PyMISP DocumentationAbstractMISP is the master class, and inherit collections.MutableMapping which means the class can be represented as a python dictionary. The abstraction assumes
Post on 09-Jul-2020
3 Views
Preview:
Transcript
PyMISP DocumentationRelease main
Raphaeumll Vinot
Aug 04 2020
CONTENTS
1 README 3
2 pymisp 721 PyMISP 722 PyMISPExpanded (Python 36+ only) 2323 MISPAbstract 2324 MISPEncode 2425 MISPEvent 2426 MISPAttribute 2627 MISPObject 2828 MISPObjectAttribute 2929 MISPObjectReference 31210 MISPTag 32211 MISPUser 33212 MISPOrganisation 34
3 pymisp - Tools 3731 File Object 3732 ELF Object 3833 PE Object 3834 Mach-O Object 3835 VT Report Object 3836 STIX 4037 OpenIOC 40
4 Indices and tables 41
Python Module Index 43
Index 45
i
ii
PyMISP Documentation Release main
Contents
IMPORTANT NOTE This library will require at least python 36 starting the 1st of January 2020 If you have tolegacy versions of python please use PyMISP v241191 and consider updating your system(s) Anything releasedwithin the last 2 years will do starting with Ubuntu 1804
CONTENTS 1
PyMISP Documentation Release main
2 CONTENTS
CHAPTER
ONE
README
[[Documentation Status](httpsreadthedocsorgprojectspymispbadgeversion=latest)](httppymispreadthedocsiobadge=latest) [[Build Status](httpstravis-ciorgMISPPyMISPsvgbranch=main)](httpstravis-ciorgMISPPyMISP) [[Coverage Status](httpscoverallsioreposgithubMISPPyMISPbadgesvgbranch=main)](httpscoverallsiogithubMISPPyMISPbranch=main) [[Python 36](httpsimgshieldsiobadgepython-36+-bluesvg)](httpswwwpythonorgdownloadsreleasepython-360) [[PyPi ver-sion](httpsimgshieldsiopypivpymispsvg)](httpspypipythonorgpypipymisp) [[Number of PyPI down-loads](httpsimgshieldsiopypidmpymispsvg)](httpspypipythonorgpypipymisp)
PyMISP - Python Library to access MISP
PyMISP is a Python library to access [MISP](httpsgithubcomMISPMISP) platforms via their REST API
PyMISP allows you to fetch events add or update eventsattributes add or update samples or search for attributes
Install from pip
It is strongly recommended to use a virtual environment
If you want to know more about virtual environments [python has you covered](httpsdocspythonorg3tutorialvenvhtml)
Only basic dependencies ` pip3 install pymisp `
With optional dependencies ` pip3 install pymisp[fileobjectsopeniocvirustotal] `
Install the latest version from repo from development purposes
Note poetry is required
` git clone httpsgithubcomMISPPyMISPgit ampamp cd PyMISP git submoduleupdate --init poetry install -E fileobjects -E openioc -E virustotal -E docs-E pdfexport `
Running the tests
`bash poetry run nosetests-34 --with-coverage --cover-package=pymisptests--cover-tests teststest_py `
If you have a MISP instance to test against you can also run the live ones
Note You need to update the key in teststestlive_comprehensivepy to the automation key of your admin account
`bash poetry run nosetests-34 --with-coverage --cover-package=pymisptests--cover-tests teststestlive_comprehensivepy `
Samples and how to use PyMISP
Various examples and samples scripts are in the [examples](examples) directory
In the examples directory you will need to change the keyspysample to enter your MISP url and API key
3
PyMISP Documentation Release main
` cd examples cp keyspysample keyspy vim keyspy `
The API key of MISP is available in the Automation section of the MISP web interface
To test if your URL and API keys are correct you can test with exampleslastpy to fetch the events pub-lished in the last x amount of time (supported time indicators days (d) hours (h) and minutes (m))lastpy ` cd examples python3 lastpy -l 10h 10 hours python3 lastpy -l 5d 5days python3 lastpy -l 45m 45 minutes `
Debugging
You have two options there
1 Pass debug=True to PyMISP and it will enable loggingDEBUG to stderr on the whole module
2 Use the python logging module directly
```python
import logging logger = logginggetLogger(lsquopymisprsquo)
Configure it as you whish for example enable DEBUG mode loggersetLevel(loggingDEBUG) ```
Or if you want to write the debug output to a file instead of stderr
```python import pymisp import logging
logger = logginggetLogger(lsquopymisprsquo) loggingbasicConfig(level=loggingDEBUG filename=rdquodebuglogrdquo file-mode=rsquowrsquo format=pymispFORMAT) ```
Test cases
1 The content of mispeventpy is tested on every commit
2 The tests cases that require a running MISP instance can be run the following way
```bash From poetry
nosetests-34 -s ndashwith-coverage ndashcover-package=pymisptests ndashcover-tests teststestlive_comprehensivepyTestComprehensive[test_name]
```
Documentation
The documentation is available [here](httpspymispreadthedocsioenlatest)
Jupyter notebook
A series of [Jupyter notebooks for PyMISP tutorial](httpsgithubcomMISPPyMISPtreemaindocstutorial) areavailable in the repository
Everything is a Mutable Mapping
or at least everything that can be importedexported fromto a json blob
AbstractMISP is the master class and inherit collectionsMutableMapping which means the class can be representedas a python dictionary
The abstraction assumes every property that should not be seen in the dictionary is prepended with a _ or its name isadded to the private list __not_jsonable (accessible through update_not_jsonable and set_not_jsonable
This master class has helpers that will make it easy to load and export to and from a json string
MISPEvent MISPAttribute MISPObjectReference MISPObjectAttribute and MISPObject are subclasses of Abstract-MISP which mean that they can be handled as python dictionaries
MISP Objects
4 Chapter 1 README
PyMISP Documentation Release main
Creating a new MISP object generator should be done using a pre-defined template and inherit AbstractMISPObject-Generator
Your new MISPObject generator need to generate attributes and add them as class properties using add_attribute
When the object is sent to MISP all the class properties will be exported to the JSON export
5
PyMISP Documentation Release main
6 Chapter 1 README
CHAPTER
TWO
PYMISP
21 PyMISP
class pymispPyMISP(url key ssl=True debug=False proxies= cert=None auth=None tool=timeout=None)
Python API for MISP
Parameters
bull url (str) ndash URL of the MISP instance you want to connect to
bull key (str) ndash API key of the user you want to use
bull ssl (bool) ndash can be True or False (to check or to not check the validity of the certificateOr a CA_BUNDLE in case of self signed or other certificate (the concatenation of all thecrt of the chain)
bull debug (bool) ndash Write all the debug information to stderr
bull proxies (Mapping) ndash Proxy dict as describes here httpdocspython-requestsorgenmasteruseradvancedproxies
bull cert (Optional[Tuple[str tuple]]) ndash Client certificate as described there httpdocspython-requestsorgenmasteruseradvancedclient-side-certificates
bull auth (Optional[AuthBase]) ndash The auth parameter is passed directly to requests asdescribed here httpdocspython-requestsorgenmasteruserauthentication
bull tool (str) ndash The software using PyMISP (string) used to set a unique user-agent
bull timeout (Union[float Tuple[float float] None]) ndash Timeout as describedhere httpsrequestsreadthedocsioenmasteruseradvancedtimeouts
accept_attribute_proposal(proposal)Accept a proposal
Return type Dict
add_attribute(event attribute pythonify=False)Add an attribute to an existing MISP event NOTE MISP 24113+ you can pass a list of attributes Inthat case the pythonified response is the following lsquoattributesrsquo [MISPAttribute] lsquoerrorsrsquo errors byattributes
Return type Union[Dict MISPAttribute MISPShadowAttribute]
add_attribute_proposal(event attribute pythonify=False)Propose a new attribute in an event
Return type Union[Dict MISPShadowAttribute]
7
PyMISP Documentation Release main
add_event(event pythonify=False)Add a new event on a MISP instance
Return type Union[Dict MISPEvent]
add_event_blacklist(uuids comment=None event_info=None event_orgc=None)Add a new event in the blacklist
Return type Dict
add_feed(feed pythonify=False)Add a new feed on a MISP instance
Return type Union[Dict MISPFeed]
add_object(event misp_object pythonify=False)Add a MISP Object to an existing MISP event
Return type Union[Dict MISPObject]
add_object_reference(misp_object_reference pythonify=False)Add a reference to an object
Return type Union[Dict MISPObjectReference]
add_org_to_sharing_group(sharing_group organisation extend=False)Add an organisation to a sharing group sharing_group Sharing grouprsquos local instance ID or Sharinggrouprsquos global UUID organisation Organisationrsquos local instance ID or Organisationrsquos global UUID orOrganisationrsquos name as known to the curent instance extend Allow the organisation to extend the group
Return type Dict
add_organisation(organisation pythonify=False)Add an organisation
Return type Union[Dict MISPOrganisation]
add_organisation_blacklist(uuids comment=None org_name=None)Add a new organisation in the blacklist
Return type Dict
add_server(server pythonify=False)Add a server to synchronise with Note You probably want to use ExpandedPyMISPget_sync_config andExpandedPyMISPimport_server instead
Return type Union[Dict MISPServer]
add_server_to_sharing_group(sharing_group server all_orgs=False)Add a server to a sharing group sharing_group Sharing grouprsquos local instance ID or Sharing grouprsquosglobal UUID server Serverrsquos local instance ID or URL of the Server or Serverrsquos name as known to thecurent instance all_orgs Add all the organisations of the server to the group
Return type Dict
add_sharing_group(sharing_group pythonify=False)Add a new sharing group
Return type Union[Dict MISPSharingGroup]
add_sighting(sighting attribute=None pythonify=False)Add a new sighting (globally or to a specific attribute)
Return type Union[Dict MISPSighting]
8 Chapter 2 pymisp
PyMISP Documentation Release main
add_tag(tag pythonify=False)Add a new tag on a MISP instance Notes
bull The user calling this method needs the Tag Editor permission
bull It doesnrsquot add a tag to an event simply create it on a MISP instance
Return type Union[Dict MISPTag]
add_user(user pythonify=False)Add a new user
Return type Union[Dict MISPUser]
attributes_statistics(context=type percentage=False)Get attributes statistics from the MISP instance
Return type Dict
build_complex_query(or_parameters=None and_parameters=None not_parameters=None)Build a complex search query MISP expects a dictionary with AND OR and NOT keys
Return type Dict[str List[~SearchType]]
cache_all_feeds()Cache all the feeds
Return type Dict
cache_feed(feed)Cache a specific feed
Return type Dict
cache_freetext_feeds()Cache all the freetext feeds
Return type Dict
cache_misp_feeds()Cache all the MISP feeds
Return type Dict
change_sharing_group_on_entity(misp_entity sharing_group_id pythonify=False)Change the sharing group of an event an attribute or an object
Return type Union[Dict MISPEvent MISPObject MISPAttributeMISPShadowAttribute]
change_user_password(new_password)Thange the password of the curent user
Return type Dict
communities(pythonify=False)Get all the communities
Return type Union[Dict List[MISPCommunity]]
compare_feeds()Generate the comparison matrix for all the MISP feeds
Return type Dict
21 PyMISP 9
PyMISP Documentation Release main
contact_event_reporter(event message)Send a message to the reporter of an event
Return type Dict
delegate_event(event=None organisation=None event_delegation=None distribution=- 1 mes-sage= pythonify=False)
Note distribution == -1 means recipient decides
Return type Union[Dict MISPEventDelegation]
delete_attribute(attribute hard=False)Delete an attribute from a MISP instance
Return type Dict
delete_attribute_proposal(attribute)Propose the deletion of an attribute
Return type Dict
delete_event(event)Delete an event from a MISP instance
Return type Dict
delete_event_blacklist(event_blacklist)Delete a blacklisted event
Return type Dict
delete_feed(feed)Delete a feed from a MISP instance
Return type Dict
delete_object(misp_object)Delete an object from a MISP instance
Return type Dict
delete_object_reference(object_reference)Delete a reference to an object
Return type Dict
delete_organisation(organisation)Delete an organisation
Return type Dict
delete_organisation_blacklist(organisation_blacklist)Delete a blacklisted organisation
Return type Dict
delete_server(server)Delete a sync server
Return type Dict
delete_sharing_group(sharing_group)Delete a sharing group
Return type Dict
10 Chapter 2 pymisp
PyMISP Documentation Release main
delete_sighting(sighting)Delete a sighting from a MISP instance
Return type Dict
delete_tag(tag)Delete an attribute from a MISP instance
Return type Dict
delete_user(user)Delete a user
Return type Dict
delete_user_setting(user_setting user=None)Delete a user setting
Return type Dict
property describe_types_localReturns the content of describe types from the package
Return type Dict
property describe_types_remoteReturns the content of describe types from the remote instance
Return type Dict
direct_call(url data=None params= kw_params=)Very lightweight call that posts a data blob (python dictionary or json string) on the URL
Return type Any
disable_feed(feed pythonify=False)Disable a feed
Return type Union[Dict MISPFeed]
disable_feed_cache(feed pythonify=False)Disable the caching of a feed
Return type Union[Dict MISPFeed]
disable_noticelist(noticelist)Disable a noticelist by id
Return type Dict
disable_tag(tag pythonify=False)Disable a tag
Return type Union[Dict MISPTag]
disable_taxonomy(taxonomy)Disable a taxonomy
Return type Dict
disable_taxonomy_tags(taxonomy)Disable all the tags of a taxonomy
Return type Dict
disable_warninglist(warninglist)Disable a warninglist
21 PyMISP 11
PyMISP Documentation Release main
Return type Dict
discard_attribute_proposal(proposal)Discard a proposal
Return type Dict
enable_feed(feed pythonify=False)Enable a feed (fetching it will create event(s)
Return type Union[Dict MISPFeed]
enable_feed_cache(feed pythonify=False)Enable the caching of a feed
Return type Union[Dict MISPFeed]
enable_noticelist(noticelist)Enable a noticelist by id
Return type Dict
enable_tag(tag pythonify=False)Enable a tag
Return type Union[Dict MISPTag]
enable_taxonomy(taxonomy)Enable a taxonomy
Return type Dict
enable_taxonomy_tags(taxonomy)Enable all the tags of a taxonomy NOTE this automatically done when you call enable_taxonomy
Return type Dict
enable_warninglist(warninglist)Enable a warninglist
Return type Dict
event_blacklists(pythonify=False)Get all the blacklisted events
Return type Union[Dict List[MISPEventBlacklist]]
event_delegations(pythonify=False)Get all the event delegations
Return type Union[Dict List[MISPEventDelegation]]
feeds(pythonify=False)Get the list of existing feeds
Return type Union[Dict List[MISPFeed]]
fetch_feed(feed)Fetch one single feed
Return type Dict
freetext(event string adhereToWarninglists=False distribution=None returnMetaAttributes=Falsepythonify=False kwargs)
Pass a text to the freetext importer
Return type Union[Dict List[MISPAttribute]]
12 Chapter 2 pymisp
PyMISP Documentation Release main
galaxies(pythonify=False)Get all the galaxies
Return type Union[Dict List[MISPGalaxy]]
get_all_functions(not_implemented=False)Get all methods available vi the API allow to get the ones that are not implemented
get_attribute(attribute pythonify=False)Get an attribute from a MISP instance
Return type Union[Dict MISPAttribute]
get_community(community pythonify=False)Get an community from a MISP instance
Return type Union[Dict MISPCommunity]
get_event(event deleted=False extended=False pythonify=False)Get an event from a MISP instance
Return type Union[Dict MISPEvent]
get_feed(feed pythonify=False)Get a feed by id
Return type Union[Dict MISPFeed]
get_galaxy(galaxy pythonify=False)Get a galaxy by id
Return type Union[Dict MISPGalaxy]
get_noticelist(noticelist pythonify=False)Get a noticelist by id
Return type Union[Dict MISPNoticelist]
get_object(misp_object pythonify=False)Get an object from the remote MISP instance
Return type Union[Dict MISPObject]
get_object_template(object_template pythonify=False)Gets the full object template corresponting the UUID passed as parameter
Return type Union[Dict MISPObjectTemplate]
get_organisation(organisation pythonify=False)Get an organisation
Return type Union[Dict MISPOrganisation]
get_sync_config(pythonify=False)WARNING This method only works if the user calling it is a sync user
Return type Union[Dict MISPServer]
get_tag(tag pythonify=False)Get a tag by id
Return type Union[Dict MISPTag]
get_taxonomy(taxonomy pythonify=False)Get a taxonomy from a MISP instance
Return type Union[Dict MISPTaxonomy]
21 PyMISP 13
PyMISP Documentation Release main
get_user(user=me pythonify=False expanded=False)Get a user me means the owner of the API key doing the query expanded also returns a MISPRole and aMISPUserSetting
Return type Union[Dict MISPUser Tuple[MISPUser MISPRoleList[MISPUserSetting]]]
get_user_setting(user_setting user=None pythonify=False)Get an user setting
Return type Union[Dict MISPUserSetting]
get_warninglist(warninglist pythonify=False)Get a warninglist
Return type Union[Dict MISPWarninglist]
import_server(server pythonify=False)Import a sync server config received from get_sync_config
Return type Union[Dict MISPServer]
load_default_feeds()Load all the default feeds
Return type Dict
property misp_instance_versionReturns the version of the instance
Return type Dict
property misp_instance_version_masterGet the most recent version from github
Return type Dict
noticelists(pythonify=False)Get all the noticelists
Return type Union[Dict List[MISPNoticelist]]
object_templates(pythonify=False)Get all the object templates
Return type Union[Dict List[MISPObjectTemplate]]
organisation_blacklists(pythonify=False)Get all the blacklisted organisations
Return type Union[Dict List[MISPOrganisationBlacklist]]
organisations(scope=local pythonify=False)Get all the organisations
Return type Union[Dict List[MISPOrganisation]]
publish(event alert=False)Publish the event with one single HTTP POST The default is to not send a mail as it is assumed thismethod is called on update
Return type Dict
push_event_to_ZMQ(event)Force push an event on ZMQ
14 Chapter 2 pymisp
PyMISP Documentation Release main
Return type Dict
property pymisp_version_mainGet the most recent version of PyMISP from github
Return type Dict
property recommended_pymisp_versionReturns the recommended API version from the server
Return type Dict
remote_acl(debug_type=findMissingFunctionNames)This should return an empty list unless the ACL is outdated debug_type can only be printAllFunction-Names findMissingFunctionNames or printRoleAccess
Return type Dict
remove_org_from_sharing_group(sharing_group organisation)Remove an organisation from a sharing group sharing_group Sharing grouprsquos local instance ID orSharing grouprsquos global UUID organisation Organisationrsquos local instance ID or Organisationrsquos globalUUID or Organisationrsquos name as known to the curent instance
Return type Dict
remove_server_from_sharing_group(sharing_group server)Remove a server from a sharing group sharing_group Sharing grouprsquos local instance ID or Sharinggrouprsquos global UUID server Serverrsquos local instance ID or URL of the Server or Serverrsquos name as knownto the curent instance
Return type Dict
roles(pythonify=False)Get the existing roles
Return type Union[Dict List[MISPRole]]
search(controller=events return_format=json limit=None page=None value=Nonetype_attribute=None category=None org=None tags=None quick_filter=None quick-Filter=None date_from=None date_to=None eventid=None with_attachments=NonewithAttachments=None metadata=None uuid=None publish_timestamp=Nonelast=None timestamp=None published=None enforce_warninglist=None enforceWarn-inglist=None to_ids=None deleted=None include_event_uuid=None includeEventU-uid=None include_event_tags=None includeEventTags=None event_timestamp=Nonesg_reference_only=None eventinfo=None searchall=None requested_attributes=None in-clude_context=None includeContext=None headerless=None include_sightings=NoneincludeSightings=None include_correlations=None includeCorrelations=None in-clude_decay_score=None includeDecayScore=None object_name=None pythonify=Falsekwargs)
Search in the MISP instance
Parameters
bull return_format (str) ndash Set the return format of the search (Currently supported jsonxml openioc suricata snort - more formats are being moved to restSearch with the goalbeing that all searches happen through this API) Can be passed as the first parameter afterrestSearch or via the JSON payload
bull limit (Optional[int]) ndash Limit the number of results returned depending on thescope (for example 10 attributes or 10 full events)
bull page (Optional[int]) ndash If a limit is set sets the page to be returned page 3 limit 100will return records 201-gt300)
21 PyMISP 15
PyMISP Documentation Release main
bull value (Optional[~SearchParameterTypes]) ndash Search for the given value in the at-tributesrsquo value field
bull type_attribute (Optional[~SearchParameterTypes]) ndash The attribute type anyvalid MISP attribute type is accepted
bull category (Optional[~SearchParameterTypes]) ndash The attribute category any validMISP attribute category is accepted
bull org (Optional[~SearchParameterTypes]) ndash Search by the creator organisation by sup-plying the organisation identifier
bull tags (Optional[~SearchParameterTypes]) ndash Tags to search or to exclude You canpass a list or the output of build_complex_query
bull quick_filter (Optional[str]) ndash The string passed to this field will ignore all ofthe other arguments MISP will return an xml json (depending on the header sent) of allevents that have a sub-string match on value in the event info event orgc or any of theattribute value1 value2 fields or in the attribute comment
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull eventid (Optional[~SearchType]) ndash The events that should be included excludedfrom the search
bull with_attachments (Optional[bool]) ndash If set encodes the attachments zippedmalware samples as base64 in the data field within each attribute
bull metadata (Optional[bool]) ndash Only the metadata (event tags relations) is returnedattributes and proposals are omitted
bull uuid (Optional[str]) ndash Restrict the results by uuid
bull publish_timestamp (Union[date int str float NoneTuple[Union[date int str float None] Union[date int str floatNone]]]) ndash Restrict the results by the last publish timestamp (newer than)
bull timestamp (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash Restrict the resultsby the timestamp (last edit) Any event with a timestamp newer than the given timestampwill be returned In case you are dealing with attributes as scope the attributersquos timestampwill be used for the lookup
bull published (Optional[bool]) ndash Set whether published or unpublished events shouldbe returned Do not set the parameter if you want both
bull enforce_warninglist (Optional[bool]) ndash Remove any attributes from the resultthat would cause a hit on a warninglist entry
bull to_ids (Union[~ToIDSType List[~ToIDSType] None]) ndash By default all attributesare returned that match the other filter parameters irregardless of their to_ids setting Torestrict the returned data set to to_ids only attributes set this parameter to 1 0 for the oneswith to_ids set to False
bull deleted (Optional[str]) ndash If this parameter is set to 1 it will only return soft-deletedattributes [ldquo0rdquo ldquo1rdquo] will return the active ones as well as the soft-deleted ones
bull include_event_uuid (Optional[bool]) ndash Instead of just including the event IDalso include the event UUID in each of the attributes
16 Chapter 2 pymisp
PyMISP Documentation Release main
bull include_event_tags (Optional[bool]) ndash Include the event level tags in each ofthe attributes
bull event_timestamp (Union[date int str float None]) ndash Only return at-tributes from events that have received a modification after the given timestamp
bull sg_reference_only (Optional[bool]) ndash If this flag is set sharing group objectswill not be included instead only the sharing group ID is set
bull eventinfo (Optional[str]) ndash Filter on the eventrsquos info field
bull searchall (Optional[bool]) ndash Search for a full or a substring (delimited by forsubstrings) in the event info event tags attribute tags attribute values or attribute commentfields
bull requested_attributes (Optional[str]) ndash [CSV only] Select the fields that youwish to include in the CSV export By setting event level fields additionally includeCon-text is not required to get event metadata
bull include_context (Optional[bool]) ndash [Attribute only] Include the event data witheach attribute [CSV output] Add event level metadata in every line of the CSV
bull headerless (Optional[bool]) ndash [CSV Only] The CSV created when this setting isset to true will not contain the header row
bull include_sightings (Optional[bool]) ndash [JSON Only - Attribute] Include thesightings of the matching attributes
bull include_decay_score (Optional[bool]) ndash Include the decay score at attributelevel
bull include_correlations (Optional[bool]) ndash [JSON Only - attribute] Include thecorrelations of the matching attributes
bull object_name (Optional[str]) ndash [objects controller only] Search for objects withthat name
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead of the plainjson output Warning it might use a lot of RAM
Deprecated
Parameters
bull quickFilter (Optional[str]) ndash synponym for quick_filter
bull withAttachments (Optional[bool]) ndash synonym for with_attachments
bull last (Union[date int str float None Tuple[Union[date int strfloat None] Union[date int str float None]]]) ndash synonym for pub-lish_timestamp
bull enforceWarninglist (Optional[bool]) ndash synonym for enforce_warninglist
bull includeEventUuid (Optional[bool]) ndash synonym for include_event_uuid
bull includeEventTags (Optional[bool]) ndash synonym for include_event_tags
bull includeContext (Optional[bool]) ndash synonym for include_context
Return type Union[Dict str List[Union[MISPEvent MISPAttributeMISPObject]]]
search_feeds(value=None pythonify=False)Search in the feeds cached on the servers
21 PyMISP 17
PyMISP Documentation Release main
Return type Union[Dict List[MISPFeed]]
search_index(published=None eventid=None tags=None date_from=None date_to=Noneeventinfo=None threatlevel=None distribution=None analysis=None org=Nonetimestamp=None pythonify=None)
Search only at the index level Using in front of a value means NOT (default is OR)
Parameters
bull published (Optional[bool]) ndash Set whether published or unpublished events shouldbe returned Do not set the parameter if you want both
bull eventid (Optional[~SearchType]) ndash The events that should be included excludedfrom the search
bull tags (Optional[~SearchParameterTypes]) ndash Tags to search or to exclude You canpass a list or the output of build_complex_query
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull eventinfo (Optional[str]) ndash Filter on the eventrsquos info field
bull threatlevel (Optional[List[~SearchType]]) ndash Threat level(s) (1234) | list
bull distribution (Optional[List[~SearchType]]) ndash Distribution level(s) (0123) |list
bull analysis (Optional[List[~SearchType]]) ndash Analysis level(s) (012) | list
bull org (Optional[~SearchParameterTypes]) ndash Search by the creator organisation by sup-plying the organisation identifier
bull timestamp (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash Restrict the resultsby the timestamp (last edit) Any event with a timestamp newer than the given timestampwill be returned In case you are dealing with attributes as scope the attributersquos timestampwill be used for the lookup
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead or the plainjson output Warning it might use a lot of RAM
Return type Union[Dict List[MISPEvent]]
search_logs(limit=None page=None log_id=None title=None created=None model=None ac-tion=None user_id=None change=None email=None org=None description=Noneip=None pythonify=False)
Search in logs
Note to run substring queries simply appendprependencapsulate the search term with
Parameters
bull limit (Optional[int]) ndash Limit the number of results returned depending on thescope (for example 10 attributes or 10 full events)
bull page (Optional[int]) ndash If a limit is set sets the page to be returned page 3 limit 100will return records 201-gt300)
bull log_id (Optional[int]) ndash Log ID
bull title (Optional[str]) ndash Log Title
18 Chapter 2 pymisp
PyMISP Documentation Release main
bull created (Union[date int str float None]) ndash Creation timestamp
bull model (Optional[str]) ndash Model name that generated the log entry
bull action (Optional[str]) ndash The thing that was done
bull user_id (Optional[int]) ndash ID of the user doing the action
bull change (Optional[str]) ndash Change that occured
bull email (Optional[str]) ndash Email of the user
bull org (Optional[str]) ndash Organisation of the User doing the action
bull description (Optional[str]) ndash Description of the action
bull ip (Optional[str]) ndash Origination IP of the User doing the action
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead or the plainjson output Warning it might use a lot of RAM
Return type Union[Dict List[MISPLog]]
search_sightings(context=None context_id=None type_sighting=None date_from=Nonedate_to=None publish_timestamp=None last=None org=None source=Noneinclude_attribute=None include_event_meta=None pythonify=False)
Search sightings
Parameters
bull context (Optional[str]) ndash The context of the search Can be either ldquoattributerdquoldquoeventrdquo or nothing (will then match on events and attributes)
bull context_id (Optional[~SearchType]) ndash Only relevant if context is either ldquoattributerdquoor ldquoeventrdquo Then it is the relevant ID
bull type_sighting (Optional[str]) ndash Type of sighting
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull publish_timestamp (Union[date int str float NoneTuple[Union[date int str float None] Union[date int str floatNone]]]) ndash Restrict the results by the last publish timestamp (newer than)
bull org (Optional[~SearchType]) ndash Search by the creator organisation by supplying theorganisation identifier
bull source (Optional[str]) ndash Source of the sighting
bull include_attribute (Optional[bool]) ndash Include the attribute
bull include_event_meta (Optional[bool]) ndash Include the meta information of theevent
Deprecated
Parameters last (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash synonym for pub-lish_timestamp
Example
21 PyMISP 19
PyMISP Documentation Release main
gtgtgt mispsearch_sightings(publish_timestamp=30d) search sightings for therarr˓last 30 days on the instance[ ]gtgtgt mispsearch_sightings(context=attribute context_id=6 include_rarr˓attribute=True) return list of sighting for attribute 6 along with therarr˓attribute itself[ ]gtgtgt mispsearch_sightings(context=event context_id=17 include_event_rarr˓meta=True org=2) return list of sighting for event 17 filtered with orgrarr˓id 2
Return type Union[Dict List[Dict[str Union[MISPEvent MISPAttributeMISPSighting]]]]
server_pull(server event=None)Initialize a pull from a sync server
Return type Dict
server_push(server event=None)Initialize a push to a sync server
Return type Dict
servers(pythonify=False)Get the existing servers the MISP instance can synchronise with
Return type Union[Dict List[MISPServer]]
set_user_setting(user_setting value user=None pythonify=False)Get an user setting
Return type Union[Dict MISPUserSetting]
sharing_groups(pythonify=False)Get the existing sharing groups
Return type Union[Dict List[MISPSharingGroup]]
sightings(misp_entity=None org=None pythonify=False)Get the list of sighting related to a MISPEvent or a MISPAttribute (depending on type of misp_entity)
Return type Union[Dict List[MISPSighting]]
tag(misp_entity tag local=False)Tag an event or an attribute misp_entity can be a MISPEvent a MISP Attribute or a UUID
Return type Dict
tags(pythonify=False)Get the list of existing tags
Return type Union[Dict List[MISPTag]]
tags_statistics(percentage=False name_sort=False)Get tags statistics from the MISP instance
Return type Dict
taxonomies(pythonify=False)Get all the taxonomies
Return type Union[Dict List[MISPTaxonomy]]
20 Chapter 2 pymisp
PyMISP Documentation Release main
toggle_warninglist(warninglist_id=None warninglist_name=None force_enable=False)Toggle (enabledisable) the status of a warninglist by ID type warninglist_id Union[str intList[int] None] param warninglist_id ID of the WarningList type force_enable bool paramforce_enable Force the warning list in the enabled state (does nothing is already enabled)
Return type Dict
untag(misp_entity tag)Untag an event or an attribute misp_entity can be a UUID
Return type Dict
update_attribute(attribute attribute_id=None pythonify=False)Update an attribute on a MISP instance
Return type Union[Dict MISPAttribute MISPShadowAttribute]
update_attribute_proposal(initial_attribute attribute pythonify=False)Propose a change for an attribute
Return type Union[Dict MISPShadowAttribute]
update_event(event event_id=None pythonify=False)Update an event on a MISP instance
Return type Union[Dict MISPEvent]
update_event_blacklist(event_blacklist event_blacklist_id=None pythonify=False)Update an event in the blacklist
Return type Union[Dict MISPEventBlacklist]
update_feed(feed feed_id=None pythonify=False)Update a feed on a MISP instance
Return type Union[Dict MISPFeed]
update_galaxies()Update all the galaxies
Return type Dict
update_noticelists()Update all the noticelists
Return type Dict
update_object(misp_object object_id=None pythonify=False)Update an object on a MISP instance
Return type Union[Dict MISPObject]
update_object_templates()Trigger an update of the object templates
Return type Dict
update_organisation(organisation organisation_id=None pythonify=False)Update an organisation
Return type Union[Dict MISPOrganisation]
update_organisation_blacklist(organisation_blacklist organisation_blacklist_id=Nonepythonify=False)
Update an organisation in the blacklist
Return type Union[Dict MISPOrganisationBlacklist]
21 PyMISP 21
PyMISP Documentation Release main
update_server(server server_id=None pythonify=False)Update a server to synchronise with
Return type Union[Dict MISPServer]
update_tag(tag tag_id=None pythonify=False)Edit only the provided parameters of a tag
Return type Union[Dict MISPTag]
update_taxonomies()Update all the taxonomies
Return type Dict
update_user(user user_id=None pythonify=False)Update an event on a MISP instance
Return type Union[Dict MISPUser]
update_warninglists()Update all the warninglists
Return type Dict
upload_stix(path version=2)Upload a STIX file to MISP param path Path to the STIX on the disk (can be a path-like object or apseudofile) type version str param version Can be 1 or 2
user_registrations(pythonify=False)Get all the user registrations
Return type Union[Dict List[MISPInbox]]
user_settings(pythonify=False)Get all the user settings
Return type Union[Dict List[MISPUserSetting]]
users(pythonify=False)Get all the users
Return type Union[Dict List[MISPUser]]
users_statistics(context=data)Get users statistics from the MISP instance
Return type Dict
values_in_warninglist(value)Check if IOC values are in warninglist
Return type Dict
property versionReturns the version of PyMISP yoursquore curently using
Return type Dict
warninglists(pythonify=False)Get all the warninglists
Return type Union[Dict List[MISPWarninglist]]
22 Chapter 2 pymisp
PyMISP Documentation Release main
22 PyMISPExpanded (Python 36+ only)
pymispExpandedPyMISPalias of pymispapiPyMISP
23 MISPAbstract
class pymispAbstractMISP(kwargs)
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
Return type None
from_json(json_string)Load a JSON string
Return type None
jsonable()This method is used by the JSON encoder
Return type Dict
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
22 PyMISPExpanded (Python 36+ only) 23
PyMISP Documentation Release main
24 MISPEncode
class pymispMISPEncode(args kwargs)
default(obj)Implement this method in a subclass such that it returns a serializable object for o or calls the baseimplementation (to raise a TypeError)
For example to support arbitrary iterators you could implement default like this
def default(self o)try
iterable = iter(o)except TypeError
passelse
return list(iterable) Let the base class default method raise the TypeErrorreturn JSONEncoderdefault(self o)
25 MISPEvent
class pymispMISPEvent(describe_types=None strict_validation=False kwargs)
add_attribute(type value kwargs)Add an attribute type and value are required but you can pass all other parameters supported by MISPAt-tribute
Return type Union[MISPAttribute List[MISPAttribute]]
add_attribute_tag(tag attribute_identifier)Add a tag to an existing attribute raise an Exception if the attribute doesnrsquot exists tag Tag name as astring MISPTag instance or dictionary attribute_identifier can be an ID UUID or the value
Return type List[MISPAttribute]
add_object(obj=None kwargs)Add an object to the Event either by passing a MISPObject or a dictionary
Return type MISPObject
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a tag to the attribute (by name or a MISPTag object)
Return type MISPShadowAttribute
clear()rarr None Remove all items from D
delete_attribute(attribute_id)Delete an attribute you can search by ID or UUID
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
24 Chapter 2 pymisp
PyMISP Documentation Release main
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attribute_tag(attribute_identifier)Return the tags associated to an attribute or an object attribute attribute_identifier can be an ID UUIDor the value
Return type List[MISPTag]
get_object_by_id(object_id)Get an object by ID (the ID is the one set by the server when creating the new object)
Return type MISPObject
get_object_by_uuid(object_uuid)Get an object by UUID (UUID is set by the server when creating the new object)
Return type MISPObject
get_objects_by_name(object_name)Get an object by UUID (UUID is set by the server when creating the new object)
Return type List[MISPObject]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
load(json_event validate=False metadata_only=False)Load a JSON dump from a pseudo file or a JSON string
load_file(event_path validate=False metadata_only=False)Load a JSON dump from a file on the disk
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
publish()Mark the attribute as published
set_date(d=None ignore_invalid=False)Set a date for the event (string datetime or date object)
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
25 MISPEvent 25
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Event
Return type List[MISPTag]
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_feed(valid_distributions=[0 1 2 3 4 5] with_meta=False)Generate a json output for MISP Feed Notes
bull valid_distributions only makes sense if the distribution key is set (ie the event is exported from aMISP instance)
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
unpublish()Mark the attribute as un-published (set publish flag to false)
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
26 MISPAttribute
class pymispMISPAttribute(describe_types=None strict=False)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
26 Chapter 2 pymisp
PyMISP Documentation Release main
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
26 MISPAttribute 27
PyMISP Documentation Release main
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
27 MISPObject
class pymispMISPObject(name strict=False standalone=True default_attributes_parameters=kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
28 Chapter 2 pymisp
PyMISP Documentation Release main
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
28 MISPObjectAttribute
class pymispMISPObjectAttribute(definition)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
28 MISPObjectAttribute 29
PyMISP Documentation Release main
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(object_relation value kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
30 Chapter 2 pymisp
PyMISP Documentation Release main
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
29 MISPObjectReference
class pymispMISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
29 MISPObjectReference 31
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
210 MISPTag
class pymispMISPTag(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
32 Chapter 2 pymisp
PyMISP Documentation Release main
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
211 MISPUser
class pymispMISPUser(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
211 MISPUser 33
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation
class pymispMISPOrganisation
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
34 Chapter 2 pymisp
PyMISP Documentation Release main
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation 35
PyMISP Documentation Release main
36 Chapter 2 pymisp
CHAPTER
THREE
PYMISP - TOOLS
31 File Object
class pymisptoolsFileObject(filepath=None pseudofile=None filename=None kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Contains the logic where all the values of the object are gathered
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
37
PyMISP Documentation Release main
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
32 ELF Object
33 PE Object
34 Mach-O Object
35 VT Report Object
class pymisptoolsVTReportObject(apikey indicator vt_proxies=None kwargs)VirusTotal Report
Apikey VirusTotal API key (private works but only public features are supported right now)
38 Chapter 3 pymisp - Tools
PyMISP Documentation Release main
Indicator IOC to search VirusTotal for
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Parse the VirusTotal report for relevant attributes
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
35 VT Report Object 39
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
36 STIX
pymisptoolsstixload_stix(stix distribution=3 threat_level_id=2 analysis=0)Returns a MISPEvent object from a STIX package
pymisptoolsstixmake_stix_package(misp_event to_json=False to_xml=False)Returns a STIXPackage from a MISPEvent
Optionally can return the package in json or xml
37 OpenIOC
toolsload_openioc()
toolsload_openioc_file()
40 Chapter 3 pymisp - Tools
CHAPTER
FOUR
INDICES AND TABLES
bull genindex
bull modindex
bull search
41
PyMISP Documentation Release main
42 Chapter 4 Indices and tables
PYTHON MODULE INDEX
ppymisp 7pymisptools 37pymisptoolsstix 40
43
PyMISP Documentation Release main
44 Python Module Index
INDEX
AAbstractMISP (class in pymisp) 23accept_attribute_proposal()
(pymispPyMISP method) 7add_attribute() (pymispMISPEvent method) 24add_attribute() (pymispMISPObject method) 28add_attribute() (pymispPyMISP method) 7add_attribute() (pymisptoolsFileObject method)
37add_attribute() (pymisptoolsVTReportObject
method) 39add_attribute_proposal() (pymispPyMISP
method) 7add_attribute_tag() (pymispMISPEvent
method) 24add_attributes() (pymispMISPObject method)
28add_attributes() (pymisptoolsFileObject
method) 37add_attributes() (pymisptoolsVTReportObject
method) 39add_event() (pymispPyMISP method) 7add_event_blacklist() (pymispPyMISP
method) 8add_feed() (pymispPyMISP method) 8add_object() (pymispMISPEvent method) 24add_object() (pymispPyMISP method) 8add_object_reference() (pymispPyMISP
method) 8add_org_to_sharing_group() (pymispPyMISP
method) 8add_organisation() (pymispPyMISP method) 8add_organisation_blacklist()
(pymispPyMISP method) 8add_proposal() (pymispMISPAttribute method) 26add_proposal() (pymispMISPEvent method) 24add_proposal() (pymispMISPObjectAttribute
method) 29add_reference() (pymispMISPObject method) 28add_reference() (pymisptoolsFileObject method)
37add_reference() (pymisptoolsVTReportObject
method) 39add_server() (pymispPyMISP method) 8add_server_to_sharing_group()
(pymispPyMISP method) 8add_shadow_attribute() (pymispMISPAttribute
method) 26add_shadow_attribute() (pymispMISPEvent
method) 24add_shadow_attribute()
(pymispMISPObjectAttribute method) 29add_sharing_group() (pymispPyMISP method) 8add_sighting() (pymispMISPAttribute method) 26add_sighting() (pymispMISPObjectAttribute
method) 29add_sighting() (pymispPyMISP method) 8add_tag() (pymispPyMISP method) 8add_user() (pymispPyMISP method) 9attributes_statistics() (pymispPyMISP
method) 9
Bbuild_complex_query() (pymispPyMISP
method) 9
Ccache_all_feeds() (pymispPyMISP method) 9cache_feed() (pymispPyMISP method) 9cache_freetext_feeds() (pymispPyMISP
method) 9cache_misp_feeds() (pymispPyMISP method) 9change_sharing_group_on_entity()
(pymispPyMISP method) 9change_user_password() (pymispPyMISP
method) 9clear() (pymispMISPAttribute method) 26clear() (pymispMISPEvent method) 24clear() (pymispMISPObject method) 28clear() (pymispMISPObjectAttribute method) 29clear() (pymispMISPObjectReference method) 31clear() (pymispMISPOrganisation method) 34clear() (pymispMISPTag method) 32clear() (pymispMISPUser method) 33
45
PyMISP Documentation Release main
clear() (pymisptoolsFileObject method) 37clear() (pymisptoolsVTReportObject method) 39communities() (pymispPyMISP method) 9compare_feeds() (pymispPyMISP method) 9contact_event_reporter() (pymispPyMISP
method) 9
Ddefault() (pymispMISPEncode method) 24delegate_event() (pymispPyMISP method) 10delete() (pymispMISPAttribute method) 26delete() (pymispMISPObjectAttribute method) 30delete_attribute() (pymispMISPEvent method)
24delete_attribute() (pymispPyMISP method) 10delete_attribute_proposal()
(pymispPyMISP method) 10delete_event() (pymispPyMISP method) 10delete_event_blacklist() (pymispPyMISP
method) 10delete_feed() (pymispPyMISP method) 10delete_object() (pymispPyMISP method) 10delete_object_reference() (pymispPyMISP
method) 10delete_organisation() (pymispPyMISP
method) 10delete_organisation_blacklist()
(pymispPyMISP method) 10delete_server() (pymispPyMISP method) 10delete_sharing_group() (pymispPyMISP
method) 10delete_sighting() (pymispPyMISP method) 10delete_tag() (pymispPyMISP method) 11delete_user() (pymispPyMISP method) 11delete_user_setting() (pymispPyMISP
method) 11describe_types_local() (pymispPyMISP prop-
erty) 11describe_types_remote() (pymispPyMISP
property) 11direct_call() (pymispPyMISP method) 11disable_feed() (pymispPyMISP method) 11disable_feed_cache() (pymispPyMISP method)
11disable_noticelist() (pymispPyMISP method)
11disable_tag() (pymispPyMISP method) 11disable_taxonomy() (pymispPyMISP method) 11disable_taxonomy_tags() (pymispPyMISP
method) 11disable_warninglist() (pymispPyMISP
method) 11discard_attribute_proposal()
(pymispPyMISP method) 12
Eedited() (pymispAbstractMISP property) 23edited() (pymispMISPAttribute property) 26edited() (pymispMISPEvent property) 24edited() (pymispMISPObject property) 28edited() (pymispMISPObjectAttribute property) 30edited() (pymispMISPObjectReference property) 31edited() (pymispMISPOrganisation property) 34edited() (pymispMISPTag property) 32edited() (pymispMISPUser property) 33edited() (pymisptoolsFileObject property) 37edited() (pymisptoolsVTReportObject property) 39enable_feed() (pymispPyMISP method) 12enable_feed_cache() (pymispPyMISP method)
12enable_noticelist() (pymispPyMISP method)
12enable_tag() (pymispPyMISP method) 12enable_taxonomy() (pymispPyMISP method) 12enable_taxonomy_tags() (pymispPyMISP
method) 12enable_warninglist() (pymispPyMISP method)
12event_blacklists() (pymispPyMISP method) 12event_delegations() (pymispPyMISP method)
12ExpandedPyMISP (in module pymisp) 23
Ffeeds() (pymispPyMISP method) 12fetch_feed() (pymispPyMISP method) 12FileObject (class in pymisptools) 37freetext() (pymispPyMISP method) 12from_dict() (pymispAbstractMISP method) 23from_dict() (pymispMISPAttribute method) 27from_dict() (pymispMISPEvent method) 25from_dict() (pymispMISPObject method) 28from_dict() (pymispMISPObjectAttribute method)
30from_dict() (pymispMISPObjectReference method)
31from_dict() (pymispMISPOrganisation method) 34from_dict() (pymispMISPTag method) 32from_dict() (pymispMISPUser method) 33from_dict() (pymisptoolsFileObject method) 37from_dict() (pymisptoolsVTReportObject method)
39from_json() (pymispAbstractMISP method) 23from_json() (pymispMISPAttribute method) 27from_json() (pymispMISPEvent method) 25from_json() (pymispMISPObject method) 28from_json() (pymispMISPObjectAttribute method)
30
46 Index
PyMISP Documentation Release main
from_json() (pymispMISPObjectReference method)31
from_json() (pymispMISPOrganisation method) 34from_json() (pymispMISPTag method) 32from_json() (pymispMISPUser method) 33from_json() (pymisptoolsFileObject method) 37from_json() (pymisptoolsVTReportObject method)
39
Ggalaxies() (pymispPyMISP method) 12generate_attributes() (pymisptoolsFileObject
method) 37generate_attributes()
(pymisptoolsVTReportObject method)39
get() (pymispMISPAttribute method) 27get() (pymispMISPEvent method) 25get() (pymispMISPObject method) 28get() (pymispMISPObjectAttribute method) 30get() (pymispMISPObjectReference method) 31get() (pymispMISPOrganisation method) 34get() (pymispMISPTag method) 32get() (pymispMISPUser method) 33get() (pymisptoolsFileObject method) 37get() (pymisptoolsVTReportObject method) 39get_all_functions() (pymispPyMISP method)
13get_attribute() (pymispPyMISP method) 13get_attribute_tag() (pymispMISPEvent
method) 25get_attributes_by_relation()
(pymispMISPObject method) 28get_attributes_by_relation()
(pymisptoolsFileObject method) 37get_attributes_by_relation()
(pymisptoolsVTReportObject method)39
get_community() (pymispPyMISP method) 13get_event() (pymispPyMISP method) 13get_feed() (pymispPyMISP method) 13get_galaxy() (pymispPyMISP method) 13get_noticelist() (pymispPyMISP method) 13get_object() (pymispPyMISP method) 13get_object_by_id() (pymispMISPEvent method)
25get_object_by_uuid() (pymispMISPEvent
method) 25get_object_template() (pymispPyMISP
method) 13get_objects_by_name() (pymispMISPEvent
method) 25get_organisation() (pymispPyMISP method) 13get_sync_config() (pymispPyMISP method) 13
get_tag() (pymispPyMISP method) 13get_taxonomy() (pymispPyMISP method) 13get_user() (pymispPyMISP method) 13get_user_setting() (pymispPyMISP method) 14get_warninglist() (pymispPyMISP method) 14
Hhas_attributes_by_relation()
(pymispMISPObject method) 28has_attributes_by_relation()
(pymisptoolsFileObject method) 37has_attributes_by_relation()
(pymisptoolsVTReportObject method)39
hash_values() (pymispMISPAttribute method) 27hash_values() (pymispMISPObjectAttribute
method) 30
