type** (str) - Required - The type of worker to start. Must be one of: "default", "email", "scheduler", "cache", "prio", "update". ### Response #### Success Response (200) Returns a dictionary or list of dictionaries indicating the status of the worker start operation. #### Response Example ```json { "message": "Worker started successfully" } ``` ``` -------------------------------- ### Activate Virtual Environment Source: https://github.com/misp/pymisp/blob/main/examples/feed-generator-from-redis/README.md Command to activate the virtual environment for the feed generator. ```bash # Activate virtualenv . ./serv-env/bin/activate ``` -------------------------------- ### import_server Source: https://github.com/misp/pymisp/blob/main/docs/source/modules.md Imports a synchronization server configuration obtained from get_sync_config. ```APIDOC ## import_server ### Description Imports a synchronization server configuration. ### Method POST ### Endpoint /servers/importSyncServer ### Parameters #### Request Body - **server** (dict) - Required - The synchronization server configuration object. - **pythonify** (bool) - Optional - If True, returns a PyMISP object; otherwise, returns JSON. ### Response #### Success Response (200) - **server_data** (dict) - Details of the imported server configuration. #### Response Example ```json { "server": { "id": "123", "name": "ImportedServer" } } ``` ``` -------------------------------- ### Search Attributes by Publish Timestamp Range Source: https://github.com/misp/pymisp/blob/main/docs/tutorial/Search-FullOverview.ipynb Find attributes from events published within a range defined by two timestamps, for example, between '2d' and '1h' ago. ```python attributes = misp.search(controller='attributes', publish_timestamp=['2d', '1h'], pythonify=True) for a in attributes: print(a) ``` -------------------------------- ### Direct API Call: Get Events Source: https://github.com/misp/pymisp/blob/main/docs/tutorial/FullOverview.ipynb Make a direct API call to retrieve a list of events from MISP. This method is useful for accessing raw API responses. ```python misp.direct_call('events') ``` -------------------------------- ### user_settings Source: https://github.com/misp/pymisp/blob/main/docs/source/modules.md Retrieves all user settings from the MISP instance. Can return PyMISP Objects for detailed representation. ```APIDOC ## user_settings(pythonify: bool = False) -> dict[str, Any] | list[MISPUserSetting] | list[dict[str, Any]] ### Description Get all the user settings. ### Parameters * **pythonify** (bool, optional) - If True, returns a list of PyMISP Objects instead of plain JSON. Warning: this may consume significant RAM. Defaults to False. ``` -------------------------------- ### MISPServer.from_dict Source: https://github.com/misp/pymisp/blob/main/docs/source/modules.md Loads all parameters as class properties from a dictionary. This method is intended for initializing objects with existing data. ```APIDOC ## MISPServer.from_dict ### Description Loading all the parameters as class properties, if they aren’t None. This method aims to be called when all the properties requiring a special treatment are processed. This method is used when you initialize an object with existing data so by default, the class is flaged as not edited. ### Method `from_dict(**kwargs: Any)` ### Parameters #### Keyword Arguments - **kwargs** (Any) - Additional keyword arguments. ``` -------------------------------- ### Get Event Metadata by Event ID Source: https://github.com/misp/pymisp/blob/main/docs/tutorial/Search-FullOverview.ipynb Fetch metadata for specific events using their IDs. Setting `pythonify=True` returns a Python object for easier access to event data. ```python r = misp.search(eventid=[1,2,3], metadata=True, pythonify=True) ``` ```python r ``` -------------------------------- ### user_settings Source: https://github.com/misp/pymisp/blob/main/docs/source/modules.md Retrieves all user settings from the MISP instance. Provides configuration details for users. ```APIDOC ## user_settings(pythonify: bool = False) -> dict[str, Any] | list[[MISPUserSetting](#id301)] | list[dict[str, Any]] ### Description Get all the user settings on a MISP instance. Refer to MISP API documentation for details: https://www.misp-project.org/openapi/#tag/UserSettings/operation/getUserSettings ### Parameters * **pythonify** (bool, optional) - If True, returns a list of PyMISP Objects instead of plain JSON. Warning: this might consume significant RAM. Defaults to False. ``` -------------------------------- ### Test Case for Workflow Taxonomy Source: https://github.com/misp/pymisp/blob/main/CHANGELOG.txt Addresses a test case related to the workflow taxonomy, specifically noting that it is not enabled by default. This might involve adjustments to test setup or expectations. ```python # [tests] By default, the workflow taxonomy isn't enabled. [Raphaël # Vinot] ``` -------------------------------- ### MISPOrganisationBlocklist.from_dict Source: https://github.com/misp/pymisp/blob/main/docs/source/modules.md Loads MISPOrganisationBlocklist