Iimport_server() (pymispPyMISP method) 14items() (pymispMISPAttribute method) 27items() (pymispMISPEvent method) 25items() (pymispMISPObject method) 29items() (pymispMISPObjectAttribute method) 30items() (pymispMISPObjectReference method) 31items() (pymispMISPOrganisation method) 34items() (pymispMISPTag method) 32items() (pymispMISPUser method) 33items() (pymisptoolsFileObject method) 38items() (pymisptoolsVTReportObject method) 39
Jjsonable() (pymispAbstractMISP method) 23jsonable() (pymispMISPAttribute method) 27jsonable() (pymispMISPEvent method) 25jsonable() (pymispMISPObject method) 29jsonable() (pymispMISPObjectAttribute method)
30jsonable() (pymispMISPObjectReference method)
31jsonable() (pymispMISPOrganisation method) 34jsonable() (pymispMISPTag method) 32jsonable() (pymispMISPUser method) 33jsonable() (pymisptoolsFileObject method) 38jsonable() (pymisptoolsVTReportObject method)
39
Kkeys() (pymispMISPAttribute method) 27keys() (pymispMISPEvent method) 25keys() (pymispMISPObject method) 29keys() (pymispMISPObjectAttribute method) 30keys() (pymispMISPObjectReference method) 31keys() (pymispMISPOrganisation method) 34
Index 47
PyMISP Documentation Release main
keys() (pymispMISPTag method) 32keys() (pymispMISPUser method) 33keys() (pymisptoolsFileObject method) 38keys() (pymisptoolsVTReportObject method) 39known_types() (pymispMISPAttribute property) 27known_types() (pymispMISPObjectAttribute prop-
erty) 30
Lload() (pymispMISPEvent method) 25load_default_feeds() (pymispPyMISP method)
14load_file() (pymispMISPEvent method) 25load_openioc() (pymisptools method) 40load_openioc_file() (pymisptools method) 40load_stix() (in module pymisptoolsstix) 40
Mmake_stix_package() (in module
pymisptoolsstix) 40malware_binary() (pymispMISPAttribute prop-
erty) 27malware_binary() (pymispMISPObjectAttribute
property) 30misp_instance_version() (pymispPyMISP
property) 14misp_instance_version_master()
(pymispPyMISP property) 14MISPAttribute (class in pymisp) 26MISPEncode (class in pymisp) 24MISPEvent (class in pymisp) 24MISPObject (class in pymisp) 28MISPObjectAttribute (class in pymisp) 29MISPObjectReference (class in pymisp) 31MISPOrganisation (class in pymisp) 34MISPTag (class in pymisp) 32MISPUser (class in pymisp) 33module
pymisp 7pymisptools 37pymisptoolsstix 40
Nnoticelists() (pymispPyMISP method) 14
Oobject_templates() (pymispPyMISP method) 14organisation_blacklists() (pymispPyMISP
method) 14organisations() (pymispPyMISP method) 14
Ppop() (pymispMISPAttribute method) 27
pop() (pymispMISPEvent method) 25pop() (pymispMISPObject method) 29pop() (pymispMISPObjectAttribute method) 30pop() (pymispMISPObjectReference method) 31pop() (pymispMISPOrganisation method) 34pop() (pymispMISPTag method) 32pop() (pymispMISPUser method) 33pop() (pymisptoolsFileObject method) 38pop() (pymisptoolsVTReportObject method) 39popitem() (pymispMISPAttribute method) 27popitem() (pymispMISPEvent method) 25popitem() (pymispMISPObject method) 29popitem() (pymispMISPObjectAttribute method) 30popitem() (pymispMISPObjectReference method) 31popitem() (pymispMISPOrganisation method) 34popitem() (pymispMISPTag method) 32popitem() (pymispMISPUser method) 33popitem() (pymisptoolsFileObject method) 38popitem() (pymisptoolsVTReportObject method) 39publish() (pymispMISPEvent method) 25publish() (pymispPyMISP method) 14push_event_to_ZMQ() (pymispPyMISP method)
14pymisp
module 7PyMISP (class in pymisp) 7pymisptools
module 37pymisptoolsstix
module 40pymisp_version_main() (pymispPyMISP prop-
erty) 15
Rrecommended_pymisp_version()
(pymispPyMISP property) 15remote_acl() (pymispPyMISP method) 15remove_org_from_sharing_group()
(pymispPyMISP method) 15remove_server_from_sharing_group()
(pymispPyMISP method) 15roles() (pymispPyMISP method) 15
Ssearch() (pymispPyMISP method) 15search_feeds() (pymispPyMISP method) 17search_index() (pymispPyMISP method) 18search_logs() (pymispPyMISP method) 18search_sightings() (pymispPyMISP method) 19server_pull() (pymispPyMISP method) 20server_push() (pymispPyMISP method) 20servers() (pymispPyMISP method) 20set_date() (pymispMISPEvent method) 25
48 Index
PyMISP Documentation Release main
set_not_jsonable() (pymispAbstractMISPmethod) 23
set_not_jsonable() (pymispMISPAttributemethod) 27
set_not_jsonable() (pymispMISPEvent method)25
set_not_jsonable() (pymispMISPObjectmethod) 29
set_not_jsonable() (pymispMISPObjectAttributemethod) 30
set_not_jsonable()(pymispMISPObjectReference method)31
set_not_jsonable() (pymispMISPOrganisationmethod) 35
set_not_jsonable() (pymispMISPTag method)32
set_not_jsonable() (pymispMISPUser method)33
set_not_jsonable() (pymisptoolsFileObjectmethod) 38
set_not_jsonable()(pymisptoolsVTReportObject method)39
set_user_setting() (pymispPyMISP method) 20setdefault() (pymispMISPAttribute method) 27setdefault() (pymispMISPEvent method) 25setdefault() (pymispMISPObject method) 29setdefault() (pymispMISPObjectAttribute
method) 30setdefault() (pymispMISPObjectReference
method) 31setdefault() (pymispMISPOrganisation method)
35setdefault() (pymispMISPTag method) 33setdefault() (pymispMISPUser method) 34setdefault() (pymisptoolsFileObject method) 38setdefault() (pymisptoolsVTReportObject
method) 40sharing_groups() (pymispPyMISP method) 20sightings() (pymispPyMISP method) 20
Ttag() (pymispPyMISP method) 20tags() (pymispMISPAttribute property) 27tags() (pymispMISPEvent property) 26tags() (pymispMISPObjectAttribute property) 30tags() (pymispPyMISP method) 20tags_statistics() (pymispPyMISP method) 20taxonomies() (pymispPyMISP method) 20to_dict() (pymispAbstractMISP method) 23to_dict() (pymispMISPAttribute method) 27to_dict() (pymispMISPEvent method) 26to_dict() (pymispMISPObject method) 29
to_dict() (pymispMISPObjectAttribute method) 30to_dict() (pymispMISPObjectReference method) 32to_dict() (pymispMISPOrganisation method) 35to_dict() (pymispMISPTag method) 33to_dict() (pymispMISPUser method) 34to_dict() (pymisptoolsFileObject method) 38to_dict() (pymisptoolsVTReportObject method) 40to_feed() (pymispMISPEvent method) 26to_json() (pymispAbstractMISP method) 23to_json() (pymispMISPAttribute method) 27to_json() (pymispMISPEvent method) 26to_json() (pymispMISPObject method) 29to_json() (pymispMISPObjectAttribute method) 31to_json() (pymispMISPObjectReference method) 32to_json() (pymispMISPOrganisation method) 35to_json() (pymispMISPTag method) 33to_json() (pymispMISPUser method) 34to_json() (pymisptoolsFileObject method) 38to_json() (pymisptoolsVTReportObject method) 40toggle_warninglist() (pymispPyMISP method)
20
Uunpublish() (pymispMISPEvent method) 26untag() (pymispPyMISP method) 21update() (pymispMISPAttribute method) 28update() (pymispMISPEvent method) 26update() (pymispMISPObject method) 29update() (pymispMISPObjectAttribute method) 31update() (pymispMISPObjectReference method) 32update() (pymispMISPOrganisation method) 35update() (pymispMISPTag method) 33update() (pymispMISPUser method) 34update() (pymisptoolsFileObject method) 38update() (pymisptoolsVTReportObject method) 40update_attribute() (pymispPyMISP method) 21update_attribute_proposal()
(pymispPyMISP method) 21update_event() (pymispPyMISP method) 21update_event_blacklist() (pymispPyMISP
method) 21update_feed() (pymispPyMISP method) 21update_galaxies() (pymispPyMISP method) 21update_not_jsonable() (pymispAbstractMISP
method) 23update_not_jsonable() (pymispMISPAttribute
method) 28update_not_jsonable() (pymispMISPEvent
method) 26update_not_jsonable() (pymispMISPObject
method) 29update_not_jsonable()
(pymispMISPObjectAttribute method) 31
Index 49
PyMISP Documentation Release main
update_not_jsonable()(pymispMISPObjectReference method)32
update_not_jsonable()(pymispMISPOrganisation method) 35
update_not_jsonable() (pymispMISPTagmethod) 33
update_not_jsonable() (pymispMISPUsermethod) 34
update_not_jsonable() (pymisptoolsFileObjectmethod) 38
update_not_jsonable()(pymisptoolsVTReportObject method)40
update_noticelists() (pymispPyMISP method)21
update_object() (pymispPyMISP method) 21update_object_templates() (pymispPyMISP
method) 21update_organisation() (pymispPyMISP
method) 21update_organisation_blacklist()
(pymispPyMISP method) 21update_server() (pymispPyMISP method) 22update_tag() (pymispPyMISP method) 22update_taxonomies() (pymispPyMISP method)
22update_user() (pymispPyMISP method) 22update_warninglists() (pymispPyMISP
method) 22upload_stix() (pymispPyMISP method) 22user_registrations() (pymispPyMISP method)
22user_settings() (pymispPyMISP method) 22users() (pymispPyMISP method) 22users_statistics() (pymispPyMISP method) 22
Vvalues() (pymispMISPAttribute method) 28values() (pymispMISPEvent method) 26values() (pymispMISPObject method) 29values() (pymispMISPObjectAttribute method) 31values() (pymispMISPObjectReference method) 32values() (pymispMISPOrganisation method) 35values() (pymispMISPTag method) 33values() (pymispMISPUser method) 34values() (pymisptoolsFileObject method) 38values() (pymisptoolsVTReportObject method) 40values_in_warninglist() (pymispPyMISP
method) 22version() (pymispPyMISP property) 22VTReportObject (class in pymisptools) 38
Wwarninglists() (pymispPyMISP method) 22
50 Index
- README
- pymisp
- PyMISP
- PyMISPExpanded (Python 36+ only)
- MISPAbstract
- MISPEncode
- MISPEvent
- MISPAttribute
- MISPObject
- MISPObjectAttribute
- MISPObjectReference
- MISPTag
- MISPUser
- MISPOrganisation
- pymisp - Tools
- File Object
- ELF Object
- PE Object
- Mach-O Object
- VT Report Object
- STIX
- OpenIOC
- Indices and tables
- Python Module Index
- Index
CONTENTS
1 README 3
2 pymisp 721 PyMISP 722 PyMISPExpanded (Python 36+ only) 2323 MISPAbstract 2324 MISPEncode 2425 MISPEvent 2426 MISPAttribute 2627 MISPObject 2828 MISPObjectAttribute 2929 MISPObjectReference 31210 MISPTag 32211 MISPUser 33212 MISPOrganisation 34
3 pymisp - Tools 3731 File Object 3732 ELF Object 3833 PE Object 3834 Mach-O Object 3835 VT Report Object 3836 STIX 4037 OpenIOC 40
4 Indices and tables 41
Python Module Index 43
Index 45
i
ii
PyMISP Documentation Release main
Contents
IMPORTANT NOTE This library will require at least python 36 starting the 1st of January 2020 If you have tolegacy versions of python please use PyMISP v241191 and consider updating your system(s) Anything releasedwithin the last 2 years will do starting with Ubuntu 1804
CONTENTS 1
PyMISP Documentation Release main
2 CONTENTS
CHAPTER
ONE
README
[[Documentation Status](httpsreadthedocsorgprojectspymispbadgeversion=latest)](httppymispreadthedocsiobadge=latest) [[Build Status](httpstravis-ciorgMISPPyMISPsvgbranch=main)](httpstravis-ciorgMISPPyMISP) [[Coverage Status](httpscoverallsioreposgithubMISPPyMISPbadgesvgbranch=main)](httpscoverallsiogithubMISPPyMISPbranch=main) [[Python 36](httpsimgshieldsiobadgepython-36+-bluesvg)](httpswwwpythonorgdownloadsreleasepython-360) [[PyPi ver-sion](httpsimgshieldsiopypivpymispsvg)](httpspypipythonorgpypipymisp) [[Number of PyPI down-loads](httpsimgshieldsiopypidmpymispsvg)](httpspypipythonorgpypipymisp)
PyMISP - Python Library to access MISP
PyMISP is a Python library to access [MISP](httpsgithubcomMISPMISP) platforms via their REST API
PyMISP allows you to fetch events add or update eventsattributes add or update samples or search for attributes
Install from pip
It is strongly recommended to use a virtual environment
If you want to know more about virtual environments [python has you covered](httpsdocspythonorg3tutorialvenvhtml)
Only basic dependencies ` pip3 install pymisp `
With optional dependencies ` pip3 install pymisp[fileobjectsopeniocvirustotal] `
Install the latest version from repo from development purposes
Note poetry is required
` git clone httpsgithubcomMISPPyMISPgit ampamp cd PyMISP git submoduleupdate --init poetry install -E fileobjects -E openioc -E virustotal -E docs-E pdfexport `
Running the tests
`bash poetry run nosetests-34 --with-coverage --cover-package=pymisptests--cover-tests teststest_py `
If you have a MISP instance to test against you can also run the live ones
Note You need to update the key in teststestlive_comprehensivepy to the automation key of your admin account
`bash poetry run nosetests-34 --with-coverage --cover-package=pymisptests--cover-tests teststestlive_comprehensivepy `
Samples and how to use PyMISP
Various examples and samples scripts are in the [examples](examples) directory
In the examples directory you will need to change the keyspysample to enter your MISP url and API key
3
PyMISP Documentation Release main
` cd examples cp keyspysample keyspy vim keyspy `
The API key of MISP is available in the Automation section of the MISP web interface
To test if your URL and API keys are correct you can test with exampleslastpy to fetch the events pub-lished in the last x amount of time (supported time indicators days (d) hours (h) and minutes (m))lastpy ` cd examples python3 lastpy -l 10h 10 hours python3 lastpy -l 5d 5days python3 lastpy -l 45m 45 minutes `
Debugging
You have two options there
1 Pass debug=True to PyMISP and it will enable loggingDEBUG to stderr on the whole module
2 Use the python logging module directly
```python
import logging logger = logginggetLogger(lsquopymisprsquo)
Configure it as you whish for example enable DEBUG mode loggersetLevel(loggingDEBUG) ```
Or if you want to write the debug output to a file instead of stderr
```python import pymisp import logging
logger = logginggetLogger(lsquopymisprsquo) loggingbasicConfig(level=loggingDEBUG filename=rdquodebuglogrdquo file-mode=rsquowrsquo format=pymispFORMAT) ```
Test cases
1 The content of mispeventpy is tested on every commit
2 The tests cases that require a running MISP instance can be run the following way
```bash From poetry
nosetests-34 -s ndashwith-coverage ndashcover-package=pymisptests ndashcover-tests teststestlive_comprehensivepyTestComprehensive[test_name]
```
Documentation
The documentation is available [here](httpspymispreadthedocsioenlatest)
Jupyter notebook
A series of [Jupyter notebooks for PyMISP tutorial](httpsgithubcomMISPPyMISPtreemaindocstutorial) areavailable in the repository
Everything is a Mutable Mapping
or at least everything that can be importedexported fromto a json blob
AbstractMISP is the master class and inherit collectionsMutableMapping which means the class can be representedas a python dictionary
The abstraction assumes every property that should not be seen in the dictionary is prepended with a _ or its name isadded to the private list __not_jsonable (accessible through update_not_jsonable and set_not_jsonable
This master class has helpers that will make it easy to load and export to and from a json string
MISPEvent MISPAttribute MISPObjectReference MISPObjectAttribute and MISPObject are subclasses of Abstract-MISP which mean that they can be handled as python dictionaries
MISP Objects
4 Chapter 1 README
PyMISP Documentation Release main
Creating a new MISP object generator should be done using a pre-defined template and inherit AbstractMISPObject-Generator
Your new MISPObject generator need to generate attributes and add them as class properties using add_attribute
When the object is sent to MISP all the class properties will be exported to the JSON export
5
PyMISP Documentation Release main
6 Chapter 1 README
CHAPTER
TWO
PYMISP
21 PyMISP
class pymispPyMISP(url key ssl=True debug=False proxies= cert=None auth=None tool=timeout=None)
Python API for MISP
Parameters
bull url (str) ndash URL of the MISP instance you want to connect to
bull key (str) ndash API key of the user you want to use
bull ssl (bool) ndash can be True or False (to check or to not check the validity of the certificateOr a CA_BUNDLE in case of self signed or other certificate (the concatenation of all thecrt of the chain)
bull debug (bool) ndash Write all the debug information to stderr
bull proxies (Mapping) ndash Proxy dict as describes here httpdocspython-requestsorgenmasteruseradvancedproxies
bull cert (Optional[Tuple[str tuple]]) ndash Client certificate as described there httpdocspython-requestsorgenmasteruseradvancedclient-side-certificates
bull auth (Optional[AuthBase]) ndash The auth parameter is passed directly to requests asdescribed here httpdocspython-requestsorgenmasteruserauthentication
bull tool (str) ndash The software using PyMISP (string) used to set a unique user-agent
bull timeout (Union[float Tuple[float float] None]) ndash Timeout as describedhere httpsrequestsreadthedocsioenmasteruseradvancedtimeouts
accept_attribute_proposal(proposal)Accept a proposal
Return type Dict
add_attribute(event attribute pythonify=False)Add an attribute to an existing MISP event NOTE MISP 24113+ you can pass a list of attributes Inthat case the pythonified response is the following lsquoattributesrsquo [MISPAttribute] lsquoerrorsrsquo errors byattributes
Return type Union[Dict MISPAttribute MISPShadowAttribute]
add_attribute_proposal(event attribute pythonify=False)Propose a new attribute in an event
Return type Union[Dict MISPShadowAttribute]
7
PyMISP Documentation Release main
add_event(event pythonify=False)Add a new event on a MISP instance
Return type Union[Dict MISPEvent]
add_event_blacklist(uuids comment=None event_info=None event_orgc=None)Add a new event in the blacklist
Return type Dict
add_feed(feed pythonify=False)Add a new feed on a MISP instance
Return type Union[Dict MISPFeed]
add_object(event misp_object pythonify=False)Add a MISP Object to an existing MISP event
Return type Union[Dict MISPObject]
add_object_reference(misp_object_reference pythonify=False)Add a reference to an object
Return type Union[Dict MISPObjectReference]
add_org_to_sharing_group(sharing_group organisation extend=False)Add an organisation to a sharing group sharing_group Sharing grouprsquos local instance ID or Sharinggrouprsquos global UUID organisation Organisationrsquos local instance ID or Organisationrsquos global UUID orOrganisationrsquos name as known to the curent instance extend Allow the organisation to extend the group
Return type Dict
add_organisation(organisation pythonify=False)Add an organisation
Return type Union[Dict MISPOrganisation]
add_organisation_blacklist(uuids comment=None org_name=None)Add a new organisation in the blacklist
Return type Dict
add_server(server pythonify=False)Add a server to synchronise with Note You probably want to use ExpandedPyMISPget_sync_config andExpandedPyMISPimport_server instead
Return type Union[Dict MISPServer]
add_server_to_sharing_group(sharing_group server all_orgs=False)Add a server to a sharing group sharing_group Sharing grouprsquos local instance ID or Sharing grouprsquosglobal UUID server Serverrsquos local instance ID or URL of the Server or Serverrsquos name as known to thecurent instance all_orgs Add all the organisations of the server to the group
Return type Dict
add_sharing_group(sharing_group pythonify=False)Add a new sharing group
Return type Union[Dict MISPSharingGroup]
add_sighting(sighting attribute=None pythonify=False)Add a new sighting (globally or to a specific attribute)
Return type Union[Dict MISPSighting]
8 Chapter 2 pymisp
PyMISP Documentation Release main
add_tag(tag pythonify=False)Add a new tag on a MISP instance Notes
bull The user calling this method needs the Tag Editor permission
bull It doesnrsquot add a tag to an event simply create it on a MISP instance
Return type Union[Dict MISPTag]
add_user(user pythonify=False)Add a new user
Return type Union[Dict MISPUser]
attributes_statistics(context=type percentage=False)Get attributes statistics from the MISP instance
Return type Dict
build_complex_query(or_parameters=None and_parameters=None not_parameters=None)Build a complex search query MISP expects a dictionary with AND OR and NOT keys
Return type Dict[str List[~SearchType]]
cache_all_feeds()Cache all the feeds
Return type Dict
cache_feed(feed)Cache a specific feed
Return type Dict
cache_freetext_feeds()Cache all the freetext feeds
Return type Dict
cache_misp_feeds()Cache all the MISP feeds
Return type Dict
change_sharing_group_on_entity(misp_entity sharing_group_id pythonify=False)Change the sharing group of an event an attribute or an object
Return type Union[Dict MISPEvent MISPObject MISPAttributeMISPShadowAttribute]
change_user_password(new_password)Thange the password of the curent user
Return type Dict
communities(pythonify=False)Get all the communities
Return type Union[Dict List[MISPCommunity]]
compare_feeds()Generate the comparison matrix for all the MISP feeds
Return type Dict
21 PyMISP 9
PyMISP Documentation Release main
contact_event_reporter(event message)Send a message to the reporter of an event
Return type Dict
delegate_event(event=None organisation=None event_delegation=None distribution=- 1 mes-sage= pythonify=False)
Note distribution == -1 means recipient decides
Return type Union[Dict MISPEventDelegation]
delete_attribute(attribute hard=False)Delete an attribute from a MISP instance
Return type Dict
delete_attribute_proposal(attribute)Propose the deletion of an attribute
Return type Dict
delete_event(event)Delete an event from a MISP instance
Return type Dict
delete_event_blacklist(event_blacklist)Delete a blacklisted event
Return type Dict
delete_feed(feed)Delete a feed from a MISP instance
Return type Dict
delete_object(misp_object)Delete an object from a MISP instance
Return type Dict
delete_object_reference(object_reference)Delete a reference to an object
Return type Dict
delete_organisation(organisation)Delete an organisation
Return type Dict
delete_organisation_blacklist(organisation_blacklist)Delete a blacklisted organisation
Return type Dict
delete_server(server)Delete a sync server
Return type Dict
delete_sharing_group(sharing_group)Delete a sharing group
Return type Dict
10 Chapter 2 pymisp
PyMISP Documentation Release main
delete_sighting(sighting)Delete a sighting from a MISP instance
Return type Dict
delete_tag(tag)Delete an attribute from a MISP instance
Return type Dict
delete_user(user)Delete a user
Return type Dict
delete_user_setting(user_setting user=None)Delete a user setting
Return type Dict
property describe_types_localReturns the content of describe types from the package
Return type Dict
property describe_types_remoteReturns the content of describe types from the remote instance
Return type Dict
direct_call(url data=None params= kw_params=)Very lightweight call that posts a data blob (python dictionary or json string) on the URL
Return type Any
disable_feed(feed pythonify=False)Disable a feed
Return type Union[Dict MISPFeed]
disable_feed_cache(feed pythonify=False)Disable the caching of a feed
Return type Union[Dict MISPFeed]
disable_noticelist(noticelist)Disable a noticelist by id
Return type Dict
disable_tag(tag pythonify=False)Disable a tag
Return type Union[Dict MISPTag]
disable_taxonomy(taxonomy)Disable a taxonomy
Return type Dict
disable_taxonomy_tags(taxonomy)Disable all the tags of a taxonomy
Return type Dict
disable_warninglist(warninglist)Disable a warninglist
21 PyMISP 11
PyMISP Documentation Release main
Return type Dict
discard_attribute_proposal(proposal)Discard a proposal
Return type Dict
enable_feed(feed pythonify=False)Enable a feed (fetching it will create event(s)
Return type Union[Dict MISPFeed]
enable_feed_cache(feed pythonify=False)Enable the caching of a feed
Return type Union[Dict MISPFeed]
enable_noticelist(noticelist)Enable a noticelist by id
Return type Dict
enable_tag(tag pythonify=False)Enable a tag
Return type Union[Dict MISPTag]
enable_taxonomy(taxonomy)Enable a taxonomy
Return type Dict
enable_taxonomy_tags(taxonomy)Enable all the tags of a taxonomy NOTE this automatically done when you call enable_taxonomy
Return type Dict
enable_warninglist(warninglist)Enable a warninglist
Return type Dict
event_blacklists(pythonify=False)Get all the blacklisted events
Return type Union[Dict List[MISPEventBlacklist]]
event_delegations(pythonify=False)Get all the event delegations
Return type Union[Dict List[MISPEventDelegation]]
feeds(pythonify=False)Get the list of existing feeds
Return type Union[Dict List[MISPFeed]]
fetch_feed(feed)Fetch one single feed
Return type Dict
freetext(event string adhereToWarninglists=False distribution=None returnMetaAttributes=Falsepythonify=False kwargs)
Pass a text to the freetext importer
Return type Union[Dict List[MISPAttribute]]
12 Chapter 2 pymisp
PyMISP Documentation Release main
galaxies(pythonify=False)Get all the galaxies
Return type Union[Dict List[MISPGalaxy]]
get_all_functions(not_implemented=False)Get all methods available vi the API allow to get the ones that are not implemented
get_attribute(attribute pythonify=False)Get an attribute from a MISP instance
Return type Union[Dict MISPAttribute]
get_community(community pythonify=False)Get an community from a MISP instance
Return type Union[Dict MISPCommunity]
get_event(event deleted=False extended=False pythonify=False)Get an event from a MISP instance
Return type Union[Dict MISPEvent]
get_feed(feed pythonify=False)Get a feed by id
Return type Union[Dict MISPFeed]
get_galaxy(galaxy pythonify=False)Get a galaxy by id
Return type Union[Dict MISPGalaxy]
get_noticelist(noticelist pythonify=False)Get a noticelist by id
Return type Union[Dict MISPNoticelist]
get_object(misp_object pythonify=False)Get an object from the remote MISP instance
Return type Union[Dict MISPObject]
get_object_template(object_template pythonify=False)Gets the full object template corresponting the UUID passed as parameter
Return type Union[Dict MISPObjectTemplate]
get_organisation(organisation pythonify=False)Get an organisation
Return type Union[Dict MISPOrganisation]
get_sync_config(pythonify=False)WARNING This method only works if the user calling it is a sync user
Return type Union[Dict MISPServer]
get_tag(tag pythonify=False)Get a tag by id
Return type Union[Dict MISPTag]
get_taxonomy(taxonomy pythonify=False)Get a taxonomy from a MISP instance
Return type Union[Dict MISPTaxonomy]
21 PyMISP 13
PyMISP Documentation Release main
get_user(user=me pythonify=False expanded=False)Get a user me means the owner of the API key doing the query expanded also returns a MISPRole and aMISPUserSetting
Return type Union[Dict MISPUser Tuple[MISPUser MISPRoleList[MISPUserSetting]]]
get_user_setting(user_setting user=None pythonify=False)Get an user setting
Return type Union[Dict MISPUserSetting]
get_warninglist(warninglist pythonify=False)Get a warninglist
Return type Union[Dict MISPWarninglist]
import_server(server pythonify=False)Import a sync server config received from get_sync_config
Return type Union[Dict MISPServer]
load_default_feeds()Load all the default feeds
Return type Dict
property misp_instance_versionReturns the version of the instance
Return type Dict
property misp_instance_version_masterGet the most recent version from github
Return type Dict
noticelists(pythonify=False)Get all the noticelists
Return type Union[Dict List[MISPNoticelist]]
object_templates(pythonify=False)Get all the object templates
Return type Union[Dict List[MISPObjectTemplate]]
organisation_blacklists(pythonify=False)Get all the blacklisted organisations
Return type Union[Dict List[MISPOrganisationBlacklist]]
organisations(scope=local pythonify=False)Get all the organisations
Return type Union[Dict List[MISPOrganisation]]
publish(event alert=False)Publish the event with one single HTTP POST The default is to not send a mail as it is assumed thismethod is called on update
Return type Dict
push_event_to_ZMQ(event)Force push an event on ZMQ
14 Chapter 2 pymisp
PyMISP Documentation Release main
Return type Dict
property pymisp_version_mainGet the most recent version of PyMISP from github
Return type Dict
property recommended_pymisp_versionReturns the recommended API version from the server
Return type Dict
remote_acl(debug_type=findMissingFunctionNames)This should return an empty list unless the ACL is outdated debug_type can only be printAllFunction-Names findMissingFunctionNames or printRoleAccess
Return type Dict
remove_org_from_sharing_group(sharing_group organisation)Remove an organisation from a sharing group sharing_group Sharing grouprsquos local instance ID orSharing grouprsquos global UUID organisation Organisationrsquos local instance ID or Organisationrsquos globalUUID or Organisationrsquos name as known to the curent instance
Return type Dict
remove_server_from_sharing_group(sharing_group server)Remove a server from a sharing group sharing_group Sharing grouprsquos local instance ID or Sharinggrouprsquos global UUID server Serverrsquos local instance ID or URL of the Server or Serverrsquos name as knownto the curent instance
Return type Dict
roles(pythonify=False)Get the existing roles
Return type Union[Dict List[MISPRole]]
search(controller=events return_format=json limit=None page=None value=Nonetype_attribute=None category=None org=None tags=None quick_filter=None quick-Filter=None date_from=None date_to=None eventid=None with_attachments=NonewithAttachments=None metadata=None uuid=None publish_timestamp=Nonelast=None timestamp=None published=None enforce_warninglist=None enforceWarn-inglist=None to_ids=None deleted=None include_event_uuid=None includeEventU-uid=None include_event_tags=None includeEventTags=None event_timestamp=Nonesg_reference_only=None eventinfo=None searchall=None requested_attributes=None in-clude_context=None includeContext=None headerless=None include_sightings=NoneincludeSightings=None include_correlations=None includeCorrelations=None in-clude_decay_score=None includeDecayScore=None object_name=None pythonify=Falsekwargs)
Search in the MISP instance
Parameters
bull return_format (str) ndash Set the return format of the search (Currently supported jsonxml openioc suricata snort - more formats are being moved to restSearch with the goalbeing that all searches happen through this API) Can be passed as the first parameter afterrestSearch or via the JSON payload
bull limit (Optional[int]) ndash Limit the number of results returned depending on thescope (for example 10 attributes or 10 full events)
bull page (Optional[int]) ndash If a limit is set sets the page to be returned page 3 limit 100will return records 201-gt300)
21 PyMISP 15
PyMISP Documentation Release main
bull value (Optional[~SearchParameterTypes]) ndash Search for the given value in the at-tributesrsquo value field
bull type_attribute (Optional[~SearchParameterTypes]) ndash The attribute type anyvalid MISP attribute type is accepted
bull category (Optional[~SearchParameterTypes]) ndash The attribute category any validMISP attribute category is accepted
bull org (Optional[~SearchParameterTypes]) ndash Search by the creator organisation by sup-plying the organisation identifier
bull tags (Optional[~SearchParameterTypes]) ndash Tags to search or to exclude You canpass a list or the output of build_complex_query
bull quick_filter (Optional[str]) ndash The string passed to this field will ignore all ofthe other arguments MISP will return an xml json (depending on the header sent) of allevents that have a sub-string match on value in the event info event orgc or any of theattribute value1 value2 fields or in the attribute comment
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull eventid (Optional[~SearchType]) ndash The events that should be included excludedfrom the search
bull with_attachments (Optional[bool]) ndash If set encodes the attachments zippedmalware samples as base64 in the data field within each attribute
bull metadata (Optional[bool]) ndash Only the metadata (event tags relations) is returnedattributes and proposals are omitted
bull uuid (Optional[str]) ndash Restrict the results by uuid
bull publish_timestamp (Union[date int str float NoneTuple[Union[date int str float None] Union[date int str floatNone]]]) ndash Restrict the results by the last publish timestamp (newer than)
bull timestamp (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash Restrict the resultsby the timestamp (last edit) Any event with a timestamp newer than the given timestampwill be returned In case you are dealing with attributes as scope the attributersquos timestampwill be used for the lookup
bull published (Optional[bool]) ndash Set whether published or unpublished events shouldbe returned Do not set the parameter if you want both
bull enforce_warninglist (Optional[bool]) ndash Remove any attributes from the resultthat would cause a hit on a warninglist entry
bull to_ids (Union[~ToIDSType List[~ToIDSType] None]) ndash By default all attributesare returned that match the other filter parameters irregardless of their to_ids setting Torestrict the returned data set to to_ids only attributes set this parameter to 1 0 for the oneswith to_ids set to False
bull deleted (Optional[str]) ndash If this parameter is set to 1 it will only return soft-deletedattributes [ldquo0rdquo ldquo1rdquo] will return the active ones as well as the soft-deleted ones
bull include_event_uuid (Optional[bool]) ndash Instead of just including the event IDalso include the event UUID in each of the attributes
16 Chapter 2 pymisp
PyMISP Documentation Release main
bull include_event_tags (Optional[bool]) ndash Include the event level tags in each ofthe attributes
bull event_timestamp (Union[date int str float None]) ndash Only return at-tributes from events that have received a modification after the given timestamp
bull sg_reference_only (Optional[bool]) ndash If this flag is set sharing group objectswill not be included instead only the sharing group ID is set
bull eventinfo (Optional[str]) ndash Filter on the eventrsquos info field
bull searchall (Optional[bool]) ndash Search for a full or a substring (delimited by forsubstrings) in the event info event tags attribute tags attribute values or attribute commentfields
bull requested_attributes (Optional[str]) ndash [CSV only] Select the fields that youwish to include in the CSV export By setting event level fields additionally includeCon-text is not required to get event metadata
bull include_context (Optional[bool]) ndash [Attribute only] Include the event data witheach attribute [CSV output] Add event level metadata in every line of the CSV
bull headerless (Optional[bool]) ndash [CSV Only] The CSV created when this setting isset to true will not contain the header row
bull include_sightings (Optional[bool]) ndash [JSON Only - Attribute] Include thesightings of the matching attributes
bull include_decay_score (Optional[bool]) ndash Include the decay score at attributelevel
bull include_correlations (Optional[bool]) ndash [JSON Only - attribute] Include thecorrelations of the matching attributes
bull object_name (Optional[str]) ndash [objects controller only] Search for objects withthat name
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead of the plainjson output Warning it might use a lot of RAM
Deprecated
Parameters
bull quickFilter (Optional[str]) ndash synponym for quick_filter
bull withAttachments (Optional[bool]) ndash synonym for with_attachments
bull last (Union[date int str float None Tuple[Union[date int strfloat None] Union[date int str float None]]]) ndash synonym for pub-lish_timestamp
bull enforceWarninglist (Optional[bool]) ndash synonym for enforce_warninglist
bull includeEventUuid (Optional[bool]) ndash synonym for include_event_uuid
bull includeEventTags (Optional[bool]) ndash synonym for include_event_tags
bull includeContext (Optional[bool]) ndash synonym for include_context
Return type Union[Dict str List[Union[MISPEvent MISPAttributeMISPObject]]]
search_feeds(value=None pythonify=False)Search in the feeds cached on the servers
21 PyMISP 17
PyMISP Documentation Release main
Return type Union[Dict List[MISPFeed]]
search_index(published=None eventid=None tags=None date_from=None date_to=Noneeventinfo=None threatlevel=None distribution=None analysis=None org=Nonetimestamp=None pythonify=None)
Search only at the index level Using in front of a value means NOT (default is OR)
Parameters
bull published (Optional[bool]) ndash Set whether published or unpublished events shouldbe returned Do not set the parameter if you want both
bull eventid (Optional[~SearchType]) ndash The events that should be included excludedfrom the search
bull tags (Optional[~SearchParameterTypes]) ndash Tags to search or to exclude You canpass a list or the output of build_complex_query
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull eventinfo (Optional[str]) ndash Filter on the eventrsquos info field
bull threatlevel (Optional[List[~SearchType]]) ndash Threat level(s) (1234) | list
bull distribution (Optional[List[~SearchType]]) ndash Distribution level(s) (0123) |list
bull analysis (Optional[List[~SearchType]]) ndash Analysis level(s) (012) | list
bull org (Optional[~SearchParameterTypes]) ndash Search by the creator organisation by sup-plying the organisation identifier
bull timestamp (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash Restrict the resultsby the timestamp (last edit) Any event with a timestamp newer than the given timestampwill be returned In case you are dealing with attributes as scope the attributersquos timestampwill be used for the lookup
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead or the plainjson output Warning it might use a lot of RAM
Return type Union[Dict List[MISPEvent]]
search_logs(limit=None page=None log_id=None title=None created=None model=None ac-tion=None user_id=None change=None email=None org=None description=Noneip=None pythonify=False)
Search in logs
Note to run substring queries simply appendprependencapsulate the search term with
Parameters
bull limit (Optional[int]) ndash Limit the number of results returned depending on thescope (for example 10 attributes or 10 full events)
bull page (Optional[int]) ndash If a limit is set sets the page to be returned page 3 limit 100will return records 201-gt300)
bull log_id (Optional[int]) ndash Log ID
bull title (Optional[str]) ndash Log Title
18 Chapter 2 pymisp
PyMISP Documentation Release main
bull created (Union[date int str float None]) ndash Creation timestamp
bull model (Optional[str]) ndash Model name that generated the log entry
bull action (Optional[str]) ndash The thing that was done
bull user_id (Optional[int]) ndash ID of the user doing the action
bull change (Optional[str]) ndash Change that occured
bull email (Optional[str]) ndash Email of the user
bull org (Optional[str]) ndash Organisation of the User doing the action
bull description (Optional[str]) ndash Description of the action
bull ip (Optional[str]) ndash Origination IP of the User doing the action
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead or the plainjson output Warning it might use a lot of RAM
Return type Union[Dict List[MISPLog]]
search_sightings(context=None context_id=None type_sighting=None date_from=Nonedate_to=None publish_timestamp=None last=None org=None source=Noneinclude_attribute=None include_event_meta=None pythonify=False)
Search sightings
Parameters
bull context (Optional[str]) ndash The context of the search Can be either ldquoattributerdquoldquoeventrdquo or nothing (will then match on events and attributes)
bull context_id (Optional[~SearchType]) ndash Only relevant if context is either ldquoattributerdquoor ldquoeventrdquo Then it is the relevant ID
bull type_sighting (Optional[str]) ndash Type of sighting
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull publish_timestamp (Union[date int str float NoneTuple[Union[date int str float None] Union[date int str floatNone]]]) ndash Restrict the results by the last publish timestamp (newer than)
bull org (Optional[~SearchType]) ndash Search by the creator organisation by supplying theorganisation identifier
bull source (Optional[str]) ndash Source of the sighting
bull include_attribute (Optional[bool]) ndash Include the attribute
bull include_event_meta (Optional[bool]) ndash Include the meta information of theevent
Deprecated
Parameters last (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash synonym for pub-lish_timestamp
Example
21 PyMISP 19
PyMISP Documentation Release main
gtgtgt mispsearch_sightings(publish_timestamp=30d) search sightings for therarr˓last 30 days on the instance[ ]gtgtgt mispsearch_sightings(context=attribute context_id=6 include_rarr˓attribute=True) return list of sighting for attribute 6 along with therarr˓attribute itself[ ]gtgtgt mispsearch_sightings(context=event context_id=17 include_event_rarr˓meta=True org=2) return list of sighting for event 17 filtered with orgrarr˓id 2
Return type Union[Dict List[Dict[str Union[MISPEvent MISPAttributeMISPSighting]]]]
server_pull(server event=None)Initialize a pull from a sync server
Return type Dict
server_push(server event=None)Initialize a push to a sync server
Return type Dict
servers(pythonify=False)Get the existing servers the MISP instance can synchronise with
Return type Union[Dict List[MISPServer]]
set_user_setting(user_setting value user=None pythonify=False)Get an user setting
Return type Union[Dict MISPUserSetting]
sharing_groups(pythonify=False)Get the existing sharing groups
Return type Union[Dict List[MISPSharingGroup]]
sightings(misp_entity=None org=None pythonify=False)Get the list of sighting related to a MISPEvent or a MISPAttribute (depending on type of misp_entity)
Return type Union[Dict List[MISPSighting]]
tag(misp_entity tag local=False)Tag an event or an attribute misp_entity can be a MISPEvent a MISP Attribute or a UUID
Return type Dict
tags(pythonify=False)Get the list of existing tags
Return type Union[Dict List[MISPTag]]
tags_statistics(percentage=False name_sort=False)Get tags statistics from the MISP instance
Return type Dict
taxonomies(pythonify=False)Get all the taxonomies
Return type Union[Dict List[MISPTaxonomy]]
20 Chapter 2 pymisp
PyMISP Documentation Release main
toggle_warninglist(warninglist_id=None warninglist_name=None force_enable=False)Toggle (enabledisable) the status of a warninglist by ID type warninglist_id Union[str intList[int] None] param warninglist_id ID of the WarningList type force_enable bool paramforce_enable Force the warning list in the enabled state (does nothing is already enabled)
Return type Dict
untag(misp_entity tag)Untag an event or an attribute misp_entity can be a UUID
Return type Dict
update_attribute(attribute attribute_id=None pythonify=False)Update an attribute on a MISP instance
Return type Union[Dict MISPAttribute MISPShadowAttribute]
update_attribute_proposal(initial_attribute attribute pythonify=False)Propose a change for an attribute
Return type Union[Dict MISPShadowAttribute]
update_event(event event_id=None pythonify=False)Update an event on a MISP instance
Return type Union[Dict MISPEvent]
update_event_blacklist(event_blacklist event_blacklist_id=None pythonify=False)Update an event in the blacklist
Return type Union[Dict MISPEventBlacklist]
update_feed(feed feed_id=None pythonify=False)Update a feed on a MISP instance
Return type Union[Dict MISPFeed]
update_galaxies()Update all the galaxies
Return type Dict
update_noticelists()Update all the noticelists
Return type Dict
update_object(misp_object object_id=None pythonify=False)Update an object on a MISP instance
Return type Union[Dict MISPObject]
update_object_templates()Trigger an update of the object templates
Return type Dict
update_organisation(organisation organisation_id=None pythonify=False)Update an organisation
Return type Union[Dict MISPOrganisation]
update_organisation_blacklist(organisation_blacklist organisation_blacklist_id=Nonepythonify=False)
Update an organisation in the blacklist
Return type Union[Dict MISPOrganisationBlacklist]
21 PyMISP 21
PyMISP Documentation Release main
update_server(server server_id=None pythonify=False)Update a server to synchronise with
Return type Union[Dict MISPServer]
update_tag(tag tag_id=None pythonify=False)Edit only the provided parameters of a tag
Return type Union[Dict MISPTag]
update_taxonomies()Update all the taxonomies
Return type Dict
update_user(user user_id=None pythonify=False)Update an event on a MISP instance
Return type Union[Dict MISPUser]
update_warninglists()Update all the warninglists
Return type Dict
upload_stix(path version=2)Upload a STIX file to MISP param path Path to the STIX on the disk (can be a path-like object or apseudofile) type version str param version Can be 1 or 2
user_registrations(pythonify=False)Get all the user registrations
Return type Union[Dict List[MISPInbox]]
user_settings(pythonify=False)Get all the user settings
Return type Union[Dict List[MISPUserSetting]]
users(pythonify=False)Get all the users
Return type Union[Dict List[MISPUser]]
users_statistics(context=data)Get users statistics from the MISP instance
Return type Dict
values_in_warninglist(value)Check if IOC values are in warninglist
Return type Dict
property versionReturns the version of PyMISP yoursquore curently using
Return type Dict
warninglists(pythonify=False)Get all the warninglists
Return type Union[Dict List[MISPWarninglist]]
22 Chapter 2 pymisp
PyMISP Documentation Release main
22 PyMISPExpanded (Python 36+ only)
pymispExpandedPyMISPalias of pymispapiPyMISP
23 MISPAbstract
class pymispAbstractMISP(kwargs)
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
Return type None
from_json(json_string)Load a JSON string
Return type None
jsonable()This method is used by the JSON encoder
Return type Dict
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
22 PyMISPExpanded (Python 36+ only) 23
PyMISP Documentation Release main
24 MISPEncode
class pymispMISPEncode(args kwargs)
default(obj)Implement this method in a subclass such that it returns a serializable object for o or calls the baseimplementation (to raise a TypeError)
For example to support arbitrary iterators you could implement default like this
def default(self o)try
iterable = iter(o)except TypeError
passelse
return list(iterable) Let the base class default method raise the TypeErrorreturn JSONEncoderdefault(self o)
25 MISPEvent
class pymispMISPEvent(describe_types=None strict_validation=False kwargs)
add_attribute(type value kwargs)Add an attribute type and value are required but you can pass all other parameters supported by MISPAt-tribute
Return type Union[MISPAttribute List[MISPAttribute]]
add_attribute_tag(tag attribute_identifier)Add a tag to an existing attribute raise an Exception if the attribute doesnrsquot exists tag Tag name as astring MISPTag instance or dictionary attribute_identifier can be an ID UUID or the value
Return type List[MISPAttribute]
add_object(obj=None kwargs)Add an object to the Event either by passing a MISPObject or a dictionary
Return type MISPObject
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a tag to the attribute (by name or a MISPTag object)
Return type MISPShadowAttribute
clear()rarr None Remove all items from D
delete_attribute(attribute_id)Delete an attribute you can search by ID or UUID
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
24 Chapter 2 pymisp
PyMISP Documentation Release main
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attribute_tag(attribute_identifier)Return the tags associated to an attribute or an object attribute attribute_identifier can be an ID UUIDor the value
Return type List[MISPTag]
get_object_by_id(object_id)Get an object by ID (the ID is the one set by the server when creating the new object)
Return type MISPObject
get_object_by_uuid(object_uuid)Get an object by UUID (UUID is set by the server when creating the new object)
Return type MISPObject
get_objects_by_name(object_name)Get an object by UUID (UUID is set by the server when creating the new object)
Return type List[MISPObject]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
load(json_event validate=False metadata_only=False)Load a JSON dump from a pseudo file or a JSON string
load_file(event_path validate=False metadata_only=False)Load a JSON dump from a file on the disk
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
publish()Mark the attribute as published
set_date(d=None ignore_invalid=False)Set a date for the event (string datetime or date object)
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
25 MISPEvent 25
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Event
Return type List[MISPTag]
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_feed(valid_distributions=[0 1 2 3 4 5] with_meta=False)Generate a json output for MISP Feed Notes
bull valid_distributions only makes sense if the distribution key is set (ie the event is exported from aMISP instance)
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
unpublish()Mark the attribute as un-published (set publish flag to false)
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
26 MISPAttribute
class pymispMISPAttribute(describe_types=None strict=False)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
26 Chapter 2 pymisp
PyMISP Documentation Release main
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
26 MISPAttribute 27
PyMISP Documentation Release main
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
27 MISPObject
class pymispMISPObject(name strict=False standalone=True default_attributes_parameters=kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
28 Chapter 2 pymisp
PyMISP Documentation Release main
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
28 MISPObjectAttribute
class pymispMISPObjectAttribute(definition)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
28 MISPObjectAttribute 29
PyMISP Documentation Release main
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(object_relation value kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
30 Chapter 2 pymisp
PyMISP Documentation Release main
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
29 MISPObjectReference
class pymispMISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
29 MISPObjectReference 31
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
210 MISPTag
class pymispMISPTag(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
32 Chapter 2 pymisp
PyMISP Documentation Release main
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
211 MISPUser
class pymispMISPUser(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
211 MISPUser 33
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation
class pymispMISPOrganisation
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
34 Chapter 2 pymisp
PyMISP Documentation Release main
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation 35
PyMISP Documentation Release main
36 Chapter 2 pymisp
CHAPTER
THREE
PYMISP - TOOLS
31 File Object
class pymisptoolsFileObject(filepath=None pseudofile=None filename=None kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Contains the logic where all the values of the object are gathered
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
37
PyMISP Documentation Release main
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
32 ELF Object
33 PE Object
34 Mach-O Object
35 VT Report Object
class pymisptoolsVTReportObject(apikey indicator vt_proxies=None kwargs)VirusTotal Report
Apikey VirusTotal API key (private works but only public features are supported right now)
38 Chapter 3 pymisp - Tools
PyMISP Documentation Release main
Indicator IOC to search VirusTotal for
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Parse the VirusTotal report for relevant attributes
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
35 VT Report Object 39
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
36 STIX
pymisptoolsstixload_stix(stix distribution=3 threat_level_id=2 analysis=0)Returns a MISPEvent object from a STIX package
pymisptoolsstixmake_stix_package(misp_event to_json=False to_xml=False)Returns a STIXPackage from a MISPEvent
Optionally can return the package in json or xml
37 OpenIOC
toolsload_openioc()
toolsload_openioc_file()
40 Chapter 3 pymisp - Tools
CHAPTER
FOUR
INDICES AND TABLES
bull genindex
bull modindex
bull search
41
PyMISP Documentation Release main
42 Chapter 4 Indices and tables
PYTHON MODULE INDEX
ppymisp 7pymisptools 37pymisptoolsstix 40
43
PyMISP Documentation Release main
44 Python Module Index
INDEX
AAbstractMISP (class in pymisp) 23accept_attribute_proposal()
(pymispPyMISP method) 7add_attribute() (pymispMISPEvent method) 24add_attribute() (pymispMISPObject method) 28add_attribute() (pymispPyMISP method) 7add_attribute() (pymisptoolsFileObject method)
37add_attribute() (pymisptoolsVTReportObject
method) 39add_attribute_proposal() (pymispPyMISP
method) 7add_attribute_tag() (pymispMISPEvent
method) 24add_attributes() (pymispMISPObject method)
28add_attributes() (pymisptoolsFileObject
method) 37add_attributes() (pymisptoolsVTReportObject
method) 39add_event() (pymispPyMISP method) 7add_event_blacklist() (pymispPyMISP
method) 8add_feed() (pymispPyMISP method) 8add_object() (pymispMISPEvent method) 24add_object() (pymispPyMISP method) 8add_object_reference() (pymispPyMISP
method) 8add_org_to_sharing_group() (pymispPyMISP
method) 8add_organisation() (pymispPyMISP method) 8add_organisation_blacklist()
(pymispPyMISP method) 8add_proposal() (pymispMISPAttribute method) 26add_proposal() (pymispMISPEvent method) 24add_proposal() (pymispMISPObjectAttribute
method) 29add_reference() (pymispMISPObject method) 28add_reference() (pymisptoolsFileObject method)
37add_reference() (pymisptoolsVTReportObject
method) 39add_server() (pymispPyMISP method) 8add_server_to_sharing_group()
(pymispPyMISP method) 8add_shadow_attribute() (pymispMISPAttribute
method) 26add_shadow_attribute() (pymispMISPEvent
method) 24add_shadow_attribute()
(pymispMISPObjectAttribute method) 29add_sharing_group() (pymispPyMISP method) 8add_sighting() (pymispMISPAttribute method) 26add_sighting() (pymispMISPObjectAttribute
method) 29add_sighting() (pymispPyMISP method) 8add_tag() (pymispPyMISP method) 8add_user() (pymispPyMISP method) 9attributes_statistics() (pymispPyMISP
method) 9
Bbuild_complex_query() (pymispPyMISP
method) 9
Ccache_all_feeds() (pymispPyMISP method) 9cache_feed() (pymispPyMISP method) 9cache_freetext_feeds() (pymispPyMISP
method) 9cache_misp_feeds() (pymispPyMISP method) 9change_sharing_group_on_entity()
(pymispPyMISP method) 9change_user_password() (pymispPyMISP
method) 9clear() (pymispMISPAttribute method) 26clear() (pymispMISPEvent method) 24clear() (pymispMISPObject method) 28clear() (pymispMISPObjectAttribute method) 29clear() (pymispMISPObjectReference method) 31clear() (pymispMISPOrganisation method) 34clear() (pymispMISPTag method) 32clear() (pymispMISPUser method) 33
45
PyMISP Documentation Release main
clear() (pymisptoolsFileObject method) 37clear() (pymisptoolsVTReportObject method) 39communities() (pymispPyMISP method) 9compare_feeds() (pymispPyMISP method) 9contact_event_reporter() (pymispPyMISP
method) 9
Ddefault() (pymispMISPEncode method) 24delegate_event() (pymispPyMISP method) 10delete() (pymispMISPAttribute method) 26delete() (pymispMISPObjectAttribute method) 30delete_attribute() (pymispMISPEvent method)
24delete_attribute() (pymispPyMISP method) 10delete_attribute_proposal()
(pymispPyMISP method) 10delete_event() (pymispPyMISP method) 10delete_event_blacklist() (pymispPyMISP
method) 10delete_feed() (pymispPyMISP method) 10delete_object() (pymispPyMISP method) 10delete_object_reference() (pymispPyMISP
method) 10delete_organisation() (pymispPyMISP
method) 10delete_organisation_blacklist()
(pymispPyMISP method) 10delete_server() (pymispPyMISP method) 10delete_sharing_group() (pymispPyMISP
method) 10delete_sighting() (pymispPyMISP method) 10delete_tag() (pymispPyMISP method) 11delete_user() (pymispPyMISP method) 11delete_user_setting() (pymispPyMISP
method) 11describe_types_local() (pymispPyMISP prop-
erty) 11describe_types_remote() (pymispPyMISP
property) 11direct_call() (pymispPyMISP method) 11disable_feed() (pymispPyMISP method) 11disable_feed_cache() (pymispPyMISP method)
11disable_noticelist() (pymispPyMISP method)
11disable_tag() (pymispPyMISP method) 11disable_taxonomy() (pymispPyMISP method) 11disable_taxonomy_tags() (pymispPyMISP
method) 11disable_warninglist() (pymispPyMISP
method) 11discard_attribute_proposal()
(pymispPyMISP method) 12
Eedited() (pymispAbstractMISP property) 23edited() (pymispMISPAttribute property) 26edited() (pymispMISPEvent property) 24edited() (pymispMISPObject property) 28edited() (pymispMISPObjectAttribute property) 30edited() (pymispMISPObjectReference property) 31edited() (pymispMISPOrganisation property) 34edited() (pymispMISPTag property) 32edited() (pymispMISPUser property) 33edited() (pymisptoolsFileObject property) 37edited() (pymisptoolsVTReportObject property) 39enable_feed() (pymispPyMISP method) 12enable_feed_cache() (pymispPyMISP method)
12enable_noticelist() (pymispPyMISP method)
12enable_tag() (pymispPyMISP method) 12enable_taxonomy() (pymispPyMISP method) 12enable_taxonomy_tags() (pymispPyMISP
method) 12enable_warninglist() (pymispPyMISP method)
12event_blacklists() (pymispPyMISP method) 12event_delegations() (pymispPyMISP method)
12ExpandedPyMISP (in module pymisp) 23
Ffeeds() (pymispPyMISP method) 12fetch_feed() (pymispPyMISP method) 12FileObject (class in pymisptools) 37freetext() (pymispPyMISP method) 12from_dict() (pymispAbstractMISP method) 23from_dict() (pymispMISPAttribute method) 27from_dict() (pymispMISPEvent method) 25from_dict() (pymispMISPObject method) 28from_dict() (pymispMISPObjectAttribute method)
30from_dict() (pymispMISPObjectReference method)
31from_dict() (pymispMISPOrganisation method) 34from_dict() (pymispMISPTag method) 32from_dict() (pymispMISPUser method) 33from_dict() (pymisptoolsFileObject method) 37from_dict() (pymisptoolsVTReportObject method)
39from_json() (pymispAbstractMISP method) 23from_json() (pymispMISPAttribute method) 27from_json() (pymispMISPEvent method) 25from_json() (pymispMISPObject method) 28from_json() (pymispMISPObjectAttribute method)
30
46 Index
PyMISP Documentation Release main
from_json() (pymispMISPObjectReference method)31
from_json() (pymispMISPOrganisation method) 34from_json() (pymispMISPTag method) 32from_json() (pymispMISPUser method) 33from_json() (pymisptoolsFileObject method) 37from_json() (pymisptoolsVTReportObject method)
39
Ggalaxies() (pymispPyMISP method) 12generate_attributes() (pymisptoolsFileObject
method) 37generate_attributes()
(pymisptoolsVTReportObject method)39
get() (pymispMISPAttribute method) 27get() (pymispMISPEvent method) 25get() (pymispMISPObject method) 28get() (pymispMISPObjectAttribute method) 30get() (pymispMISPObjectReference method) 31get() (pymispMISPOrganisation method) 34get() (pymispMISPTag method) 32get() (pymispMISPUser method) 33get() (pymisptoolsFileObject method) 37get() (pymisptoolsVTReportObject method) 39get_all_functions() (pymispPyMISP method)
13get_attribute() (pymispPyMISP method) 13get_attribute_tag() (pymispMISPEvent
method) 25get_attributes_by_relation()
(pymispMISPObject method) 28get_attributes_by_relation()
(pymisptoolsFileObject method) 37get_attributes_by_relation()
(pymisptoolsVTReportObject method)39
get_community() (pymispPyMISP method) 13get_event() (pymispPyMISP method) 13get_feed() (pymispPyMISP method) 13get_galaxy() (pymispPyMISP method) 13get_noticelist() (pymispPyMISP method) 13get_object() (pymispPyMISP method) 13get_object_by_id() (pymispMISPEvent method)
25get_object_by_uuid() (pymispMISPEvent
method) 25get_object_template() (pymispPyMISP
method) 13get_objects_by_name() (pymispMISPEvent
method) 25get_organisation() (pymispPyMISP method) 13get_sync_config() (pymispPyMISP method) 13
get_tag() (pymispPyMISP method) 13get_taxonomy() (pymispPyMISP method) 13get_user() (pymispPyMISP method) 13get_user_setting() (pymispPyMISP method) 14get_warninglist() (pymispPyMISP method) 14
Hhas_attributes_by_relation()
(pymispMISPObject method) 28has_attributes_by_relation()
(pymisptoolsFileObject method) 37has_attributes_by_relation()
(pymisptoolsVTReportObject method)39
hash_values() (pymispMISPAttribute method) 27hash_values() (pymispMISPObjectAttribute
method) 30
Iimport_server() (pymispPyMISP method) 14items() (pymispMISPAttribute method) 27items() (pymispMISPEvent method) 25items() (pymispMISPObject method) 29items() (pymispMISPObjectAttribute method) 30items() (pymispMISPObjectReference method) 31items() (pymispMISPOrganisation method) 34items() (pymispMISPTag method) 32items() (pymispMISPUser method) 33items() (pymisptoolsFileObject method) 38items() (pymisptoolsVTReportObject method) 39
Jjsonable() (pymispAbstractMISP method) 23jsonable() (pymispMISPAttribute method) 27jsonable() (pymispMISPEvent method) 25jsonable() (pymispMISPObject method) 29jsonable() (pymispMISPObjectAttribute method)
30jsonable() (pymispMISPObjectReference method)
31jsonable() (pymispMISPOrganisation method) 34jsonable() (pymispMISPTag method) 32jsonable() (pymispMISPUser method) 33jsonable() (pymisptoolsFileObject method) 38jsonable() (pymisptoolsVTReportObject method)
39
Kkeys() (pymispMISPAttribute method) 27keys() (pymispMISPEvent method) 25keys() (pymispMISPObject method) 29keys() (pymispMISPObjectAttribute method) 30keys() (pymispMISPObjectReference method) 31keys() (pymispMISPOrganisation method) 34
Index 47
PyMISP Documentation Release main
keys() (pymispMISPTag method) 32keys() (pymispMISPUser method) 33keys() (pymisptoolsFileObject method) 38keys() (pymisptoolsVTReportObject method) 39known_types() (pymispMISPAttribute property) 27known_types() (pymispMISPObjectAttribute prop-
erty) 30
Lload() (pymispMISPEvent method) 25load_default_feeds() (pymispPyMISP method)
14load_file() (pymispMISPEvent method) 25load_openioc() (pymisptools method) 40load_openioc_file() (pymisptools method) 40load_stix() (in module pymisptoolsstix) 40
Mmake_stix_package() (in module
pymisptoolsstix) 40malware_binary() (pymispMISPAttribute prop-
erty) 27malware_binary() (pymispMISPObjectAttribute
property) 30misp_instance_version() (pymispPyMISP
property) 14misp_instance_version_master()
(pymispPyMISP property) 14MISPAttribute (class in pymisp) 26MISPEncode (class in pymisp) 24MISPEvent (class in pymisp) 24MISPObject (class in pymisp) 28MISPObjectAttribute (class in pymisp) 29MISPObjectReference (class in pymisp) 31MISPOrganisation (class in pymisp) 34MISPTag (class in pymisp) 32MISPUser (class in pymisp) 33module
pymisp 7pymisptools 37pymisptoolsstix 40
Nnoticelists() (pymispPyMISP method) 14
Oobject_templates() (pymispPyMISP method) 14organisation_blacklists() (pymispPyMISP
method) 14organisations() (pymispPyMISP method) 14
Ppop() (pymispMISPAttribute method) 27
pop() (pymispMISPEvent method) 25pop() (pymispMISPObject method) 29pop() (pymispMISPObjectAttribute method) 30pop() (pymispMISPObjectReference method) 31pop() (pymispMISPOrganisation method) 34pop() (pymispMISPTag method) 32pop() (pymispMISPUser method) 33pop() (pymisptoolsFileObject method) 38pop() (pymisptoolsVTReportObject method) 39popitem() (pymispMISPAttribute method) 27popitem() (pymispMISPEvent method) 25popitem() (pymispMISPObject method) 29popitem() (pymispMISPObjectAttribute method) 30popitem() (pymispMISPObjectReference method) 31popitem() (pymispMISPOrganisation method) 34popitem() (pymispMISPTag method) 32popitem() (pymispMISPUser method) 33popitem() (pymisptoolsFileObject method) 38popitem() (pymisptoolsVTReportObject method) 39publish() (pymispMISPEvent method) 25publish() (pymispPyMISP method) 14push_event_to_ZMQ() (pymispPyMISP method)
14pymisp
module 7PyMISP (class in pymisp) 7pymisptools
module 37pymisptoolsstix
module 40pymisp_version_main() (pymispPyMISP prop-
erty) 15
Rrecommended_pymisp_version()
(pymispPyMISP property) 15remote_acl() (pymispPyMISP method) 15remove_org_from_sharing_group()
(pymispPyMISP method) 15remove_server_from_sharing_group()
(pymispPyMISP method) 15roles() (pymispPyMISP method) 15
Ssearch() (pymispPyMISP method) 15search_feeds() (pymispPyMISP method) 17search_index() (pymispPyMISP method) 18search_logs() (pymispPyMISP method) 18search_sightings() (pymispPyMISP method) 19server_pull() (pymispPyMISP method) 20server_push() (pymispPyMISP method) 20servers() (pymispPyMISP method) 20set_date() (pymispMISPEvent method) 25
48 Index
PyMISP Documentation Release main
set_not_jsonable() (pymispAbstractMISPmethod) 23
set_not_jsonable() (pymispMISPAttributemethod) 27
set_not_jsonable() (pymispMISPEvent method)25
set_not_jsonable() (pymispMISPObjectmethod) 29
set_not_jsonable() (pymispMISPObjectAttributemethod) 30
set_not_jsonable()(pymispMISPObjectReference method)31
set_not_jsonable() (pymispMISPOrganisationmethod) 35
set_not_jsonable() (pymispMISPTag method)32
set_not_jsonable() (pymispMISPUser method)33
set_not_jsonable() (pymisptoolsFileObjectmethod) 38
set_not_jsonable()(pymisptoolsVTReportObject method)39
set_user_setting() (pymispPyMISP method) 20setdefault() (pymispMISPAttribute method) 27setdefault() (pymispMISPEvent method) 25setdefault() (pymispMISPObject method) 29setdefault() (pymispMISPObjectAttribute
method) 30setdefault() (pymispMISPObjectReference
method) 31setdefault() (pymispMISPOrganisation method)
35setdefault() (pymispMISPTag method) 33setdefault() (pymispMISPUser method) 34setdefault() (pymisptoolsFileObject method) 38setdefault() (pymisptoolsVTReportObject
method) 40sharing_groups() (pymispPyMISP method) 20sightings() (pymispPyMISP method) 20
Ttag() (pymispPyMISP method) 20tags() (pymispMISPAttribute property) 27tags() (pymispMISPEvent property) 26tags() (pymispMISPObjectAttribute property) 30tags() (pymispPyMISP method) 20tags_statistics() (pymispPyMISP method) 20taxonomies() (pymispPyMISP method) 20to_dict() (pymispAbstractMISP method) 23to_dict() (pymispMISPAttribute method) 27to_dict() (pymispMISPEvent method) 26to_dict() (pymispMISPObject method) 29
to_dict() (pymispMISPObjectAttribute method) 30to_dict() (pymispMISPObjectReference method) 32to_dict() (pymispMISPOrganisation method) 35to_dict() (pymispMISPTag method) 33to_dict() (pymispMISPUser method) 34to_dict() (pymisptoolsFileObject method) 38to_dict() (pymisptoolsVTReportObject method) 40to_feed() (pymispMISPEvent method) 26to_json() (pymispAbstractMISP method) 23to_json() (pymispMISPAttribute method) 27to_json() (pymispMISPEvent method) 26to_json() (pymispMISPObject method) 29to_json() (pymispMISPObjectAttribute method) 31to_json() (pymispMISPObjectReference method) 32to_json() (pymispMISPOrganisation method) 35to_json() (pymispMISPTag method) 33to_json() (pymispMISPUser method) 34to_json() (pymisptoolsFileObject method) 38to_json() (pymisptoolsVTReportObject method) 40toggle_warninglist() (pymispPyMISP method)
20
Uunpublish() (pymispMISPEvent method) 26untag() (pymispPyMISP method) 21update() (pymispMISPAttribute method) 28update() (pymispMISPEvent method) 26update() (pymispMISPObject method) 29update() (pymispMISPObjectAttribute method) 31update() (pymispMISPObjectReference method) 32update() (pymispMISPOrganisation method) 35update() (pymispMISPTag method) 33update() (pymispMISPUser method) 34update() (pymisptoolsFileObject method) 38update() (pymisptoolsVTReportObject method) 40update_attribute() (pymispPyMISP method) 21update_attribute_proposal()
(pymispPyMISP method) 21update_event() (pymispPyMISP method) 21update_event_blacklist() (pymispPyMISP
method) 21update_feed() (pymispPyMISP method) 21update_galaxies() (pymispPyMISP method) 21update_not_jsonable() (pymispAbstractMISP
method) 23update_not_jsonable() (pymispMISPAttribute
method) 28update_not_jsonable() (pymispMISPEvent
method) 26update_not_jsonable() (pymispMISPObject
method) 29update_not_jsonable()
(pymispMISPObjectAttribute method) 31
Index 49
PyMISP Documentation Release main
update_not_jsonable()(pymispMISPObjectReference method)32
update_not_jsonable()(pymispMISPOrganisation method) 35
update_not_jsonable() (pymispMISPTagmethod) 33
update_not_jsonable() (pymispMISPUsermethod) 34
update_not_jsonable() (pymisptoolsFileObjectmethod) 38
update_not_jsonable()(pymisptoolsVTReportObject method)40
update_noticelists() (pymispPyMISP method)21
update_object() (pymispPyMISP method) 21update_object_templates() (pymispPyMISP
method) 21update_organisation() (pymispPyMISP
method) 21update_organisation_blacklist()
(pymispPyMISP method) 21update_server() (pymispPyMISP method) 22update_tag() (pymispPyMISP method) 22update_taxonomies() (pymispPyMISP method)
22update_user() (pymispPyMISP method) 22update_warninglists() (pymispPyMISP
method) 22upload_stix() (pymispPyMISP method) 22user_registrations() (pymispPyMISP method)
22user_settings() (pymispPyMISP method) 22users() (pymispPyMISP method) 22users_statistics() (pymispPyMISP method) 22
Vvalues() (pymispMISPAttribute method) 28values() (pymispMISPEvent method) 26values() (pymispMISPObject method) 29values() (pymispMISPObjectAttribute method) 31values() (pymispMISPObjectReference method) 32values() (pymispMISPOrganisation method) 35values() (pymispMISPTag method) 33values() (pymispMISPUser method) 34values() (pymisptoolsFileObject method) 38values() (pymisptoolsVTReportObject method) 40values_in_warninglist() (pymispPyMISP
method) 22version() (pymispPyMISP property) 22VTReportObject (class in pymisptools) 38
Wwarninglists() (pymispPyMISP method) 22
50 Index
- README
- pymisp
- PyMISP
- PyMISPExpanded (Python 36+ only)
- MISPAbstract
- MISPEncode
- MISPEvent
- MISPAttribute
- MISPObject
- MISPObjectAttribute
- MISPObjectReference
- MISPTag
- MISPUser
- MISPOrganisation
- pymisp - Tools
- File Object
- ELF Object
- PE Object
- Mach-O Object
- VT Report Object
- STIX
- OpenIOC
- Indices and tables
- Python Module Index
- Index
ii
PyMISP Documentation Release main
Contents
IMPORTANT NOTE This library will require at least python 36 starting the 1st of January 2020 If you have tolegacy versions of python please use PyMISP v241191 and consider updating your system(s) Anything releasedwithin the last 2 years will do starting with Ubuntu 1804
CONTENTS 1
PyMISP Documentation Release main
2 CONTENTS
CHAPTER
ONE
README
[[Documentation Status](httpsreadthedocsorgprojectspymispbadgeversion=latest)](httppymispreadthedocsiobadge=latest) [[Build Status](httpstravis-ciorgMISPPyMISPsvgbranch=main)](httpstravis-ciorgMISPPyMISP) [[Coverage Status](httpscoverallsioreposgithubMISPPyMISPbadgesvgbranch=main)](httpscoverallsiogithubMISPPyMISPbranch=main) [[Python 36](httpsimgshieldsiobadgepython-36+-bluesvg)](httpswwwpythonorgdownloadsreleasepython-360) [[PyPi ver-sion](httpsimgshieldsiopypivpymispsvg)](httpspypipythonorgpypipymisp) [[Number of PyPI down-loads](httpsimgshieldsiopypidmpymispsvg)](httpspypipythonorgpypipymisp)
PyMISP - Python Library to access MISP
PyMISP is a Python library to access [MISP](httpsgithubcomMISPMISP) platforms via their REST API
PyMISP allows you to fetch events add or update eventsattributes add or update samples or search for attributes
Install from pip
It is strongly recommended to use a virtual environment
If you want to know more about virtual environments [python has you covered](httpsdocspythonorg3tutorialvenvhtml)
Only basic dependencies ` pip3 install pymisp `
With optional dependencies ` pip3 install pymisp[fileobjectsopeniocvirustotal] `
Install the latest version from repo from development purposes
Note poetry is required
` git clone httpsgithubcomMISPPyMISPgit ampamp cd PyMISP git submoduleupdate --init poetry install -E fileobjects -E openioc -E virustotal -E docs-E pdfexport `
Running the tests
`bash poetry run nosetests-34 --with-coverage --cover-package=pymisptests--cover-tests teststest_py `
If you have a MISP instance to test against you can also run the live ones
Note You need to update the key in teststestlive_comprehensivepy to the automation key of your admin account
`bash poetry run nosetests-34 --with-coverage --cover-package=pymisptests--cover-tests teststestlive_comprehensivepy `
Samples and how to use PyMISP
Various examples and samples scripts are in the [examples](examples) directory
In the examples directory you will need to change the keyspysample to enter your MISP url and API key
3
PyMISP Documentation Release main
` cd examples cp keyspysample keyspy vim keyspy `
The API key of MISP is available in the Automation section of the MISP web interface
To test if your URL and API keys are correct you can test with exampleslastpy to fetch the events pub-lished in the last x amount of time (supported time indicators days (d) hours (h) and minutes (m))lastpy ` cd examples python3 lastpy -l 10h 10 hours python3 lastpy -l 5d 5days python3 lastpy -l 45m 45 minutes `
Debugging
You have two options there
1 Pass debug=True to PyMISP and it will enable loggingDEBUG to stderr on the whole module
2 Use the python logging module directly
```python
import logging logger = logginggetLogger(lsquopymisprsquo)
Configure it as you whish for example enable DEBUG mode loggersetLevel(loggingDEBUG) ```
Or if you want to write the debug output to a file instead of stderr
```python import pymisp import logging
logger = logginggetLogger(lsquopymisprsquo) loggingbasicConfig(level=loggingDEBUG filename=rdquodebuglogrdquo file-mode=rsquowrsquo format=pymispFORMAT) ```
Test cases
1 The content of mispeventpy is tested on every commit
2 The tests cases that require a running MISP instance can be run the following way
```bash From poetry
nosetests-34 -s ndashwith-coverage ndashcover-package=pymisptests ndashcover-tests teststestlive_comprehensivepyTestComprehensive[test_name]
```
Documentation
The documentation is available [here](httpspymispreadthedocsioenlatest)
Jupyter notebook
A series of [Jupyter notebooks for PyMISP tutorial](httpsgithubcomMISPPyMISPtreemaindocstutorial) areavailable in the repository
Everything is a Mutable Mapping
or at least everything that can be importedexported fromto a json blob
AbstractMISP is the master class and inherit collectionsMutableMapping which means the class can be representedas a python dictionary
The abstraction assumes every property that should not be seen in the dictionary is prepended with a _ or its name isadded to the private list __not_jsonable (accessible through update_not_jsonable and set_not_jsonable
This master class has helpers that will make it easy to load and export to and from a json string
MISPEvent MISPAttribute MISPObjectReference MISPObjectAttribute and MISPObject are subclasses of Abstract-MISP which mean that they can be handled as python dictionaries
MISP Objects
4 Chapter 1 README
PyMISP Documentation Release main
Creating a new MISP object generator should be done using a pre-defined template and inherit AbstractMISPObject-Generator
Your new MISPObject generator need to generate attributes and add them as class properties using add_attribute
When the object is sent to MISP all the class properties will be exported to the JSON export
5
PyMISP Documentation Release main
6 Chapter 1 README
CHAPTER
TWO
PYMISP
21 PyMISP
class pymispPyMISP(url key ssl=True debug=False proxies= cert=None auth=None tool=timeout=None)
Python API for MISP
Parameters
bull url (str) ndash URL of the MISP instance you want to connect to
bull key (str) ndash API key of the user you want to use
bull ssl (bool) ndash can be True or False (to check or to not check the validity of the certificateOr a CA_BUNDLE in case of self signed or other certificate (the concatenation of all thecrt of the chain)
bull debug (bool) ndash Write all the debug information to stderr
bull proxies (Mapping) ndash Proxy dict as describes here httpdocspython-requestsorgenmasteruseradvancedproxies
bull cert (Optional[Tuple[str tuple]]) ndash Client certificate as described there httpdocspython-requestsorgenmasteruseradvancedclient-side-certificates
bull auth (Optional[AuthBase]) ndash The auth parameter is passed directly to requests asdescribed here httpdocspython-requestsorgenmasteruserauthentication
bull tool (str) ndash The software using PyMISP (string) used to set a unique user-agent
bull timeout (Union[float Tuple[float float] None]) ndash Timeout as describedhere httpsrequestsreadthedocsioenmasteruseradvancedtimeouts
accept_attribute_proposal(proposal)Accept a proposal
Return type Dict
add_attribute(event attribute pythonify=False)Add an attribute to an existing MISP event NOTE MISP 24113+ you can pass a list of attributes Inthat case the pythonified response is the following lsquoattributesrsquo [MISPAttribute] lsquoerrorsrsquo errors byattributes
Return type Union[Dict MISPAttribute MISPShadowAttribute]
add_attribute_proposal(event attribute pythonify=False)Propose a new attribute in an event
Return type Union[Dict MISPShadowAttribute]
7
PyMISP Documentation Release main
add_event(event pythonify=False)Add a new event on a MISP instance
Return type Union[Dict MISPEvent]
add_event_blacklist(uuids comment=None event_info=None event_orgc=None)Add a new event in the blacklist
Return type Dict
add_feed(feed pythonify=False)Add a new feed on a MISP instance
Return type Union[Dict MISPFeed]
add_object(event misp_object pythonify=False)Add a MISP Object to an existing MISP event
Return type Union[Dict MISPObject]
add_object_reference(misp_object_reference pythonify=False)Add a reference to an object
Return type Union[Dict MISPObjectReference]
add_org_to_sharing_group(sharing_group organisation extend=False)Add an organisation to a sharing group sharing_group Sharing grouprsquos local instance ID or Sharinggrouprsquos global UUID organisation Organisationrsquos local instance ID or Organisationrsquos global UUID orOrganisationrsquos name as known to the curent instance extend Allow the organisation to extend the group
Return type Dict
add_organisation(organisation pythonify=False)Add an organisation
Return type Union[Dict MISPOrganisation]
add_organisation_blacklist(uuids comment=None org_name=None)Add a new organisation in the blacklist
Return type Dict
add_server(server pythonify=False)Add a server to synchronise with Note You probably want to use ExpandedPyMISPget_sync_config andExpandedPyMISPimport_server instead
Return type Union[Dict MISPServer]
add_server_to_sharing_group(sharing_group server all_orgs=False)Add a server to a sharing group sharing_group Sharing grouprsquos local instance ID or Sharing grouprsquosglobal UUID server Serverrsquos local instance ID or URL of the Server or Serverrsquos name as known to thecurent instance all_orgs Add all the organisations of the server to the group
Return type Dict
add_sharing_group(sharing_group pythonify=False)Add a new sharing group
Return type Union[Dict MISPSharingGroup]
add_sighting(sighting attribute=None pythonify=False)Add a new sighting (globally or to a specific attribute)
Return type Union[Dict MISPSighting]
8 Chapter 2 pymisp
PyMISP Documentation Release main
add_tag(tag pythonify=False)Add a new tag on a MISP instance Notes
bull The user calling this method needs the Tag Editor permission
bull It doesnrsquot add a tag to an event simply create it on a MISP instance
Return type Union[Dict MISPTag]
add_user(user pythonify=False)Add a new user
Return type Union[Dict MISPUser]
attributes_statistics(context=type percentage=False)Get attributes statistics from the MISP instance
Return type Dict
build_complex_query(or_parameters=None and_parameters=None not_parameters=None)Build a complex search query MISP expects a dictionary with AND OR and NOT keys
Return type Dict[str List[~SearchType]]
cache_all_feeds()Cache all the feeds
Return type Dict
cache_feed(feed)Cache a specific feed
Return type Dict
cache_freetext_feeds()Cache all the freetext feeds
Return type Dict
cache_misp_feeds()Cache all the MISP feeds
Return type Dict
change_sharing_group_on_entity(misp_entity sharing_group_id pythonify=False)Change the sharing group of an event an attribute or an object
Return type Union[Dict MISPEvent MISPObject MISPAttributeMISPShadowAttribute]
change_user_password(new_password)Thange the password of the curent user
Return type Dict
communities(pythonify=False)Get all the communities
Return type Union[Dict List[MISPCommunity]]
compare_feeds()Generate the comparison matrix for all the MISP feeds
Return type Dict
21 PyMISP 9
PyMISP Documentation Release main
contact_event_reporter(event message)Send a message to the reporter of an event
Return type Dict
delegate_event(event=None organisation=None event_delegation=None distribution=- 1 mes-sage= pythonify=False)
Note distribution == -1 means recipient decides
Return type Union[Dict MISPEventDelegation]
delete_attribute(attribute hard=False)Delete an attribute from a MISP instance
Return type Dict
delete_attribute_proposal(attribute)Propose the deletion of an attribute
Return type Dict
delete_event(event)Delete an event from a MISP instance
Return type Dict
delete_event_blacklist(event_blacklist)Delete a blacklisted event
Return type Dict
delete_feed(feed)Delete a feed from a MISP instance
Return type Dict
delete_object(misp_object)Delete an object from a MISP instance
Return type Dict
delete_object_reference(object_reference)Delete a reference to an object
Return type Dict
delete_organisation(organisation)Delete an organisation
Return type Dict
delete_organisation_blacklist(organisation_blacklist)Delete a blacklisted organisation
Return type Dict
delete_server(server)Delete a sync server
Return type Dict
delete_sharing_group(sharing_group)Delete a sharing group
Return type Dict
10 Chapter 2 pymisp
PyMISP Documentation Release main
delete_sighting(sighting)Delete a sighting from a MISP instance
Return type Dict
delete_tag(tag)Delete an attribute from a MISP instance
Return type Dict
delete_user(user)Delete a user
Return type Dict
delete_user_setting(user_setting user=None)Delete a user setting
Return type Dict
property describe_types_localReturns the content of describe types from the package
Return type Dict
property describe_types_remoteReturns the content of describe types from the remote instance
Return type Dict
direct_call(url data=None params= kw_params=)Very lightweight call that posts a data blob (python dictionary or json string) on the URL
Return type Any
disable_feed(feed pythonify=False)Disable a feed
Return type Union[Dict MISPFeed]
disable_feed_cache(feed pythonify=False)Disable the caching of a feed
Return type Union[Dict MISPFeed]
disable_noticelist(noticelist)Disable a noticelist by id
Return type Dict
disable_tag(tag pythonify=False)Disable a tag
Return type Union[Dict MISPTag]
disable_taxonomy(taxonomy)Disable a taxonomy
Return type Dict
disable_taxonomy_tags(taxonomy)Disable all the tags of a taxonomy
Return type Dict
disable_warninglist(warninglist)Disable a warninglist
21 PyMISP 11
PyMISP Documentation Release main
Return type Dict
discard_attribute_proposal(proposal)Discard a proposal
Return type Dict
enable_feed(feed pythonify=False)Enable a feed (fetching it will create event(s)
Return type Union[Dict MISPFeed]
enable_feed_cache(feed pythonify=False)Enable the caching of a feed
Return type Union[Dict MISPFeed]
enable_noticelist(noticelist)Enable a noticelist by id
Return type Dict
enable_tag(tag pythonify=False)Enable a tag
Return type Union[Dict MISPTag]
enable_taxonomy(taxonomy)Enable a taxonomy
Return type Dict
enable_taxonomy_tags(taxonomy)Enable all the tags of a taxonomy NOTE this automatically done when you call enable_taxonomy
Return type Dict
enable_warninglist(warninglist)Enable a warninglist
Return type Dict
event_blacklists(pythonify=False)Get all the blacklisted events
Return type Union[Dict List[MISPEventBlacklist]]
event_delegations(pythonify=False)Get all the event delegations
Return type Union[Dict List[MISPEventDelegation]]
feeds(pythonify=False)Get the list of existing feeds
Return type Union[Dict List[MISPFeed]]
fetch_feed(feed)Fetch one single feed
Return type Dict
freetext(event string adhereToWarninglists=False distribution=None returnMetaAttributes=Falsepythonify=False kwargs)
Pass a text to the freetext importer
Return type Union[Dict List[MISPAttribute]]
12 Chapter 2 pymisp
PyMISP Documentation Release main
galaxies(pythonify=False)Get all the galaxies
Return type Union[Dict List[MISPGalaxy]]
get_all_functions(not_implemented=False)Get all methods available vi the API allow to get the ones that are not implemented
get_attribute(attribute pythonify=False)Get an attribute from a MISP instance
Return type Union[Dict MISPAttribute]
get_community(community pythonify=False)Get an community from a MISP instance
Return type Union[Dict MISPCommunity]
get_event(event deleted=False extended=False pythonify=False)Get an event from a MISP instance
Return type Union[Dict MISPEvent]
get_feed(feed pythonify=False)Get a feed by id
Return type Union[Dict MISPFeed]
get_galaxy(galaxy pythonify=False)Get a galaxy by id
Return type Union[Dict MISPGalaxy]
get_noticelist(noticelist pythonify=False)Get a noticelist by id
Return type Union[Dict MISPNoticelist]
get_object(misp_object pythonify=False)Get an object from the remote MISP instance
Return type Union[Dict MISPObject]
get_object_template(object_template pythonify=False)Gets the full object template corresponting the UUID passed as parameter
Return type Union[Dict MISPObjectTemplate]
get_organisation(organisation pythonify=False)Get an organisation
Return type Union[Dict MISPOrganisation]
get_sync_config(pythonify=False)WARNING This method only works if the user calling it is a sync user
Return type Union[Dict MISPServer]
get_tag(tag pythonify=False)Get a tag by id
Return type Union[Dict MISPTag]
get_taxonomy(taxonomy pythonify=False)Get a taxonomy from a MISP instance
Return type Union[Dict MISPTaxonomy]
21 PyMISP 13
PyMISP Documentation Release main
get_user(user=me pythonify=False expanded=False)Get a user me means the owner of the API key doing the query expanded also returns a MISPRole and aMISPUserSetting
Return type Union[Dict MISPUser Tuple[MISPUser MISPRoleList[MISPUserSetting]]]
get_user_setting(user_setting user=None pythonify=False)Get an user setting
Return type Union[Dict MISPUserSetting]
get_warninglist(warninglist pythonify=False)Get a warninglist
Return type Union[Dict MISPWarninglist]
import_server(server pythonify=False)Import a sync server config received from get_sync_config
Return type Union[Dict MISPServer]
load_default_feeds()Load all the default feeds
Return type Dict
property misp_instance_versionReturns the version of the instance
Return type Dict
property misp_instance_version_masterGet the most recent version from github
Return type Dict
noticelists(pythonify=False)Get all the noticelists
Return type Union[Dict List[MISPNoticelist]]
object_templates(pythonify=False)Get all the object templates
Return type Union[Dict List[MISPObjectTemplate]]
organisation_blacklists(pythonify=False)Get all the blacklisted organisations
Return type Union[Dict List[MISPOrganisationBlacklist]]
organisations(scope=local pythonify=False)Get all the organisations
Return type Union[Dict List[MISPOrganisation]]
publish(event alert=False)Publish the event with one single HTTP POST The default is to not send a mail as it is assumed thismethod is called on update
Return type Dict
push_event_to_ZMQ(event)Force push an event on ZMQ
14 Chapter 2 pymisp
PyMISP Documentation Release main
Return type Dict
property pymisp_version_mainGet the most recent version of PyMISP from github
Return type Dict
property recommended_pymisp_versionReturns the recommended API version from the server
Return type Dict
remote_acl(debug_type=findMissingFunctionNames)This should return an empty list unless the ACL is outdated debug_type can only be printAllFunction-Names findMissingFunctionNames or printRoleAccess
Return type Dict
remove_org_from_sharing_group(sharing_group organisation)Remove an organisation from a sharing group sharing_group Sharing grouprsquos local instance ID orSharing grouprsquos global UUID organisation Organisationrsquos local instance ID or Organisationrsquos globalUUID or Organisationrsquos name as known to the curent instance
Return type Dict
remove_server_from_sharing_group(sharing_group server)Remove a server from a sharing group sharing_group Sharing grouprsquos local instance ID or Sharinggrouprsquos global UUID server Serverrsquos local instance ID or URL of the Server or Serverrsquos name as knownto the curent instance
Return type Dict
roles(pythonify=False)Get the existing roles
Return type Union[Dict List[MISPRole]]
search(controller=events return_format=json limit=None page=None value=Nonetype_attribute=None category=None org=None tags=None quick_filter=None quick-Filter=None date_from=None date_to=None eventid=None with_attachments=NonewithAttachments=None metadata=None uuid=None publish_timestamp=Nonelast=None timestamp=None published=None enforce_warninglist=None enforceWarn-inglist=None to_ids=None deleted=None include_event_uuid=None includeEventU-uid=None include_event_tags=None includeEventTags=None event_timestamp=Nonesg_reference_only=None eventinfo=None searchall=None requested_attributes=None in-clude_context=None includeContext=None headerless=None include_sightings=NoneincludeSightings=None include_correlations=None includeCorrelations=None in-clude_decay_score=None includeDecayScore=None object_name=None pythonify=Falsekwargs)
Search in the MISP instance
Parameters
bull return_format (str) ndash Set the return format of the search (Currently supported jsonxml openioc suricata snort - more formats are being moved to restSearch with the goalbeing that all searches happen through this API) Can be passed as the first parameter afterrestSearch or via the JSON payload
bull limit (Optional[int]) ndash Limit the number of results returned depending on thescope (for example 10 attributes or 10 full events)
bull page (Optional[int]) ndash If a limit is set sets the page to be returned page 3 limit 100will return records 201-gt300)
21 PyMISP 15
PyMISP Documentation Release main
bull value (Optional[~SearchParameterTypes]) ndash Search for the given value in the at-tributesrsquo value field
bull type_attribute (Optional[~SearchParameterTypes]) ndash The attribute type anyvalid MISP attribute type is accepted
bull category (Optional[~SearchParameterTypes]) ndash The attribute category any validMISP attribute category is accepted
bull org (Optional[~SearchParameterTypes]) ndash Search by the creator organisation by sup-plying the organisation identifier
bull tags (Optional[~SearchParameterTypes]) ndash Tags to search or to exclude You canpass a list or the output of build_complex_query
bull quick_filter (Optional[str]) ndash The string passed to this field will ignore all ofthe other arguments MISP will return an xml json (depending on the header sent) of allevents that have a sub-string match on value in the event info event orgc or any of theattribute value1 value2 fields or in the attribute comment
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull eventid (Optional[~SearchType]) ndash The events that should be included excludedfrom the search
bull with_attachments (Optional[bool]) ndash If set encodes the attachments zippedmalware samples as base64 in the data field within each attribute
bull metadata (Optional[bool]) ndash Only the metadata (event tags relations) is returnedattributes and proposals are omitted
bull uuid (Optional[str]) ndash Restrict the results by uuid
bull publish_timestamp (Union[date int str float NoneTuple[Union[date int str float None] Union[date int str floatNone]]]) ndash Restrict the results by the last publish timestamp (newer than)
bull timestamp (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash Restrict the resultsby the timestamp (last edit) Any event with a timestamp newer than the given timestampwill be returned In case you are dealing with attributes as scope the attributersquos timestampwill be used for the lookup
bull published (Optional[bool]) ndash Set whether published or unpublished events shouldbe returned Do not set the parameter if you want both
bull enforce_warninglist (Optional[bool]) ndash Remove any attributes from the resultthat would cause a hit on a warninglist entry
bull to_ids (Union[~ToIDSType List[~ToIDSType] None]) ndash By default all attributesare returned that match the other filter parameters irregardless of their to_ids setting Torestrict the returned data set to to_ids only attributes set this parameter to 1 0 for the oneswith to_ids set to False
bull deleted (Optional[str]) ndash If this parameter is set to 1 it will only return soft-deletedattributes [ldquo0rdquo ldquo1rdquo] will return the active ones as well as the soft-deleted ones
bull include_event_uuid (Optional[bool]) ndash Instead of just including the event IDalso include the event UUID in each of the attributes
16 Chapter 2 pymisp
PyMISP Documentation Release main
bull include_event_tags (Optional[bool]) ndash Include the event level tags in each ofthe attributes
bull event_timestamp (Union[date int str float None]) ndash Only return at-tributes from events that have received a modification after the given timestamp
bull sg_reference_only (Optional[bool]) ndash If this flag is set sharing group objectswill not be included instead only the sharing group ID is set
bull eventinfo (Optional[str]) ndash Filter on the eventrsquos info field
bull searchall (Optional[bool]) ndash Search for a full or a substring (delimited by forsubstrings) in the event info event tags attribute tags attribute values or attribute commentfields
bull requested_attributes (Optional[str]) ndash [CSV only] Select the fields that youwish to include in the CSV export By setting event level fields additionally includeCon-text is not required to get event metadata
bull include_context (Optional[bool]) ndash [Attribute only] Include the event data witheach attribute [CSV output] Add event level metadata in every line of the CSV
bull headerless (Optional[bool]) ndash [CSV Only] The CSV created when this setting isset to true will not contain the header row
bull include_sightings (Optional[bool]) ndash [JSON Only - Attribute] Include thesightings of the matching attributes
bull include_decay_score (Optional[bool]) ndash Include the decay score at attributelevel
bull include_correlations (Optional[bool]) ndash [JSON Only - attribute] Include thecorrelations of the matching attributes
bull object_name (Optional[str]) ndash [objects controller only] Search for objects withthat name
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead of the plainjson output Warning it might use a lot of RAM
Deprecated
Parameters
bull quickFilter (Optional[str]) ndash synponym for quick_filter
bull withAttachments (Optional[bool]) ndash synonym for with_attachments
bull last (Union[date int str float None Tuple[Union[date int strfloat None] Union[date int str float None]]]) ndash synonym for pub-lish_timestamp
bull enforceWarninglist (Optional[bool]) ndash synonym for enforce_warninglist
bull includeEventUuid (Optional[bool]) ndash synonym for include_event_uuid
bull includeEventTags (Optional[bool]) ndash synonym for include_event_tags
bull includeContext (Optional[bool]) ndash synonym for include_context
Return type Union[Dict str List[Union[MISPEvent MISPAttributeMISPObject]]]
search_feeds(value=None pythonify=False)Search in the feeds cached on the servers
21 PyMISP 17
PyMISP Documentation Release main
Return type Union[Dict List[MISPFeed]]
search_index(published=None eventid=None tags=None date_from=None date_to=Noneeventinfo=None threatlevel=None distribution=None analysis=None org=Nonetimestamp=None pythonify=None)
Search only at the index level Using in front of a value means NOT (default is OR)
Parameters
bull published (Optional[bool]) ndash Set whether published or unpublished events shouldbe returned Do not set the parameter if you want both
bull eventid (Optional[~SearchType]) ndash The events that should be included excludedfrom the search
bull tags (Optional[~SearchParameterTypes]) ndash Tags to search or to exclude You canpass a list or the output of build_complex_query
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull eventinfo (Optional[str]) ndash Filter on the eventrsquos info field
bull threatlevel (Optional[List[~SearchType]]) ndash Threat level(s) (1234) | list
bull distribution (Optional[List[~SearchType]]) ndash Distribution level(s) (0123) |list
bull analysis (Optional[List[~SearchType]]) ndash Analysis level(s) (012) | list
bull org (Optional[~SearchParameterTypes]) ndash Search by the creator organisation by sup-plying the organisation identifier
bull timestamp (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash Restrict the resultsby the timestamp (last edit) Any event with a timestamp newer than the given timestampwill be returned In case you are dealing with attributes as scope the attributersquos timestampwill be used for the lookup
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead or the plainjson output Warning it might use a lot of RAM
Return type Union[Dict List[MISPEvent]]
search_logs(limit=None page=None log_id=None title=None created=None model=None ac-tion=None user_id=None change=None email=None org=None description=Noneip=None pythonify=False)
Search in logs
Note to run substring queries simply appendprependencapsulate the search term with
Parameters
bull limit (Optional[int]) ndash Limit the number of results returned depending on thescope (for example 10 attributes or 10 full events)
bull page (Optional[int]) ndash If a limit is set sets the page to be returned page 3 limit 100will return records 201-gt300)
bull log_id (Optional[int]) ndash Log ID
bull title (Optional[str]) ndash Log Title
18 Chapter 2 pymisp
PyMISP Documentation Release main
bull created (Union[date int str float None]) ndash Creation timestamp
bull model (Optional[str]) ndash Model name that generated the log entry
bull action (Optional[str]) ndash The thing that was done
bull user_id (Optional[int]) ndash ID of the user doing the action
bull change (Optional[str]) ndash Change that occured
bull email (Optional[str]) ndash Email of the user
bull org (Optional[str]) ndash Organisation of the User doing the action
bull description (Optional[str]) ndash Description of the action
bull ip (Optional[str]) ndash Origination IP of the User doing the action
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead or the plainjson output Warning it might use a lot of RAM
Return type Union[Dict List[MISPLog]]
search_sightings(context=None context_id=None type_sighting=None date_from=Nonedate_to=None publish_timestamp=None last=None org=None source=Noneinclude_attribute=None include_event_meta=None pythonify=False)
Search sightings
Parameters
bull context (Optional[str]) ndash The context of the search Can be either ldquoattributerdquoldquoeventrdquo or nothing (will then match on events and attributes)
bull context_id (Optional[~SearchType]) ndash Only relevant if context is either ldquoattributerdquoor ldquoeventrdquo Then it is the relevant ID
bull type_sighting (Optional[str]) ndash Type of sighting
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull publish_timestamp (Union[date int str float NoneTuple[Union[date int str float None] Union[date int str floatNone]]]) ndash Restrict the results by the last publish timestamp (newer than)
bull org (Optional[~SearchType]) ndash Search by the creator organisation by supplying theorganisation identifier
bull source (Optional[str]) ndash Source of the sighting
bull include_attribute (Optional[bool]) ndash Include the attribute
bull include_event_meta (Optional[bool]) ndash Include the meta information of theevent
Deprecated
Parameters last (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash synonym for pub-lish_timestamp
Example
21 PyMISP 19
PyMISP Documentation Release main
gtgtgt mispsearch_sightings(publish_timestamp=30d) search sightings for therarr˓last 30 days on the instance[ ]gtgtgt mispsearch_sightings(context=attribute context_id=6 include_rarr˓attribute=True) return list of sighting for attribute 6 along with therarr˓attribute itself[ ]gtgtgt mispsearch_sightings(context=event context_id=17 include_event_rarr˓meta=True org=2) return list of sighting for event 17 filtered with orgrarr˓id 2
Return type Union[Dict List[Dict[str Union[MISPEvent MISPAttributeMISPSighting]]]]
server_pull(server event=None)Initialize a pull from a sync server
Return type Dict
server_push(server event=None)Initialize a push to a sync server
Return type Dict
servers(pythonify=False)Get the existing servers the MISP instance can synchronise with
Return type Union[Dict List[MISPServer]]
set_user_setting(user_setting value user=None pythonify=False)Get an user setting
Return type Union[Dict MISPUserSetting]
sharing_groups(pythonify=False)Get the existing sharing groups
Return type Union[Dict List[MISPSharingGroup]]
sightings(misp_entity=None org=None pythonify=False)Get the list of sighting related to a MISPEvent or a MISPAttribute (depending on type of misp_entity)
Return type Union[Dict List[MISPSighting]]
tag(misp_entity tag local=False)Tag an event or an attribute misp_entity can be a MISPEvent a MISP Attribute or a UUID
Return type Dict
tags(pythonify=False)Get the list of existing tags
Return type Union[Dict List[MISPTag]]
tags_statistics(percentage=False name_sort=False)Get tags statistics from the MISP instance
Return type Dict
taxonomies(pythonify=False)Get all the taxonomies
Return type Union[Dict List[MISPTaxonomy]]
20 Chapter 2 pymisp
PyMISP Documentation Release main
toggle_warninglist(warninglist_id=None warninglist_name=None force_enable=False)Toggle (enabledisable) the status of a warninglist by ID type warninglist_id Union[str intList[int] None] param warninglist_id ID of the WarningList type force_enable bool paramforce_enable Force the warning list in the enabled state (does nothing is already enabled)
Return type Dict
untag(misp_entity tag)Untag an event or an attribute misp_entity can be a UUID