properties from a dictionary. ```APIDOC ## MISPOrganisationBlocklist.from_dict ### Description Loads all the parameters as class properties from a dictionary. This method is intended to be called when all properties requiring special treatment have been processed. It is typically used when initializing an object with existing data, and by default, the class is flagged as not edited. ### Signature `from_dict(**kwargs: Any) -> None` ``` -------------------------------- ### Search Attributes by Update Timestamp Source: https://github.com/misp/pymisp/blob/main/docs/tutorial/Search-FullOverview.ipynb Retrieve attributes that have been updated within a specified time range, calculated from the current time. This example searches for attributes updated in the last 10 hours (36000 seconds). ```python from datetime import datetime ts = int(datetime.now().timestamp()) attributes = misp.search(controller='attributes', timestamp=ts - 36000, pythonify=True) for a in attributes: print(a) ``` -------------------------------- ### Create FileObject from Path Source: https://github.com/misp/pymisp/blob/main/docs/tutorial/FullOverview.ipynb Utilizes the FileObject helper to create a MISP object from a file. This requires additional dependencies like 'lief', 'python-magic', and 'pydeep' for full functionality. ```python from pymisp.tools import FileObject file_obj = FileObject(filepath='../../tests/viper-test-files/test_files/EICAR.com', standalone=False) print(file_obj.to_json()) ``` -------------------------------- ### Extract Unique Event Tags with PyMISP Source: https://github.com/misp/pymisp/blob/main/docs/tutorial/a.7-rest-api-extensive-restsearch.ipynb This snippet shows how to extract and identify unique tags associated with events, specifically filtering for tags starting with 'misp-galaxy:target-information='. It requires the 'misp' object to be initialized. ```python allEventTags = [ [tag.name for tag in misp.get_event(attr.event_id, pythonify=True).Tag if tag.name.startswith('misp-galaxy:target-information=')] for attr in r4 ] allUniqueEventTag = set() for tags in allEventTags: for tag in tags: allUniqueEventTag.add(tag) print('All unique Event tags:', allUniqueEventTag) ``` -------------------------------- ### MISPSighting.from_dict Source: https://github.com/misp/pymisp/blob/main/docs/source/modules.md Initializes the MISPSighting from a dictionary. ```APIDOC ## MISPSighting.from_dict ### Description Initialize the MISPSighting from a dictionary ### Method `from_dict(**kwargs: Any)` ### Parameters #### Keyword Arguments - **value** (Any) - Value of the attribute the sighting is related too. Pushing this object will update the sighting count of each attribute with this value on the instance. - **uuid** (Any) - UUID of the attribute to update - **id** (Any) - ID of the attriute to update - **source** (Any) - Source of the sighting - **type** (Any) - Type of the sighting - **timestamp** (Any) - Timestamp associated to the sighting ``` -------------------------------- ### get_server_setting Source: https://github.com/misp/pymisp/blob/main/docs/source/modules.md Retrieves a specific setting from the MISP instance. ```APIDOC ## get_server_setting ### Description Retrieves a specific setting from the MISP instance. ### Method GET ### Endpoint /server-setting/{setting} ### Parameters #### Path Parameters - **setting** (str) - Required - The name of the server setting to retrieve. ### Response #### Success Response (200) - **setting_data** (dict[str, Any] | list[dict[str, Any]]) - The server setting information. ``` -------------------------------- ### Search Events by Threat Actor Tag Source: https://github.com/misp/pymisp/blob/main/docs/tutorial/a.7-rest-api-extensive-restsearch.ipynb Use this snippet to retrieve the context of events associated with a specific threat actor, such as 'APT 29'. The results are saved as a JS-free HTML file. Ensure you have the PyMISP library installed and configured. ```python import misp import subprocess # Get the context of Events that had the threat actor APT-29 attached body = { 'returnFormat': 'context', 'tags': ['misp-galaxy:threat-actor="APT 29"'], 'staticHtml': 1, # If you want a JS-free HTML } r2 = misp.direct_call('/events/restSearch', body) with open('/tmp/attackOutput.html', 'w') as f: f.write(r2) # subprocess.run(['google-chrome', '--incognito', '/tmp/attackOutput.html']) ``` -------------------------------- ### get_server_setting Source: https://github.com/misp/pymisp/blob/main/docs/source/modules.md Retrieves a specific setting from the MISP instance. ```APIDOC ## get_server_setting ### Description Get a setting from the MISP instance. ### Method APIDOC ### Endpoint APIDOC ### Parameters #### Path Parameters - None #### Query Parameters - **setting** (str) - The name of the server setting to retrieve. ### Request Example APIDOC ### Response #### Success Response (200) - **output** (dict[str, Any] | list[dict[str, Any]]) - The requested server setting(s). #### Response Example APIDOC ``` -------------------------------- ### Add User Source: https://github.com/misp/pymisp/blob/main/docs/tutorial/FullOverview.ipynb