Return type Dict
update_attribute(attribute attribute_id=None pythonify=False)Update an attribute on a MISP instance
Return type Union[Dict MISPAttribute MISPShadowAttribute]
update_attribute_proposal(initial_attribute attribute pythonify=False)Propose a change for an attribute
Return type Union[Dict MISPShadowAttribute]
update_event(event event_id=None pythonify=False)Update an event on a MISP instance
Return type Union[Dict MISPEvent]
update_event_blacklist(event_blacklist event_blacklist_id=None pythonify=False)Update an event in the blacklist
Return type Union[Dict MISPEventBlacklist]
update_feed(feed feed_id=None pythonify=False)Update a feed on a MISP instance
Return type Union[Dict MISPFeed]
update_galaxies()Update all the galaxies
Return type Dict
update_noticelists()Update all the noticelists
Return type Dict
update_object(misp_object object_id=None pythonify=False)Update an object on a MISP instance
Return type Union[Dict MISPObject]
update_object_templates()Trigger an update of the object templates
Return type Dict
update_organisation(organisation organisation_id=None pythonify=False)Update an organisation
Return type Union[Dict MISPOrganisation]
update_organisation_blacklist(organisation_blacklist organisation_blacklist_id=Nonepythonify=False)
Update an organisation in the blacklist
Return type Union[Dict MISPOrganisationBlacklist]
21 PyMISP 21
PyMISP Documentation Release main
update_server(server server_id=None pythonify=False)Update a server to synchronise with
Return type Union[Dict MISPServer]
update_tag(tag tag_id=None pythonify=False)Edit only the provided parameters of a tag
Return type Union[Dict MISPTag]
update_taxonomies()Update all the taxonomies
Return type Dict
update_user(user user_id=None pythonify=False)Update an event on a MISP instance
Return type Union[Dict MISPUser]
update_warninglists()Update all the warninglists
Return type Dict
upload_stix(path version=2)Upload a STIX file to MISP param path Path to the STIX on the disk (can be a path-like object or apseudofile) type version str param version Can be 1 or 2
user_registrations(pythonify=False)Get all the user registrations
Return type Union[Dict List[MISPInbox]]
user_settings(pythonify=False)Get all the user settings
Return type Union[Dict List[MISPUserSetting]]
users(pythonify=False)Get all the users
Return type Union[Dict List[MISPUser]]
users_statistics(context=data)Get users statistics from the MISP instance
Return type Dict
values_in_warninglist(value)Check if IOC values are in warninglist
Return type Dict
property versionReturns the version of PyMISP yoursquore curently using
Return type Dict
warninglists(pythonify=False)Get all the warninglists
Return type Union[Dict List[MISPWarninglist]]
22 Chapter 2 pymisp
PyMISP Documentation Release main
22 PyMISPExpanded (Python 36+ only)
pymispExpandedPyMISPalias of pymispapiPyMISP
23 MISPAbstract
class pymispAbstractMISP(kwargs)
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
Return type None
from_json(json_string)Load a JSON string
Return type None
jsonable()This method is used by the JSON encoder
Return type Dict
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
22 PyMISPExpanded (Python 36+ only) 23
PyMISP Documentation Release main
24 MISPEncode
class pymispMISPEncode(args kwargs)
default(obj)Implement this method in a subclass such that it returns a serializable object for o or calls the baseimplementation (to raise a TypeError)
For example to support arbitrary iterators you could implement default like this
def default(self o)try
iterable = iter(o)except TypeError
passelse
return list(iterable) Let the base class default method raise the TypeErrorreturn JSONEncoderdefault(self o)
25 MISPEvent
class pymispMISPEvent(describe_types=None strict_validation=False kwargs)
add_attribute(type value kwargs)Add an attribute type and value are required but you can pass all other parameters supported by MISPAt-tribute
Return type Union[MISPAttribute List[MISPAttribute]]
add_attribute_tag(tag attribute_identifier)Add a tag to an existing attribute raise an Exception if the attribute doesnrsquot exists tag Tag name as astring MISPTag instance or dictionary attribute_identifier can be an ID UUID or the value
Return type List[MISPAttribute]
add_object(obj=None kwargs)Add an object to the Event either by passing a MISPObject or a dictionary
Return type MISPObject
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a tag to the attribute (by name or a MISPTag object)
Return type MISPShadowAttribute
clear()rarr None Remove all items from D
delete_attribute(attribute_id)Delete an attribute you can search by ID or UUID
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
24 Chapter 2 pymisp
PyMISP Documentation Release main
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attribute_tag(attribute_identifier)Return the tags associated to an attribute or an object attribute attribute_identifier can be an ID UUIDor the value
Return type List[MISPTag]
get_object_by_id(object_id)Get an object by ID (the ID is the one set by the server when creating the new object)
Return type MISPObject
get_object_by_uuid(object_uuid)Get an object by UUID (UUID is set by the server when creating the new object)
Return type MISPObject
get_objects_by_name(object_name)Get an object by UUID (UUID is set by the server when creating the new object)
Return type List[MISPObject]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
load(json_event validate=False metadata_only=False)Load a JSON dump from a pseudo file or a JSON string
load_file(event_path validate=False metadata_only=False)Load a JSON dump from a file on the disk
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
publish()Mark the attribute as published
set_date(d=None ignore_invalid=False)Set a date for the event (string datetime or date object)
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
25 MISPEvent 25
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Event
Return type List[MISPTag]
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_feed(valid_distributions=[0 1 2 3 4 5] with_meta=False)Generate a json output for MISP Feed Notes
bull valid_distributions only makes sense if the distribution key is set (ie the event is exported from aMISP instance)
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
unpublish()Mark the attribute as un-published (set publish flag to false)
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
26 MISPAttribute
class pymispMISPAttribute(describe_types=None strict=False)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
26 Chapter 2 pymisp
PyMISP Documentation Release main
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
26 MISPAttribute 27
PyMISP Documentation Release main
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
27 MISPObject
class pymispMISPObject(name strict=False standalone=True default_attributes_parameters=kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
28 Chapter 2 pymisp
PyMISP Documentation Release main
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
28 MISPObjectAttribute
class pymispMISPObjectAttribute(definition)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
28 MISPObjectAttribute 29
PyMISP Documentation Release main
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(object_relation value kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
30 Chapter 2 pymisp
PyMISP Documentation Release main
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
29 MISPObjectReference
class pymispMISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
29 MISPObjectReference 31
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
210 MISPTag
class pymispMISPTag(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
32 Chapter 2 pymisp
PyMISP Documentation Release main
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
211 MISPUser
class pymispMISPUser(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
211 MISPUser 33
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation
class pymispMISPOrganisation
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
34 Chapter 2 pymisp
PyMISP Documentation Release main
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation 35
PyMISP Documentation Release main
36 Chapter 2 pymisp
CHAPTER
THREE
PYMISP - TOOLS
31 File Object
class pymisptoolsFileObject(filepath=None pseudofile=None filename=None kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Contains the logic where all the values of the object are gathered
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
37
PyMISP Documentation Release main
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
32 ELF Object
33 PE Object
34 Mach-O Object
35 VT Report Object
class pymisptoolsVTReportObject(apikey indicator vt_proxies=None kwargs)VirusTotal Report
Apikey VirusTotal API key (private works but only public features are supported right now)
38 Chapter 3 pymisp - Tools
PyMISP Documentation Release main
Indicator IOC to search VirusTotal for
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Parse the VirusTotal report for relevant attributes
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
35 VT Report Object 39
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
36 STIX
pymisptoolsstixload_stix(stix distribution=3 threat_level_id=2 analysis=0)Returns a MISPEvent object from a STIX package
pymisptoolsstixmake_stix_package(misp_event to_json=False to_xml=False)Returns a STIXPackage from a MISPEvent
Optionally can return the package in json or xml
37 OpenIOC
toolsload_openioc()
toolsload_openioc_file()
40 Chapter 3 pymisp - Tools
CHAPTER
FOUR
INDICES AND TABLES
bull genindex
bull modindex
bull search
41
PyMISP Documentation Release main
42 Chapter 4 Indices and tables
PYTHON MODULE INDEX
ppymisp 7pymisptools 37pymisptoolsstix 40
43
PyMISP Documentation Release main
44 Python Module Index
INDEX
AAbstractMISP (class in pymisp) 23accept_attribute_proposal()
(pymispPyMISP method) 7add_attribute() (pymispMISPEvent method) 24add_attribute() (pymispMISPObject method) 28add_attribute() (pymispPyMISP method) 7add_attribute() (pymisptoolsFileObject method)
37add_attribute() (pymisptoolsVTReportObject
method) 39add_attribute_proposal() (pymispPyMISP
method) 7add_attribute_tag() (pymispMISPEvent
method) 24add_attributes() (pymispMISPObject method)
28add_attributes() (pymisptoolsFileObject
method) 37add_attributes() (pymisptoolsVTReportObject
method) 39add_event() (pymispPyMISP method) 7add_event_blacklist() (pymispPyMISP
method) 8add_feed() (pymispPyMISP method) 8add_object() (pymispMISPEvent method) 24add_object() (pymispPyMISP method) 8add_object_reference() (pymispPyMISP
method) 8add_org_to_sharing_group() (pymispPyMISP
method) 8add_organisation() (pymispPyMISP method) 8add_organisation_blacklist()
(pymispPyMISP method) 8add_proposal() (pymispMISPAttribute method) 26add_proposal() (pymispMISPEvent method) 24add_proposal() (pymispMISPObjectAttribute
method) 29add_reference() (pymispMISPObject method) 28add_reference() (pymisptoolsFileObject method)
37add_reference() (pymisptoolsVTReportObject
method) 39add_server() (pymispPyMISP method) 8add_server_to_sharing_group()
(pymispPyMISP method) 8add_shadow_attribute() (pymispMISPAttribute
method) 26add_shadow_attribute() (pymispMISPEvent
method) 24add_shadow_attribute()
(pymispMISPObjectAttribute method) 29add_sharing_group() (pymispPyMISP method) 8add_sighting() (pymispMISPAttribute method) 26add_sighting() (pymispMISPObjectAttribute
method) 29add_sighting() (pymispPyMISP method) 8add_tag() (pymispPyMISP method) 8add_user() (pymispPyMISP method) 9attributes_statistics() (pymispPyMISP
method) 9
Bbuild_complex_query() (pymispPyMISP
method) 9
Ccache_all_feeds() (pymispPyMISP method) 9cache_feed() (pymispPyMISP method) 9cache_freetext_feeds() (pymispPyMISP
method) 9cache_misp_feeds() (pymispPyMISP method) 9change_sharing_group_on_entity()
(pymispPyMISP method) 9change_user_password() (pymispPyMISP
method) 9clear() (pymispMISPAttribute method) 26clear() (pymispMISPEvent method) 24clear() (pymispMISPObject method) 28clear() (pymispMISPObjectAttribute method) 29clear() (pymispMISPObjectReference method) 31clear() (pymispMISPOrganisation method) 34clear() (pymispMISPTag method) 32clear() (pymispMISPUser method) 33
45
PyMISP Documentation Release main
clear() (pymisptoolsFileObject method) 37clear() (pymisptoolsVTReportObject method) 39communities() (pymispPyMISP method) 9compare_feeds() (pymispPyMISP method) 9contact_event_reporter() (pymispPyMISP
method) 9
Ddefault() (pymispMISPEncode method) 24delegate_event() (pymispPyMISP method) 10delete() (pymispMISPAttribute method) 26delete() (pymispMISPObjectAttribute method) 30delete_attribute() (pymispMISPEvent method)
24delete_attribute() (pymispPyMISP method) 10delete_attribute_proposal()
(pymispPyMISP method) 10delete_event() (pymispPyMISP method) 10delete_event_blacklist() (pymispPyMISP
method) 10delete_feed() (pymispPyMISP method) 10delete_object() (pymispPyMISP method) 10delete_object_reference() (pymispPyMISP
method) 10delete_organisation() (pymispPyMISP
method) 10delete_organisation_blacklist()
(pymispPyMISP method) 10delete_server() (pymispPyMISP method) 10delete_sharing_group() (pymispPyMISP
method) 10delete_sighting() (pymispPyMISP method) 10delete_tag() (pymispPyMISP method) 11delete_user() (pymispPyMISP method) 11delete_user_setting() (pymispPyMISP
method) 11describe_types_local() (pymispPyMISP prop-
erty) 11describe_types_remote() (pymispPyMISP
property) 11direct_call() (pymispPyMISP method) 11disable_feed() (pymispPyMISP method) 11disable_feed_cache() (pymispPyMISP method)
11disable_noticelist() (pymispPyMISP method)
11disable_tag() (pymispPyMISP method) 11disable_taxonomy() (pymispPyMISP method) 11disable_taxonomy_tags() (pymispPyMISP
method) 11disable_warninglist() (pymispPyMISP
method) 11discard_attribute_proposal()
(pymispPyMISP method) 12
Eedited() (pymispAbstractMISP property) 23edited() (pymispMISPAttribute property) 26edited() (pymispMISPEvent property) 24edited() (pymispMISPObject property) 28edited() (pymispMISPObjectAttribute property) 30edited() (pymispMISPObjectReference property) 31edited() (pymispMISPOrganisation property) 34edited() (pymispMISPTag property) 32edited() (pymispMISPUser property) 33edited() (pymisptoolsFileObject property) 37edited() (pymisptoolsVTReportObject property) 39enable_feed() (pymispPyMISP method) 12enable_feed_cache() (pymispPyMISP method)
12enable_noticelist() (pymispPyMISP method)
12enable_tag() (pymispPyMISP method) 12enable_taxonomy() (pymispPyMISP method) 12enable_taxonomy_tags() (pymispPyMISP
method) 12enable_warninglist() (pymispPyMISP method)
12event_blacklists() (pymispPyMISP method) 12event_delegations() (pymispPyMISP method)
12ExpandedPyMISP (in module pymisp) 23
Ffeeds() (pymispPyMISP method) 12fetch_feed() (pymispPyMISP method) 12FileObject (class in pymisptools) 37freetext() (pymispPyMISP method) 12from_dict() (pymispAbstractMISP method) 23from_dict() (pymispMISPAttribute method) 27from_dict() (pymispMISPEvent method) 25from_dict() (pymispMISPObject method) 28from_dict() (pymispMISPObjectAttribute method)
30from_dict() (pymispMISPObjectReference method)
31from_dict() (pymispMISPOrganisation method) 34from_dict() (pymispMISPTag method) 32from_dict() (pymispMISPUser method) 33from_dict() (pymisptoolsFileObject method) 37from_dict() (pymisptoolsVTReportObject method)
39from_json() (pymispAbstractMISP method) 23from_json() (pymispMISPAttribute method) 27from_json() (pymispMISPEvent method) 25from_json() (pymispMISPObject method) 28from_json() (pymispMISPObjectAttribute method)
30
46 Index
PyMISP Documentation Release main
from_json() (pymispMISPObjectReference method)31
from_json() (pymispMISPOrganisation method) 34from_json() (pymispMISPTag method) 32from_json() (pymispMISPUser method) 33from_json() (pymisptoolsFileObject method) 37from_json() (pymisptoolsVTReportObject method)
39
Ggalaxies() (pymispPyMISP method) 12generate_attributes() (pymisptoolsFileObject
method) 37generate_attributes()
(pymisptoolsVTReportObject method)39
get() (pymispMISPAttribute method) 27get() (pymispMISPEvent method) 25get() (pymispMISPObject method) 28get() (pymispMISPObjectAttribute method) 30get() (pymispMISPObjectReference method) 31get() (pymispMISPOrganisation method) 34get() (pymispMISPTag method) 32get() (pymispMISPUser method) 33get() (pymisptoolsFileObject method) 37get() (pymisptoolsVTReportObject method) 39get_all_functions() (pymispPyMISP method)
13get_attribute() (pymispPyMISP method) 13get_attribute_tag() (pymispMISPEvent
method) 25get_attributes_by_relation()
(pymispMISPObject method) 28get_attributes_by_relation()
(pymisptoolsFileObject method) 37get_attributes_by_relation()
(pymisptoolsVTReportObject method)39
get_community() (pymispPyMISP method) 13get_event() (pymispPyMISP method) 13get_feed() (pymispPyMISP method) 13get_galaxy() (pymispPyMISP method) 13get_noticelist() (pymispPyMISP method) 13get_object() (pymispPyMISP method) 13get_object_by_id() (pymispMISPEvent method)
25get_object_by_uuid() (pymispMISPEvent
method) 25get_object_template() (pymispPyMISP
method) 13get_objects_by_name() (pymispMISPEvent
method) 25get_organisation() (pymispPyMISP method) 13get_sync_config() (pymispPyMISP method) 13
get_tag() (pymispPyMISP method) 13get_taxonomy() (pymispPyMISP method) 13get_user() (pymispPyMISP method) 13get_user_setting() (pymispPyMISP method) 14get_warninglist() (pymispPyMISP method) 14
Hhas_attributes_by_relation()
(pymispMISPObject method) 28has_attributes_by_relation()
(pymisptoolsFileObject method) 37has_attributes_by_relation()
(pymisptoolsVTReportObject method)39
hash_values() (pymispMISPAttribute method) 27hash_values() (pymispMISPObjectAttribute
method) 30
Iimport_server() (pymispPyMISP method) 14items() (pymispMISPAttribute method) 27items() (pymispMISPEvent method) 25items() (pymispMISPObject method) 29items() (pymispMISPObjectAttribute method) 30items() (pymispMISPObjectReference method) 31items() (pymispMISPOrganisation method) 34items() (pymispMISPTag method) 32items() (pymispMISPUser method) 33items() (pymisptoolsFileObject method) 38items() (pymisptoolsVTReportObject method) 39
Jjsonable() (pymispAbstractMISP method) 23jsonable() (pymispMISPAttribute method) 27jsonable() (pymispMISPEvent method) 25jsonable() (pymispMISPObject method) 29jsonable() (pymispMISPObjectAttribute method)
30jsonable() (pymispMISPObjectReference method)
31jsonable() (pymispMISPOrganisation method) 34jsonable() (pymispMISPTag method) 32jsonable() (pymispMISPUser method) 33jsonable() (pymisptoolsFileObject method) 38jsonable() (pymisptoolsVTReportObject method)
39
Kkeys() (pymispMISPAttribute method) 27keys() (pymispMISPEvent method) 25keys() (pymispMISPObject method) 29keys() (pymispMISPObjectAttribute method) 30keys() (pymispMISPObjectReference method) 31keys() (pymispMISPOrganisation method) 34
Index 47
PyMISP Documentation Release main
keys() (pymispMISPTag method) 32keys() (pymispMISPUser method) 33keys() (pymisptoolsFileObject method) 38keys() (pymisptoolsVTReportObject method) 39known_types() (pymispMISPAttribute property) 27known_types() (pymispMISPObjectAttribute prop-
erty) 30
Lload() (pymispMISPEvent method) 25load_default_feeds() (pymispPyMISP method)
14load_file() (pymispMISPEvent method) 25load_openioc() (pymisptools method) 40load_openioc_file() (pymisptools method) 40load_stix() (in module pymisptoolsstix) 40
Mmake_stix_package() (in module
pymisptoolsstix) 40malware_binary() (pymispMISPAttribute prop-
erty) 27malware_binary() (pymispMISPObjectAttribute
property) 30misp_instance_version() (pymispPyMISP
property) 14misp_instance_version_master()
(pymispPyMISP property) 14MISPAttribute (class in pymisp) 26MISPEncode (class in pymisp) 24MISPEvent (class in pymisp) 24MISPObject (class in pymisp) 28MISPObjectAttribute (class in pymisp) 29MISPObjectReference (class in pymisp) 31MISPOrganisation (class in pymisp) 34MISPTag (class in pymisp) 32MISPUser (class in pymisp) 33module
pymisp 7pymisptools 37pymisptoolsstix 40
Nnoticelists() (pymispPyMISP method) 14
Oobject_templates() (pymispPyMISP method) 14organisation_blacklists() (pymispPyMISP
method) 14organisations() (pymispPyMISP method) 14
Ppop() (pymispMISPAttribute method) 27
pop() (pymispMISPEvent method) 25pop() (pymispMISPObject method) 29pop() (pymispMISPObjectAttribute method) 30pop() (pymispMISPObjectReference method) 31pop() (pymispMISPOrganisation method) 34pop() (pymispMISPTag method) 32pop() (pymispMISPUser method) 33pop() (pymisptoolsFileObject method) 38pop() (pymisptoolsVTReportObject method) 39popitem() (pymispMISPAttribute method) 27popitem() (pymispMISPEvent method) 25popitem() (pymispMISPObject method) 29popitem() (pymispMISPObjectAttribute method) 30popitem() (pymispMISPObjectReference method) 31popitem() (pymispMISPOrganisation method) 34popitem() (pymispMISPTag method) 32popitem() (pymispMISPUser method) 33popitem() (pymisptoolsFileObject method) 38popitem() (pymisptoolsVTReportObject method) 39publish() (pymispMISPEvent method) 25publish() (pymispPyMISP method) 14push_event_to_ZMQ() (pymispPyMISP method)
14pymisp
module 7PyMISP (class in pymisp) 7pymisptools
module 37pymisptoolsstix
module 40pymisp_version_main() (pymispPyMISP prop-
erty) 15
Rrecommended_pymisp_version()
(pymispPyMISP property) 15remote_acl() (pymispPyMISP method) 15remove_org_from_sharing_group()
(pymispPyMISP method) 15remove_server_from_sharing_group()
(pymispPyMISP method) 15roles() (pymispPyMISP method) 15
Ssearch() (pymispPyMISP method) 15search_feeds() (pymispPyMISP method) 17search_index() (pymispPyMISP method) 18search_logs() (pymispPyMISP method) 18search_sightings() (pymispPyMISP method) 19server_pull() (pymispPyMISP method) 20server_push() (pymispPyMISP method) 20servers() (pymispPyMISP method) 20set_date() (pymispMISPEvent method) 25
48 Index
PyMISP Documentation Release main
set_not_jsonable() (pymispAbstractMISPmethod) 23
set_not_jsonable() (pymispMISPAttributemethod) 27
set_not_jsonable() (pymispMISPEvent method)25
set_not_jsonable() (pymispMISPObjectmethod) 29
set_not_jsonable() (pymispMISPObjectAttributemethod) 30
set_not_jsonable()(pymispMISPObjectReference method)31
set_not_jsonable() (pymispMISPOrganisationmethod) 35
set_not_jsonable() (pymispMISPTag method)32
set_not_jsonable() (pymispMISPUser method)33
set_not_jsonable() (pymisptoolsFileObjectmethod) 38
set_not_jsonable()(pymisptoolsVTReportObject method)39
set_user_setting() (pymispPyMISP method) 20setdefault() (pymispMISPAttribute method) 27setdefault() (pymispMISPEvent method) 25setdefault() (pymispMISPObject method) 29setdefault() (pymispMISPObjectAttribute
method) 30setdefault() (pymispMISPObjectReference
method) 31setdefault() (pymispMISPOrganisation method)
35setdefault() (pymispMISPTag method) 33setdefault() (pymispMISPUser method) 34setdefault() (pymisptoolsFileObject method) 38setdefault() (pymisptoolsVTReportObject
method) 40sharing_groups() (pymispPyMISP method) 20sightings() (pymispPyMISP method) 20
Ttag() (pymispPyMISP method) 20tags() (pymispMISPAttribute property) 27tags() (pymispMISPEvent property) 26tags() (pymispMISPObjectAttribute property) 30tags() (pymispPyMISP method) 20tags_statistics() (pymispPyMISP method) 20taxonomies() (pymispPyMISP method) 20to_dict() (pymispAbstractMISP method) 23to_dict() (pymispMISPAttribute method) 27to_dict() (pymispMISPEvent method) 26to_dict() (pymispMISPObject method) 29
to_dict() (pymispMISPObjectAttribute method) 30to_dict() (pymispMISPObjectReference method) 32to_dict() (pymispMISPOrganisation method) 35to_dict() (pymispMISPTag method) 33to_dict() (pymispMISPUser method) 34to_dict() (pymisptoolsFileObject method) 38to_dict() (pymisptoolsVTReportObject method) 40to_feed() (pymispMISPEvent method) 26to_json() (pymispAbstractMISP method) 23to_json() (pymispMISPAttribute method) 27to_json() (pymispMISPEvent method) 26to_json() (pymispMISPObject method) 29to_json() (pymispMISPObjectAttribute method) 31to_json() (pymispMISPObjectReference method) 32to_json() (pymispMISPOrganisation method) 35to_json() (pymispMISPTag method) 33to_json() (pymispMISPUser method) 34to_json() (pymisptoolsFileObject method) 38to_json() (pymisptoolsVTReportObject method) 40toggle_warninglist() (pymispPyMISP method)
20
Uunpublish() (pymispMISPEvent method) 26untag() (pymispPyMISP method) 21update() (pymispMISPAttribute method) 28update() (pymispMISPEvent method) 26update() (pymispMISPObject method) 29update() (pymispMISPObjectAttribute method) 31update() (pymispMISPObjectReference method) 32update() (pymispMISPOrganisation method) 35update() (pymispMISPTag method) 33update() (pymispMISPUser method) 34update() (pymisptoolsFileObject method) 38update() (pymisptoolsVTReportObject method) 40update_attribute() (pymispPyMISP method) 21update_attribute_proposal()
(pymispPyMISP method) 21update_event() (pymispPyMISP method) 21update_event_blacklist() (pymispPyMISP
method) 21update_feed() (pymispPyMISP method) 21update_galaxies() (pymispPyMISP method) 21update_not_jsonable() (pymispAbstractMISP
method) 23update_not_jsonable() (pymispMISPAttribute
method) 28update_not_jsonable() (pymispMISPEvent
method) 26update_not_jsonable() (pymispMISPObject
method) 29update_not_jsonable()
(pymispMISPObjectAttribute method) 31
Index 49
PyMISP Documentation Release main
update_not_jsonable()(pymispMISPObjectReference method)32
update_not_jsonable()(pymispMISPOrganisation method) 35
update_not_jsonable() (pymispMISPTagmethod) 33
update_not_jsonable() (pymispMISPUsermethod) 34
update_not_jsonable() (pymisptoolsFileObjectmethod) 38
update_not_jsonable()(pymisptoolsVTReportObject method)40
update_noticelists() (pymispPyMISP method)21
update_object() (pymispPyMISP method) 21update_object_templates() (pymispPyMISP
method) 21update_organisation() (pymispPyMISP
method) 21update_organisation_blacklist()
(pymispPyMISP method) 21update_server() (pymispPyMISP method) 22update_tag() (pymispPyMISP method) 22update_taxonomies() (pymispPyMISP method)
22update_user() (pymispPyMISP method) 22update_warninglists() (pymispPyMISP
method) 22upload_stix() (pymispPyMISP method) 22user_registrations() (pymispPyMISP method)
22user_settings() (pymispPyMISP method) 22users() (pymispPyMISP method) 22users_statistics() (pymispPyMISP method) 22
Vvalues() (pymispMISPAttribute method) 28values() (pymispMISPEvent method) 26values() (pymispMISPObject method) 29values() (pymispMISPObjectAttribute method) 31values() (pymispMISPObjectReference method) 32values() (pymispMISPOrganisation method) 35values() (pymispMISPTag method) 33values() (pymispMISPUser method) 34values() (pymisptoolsFileObject method) 38values() (pymisptoolsVTReportObject method) 40values_in_warninglist() (pymispPyMISP
method) 22version() (pymispPyMISP property) 22VTReportObject (class in pymisptools) 38
Wwarninglists() (pymispPyMISP method) 22
50 Index
- README
- pymisp
- PyMISP
- PyMISPExpanded (Python 36+ only)
- MISPAbstract
- MISPEncode
- MISPEvent
- MISPAttribute
- MISPObject
- MISPObjectAttribute
- MISPObjectReference
- MISPTag
- MISPUser
- MISPOrganisation
- pymisp - Tools
- File Object
- ELF Object
- PE Object
- Mach-O Object
- VT Report Object
- STIX
- OpenIOC
- Indices and tables
- Python Module Index
- Index
PyMISP Documentation Release main
Contents
IMPORTANT NOTE This library will require at least python 36 starting the 1st of January 2020 If you have tolegacy versions of python please use PyMISP v241191 and consider updating your system(s) Anything releasedwithin the last 2 years will do starting with Ubuntu 1804
CONTENTS 1
PyMISP Documentation Release main
2 CONTENTS
CHAPTER
ONE
README
[[Documentation Status](httpsreadthedocsorgprojectspymispbadgeversion=latest)](httppymispreadthedocsiobadge=latest) [[Build Status](httpstravis-ciorgMISPPyMISPsvgbranch=main)](httpstravis-ciorgMISPPyMISP) [[Coverage Status](httpscoverallsioreposgithubMISPPyMISPbadgesvgbranch=main)](httpscoverallsiogithubMISPPyMISPbranch=main) [[Python 36](httpsimgshieldsiobadgepython-36+-bluesvg)](httpswwwpythonorgdownloadsreleasepython-360) [[PyPi ver-sion](httpsimgshieldsiopypivpymispsvg)](httpspypipythonorgpypipymisp) [[Number of PyPI down-loads](httpsimgshieldsiopypidmpymispsvg)](httpspypipythonorgpypipymisp)
PyMISP - Python Library to access MISP
PyMISP is a Python library to access [MISP](httpsgithubcomMISPMISP) platforms via their REST API
PyMISP allows you to fetch events add or update eventsattributes add or update samples or search for attributes
Install from pip
It is strongly recommended to use a virtual environment
If you want to know more about virtual environments [python has you covered](httpsdocspythonorg3tutorialvenvhtml)
Only basic dependencies ` pip3 install pymisp `
With optional dependencies ` pip3 install pymisp[fileobjectsopeniocvirustotal] `
Install the latest version from repo from development purposes
Note poetry is required
` git clone httpsgithubcomMISPPyMISPgit ampamp cd PyMISP git submoduleupdate --init poetry install -E fileobjects -E openioc -E virustotal -E docs-E pdfexport `
Running the tests
`bash poetry run nosetests-34 --with-coverage --cover-package=pymisptests--cover-tests teststest_py `
If you have a MISP instance to test against you can also run the live ones
Note You need to update the key in teststestlive_comprehensivepy to the automation key of your admin account
`bash poetry run nosetests-34 --with-coverage --cover-package=pymisptests--cover-tests teststestlive_comprehensivepy `
Samples and how to use PyMISP
Various examples and samples scripts are in the [examples](examples) directory
In the examples directory you will need to change the keyspysample to enter your MISP url and API key
3
PyMISP Documentation Release main
` cd examples cp keyspysample keyspy vim keyspy `
The API key of MISP is available in the Automation section of the MISP web interface
To test if your URL and API keys are correct you can test with exampleslastpy to fetch the events pub-lished in the last x amount of time (supported time indicators days (d) hours (h) and minutes (m))lastpy ` cd examples python3 lastpy -l 10h 10 hours python3 lastpy -l 5d 5days python3 lastpy -l 45m 45 minutes `
Debugging
You have two options there
1 Pass debug=True to PyMISP and it will enable loggingDEBUG to stderr on the whole module
2 Use the python logging module directly
```python
import logging logger = logginggetLogger(lsquopymisprsquo)
Configure it as you whish for example enable DEBUG mode loggersetLevel(loggingDEBUG) ```
Or if you want to write the debug output to a file instead of stderr
```python import pymisp import logging
logger = logginggetLogger(lsquopymisprsquo) loggingbasicConfig(level=loggingDEBUG filename=rdquodebuglogrdquo file-mode=rsquowrsquo format=pymispFORMAT) ```
Test cases
1 The content of mispeventpy is tested on every commit
2 The tests cases that require a running MISP instance can be run the following way
```bash From poetry
nosetests-34 -s ndashwith-coverage ndashcover-package=pymisptests ndashcover-tests teststestlive_comprehensivepyTestComprehensive[test_name]
```
Documentation
The documentation is available [here](httpspymispreadthedocsioenlatest)
Jupyter notebook
A series of [Jupyter notebooks for PyMISP tutorial](httpsgithubcomMISPPyMISPtreemaindocstutorial) areavailable in the repository
Everything is a Mutable Mapping
or at least everything that can be importedexported fromto a json blob
AbstractMISP is the master class and inherit collectionsMutableMapping which means the class can be representedas a python dictionary
The abstraction assumes every property that should not be seen in the dictionary is prepended with a _ or its name isadded to the private list __not_jsonable (accessible through update_not_jsonable and set_not_jsonable
This master class has helpers that will make it easy to load and export to and from a json string
MISPEvent MISPAttribute MISPObjectReference MISPObjectAttribute and MISPObject are subclasses of Abstract-MISP which mean that they can be handled as python dictionaries
MISP Objects
4 Chapter 1 README
PyMISP Documentation Release main
Creating a new MISP object generator should be done using a pre-defined template and inherit AbstractMISPObject-Generator
Your new MISPObject generator need to generate attributes and add them as class properties using add_attribute
When the object is sent to MISP all the class properties will be exported to the JSON export
5
PyMISP Documentation Release main
6 Chapter 1 README
CHAPTER
TWO
PYMISP
21 PyMISP
class pymispPyMISP(url key ssl=True debug=False proxies= cert=None auth=None tool=timeout=None)
Python API for MISP
Parameters
bull url (str) ndash URL of the MISP instance you want to connect to
bull key (str) ndash API key of the user you want to use
bull ssl (bool) ndash can be True or False (to check or to not check the validity of the certificateOr a CA_BUNDLE in case of self signed or other certificate (the concatenation of all thecrt of the chain)
bull debug (bool) ndash Write all the debug information to stderr
bull proxies (Mapping) ndash Proxy dict as describes here httpdocspython-requestsorgenmasteruseradvancedproxies
bull cert (Optional[Tuple[str tuple]]) ndash Client certificate as described there httpdocspython-requestsorgenmasteruseradvancedclient-side-certificates
bull auth (Optional[AuthBase]) ndash The auth parameter is passed directly to requests asdescribed here httpdocspython-requestsorgenmasteruserauthentication
bull tool (str) ndash The software using PyMISP (string) used to set a unique user-agent
bull timeout (Union[float Tuple[float float] None]) ndash Timeout as describedhere httpsrequestsreadthedocsioenmasteruseradvancedtimeouts
accept_attribute_proposal(proposal)Accept a proposal
Return type Dict
add_attribute(event attribute pythonify=False)Add an attribute to an existing MISP event NOTE MISP 24113+ you can pass a list of attributes Inthat case the pythonified response is the following lsquoattributesrsquo [MISPAttribute] lsquoerrorsrsquo errors byattributes
Return type Union[Dict MISPAttribute MISPShadowAttribute]
add_attribute_proposal(event attribute pythonify=False)Propose a new attribute in an event
Return type Union[Dict MISPShadowAttribute]
7
PyMISP Documentation Release main
add_event(event pythonify=False)Add a new event on a MISP instance
Return type Union[Dict MISPEvent]
add_event_blacklist(uuids comment=None event_info=None event_orgc=None)Add a new event in the blacklist
Return type Dict
add_feed(feed pythonify=False)Add a new feed on a MISP instance
Return type Union[Dict MISPFeed]
add_object(event misp_object pythonify=False)Add a MISP Object to an existing MISP event
Return type Union[Dict MISPObject]
add_object_reference(misp_object_reference pythonify=False)Add a reference to an object
Return type Union[Dict MISPObjectReference]
add_org_to_sharing_group(sharing_group organisation extend=False)Add an organisation to a sharing group sharing_group Sharing grouprsquos local instance ID or Sharinggrouprsquos global UUID organisation Organisationrsquos local instance ID or Organisationrsquos global UUID orOrganisationrsquos name as known to the curent instance extend Allow the organisation to extend the group
Return type Dict
add_organisation(organisation pythonify=False)Add an organisation
Return type Union[Dict MISPOrganisation]
add_organisation_blacklist(uuids comment=None org_name=None)Add a new organisation in the blacklist
Return type Dict
add_server(server pythonify=False)Add a server to synchronise with Note You probably want to use ExpandedPyMISPget_sync_config andExpandedPyMISPimport_server instead
Return type Union[Dict MISPServer]
add_server_to_sharing_group(sharing_group server all_orgs=False)Add a server to a sharing group sharing_group Sharing grouprsquos local instance ID or Sharing grouprsquosglobal UUID server Serverrsquos local instance ID or URL of the Server or Serverrsquos name as known to thecurent instance all_orgs Add all the organisations of the server to the group
Return type Dict
add_sharing_group(sharing_group pythonify=False)Add a new sharing group
Return type Union[Dict MISPSharingGroup]
add_sighting(sighting attribute=None pythonify=False)Add a new sighting (globally or to a specific attribute)
Return type Union[Dict MISPSighting]
8 Chapter 2 pymisp
PyMISP Documentation Release main
add_tag(tag pythonify=False)Add a new tag on a MISP instance Notes
bull The user calling this method needs the Tag Editor permission
bull It doesnrsquot add a tag to an event simply create it on a MISP instance
Return type Union[Dict MISPTag]
add_user(user pythonify=False)Add a new user
Return type Union[Dict MISPUser]
attributes_statistics(context=type percentage=False)Get attributes statistics from the MISP instance
Return type Dict
build_complex_query(or_parameters=None and_parameters=None not_parameters=None)Build a complex search query MISP expects a dictionary with AND OR and NOT keys
Return type Dict[str List[~SearchType]]
cache_all_feeds()Cache all the feeds
Return type Dict
cache_feed(feed)Cache a specific feed
Return type Dict
cache_freetext_feeds()Cache all the freetext feeds
Return type Dict
cache_misp_feeds()Cache all the MISP feeds
Return type Dict
change_sharing_group_on_entity(misp_entity sharing_group_id pythonify=False)Change the sharing group of an event an attribute or an object
Return type Union[Dict MISPEvent MISPObject MISPAttributeMISPShadowAttribute]
change_user_password(new_password)Thange the password of the curent user
Return type Dict
communities(pythonify=False)Get all the communities
Return type Union[Dict List[MISPCommunity]]
compare_feeds()Generate the comparison matrix for all the MISP feeds
Return type Dict
21 PyMISP 9
PyMISP Documentation Release main
contact_event_reporter(event message)Send a message to the reporter of an event
Return type Dict
delegate_event(event=None organisation=None event_delegation=None distribution=- 1 mes-sage= pythonify=False)
Note distribution == -1 means recipient decides
Return type Union[Dict MISPEventDelegation]
delete_attribute(attribute hard=False)Delete an attribute from a MISP instance
Return type Dict
delete_attribute_proposal(attribute)Propose the deletion of an attribute
Return type Dict
delete_event(event)Delete an event from a MISP instance
Return type Dict
delete_event_blacklist(event_blacklist)Delete a blacklisted event
Return type Dict
delete_feed(feed)Delete a feed from a MISP instance
Return type Dict
delete_object(misp_object)Delete an object from a MISP instance
Return type Dict
delete_object_reference(object_reference)Delete a reference to an object
Return type Dict
delete_organisation(organisation)Delete an organisation
Return type Dict
delete_organisation_blacklist(organisation_blacklist)Delete a blacklisted organisation
Return type Dict
delete_server(server)Delete a sync server
Return type Dict
delete_sharing_group(sharing_group)Delete a sharing group
Return type Dict
10 Chapter 2 pymisp
PyMISP Documentation Release main
delete_sighting(sighting)Delete a sighting from a MISP instance
Return type Dict
delete_tag(tag)Delete an attribute from a MISP instance
Return type Dict
delete_user(user)Delete a user
Return type Dict
delete_user_setting(user_setting user=None)Delete a user setting
Return type Dict
property describe_types_localReturns the content of describe types from the package
Return type Dict
property describe_types_remoteReturns the content of describe types from the remote instance
Return type Dict
direct_call(url data=None params= kw_params=)Very lightweight call that posts a data blob (python dictionary or json string) on the URL
Return type Any
disable_feed(feed pythonify=False)Disable a feed
Return type Union[Dict MISPFeed]
disable_feed_cache(feed pythonify=False)Disable the caching of a feed
Return type Union[Dict MISPFeed]
disable_noticelist(noticelist)Disable a noticelist by id
Return type Dict
disable_tag(tag pythonify=False)Disable a tag
Return type Union[Dict MISPTag]
disable_taxonomy(taxonomy)Disable a taxonomy
Return type Dict
disable_taxonomy_tags(taxonomy)Disable all the tags of a taxonomy
Return type Dict
disable_warninglist(warninglist)Disable a warninglist
21 PyMISP 11
PyMISP Documentation Release main
Return type Dict
discard_attribute_proposal(proposal)Discard a proposal
Return type Dict
enable_feed(feed pythonify=False)Enable a feed (fetching it will create event(s)
Return type Union[Dict MISPFeed]
enable_feed_cache(feed pythonify=False)Enable the caching of a feed
Return type Union[Dict MISPFeed]
enable_noticelist(noticelist)Enable a noticelist by id
Return type Dict
enable_tag(tag pythonify=False)Enable a tag
Return type Union[Dict MISPTag]
enable_taxonomy(taxonomy)Enable a taxonomy
Return type Dict
enable_taxonomy_tags(taxonomy)Enable all the tags of a taxonomy NOTE this automatically done when you call enable_taxonomy
Return type Dict
enable_warninglist(warninglist)Enable a warninglist
Return type Dict
event_blacklists(pythonify=False)Get all the blacklisted events
Return type Union[Dict List[MISPEventBlacklist]]
event_delegations(pythonify=False)Get all the event delegations
Return type Union[Dict List[MISPEventDelegation]]
feeds(pythonify=False)Get the list of existing feeds
Return type Union[Dict List[MISPFeed]]
fetch_feed(feed)Fetch one single feed
Return type Dict
freetext(event string adhereToWarninglists=False distribution=None returnMetaAttributes=Falsepythonify=False kwargs)
Pass a text to the freetext importer
Return type Union[Dict List[MISPAttribute]]
12 Chapter 2 pymisp
PyMISP Documentation Release main
galaxies(pythonify=False)Get all the galaxies
Return type Union[Dict List[MISPGalaxy]]
get_all_functions(not_implemented=False)Get all methods available vi the API allow to get the ones that are not implemented
get_attribute(attribute pythonify=False)Get an attribute from a MISP instance
Return type Union[Dict MISPAttribute]
get_community(community pythonify=False)Get an community from a MISP instance
Return type Union[Dict MISPCommunity]
get_event(event deleted=False extended=False pythonify=False)Get an event from a MISP instance
Return type Union[Dict MISPEvent]
get_feed(feed pythonify=False)Get a feed by id
Return type Union[Dict MISPFeed]
get_galaxy(galaxy pythonify=False)Get a galaxy by id
Return type Union[Dict MISPGalaxy]
get_noticelist(noticelist pythonify=False)Get a noticelist by id
Return type Union[Dict MISPNoticelist]
get_object(misp_object pythonify=False)Get an object from the remote MISP instance
Return type Union[Dict MISPObject]
get_object_template(object_template pythonify=False)Gets the full object template corresponting the UUID passed as parameter
Return type Union[Dict MISPObjectTemplate]
get_organisation(organisation pythonify=False)Get an organisation
Return type Union[Dict MISPOrganisation]
get_sync_config(pythonify=False)WARNING This method only works if the user calling it is a sync user
Return type Union[Dict MISPServer]
get_tag(tag pythonify=False)Get a tag by id
Return type Union[Dict MISPTag]
get_taxonomy(taxonomy pythonify=False)Get a taxonomy from a MISP instance
Return type Union[Dict MISPTaxonomy]
21 PyMISP 13
PyMISP Documentation Release main
get_user(user=me pythonify=False expanded=False)Get a user me means the owner of the API key doing the query expanded also returns a MISPRole and aMISPUserSetting
Return type Union[Dict MISPUser Tuple[MISPUser MISPRoleList[MISPUserSetting]]]
get_user_setting(user_setting user=None pythonify=False)Get an user setting
Return type Union[Dict MISPUserSetting]
get_warninglist(warninglist pythonify=False)Get a warninglist
Return type Union[Dict MISPWarninglist]
import_server(server pythonify=False)Import a sync server config received from get_sync_config
Return type Union[Dict MISPServer]
load_default_feeds()Load all the default feeds
Return type Dict
property misp_instance_versionReturns the version of the instance
Return type Dict
property misp_instance_version_masterGet the most recent version from github
Return type Dict
noticelists(pythonify=False)Get all the noticelists
Return type Union[Dict List[MISPNoticelist]]
object_templates(pythonify=False)Get all the object templates
Return type Union[Dict List[MISPObjectTemplate]]
organisation_blacklists(pythonify=False)Get all the blacklisted organisations
Return type Union[Dict List[MISPOrganisationBlacklist]]
organisations(scope=local pythonify=False)Get all the organisations
Return type Union[Dict List[MISPOrganisation]]
publish(event alert=False)Publish the event with one single HTTP POST The default is to not send a mail as it is assumed thismethod is called on update
Return type Dict
push_event_to_ZMQ(event)Force push an event on ZMQ
14 Chapter 2 pymisp
PyMISP Documentation Release main
Return type Dict
property pymisp_version_mainGet the most recent version of PyMISP from github
Return type Dict
property recommended_pymisp_versionReturns the recommended API version from the server
Return type Dict
remote_acl(debug_type=findMissingFunctionNames)This should return an empty list unless the ACL is outdated debug_type can only be printAllFunction-Names findMissingFunctionNames or printRoleAccess
Return type Dict
remove_org_from_sharing_group(sharing_group organisation)Remove an organisation from a sharing group sharing_group Sharing grouprsquos local instance ID orSharing grouprsquos global UUID organisation Organisationrsquos local instance ID or Organisationrsquos globalUUID or Organisationrsquos name as known to the curent instance
Return type Dict
remove_server_from_sharing_group(sharing_group server)Remove a server from a sharing group sharing_group Sharing grouprsquos local instance ID or Sharinggrouprsquos global UUID server Serverrsquos local instance ID or URL of the Server or Serverrsquos name as knownto the curent instance
Return type Dict
roles(pythonify=False)Get the existing roles
Return type Union[Dict List[MISPRole]]
search(controller=events return_format=json limit=None page=None value=Nonetype_attribute=None category=None org=None tags=None quick_filter=None quick-Filter=None date_from=None date_to=None eventid=None with_attachments=NonewithAttachments=None metadata=None uuid=None publish_timestamp=Nonelast=None timestamp=None published=None enforce_warninglist=None enforceWarn-inglist=None to_ids=None deleted=None include_event_uuid=None includeEventU-uid=None include_event_tags=None includeEventTags=None event_timestamp=Nonesg_reference_only=None eventinfo=None searchall=None requested_attributes=None in-clude_context=None includeContext=None headerless=None include_sightings=NoneincludeSightings=None include_correlations=None includeCorrelations=None in-clude_decay_score=None includeDecayScore=None object_name=None pythonify=Falsekwargs)
Search in the MISP instance
Parameters
bull return_format (str) ndash Set the return format of the search (Currently supported jsonxml openioc suricata snort - more formats are being moved to restSearch with the goalbeing that all searches happen through this API) Can be passed as the first parameter afterrestSearch or via the JSON payload
bull limit (Optional[int]) ndash Limit the number of results returned depending on thescope (for example 10 attributes or 10 full events)
bull page (Optional[int]) ndash If a limit is set sets the page to be returned page 3 limit 100will return records 201-gt300)
21 PyMISP 15
PyMISP Documentation Release main
bull value (Optional[~SearchParameterTypes]) ndash Search for the given value in the at-tributesrsquo value field
bull type_attribute (Optional[~SearchParameterTypes]) ndash The attribute type anyvalid MISP attribute type is accepted
bull category (Optional[~SearchParameterTypes]) ndash The attribute category any validMISP attribute category is accepted
bull org (Optional[~SearchParameterTypes]) ndash Search by the creator organisation by sup-plying the organisation identifier
bull tags (Optional[~SearchParameterTypes]) ndash Tags to search or to exclude You canpass a list or the output of build_complex_query
bull quick_filter (Optional[str]) ndash The string passed to this field will ignore all ofthe other arguments MISP will return an xml json (depending on the header sent) of allevents that have a sub-string match on value in the event info event orgc or any of theattribute value1 value2 fields or in the attribute comment
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull eventid (Optional[~SearchType]) ndash The events that should be included excludedfrom the search
bull with_attachments (Optional[bool]) ndash If set encodes the attachments zippedmalware samples as base64 in the data field within each attribute
bull metadata (Optional[bool]) ndash Only the metadata (event tags relations) is returnedattributes and proposals are omitted
bull uuid (Optional[str]) ndash Restrict the results by uuid
bull publish_timestamp (Union[date int str float NoneTuple[Union[date int str float None] Union[date int str floatNone]]]) ndash Restrict the results by the last publish timestamp (newer than)
bull timestamp (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash Restrict the resultsby the timestamp (last edit) Any event with a timestamp newer than the given timestampwill be returned In case you are dealing with attributes as scope the attributersquos timestampwill be used for the lookup
bull published (Optional[bool]) ndash Set whether published or unpublished events shouldbe returned Do not set the parameter if you want both
bull enforce_warninglist (Optional[bool]) ndash Remove any attributes from the resultthat would cause a hit on a warninglist entry
bull to_ids (Union[~ToIDSType List[~ToIDSType] None]) ndash By default all attributesare returned that match the other filter parameters irregardless of their to_ids setting Torestrict the returned data set to to_ids only attributes set this parameter to 1 0 for the oneswith to_ids set to False
bull deleted (Optional[str]) ndash If this parameter is set to 1 it will only return soft-deletedattributes [ldquo0rdquo ldquo1rdquo] will return the active ones as well as the soft-deleted ones
bull include_event_uuid (Optional[bool]) ndash Instead of just including the event IDalso include the event UUID in each of the attributes
16 Chapter 2 pymisp
PyMISP Documentation Release main
bull include_event_tags (Optional[bool]) ndash Include the event level tags in each ofthe attributes
bull event_timestamp (Union[date int str float None]) ndash Only return at-tributes from events that have received a modification after the given timestamp
bull sg_reference_only (Optional[bool]) ndash If this flag is set sharing group objectswill not be included instead only the sharing group ID is set
bull eventinfo (Optional[str]) ndash Filter on the eventrsquos info field
bull searchall (Optional[bool]) ndash Search for a full or a substring (delimited by forsubstrings) in the event info event tags attribute tags attribute values or attribute commentfields
bull requested_attributes (Optional[str]) ndash [CSV only] Select the fields that youwish to include in the CSV export By setting event level fields additionally includeCon-text is not required to get event metadata
bull include_context (Optional[bool]) ndash [Attribute only] Include the event data witheach attribute [CSV output] Add event level metadata in every line of the CSV
bull headerless (Optional[bool]) ndash [CSV Only] The CSV created when this setting isset to true will not contain the header row
bull include_sightings (Optional[bool]) ndash [JSON Only - Attribute] Include thesightings of the matching attributes
bull include_decay_score (Optional[bool]) ndash Include the decay score at attributelevel
bull include_correlations (Optional[bool]) ndash [JSON Only - attribute] Include thecorrelations of the matching attributes
bull object_name (Optional[str]) ndash [objects controller only] Search for objects withthat name
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead of the plainjson output Warning it might use a lot of RAM
Deprecated
Parameters
bull quickFilter (Optional[str]) ndash synponym for quick_filter
bull withAttachments (Optional[bool]) ndash synonym for with_attachments
bull last (Union[date int str float None Tuple[Union[date int strfloat None] Union[date int str float None]]]) ndash synonym for pub-lish_timestamp
bull enforceWarninglist (Optional[bool]) ndash synonym for enforce_warninglist
bull includeEventUuid (Optional[bool]) ndash synonym for include_event_uuid
bull includeEventTags (Optional[bool]) ndash synonym for include_event_tags
bull includeContext (Optional[bool]) ndash synonym for include_context
Return type Union[Dict str List[Union[MISPEvent MISPAttributeMISPObject]]]
search_feeds(value=None pythonify=False)Search in the feeds cached on the servers
21 PyMISP 17
PyMISP Documentation Release main
Return type Union[Dict List[MISPFeed]]
search_index(published=None eventid=None tags=None date_from=None date_to=Noneeventinfo=None threatlevel=None distribution=None analysis=None org=Nonetimestamp=None pythonify=None)
Search only at the index level Using in front of a value means NOT (default is OR)
Parameters
bull published (Optional[bool]) ndash Set whether published or unpublished events shouldbe returned Do not set the parameter if you want both
bull eventid (Optional[~SearchType]) ndash The events that should be included excludedfrom the search
bull tags (Optional[~SearchParameterTypes]) ndash Tags to search or to exclude You canpass a list or the output of build_complex_query
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull eventinfo (Optional[str]) ndash Filter on the eventrsquos info field
bull threatlevel (Optional[List[~SearchType]]) ndash Threat level(s) (1234) | list
bull distribution (Optional[List[~SearchType]]) ndash Distribution level(s) (0123) |list
bull analysis (Optional[List[~SearchType]]) ndash Analysis level(s) (012) | list
bull org (Optional[~SearchParameterTypes]) ndash Search by the creator organisation by sup-plying the organisation identifier
bull timestamp (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash Restrict the resultsby the timestamp (last edit) Any event with a timestamp newer than the given timestampwill be returned In case you are dealing with attributes as scope the attributersquos timestampwill be used for the lookup
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead or the plainjson output Warning it might use a lot of RAM
Return type Union[Dict List[MISPEvent]]
search_logs(limit=None page=None log_id=None title=None created=None model=None ac-tion=None user_id=None change=None email=None org=None description=Noneip=None pythonify=False)
Search in logs
Note to run substring queries simply appendprependencapsulate the search term with
Parameters
bull limit (Optional[int]) ndash Limit the number of results returned depending on thescope (for example 10 attributes or 10 full events)
bull page (Optional[int]) ndash If a limit is set sets the page to be returned page 3 limit 100will return records 201-gt300)
bull log_id (Optional[int]) ndash Log ID
bull title (Optional[str]) ndash Log Title
18 Chapter 2 pymisp
PyMISP Documentation Release main
bull created (Union[date int str float None]) ndash Creation timestamp
bull model (Optional[str]) ndash Model name that generated the log entry
bull action (Optional[str]) ndash The thing that was done
bull user_id (Optional[int]) ndash ID of the user doing the action
bull change (Optional[str]) ndash Change that occured
bull email (Optional[str]) ndash Email of the user
bull org (Optional[str]) ndash Organisation of the User doing the action
bull description (Optional[str]) ndash Description of the action
bull ip (Optional[str]) ndash Origination IP of the User doing the action
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead or the plainjson output Warning it might use a lot of RAM
Return type Union[Dict List[MISPLog]]
search_sightings(context=None context_id=None type_sighting=None date_from=Nonedate_to=None publish_timestamp=None last=None org=None source=Noneinclude_attribute=None include_event_meta=None pythonify=False)
Search sightings
Parameters
bull context (Optional[str]) ndash The context of the search Can be either ldquoattributerdquoldquoeventrdquo or nothing (will then match on events and attributes)
bull context_id (Optional[~SearchType]) ndash Only relevant if context is either ldquoattributerdquoor ldquoeventrdquo Then it is the relevant ID
bull type_sighting (Optional[str]) ndash Type of sighting
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull publish_timestamp (Union[date int str float NoneTuple[Union[date int str float None] Union[date int str floatNone]]]) ndash Restrict the results by the last publish timestamp (newer than)
bull org (Optional[~SearchType]) ndash Search by the creator organisation by supplying theorganisation identifier
bull source (Optional[str]) ndash Source of the sighting
bull include_attribute (Optional[bool]) ndash Include the attribute
bull include_event_meta (Optional[bool]) ndash Include the meta information of theevent
Deprecated
Parameters last (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash synonym for pub-lish_timestamp
Example
21 PyMISP 19
PyMISP Documentation Release main
gtgtgt mispsearch_sightings(publish_timestamp=30d) search sightings for therarr˓last 30 days on the instance[ ]gtgtgt mispsearch_sightings(context=attribute context_id=6 include_rarr˓attribute=True) return list of sighting for attribute 6 along with therarr˓attribute itself[ ]gtgtgt mispsearch_sightings(context=event context_id=17 include_event_rarr˓meta=True org=2) return list of sighting for event 17 filtered with orgrarr˓id 2
Return type Union[Dict List[Dict[str Union[MISPEvent MISPAttributeMISPSighting]]]]
server_pull(server event=None)Initialize a pull from a sync server
Return type Dict
server_push(server event=None)Initialize a push to a sync server
Return type Dict
servers(pythonify=False)Get the existing servers the MISP instance can synchronise with
Return type Union[Dict List[MISPServer]]
set_user_setting(user_setting value user=None pythonify=False)Get an user setting
Return type Union[Dict MISPUserSetting]
sharing_groups(pythonify=False)Get the existing sharing groups
Return type Union[Dict List[MISPSharingGroup]]
sightings(misp_entity=None org=None pythonify=False)Get the list of sighting related to a MISPEvent or a MISPAttribute (depending on type of misp_entity)
Return type Union[Dict List[MISPSighting]]
tag(misp_entity tag local=False)Tag an event or an attribute misp_entity can be a MISPEvent a MISP Attribute or a UUID
Return type Dict
tags(pythonify=False)Get the list of existing tags
Return type Union[Dict List[MISPTag]]
tags_statistics(percentage=False name_sort=False)Get tags statistics from the MISP instance
Return type Dict
taxonomies(pythonify=False)Get all the taxonomies
Return type Union[Dict List[MISPTaxonomy]]
20 Chapter 2 pymisp
PyMISP Documentation Release main
toggle_warninglist(warninglist_id=None warninglist_name=None force_enable=False)Toggle (enabledisable) the status of a warninglist by ID type warninglist_id Union[str intList[int] None] param warninglist_id ID of the WarningList type force_enable bool paramforce_enable Force the warning list in the enabled state (does nothing is already enabled)
Return type Dict
untag(misp_entity tag)Untag an event or an attribute misp_entity can be a UUID
Return type Dict
update_attribute(attribute attribute_id=None pythonify=False)Update an attribute on a MISP instance
Return type Union[Dict MISPAttribute MISPShadowAttribute]
update_attribute_proposal(initial_attribute attribute pythonify=False)Propose a change for an attribute
Return type Union[Dict MISPShadowAttribute]
update_event(event event_id=None pythonify=False)Update an event on a MISP instance
Return type Union[Dict MISPEvent]
update_event_blacklist(event_blacklist event_blacklist_id=None pythonify=False)Update an event in the blacklist
Return type Union[Dict MISPEventBlacklist]
update_feed(feed feed_id=None pythonify=False)Update a feed on a MISP instance
Return type Union[Dict MISPFeed]
update_galaxies()Update all the galaxies
Return type Dict
update_noticelists()Update all the noticelists
Return type Dict
update_object(misp_object object_id=None pythonify=False)Update an object on a MISP instance
Return type Union[Dict MISPObject]
update_object_templates()Trigger an update of the object templates
Return type Dict
update_organisation(organisation organisation_id=None pythonify=False)Update an organisation
Return type Union[Dict MISPOrganisation]
update_organisation_blacklist(organisation_blacklist organisation_blacklist_id=Nonepythonify=False)
Update an organisation in the blacklist
Return type Union[Dict MISPOrganisationBlacklist]
21 PyMISP 21
PyMISP Documentation Release main
update_server(server server_id=None pythonify=False)Update a server to synchronise with
Return type Union[Dict MISPServer]
update_tag(tag tag_id=None pythonify=False)Edit only the provided parameters of a tag
Return type Union[Dict MISPTag]
update_taxonomies()Update all the taxonomies
Return type Dict
update_user(user user_id=None pythonify=False)Update an event on a MISP instance
Return type Union[Dict MISPUser]
update_warninglists()Update all the warninglists
Return type Dict
upload_stix(path version=2)Upload a STIX file to MISP param path Path to the STIX on the disk (can be a path-like object or apseudofile) type version str param version Can be 1 or 2
user_registrations(pythonify=False)Get all the user registrations
Return type Union[Dict List[MISPInbox]]
user_settings(pythonify=False)Get all the user settings
Return type Union[Dict List[MISPUserSetting]]
users(pythonify=False)Get all the users
Return type Union[Dict List[MISPUser]]
users_statistics(context=data)Get users statistics from the MISP instance
Return type Dict
values_in_warninglist(value)Check if IOC values are in warninglist
Return type Dict
property versionReturns the version of PyMISP yoursquore curently using
Return type Dict
warninglists(pythonify=False)Get all the warninglists
Return type Union[Dict List[MISPWarninglist]]
22 Chapter 2 pymisp
PyMISP Documentation Release main
22 PyMISPExpanded (Python 36+ only)
pymispExpandedPyMISPalias of pymispapiPyMISP
23 MISPAbstract
class pymispAbstractMISP(kwargs)
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
Return type None
from_json(json_string)Load a JSON string
Return type None
jsonable()This method is used by the JSON encoder
Return type Dict
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
22 PyMISPExpanded (Python 36+ only) 23
PyMISP Documentation Release main
24 MISPEncode
class pymispMISPEncode(args kwargs)
default(obj)Implement this method in a subclass such that it returns a serializable object for o or calls the baseimplementation (to raise a TypeError)
For example to support arbitrary iterators you could implement default like this
def default(self o)try
iterable = iter(o)except TypeError
passelse
return list(iterable) Let the base class default method raise the TypeErrorreturn JSONEncoderdefault(self o)
25 MISPEvent
class pymispMISPEvent(describe_types=None strict_validation=False kwargs)
add_attribute(type value kwargs)Add an attribute type and value are required but you can pass all other parameters supported by MISPAt-tribute
Return type Union[MISPAttribute List[MISPAttribute]]
add_attribute_tag(tag attribute_identifier)Add a tag to an existing attribute raise an Exception if the attribute doesnrsquot exists tag Tag name as astring MISPTag instance or dictionary attribute_identifier can be an ID UUID or the value
Return type List[MISPAttribute]
add_object(obj=None kwargs)Add an object to the Event either by passing a MISPObject or a dictionary
Return type MISPObject
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a tag to the attribute (by name or a MISPTag object)
Return type MISPShadowAttribute
clear()rarr None Remove all items from D
delete_attribute(attribute_id)Delete an attribute you can search by ID or UUID
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
24 Chapter 2 pymisp
PyMISP Documentation Release main
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attribute_tag(attribute_identifier)Return the tags associated to an attribute or an object attribute attribute_identifier can be an ID UUIDor the value
Return type List[MISPTag]
get_object_by_id(object_id)Get an object by ID (the ID is the one set by the server when creating the new object)
Return type MISPObject
get_object_by_uuid(object_uuid)Get an object by UUID (UUID is set by the server when creating the new object)
Return type MISPObject
get_objects_by_name(object_name)Get an object by UUID (UUID is set by the server when creating the new object)
Return type List[MISPObject]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
load(json_event validate=False metadata_only=False)Load a JSON dump from a pseudo file or a JSON string
load_file(event_path validate=False metadata_only=False)Load a JSON dump from a file on the disk
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
publish()Mark the attribute as published
set_date(d=None ignore_invalid=False)Set a date for the event (string datetime or date object)
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
25 MISPEvent 25
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Event
Return type List[MISPTag]
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_feed(valid_distributions=[0 1 2 3 4 5] with_meta=False)Generate a json output for MISP Feed Notes
bull valid_distributions only makes sense if the distribution key is set (ie the event is exported from aMISP instance)
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
unpublish()Mark the attribute as un-published (set publish flag to false)
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
26 MISPAttribute
class pymispMISPAttribute(describe_types=None strict=False)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
26 Chapter 2 pymisp
PyMISP Documentation Release main
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
26 MISPAttribute 27
PyMISP Documentation Release main
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
27 MISPObject
class pymispMISPObject(name strict=False standalone=True default_attributes_parameters=kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
28 Chapter 2 pymisp
PyMISP Documentation Release main
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
28 MISPObjectAttribute
class pymispMISPObjectAttribute(definition)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
28 MISPObjectAttribute 29
PyMISP Documentation Release main
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(object_relation value kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
30 Chapter 2 pymisp
PyMISP Documentation Release main
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
29 MISPObjectReference
class pymispMISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
29 MISPObjectReference 31
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
210 MISPTag
class pymispMISPTag(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
32 Chapter 2 pymisp
PyMISP Documentation Release main
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
211 MISPUser
class pymispMISPUser(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
211 MISPUser 33
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation
class pymispMISPOrganisation
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
34 Chapter 2 pymisp
PyMISP Documentation Release main
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation 35
PyMISP Documentation Release main
36 Chapter 2 pymisp
CHAPTER
THREE
PYMISP - TOOLS
31 File Object
class pymisptoolsFileObject(filepath=None pseudofile=None filename=None kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Contains the logic where all the values of the object are gathered
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
37
PyMISP Documentation Release main
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
32 ELF Object
33 PE Object
34 Mach-O Object
35 VT Report Object
class pymisptoolsVTReportObject(apikey indicator vt_proxies=None kwargs)VirusTotal Report
Apikey VirusTotal API key (private works but only public features are supported right now)
38 Chapter 3 pymisp - Tools
PyMISP Documentation Release main
Indicator IOC to search VirusTotal for
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Parse the VirusTotal report for relevant attributes
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
35 VT Report Object 39
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
36 STIX
pymisptoolsstixload_stix(stix distribution=3 threat_level_id=2 analysis=0)Returns a MISPEvent object from a STIX package
pymisptoolsstixmake_stix_package(misp_event to_json=False to_xml=False)Returns a STIXPackage from a MISPEvent
Optionally can return the package in json or xml
37 OpenIOC
toolsload_openioc()
toolsload_openioc_file()
40 Chapter 3 pymisp - Tools
CHAPTER
FOUR
INDICES AND TABLES
bull genindex
bull modindex
bull search
41
PyMISP Documentation Release main
42 Chapter 4 Indices and tables
PYTHON MODULE INDEX
ppymisp 7pymisptools 37pymisptoolsstix 40
43
PyMISP Documentation Release main
44 Python Module Index
INDEX
AAbstractMISP (class in pymisp) 23accept_attribute_proposal()
(pymispPyMISP method) 7add_attribute() (pymispMISPEvent method) 24add_attribute() (pymispMISPObject method) 28add_attribute() (pymispPyMISP method) 7add_attribute() (pymisptoolsFileObject method)
37add_attribute() (pymisptoolsVTReportObject
method) 39add_attribute_proposal() (pymispPyMISP
method) 7add_attribute_tag() (pymispMISPEvent
method) 24add_attributes() (pymispMISPObject method)
28add_attributes() (pymisptoolsFileObject
method) 37add_attributes() (pymisptoolsVTReportObject
method) 39add_event() (pymispPyMISP method) 7add_event_blacklist() (pymispPyMISP
method) 8add_feed() (pymispPyMISP method) 8add_object() (pymispMISPEvent method) 24add_object() (pymispPyMISP method) 8add_object_reference() (pymispPyMISP
method) 8add_org_to_sharing_group() (pymispPyMISP
method) 8add_organisation() (pymispPyMISP method) 8add_organisation_blacklist()
(pymispPyMISP method) 8add_proposal() (pymispMISPAttribute method) 26add_proposal() (pymispMISPEvent method) 24add_proposal() (pymispMISPObjectAttribute
method) 29add_reference() (pymispMISPObject method) 28add_reference() (pymisptoolsFileObject method)
37add_reference() (pymisptoolsVTReportObject
method) 39add_server() (pymispPyMISP method) 8add_server_to_sharing_group()
(pymispPyMISP method) 8add_shadow_attribute() (pymispMISPAttribute
method) 26add_shadow_attribute() (pymispMISPEvent
method) 24add_shadow_attribute()
(pymispMISPObjectAttribute method) 29add_sharing_group() (pymispPyMISP method) 8add_sighting() (pymispMISPAttribute method) 26add_sighting() (pymispMISPObjectAttribute
method) 29add_sighting() (pymispPyMISP method) 8add_tag() (pymispPyMISP method) 8add_user() (pymispPyMISP method) 9attributes_statistics() (pymispPyMISP
method) 9
Bbuild_complex_query() (pymispPyMISP
method) 9
Ccache_all_feeds() (pymispPyMISP method) 9cache_feed() (pymispPyMISP method) 9cache_freetext_feeds() (pymispPyMISP
method) 9cache_misp_feeds() (pymispPyMISP method) 9change_sharing_group_on_entity()
(pymispPyMISP method) 9change_user_password() (pymispPyMISP
method) 9clear() (pymispMISPAttribute method) 26clear() (pymispMISPEvent method) 24clear() (pymispMISPObject method) 28clear() (pymispMISPObjectAttribute method) 29clear() (pymispMISPObjectReference method) 31clear() (pymispMISPOrganisation method) 34clear() (pymispMISPTag method) 32clear() (pymispMISPUser method) 33
45
PyMISP Documentation Release main
clear() (pymisptoolsFileObject method) 37clear() (pymisptoolsVTReportObject method) 39communities() (pymispPyMISP method) 9compare_feeds() (pymispPyMISP method) 9contact_event_reporter() (pymispPyMISP
method) 9
Ddefault() (pymispMISPEncode method) 24delegate_event() (pymispPyMISP method) 10delete() (pymispMISPAttribute method) 26delete() (pymispMISPObjectAttribute method) 30delete_attribute() (pymispMISPEvent method)
24delete_attribute() (pymispPyMISP method) 10delete_attribute_proposal()
(pymispPyMISP method) 10delete_event() (pymispPyMISP method) 10delete_event_blacklist() (pymispPyMISP
method) 10delete_feed() (pymispPyMISP method) 10delete_object() (pymispPyMISP method) 10delete_object_reference() (pymispPyMISP
method) 10delete_organisation() (pymispPyMISP
method) 10delete_organisation_blacklist()
(pymispPyMISP method) 10delete_server() (pymispPyMISP method) 10delete_sharing_group() (pymispPyMISP
method) 10delete_sighting() (pymispPyMISP method) 10delete_tag() (pymispPyMISP method) 11delete_user() (pymispPyMISP method) 11delete_user_setting() (pymispPyMISP
method) 11describe_types_local() (pymispPyMISP prop-
erty) 11describe_types_remote() (pymispPyMISP
property) 11direct_call() (pymispPyMISP method) 11disable_feed() (pymispPyMISP method) 11disable_feed_cache() (pymispPyMISP method)
11disable_noticelist() (pymispPyMISP method)
11disable_tag() (pymispPyMISP method) 11disable_taxonomy() (pymispPyMISP method) 11disable_taxonomy_tags() (pymispPyMISP
method) 11disable_warninglist() (pymispPyMISP
method) 11discard_attribute_proposal()
(pymispPyMISP method) 12
Eedited() (pymispAbstractMISP property) 23edited() (pymispMISPAttribute property) 26edited() (pymispMISPEvent property) 24edited() (pymispMISPObject property) 28edited() (pymispMISPObjectAttribute property) 30edited() (pymispMISPObjectReference property) 31edited() (pymispMISPOrganisation property) 34edited() (pymispMISPTag property) 32edited() (pymispMISPUser property) 33edited() (pymisptoolsFileObject property) 37edited() (pymisptoolsVTReportObject property) 39enable_feed() (pymispPyMISP method) 12enable_feed_cache() (pymispPyMISP method)
12enable_noticelist() (pymispPyMISP method)
12enable_tag() (pymispPyMISP method) 12enable_taxonomy() (pymispPyMISP method) 12enable_taxonomy_tags() (pymispPyMISP
method) 12enable_warninglist() (pymispPyMISP method)
12event_blacklists() (pymispPyMISP method) 12event_delegations() (pymispPyMISP method)
12ExpandedPyMISP (in module pymisp) 23
Ffeeds() (pymispPyMISP method) 12fetch_feed() (pymispPyMISP method) 12FileObject (class in pymisptools) 37freetext() (pymispPyMISP method) 12from_dict() (pymispAbstractMISP method) 23from_dict() (pymispMISPAttribute method) 27from_dict() (pymispMISPEvent method) 25from_dict() (pymispMISPObject method) 28from_dict() (pymispMISPObjectAttribute method)
30from_dict() (pymispMISPObjectReference method)
31from_dict() (pymispMISPOrganisation method) 34from_dict() (pymispMISPTag method) 32from_dict() (pymispMISPUser method) 33from_dict() (pymisptoolsFileObject method) 37from_dict() (pymisptoolsVTReportObject method)
39from_json() (pymispAbstractMISP method) 23from_json() (pymispMISPAttribute method) 27from_json() (pymispMISPEvent method) 25from_json() (pymispMISPObject method) 28from_json() (pymispMISPObjectAttribute method)
30
46 Index
PyMISP Documentation Release main
from_json() (pymispMISPObjectReference method)31
from_json() (pymispMISPOrganisation method) 34from_json() (pymispMISPTag method) 32from_json() (pymispMISPUser method) 33from_json() (pymisptoolsFileObject method) 37from_json() (pymisptoolsVTReportObject method)
39
Ggalaxies() (pymispPyMISP method) 12generate_attributes() (pymisptoolsFileObject
method) 37generate_attributes()
(pymisptoolsVTReportObject method)39
get() (pymispMISPAttribute method) 27get() (pymispMISPEvent method) 25get() (pymispMISPObject method) 28get() (pymispMISPObjectAttribute method) 30get() (pymispMISPObjectReference method) 31get() (pymispMISPOrganisation method) 34get() (pymispMISPTag method) 32get() (pymispMISPUser method) 33get() (pymisptoolsFileObject method) 37get() (pymisptoolsVTReportObject method) 39get_all_functions() (pymispPyMISP method)
13get_attribute() (pymispPyMISP method) 13get_attribute_tag() (pymispMISPEvent
method) 25get_attributes_by_relation()
(pymispMISPObject method) 28get_attributes_by_relation()
(pymisptoolsFileObject method) 37get_attributes_by_relation()
(pymisptoolsVTReportObject method)39
get_community() (pymispPyMISP method) 13get_event() (pymispPyMISP method) 13get_feed() (pymispPyMISP method) 13get_galaxy() (pymispPyMISP method) 13get_noticelist() (pymispPyMISP method) 13get_object() (pymispPyMISP method) 13get_object_by_id() (pymispMISPEvent method)
25get_object_by_uuid() (pymispMISPEvent
method) 25get_object_template() (pymispPyMISP
method) 13get_objects_by_name() (pymispMISPEvent
method) 25get_organisation() (pymispPyMISP method) 13get_sync_config() (pymispPyMISP method) 13
get_tag() (pymispPyMISP method) 13get_taxonomy() (pymispPyMISP method) 13get_user() (pymispPyMISP method) 13get_user_setting() (pymispPyMISP method) 14get_warninglist() (pymispPyMISP method) 14
Hhas_attributes_by_relation()
(pymispMISPObject method) 28has_attributes_by_relation()
(pymisptoolsFileObject method) 37has_attributes_by_relation()
(pymisptoolsVTReportObject method)39
hash_values() (pymispMISPAttribute method) 27hash_values() (pymispMISPObjectAttribute
method) 30
Iimport_server() (pymispPyMISP method) 14items() (pymispMISPAttribute method) 27items() (pymispMISPEvent method) 25items() (pymispMISPObject method) 29items() (pymispMISPObjectAttribute method) 30items() (pymispMISPObjectReference method) 31items() (pymispMISPOrganisation method) 34items() (pymispMISPTag method) 32items() (pymispMISPUser method) 33items() (pymisptoolsFileObject method) 38items() (pymisptoolsVTReportObject method) 39
Jjsonable() (pymispAbstractMISP method) 23jsonable() (pymispMISPAttribute method) 27jsonable() (pymispMISPEvent method) 25jsonable() (pymispMISPObject method) 29jsonable() (pymispMISPObjectAttribute method)
30jsonable() (pymispMISPObjectReference method)
31jsonable() (pymispMISPOrganisation method) 34jsonable() (pymispMISPTag method) 32jsonable() (pymispMISPUser method) 33jsonable() (pymisptoolsFileObject method) 38jsonable() (pymisptoolsVTReportObject method)
39
Kkeys() (pymispMISPAttribute method) 27keys() (pymispMISPEvent method) 25keys() (pymispMISPObject method) 29keys() (pymispMISPObjectAttribute method) 30keys() (pymispMISPObjectReference method) 31keys() (pymispMISPOrganisation method) 34
Index 47
PyMISP Documentation Release main
keys() (pymispMISPTag method) 32keys() (pymispMISPUser method) 33keys() (pymisptoolsFileObject method) 38keys() (pymisptoolsVTReportObject method) 39known_types() (pymispMISPAttribute property) 27known_types() (pymispMISPObjectAttribute prop-
erty) 30
Lload() (pymispMISPEvent method) 25load_default_feeds() (pymispPyMISP method)
14load_file() (pymispMISPEvent method) 25load_openioc() (pymisptools method) 40load_openioc_file() (pymisptools method) 40load_stix() (in module pymisptoolsstix) 40
Mmake_stix_package() (in module
pymisptoolsstix) 40malware_binary() (pymispMISPAttribute prop-
erty) 27malware_binary() (pymispMISPObjectAttribute
property) 30misp_instance_version() (pymispPyMISP
property) 14misp_instance_version_master()
(pymispPyMISP property) 14MISPAttribute (class in pymisp) 26MISPEncode (class in pymisp) 24MISPEvent (class in pymisp) 24MISPObject (class in pymisp) 28MISPObjectAttribute (class in pymisp) 29MISPObjectReference (class in pymisp) 31MISPOrganisation (class in pymisp) 34MISPTag (class in pymisp) 32MISPUser (class in pymisp) 33module
pymisp 7pymisptools 37pymisptoolsstix 40
Nnoticelists() (pymispPyMISP method) 14
Oobject_templates() (pymispPyMISP method) 14organisation_blacklists() (pymispPyMISP
method) 14organisations() (pymispPyMISP method) 14
Ppop() (pymispMISPAttribute method) 27
pop() (pymispMISPEvent method) 25pop() (pymispMISPObject method) 29pop() (pymispMISPObjectAttribute method) 30pop() (pymispMISPObjectReference method) 31pop() (pymispMISPOrganisation method) 34pop() (pymispMISPTag method) 32pop() (pymispMISPUser method) 33pop() (pymisptoolsFileObject method) 38pop() (pymisptoolsVTReportObject method) 39popitem() (pymispMISPAttribute method) 27popitem() (pymispMISPEvent method) 25popitem() (pymispMISPObject method) 29popitem() (pymispMISPObjectAttribute method) 30popitem() (pymispMISPObjectReference method) 31popitem() (pymispMISPOrganisation method) 34popitem() (pymispMISPTag method) 32popitem() (pymispMISPUser method) 33popitem() (pymisptoolsFileObject method) 38popitem() (pymisptoolsVTReportObject method) 39publish() (pymispMISPEvent method) 25publish() (pymispPyMISP method) 14push_event_to_ZMQ() (pymispPyMISP method)
14pymisp
module 7PyMISP (class in pymisp) 7pymisptools
module 37pymisptoolsstix
module 40pymisp_version_main() (pymispPyMISP prop-
erty) 15
Rrecommended_pymisp_version()
(pymispPyMISP property) 15remote_acl() (pymispPyMISP method) 15remove_org_from_sharing_group()
(pymispPyMISP method) 15remove_server_from_sharing_group()
(pymispPyMISP method) 15roles() (pymispPyMISP method) 15
Ssearch() (pymispPyMISP method) 15search_feeds() (pymispPyMISP method) 17search_index() (pymispPyMISP method) 18search_logs() (pymispPyMISP method) 18search_sightings() (pymispPyMISP method) 19server_pull() (pymispPyMISP method) 20server_push() (pymispPyMISP method) 20servers() (pymispPyMISP method) 20set_date() (pymispMISPEvent method) 25
48 Index
PyMISP Documentation Release main
set_not_jsonable() (pymispAbstractMISPmethod) 23
set_not_jsonable() (pymispMISPAttributemethod) 27
set_not_jsonable() (pymispMISPEvent method)25
set_not_jsonable() (pymispMISPObjectmethod) 29
set_not_jsonable() (pymispMISPObjectAttributemethod) 30
set_not_jsonable()(pymispMISPObjectReference method)31
set_not_jsonable() (pymispMISPOrganisationmethod) 35
set_not_jsonable() (pymispMISPTag method)32
set_not_jsonable() (pymispMISPUser method)33
set_not_jsonable() (pymisptoolsFileObjectmethod) 38
set_not_jsonable()(pymisptoolsVTReportObject method)39
set_user_setting() (pymispPyMISP method) 20setdefault() (pymispMISPAttribute method) 27setdefault() (pymispMISPEvent method) 25setdefault() (pymispMISPObject method) 29setdefault() (pymispMISPObjectAttribute
method) 30setdefault() (pymispMISPObjectReference
method) 31setdefault() (pymispMISPOrganisation method)
35setdefault() (pymispMISPTag method) 33setdefault() (pymispMISPUser method) 34setdefault() (pymisptoolsFileObject method) 38setdefault() (pymisptoolsVTReportObject
method) 40sharing_groups() (pymispPyMISP method) 20sightings() (pymispPyMISP method) 20
Ttag() (pymispPyMISP method) 20tags() (pymispMISPAttribute property) 27tags() (pymispMISPEvent property) 26tags() (pymispMISPObjectAttribute property) 30tags() (pymispPyMISP method) 20tags_statistics() (pymispPyMISP method) 20taxonomies() (pymispPyMISP method) 20to_dict() (pymispAbstractMISP method) 23to_dict() (pymispMISPAttribute method) 27to_dict() (pymispMISPEvent method) 26to_dict() (pymispMISPObject method) 29
to_dict() (pymispMISPObjectAttribute method) 30to_dict() (pymispMISPObjectReference method) 32to_dict() (pymispMISPOrganisation method) 35to_dict() (pymispMISPTag method) 33to_dict() (pymispMISPUser method) 34to_dict() (pymisptoolsFileObject method) 38to_dict() (pymisptoolsVTReportObject method) 40to_feed() (pymispMISPEvent method) 26to_json() (pymispAbstractMISP method) 23to_json() (pymispMISPAttribute method) 27to_json() (pymispMISPEvent method) 26to_json() (pymispMISPObject method) 29to_json() (pymispMISPObjectAttribute method) 31to_json() (pymispMISPObjectReference method) 32to_json() (pymispMISPOrganisation method) 35to_json() (pymispMISPTag method) 33to_json() (pymispMISPUser method) 34to_json() (pymisptoolsFileObject method) 38to_json() (pymisptoolsVTReportObject method) 40toggle_warninglist() (pymispPyMISP method)
20
Uunpublish() (pymispMISPEvent method) 26untag() (pymispPyMISP method) 21update() (pymispMISPAttribute method) 28update() (pymispMISPEvent method) 26update() (pymispMISPObject method) 29update() (pymispMISPObjectAttribute method) 31update() (pymispMISPObjectReference method) 32update() (pymispMISPOrganisation method) 35update() (pymispMISPTag method) 33update() (pymispMISPUser method) 34update() (pymisptoolsFileObject method) 38update() (pymisptoolsVTReportObject method) 40update_attribute() (pymispPyMISP method) 21update_attribute_proposal()
(pymispPyMISP method) 21update_event() (pymispPyMISP method) 21update_event_blacklist() (pymispPyMISP
method) 21update_feed() (pymispPyMISP method) 21update_galaxies() (pymispPyMISP method) 21update_not_jsonable() (pymispAbstractMISP
method) 23update_not_jsonable() (pymispMISPAttribute
method) 28update_not_jsonable() (pymispMISPEvent
method) 26update_not_jsonable() (pymispMISPObject
method) 29update_not_jsonable()
(pymispMISPObjectAttribute method) 31
Index 49
PyMISP Documentation Release main
update_not_jsonable()(pymispMISPObjectReference method)32
update_not_jsonable()(pymispMISPOrganisation method) 35
update_not_jsonable() (pymispMISPTagmethod) 33
update_not_jsonable() (pymispMISPUsermethod) 34
update_not_jsonable() (pymisptoolsFileObjectmethod) 38
update_not_jsonable()(pymisptoolsVTReportObject method)40
update_noticelists() (pymispPyMISP method)21
update_object() (pymispPyMISP method) 21update_object_templates() (pymispPyMISP
method) 21update_organisation() (pymispPyMISP
method) 21update_organisation_blacklist()
(pymispPyMISP method) 21update_server() (pymispPyMISP method) 22update_tag() (pymispPyMISP method) 22update_taxonomies() (pymispPyMISP method)
22update_user() (pymispPyMISP method) 22update_warninglists() (pymispPyMISP
method) 22upload_stix() (pymispPyMISP method) 22user_registrations() (pymispPyMISP method)
22user_settings() (pymispPyMISP method) 22users() (pymispPyMISP method) 22users_statistics() (pymispPyMISP method) 22
Vvalues() (pymispMISPAttribute method) 28values() (pymispMISPEvent method) 26values() (pymispMISPObject method) 29values() (pymispMISPObjectAttribute method) 31values() (pymispMISPObjectReference method) 32values() (pymispMISPOrganisation method) 35values() (pymispMISPTag method) 33values() (pymispMISPUser method) 34values() (pymisptoolsFileObject method) 38values() (pymisptoolsVTReportObject method) 40values_in_warninglist() (pymispPyMISP
method) 22version() (pymispPyMISP property) 22VTReportObject (class in pymisptools) 38
Wwarninglists() (pymispPyMISP method) 22
50 Index
- README
- pymisp
- PyMISP
- PyMISPExpanded (Python 36+ only)
- MISPAbstract
- MISPEncode
- MISPEvent
- MISPAttribute
- MISPObject
- MISPObjectAttribute
- MISPObjectReference
- MISPTag
- MISPUser
- MISPOrganisation
- pymisp - Tools
- File Object
- ELF Object
- PE Object
- Mach-O Object
- VT Report Object
- STIX
- OpenIOC
- Indices and tables
- Python Module Index
- Index
PyMISP Documentation Release main
2 CONTENTS
CHAPTER
ONE
README
[[Documentation Status](httpsreadthedocsorgprojectspymispbadgeversion=latest)](httppymispreadthedocsiobadge=latest) [[Build Status](httpstravis-ciorgMISPPyMISPsvgbranch=main)](httpstravis-ciorgMISPPyMISP) [[Coverage Status](httpscoverallsioreposgithubMISPPyMISPbadgesvgbranch=main)](httpscoverallsiogithubMISPPyMISPbranch=main) [[Python 36](httpsimgshieldsiobadgepython-36+-bluesvg)](httpswwwpythonorgdownloadsreleasepython-360) [[PyPi ver-sion](httpsimgshieldsiopypivpymispsvg)](httpspypipythonorgpypipymisp) [[Number of PyPI down-loads](httpsimgshieldsiopypidmpymispsvg)](httpspypipythonorgpypipymisp)
PyMISP - Python Library to access MISP
PyMISP is a Python library to access [MISP](httpsgithubcomMISPMISP) platforms via their REST API
PyMISP allows you to fetch events add or update eventsattributes add or update samples or search for attributes
Install from pip
It is strongly recommended to use a virtual environment
If you want to know more about virtual environments [python has you covered](httpsdocspythonorg3tutorialvenvhtml)
Only basic dependencies ` pip3 install pymisp `
With optional dependencies ` pip3 install pymisp[fileobjectsopeniocvirustotal] `
Install the latest version from repo from development purposes
Note poetry is required
` git clone httpsgithubcomMISPPyMISPgit ampamp cd PyMISP git submoduleupdate --init poetry install -E fileobjects -E openioc -E virustotal -E docs-E pdfexport `
Running the tests
`bash poetry run nosetests-34 --with-coverage --cover-package=pymisptests--cover-tests teststest_py `
If you have a MISP instance to test against you can also run the live ones
Note You need to update the key in teststestlive_comprehensivepy to the automation key of your admin account
`bash poetry run nosetests-34 --with-coverage --cover-package=pymisptests--cover-tests teststestlive_comprehensivepy `
Samples and how to use PyMISP
Various examples and samples scripts are in the [examples](examples) directory
In the examples directory you will need to change the keyspysample to enter your MISP url and API key
3
PyMISP Documentation Release main
` cd examples cp keyspysample keyspy vim keyspy `
The API key of MISP is available in the Automation section of the MISP web interface
To test if your URL and API keys are correct you can test with exampleslastpy to fetch the events pub-lished in the last x amount of time (supported time indicators days (d) hours (h) and minutes (m))lastpy ` cd examples python3 lastpy -l 10h 10 hours python3 lastpy -l 5d 5days python3 lastpy -l 45m 45 minutes `
Debugging
You have two options there
1 Pass debug=True to PyMISP and it will enable loggingDEBUG to stderr on the whole module
2 Use the python logging module directly
```python
import logging logger = logginggetLogger(lsquopymisprsquo)
Configure it as you whish for example enable DEBUG mode loggersetLevel(loggingDEBUG) ```
Or if you want to write the debug output to a file instead of stderr
```python import pymisp import logging
logger = logginggetLogger(lsquopymisprsquo) loggingbasicConfig(level=loggingDEBUG filename=rdquodebuglogrdquo file-mode=rsquowrsquo format=pymispFORMAT) ```
Test cases
1 The content of mispeventpy is tested on every commit
2 The tests cases that require a running MISP instance can be run the following way
```bash From poetry
nosetests-34 -s ndashwith-coverage ndashcover-package=pymisptests ndashcover-tests teststestlive_comprehensivepyTestComprehensive[test_name]
```
Documentation
The documentation is available [here](httpspymispreadthedocsioenlatest)
Jupyter notebook
A series of [Jupyter notebooks for PyMISP tutorial](httpsgithubcomMISPPyMISPtreemaindocstutorial) areavailable in the repository
Everything is a Mutable Mapping
or at least everything that can be importedexported fromto a json blob
AbstractMISP is the master class and inherit collectionsMutableMapping which means the class can be representedas a python dictionary
The abstraction assumes every property that should not be seen in the dictionary is prepended with a _ or its name isadded to the private list __not_jsonable (accessible through update_not_jsonable and set_not_jsonable
This master class has helpers that will make it easy to load and export to and from a json string
MISPEvent MISPAttribute MISPObjectReference MISPObjectAttribute and MISPObject are subclasses of Abstract-MISP which mean that they can be handled as python dictionaries
MISP Objects
4 Chapter 1 README
PyMISP Documentation Release main
Creating a new MISP object generator should be done using a pre-defined template and inherit AbstractMISPObject-Generator
Your new MISPObject generator need to generate attributes and add them as class properties using add_attribute
When the object is sent to MISP all the class properties will be exported to the JSON export
5
PyMISP Documentation Release main
6 Chapter 1 README
CHAPTER
TWO
PYMISP
21 PyMISP
class pymispPyMISP(url key ssl=True debug=False proxies= cert=None auth=None tool=timeout=None)
Python API for MISP
Parameters
bull url (str) ndash URL of the MISP instance you want to connect to
bull key (str) ndash API key of the user you want to use
bull ssl (bool) ndash can be True or False (to check or to not check the validity of the certificateOr a CA_BUNDLE in case of self signed or other certificate (the concatenation of all thecrt of the chain)
bull debug (bool) ndash Write all the debug information to stderr
bull proxies (Mapping) ndash Proxy dict as describes here httpdocspython-requestsorgenmasteruseradvancedproxies
bull cert (Optional[Tuple[str tuple]]) ndash Client certificate as described there httpdocspython-requestsorgenmasteruseradvancedclient-side-certificates
bull auth (Optional[AuthBase]) ndash The auth parameter is passed directly to requests asdescribed here httpdocspython-requestsorgenmasteruserauthentication
bull tool (str) ndash The software using PyMISP (string) used to set a unique user-agent
bull timeout (Union[float Tuple[float float] None]) ndash Timeout as describedhere httpsrequestsreadthedocsioenmasteruseradvancedtimeouts
accept_attribute_proposal(proposal)Accept a proposal
Return type Dict
add_attribute(event attribute pythonify=False)Add an attribute to an existing MISP event NOTE MISP 24113+ you can pass a list of attributes Inthat case the pythonified response is the following lsquoattributesrsquo [MISPAttribute] lsquoerrorsrsquo errors byattributes
Return type Union[Dict MISPAttribute MISPShadowAttribute]
add_attribute_proposal(event attribute pythonify=False)Propose a new attribute in an event
Return type Union[Dict MISPShadowAttribute]
7
PyMISP Documentation Release main
add_event(event pythonify=False)Add a new event on a MISP instance
Return type Union[Dict MISPEvent]
add_event_blacklist(uuids comment=None event_info=None event_orgc=None)Add a new event in the blacklist
Return type Dict
add_feed(feed pythonify=False)Add a new feed on a MISP instance
Return type Union[Dict MISPFeed]
add_object(event misp_object pythonify=False)Add a MISP Object to an existing MISP event
Return type Union[Dict MISPObject]
add_object_reference(misp_object_reference pythonify=False)Add a reference to an object
Return type Union[Dict MISPObjectReference]
add_org_to_sharing_group(sharing_group organisation extend=False)Add an organisation to a sharing group sharing_group Sharing grouprsquos local instance ID or Sharinggrouprsquos global UUID organisation Organisationrsquos local instance ID or Organisationrsquos global UUID orOrganisationrsquos name as known to the curent instance extend Allow the organisation to extend the group
Return type Dict
add_organisation(organisation pythonify=False)Add an organisation
Return type Union[Dict MISPOrganisation]
add_organisation_blacklist(uuids comment=None org_name=None)Add a new organisation in the blacklist
Return type Dict
add_server(server pythonify=False)Add a server to synchronise with Note You probably want to use ExpandedPyMISPget_sync_config andExpandedPyMISPimport_server instead
Return type Union[Dict MISPServer]
add_server_to_sharing_group(sharing_group server all_orgs=False)Add a server to a sharing group sharing_group Sharing grouprsquos local instance ID or Sharing grouprsquosglobal UUID server Serverrsquos local instance ID or URL of the Server or Serverrsquos name as known to thecurent instance all_orgs Add all the organisations of the server to the group
Return type Dict
add_sharing_group(sharing_group pythonify=False)Add a new sharing group
Return type Union[Dict MISPSharingGroup]
add_sighting(sighting attribute=None pythonify=False)Add a new sighting (globally or to a specific attribute)
Return type Union[Dict MISPSighting]
8 Chapter 2 pymisp
PyMISP Documentation Release main
add_tag(tag pythonify=False)Add a new tag on a MISP instance Notes
bull The user calling this method needs the Tag Editor permission
bull It doesnrsquot add a tag to an event simply create it on a MISP instance
Return type Union[Dict MISPTag]
add_user(user pythonify=False)Add a new user
Return type Union[Dict MISPUser]
attributes_statistics(context=type percentage=False)Get attributes statistics from the MISP instance
Return type Dict
build_complex_query(or_parameters=None and_parameters=None not_parameters=None)Build a complex search query MISP expects a dictionary with AND OR and NOT keys
Return type Dict[str List[~SearchType]]
cache_all_feeds()Cache all the feeds
Return type Dict
cache_feed(feed)Cache a specific feed
Return type Dict
cache_freetext_feeds()Cache all the freetext feeds
Return type Dict
cache_misp_feeds()Cache all the MISP feeds
Return type Dict
change_sharing_group_on_entity(misp_entity sharing_group_id pythonify=False)Change the sharing group of an event an attribute or an object
Return type Union[Dict MISPEvent MISPObject MISPAttributeMISPShadowAttribute]
change_user_password(new_password)Thange the password of the curent user
Return type Dict
communities(pythonify=False)Get all the communities
Return type Union[Dict List[MISPCommunity]]
compare_feeds()Generate the comparison matrix for all the MISP feeds
Return type Dict
21 PyMISP 9
PyMISP Documentation Release main
contact_event_reporter(event message)Send a message to the reporter of an event
Return type Dict
delegate_event(event=None organisation=None event_delegation=None distribution=- 1 mes-sage= pythonify=False)
Note distribution == -1 means recipient decides
Return type Union[Dict MISPEventDelegation]
delete_attribute(attribute hard=False)Delete an attribute from a MISP instance
Return type Dict
delete_attribute_proposal(attribute)Propose the deletion of an attribute
Return type Dict
delete_event(event)Delete an event from a MISP instance
Return type Dict
delete_event_blacklist(event_blacklist)Delete a blacklisted event
Return type Dict
delete_feed(feed)Delete a feed from a MISP instance
Return type Dict
delete_object(misp_object)Delete an object from a MISP instance
Return type Dict
delete_object_reference(object_reference)Delete a reference to an object
Return type Dict
delete_organisation(organisation)Delete an organisation
Return type Dict
delete_organisation_blacklist(organisation_blacklist)Delete a blacklisted organisation
Return type Dict
delete_server(server)Delete a sync server
Return type Dict
delete_sharing_group(sharing_group)Delete a sharing group
Return type Dict
10 Chapter 2 pymisp
PyMISP Documentation Release main
delete_sighting(sighting)Delete a sighting from a MISP instance
Return type Dict
delete_tag(tag)Delete an attribute from a MISP instance
Return type Dict
delete_user(user)Delete a user
Return type Dict
delete_user_setting(user_setting user=None)Delete a user setting
Return type Dict
property describe_types_localReturns the content of describe types from the package
Return type Dict
property describe_types_remoteReturns the content of describe types from the remote instance
Return type Dict
direct_call(url data=None params= kw_params=)Very lightweight call that posts a data blob (python dictionary or json string) on the URL
Return type Any
disable_feed(feed pythonify=False)Disable a feed
Return type Union[Dict MISPFeed]
disable_feed_cache(feed pythonify=False)Disable the caching of a feed
Return type Union[Dict MISPFeed]
disable_noticelist(noticelist)Disable a noticelist by id
Return type Dict
disable_tag(tag pythonify=False)Disable a tag
Return type Union[Dict MISPTag]
disable_taxonomy(taxonomy)Disable a taxonomy
Return type Dict
disable_taxonomy_tags(taxonomy)Disable all the tags of a taxonomy
Return type Dict
disable_warninglist(warninglist)Disable a warninglist
21 PyMISP 11
PyMISP Documentation Release main
Return type Dict
discard_attribute_proposal(proposal)Discard a proposal
Return type Dict
enable_feed(feed pythonify=False)Enable a feed (fetching it will create event(s)
Return type Union[Dict MISPFeed]
enable_feed_cache(feed pythonify=False)Enable the caching of a feed
Return type Union[Dict MISPFeed]
enable_noticelist(noticelist)Enable a noticelist by id
Return type Dict
enable_tag(tag pythonify=False)Enable a tag
Return type Union[Dict MISPTag]
enable_taxonomy(taxonomy)Enable a taxonomy
Return type Dict
enable_taxonomy_tags(taxonomy)Enable all the tags of a taxonomy NOTE this automatically done when you call enable_taxonomy
Return type Dict
enable_warninglist(warninglist)Enable a warninglist
Return type Dict
event_blacklists(pythonify=False)Get all the blacklisted events
Return type Union[Dict List[MISPEventBlacklist]]
event_delegations(pythonify=False)Get all the event delegations
Return type Union[Dict List[MISPEventDelegation]]
feeds(pythonify=False)Get the list of existing feeds
Return type Union[Dict List[MISPFeed]]
fetch_feed(feed)Fetch one single feed
Return type Dict
freetext(event string adhereToWarninglists=False distribution=None returnMetaAttributes=Falsepythonify=False kwargs)
Pass a text to the freetext importer
Return type Union[Dict List[MISPAttribute]]
12 Chapter 2 pymisp
PyMISP Documentation Release main
galaxies(pythonify=False)Get all the galaxies
Return type Union[Dict List[MISPGalaxy]]
get_all_functions(not_implemented=False)Get all methods available vi the API allow to get the ones that are not implemented
get_attribute(attribute pythonify=False)Get an attribute from a MISP instance
Return type Union[Dict MISPAttribute]
get_community(community pythonify=False)Get an community from a MISP instance
Return type Union[Dict MISPCommunity]
get_event(event deleted=False extended=False pythonify=False)Get an event from a MISP instance
Return type Union[Dict MISPEvent]
get_feed(feed pythonify=False)Get a feed by id
Return type Union[Dict MISPFeed]
get_galaxy(galaxy pythonify=False)Get a galaxy by id
Return type Union[Dict MISPGalaxy]
get_noticelist(noticelist pythonify=False)Get a noticelist by id
Return type Union[Dict MISPNoticelist]