Add a new user to the MISP instance. Requires a dictionary containing user details, such as email. ```python misp.add_user({'email': 'bar@foo.de'}) ``` -------------------------------- ### enable_warninglist Source: https://github.com/misp/pymisp/blob/main/docs/source/modules.md Enable a warninglist. Can return a PyMISP Object or plain JSON. ```APIDOC ## enable_warninglist ### Description Enable a warninglist. ### Parameters * **warninglist** (MISPWarninglist | int | str | UUID) - warninglist to enable ### Returns dict[str, Any] | list[dict[str, Any]] ``` -------------------------------- ### Create and Add a MISP Event with Objects Source: https://github.com/misp/pymisp/blob/main/docs/tutorial/FullOverview.ipynb Create a new MISP event, add a file object with attributes and tags, and then add the event to the MISP instance. This also demonstrates updating an event with a new object. ```python from pymisp import MISPEvent, MISPObject event = MISPEvent() event.info = 'This is my new MISP event' # Required event.distribution = 0 # Optional, defaults to MISP.default_event_distribution in MISP config event.threat_level_id = 2 # Optional, defaults to MISP.default_event_threat_level in MISP config event.analysis = 1 # Optional, defaults to 0 (initial analysis) mispObject = MISPObject('file') mispObject.add_attribute('filename', type='filename', value='filename.exe', Tag=[{'name': 'tlp:amber'}]) event.add_object(mispObject) print(misp) existing_event = misp.add_event(event, pythonify=True) print(existing_event) mispObject = MISPObject('file') mispObject.add_attribute('filename', type='filename', value='filename2.exe', Tag=[{'name': 'tlp:white'}]) existing_event.add_object(mispObject) print(existing_event.to_json()) res = misp.update_event(existing_event) existing_event = MISPEvent() existing_event.load(res) print(existing_event.to_json()) ``` -------------------------------- ### add_server Source: https://github.com/misp/pymisp/blob/main/docs/source/modules.md Adds a server configuration for synchronization. Note: PyMISP.get_sync_config and PyMISP.import_server are recommended alternatives. ```APIDOC ## add_server ### Description Adds a server to synchronize with. ### Parameters * **server** (MISPServer) - The server synchronization configuration. * **pythonify** (bool, optional) - If True, returns a PyMISP Object instead of plain JSON. Defaults to False. ### Returns - dict[str, Any] or MISPServer: The added server configuration. ``` -------------------------------- ### Serve Data to MISP Source: https://github.com/misp/pymisp/blob/main/examples/feed-generator-from-redis/README.md Command to run the server.py script to serve the generated feed data to MISP. ```bash >>> python3 server.py ``` -------------------------------- ### recommended_pymisp_version Source: https://github.com/misp/pymisp/blob/main/docs/source/modules.md Fetches the recommended API version for PyMISP from the MISP server. ```APIDOC ## recommended_pymisp_version ### Description Returns the recommended API version from the server ### Method recommended_pymisp_version: dict[str, Any] | list[dict[str, Any]] ``` -------------------------------- ### register_user Source: https://github.com/misp/pymisp/blob/main/docs/source/modules.md Requests the creation of a new user account in MISP. ```APIDOC ## register_user ### Description Ask for the creation of an account for the user with the given email address. ### Method `register_user(misp_url: str, email: str, organisation: [MISPOrganisation](#id303) | int | str | UUID | None = None, org_id: str | None = None, org_name: str | None = None, message: str | None = None, custom_perms: str | None = None, perm_sync: bool = False, perm_publish: bool = False, perm_admin: bool = False, verify: bool = True)` ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body None ### Parameters * **misp_url** (str) - The URL of the MISP instance. * **email** (str) - The email address of the user to register. * **organisation** ([MISPOrganisation](#id303) | int | str | UUID | None) - Optional. The organization of the user. * **org_id** (str | None) - Optional. The ID of the user's organization. * **org_name** (str | None) - Optional. The name of the user's organization. * **message** (str | None) - Optional. A message to accompany the registration request. * **custom_perms** (str | None) - Optional. Custom permissions for the user. * **perm_sync** (bool) - Optional. Indicator for synchronization permissions (default: False). * **perm_publish** (bool) - Optional. Indicator for publishing permissions (default: False). * **perm_admin** (bool) - Optional. Indicator for administrator permissions (default: False). * **verify** (bool) - Optional. Whether to verify the SSL certificate (default: True). ### Request Example None ### Response #### Success Response (200) - **result** (dict[str, Any] | list[dict[str, Any]]) - A dictionary or list containing the result of the user registration request. #### Response Example None ``` -------------------------------- ### Complex Search Queries with OR and AND Logic Source: https://github.com/misp/pymisp/blob/main/docs/tutorial/a.7-rest-api-extensive-restsearch.ipynb Illustrates building and executing complex search queries using PyMISP's `build_complex_query` function. It shows how to combine tags using OR logic and AND logic, returning the count and specific tags of matching attributes. Requires the 'misp' object and 'pprint' for formatted output. ```python complex_query = misp.build_complex_query(or_parameters=['tlp:amber', 'adversary:infrastructure-type="c2"']) r7 = misp.search( controller='attributes', tags=complex_query, includeEventTags=True, pythonify=True) print('Or:', len(r7)) pprint([ [tag.name for tag in attr.Tag if (tag.name == 'tlp:amber' or tag.name == 'adversary:infrastructure-type="c2"')] for attr in r7[:5] ]) print() complex_query = misp.build_complex_query(and_parameters=['tlp:amber', 'adversary:infrastructure-type="c2"']) r8 = misp.search( controller='attributes', tags=complex_query, includeEventTags=True, pythonify=True) print('And:', len(r8)) pprint([ [tag.name for tag in attr.Tag if (tag.name == 'tlp:amber' or tag.name == 'adversary:infrastructure-type="c2"')] for attr in r8 ]) ``` -------------------------------- ### server_push Source: https://github.com/misp/pymisp/blob/main/docs/source/modules.md Initializes a push to a synchronization server, optionally limited to a single event. This function allows for controlled data synchronization between MISP instances. ```APIDOC ## server_push ### Description Initialize a push to a sync server, optionally limited to one event. ### Method POST ### Endpoint /servers/push ### Parameters #### Path Parameters None #### Query Parameters * **server** (MISPServer | int | str | UUID) - Required - The target sync server configuration. * **event** (MISPEvent | int | str | UUID | None) - Optional - The specific event to push. If not provided, all events may be pushed. ### Request Example ```json { "server": "server_id_or_config", "event": "event_id" } ``` ### Response #### Success Response (200) Returns a dictionary or list of dictionaries representing the push status. #### Response Example ```json { "message": "Push successful" } ``` ``` -------------------------------- ### Run Comprehensive PyMISP Tests with Specific Test Case Source: https://github.com/misp/pymisp/blob/main/README.md Execute specific live comprehensive test cases for PyMISP using poetry. Replace '[test_name]' with the actual test case name. ```bash # From poetry pytest --cov=pymisp tests/test_*.py tests/testlive_comprehensive.py:TestComprehensive.[test_name] ``` -------------------------------- ### test_server Source: https://github.com/misp/pymisp/blob/main/docs/source/modules.md Tests if a synchronization link to a MISP server is working correctly. ```APIDOC ## test_server ### Description Test if a sync link is working as expected. ### Parameters * **server** ([MISPServer](#id317) | int | str | UUID) - sync server config ### Returns dict[str, Any] | list[dict[str, Any]] ``` -------------------------------- ### test_server Source: https://github.com/misp/pymisp/blob/main/docs/source/modules.md Tests if a synchronization link to a MISP server is working as expected. ```APIDOC ## test_server ### Description Test if a sync link is working as expected ### Parameters * **server** ([MISPServer](#id317) | int | str | UUID) - Required - sync server config ### Returns dict[str, Any] | list[dict[str, Any]] ``` -------------------------------- ### MISPUserSetting.keys Source: https://github.com/misp/pymisp/blob/main/docs/source/modules.md Returns a set-like object providing a view on the dictionary D's keys. ```APIDOC ## keys ### Description Returns a set-like object providing a view on D's keys. ### Method keys() ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body None ### Request Example None ### Response #### Success Response (200) None #### Response Example None ``` -------------------------------- ### Initialize MISPEvent Object Source: https://github.com/misp/pymisp/blob/main/docs/tutorial/FullOverview.ipynb Creates a new MISP event object and sets essential properties like info, distribution, threat level, and analysis level. ```python from pymisp import MISPEvent event = MISPEvent() event.info = 'This is my new MISP event' # Required event.distribution = 0 # Optional, defaults to MISP.default_event_distribution in MISP config event.threat_level_id = 2 # Optional, defaults to MISP.default_event_threat_level in MISP config event.analysis = 1 # Optional, defaults to 0 (initial analysis) print(event.to_json()) ``` -------------------------------- ### MISPUserSetting.get Source: https://github.com/misp/pymisp/blob/main/docs/source/modules.md Retrieves the value associated with key k from the dictionary D. If k is not found, it returns d, which defaults to None. ```APIDOC ## get ### Description Retrieves the value associated with key k from the dictionary D. If k is not found, it returns d, which defaults to None. ### Method get(k) ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body None ### Request Example None ### Response #### Success Response (200) None #### Response Example None ```