get_object(misp_object pythonify=False)Get an object from the remote MISP instance
Return type Union[Dict MISPObject]
get_object_template(object_template pythonify=False)Gets the full object template corresponting the UUID passed as parameter
Return type Union[Dict MISPObjectTemplate]
get_organisation(organisation pythonify=False)Get an organisation
Return type Union[Dict MISPOrganisation]
get_sync_config(pythonify=False)WARNING This method only works if the user calling it is a sync user
Return type Union[Dict MISPServer]
get_tag(tag pythonify=False)Get a tag by id
Return type Union[Dict MISPTag]
get_taxonomy(taxonomy pythonify=False)Get a taxonomy from a MISP instance
Return type Union[Dict MISPTaxonomy]
21 PyMISP 13
PyMISP Documentation Release main
get_user(user=me pythonify=False expanded=False)Get a user me means the owner of the API key doing the query expanded also returns a MISPRole and aMISPUserSetting
Return type Union[Dict MISPUser Tuple[MISPUser MISPRoleList[MISPUserSetting]]]
get_user_setting(user_setting user=None pythonify=False)Get an user setting
Return type Union[Dict MISPUserSetting]
get_warninglist(warninglist pythonify=False)Get a warninglist
Return type Union[Dict MISPWarninglist]
import_server(server pythonify=False)Import a sync server config received from get_sync_config
Return type Union[Dict MISPServer]
load_default_feeds()Load all the default feeds
Return type Dict
property misp_instance_versionReturns the version of the instance
Return type Dict
property misp_instance_version_masterGet the most recent version from github
Return type Dict
noticelists(pythonify=False)Get all the noticelists
Return type Union[Dict List[MISPNoticelist]]
object_templates(pythonify=False)Get all the object templates
Return type Union[Dict List[MISPObjectTemplate]]
organisation_blacklists(pythonify=False)Get all the blacklisted organisations
Return type Union[Dict List[MISPOrganisationBlacklist]]
organisations(scope=local pythonify=False)Get all the organisations
Return type Union[Dict List[MISPOrganisation]]
publish(event alert=False)Publish the event with one single HTTP POST The default is to not send a mail as it is assumed thismethod is called on update
Return type Dict
push_event_to_ZMQ(event)Force push an event on ZMQ
14 Chapter 2 pymisp
PyMISP Documentation Release main
Return type Dict
property pymisp_version_mainGet the most recent version of PyMISP from github
Return type Dict
property recommended_pymisp_versionReturns the recommended API version from the server
Return type Dict
remote_acl(debug_type=findMissingFunctionNames)This should return an empty list unless the ACL is outdated debug_type can only be printAllFunction-Names findMissingFunctionNames or printRoleAccess
Return type Dict
remove_org_from_sharing_group(sharing_group organisation)Remove an organisation from a sharing group sharing_group Sharing grouprsquos local instance ID orSharing grouprsquos global UUID organisation Organisationrsquos local instance ID or Organisationrsquos globalUUID or Organisationrsquos name as known to the curent instance
Return type Dict
remove_server_from_sharing_group(sharing_group server)Remove a server from a sharing group sharing_group Sharing grouprsquos local instance ID or Sharinggrouprsquos global UUID server Serverrsquos local instance ID or URL of the Server or Serverrsquos name as knownto the curent instance
Return type Dict
roles(pythonify=False)Get the existing roles
Return type Union[Dict List[MISPRole]]
search(controller=events return_format=json limit=None page=None value=Nonetype_attribute=None category=None org=None tags=None quick_filter=None quick-Filter=None date_from=None date_to=None eventid=None with_attachments=NonewithAttachments=None metadata=None uuid=None publish_timestamp=Nonelast=None timestamp=None published=None enforce_warninglist=None enforceWarn-inglist=None to_ids=None deleted=None include_event_uuid=None includeEventU-uid=None include_event_tags=None includeEventTags=None event_timestamp=Nonesg_reference_only=None eventinfo=None searchall=None requested_attributes=None in-clude_context=None includeContext=None headerless=None include_sightings=NoneincludeSightings=None include_correlations=None includeCorrelations=None in-clude_decay_score=None includeDecayScore=None object_name=None pythonify=Falsekwargs)
Search in the MISP instance
Parameters
bull return_format (str) ndash Set the return format of the search (Currently supported jsonxml openioc suricata snort - more formats are being moved to restSearch with the goalbeing that all searches happen through this API) Can be passed as the first parameter afterrestSearch or via the JSON payload
bull limit (Optional[int]) ndash Limit the number of results returned depending on thescope (for example 10 attributes or 10 full events)
bull page (Optional[int]) ndash If a limit is set sets the page to be returned page 3 limit 100will return records 201-gt300)
21 PyMISP 15
PyMISP Documentation Release main
bull value (Optional[~SearchParameterTypes]) ndash Search for the given value in the at-tributesrsquo value field
bull type_attribute (Optional[~SearchParameterTypes]) ndash The attribute type anyvalid MISP attribute type is accepted
bull category (Optional[~SearchParameterTypes]) ndash The attribute category any validMISP attribute category is accepted
bull org (Optional[~SearchParameterTypes]) ndash Search by the creator organisation by sup-plying the organisation identifier
bull tags (Optional[~SearchParameterTypes]) ndash Tags to search or to exclude You canpass a list or the output of build_complex_query
bull quick_filter (Optional[str]) ndash The string passed to this field will ignore all ofthe other arguments MISP will return an xml json (depending on the header sent) of allevents that have a sub-string match on value in the event info event orgc or any of theattribute value1 value2 fields or in the attribute comment
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull eventid (Optional[~SearchType]) ndash The events that should be included excludedfrom the search
bull with_attachments (Optional[bool]) ndash If set encodes the attachments zippedmalware samples as base64 in the data field within each attribute
bull metadata (Optional[bool]) ndash Only the metadata (event tags relations) is returnedattributes and proposals are omitted
bull uuid (Optional[str]) ndash Restrict the results by uuid
bull publish_timestamp (Union[date int str float NoneTuple[Union[date int str float None] Union[date int str floatNone]]]) ndash Restrict the results by the last publish timestamp (newer than)
bull timestamp (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash Restrict the resultsby the timestamp (last edit) Any event with a timestamp newer than the given timestampwill be returned In case you are dealing with attributes as scope the attributersquos timestampwill be used for the lookup
bull published (Optional[bool]) ndash Set whether published or unpublished events shouldbe returned Do not set the parameter if you want both
bull enforce_warninglist (Optional[bool]) ndash Remove any attributes from the resultthat would cause a hit on a warninglist entry
bull to_ids (Union[~ToIDSType List[~ToIDSType] None]) ndash By default all attributesare returned that match the other filter parameters irregardless of their to_ids setting Torestrict the returned data set to to_ids only attributes set this parameter to 1 0 for the oneswith to_ids set to False
bull deleted (Optional[str]) ndash If this parameter is set to 1 it will only return soft-deletedattributes [ldquo0rdquo ldquo1rdquo] will return the active ones as well as the soft-deleted ones
bull include_event_uuid (Optional[bool]) ndash Instead of just including the event IDalso include the event UUID in each of the attributes
16 Chapter 2 pymisp
PyMISP Documentation Release main
bull include_event_tags (Optional[bool]) ndash Include the event level tags in each ofthe attributes
bull event_timestamp (Union[date int str float None]) ndash Only return at-tributes from events that have received a modification after the given timestamp
bull sg_reference_only (Optional[bool]) ndash If this flag is set sharing group objectswill not be included instead only the sharing group ID is set
bull eventinfo (Optional[str]) ndash Filter on the eventrsquos info field
bull searchall (Optional[bool]) ndash Search for a full or a substring (delimited by forsubstrings) in the event info event tags attribute tags attribute values or attribute commentfields
bull requested_attributes (Optional[str]) ndash [CSV only] Select the fields that youwish to include in the CSV export By setting event level fields additionally includeCon-text is not required to get event metadata
bull include_context (Optional[bool]) ndash [Attribute only] Include the event data witheach attribute [CSV output] Add event level metadata in every line of the CSV
bull headerless (Optional[bool]) ndash [CSV Only] The CSV created when this setting isset to true will not contain the header row
bull include_sightings (Optional[bool]) ndash [JSON Only - Attribute] Include thesightings of the matching attributes
bull include_decay_score (Optional[bool]) ndash Include the decay score at attributelevel
bull include_correlations (Optional[bool]) ndash [JSON Only - attribute] Include thecorrelations of the matching attributes
bull object_name (Optional[str]) ndash [objects controller only] Search for objects withthat name
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead of the plainjson output Warning it might use a lot of RAM
Deprecated
Parameters
bull quickFilter (Optional[str]) ndash synponym for quick_filter
bull withAttachments (Optional[bool]) ndash synonym for with_attachments
bull last (Union[date int str float None Tuple[Union[date int strfloat None] Union[date int str float None]]]) ndash synonym for pub-lish_timestamp
bull enforceWarninglist (Optional[bool]) ndash synonym for enforce_warninglist
bull includeEventUuid (Optional[bool]) ndash synonym for include_event_uuid
bull includeEventTags (Optional[bool]) ndash synonym for include_event_tags
bull includeContext (Optional[bool]) ndash synonym for include_context
Return type Union[Dict str List[Union[MISPEvent MISPAttributeMISPObject]]]
search_feeds(value=None pythonify=False)Search in the feeds cached on the servers
21 PyMISP 17
PyMISP Documentation Release main
Return type Union[Dict List[MISPFeed]]
search_index(published=None eventid=None tags=None date_from=None date_to=Noneeventinfo=None threatlevel=None distribution=None analysis=None org=Nonetimestamp=None pythonify=None)
Search only at the index level Using in front of a value means NOT (default is OR)
Parameters
bull published (Optional[bool]) ndash Set whether published or unpublished events shouldbe returned Do not set the parameter if you want both
bull eventid (Optional[~SearchType]) ndash The events that should be included excludedfrom the search
bull tags (Optional[~SearchParameterTypes]) ndash Tags to search or to exclude You canpass a list or the output of build_complex_query
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull eventinfo (Optional[str]) ndash Filter on the eventrsquos info field
bull threatlevel (Optional[List[~SearchType]]) ndash Threat level(s) (1234) | list
bull distribution (Optional[List[~SearchType]]) ndash Distribution level(s) (0123) |list
bull analysis (Optional[List[~SearchType]]) ndash Analysis level(s) (012) | list
bull org (Optional[~SearchParameterTypes]) ndash Search by the creator organisation by sup-plying the organisation identifier
bull timestamp (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash Restrict the resultsby the timestamp (last edit) Any event with a timestamp newer than the given timestampwill be returned In case you are dealing with attributes as scope the attributersquos timestampwill be used for the lookup
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead or the plainjson output Warning it might use a lot of RAM
Return type Union[Dict List[MISPEvent]]
search_logs(limit=None page=None log_id=None title=None created=None model=None ac-tion=None user_id=None change=None email=None org=None description=Noneip=None pythonify=False)
Search in logs
Note to run substring queries simply appendprependencapsulate the search term with
Parameters
bull limit (Optional[int]) ndash Limit the number of results returned depending on thescope (for example 10 attributes or 10 full events)
bull page (Optional[int]) ndash If a limit is set sets the page to be returned page 3 limit 100will return records 201-gt300)
bull log_id (Optional[int]) ndash Log ID
bull title (Optional[str]) ndash Log Title
18 Chapter 2 pymisp
PyMISP Documentation Release main
bull created (Union[date int str float None]) ndash Creation timestamp
bull model (Optional[str]) ndash Model name that generated the log entry
bull action (Optional[str]) ndash The thing that was done
bull user_id (Optional[int]) ndash ID of the user doing the action
bull change (Optional[str]) ndash Change that occured
bull email (Optional[str]) ndash Email of the user
bull org (Optional[str]) ndash Organisation of the User doing the action
bull description (Optional[str]) ndash Description of the action
bull ip (Optional[str]) ndash Origination IP of the User doing the action
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead or the plainjson output Warning it might use a lot of RAM
Return type Union[Dict List[MISPLog]]
search_sightings(context=None context_id=None type_sighting=None date_from=Nonedate_to=None publish_timestamp=None last=None org=None source=Noneinclude_attribute=None include_event_meta=None pythonify=False)
Search sightings
Parameters
bull context (Optional[str]) ndash The context of the search Can be either ldquoattributerdquoldquoeventrdquo or nothing (will then match on events and attributes)
bull context_id (Optional[~SearchType]) ndash Only relevant if context is either ldquoattributerdquoor ldquoeventrdquo Then it is the relevant ID
bull type_sighting (Optional[str]) ndash Type of sighting
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull publish_timestamp (Union[date int str float NoneTuple[Union[date int str float None] Union[date int str floatNone]]]) ndash Restrict the results by the last publish timestamp (newer than)
bull org (Optional[~SearchType]) ndash Search by the creator organisation by supplying theorganisation identifier
bull source (Optional[str]) ndash Source of the sighting
bull include_attribute (Optional[bool]) ndash Include the attribute
bull include_event_meta (Optional[bool]) ndash Include the meta information of theevent
Deprecated
Parameters last (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash synonym for pub-lish_timestamp
Example
21 PyMISP 19
PyMISP Documentation Release main
gtgtgt mispsearch_sightings(publish_timestamp=30d) search sightings for therarr˓last 30 days on the instance[ ]gtgtgt mispsearch_sightings(context=attribute context_id=6 include_rarr˓attribute=True) return list of sighting for attribute 6 along with therarr˓attribute itself[ ]gtgtgt mispsearch_sightings(context=event context_id=17 include_event_rarr˓meta=True org=2) return list of sighting for event 17 filtered with orgrarr˓id 2
Return type Union[Dict List[Dict[str Union[MISPEvent MISPAttributeMISPSighting]]]]
server_pull(server event=None)Initialize a pull from a sync server
Return type Dict
server_push(server event=None)Initialize a push to a sync server
Return type Dict
servers(pythonify=False)Get the existing servers the MISP instance can synchronise with
Return type Union[Dict List[MISPServer]]
set_user_setting(user_setting value user=None pythonify=False)Get an user setting
Return type Union[Dict MISPUserSetting]
sharing_groups(pythonify=False)Get the existing sharing groups
Return type Union[Dict List[MISPSharingGroup]]
sightings(misp_entity=None org=None pythonify=False)Get the list of sighting related to a MISPEvent or a MISPAttribute (depending on type of misp_entity)
Return type Union[Dict List[MISPSighting]]
tag(misp_entity tag local=False)Tag an event or an attribute misp_entity can be a MISPEvent a MISP Attribute or a UUID
Return type Dict
tags(pythonify=False)Get the list of existing tags
Return type Union[Dict List[MISPTag]]
tags_statistics(percentage=False name_sort=False)Get tags statistics from the MISP instance
Return type Dict
taxonomies(pythonify=False)Get all the taxonomies
Return type Union[Dict List[MISPTaxonomy]]
20 Chapter 2 pymisp
PyMISP Documentation Release main
toggle_warninglist(warninglist_id=None warninglist_name=None force_enable=False)Toggle (enabledisable) the status of a warninglist by ID type warninglist_id Union[str intList[int] None] param warninglist_id ID of the WarningList type force_enable bool paramforce_enable Force the warning list in the enabled state (does nothing is already enabled)
Return type Dict
untag(misp_entity tag)Untag an event or an attribute misp_entity can be a UUID
Return type Dict
update_attribute(attribute attribute_id=None pythonify=False)Update an attribute on a MISP instance
Return type Union[Dict MISPAttribute MISPShadowAttribute]
update_attribute_proposal(initial_attribute attribute pythonify=False)Propose a change for an attribute
Return type Union[Dict MISPShadowAttribute]
update_event(event event_id=None pythonify=False)Update an event on a MISP instance
Return type Union[Dict MISPEvent]
update_event_blacklist(event_blacklist event_blacklist_id=None pythonify=False)Update an event in the blacklist
Return type Union[Dict MISPEventBlacklist]
update_feed(feed feed_id=None pythonify=False)Update a feed on a MISP instance
Return type Union[Dict MISPFeed]
update_galaxies()Update all the galaxies
Return type Dict
update_noticelists()Update all the noticelists
Return type Dict
update_object(misp_object object_id=None pythonify=False)Update an object on a MISP instance
Return type Union[Dict MISPObject]
update_object_templates()Trigger an update of the object templates
Return type Dict
update_organisation(organisation organisation_id=None pythonify=False)Update an organisation
Return type Union[Dict MISPOrganisation]
update_organisation_blacklist(organisation_blacklist organisation_blacklist_id=Nonepythonify=False)
Update an organisation in the blacklist
Return type Union[Dict MISPOrganisationBlacklist]
21 PyMISP 21
PyMISP Documentation Release main
update_server(server server_id=None pythonify=False)Update a server to synchronise with
Return type Union[Dict MISPServer]
update_tag(tag tag_id=None pythonify=False)Edit only the provided parameters of a tag
Return type Union[Dict MISPTag]
update_taxonomies()Update all the taxonomies
Return type Dict
update_user(user user_id=None pythonify=False)Update an event on a MISP instance
Return type Union[Dict MISPUser]
update_warninglists()Update all the warninglists
Return type Dict
upload_stix(path version=2)Upload a STIX file to MISP param path Path to the STIX on the disk (can be a path-like object or apseudofile) type version str param version Can be 1 or 2
user_registrations(pythonify=False)Get all the user registrations
Return type Union[Dict List[MISPInbox]]
user_settings(pythonify=False)Get all the user settings
Return type Union[Dict List[MISPUserSetting]]
users(pythonify=False)Get all the users
Return type Union[Dict List[MISPUser]]
users_statistics(context=data)Get users statistics from the MISP instance
Return type Dict
values_in_warninglist(value)Check if IOC values are in warninglist
Return type Dict
property versionReturns the version of PyMISP yoursquore curently using
Return type Dict
warninglists(pythonify=False)Get all the warninglists
Return type Union[Dict List[MISPWarninglist]]
22 Chapter 2 pymisp
PyMISP Documentation Release main
22 PyMISPExpanded (Python 36+ only)
pymispExpandedPyMISPalias of pymispapiPyMISP
23 MISPAbstract
class pymispAbstractMISP(kwargs)
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
Return type None
from_json(json_string)Load a JSON string
Return type None
jsonable()This method is used by the JSON encoder
Return type Dict
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
22 PyMISPExpanded (Python 36+ only) 23
PyMISP Documentation Release main
24 MISPEncode
class pymispMISPEncode(args kwargs)
default(obj)Implement this method in a subclass such that it returns a serializable object for o or calls the baseimplementation (to raise a TypeError)
For example to support arbitrary iterators you could implement default like this
def default(self o)try
iterable = iter(o)except TypeError
passelse
return list(iterable) Let the base class default method raise the TypeErrorreturn JSONEncoderdefault(self o)
25 MISPEvent
class pymispMISPEvent(describe_types=None strict_validation=False kwargs)
add_attribute(type value kwargs)Add an attribute type and value are required but you can pass all other parameters supported by MISPAt-tribute
Return type Union[MISPAttribute List[MISPAttribute]]
add_attribute_tag(tag attribute_identifier)Add a tag to an existing attribute raise an Exception if the attribute doesnrsquot exists tag Tag name as astring MISPTag instance or dictionary attribute_identifier can be an ID UUID or the value
Return type List[MISPAttribute]
add_object(obj=None kwargs)Add an object to the Event either by passing a MISPObject or a dictionary
Return type MISPObject
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a tag to the attribute (by name or a MISPTag object)
Return type MISPShadowAttribute
clear()rarr None Remove all items from D
delete_attribute(attribute_id)Delete an attribute you can search by ID or UUID
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
24 Chapter 2 pymisp
PyMISP Documentation Release main
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attribute_tag(attribute_identifier)Return the tags associated to an attribute or an object attribute attribute_identifier can be an ID UUIDor the value
Return type List[MISPTag]
get_object_by_id(object_id)Get an object by ID (the ID is the one set by the server when creating the new object)
Return type MISPObject
get_object_by_uuid(object_uuid)Get an object by UUID (UUID is set by the server when creating the new object)
Return type MISPObject
get_objects_by_name(object_name)Get an object by UUID (UUID is set by the server when creating the new object)
Return type List[MISPObject]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
load(json_event validate=False metadata_only=False)Load a JSON dump from a pseudo file or a JSON string
load_file(event_path validate=False metadata_only=False)Load a JSON dump from a file on the disk
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
publish()Mark the attribute as published
set_date(d=None ignore_invalid=False)Set a date for the event (string datetime or date object)
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
25 MISPEvent 25
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Event
Return type List[MISPTag]
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_feed(valid_distributions=[0 1 2 3 4 5] with_meta=False)Generate a json output for MISP Feed Notes
bull valid_distributions only makes sense if the distribution key is set (ie the event is exported from aMISP instance)
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
unpublish()Mark the attribute as un-published (set publish flag to false)
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
26 MISPAttribute
class pymispMISPAttribute(describe_types=None strict=False)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
26 Chapter 2 pymisp
PyMISP Documentation Release main
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
26 MISPAttribute 27
PyMISP Documentation Release main
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
27 MISPObject
class pymispMISPObject(name strict=False standalone=True default_attributes_parameters=kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
28 Chapter 2 pymisp
PyMISP Documentation Release main
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
28 MISPObjectAttribute
class pymispMISPObjectAttribute(definition)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
28 MISPObjectAttribute 29
PyMISP Documentation Release main
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(object_relation value kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
30 Chapter 2 pymisp
PyMISP Documentation Release main
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
29 MISPObjectReference
class pymispMISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
29 MISPObjectReference 31
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
210 MISPTag
class pymispMISPTag(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
32 Chapter 2 pymisp
PyMISP Documentation Release main
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
211 MISPUser
class pymispMISPUser(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
211 MISPUser 33
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation
class pymispMISPOrganisation
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
34 Chapter 2 pymisp
PyMISP Documentation Release main
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation 35
PyMISP Documentation Release main
36 Chapter 2 pymisp
CHAPTER
THREE
PYMISP - TOOLS
31 File Object
class pymisptoolsFileObject(filepath=None pseudofile=None filename=None kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Contains the logic where all the values of the object are gathered
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
37
PyMISP Documentation Release main
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
32 ELF Object
33 PE Object
34 Mach-O Object
35 VT Report Object
class pymisptoolsVTReportObject(apikey indicator vt_proxies=None kwargs)VirusTotal Report
Apikey VirusTotal API key (private works but only public features are supported right now)
38 Chapter 3 pymisp - Tools
PyMISP Documentation Release main
Indicator IOC to search VirusTotal for
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Parse the VirusTotal report for relevant attributes
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
35 VT Report Object 39
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
36 STIX
pymisptoolsstixload_stix(stix distribution=3 threat_level_id=2 analysis=0)Returns a MISPEvent object from a STIX package
pymisptoolsstixmake_stix_package(misp_event to_json=False to_xml=False)Returns a STIXPackage from a MISPEvent
Optionally can return the package in json or xml
37 OpenIOC
toolsload_openioc()
toolsload_openioc_file()
40 Chapter 3 pymisp - Tools
CHAPTER
FOUR
INDICES AND TABLES
bull genindex
bull modindex
bull search
41
PyMISP Documentation Release main
42 Chapter 4 Indices and tables
PYTHON MODULE INDEX
ppymisp 7pymisptools 37pymisptoolsstix 40
43
PyMISP Documentation Release main
44 Python Module Index
INDEX
AAbstractMISP (class in pymisp) 23accept_attribute_proposal()
(pymispPyMISP method) 7add_attribute() (pymispMISPEvent method) 24add_attribute() (pymispMISPObject method) 28add_attribute() (pymispPyMISP method) 7add_attribute() (pymisptoolsFileObject method)
37add_attribute() (pymisptoolsVTReportObject
method) 39add_attribute_proposal() (pymispPyMISP
method) 7add_attribute_tag() (pymispMISPEvent
method) 24add_attributes() (pymispMISPObject method)
28add_attributes() (pymisptoolsFileObject
method) 37add_attributes() (pymisptoolsVTReportObject
method) 39add_event() (pymispPyMISP method) 7add_event_blacklist() (pymispPyMISP
method) 8add_feed() (pymispPyMISP method) 8add_object() (pymispMISPEvent method) 24add_object() (pymispPyMISP method) 8add_object_reference() (pymispPyMISP
method) 8add_org_to_sharing_group() (pymispPyMISP
method) 8add_organisation() (pymispPyMISP method) 8add_organisation_blacklist()
(pymispPyMISP method) 8add_proposal() (pymispMISPAttribute method) 26add_proposal() (pymispMISPEvent method) 24add_proposal() (pymispMISPObjectAttribute
method) 29add_reference() (pymispMISPObject method) 28add_reference() (pymisptoolsFileObject method)
37add_reference() (pymisptoolsVTReportObject
method) 39add_server() (pymispPyMISP method) 8add_server_to_sharing_group()
(pymispPyMISP method) 8add_shadow_attribute() (pymispMISPAttribute
method) 26add_shadow_attribute() (pymispMISPEvent
method) 24add_shadow_attribute()
(pymispMISPObjectAttribute method) 29add_sharing_group() (pymispPyMISP method) 8add_sighting() (pymispMISPAttribute method) 26add_sighting() (pymispMISPObjectAttribute
method) 29add_sighting() (pymispPyMISP method) 8add_tag() (pymispPyMISP method) 8add_user() (pymispPyMISP method) 9attributes_statistics() (pymispPyMISP
method) 9
Bbuild_complex_query() (pymispPyMISP
method) 9
Ccache_all_feeds() (pymispPyMISP method) 9cache_feed() (pymispPyMISP method) 9cache_freetext_feeds() (pymispPyMISP
method) 9cache_misp_feeds() (pymispPyMISP method) 9change_sharing_group_on_entity()
(pymispPyMISP method) 9change_user_password() (pymispPyMISP
method) 9clear() (pymispMISPAttribute method) 26clear() (pymispMISPEvent method) 24clear() (pymispMISPObject method) 28clear() (pymispMISPObjectAttribute method) 29clear() (pymispMISPObjectReference method) 31clear() (pymispMISPOrganisation method) 34clear() (pymispMISPTag method) 32clear() (pymispMISPUser method) 33
45
PyMISP Documentation Release main
clear() (pymisptoolsFileObject method) 37clear() (pymisptoolsVTReportObject method) 39communities() (pymispPyMISP method) 9compare_feeds() (pymispPyMISP method) 9contact_event_reporter() (pymispPyMISP
method) 9
Ddefault() (pymispMISPEncode method) 24delegate_event() (pymispPyMISP method) 10delete() (pymispMISPAttribute method) 26delete() (pymispMISPObjectAttribute method) 30delete_attribute() (pymispMISPEvent method)
24delete_attribute() (pymispPyMISP method) 10delete_attribute_proposal()
(pymispPyMISP method) 10delete_event() (pymispPyMISP method) 10delete_event_blacklist() (pymispPyMISP
method) 10delete_feed() (pymispPyMISP method) 10delete_object() (pymispPyMISP method) 10delete_object_reference() (pymispPyMISP
method) 10delete_organisation() (pymispPyMISP
method) 10delete_organisation_blacklist()
(pymispPyMISP method) 10delete_server() (pymispPyMISP method) 10delete_sharing_group() (pymispPyMISP
method) 10delete_sighting() (pymispPyMISP method) 10delete_tag() (pymispPyMISP method) 11delete_user() (pymispPyMISP method) 11delete_user_setting() (pymispPyMISP
method) 11describe_types_local() (pymispPyMISP prop-
erty) 11describe_types_remote() (pymispPyMISP
property) 11direct_call() (pymispPyMISP method) 11disable_feed() (pymispPyMISP method) 11disable_feed_cache() (pymispPyMISP method)
11disable_noticelist() (pymispPyMISP method)
11disable_tag() (pymispPyMISP method) 11disable_taxonomy() (pymispPyMISP method) 11disable_taxonomy_tags() (pymispPyMISP
method) 11disable_warninglist() (pymispPyMISP
method) 11discard_attribute_proposal()
(pymispPyMISP method) 12
Eedited() (pymispAbstractMISP property) 23edited() (pymispMISPAttribute property) 26edited() (pymispMISPEvent property) 24edited() (pymispMISPObject property) 28edited() (pymispMISPObjectAttribute property) 30edited() (pymispMISPObjectReference property) 31edited() (pymispMISPOrganisation property) 34edited() (pymispMISPTag property) 32edited() (pymispMISPUser property) 33edited() (pymisptoolsFileObject property) 37edited() (pymisptoolsVTReportObject property) 39enable_feed() (pymispPyMISP method) 12enable_feed_cache() (pymispPyMISP method)
12enable_noticelist() (pymispPyMISP method)
12enable_tag() (pymispPyMISP method) 12enable_taxonomy() (pymispPyMISP method) 12enable_taxonomy_tags() (pymispPyMISP
method) 12enable_warninglist() (pymispPyMISP method)
12event_blacklists() (pymispPyMISP method) 12event_delegations() (pymispPyMISP method)
12ExpandedPyMISP (in module pymisp) 23
Ffeeds() (pymispPyMISP method) 12fetch_feed() (pymispPyMISP method) 12FileObject (class in pymisptools) 37freetext() (pymispPyMISP method) 12from_dict() (pymispAbstractMISP method) 23from_dict() (pymispMISPAttribute method) 27from_dict() (pymispMISPEvent method) 25from_dict() (pymispMISPObject method) 28from_dict() (pymispMISPObjectAttribute method)
30from_dict() (pymispMISPObjectReference method)
31from_dict() (pymispMISPOrganisation method) 34from_dict() (pymispMISPTag method) 32from_dict() (pymispMISPUser method) 33from_dict() (pymisptoolsFileObject method) 37from_dict() (pymisptoolsVTReportObject method)
39from_json() (pymispAbstractMISP method) 23from_json() (pymispMISPAttribute method) 27from_json() (pymispMISPEvent method) 25from_json() (pymispMISPObject method) 28from_json() (pymispMISPObjectAttribute method)
30
46 Index
PyMISP Documentation Release main
from_json() (pymispMISPObjectReference method)31
from_json() (pymispMISPOrganisation method) 34from_json() (pymispMISPTag method) 32from_json() (pymispMISPUser method) 33from_json() (pymisptoolsFileObject method) 37from_json() (pymisptoolsVTReportObject method)
39
Ggalaxies() (pymispPyMISP method) 12generate_attributes() (pymisptoolsFileObject
method) 37generate_attributes()
(pymisptoolsVTReportObject method)39
get() (pymispMISPAttribute method) 27get() (pymispMISPEvent method) 25get() (pymispMISPObject method) 28get() (pymispMISPObjectAttribute method) 30get() (pymispMISPObjectReference method) 31get() (pymispMISPOrganisation method) 34get() (pymispMISPTag method) 32get() (pymispMISPUser method) 33get() (pymisptoolsFileObject method) 37get() (pymisptoolsVTReportObject method) 39get_all_functions() (pymispPyMISP method)
13get_attribute() (pymispPyMISP method) 13get_attribute_tag() (pymispMISPEvent
method) 25get_attributes_by_relation()
(pymispMISPObject method) 28get_attributes_by_relation()
(pymisptoolsFileObject method) 37get_attributes_by_relation()
(pymisptoolsVTReportObject method)39
get_community() (pymispPyMISP method) 13get_event() (pymispPyMISP method) 13get_feed() (pymispPyMISP method) 13get_galaxy() (pymispPyMISP method) 13get_noticelist() (pymispPyMISP method) 13get_object() (pymispPyMISP method) 13get_object_by_id() (pymispMISPEvent method)
25get_object_by_uuid() (pymispMISPEvent
method) 25get_object_template() (pymispPyMISP
method) 13get_objects_by_name() (pymispMISPEvent
method) 25get_organisation() (pymispPyMISP method) 13get_sync_config() (pymispPyMISP method) 13
get_tag() (pymispPyMISP method) 13get_taxonomy() (pymispPyMISP method) 13get_user() (pymispPyMISP method) 13get_user_setting() (pymispPyMISP method) 14get_warninglist() (pymispPyMISP method) 14
Hhas_attributes_by_relation()
(pymispMISPObject method) 28has_attributes_by_relation()
(pymisptoolsFileObject method) 37has_attributes_by_relation()
(pymisptoolsVTReportObject method)39
hash_values() (pymispMISPAttribute method) 27hash_values() (pymispMISPObjectAttribute
method) 30
Iimport_server() (pymispPyMISP method) 14items() (pymispMISPAttribute method) 27items() (pymispMISPEvent method) 25items() (pymispMISPObject method) 29items() (pymispMISPObjectAttribute method) 30items() (pymispMISPObjectReference method) 31items() (pymispMISPOrganisation method) 34items() (pymispMISPTag method) 32items() (pymispMISPUser method) 33items() (pymisptoolsFileObject method) 38items() (pymisptoolsVTReportObject method) 39
Jjsonable() (pymispAbstractMISP method) 23jsonable() (pymispMISPAttribute method) 27jsonable() (pymispMISPEvent method) 25jsonable() (pymispMISPObject method) 29jsonable() (pymispMISPObjectAttribute method)
30jsonable() (pymispMISPObjectReference method)
31jsonable() (pymispMISPOrganisation method) 34jsonable() (pymispMISPTag method) 32jsonable() (pymispMISPUser method) 33jsonable() (pymisptoolsFileObject method) 38jsonable() (pymisptoolsVTReportObject method)
39
Kkeys() (pymispMISPAttribute method) 27keys() (pymispMISPEvent method) 25keys() (pymispMISPObject method) 29keys() (pymispMISPObjectAttribute method) 30keys() (pymispMISPObjectReference method) 31keys() (pymispMISPOrganisation method) 34
Index 47
PyMISP Documentation Release main
keys() (pymispMISPTag method) 32keys() (pymispMISPUser method) 33keys() (pymisptoolsFileObject method) 38keys() (pymisptoolsVTReportObject method) 39known_types() (pymispMISPAttribute property) 27known_types() (pymispMISPObjectAttribute prop-
erty) 30
Lload() (pymispMISPEvent method) 25load_default_feeds() (pymispPyMISP method)
14load_file() (pymispMISPEvent method) 25load_openioc() (pymisptools method) 40load_openioc_file() (pymisptools method) 40load_stix() (in module pymisptoolsstix) 40
Mmake_stix_package() (in module
pymisptoolsstix) 40malware_binary() (pymispMISPAttribute prop-
erty) 27malware_binary() (pymispMISPObjectAttribute
property) 30misp_instance_version() (pymispPyMISP
property) 14misp_instance_version_master()
(pymispPyMISP property) 14MISPAttribute (class in pymisp) 26MISPEncode (class in pymisp) 24MISPEvent (class in pymisp) 24MISPObject (class in pymisp) 28MISPObjectAttribute (class in pymisp) 29MISPObjectReference (class in pymisp) 31MISPOrganisation (class in pymisp) 34MISPTag (class in pymisp) 32MISPUser (class in pymisp) 33module
pymisp 7pymisptools 37pymisptoolsstix 40
Nnoticelists() (pymispPyMISP method) 14
Oobject_templates() (pymispPyMISP method) 14organisation_blacklists() (pymispPyMISP
method) 14organisations() (pymispPyMISP method) 14
Ppop() (pymispMISPAttribute method) 27
pop() (pymispMISPEvent method) 25pop() (pymispMISPObject method) 29pop() (pymispMISPObjectAttribute method) 30pop() (pymispMISPObjectReference method) 31pop() (pymispMISPOrganisation method) 34pop() (pymispMISPTag method) 32pop() (pymispMISPUser method) 33pop() (pymisptoolsFileObject method) 38pop() (pymisptoolsVTReportObject method) 39popitem() (pymispMISPAttribute method) 27popitem() (pymispMISPEvent method) 25popitem() (pymispMISPObject method) 29popitem() (pymispMISPObjectAttribute method) 30popitem() (pymispMISPObjectReference method) 31popitem() (pymispMISPOrganisation method) 34popitem() (pymispMISPTag method) 32popitem() (pymispMISPUser method) 33popitem() (pymisptoolsFileObject method) 38popitem() (pymisptoolsVTReportObject method) 39publish() (pymispMISPEvent method) 25publish() (pymispPyMISP method) 14push_event_to_ZMQ() (pymispPyMISP method)
14pymisp
module 7PyMISP (class in pymisp) 7pymisptools
module 37pymisptoolsstix
module 40pymisp_version_main() (pymispPyMISP prop-
erty) 15
Rrecommended_pymisp_version()
(pymispPyMISP property) 15remote_acl() (pymispPyMISP method) 15remove_org_from_sharing_group()
(pymispPyMISP method) 15remove_server_from_sharing_group()
(pymispPyMISP method) 15roles() (pymispPyMISP method) 15
Ssearch() (pymispPyMISP method) 15search_feeds() (pymispPyMISP method) 17search_index() (pymispPyMISP method) 18search_logs() (pymispPyMISP method) 18search_sightings() (pymispPyMISP method) 19server_pull() (pymispPyMISP method) 20server_push() (pymispPyMISP method) 20servers() (pymispPyMISP method) 20set_date() (pymispMISPEvent method) 25
48 Index
PyMISP Documentation Release main
set_not_jsonable() (pymispAbstractMISPmethod) 23
set_not_jsonable() (pymispMISPAttributemethod) 27
set_not_jsonable() (pymispMISPEvent method)25
set_not_jsonable() (pymispMISPObjectmethod) 29
set_not_jsonable() (pymispMISPObjectAttributemethod) 30
set_not_jsonable()(pymispMISPObjectReference method)31
set_not_jsonable() (pymispMISPOrganisationmethod) 35
set_not_jsonable() (pymispMISPTag method)32
set_not_jsonable() (pymispMISPUser method)33
set_not_jsonable() (pymisptoolsFileObjectmethod) 38
set_not_jsonable()(pymisptoolsVTReportObject method)39
set_user_setting() (pymispPyMISP method) 20setdefault() (pymispMISPAttribute method) 27setdefault() (pymispMISPEvent method) 25setdefault() (pymispMISPObject method) 29setdefault() (pymispMISPObjectAttribute
method) 30setdefault() (pymispMISPObjectReference
method) 31setdefault() (pymispMISPOrganisation method)
35setdefault() (pymispMISPTag method) 33setdefault() (pymispMISPUser method) 34setdefault() (pymisptoolsFileObject method) 38setdefault() (pymisptoolsVTReportObject
method) 40sharing_groups() (pymispPyMISP method) 20sightings() (pymispPyMISP method) 20
Ttag() (pymispPyMISP method) 20tags() (pymispMISPAttribute property) 27tags() (pymispMISPEvent property) 26tags() (pymispMISPObjectAttribute property) 30tags() (pymispPyMISP method) 20tags_statistics() (pymispPyMISP method) 20taxonomies() (pymispPyMISP method) 20to_dict() (pymispAbstractMISP method) 23to_dict() (pymispMISPAttribute method) 27to_dict() (pymispMISPEvent method) 26to_dict() (pymispMISPObject method) 29
to_dict() (pymispMISPObjectAttribute method) 30to_dict() (pymispMISPObjectReference method) 32to_dict() (pymispMISPOrganisation method) 35to_dict() (pymispMISPTag method) 33to_dict() (pymispMISPUser method) 34to_dict() (pymisptoolsFileObject method) 38to_dict() (pymisptoolsVTReportObject method) 40to_feed() (pymispMISPEvent method) 26to_json() (pymispAbstractMISP method) 23to_json() (pymispMISPAttribute method) 27to_json() (pymispMISPEvent method) 26to_json() (pymispMISPObject method) 29to_json() (pymispMISPObjectAttribute method) 31to_json() (pymispMISPObjectReference method) 32to_json() (pymispMISPOrganisation method) 35to_json() (pymispMISPTag method) 33to_json() (pymispMISPUser method) 34to_json() (pymisptoolsFileObject method) 38to_json() (pymisptoolsVTReportObject method) 40toggle_warninglist() (pymispPyMISP method)
20
Uunpublish() (pymispMISPEvent method) 26untag() (pymispPyMISP method) 21update() (pymispMISPAttribute method) 28update() (pymispMISPEvent method) 26update() (pymispMISPObject method) 29update() (pymispMISPObjectAttribute method) 31update() (pymispMISPObjectReference method) 32update() (pymispMISPOrganisation method) 35update() (pymispMISPTag method) 33update() (pymispMISPUser method) 34update() (pymisptoolsFileObject method) 38update() (pymisptoolsVTReportObject method) 40update_attribute() (pymispPyMISP method) 21update_attribute_proposal()
(pymispPyMISP method) 21update_event() (pymispPyMISP method) 21update_event_blacklist() (pymispPyMISP
method) 21update_feed() (pymispPyMISP method) 21update_galaxies() (pymispPyMISP method) 21update_not_jsonable() (pymispAbstractMISP
method) 23update_not_jsonable() (pymispMISPAttribute
method) 28update_not_jsonable() (pymispMISPEvent
method) 26update_not_jsonable() (pymispMISPObject
method) 29update_not_jsonable()
(pymispMISPObjectAttribute method) 31
Index 49
PyMISP Documentation Release main
update_not_jsonable()(pymispMISPObjectReference method)32
update_not_jsonable()(pymispMISPOrganisation method) 35
update_not_jsonable() (pymispMISPTagmethod) 33
update_not_jsonable() (pymispMISPUsermethod) 34
update_not_jsonable() (pymisptoolsFileObjectmethod) 38
update_not_jsonable()(pymisptoolsVTReportObject method)40
update_noticelists() (pymispPyMISP method)21
update_object() (pymispPyMISP method) 21update_object_templates() (pymispPyMISP
method) 21update_organisation() (pymispPyMISP
method) 21update_organisation_blacklist()
(pymispPyMISP method) 21update_server() (pymispPyMISP method) 22update_tag() (pymispPyMISP method) 22update_taxonomies() (pymispPyMISP method)
22update_user() (pymispPyMISP method) 22update_warninglists() (pymispPyMISP
method) 22upload_stix() (pymispPyMISP method) 22user_registrations() (pymispPyMISP method)
22user_settings() (pymispPyMISP method) 22users() (pymispPyMISP method) 22users_statistics() (pymispPyMISP method) 22
Vvalues() (pymispMISPAttribute method) 28values() (pymispMISPEvent method) 26values() (pymispMISPObject method) 29values() (pymispMISPObjectAttribute method) 31values() (pymispMISPObjectReference method) 32values() (pymispMISPOrganisation method) 35values() (pymispMISPTag method) 33values() (pymispMISPUser method) 34values() (pymisptoolsFileObject method) 38values() (pymisptoolsVTReportObject method) 40values_in_warninglist() (pymispPyMISP
method) 22version() (pymispPyMISP property) 22VTReportObject (class in pymisptools) 38
Wwarninglists() (pymispPyMISP method) 22
50 Index
- README
- pymisp
- PyMISP
- PyMISPExpanded (Python 36+ only)
- MISPAbstract
- MISPEncode
- MISPEvent
- MISPAttribute
- MISPObject
- MISPObjectAttribute
- MISPObjectReference
- MISPTag
- MISPUser
- MISPOrganisation
- pymisp - Tools
- File Object
- ELF Object
- PE Object
- Mach-O Object
- VT Report Object
- STIX
- OpenIOC
- Indices and tables
- Python Module Index
- Index
CHAPTER
ONE
README
[[Documentation Status](httpsreadthedocsorgprojectspymispbadgeversion=latest)](httppymispreadthedocsiobadge=latest) [[Build Status](httpstravis-ciorgMISPPyMISPsvgbranch=main)](httpstravis-ciorgMISPPyMISP) [[Coverage Status](httpscoverallsioreposgithubMISPPyMISPbadgesvgbranch=main)](httpscoverallsiogithubMISPPyMISPbranch=main) [[Python 36](httpsimgshieldsiobadgepython-36+-bluesvg)](httpswwwpythonorgdownloadsreleasepython-360) [[PyPi ver-sion](httpsimgshieldsiopypivpymispsvg)](httpspypipythonorgpypipymisp) [[Number of PyPI down-loads](httpsimgshieldsiopypidmpymispsvg)](httpspypipythonorgpypipymisp)
PyMISP - Python Library to access MISP
PyMISP is a Python library to access [MISP](httpsgithubcomMISPMISP) platforms via their REST API
PyMISP allows you to fetch events add or update eventsattributes add or update samples or search for attributes
Install from pip
It is strongly recommended to use a virtual environment
If you want to know more about virtual environments [python has you covered](httpsdocspythonorg3tutorialvenvhtml)
Only basic dependencies ` pip3 install pymisp `
With optional dependencies ` pip3 install pymisp[fileobjectsopeniocvirustotal] `
Install the latest version from repo from development purposes
Note poetry is required
` git clone httpsgithubcomMISPPyMISPgit ampamp cd PyMISP git submoduleupdate --init poetry install -E fileobjects -E openioc -E virustotal -E docs-E pdfexport `
Running the tests
`bash poetry run nosetests-34 --with-coverage --cover-package=pymisptests--cover-tests teststest_py `
If you have a MISP instance to test against you can also run the live ones
Note You need to update the key in teststestlive_comprehensivepy to the automation key of your admin account
`bash poetry run nosetests-34 --with-coverage --cover-package=pymisptests--cover-tests teststestlive_comprehensivepy `
Samples and how to use PyMISP
Various examples and samples scripts are in the [examples](examples) directory
In the examples directory you will need to change the keyspysample to enter your MISP url and API key
3
PyMISP Documentation Release main
` cd examples cp keyspysample keyspy vim keyspy `
The API key of MISP is available in the Automation section of the MISP web interface
To test if your URL and API keys are correct you can test with exampleslastpy to fetch the events pub-lished in the last x amount of time (supported time indicators days (d) hours (h) and minutes (m))lastpy ` cd examples python3 lastpy -l 10h 10 hours python3 lastpy -l 5d 5days python3 lastpy -l 45m 45 minutes `
Debugging
You have two options there
1 Pass debug=True to PyMISP and it will enable loggingDEBUG to stderr on the whole module
2 Use the python logging module directly
```python
import logging logger = logginggetLogger(lsquopymisprsquo)
Configure it as you whish for example enable DEBUG mode loggersetLevel(loggingDEBUG) ```
Or if you want to write the debug output to a file instead of stderr
```python import pymisp import logging
logger = logginggetLogger(lsquopymisprsquo) loggingbasicConfig(level=loggingDEBUG filename=rdquodebuglogrdquo file-mode=rsquowrsquo format=pymispFORMAT) ```
Test cases
1 The content of mispeventpy is tested on every commit
2 The tests cases that require a running MISP instance can be run the following way
```bash From poetry
nosetests-34 -s ndashwith-coverage ndashcover-package=pymisptests ndashcover-tests teststestlive_comprehensivepyTestComprehensive[test_name]
```
Documentation
The documentation is available [here](httpspymispreadthedocsioenlatest)
Jupyter notebook
A series of [Jupyter notebooks for PyMISP tutorial](httpsgithubcomMISPPyMISPtreemaindocstutorial) areavailable in the repository
Everything is a Mutable Mapping
or at least everything that can be importedexported fromto a json blob
AbstractMISP is the master class and inherit collectionsMutableMapping which means the class can be representedas a python dictionary
The abstraction assumes every property that should not be seen in the dictionary is prepended with a _ or its name isadded to the private list __not_jsonable (accessible through update_not_jsonable and set_not_jsonable
This master class has helpers that will make it easy to load and export to and from a json string
MISPEvent MISPAttribute MISPObjectReference MISPObjectAttribute and MISPObject are subclasses of Abstract-MISP which mean that they can be handled as python dictionaries
MISP Objects
4 Chapter 1 README
PyMISP Documentation Release main
Creating a new MISP object generator should be done using a pre-defined template and inherit AbstractMISPObject-Generator
Your new MISPObject generator need to generate attributes and add them as class properties using add_attribute
When the object is sent to MISP all the class properties will be exported to the JSON export
5
PyMISP Documentation Release main
6 Chapter 1 README
CHAPTER
TWO
PYMISP
21 PyMISP
class pymispPyMISP(url key ssl=True debug=False proxies= cert=None auth=None tool=timeout=None)
Python API for MISP
Parameters
bull url (str) ndash URL of the MISP instance you want to connect to
bull key (str) ndash API key of the user you want to use
bull ssl (bool) ndash can be True or False (to check or to not check the validity of the certificateOr a CA_BUNDLE in case of self signed or other certificate (the concatenation of all thecrt of the chain)
bull debug (bool) ndash Write all the debug information to stderr
bull proxies (Mapping) ndash Proxy dict as describes here httpdocspython-requestsorgenmasteruseradvancedproxies
bull cert (Optional[Tuple[str tuple]]) ndash Client certificate as described there httpdocspython-requestsorgenmasteruseradvancedclient-side-certificates
bull auth (Optional[AuthBase]) ndash The auth parameter is passed directly to requests asdescribed here httpdocspython-requestsorgenmasteruserauthentication
bull tool (str) ndash The software using PyMISP (string) used to set a unique user-agent
bull timeout (Union[float Tuple[float float] None]) ndash Timeout as describedhere httpsrequestsreadthedocsioenmasteruseradvancedtimeouts
accept_attribute_proposal(proposal)Accept a proposal
Return type Dict
add_attribute(event attribute pythonify=False)Add an attribute to an existing MISP event NOTE MISP 24113+ you can pass a list of attributes Inthat case the pythonified response is the following lsquoattributesrsquo [MISPAttribute] lsquoerrorsrsquo errors byattributes
Return type Union[Dict MISPAttribute MISPShadowAttribute]
add_attribute_proposal(event attribute pythonify=False)Propose a new attribute in an event
Return type Union[Dict MISPShadowAttribute]
7
PyMISP Documentation Release main
add_event(event pythonify=False)Add a new event on a MISP instance
Return type Union[Dict MISPEvent]
add_event_blacklist(uuids comment=None event_info=None event_orgc=None)Add a new event in the blacklist
Return type Dict
add_feed(feed pythonify=False)Add a new feed on a MISP instance
Return type Union[Dict MISPFeed]
add_object(event misp_object pythonify=False)Add a MISP Object to an existing MISP event
Return type Union[Dict MISPObject]
add_object_reference(misp_object_reference pythonify=False)Add a reference to an object
Return type Union[Dict MISPObjectReference]
add_org_to_sharing_group(sharing_group organisation extend=False)Add an organisation to a sharing group sharing_group Sharing grouprsquos local instance ID or Sharinggrouprsquos global UUID organisation Organisationrsquos local instance ID or Organisationrsquos global UUID orOrganisationrsquos name as known to the curent instance extend Allow the organisation to extend the group
Return type Dict
add_organisation(organisation pythonify=False)Add an organisation
Return type Union[Dict MISPOrganisation]
add_organisation_blacklist(uuids comment=None org_name=None)Add a new organisation in the blacklist
Return type Dict
add_server(server pythonify=False)Add a server to synchronise with Note You probably want to use ExpandedPyMISPget_sync_config andExpandedPyMISPimport_server instead
Return type Union[Dict MISPServer]
add_server_to_sharing_group(sharing_group server all_orgs=False)Add a server to a sharing group sharing_group Sharing grouprsquos local instance ID or Sharing grouprsquosglobal UUID server Serverrsquos local instance ID or URL of the Server or Serverrsquos name as known to thecurent instance all_orgs Add all the organisations of the server to the group
Return type Dict
add_sharing_group(sharing_group pythonify=False)Add a new sharing group
Return type Union[Dict MISPSharingGroup]
add_sighting(sighting attribute=None pythonify=False)Add a new sighting (globally or to a specific attribute)
Return type Union[Dict MISPSighting]
8 Chapter 2 pymisp
PyMISP Documentation Release main
add_tag(tag pythonify=False)Add a new tag on a MISP instance Notes
bull The user calling this method needs the Tag Editor permission
bull It doesnrsquot add a tag to an event simply create it on a MISP instance
Return type Union[Dict MISPTag]
add_user(user pythonify=False)Add a new user
Return type Union[Dict MISPUser]
attributes_statistics(context=type percentage=False)Get attributes statistics from the MISP instance
Return type Dict
build_complex_query(or_parameters=None and_parameters=None not_parameters=None)Build a complex search query MISP expects a dictionary with AND OR and NOT keys
Return type Dict[str List[~SearchType]]
cache_all_feeds()Cache all the feeds
Return type Dict
cache_feed(feed)Cache a specific feed
Return type Dict
cache_freetext_feeds()Cache all the freetext feeds
Return type Dict
cache_misp_feeds()Cache all the MISP feeds
Return type Dict
change_sharing_group_on_entity(misp_entity sharing_group_id pythonify=False)Change the sharing group of an event an attribute or an object
Return type Union[Dict MISPEvent MISPObject MISPAttributeMISPShadowAttribute]
change_user_password(new_password)Thange the password of the curent user
Return type Dict
communities(pythonify=False)Get all the communities
Return type Union[Dict List[MISPCommunity]]
compare_feeds()Generate the comparison matrix for all the MISP feeds
Return type Dict
21 PyMISP 9
PyMISP Documentation Release main
contact_event_reporter(event message)Send a message to the reporter of an event
Return type Dict
delegate_event(event=None organisation=None event_delegation=None distribution=- 1 mes-sage= pythonify=False)
Note distribution == -1 means recipient decides
Return type Union[Dict MISPEventDelegation]
delete_attribute(attribute hard=False)Delete an attribute from a MISP instance
Return type Dict
delete_attribute_proposal(attribute)Propose the deletion of an attribute
Return type Dict
delete_event(event)Delete an event from a MISP instance
Return type Dict
delete_event_blacklist(event_blacklist)Delete a blacklisted event
Return type Dict
delete_feed(feed)Delete a feed from a MISP instance
Return type Dict
delete_object(misp_object)Delete an object from a MISP instance
Return type Dict
delete_object_reference(object_reference)Delete a reference to an object
Return type Dict
delete_organisation(organisation)Delete an organisation
Return type Dict
delete_organisation_blacklist(organisation_blacklist)Delete a blacklisted organisation
Return type Dict
delete_server(server)Delete a sync server
Return type Dict
delete_sharing_group(sharing_group)Delete a sharing group
Return type Dict
10 Chapter 2 pymisp
PyMISP Documentation Release main
delete_sighting(sighting)Delete a sighting from a MISP instance
Return type Dict
delete_tag(tag)Delete an attribute from a MISP instance
Return type Dict
delete_user(user)Delete a user
Return type Dict
delete_user_setting(user_setting user=None)Delete a user setting
Return type Dict
property describe_types_localReturns the content of describe types from the package
Return type Dict
property describe_types_remoteReturns the content of describe types from the remote instance
Return type Dict
direct_call(url data=None params= kw_params=)Very lightweight call that posts a data blob (python dictionary or json string) on the URL
Return type Any
disable_feed(feed pythonify=False)Disable a feed
Return type Union[Dict MISPFeed]
disable_feed_cache(feed pythonify=False)Disable the caching of a feed
Return type Union[Dict MISPFeed]
disable_noticelist(noticelist)Disable a noticelist by id
Return type Dict
disable_tag(tag pythonify=False)Disable a tag
Return type Union[Dict MISPTag]
disable_taxonomy(taxonomy)Disable a taxonomy
Return type Dict
disable_taxonomy_tags(taxonomy)Disable all the tags of a taxonomy
Return type Dict
disable_warninglist(warninglist)Disable a warninglist
21 PyMISP 11
PyMISP Documentation Release main
Return type Dict
discard_attribute_proposal(proposal)Discard a proposal
Return type Dict
enable_feed(feed pythonify=False)Enable a feed (fetching it will create event(s)
Return type Union[Dict MISPFeed]
enable_feed_cache(feed pythonify=False)Enable the caching of a feed
Return type Union[Dict MISPFeed]
enable_noticelist(noticelist)Enable a noticelist by id
Return type Dict
enable_tag(tag pythonify=False)Enable a tag
Return type Union[Dict MISPTag]
enable_taxonomy(taxonomy)Enable a taxonomy
Return type Dict
enable_taxonomy_tags(taxonomy)Enable all the tags of a taxonomy NOTE this automatically done when you call enable_taxonomy
Return type Dict
enable_warninglist(warninglist)Enable a warninglist
Return type Dict
event_blacklists(pythonify=False)Get all the blacklisted events
Return type Union[Dict List[MISPEventBlacklist]]
event_delegations(pythonify=False)Get all the event delegations
Return type Union[Dict List[MISPEventDelegation]]
feeds(pythonify=False)Get the list of existing feeds
Return type Union[Dict List[MISPFeed]]
fetch_feed(feed)Fetch one single feed
Return type Dict
freetext(event string adhereToWarninglists=False distribution=None returnMetaAttributes=Falsepythonify=False kwargs)
Pass a text to the freetext importer
Return type Union[Dict List[MISPAttribute]]
12 Chapter 2 pymisp
PyMISP Documentation Release main
galaxies(pythonify=False)Get all the galaxies
Return type Union[Dict List[MISPGalaxy]]
get_all_functions(not_implemented=False)Get all methods available vi the API allow to get the ones that are not implemented
get_attribute(attribute pythonify=False)Get an attribute from a MISP instance
Return type Union[Dict MISPAttribute]
get_community(community pythonify=False)Get an community from a MISP instance
Return type Union[Dict MISPCommunity]
get_event(event deleted=False extended=False pythonify=False)Get an event from a MISP instance
Return type Union[Dict MISPEvent]
get_feed(feed pythonify=False)Get a feed by id
Return type Union[Dict MISPFeed]
get_galaxy(galaxy pythonify=False)Get a galaxy by id
Return type Union[Dict MISPGalaxy]
get_noticelist(noticelist pythonify=False)Get a noticelist by id
Return type Union[Dict MISPNoticelist]
get_object(misp_object pythonify=False)Get an object from the remote MISP instance
Return type Union[Dict MISPObject]
get_object_template(object_template pythonify=False)Gets the full object template corresponting the UUID passed as parameter
Return type Union[Dict MISPObjectTemplate]
get_organisation(organisation pythonify=False)Get an organisation
Return type Union[Dict MISPOrganisation]
get_sync_config(pythonify=False)WARNING This method only works if the user calling it is a sync user
Return type Union[Dict MISPServer]
get_tag(tag pythonify=False)Get a tag by id
Return type Union[Dict MISPTag]
get_taxonomy(taxonomy pythonify=False)Get a taxonomy from a MISP instance
Return type Union[Dict MISPTaxonomy]
21 PyMISP 13
PyMISP Documentation Release main
get_user(user=me pythonify=False expanded=False)Get a user me means the owner of the API key doing the query expanded also returns a MISPRole and aMISPUserSetting
Return type Union[Dict MISPUser Tuple[MISPUser MISPRoleList[MISPUserSetting]]]
get_user_setting(user_setting user=None pythonify=False)Get an user setting
Return type Union[Dict MISPUserSetting]
get_warninglist(warninglist pythonify=False)Get a warninglist
Return type Union[Dict MISPWarninglist]
import_server(server pythonify=False)Import a sync server config received from get_sync_config
Return type Union[Dict MISPServer]
load_default_feeds()Load all the default feeds
Return type Dict
property misp_instance_versionReturns the version of the instance
Return type Dict
property misp_instance_version_masterGet the most recent version from github
Return type Dict
noticelists(pythonify=False)Get all the noticelists
Return type Union[Dict List[MISPNoticelist]]
object_templates(pythonify=False)Get all the object templates
Return type Union[Dict List[MISPObjectTemplate]]
organisation_blacklists(pythonify=False)Get all the blacklisted organisations
Return type Union[Dict List[MISPOrganisationBlacklist]]
organisations(scope=local pythonify=False)Get all the organisations
Return type Union[Dict List[MISPOrganisation]]
publish(event alert=False)Publish the event with one single HTTP POST The default is to not send a mail as it is assumed thismethod is called on update
Return type Dict
push_event_to_ZMQ(event)Force push an event on ZMQ
14 Chapter 2 pymisp
PyMISP Documentation Release main
Return type Dict
property pymisp_version_mainGet the most recent version of PyMISP from github
Return type Dict
property recommended_pymisp_versionReturns the recommended API version from the server
Return type Dict
remote_acl(debug_type=findMissingFunctionNames)This should return an empty list unless the ACL is outdated debug_type can only be printAllFunction-Names findMissingFunctionNames or printRoleAccess
Return type Dict
remove_org_from_sharing_group(sharing_group organisation)Remove an organisation from a sharing group sharing_group Sharing grouprsquos local instance ID orSharing grouprsquos global UUID organisation Organisationrsquos local instance ID or Organisationrsquos globalUUID or Organisationrsquos name as known to the curent instance
Return type Dict
remove_server_from_sharing_group(sharing_group server)Remove a server from a sharing group sharing_group Sharing grouprsquos local instance ID or Sharinggrouprsquos global UUID server Serverrsquos local instance ID or URL of the Server or Serverrsquos name as knownto the curent instance
Return type Dict
roles(pythonify=False)Get the existing roles
Return type Union[Dict List[MISPRole]]
search(controller=events return_format=json limit=None page=None value=Nonetype_attribute=None category=None org=None tags=None quick_filter=None quick-Filter=None date_from=None date_to=None eventid=None with_attachments=NonewithAttachments=None metadata=None uuid=None publish_timestamp=Nonelast=None timestamp=None published=None enforce_warninglist=None enforceWarn-inglist=None to_ids=None deleted=None include_event_uuid=None includeEventU-uid=None include_event_tags=None includeEventTags=None event_timestamp=Nonesg_reference_only=None eventinfo=None searchall=None requested_attributes=None in-clude_context=None includeContext=None headerless=None include_sightings=NoneincludeSightings=None include_correlations=None includeCorrelations=None in-clude_decay_score=None includeDecayScore=None object_name=None pythonify=Falsekwargs)
Search in the MISP instance
Parameters
bull return_format (str) ndash Set the return format of the search (Currently supported jsonxml openioc suricata snort - more formats are being moved to restSearch with the goalbeing that all searches happen through this API) Can be passed as the first parameter afterrestSearch or via the JSON payload
bull limit (Optional[int]) ndash Limit the number of results returned depending on thescope (for example 10 attributes or 10 full events)
bull page (Optional[int]) ndash If a limit is set sets the page to be returned page 3 limit 100will return records 201-gt300)
21 PyMISP 15
PyMISP Documentation Release main
bull value (Optional[~SearchParameterTypes]) ndash Search for the given value in the at-tributesrsquo value field
bull type_attribute (Optional[~SearchParameterTypes]) ndash The attribute type anyvalid MISP attribute type is accepted
bull category (Optional[~SearchParameterTypes]) ndash The attribute category any validMISP attribute category is accepted
bull org (Optional[~SearchParameterTypes]) ndash Search by the creator organisation by sup-plying the organisation identifier
bull tags (Optional[~SearchParameterTypes]) ndash Tags to search or to exclude You canpass a list or the output of build_complex_query
bull quick_filter (Optional[str]) ndash The string passed to this field will ignore all ofthe other arguments MISP will return an xml json (depending on the header sent) of allevents that have a sub-string match on value in the event info event orgc or any of theattribute value1 value2 fields or in the attribute comment
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull eventid (Optional[~SearchType]) ndash The events that should be included excludedfrom the search
bull with_attachments (Optional[bool]) ndash If set encodes the attachments zippedmalware samples as base64 in the data field within each attribute
bull metadata (Optional[bool]) ndash Only the metadata (event tags relations) is returnedattributes and proposals are omitted
bull uuid (Optional[str]) ndash Restrict the results by uuid
bull publish_timestamp (Union[date int str float NoneTuple[Union[date int str float None] Union[date int str floatNone]]]) ndash Restrict the results by the last publish timestamp (newer than)
bull timestamp (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash Restrict the resultsby the timestamp (last edit) Any event with a timestamp newer than the given timestampwill be returned In case you are dealing with attributes as scope the attributersquos timestampwill be used for the lookup
bull published (Optional[bool]) ndash Set whether published or unpublished events shouldbe returned Do not set the parameter if you want both
bull enforce_warninglist (Optional[bool]) ndash Remove any attributes from the resultthat would cause a hit on a warninglist entry
bull to_ids (Union[~ToIDSType List[~ToIDSType] None]) ndash By default all attributesare returned that match the other filter parameters irregardless of their to_ids setting Torestrict the returned data set to to_ids only attributes set this parameter to 1 0 for the oneswith to_ids set to False
bull deleted (Optional[str]) ndash If this parameter is set to 1 it will only return soft-deletedattributes [ldquo0rdquo ldquo1rdquo] will return the active ones as well as the soft-deleted ones
bull include_event_uuid (Optional[bool]) ndash Instead of just including the event IDalso include the event UUID in each of the attributes
16 Chapter 2 pymisp
PyMISP Documentation Release main
bull include_event_tags (Optional[bool]) ndash Include the event level tags in each ofthe attributes
bull event_timestamp (Union[date int str float None]) ndash Only return at-tributes from events that have received a modification after the given timestamp
bull sg_reference_only (Optional[bool]) ndash If this flag is set sharing group objectswill not be included instead only the sharing group ID is set
bull eventinfo (Optional[str]) ndash Filter on the eventrsquos info field
bull searchall (Optional[bool]) ndash Search for a full or a substring (delimited by forsubstrings) in the event info event tags attribute tags attribute values or attribute commentfields
bull requested_attributes (Optional[str]) ndash [CSV only] Select the fields that youwish to include in the CSV export By setting event level fields additionally includeCon-text is not required to get event metadata
bull include_context (Optional[bool]) ndash [Attribute only] Include the event data witheach attribute [CSV output] Add event level metadata in every line of the CSV
bull headerless (Optional[bool]) ndash [CSV Only] The CSV created when this setting isset to true will not contain the header row
bull include_sightings (Optional[bool]) ndash [JSON Only - Attribute] Include thesightings of the matching attributes
bull include_decay_score (Optional[bool]) ndash Include the decay score at attributelevel
bull include_correlations (Optional[bool]) ndash [JSON Only - attribute] Include thecorrelations of the matching attributes
bull object_name (Optional[str]) ndash [objects controller only] Search for objects withthat name
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead of the plainjson output Warning it might use a lot of RAM
Deprecated
Parameters
bull quickFilter (Optional[str]) ndash synponym for quick_filter
bull withAttachments (Optional[bool]) ndash synonym for with_attachments
bull last (Union[date int str float None Tuple[Union[date int strfloat None] Union[date int str float None]]]) ndash synonym for pub-lish_timestamp
bull enforceWarninglist (Optional[bool]) ndash synonym for enforce_warninglist
bull includeEventUuid (Optional[bool]) ndash synonym for include_event_uuid
bull includeEventTags (Optional[bool]) ndash synonym for include_event_tags
bull includeContext (Optional[bool]) ndash synonym for include_context
Return type Union[Dict str List[Union[MISPEvent MISPAttributeMISPObject]]]
search_feeds(value=None pythonify=False)Search in the feeds cached on the servers
21 PyMISP 17
PyMISP Documentation Release main
Return type Union[Dict List[MISPFeed]]
search_index(published=None eventid=None tags=None date_from=None date_to=Noneeventinfo=None threatlevel=None distribution=None analysis=None org=Nonetimestamp=None pythonify=None)
Search only at the index level Using in front of a value means NOT (default is OR)
Parameters
bull published (Optional[bool]) ndash Set whether published or unpublished events shouldbe returned Do not set the parameter if you want both
bull eventid (Optional[~SearchType]) ndash The events that should be included excludedfrom the search
bull tags (Optional[~SearchParameterTypes]) ndash Tags to search or to exclude You canpass a list or the output of build_complex_query
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull eventinfo (Optional[str]) ndash Filter on the eventrsquos info field
bull threatlevel (Optional[List[~SearchType]]) ndash Threat level(s) (1234) | list
bull distribution (Optional[List[~SearchType]]) ndash Distribution level(s) (0123) |list
bull analysis (Optional[List[~SearchType]]) ndash Analysis level(s) (012) | list
bull org (Optional[~SearchParameterTypes]) ndash Search by the creator organisation by sup-plying the organisation identifier
bull timestamp (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash Restrict the resultsby the timestamp (last edit) Any event with a timestamp newer than the given timestampwill be returned In case you are dealing with attributes as scope the attributersquos timestampwill be used for the lookup
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead or the plainjson output Warning it might use a lot of RAM
Return type Union[Dict List[MISPEvent]]
search_logs(limit=None page=None log_id=None title=None created=None model=None ac-tion=None user_id=None change=None email=None org=None description=Noneip=None pythonify=False)
Search in logs
Note to run substring queries simply appendprependencapsulate the search term with
Parameters
bull limit (Optional[int]) ndash Limit the number of results returned depending on thescope (for example 10 attributes or 10 full events)
bull page (Optional[int]) ndash If a limit is set sets the page to be returned page 3 limit 100will return records 201-gt300)
bull log_id (Optional[int]) ndash Log ID
bull title (Optional[str]) ndash Log Title
18 Chapter 2 pymisp
PyMISP Documentation Release main
bull created (Union[date int str float None]) ndash Creation timestamp
bull model (Optional[str]) ndash Model name that generated the log entry
bull action (Optional[str]) ndash The thing that was done
bull user_id (Optional[int]) ndash ID of the user doing the action
bull change (Optional[str]) ndash Change that occured
bull email (Optional[str]) ndash Email of the user
bull org (Optional[str]) ndash Organisation of the User doing the action
bull description (Optional[str]) ndash Description of the action
bull ip (Optional[str]) ndash Origination IP of the User doing the action
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead or the plainjson output Warning it might use a lot of RAM
Return type Union[Dict List[MISPLog]]
search_sightings(context=None context_id=None type_sighting=None date_from=Nonedate_to=None publish_timestamp=None last=None org=None source=Noneinclude_attribute=None include_event_meta=None pythonify=False)
Search sightings
Parameters
bull context (Optional[str]) ndash The context of the search Can be either ldquoattributerdquoldquoeventrdquo or nothing (will then match on events and attributes)
bull context_id (Optional[~SearchType]) ndash Only relevant if context is either ldquoattributerdquoor ldquoeventrdquo Then it is the relevant ID
bull type_sighting (Optional[str]) ndash Type of sighting
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull publish_timestamp (Union[date int str float NoneTuple[Union[date int str float None] Union[date int str floatNone]]]) ndash Restrict the results by the last publish timestamp (newer than)
bull org (Optional[~SearchType]) ndash Search by the creator organisation by supplying theorganisation identifier
bull source (Optional[str]) ndash Source of the sighting
bull include_attribute (Optional[bool]) ndash Include the attribute
bull include_event_meta (Optional[bool]) ndash Include the meta information of theevent
Deprecated
Parameters last (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash synonym for pub-lish_timestamp
Example
21 PyMISP 19
PyMISP Documentation Release main
gtgtgt mispsearch_sightings(publish_timestamp=30d) search sightings for therarr˓last 30 days on the instance[ ]gtgtgt mispsearch_sightings(context=attribute context_id=6 include_rarr˓attribute=True) return list of sighting for attribute 6 along with therarr˓attribute itself[ ]gtgtgt mispsearch_sightings(context=event context_id=17 include_event_rarr˓meta=True org=2) return list of sighting for event 17 filtered with orgrarr˓id 2
Return type Union[Dict List[Dict[str Union[MISPEvent MISPAttributeMISPSighting]]]]
server_pull(server event=None)Initialize a pull from a sync server
Return type Dict
server_push(server event=None)Initialize a push to a sync server
Return type Dict
servers(pythonify=False)Get the existing servers the MISP instance can synchronise with
Return type Union[Dict List[MISPServer]]
set_user_setting(user_setting value user=None pythonify=False)Get an user setting
Return type Union[Dict MISPUserSetting]
sharing_groups(pythonify=False)Get the existing sharing groups
Return type Union[Dict List[MISPSharingGroup]]
sightings(misp_entity=None org=None pythonify=False)Get the list of sighting related to a MISPEvent or a MISPAttribute (depending on type of misp_entity)
Return type Union[Dict List[MISPSighting]]
tag(misp_entity tag local=False)Tag an event or an attribute misp_entity can be a MISPEvent a MISP Attribute or a UUID
Return type Dict
tags(pythonify=False)Get the list of existing tags
Return type Union[Dict List[MISPTag]]
tags_statistics(percentage=False name_sort=False)Get tags statistics from the MISP instance
Return type Dict
taxonomies(pythonify=False)Get all the taxonomies
Return type Union[Dict List[MISPTaxonomy]]
20 Chapter 2 pymisp
PyMISP Documentation Release main
toggle_warninglist(warninglist_id=None warninglist_name=None force_enable=False)Toggle (enabledisable) the status of a warninglist by ID type warninglist_id Union[str intList[int] None] param warninglist_id ID of the WarningList type force_enable bool paramforce_enable Force the warning list in the enabled state (does nothing is already enabled)
Return type Dict
untag(misp_entity tag)Untag an event or an attribute misp_entity can be a UUID
Return type Dict
update_attribute(attribute attribute_id=None pythonify=False)Update an attribute on a MISP instance
Return type Union[Dict MISPAttribute MISPShadowAttribute]
update_attribute_proposal(initial_attribute attribute pythonify=False)Propose a change for an attribute
Return type Union[Dict MISPShadowAttribute]
update_event(event event_id=None pythonify=False)Update an event on a MISP instance
Return type Union[Dict MISPEvent]
update_event_blacklist(event_blacklist event_blacklist_id=None pythonify=False)Update an event in the blacklist
Return type Union[Dict MISPEventBlacklist]
update_feed(feed feed_id=None pythonify=False)Update a feed on a MISP instance
Return type Union[Dict MISPFeed]
update_galaxies()Update all the galaxies
Return type Dict
update_noticelists()Update all the noticelists
Return type Dict
update_object(misp_object object_id=None pythonify=False)Update an object on a MISP instance
Return type Union[Dict MISPObject]
update_object_templates()Trigger an update of the object templates
Return type Dict
update_organisation(organisation organisation_id=None pythonify=False)Update an organisation
Return type Union[Dict MISPOrganisation]
update_organisation_blacklist(organisation_blacklist organisation_blacklist_id=Nonepythonify=False)
Update an organisation in the blacklist
Return type Union[Dict MISPOrganisationBlacklist]
21 PyMISP 21
PyMISP Documentation Release main
update_server(server server_id=None pythonify=False)Update a server to synchronise with
Return type Union[Dict MISPServer]
update_tag(tag tag_id=None pythonify=False)Edit only the provided parameters of a tag
Return type Union[Dict MISPTag]
update_taxonomies()Update all the taxonomies
Return type Dict
update_user(user user_id=None pythonify=False)Update an event on a MISP instance
Return type Union[Dict MISPUser]
update_warninglists()Update all the warninglists
Return type Dict
upload_stix(path version=2)Upload a STIX file to MISP param path Path to the STIX on the disk (can be a path-like object or apseudofile) type version str param version Can be 1 or 2
user_registrations(pythonify=False)Get all the user registrations
Return type Union[Dict List[MISPInbox]]
user_settings(pythonify=False)Get all the user settings
Return type Union[Dict List[MISPUserSetting]]
users(pythonify=False)Get all the users
Return type Union[Dict List[MISPUser]]
users_statistics(context=data)Get users statistics from the MISP instance
Return type Dict
values_in_warninglist(value)Check if IOC values are in warninglist
Return type Dict
property versionReturns the version of PyMISP yoursquore curently using
Return type Dict
warninglists(pythonify=False)Get all the warninglists
Return type Union[Dict List[MISPWarninglist]]
22 Chapter 2 pymisp
PyMISP Documentation Release main
22 PyMISPExpanded (Python 36+ only)
pymispExpandedPyMISPalias of pymispapiPyMISP
23 MISPAbstract
class pymispAbstractMISP(kwargs)
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
Return type None
from_json(json_string)Load a JSON string
Return type None
jsonable()This method is used by the JSON encoder
Return type Dict
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
22 PyMISPExpanded (Python 36+ only) 23
PyMISP Documentation Release main
24 MISPEncode
class pymispMISPEncode(args kwargs)
default(obj)Implement this method in a subclass such that it returns a serializable object for o or calls the baseimplementation (to raise a TypeError)
For example to support arbitrary iterators you could implement default like this
def default(self o)try
iterable = iter(o)except TypeError
passelse
return list(iterable) Let the base class default method raise the TypeErrorreturn JSONEncoderdefault(self o)
25 MISPEvent
class pymispMISPEvent(describe_types=None strict_validation=False kwargs)
add_attribute(type value kwargs)Add an attribute type and value are required but you can pass all other parameters supported by MISPAt-tribute
Return type Union[MISPAttribute List[MISPAttribute]]
add_attribute_tag(tag attribute_identifier)Add a tag to an existing attribute raise an Exception if the attribute doesnrsquot exists tag Tag name as astring MISPTag instance or dictionary attribute_identifier can be an ID UUID or the value
Return type List[MISPAttribute]
add_object(obj=None kwargs)Add an object to the Event either by passing a MISPObject or a dictionary
Return type MISPObject
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a tag to the attribute (by name or a MISPTag object)
Return type MISPShadowAttribute
clear()rarr None Remove all items from D
delete_attribute(attribute_id)Delete an attribute you can search by ID or UUID
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
24 Chapter 2 pymisp
PyMISP Documentation Release main
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attribute_tag(attribute_identifier)Return the tags associated to an attribute or an object attribute attribute_identifier can be an ID UUIDor the value
Return type List[MISPTag]
get_object_by_id(object_id)Get an object by ID (the ID is the one set by the server when creating the new object)
Return type MISPObject
get_object_by_uuid(object_uuid)Get an object by UUID (UUID is set by the server when creating the new object)
Return type MISPObject
get_objects_by_name(object_name)Get an object by UUID (UUID is set by the server when creating the new object)
Return type List[MISPObject]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
load(json_event validate=False metadata_only=False)Load a JSON dump from a pseudo file or a JSON string
load_file(event_path validate=False metadata_only=False)Load a JSON dump from a file on the disk
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
publish()Mark the attribute as published
set_date(d=None ignore_invalid=False)Set a date for the event (string datetime or date object)
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
25 MISPEvent 25
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Event
Return type List[MISPTag]
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_feed(valid_distributions=[0 1 2 3 4 5] with_meta=False)Generate a json output for MISP Feed Notes
bull valid_distributions only makes sense if the distribution key is set (ie the event is exported from aMISP instance)
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
unpublish()Mark the attribute as un-published (set publish flag to false)
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
26 MISPAttribute
class pymispMISPAttribute(describe_types=None strict=False)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
26 Chapter 2 pymisp
PyMISP Documentation Release main
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
26 MISPAttribute 27
PyMISP Documentation Release main
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
27 MISPObject
class pymispMISPObject(name strict=False standalone=True default_attributes_parameters=kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
28 Chapter 2 pymisp
PyMISP Documentation Release main
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
28 MISPObjectAttribute
class pymispMISPObjectAttribute(definition)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
28 MISPObjectAttribute 29
PyMISP Documentation Release main
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(object_relation value kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
30 Chapter 2 pymisp
PyMISP Documentation Release main
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
29 MISPObjectReference
class pymispMISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
29 MISPObjectReference 31
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
210 MISPTag
class pymispMISPTag(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
32 Chapter 2 pymisp
PyMISP Documentation Release main
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
211 MISPUser
class pymispMISPUser(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
211 MISPUser 33
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation
class pymispMISPOrganisation
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
34 Chapter 2 pymisp
PyMISP Documentation Release main
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation 35
PyMISP Documentation Release main
36 Chapter 2 pymisp
CHAPTER
THREE
PYMISP - TOOLS
31 File Object
class pymisptoolsFileObject(filepath=None pseudofile=None filename=None kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Contains the logic where all the values of the object are gathered
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
37
PyMISP Documentation Release main
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
32 ELF Object
33 PE Object
34 Mach-O Object
35 VT Report Object
class pymisptoolsVTReportObject(apikey indicator vt_proxies=None kwargs)VirusTotal Report
Apikey VirusTotal API key (private works but only public features are supported right now)
38 Chapter 3 pymisp - Tools
PyMISP Documentation Release main
Indicator IOC to search VirusTotal for
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Parse the VirusTotal report for relevant attributes
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
35 VT Report Object 39
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
36 STIX
pymisptoolsstixload_stix(stix distribution=3 threat_level_id=2 analysis=0)Returns a MISPEvent object from a STIX package
pymisptoolsstixmake_stix_package(misp_event to_json=False to_xml=False)Returns a STIXPackage from a MISPEvent
Optionally can return the package in json or xml
37 OpenIOC
toolsload_openioc()
toolsload_openioc_file()
40 Chapter 3 pymisp - Tools
CHAPTER
FOUR
INDICES AND TABLES
bull genindex
bull modindex
bull search
41
PyMISP Documentation Release main
42 Chapter 4 Indices and tables
PYTHON MODULE INDEX
ppymisp 7pymisptools 37pymisptoolsstix 40
43
PyMISP Documentation Release main
44 Python Module Index
INDEX
AAbstractMISP (class in pymisp) 23accept_attribute_proposal()
(pymispPyMISP method) 7add_attribute() (pymispMISPEvent method) 24add_attribute() (pymispMISPObject method) 28add_attribute() (pymispPyMISP method) 7add_attribute() (pymisptoolsFileObject method)
37add_attribute() (pymisptoolsVTReportObject
method) 39add_attribute_proposal() (pymispPyMISP
method) 7add_attribute_tag() (pymispMISPEvent
method) 24add_attributes() (pymispMISPObject method)
28add_attributes() (pymisptoolsFileObject
method) 37add_attributes() (pymisptoolsVTReportObject
method) 39add_event() (pymispPyMISP method) 7add_event_blacklist() (pymispPyMISP
method) 8add_feed() (pymispPyMISP method) 8add_object() (pymispMISPEvent method) 24add_object() (pymispPyMISP method) 8add_object_reference() (pymispPyMISP
method) 8add_org_to_sharing_group() (pymispPyMISP
method) 8add_organisation() (pymispPyMISP method) 8add_organisation_blacklist()
(pymispPyMISP method) 8add_proposal() (pymispMISPAttribute method) 26add_proposal() (pymispMISPEvent method) 24add_proposal() (pymispMISPObjectAttribute
method) 29add_reference() (pymispMISPObject method) 28add_reference() (pymisptoolsFileObject method)
37add_reference() (pymisptoolsVTReportObject
method) 39add_server() (pymispPyMISP method) 8add_server_to_sharing_group()
(pymispPyMISP method) 8add_shadow_attribute() (pymispMISPAttribute
method) 26add_shadow_attribute() (pymispMISPEvent
method) 24add_shadow_attribute()
(pymispMISPObjectAttribute method) 29add_sharing_group() (pymispPyMISP method) 8add_sighting() (pymispMISPAttribute method) 26add_sighting() (pymispMISPObjectAttribute
method) 29add_sighting() (pymispPyMISP method) 8add_tag() (pymispPyMISP method) 8add_user() (pymispPyMISP method) 9attributes_statistics() (pymispPyMISP
method) 9
Bbuild_complex_query() (pymispPyMISP
method) 9
Ccache_all_feeds() (pymispPyMISP method) 9cache_feed() (pymispPyMISP method) 9cache_freetext_feeds() (pymispPyMISP
method) 9cache_misp_feeds() (pymispPyMISP method) 9change_sharing_group_on_entity()
(pymispPyMISP method) 9change_user_password() (pymispPyMISP
method) 9clear() (pymispMISPAttribute method) 26clear() (pymispMISPEvent method) 24clear() (pymispMISPObject method) 28clear() (pymispMISPObjectAttribute method) 29clear() (pymispMISPObjectReference method) 31clear() (pymispMISPOrganisation method) 34clear() (pymispMISPTag method) 32clear() (pymispMISPUser method) 33
45
PyMISP Documentation Release main
clear() (pymisptoolsFileObject method) 37clear() (pymisptoolsVTReportObject method) 39communities() (pymispPyMISP method) 9compare_feeds() (pymispPyMISP method) 9contact_event_reporter() (pymispPyMISP
method) 9
Ddefault() (pymispMISPEncode method) 24delegate_event() (pymispPyMISP method) 10delete() (pymispMISPAttribute method) 26delete() (pymispMISPObjectAttribute method) 30delete_attribute() (pymispMISPEvent method)
24delete_attribute() (pymispPyMISP method) 10delete_attribute_proposal()
(pymispPyMISP method) 10delete_event() (pymispPyMISP method) 10delete_event_blacklist() (pymispPyMISP
method) 10delete_feed() (pymispPyMISP method) 10delete_object() (pymispPyMISP method) 10delete_object_reference() (pymispPyMISP
method) 10delete_organisation() (pymispPyMISP
method) 10delete_organisation_blacklist()
(pymispPyMISP method) 10delete_server() (pymispPyMISP method) 10delete_sharing_group() (pymispPyMISP
method) 10delete_sighting() (pymispPyMISP method) 10delete_tag() (pymispPyMISP method) 11delete_user() (pymispPyMISP method) 11delete_user_setting() (pymispPyMISP
method) 11describe_types_local() (pymispPyMISP prop-
erty) 11describe_types_remote() (pymispPyMISP
property) 11direct_call() (pymispPyMISP method) 11disable_feed() (pymispPyMISP method) 11disable_feed_cache() (pymispPyMISP method)
11disable_noticelist() (pymispPyMISP method)
11disable_tag() (pymispPyMISP method) 11disable_taxonomy() (pymispPyMISP method) 11disable_taxonomy_tags() (pymispPyMISP
method) 11disable_warninglist() (pymispPyMISP
method) 11discard_attribute_proposal()
(pymispPyMISP method) 12
Eedited() (pymispAbstractMISP property) 23edited() (pymispMISPAttribute property) 26edited() (pymispMISPEvent property) 24edited() (pymispMISPObject property) 28edited() (pymispMISPObjectAttribute property) 30edited() (pymispMISPObjectReference property) 31edited() (pymispMISPOrganisation property) 34edited() (pymispMISPTag property) 32edited() (pymispMISPUser property) 33edited() (pymisptoolsFileObject property) 37edited() (pymisptoolsVTReportObject property) 39enable_feed() (pymispPyMISP method) 12enable_feed_cache() (pymispPyMISP method)
12enable_noticelist() (pymispPyMISP method)
12enable_tag() (pymispPyMISP method) 12enable_taxonomy() (pymispPyMISP method) 12enable_taxonomy_tags() (pymispPyMISP
method) 12enable_warninglist() (pymispPyMISP method)
12event_blacklists() (pymispPyMISP method) 12event_delegations() (pymispPyMISP method)
12ExpandedPyMISP (in module pymisp) 23
Ffeeds() (pymispPyMISP method) 12fetch_feed() (pymispPyMISP method) 12FileObject (class in pymisptools) 37freetext() (pymispPyMISP method) 12from_dict() (pymispAbstractMISP method) 23from_dict() (pymispMISPAttribute method) 27from_dict() (pymispMISPEvent method) 25from_dict() (pymispMISPObject method) 28from_dict() (pymispMISPObjectAttribute method)
30from_dict() (pymispMISPObjectReference method)
31from_dict() (pymispMISPOrganisation method) 34from_dict() (pymispMISPTag method) 32from_dict() (pymispMISPUser method) 33from_dict() (pymisptoolsFileObject method) 37from_dict() (pymisptoolsVTReportObject method)
39from_json() (pymispAbstractMISP method) 23from_json() (pymispMISPAttribute method) 27from_json() (pymispMISPEvent method) 25from_json() (pymispMISPObject method) 28from_json() (pymispMISPObjectAttribute method)
30
46 Index
PyMISP Documentation Release main
from_json() (pymispMISPObjectReference method)31
from_json() (pymispMISPOrganisation method) 34from_json() (pymispMISPTag method) 32from_json() (pymispMISPUser method) 33from_json() (pymisptoolsFileObject method) 37from_json() (pymisptoolsVTReportObject method)
39
Ggalaxies() (pymispPyMISP method) 12generate_attributes() (pymisptoolsFileObject
method) 37generate_attributes()
(pymisptoolsVTReportObject method)39
get() (pymispMISPAttribute method) 27get() (pymispMISPEvent method) 25get() (pymispMISPObject method) 28get() (pymispMISPObjectAttribute method) 30get() (pymispMISPObjectReference method) 31get() (pymispMISPOrganisation method) 34get() (pymispMISPTag method) 32get() (pymispMISPUser method) 33get() (pymisptoolsFileObject method) 37get() (pymisptoolsVTReportObject method) 39get_all_functions() (pymispPyMISP method)
13get_attribute() (pymispPyMISP method) 13get_attribute_tag() (pymispMISPEvent
method) 25get_attributes_by_relation()
(pymispMISPObject method) 28get_attributes_by_relation()
(pymisptoolsFileObject method) 37get_attributes_by_relation()
(pymisptoolsVTReportObject method)39
get_community() (pymispPyMISP method) 13get_event() (pymispPyMISP method) 13get_feed() (pymispPyMISP method) 13get_galaxy() (pymispPyMISP method) 13get_noticelist() (pymispPyMISP method) 13get_object() (pymispPyMISP method) 13get_object_by_id() (pymispMISPEvent method)
25get_object_by_uuid() (pymispMISPEvent
method) 25get_object_template() (pymispPyMISP
method) 13get_objects_by_name() (pymispMISPEvent
method) 25get_organisation() (pymispPyMISP method) 13get_sync_config() (pymispPyMISP method) 13
get_tag() (pymispPyMISP method) 13get_taxonomy() (pymispPyMISP method) 13get_user() (pymispPyMISP method) 13get_user_setting() (pymispPyMISP method) 14get_warninglist() (pymispPyMISP method) 14
Hhas_attributes_by_relation()
(pymispMISPObject method) 28has_attributes_by_relation()
(pymisptoolsFileObject method) 37has_attributes_by_relation()
(pymisptoolsVTReportObject method)39
hash_values() (pymispMISPAttribute method) 27hash_values() (pymispMISPObjectAttribute
method) 30
Iimport_server() (pymispPyMISP method) 14items() (pymispMISPAttribute method) 27items() (pymispMISPEvent method) 25items() (pymispMISPObject method) 29items() (pymispMISPObjectAttribute method) 30items() (pymispMISPObjectReference method) 31items() (pymispMISPOrganisation method) 34items() (pymispMISPTag method) 32items() (pymispMISPUser method) 33items() (pymisptoolsFileObject method) 38items() (pymisptoolsVTReportObject method) 39
Jjsonable() (pymispAbstractMISP method) 23jsonable() (pymispMISPAttribute method) 27jsonable() (pymispMISPEvent method) 25jsonable() (pymispMISPObject method) 29jsonable() (pymispMISPObjectAttribute method)
30jsonable() (pymispMISPObjectReference method)
31jsonable() (pymispMISPOrganisation method) 34jsonable() (pymispMISPTag method) 32jsonable() (pymispMISPUser method) 33jsonable() (pymisptoolsFileObject method) 38jsonable() (pymisptoolsVTReportObject method)
39
Kkeys() (pymispMISPAttribute method) 27keys() (pymispMISPEvent method) 25keys() (pymispMISPObject method) 29keys() (pymispMISPObjectAttribute method) 30keys() (pymispMISPObjectReference method) 31keys() (pymispMISPOrganisation method) 34
Index 47
PyMISP Documentation Release main
keys() (pymispMISPTag method) 32keys() (pymispMISPUser method) 33keys() (pymisptoolsFileObject method) 38keys() (pymisptoolsVTReportObject method) 39known_types() (pymispMISPAttribute property) 27known_types() (pymispMISPObjectAttribute prop-
erty) 30
Lload() (pymispMISPEvent method) 25load_default_feeds() (pymispPyMISP method)
14load_file() (pymispMISPEvent method) 25load_openioc() (pymisptools method) 40load_openioc_file() (pymisptools method) 40load_stix() (in module pymisptoolsstix) 40
Mmake_stix_package() (in module
pymisptoolsstix) 40malware_binary() (pymispMISPAttribute prop-
erty) 27malware_binary() (pymispMISPObjectAttribute
property) 30misp_instance_version() (pymispPyMISP
property) 14misp_instance_version_master()
(pymispPyMISP property) 14MISPAttribute (class in pymisp) 26MISPEncode (class in pymisp) 24MISPEvent (class in pymisp) 24MISPObject (class in pymisp) 28MISPObjectAttribute (class in pymisp) 29MISPObjectReference (class in pymisp) 31MISPOrganisation (class in pymisp) 34MISPTag (class in pymisp) 32MISPUser (class in pymisp) 33module
pymisp 7pymisptools 37pymisptoolsstix 40
Nnoticelists() (pymispPyMISP method) 14
Oobject_templates() (pymispPyMISP method) 14organisation_blacklists() (pymispPyMISP
method) 14organisations() (pymispPyMISP method) 14
Ppop() (pymispMISPAttribute method) 27
pop() (pymispMISPEvent method) 25pop() (pymispMISPObject method) 29pop() (pymispMISPObjectAttribute method) 30pop() (pymispMISPObjectReference method) 31pop() (pymispMISPOrganisation method) 34pop() (pymispMISPTag method) 32pop() (pymispMISPUser method) 33pop() (pymisptoolsFileObject method) 38pop() (pymisptoolsVTReportObject method) 39popitem() (pymispMISPAttribute method) 27popitem() (pymispMISPEvent method) 25popitem() (pymispMISPObject method) 29popitem() (pymispMISPObjectAttribute method) 30popitem() (pymispMISPObjectReference method) 31popitem() (pymispMISPOrganisation method) 34popitem() (pymispMISPTag method) 32popitem() (pymispMISPUser method) 33popitem() (pymisptoolsFileObject method) 38popitem() (pymisptoolsVTReportObject method) 39publish() (pymispMISPEvent method) 25publish() (pymispPyMISP method) 14push_event_to_ZMQ() (pymispPyMISP method)
14pymisp
module 7PyMISP (class in pymisp) 7pymisptools
module 37pymisptoolsstix
module 40pymisp_version_main() (pymispPyMISP prop-
erty) 15
Rrecommended_pymisp_version()
(pymispPyMISP property) 15remote_acl() (pymispPyMISP method) 15remove_org_from_sharing_group()
(pymispPyMISP method) 15remove_server_from_sharing_group()
(pymispPyMISP method) 15roles() (pymispPyMISP method) 15
Ssearch() (pymispPyMISP method) 15search_feeds() (pymispPyMISP method) 17search_index() (pymispPyMISP method) 18search_logs() (pymispPyMISP method) 18search_sightings() (pymispPyMISP method) 19server_pull() (pymispPyMISP method) 20server_push() (pymispPyMISP method) 20servers() (pymispPyMISP method) 20set_date() (pymispMISPEvent method) 25
48 Index
PyMISP Documentation Release main
set_not_jsonable() (pymispAbstractMISPmethod) 23
set_not_jsonable() (pymispMISPAttributemethod) 27
set_not_jsonable() (pymispMISPEvent method)25
set_not_jsonable() (pymispMISPObjectmethod) 29
set_not_jsonable() (pymispMISPObjectAttributemethod) 30
set_not_jsonable()(pymispMISPObjectReference method)31
set_not_jsonable() (pymispMISPOrganisationmethod) 35
set_not_jsonable() (pymispMISPTag method)32
set_not_jsonable() (pymispMISPUser method)33
set_not_jsonable() (pymisptoolsFileObjectmethod) 38
set_not_jsonable()(pymisptoolsVTReportObject method)39
set_user_setting() (pymispPyMISP method) 20setdefault() (pymispMISPAttribute method) 27setdefault() (pymispMISPEvent method) 25setdefault() (pymispMISPObject method) 29setdefault() (pymispMISPObjectAttribute
method) 30setdefault() (pymispMISPObjectReference
method) 31setdefault() (pymispMISPOrganisation method)
35setdefault() (pymispMISPTag method) 33setdefault() (pymispMISPUser method) 34setdefault() (pymisptoolsFileObject method) 38setdefault() (pymisptoolsVTReportObject
method) 40sharing_groups() (pymispPyMISP method) 20sightings() (pymispPyMISP method) 20
Ttag() (pymispPyMISP method) 20tags() (pymispMISPAttribute property) 27tags() (pymispMISPEvent property) 26tags() (pymispMISPObjectAttribute property) 30tags() (pymispPyMISP method) 20tags_statistics() (pymispPyMISP method) 20taxonomies() (pymispPyMISP method) 20to_dict() (pymispAbstractMISP method) 23to_dict() (pymispMISPAttribute method) 27to_dict() (pymispMISPEvent method) 26to_dict() (pymispMISPObject method) 29
to_dict() (pymispMISPObjectAttribute method) 30to_dict() (pymispMISPObjectReference method) 32to_dict() (pymispMISPOrganisation method) 35to_dict() (pymispMISPTag method) 33to_dict() (pymispMISPUser method) 34to_dict() (pymisptoolsFileObject method) 38to_dict() (pymisptoolsVTReportObject method) 40to_feed() (pymispMISPEvent method) 26to_json() (pymispAbstractMISP method) 23to_json() (pymispMISPAttribute method) 27to_json() (pymispMISPEvent method) 26to_json() (pymispMISPObject method) 29to_json() (pymispMISPObjectAttribute method) 31to_json() (pymispMISPObjectReference method) 32to_json() (pymispMISPOrganisation method) 35to_json() (pymispMISPTag method) 33to_json() (pymispMISPUser method) 34to_json() (pymisptoolsFileObject method) 38to_json() (pymisptoolsVTReportObject method) 40toggle_warninglist() (pymispPyMISP method)
20
Uunpublish() (pymispMISPEvent method) 26untag() (pymispPyMISP method) 21update() (pymispMISPAttribute method) 28update() (pymispMISPEvent method) 26update() (pymispMISPObject method) 29update() (pymispMISPObjectAttribute method) 31update() (pymispMISPObjectReference method) 32update() (pymispMISPOrganisation method) 35update() (pymispMISPTag method) 33update() (pymispMISPUser method) 34update() (pymisptoolsFileObject method) 38update() (pymisptoolsVTReportObject method) 40update_attribute() (pymispPyMISP method) 21update_attribute_proposal()
(pymispPyMISP method) 21update_event() (pymispPyMISP method) 21update_event_blacklist() (pymispPyMISP
method) 21update_feed() (pymispPyMISP method) 21update_galaxies() (pymispPyMISP method) 21update_not_jsonable() (pymispAbstractMISP
method) 23update_not_jsonable() (pymispMISPAttribute
method) 28update_not_jsonable() (pymispMISPEvent
method) 26update_not_jsonable() (pymispMISPObject
method) 29update_not_jsonable()
(pymispMISPObjectAttribute method) 31
Index 49
PyMISP Documentation Release main
update_not_jsonable()(pymispMISPObjectReference method)32
update_not_jsonable()(pymispMISPOrganisation method) 35
update_not_jsonable() (pymispMISPTagmethod) 33
update_not_jsonable() (pymispMISPUsermethod) 34
update_not_jsonable() (pymisptoolsFileObjectmethod) 38
update_not_jsonable()(pymisptoolsVTReportObject method)40
update_noticelists() (pymispPyMISP method)21
update_object() (pymispPyMISP method) 21update_object_templates() (pymispPyMISP
method) 21update_organisation() (pymispPyMISP
method) 21update_organisation_blacklist()
(pymispPyMISP method) 21update_server() (pymispPyMISP method) 22update_tag() (pymispPyMISP method) 22update_taxonomies() (pymispPyMISP method)
22update_user() (pymispPyMISP method) 22update_warninglists() (pymispPyMISP
method) 22upload_stix() (pymispPyMISP method) 22user_registrations() (pymispPyMISP method)
22user_settings() (pymispPyMISP method) 22users() (pymispPyMISP method) 22users_statistics() (pymispPyMISP method) 22
Vvalues() (pymispMISPAttribute method) 28values() (pymispMISPEvent method) 26values() (pymispMISPObject method) 29values() (pymispMISPObjectAttribute method) 31values() (pymispMISPObjectReference method) 32values() (pymispMISPOrganisation method) 35values() (pymispMISPTag method) 33values() (pymispMISPUser method) 34values() (pymisptoolsFileObject method) 38values() (pymisptoolsVTReportObject method) 40values_in_warninglist() (pymispPyMISP
method) 22version() (pymispPyMISP property) 22VTReportObject (class in pymisptools) 38
Wwarninglists() (pymispPyMISP method) 22
50 Index
- README
- pymisp
- PyMISP
- PyMISPExpanded (Python 36+ only)
- MISPAbstract
- MISPEncode
- MISPEvent
- MISPAttribute
- MISPObject
- MISPObjectAttribute
- MISPObjectReference
- MISPTag
- MISPUser
- MISPOrganisation
- pymisp - Tools
- File Object
- ELF Object
- PE Object
- Mach-O Object
- VT Report Object
- STIX
- OpenIOC
- Indices and tables
- Python Module Index
- Index
PyMISP Documentation Release main
` cd examples cp keyspysample keyspy vim keyspy `
The API key of MISP is available in the Automation section of the MISP web interface
To test if your URL and API keys are correct you can test with exampleslastpy to fetch the events pub-lished in the last x amount of time (supported time indicators days (d) hours (h) and minutes (m))lastpy ` cd examples python3 lastpy -l 10h 10 hours python3 lastpy -l 5d 5days python3 lastpy -l 45m 45 minutes `
Debugging
You have two options there
1 Pass debug=True to PyMISP and it will enable loggingDEBUG to stderr on the whole module
2 Use the python logging module directly
```python
import logging logger = logginggetLogger(lsquopymisprsquo)
Configure it as you whish for example enable DEBUG mode loggersetLevel(loggingDEBUG) ```
Or if you want to write the debug output to a file instead of stderr
```python import pymisp import logging
logger = logginggetLogger(lsquopymisprsquo) loggingbasicConfig(level=loggingDEBUG filename=rdquodebuglogrdquo file-mode=rsquowrsquo format=pymispFORMAT) ```
Test cases
1 The content of mispeventpy is tested on every commit
2 The tests cases that require a running MISP instance can be run the following way
```bash From poetry
nosetests-34 -s ndashwith-coverage ndashcover-package=pymisptests ndashcover-tests teststestlive_comprehensivepyTestComprehensive[test_name]
```
Documentation
The documentation is available [here](httpspymispreadthedocsioenlatest)
Jupyter notebook
A series of [Jupyter notebooks for PyMISP tutorial](httpsgithubcomMISPPyMISPtreemaindocstutorial) areavailable in the repository
Everything is a Mutable Mapping
or at least everything that can be importedexported fromto a json blob
AbstractMISP is the master class and inherit collectionsMutableMapping which means the class can be representedas a python dictionary
The abstraction assumes every property that should not be seen in the dictionary is prepended with a _ or its name isadded to the private list __not_jsonable (accessible through update_not_jsonable and set_not_jsonable
This master class has helpers that will make it easy to load and export to and from a json string
MISPEvent MISPAttribute MISPObjectReference MISPObjectAttribute and MISPObject are subclasses of Abstract-MISP which mean that they can be handled as python dictionaries
MISP Objects
4 Chapter 1 README
PyMISP Documentation Release main
Creating a new MISP object generator should be done using a pre-defined template and inherit AbstractMISPObject-Generator
Your new MISPObject generator need to generate attributes and add them as class properties using add_attribute
When the object is sent to MISP all the class properties will be exported to the JSON export
5
PyMISP Documentation Release main
6 Chapter 1 README
CHAPTER
TWO
PYMISP
21 PyMISP
class pymispPyMISP(url key ssl=True debug=False proxies= cert=None auth=None tool=timeout=None)
Python API for MISP
Parameters
bull url (str) ndash URL of the MISP instance you want to connect to
bull key (str) ndash API key of the user you want to use
bull ssl (bool) ndash can be True or False (to check or to not check the validity of the certificateOr a CA_BUNDLE in case of self signed or other certificate (the concatenation of all thecrt of the chain)
bull debug (bool) ndash Write all the debug information to stderr
bull proxies (Mapping) ndash Proxy dict as describes here httpdocspython-requestsorgenmasteruseradvancedproxies
bull cert (Optional[Tuple[str tuple]]) ndash Client certificate as described there httpdocspython-requestsorgenmasteruseradvancedclient-side-certificates
bull auth (Optional[AuthBase]) ndash The auth parameter is passed directly to requests asdescribed here httpdocspython-requestsorgenmasteruserauthentication
bull tool (str) ndash The software using PyMISP (string) used to set a unique user-agent
bull timeout (Union[float Tuple[float float] None]) ndash Timeout as describedhere httpsrequestsreadthedocsioenmasteruseradvancedtimeouts
accept_attribute_proposal(proposal)Accept a proposal
Return type Dict
add_attribute(event attribute pythonify=False)Add an attribute to an existing MISP event NOTE MISP 24113+ you can pass a list of attributes Inthat case the pythonified response is the following lsquoattributesrsquo [MISPAttribute] lsquoerrorsrsquo errors byattributes
Return type Union[Dict MISPAttribute MISPShadowAttribute]
add_attribute_proposal(event attribute pythonify=False)Propose a new attribute in an event
Return type Union[Dict MISPShadowAttribute]
7
PyMISP Documentation Release main
add_event(event pythonify=False)Add a new event on a MISP instance
Return type Union[Dict MISPEvent]
add_event_blacklist(uuids comment=None event_info=None event_orgc=None)Add a new event in the blacklist
Return type Dict
add_feed(feed pythonify=False)Add a new feed on a MISP instance
Return type Union[Dict MISPFeed]
add_object(event misp_object pythonify=False)Add a MISP Object to an existing MISP event
Return type Union[Dict MISPObject]
add_object_reference(misp_object_reference pythonify=False)Add a reference to an object
Return type Union[Dict MISPObjectReference]
add_org_to_sharing_group(sharing_group organisation extend=False)Add an organisation to a sharing group sharing_group Sharing grouprsquos local instance ID or Sharinggrouprsquos global UUID organisation Organisationrsquos local instance ID or Organisationrsquos global UUID orOrganisationrsquos name as known to the curent instance extend Allow the organisation to extend the group
Return type Dict
add_organisation(organisation pythonify=False)Add an organisation
Return type Union[Dict MISPOrganisation]
add_organisation_blacklist(uuids comment=None org_name=None)Add a new organisation in the blacklist
Return type Dict
add_server(server pythonify=False)Add a server to synchronise with Note You probably want to use ExpandedPyMISPget_sync_config andExpandedPyMISPimport_server instead
Return type Union[Dict MISPServer]
add_server_to_sharing_group(sharing_group server all_orgs=False)Add a server to a sharing group sharing_group Sharing grouprsquos local instance ID or Sharing grouprsquosglobal UUID server Serverrsquos local instance ID or URL of the Server or Serverrsquos name as known to thecurent instance all_orgs Add all the organisations of the server to the group
Return type Dict
add_sharing_group(sharing_group pythonify=False)Add a new sharing group
Return type Union[Dict MISPSharingGroup]
add_sighting(sighting attribute=None pythonify=False)Add a new sighting (globally or to a specific attribute)
Return type Union[Dict MISPSighting]
8 Chapter 2 pymisp
PyMISP Documentation Release main
add_tag(tag pythonify=False)Add a new tag on a MISP instance Notes
bull The user calling this method needs the Tag Editor permission
bull It doesnrsquot add a tag to an event simply create it on a MISP instance
Return type Union[Dict MISPTag]
add_user(user pythonify=False)Add a new user
Return type Union[Dict MISPUser]
attributes_statistics(context=type percentage=False)Get attributes statistics from the MISP instance
Return type Dict
build_complex_query(or_parameters=None and_parameters=None not_parameters=None)Build a complex search query MISP expects a dictionary with AND OR and NOT keys
Return type Dict[str List[~SearchType]]
cache_all_feeds()Cache all the feeds
Return type Dict
cache_feed(feed)Cache a specific feed
Return type Dict
cache_freetext_feeds()Cache all the freetext feeds
Return type Dict
cache_misp_feeds()Cache all the MISP feeds
Return type Dict
change_sharing_group_on_entity(misp_entity sharing_group_id pythonify=False)Change the sharing group of an event an attribute or an object
Return type Union[Dict MISPEvent MISPObject MISPAttributeMISPShadowAttribute]
change_user_password(new_password)Thange the password of the curent user
Return type Dict
communities(pythonify=False)Get all the communities
Return type Union[Dict List[MISPCommunity]]
compare_feeds()Generate the comparison matrix for all the MISP feeds
Return type Dict
21 PyMISP 9
PyMISP Documentation Release main
contact_event_reporter(event message)Send a message to the reporter of an event
Return type Dict
delegate_event(event=None organisation=None event_delegation=None distribution=- 1 mes-sage= pythonify=False)
Note distribution == -1 means recipient decides
Return type Union[Dict MISPEventDelegation]
delete_attribute(attribute hard=False)Delete an attribute from a MISP instance
Return type Dict
delete_attribute_proposal(attribute)Propose the deletion of an attribute
Return type Dict
delete_event(event)Delete an event from a MISP instance
Return type Dict
delete_event_blacklist(event_blacklist)Delete a blacklisted event
Return type Dict
delete_feed(feed)Delete a feed from a MISP instance
Return type Dict
delete_object(misp_object)Delete an object from a MISP instance
Return type Dict
delete_object_reference(object_reference)Delete a reference to an object
Return type Dict
delete_organisation(organisation)Delete an organisation
Return type Dict
delete_organisation_blacklist(organisation_blacklist)Delete a blacklisted organisation
Return type Dict
delete_server(server)Delete a sync server
Return type Dict
delete_sharing_group(sharing_group)Delete a sharing group
Return type Dict
10 Chapter 2 pymisp
PyMISP Documentation Release main
delete_sighting(sighting)Delete a sighting from a MISP instance
Return type Dict
delete_tag(tag)Delete an attribute from a MISP instance
Return type Dict
delete_user(user)Delete a user
Return type Dict
delete_user_setting(user_setting user=None)Delete a user setting
Return type Dict
property describe_types_localReturns the content of describe types from the package
Return type Dict
property describe_types_remoteReturns the content of describe types from the remote instance
Return type Dict
direct_call(url data=None params= kw_params=)Very lightweight call that posts a data blob (python dictionary or json string) on the URL
Return type Any
disable_feed(feed pythonify=False)Disable a feed
Return type Union[Dict MISPFeed]
disable_feed_cache(feed pythonify=False)Disable the caching of a feed
Return type Union[Dict MISPFeed]
disable_noticelist(noticelist)Disable a noticelist by id
Return type Dict
disable_tag(tag pythonify=False)Disable a tag
Return type Union[Dict MISPTag]
disable_taxonomy(taxonomy)Disable a taxonomy
Return type Dict
disable_taxonomy_tags(taxonomy)Disable all the tags of a taxonomy
Return type Dict
disable_warninglist(warninglist)Disable a warninglist
21 PyMISP 11
PyMISP Documentation Release main
Return type Dict
discard_attribute_proposal(proposal)Discard a proposal
Return type Dict
enable_feed(feed pythonify=False)Enable a feed (fetching it will create event(s)
Return type Union[Dict MISPFeed]
enable_feed_cache(feed pythonify=False)Enable the caching of a feed
Return type Union[Dict MISPFeed]
enable_noticelist(noticelist)Enable a noticelist by id
Return type Dict
enable_tag(tag pythonify=False)Enable a tag
Return type Union[Dict MISPTag]
enable_taxonomy(taxonomy)Enable a taxonomy
Return type Dict
enable_taxonomy_tags(taxonomy)Enable all the tags of a taxonomy NOTE this automatically done when you call enable_taxonomy
Return type Dict
enable_warninglist(warninglist)Enable a warninglist
Return type Dict
event_blacklists(pythonify=False)Get all the blacklisted events
Return type Union[Dict List[MISPEventBlacklist]]
event_delegations(pythonify=False)Get all the event delegations
Return type Union[Dict List[MISPEventDelegation]]
feeds(pythonify=False)Get the list of existing feeds
Return type Union[Dict List[MISPFeed]]
fetch_feed(feed)Fetch one single feed
Return type Dict
freetext(event string adhereToWarninglists=False distribution=None returnMetaAttributes=Falsepythonify=False kwargs)
Pass a text to the freetext importer
Return type Union[Dict List[MISPAttribute]]
12 Chapter 2 pymisp
PyMISP Documentation Release main
galaxies(pythonify=False)Get all the galaxies
Return type Union[Dict List[MISPGalaxy]]
get_all_functions(not_implemented=False)Get all methods available vi the API allow to get the ones that are not implemented
get_attribute(attribute pythonify=False)Get an attribute from a MISP instance
Return type Union[Dict MISPAttribute]
get_community(community pythonify=False)Get an community from a MISP instance
Return type Union[Dict MISPCommunity]
get_event(event deleted=False extended=False pythonify=False)Get an event from a MISP instance
Return type Union[Dict MISPEvent]
get_feed(feed pythonify=False)Get a feed by id
Return type Union[Dict MISPFeed]
get_galaxy(galaxy pythonify=False)Get a galaxy by id
Return type Union[Dict MISPGalaxy]
get_noticelist(noticelist pythonify=False)Get a noticelist by id
Return type Union[Dict MISPNoticelist]
get_object(misp_object pythonify=False)Get an object from the remote MISP instance
Return type Union[Dict MISPObject]
get_object_template(object_template pythonify=False)Gets the full object template corresponting the UUID passed as parameter
Return type Union[Dict MISPObjectTemplate]
get_organisation(organisation pythonify=False)Get an organisation
Return type Union[Dict MISPOrganisation]
get_sync_config(pythonify=False)WARNING This method only works if the user calling it is a sync user
Return type Union[Dict MISPServer]
get_tag(tag pythonify=False)Get a tag by id
Return type Union[Dict MISPTag]
get_taxonomy(taxonomy pythonify=False)Get a taxonomy from a MISP instance
Return type Union[Dict MISPTaxonomy]
21 PyMISP 13
PyMISP Documentation Release main
get_user(user=me pythonify=False expanded=False)Get a user me means the owner of the API key doing the query expanded also returns a MISPRole and aMISPUserSetting
Return type Union[Dict MISPUser Tuple[MISPUser MISPRoleList[MISPUserSetting]]]
get_user_setting(user_setting user=None pythonify=False)Get an user setting
Return type Union[Dict MISPUserSetting]
get_warninglist(warninglist pythonify=False)Get a warninglist
Return type Union[Dict MISPWarninglist]
import_server(server pythonify=False)Import a sync server config received from get_sync_config
Return type Union[Dict MISPServer]
load_default_feeds()Load all the default feeds
Return type Dict
property misp_instance_versionReturns the version of the instance
Return type Dict
property misp_instance_version_masterGet the most recent version from github
Return type Dict
noticelists(pythonify=False)Get all the noticelists
Return type Union[Dict List[MISPNoticelist]]
object_templates(pythonify=False)Get all the object templates
Return type Union[Dict List[MISPObjectTemplate]]
organisation_blacklists(pythonify=False)Get all the blacklisted organisations
Return type Union[Dict List[MISPOrganisationBlacklist]]
organisations(scope=local pythonify=False)Get all the organisations
Return type Union[Dict List[MISPOrganisation]]
publish(event alert=False)Publish the event with one single HTTP POST The default is to not send a mail as it is assumed thismethod is called on update
Return type Dict
push_event_to_ZMQ(event)Force push an event on ZMQ
14 Chapter 2 pymisp
PyMISP Documentation Release main
Return type Dict
property pymisp_version_mainGet the most recent version of PyMISP from github
Return type Dict
property recommended_pymisp_versionReturns the recommended API version from the server
Return type Dict
remote_acl(debug_type=findMissingFunctionNames)This should return an empty list unless the ACL is outdated debug_type can only be printAllFunction-Names findMissingFunctionNames or printRoleAccess
Return type Dict
remove_org_from_sharing_group(sharing_group organisation)Remove an organisation from a sharing group sharing_group Sharing grouprsquos local instance ID orSharing grouprsquos global UUID organisation Organisationrsquos local instance ID or Organisationrsquos globalUUID or Organisationrsquos name as known to the curent instance
Return type Dict
remove_server_from_sharing_group(sharing_group server)Remove a server from a sharing group sharing_group Sharing grouprsquos local instance ID or Sharinggrouprsquos global UUID server Serverrsquos local instance ID or URL of the Server or Serverrsquos name as knownto the curent instance
Return type Dict
roles(pythonify=False)Get the existing roles
Return type Union[Dict List[MISPRole]]
search(controller=events return_format=json limit=None page=None value=Nonetype_attribute=None category=None org=None tags=None quick_filter=None quick-Filter=None date_from=None date_to=None eventid=None with_attachments=NonewithAttachments=None metadata=None uuid=None publish_timestamp=Nonelast=None timestamp=None published=None enforce_warninglist=None enforceWarn-inglist=None to_ids=None deleted=None include_event_uuid=None includeEventU-uid=None include_event_tags=None includeEventTags=None event_timestamp=Nonesg_reference_only=None eventinfo=None searchall=None requested_attributes=None in-clude_context=None includeContext=None headerless=None include_sightings=NoneincludeSightings=None include_correlations=None includeCorrelations=None in-clude_decay_score=None includeDecayScore=None object_name=None pythonify=Falsekwargs)
Search in the MISP instance
Parameters
bull return_format (str) ndash Set the return format of the search (Currently supported jsonxml openioc suricata snort - more formats are being moved to restSearch with the goalbeing that all searches happen through this API) Can be passed as the first parameter afterrestSearch or via the JSON payload
bull limit (Optional[int]) ndash Limit the number of results returned depending on thescope (for example 10 attributes or 10 full events)
bull page (Optional[int]) ndash If a limit is set sets the page to be returned page 3 limit 100will return records 201-gt300)
21 PyMISP 15
PyMISP Documentation Release main
bull value (Optional[~SearchParameterTypes]) ndash Search for the given value in the at-tributesrsquo value field
bull type_attribute (Optional[~SearchParameterTypes]) ndash The attribute type anyvalid MISP attribute type is accepted
bull category (Optional[~SearchParameterTypes]) ndash The attribute category any validMISP attribute category is accepted
bull org (Optional[~SearchParameterTypes]) ndash Search by the creator organisation by sup-plying the organisation identifier
bull tags (Optional[~SearchParameterTypes]) ndash Tags to search or to exclude You canpass a list or the output of build_complex_query
bull quick_filter (Optional[str]) ndash The string passed to this field will ignore all ofthe other arguments MISP will return an xml json (depending on the header sent) of allevents that have a sub-string match on value in the event info event orgc or any of theattribute value1 value2 fields or in the attribute comment
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull eventid (Optional[~SearchType]) ndash The events that should be included excludedfrom the search
bull with_attachments (Optional[bool]) ndash If set encodes the attachments zippedmalware samples as base64 in the data field within each attribute
bull metadata (Optional[bool]) ndash Only the metadata (event tags relations) is returnedattributes and proposals are omitted
bull uuid (Optional[str]) ndash Restrict the results by uuid
bull publish_timestamp (Union[date int str float NoneTuple[Union[date int str float None] Union[date int str floatNone]]]) ndash Restrict the results by the last publish timestamp (newer than)
bull timestamp (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash Restrict the resultsby the timestamp (last edit) Any event with a timestamp newer than the given timestampwill be returned In case you are dealing with attributes as scope the attributersquos timestampwill be used for the lookup
bull published (Optional[bool]) ndash Set whether published or unpublished events shouldbe returned Do not set the parameter if you want both
bull enforce_warninglist (Optional[bool]) ndash Remove any attributes from the resultthat would cause a hit on a warninglist entry
bull to_ids (Union[~ToIDSType List[~ToIDSType] None]) ndash By default all attributesare returned that match the other filter parameters irregardless of their to_ids setting Torestrict the returned data set to to_ids only attributes set this parameter to 1 0 for the oneswith to_ids set to False
bull deleted (Optional[str]) ndash If this parameter is set to 1 it will only return soft-deletedattributes [ldquo0rdquo ldquo1rdquo] will return the active ones as well as the soft-deleted ones
bull include_event_uuid (Optional[bool]) ndash Instead of just including the event IDalso include the event UUID in each of the attributes
16 Chapter 2 pymisp
PyMISP Documentation Release main
bull include_event_tags (Optional[bool]) ndash Include the event level tags in each ofthe attributes
bull event_timestamp (Union[date int str float None]) ndash Only return at-tributes from events that have received a modification after the given timestamp
bull sg_reference_only (Optional[bool]) ndash If this flag is set sharing group objectswill not be included instead only the sharing group ID is set
bull eventinfo (Optional[str]) ndash Filter on the eventrsquos info field
bull searchall (Optional[bool]) ndash Search for a full or a substring (delimited by forsubstrings) in the event info event tags attribute tags attribute values or attribute commentfields
bull requested_attributes (Optional[str]) ndash [CSV only] Select the fields that youwish to include in the CSV export By setting event level fields additionally includeCon-text is not required to get event metadata
bull include_context (Optional[bool]) ndash [Attribute only] Include the event data witheach attribute [CSV output] Add event level metadata in every line of the CSV
bull headerless (Optional[bool]) ndash [CSV Only] The CSV created when this setting isset to true will not contain the header row
bull include_sightings (Optional[bool]) ndash [JSON Only - Attribute] Include thesightings of the matching attributes
bull include_decay_score (Optional[bool]) ndash Include the decay score at attributelevel
bull include_correlations (Optional[bool]) ndash [JSON Only - attribute] Include thecorrelations of the matching attributes
bull object_name (Optional[str]) ndash [objects controller only] Search for objects withthat name
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead of the plainjson output Warning it might use a lot of RAM
Deprecated
Parameters
bull quickFilter (Optional[str]) ndash synponym for quick_filter
bull withAttachments (Optional[bool]) ndash synonym for with_attachments
bull last (Union[date int str float None Tuple[Union[date int strfloat None] Union[date int str float None]]]) ndash synonym for pub-lish_timestamp
bull enforceWarninglist (Optional[bool]) ndash synonym for enforce_warninglist
bull includeEventUuid (Optional[bool]) ndash synonym for include_event_uuid
bull includeEventTags (Optional[bool]) ndash synonym for include_event_tags
bull includeContext (Optional[bool]) ndash synonym for include_context
Return type Union[Dict str List[Union[MISPEvent MISPAttributeMISPObject]]]
search_feeds(value=None pythonify=False)Search in the feeds cached on the servers
21 PyMISP 17
PyMISP Documentation Release main
Return type Union[Dict List[MISPFeed]]
search_index(published=None eventid=None tags=None date_from=None date_to=Noneeventinfo=None threatlevel=None distribution=None analysis=None org=Nonetimestamp=None pythonify=None)
Search only at the index level Using in front of a value means NOT (default is OR)
Parameters
bull published (Optional[bool]) ndash Set whether published or unpublished events shouldbe returned Do not set the parameter if you want both
bull eventid (Optional[~SearchType]) ndash The events that should be included excludedfrom the search
bull tags (Optional[~SearchParameterTypes]) ndash Tags to search or to exclude You canpass a list or the output of build_complex_query
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull eventinfo (Optional[str]) ndash Filter on the eventrsquos info field
bull threatlevel (Optional[List[~SearchType]]) ndash Threat level(s) (1234) | list
bull distribution (Optional[List[~SearchType]]) ndash Distribution level(s) (0123) |list
bull analysis (Optional[List[~SearchType]]) ndash Analysis level(s) (012) | list
bull org (Optional[~SearchParameterTypes]) ndash Search by the creator organisation by sup-plying the organisation identifier
bull timestamp (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash Restrict the resultsby the timestamp (last edit) Any event with a timestamp newer than the given timestampwill be returned In case you are dealing with attributes as scope the attributersquos timestampwill be used for the lookup
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead or the plainjson output Warning it might use a lot of RAM
Return type Union[Dict List[MISPEvent]]
search_logs(limit=None page=None log_id=None title=None created=None model=None ac-tion=None user_id=None change=None email=None org=None description=Noneip=None pythonify=False)
Search in logs
Note to run substring queries simply appendprependencapsulate the search term with
Parameters
bull limit (Optional[int]) ndash Limit the number of results returned depending on thescope (for example 10 attributes or 10 full events)
bull page (Optional[int]) ndash If a limit is set sets the page to be returned page 3 limit 100will return records 201-gt300)
bull log_id (Optional[int]) ndash Log ID
bull title (Optional[str]) ndash Log Title
18 Chapter 2 pymisp
PyMISP Documentation Release main
bull created (Union[date int str float None]) ndash Creation timestamp
bull model (Optional[str]) ndash Model name that generated the log entry
bull action (Optional[str]) ndash The thing that was done
bull user_id (Optional[int]) ndash ID of the user doing the action
bull change (Optional[str]) ndash Change that occured
bull email (Optional[str]) ndash Email of the user
bull org (Optional[str]) ndash Organisation of the User doing the action
bull description (Optional[str]) ndash Description of the action
bull ip (Optional[str]) ndash Origination IP of the User doing the action
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead or the plainjson output Warning it might use a lot of RAM
Return type Union[Dict List[MISPLog]]
search_sightings(context=None context_id=None type_sighting=None date_from=Nonedate_to=None publish_timestamp=None last=None org=None source=Noneinclude_attribute=None include_event_meta=None pythonify=False)
Search sightings
Parameters
bull context (Optional[str]) ndash The context of the search Can be either ldquoattributerdquoldquoeventrdquo or nothing (will then match on events and attributes)
bull context_id (Optional[~SearchType]) ndash Only relevant if context is either ldquoattributerdquoor ldquoeventrdquo Then it is the relevant ID
bull type_sighting (Optional[str]) ndash Type of sighting
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull publish_timestamp (Union[date int str float NoneTuple[Union[date int str float None] Union[date int str floatNone]]]) ndash Restrict the results by the last publish timestamp (newer than)
bull org (Optional[~SearchType]) ndash Search by the creator organisation by supplying theorganisation identifier
bull source (Optional[str]) ndash Source of the sighting
bull include_attribute (Optional[bool]) ndash Include the attribute
bull include_event_meta (Optional[bool]) ndash Include the meta information of theevent
Deprecated
Parameters last (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash synonym for pub-lish_timestamp
Example
21 PyMISP 19
PyMISP Documentation Release main
gtgtgt mispsearch_sightings(publish_timestamp=30d) search sightings for therarr˓last 30 days on the instance[ ]gtgtgt mispsearch_sightings(context=attribute context_id=6 include_rarr˓attribute=True) return list of sighting for attribute 6 along with therarr˓attribute itself[ ]gtgtgt mispsearch_sightings(context=event context_id=17 include_event_rarr˓meta=True org=2) return list of sighting for event 17 filtered with orgrarr˓id 2
Return type Union[Dict List[Dict[str Union[MISPEvent MISPAttributeMISPSighting]]]]
server_pull(server event=None)Initialize a pull from a sync server
Return type Dict
server_push(server event=None)Initialize a push to a sync server
Return type Dict
servers(pythonify=False)Get the existing servers the MISP instance can synchronise with
Return type Union[Dict List[MISPServer]]
set_user_setting(user_setting value user=None pythonify=False)Get an user setting
Return type Union[Dict MISPUserSetting]
sharing_groups(pythonify=False)Get the existing sharing groups
Return type Union[Dict List[MISPSharingGroup]]
sightings(misp_entity=None org=None pythonify=False)Get the list of sighting related to a MISPEvent or a MISPAttribute (depending on type of misp_entity)
Return type Union[Dict List[MISPSighting]]
tag(misp_entity tag local=False)Tag an event or an attribute misp_entity can be a MISPEvent a MISP Attribute or a UUID
Return type Dict
tags(pythonify=False)Get the list of existing tags
Return type Union[Dict List[MISPTag]]
tags_statistics(percentage=False name_sort=False)Get tags statistics from the MISP instance
Return type Dict
taxonomies(pythonify=False)Get all the taxonomies
Return type Union[Dict List[MISPTaxonomy]]
20 Chapter 2 pymisp
PyMISP Documentation Release main
toggle_warninglist(warninglist_id=None warninglist_name=None force_enable=False)Toggle (enabledisable) the status of a warninglist by ID type warninglist_id Union[str intList[int] None] param warninglist_id ID of the WarningList type force_enable bool paramforce_enable Force the warning list in the enabled state (does nothing is already enabled)
Return type Dict
untag(misp_entity tag)Untag an event or an attribute misp_entity can be a UUID
Return type Dict
update_attribute(attribute attribute_id=None pythonify=False)Update an attribute on a MISP instance
Return type Union[Dict MISPAttribute MISPShadowAttribute]
update_attribute_proposal(initial_attribute attribute pythonify=False)Propose a change for an attribute
Return type Union[Dict MISPShadowAttribute]
update_event(event event_id=None pythonify=False)Update an event on a MISP instance
Return type Union[Dict MISPEvent]
update_event_blacklist(event_blacklist event_blacklist_id=None pythonify=False)Update an event in the blacklist
Return type Union[Dict MISPEventBlacklist]
update_feed(feed feed_id=None pythonify=False)Update a feed on a MISP instance
Return type Union[Dict MISPFeed]
update_galaxies()Update all the galaxies
Return type Dict
update_noticelists()Update all the noticelists
Return type Dict
update_object(misp_object object_id=None pythonify=False)Update an object on a MISP instance
Return type Union[Dict MISPObject]
update_object_templates()Trigger an update of the object templates
Return type Dict
update_organisation(organisation organisation_id=None pythonify=False)Update an organisation
Return type Union[Dict MISPOrganisation]
update_organisation_blacklist(organisation_blacklist organisation_blacklist_id=Nonepythonify=False)
Update an organisation in the blacklist
Return type Union[Dict MISPOrganisationBlacklist]
21 PyMISP 21
PyMISP Documentation Release main
update_server(server server_id=None pythonify=False)Update a server to synchronise with
Return type Union[Dict MISPServer]
update_tag(tag tag_id=None pythonify=False)Edit only the provided parameters of a tag
Return type Union[Dict MISPTag]
update_taxonomies()Update all the taxonomies
Return type Dict
update_user(user user_id=None pythonify=False)Update an event on a MISP instance
Return type Union[Dict MISPUser]
update_warninglists()Update all the warninglists
Return type Dict
upload_stix(path version=2)Upload a STIX file to MISP param path Path to the STIX on the disk (can be a path-like object or apseudofile) type version str param version Can be 1 or 2
user_registrations(pythonify=False)Get all the user registrations
Return type Union[Dict List[MISPInbox]]
user_settings(pythonify=False)Get all the user settings
Return type Union[Dict List[MISPUserSetting]]
users(pythonify=False)Get all the users
Return type Union[Dict List[MISPUser]]
users_statistics(context=data)Get users statistics from the MISP instance
Return type Dict
values_in_warninglist(value)Check if IOC values are in warninglist
Return type Dict
property versionReturns the version of PyMISP yoursquore curently using
Return type Dict
warninglists(pythonify=False)Get all the warninglists
Return type Union[Dict List[MISPWarninglist]]
22 Chapter 2 pymisp
PyMISP Documentation Release main
22 PyMISPExpanded (Python 36+ only)
pymispExpandedPyMISPalias of pymispapiPyMISP
23 MISPAbstract
class pymispAbstractMISP(kwargs)
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
Return type None
from_json(json_string)Load a JSON string
Return type None
jsonable()This method is used by the JSON encoder
Return type Dict
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
22 PyMISPExpanded (Python 36+ only) 23
PyMISP Documentation Release main
24 MISPEncode
class pymispMISPEncode(args kwargs)
default(obj)Implement this method in a subclass such that it returns a serializable object for o or calls the baseimplementation (to raise a TypeError)
For example to support arbitrary iterators you could implement default like this
def default(self o)try
iterable = iter(o)except TypeError
passelse
return list(iterable) Let the base class default method raise the TypeErrorreturn JSONEncoderdefault(self o)
25 MISPEvent
class pymispMISPEvent(describe_types=None strict_validation=False kwargs)
add_attribute(type value kwargs)Add an attribute type and value are required but you can pass all other parameters supported by MISPAt-tribute
Return type Union[MISPAttribute List[MISPAttribute]]
add_attribute_tag(tag attribute_identifier)Add a tag to an existing attribute raise an Exception if the attribute doesnrsquot exists tag Tag name as astring MISPTag instance or dictionary attribute_identifier can be an ID UUID or the value
Return type List[MISPAttribute]
add_object(obj=None kwargs)Add an object to the Event either by passing a MISPObject or a dictionary
Return type MISPObject
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a tag to the attribute (by name or a MISPTag object)
Return type MISPShadowAttribute
clear()rarr None Remove all items from D
delete_attribute(attribute_id)Delete an attribute you can search by ID or UUID
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
24 Chapter 2 pymisp
PyMISP Documentation Release main
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attribute_tag(attribute_identifier)Return the tags associated to an attribute or an object attribute attribute_identifier can be an ID UUIDor the value
Return type List[MISPTag]
get_object_by_id(object_id)Get an object by ID (the ID is the one set by the server when creating the new object)
Return type MISPObject
get_object_by_uuid(object_uuid)Get an object by UUID (UUID is set by the server when creating the new object)
Return type MISPObject
get_objects_by_name(object_name)Get an object by UUID (UUID is set by the server when creating the new object)
Return type List[MISPObject]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
load(json_event validate=False metadata_only=False)Load a JSON dump from a pseudo file or a JSON string
load_file(event_path validate=False metadata_only=False)Load a JSON dump from a file on the disk
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
publish()Mark the attribute as published
set_date(d=None ignore_invalid=False)Set a date for the event (string datetime or date object)
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
25 MISPEvent 25
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Event
Return type List[MISPTag]
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_feed(valid_distributions=[0 1 2 3 4 5] with_meta=False)Generate a json output for MISP Feed Notes
bull valid_distributions only makes sense if the distribution key is set (ie the event is exported from aMISP instance)
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
unpublish()Mark the attribute as un-published (set publish flag to false)
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
26 MISPAttribute
class pymispMISPAttribute(describe_types=None strict=False)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
26 Chapter 2 pymisp
PyMISP Documentation Release main
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
26 MISPAttribute 27
PyMISP Documentation Release main
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
27 MISPObject
class pymispMISPObject(name strict=False standalone=True default_attributes_parameters=kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
28 Chapter 2 pymisp
PyMISP Documentation Release main
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
28 MISPObjectAttribute
class pymispMISPObjectAttribute(definition)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
28 MISPObjectAttribute 29
PyMISP Documentation Release main
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(object_relation value kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
30 Chapter 2 pymisp
PyMISP Documentation Release main
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
29 MISPObjectReference
class pymispMISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
29 MISPObjectReference 31
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
210 MISPTag
class pymispMISPTag(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
32 Chapter 2 pymisp
PyMISP Documentation Release main
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
211 MISPUser
class pymispMISPUser(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
211 MISPUser 33
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation
class pymispMISPOrganisation
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
34 Chapter 2 pymisp
PyMISP Documentation Release main
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation 35
PyMISP Documentation Release main
36 Chapter 2 pymisp
CHAPTER
THREE
PYMISP - TOOLS
31 File Object
class pymisptoolsFileObject(filepath=None pseudofile=None filename=None kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Contains the logic where all the values of the object are gathered
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
37
PyMISP Documentation Release main
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
32 ELF Object
33 PE Object
34 Mach-O Object
35 VT Report Object
class pymisptoolsVTReportObject(apikey indicator vt_proxies=None kwargs)VirusTotal Report
Apikey VirusTotal API key (private works but only public features are supported right now)
38 Chapter 3 pymisp - Tools
PyMISP Documentation Release main
Indicator IOC to search VirusTotal for
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Parse the VirusTotal report for relevant attributes
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
35 VT Report Object 39
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
36 STIX
pymisptoolsstixload_stix(stix distribution=3 threat_level_id=2 analysis=0)Returns a MISPEvent object from a STIX package
pymisptoolsstixmake_stix_package(misp_event to_json=False to_xml=False)Returns a STIXPackage from a MISPEvent
Optionally can return the package in json or xml
37 OpenIOC
toolsload_openioc()
toolsload_openioc_file()
40 Chapter 3 pymisp - Tools
CHAPTER
FOUR
INDICES AND TABLES
bull genindex
bull modindex
bull search
41
PyMISP Documentation Release main
42 Chapter 4 Indices and tables
PYTHON MODULE INDEX
ppymisp 7pymisptools 37pymisptoolsstix 40
43
PyMISP Documentation Release main
44 Python Module Index
INDEX
AAbstractMISP (class in pymisp) 23accept_attribute_proposal()
(pymispPyMISP method) 7add_attribute() (pymispMISPEvent method) 24add_attribute() (pymispMISPObject method) 28add_attribute() (pymispPyMISP method) 7add_attribute() (pymisptoolsFileObject method)
37add_attribute() (pymisptoolsVTReportObject
method) 39add_attribute_proposal() (pymispPyMISP
method) 7add_attribute_tag() (pymispMISPEvent
method) 24add_attributes() (pymispMISPObject method)
28add_attributes() (pymisptoolsFileObject
method) 37add_attributes() (pymisptoolsVTReportObject
method) 39add_event() (pymispPyMISP method) 7add_event_blacklist() (pymispPyMISP
method) 8add_feed() (pymispPyMISP method) 8add_object() (pymispMISPEvent method) 24add_object() (pymispPyMISP method) 8add_object_reference() (pymispPyMISP
method) 8add_org_to_sharing_group() (pymispPyMISP
method) 8add_organisation() (pymispPyMISP method) 8add_organisation_blacklist()
(pymispPyMISP method) 8add_proposal() (pymispMISPAttribute method) 26add_proposal() (pymispMISPEvent method) 24add_proposal() (pymispMISPObjectAttribute
method) 29add_reference() (pymispMISPObject method) 28add_reference() (pymisptoolsFileObject method)
37add_reference() (pymisptoolsVTReportObject
method) 39add_server() (pymispPyMISP method) 8add_server_to_sharing_group()
(pymispPyMISP method) 8add_shadow_attribute() (pymispMISPAttribute
method) 26add_shadow_attribute() (pymispMISPEvent
method) 24add_shadow_attribute()
(pymispMISPObjectAttribute method) 29add_sharing_group() (pymispPyMISP method) 8add_sighting() (pymispMISPAttribute method) 26add_sighting() (pymispMISPObjectAttribute
method) 29add_sighting() (pymispPyMISP method) 8add_tag() (pymispPyMISP method) 8add_user() (pymispPyMISP method) 9attributes_statistics() (pymispPyMISP
method) 9
Bbuild_complex_query() (pymispPyMISP
method) 9
Ccache_all_feeds() (pymispPyMISP method) 9cache_feed() (pymispPyMISP method) 9cache_freetext_feeds() (pymispPyMISP
method) 9cache_misp_feeds() (pymispPyMISP method) 9change_sharing_group_on_entity()
(pymispPyMISP method) 9change_user_password() (pymispPyMISP
method) 9clear() (pymispMISPAttribute method) 26clear() (pymispMISPEvent method) 24clear() (pymispMISPObject method) 28clear() (pymispMISPObjectAttribute method) 29clear() (pymispMISPObjectReference method) 31clear() (pymispMISPOrganisation method) 34clear() (pymispMISPTag method) 32clear() (pymispMISPUser method) 33
45
PyMISP Documentation Release main
clear() (pymisptoolsFileObject method) 37clear() (pymisptoolsVTReportObject method) 39communities() (pymispPyMISP method) 9compare_feeds() (pymispPyMISP method) 9contact_event_reporter() (pymispPyMISP
method) 9
Ddefault() (pymispMISPEncode method) 24delegate_event() (pymispPyMISP method) 10delete() (pymispMISPAttribute method) 26delete() (pymispMISPObjectAttribute method) 30delete_attribute() (pymispMISPEvent method)
24delete_attribute() (pymispPyMISP method) 10delete_attribute_proposal()
(pymispPyMISP method) 10delete_event() (pymispPyMISP method) 10delete_event_blacklist() (pymispPyMISP
method) 10delete_feed() (pymispPyMISP method) 10delete_object() (pymispPyMISP method) 10delete_object_reference() (pymispPyMISP
method) 10delete_organisation() (pymispPyMISP
method) 10delete_organisation_blacklist()
(pymispPyMISP method) 10delete_server() (pymispPyMISP method) 10delete_sharing_group() (pymispPyMISP
method) 10delete_sighting() (pymispPyMISP method) 10delete_tag() (pymispPyMISP method) 11delete_user() (pymispPyMISP method) 11delete_user_setting() (pymispPyMISP
method) 11describe_types_local() (pymispPyMISP prop-
erty) 11describe_types_remote() (pymispPyMISP
property) 11direct_call() (pymispPyMISP method) 11disable_feed() (pymispPyMISP method) 11disable_feed_cache() (pymispPyMISP method)
11disable_noticelist() (pymispPyMISP method)
11disable_tag() (pymispPyMISP method) 11disable_taxonomy() (pymispPyMISP method) 11disable_taxonomy_tags() (pymispPyMISP
method) 11disable_warninglist() (pymispPyMISP
method) 11discard_attribute_proposal()
(pymispPyMISP method) 12
Eedited() (pymispAbstractMISP property) 23edited() (pymispMISPAttribute property) 26edited() (pymispMISPEvent property) 24edited() (pymispMISPObject property) 28edited() (pymispMISPObjectAttribute property) 30edited() (pymispMISPObjectReference property) 31edited() (pymispMISPOrganisation property) 34edited() (pymispMISPTag property) 32edited() (pymispMISPUser property) 33edited() (pymisptoolsFileObject property) 37edited() (pymisptoolsVTReportObject property) 39enable_feed() (pymispPyMISP method) 12enable_feed_cache() (pymispPyMISP method)
12enable_noticelist() (pymispPyMISP method)
12enable_tag() (pymispPyMISP method) 12enable_taxonomy() (pymispPyMISP method) 12enable_taxonomy_tags() (pymispPyMISP
method) 12enable_warninglist() (pymispPyMISP method)
12event_blacklists() (pymispPyMISP method) 12event_delegations() (pymispPyMISP method)
12ExpandedPyMISP (in module pymisp) 23
Ffeeds() (pymispPyMISP method) 12fetch_feed() (pymispPyMISP method) 12FileObject (class in pymisptools) 37freetext() (pymispPyMISP method) 12from_dict() (pymispAbstractMISP method) 23from_dict() (pymispMISPAttribute method) 27from_dict() (pymispMISPEvent method) 25from_dict() (pymispMISPObject method) 28from_dict() (pymispMISPObjectAttribute method)
30from_dict() (pymispMISPObjectReference method)
31from_dict() (pymispMISPOrganisation method) 34from_dict() (pymispMISPTag method) 32from_dict() (pymispMISPUser method) 33from_dict() (pymisptoolsFileObject method) 37from_dict() (pymisptoolsVTReportObject method)
39from_json() (pymispAbstractMISP method) 23from_json() (pymispMISPAttribute method) 27from_json() (pymispMISPEvent method) 25from_json() (pymispMISPObject method) 28from_json() (pymispMISPObjectAttribute method)
30
46 Index
PyMISP Documentation Release main
from_json() (pymispMISPObjectReference method)31
from_json() (pymispMISPOrganisation method) 34from_json() (pymispMISPTag method) 32from_json() (pymispMISPUser method) 33from_json() (pymisptoolsFileObject method) 37from_json() (pymisptoolsVTReportObject method)
39
Ggalaxies() (pymispPyMISP method) 12generate_attributes() (pymisptoolsFileObject
method) 37generate_attributes()
(pymisptoolsVTReportObject method)39
get() (pymispMISPAttribute method) 27get() (pymispMISPEvent method) 25get() (pymispMISPObject method) 28get() (pymispMISPObjectAttribute method) 30get() (pymispMISPObjectReference method) 31get() (pymispMISPOrganisation method) 34get() (pymispMISPTag method) 32get() (pymispMISPUser method) 33get() (pymisptoolsFileObject method) 37get() (pymisptoolsVTReportObject method) 39get_all_functions() (pymispPyMISP method)
13get_attribute() (pymispPyMISP method) 13get_attribute_tag() (pymispMISPEvent
method) 25get_attributes_by_relation()
(pymispMISPObject method) 28get_attributes_by_relation()
(pymisptoolsFileObject method) 37get_attributes_by_relation()
(pymisptoolsVTReportObject method)39
get_community() (pymispPyMISP method) 13get_event() (pymispPyMISP method) 13get_feed() (pymispPyMISP method) 13get_galaxy() (pymispPyMISP method) 13get_noticelist() (pymispPyMISP method) 13get_object() (pymispPyMISP method) 13get_object_by_id() (pymispMISPEvent method)
25get_object_by_uuid() (pymispMISPEvent
method) 25get_object_template() (pymispPyMISP
method) 13get_objects_by_name() (pymispMISPEvent
method) 25get_organisation() (pymispPyMISP method) 13get_sync_config() (pymispPyMISP method) 13
get_tag() (pymispPyMISP method) 13get_taxonomy() (pymispPyMISP method) 13get_user() (pymispPyMISP method) 13get_user_setting() (pymispPyMISP method) 14get_warninglist() (pymispPyMISP method) 14
Hhas_attributes_by_relation()
(pymispMISPObject method) 28has_attributes_by_relation()
(pymisptoolsFileObject method) 37has_attributes_by_relation()
(pymisptoolsVTReportObject method)39
hash_values() (pymispMISPAttribute method) 27hash_values() (pymispMISPObjectAttribute
method) 30
Iimport_server() (pymispPyMISP method) 14items() (pymispMISPAttribute method) 27items() (pymispMISPEvent method) 25items() (pymispMISPObject method) 29items() (pymispMISPObjectAttribute method) 30items() (pymispMISPObjectReference method) 31items() (pymispMISPOrganisation method) 34items() (pymispMISPTag method) 32items() (pymispMISPUser method) 33items() (pymisptoolsFileObject method) 38items() (pymisptoolsVTReportObject method) 39
Jjsonable() (pymispAbstractMISP method) 23jsonable() (pymispMISPAttribute method) 27jsonable() (pymispMISPEvent method) 25jsonable() (pymispMISPObject method) 29jsonable() (pymispMISPObjectAttribute method)
30jsonable() (pymispMISPObjectReference method)
31jsonable() (pymispMISPOrganisation method) 34jsonable() (pymispMISPTag method) 32jsonable() (pymispMISPUser method) 33jsonable() (pymisptoolsFileObject method) 38jsonable() (pymisptoolsVTReportObject method)
39
Kkeys() (pymispMISPAttribute method) 27keys() (pymispMISPEvent method) 25keys() (pymispMISPObject method) 29keys() (pymispMISPObjectAttribute method) 30keys() (pymispMISPObjectReference method) 31keys() (pymispMISPOrganisation method) 34
Index 47
PyMISP Documentation Release main
keys() (pymispMISPTag method) 32keys() (pymispMISPUser method) 33keys() (pymisptoolsFileObject method) 38keys() (pymisptoolsVTReportObject method) 39known_types() (pymispMISPAttribute property) 27known_types() (pymispMISPObjectAttribute prop-
erty) 30
Lload() (pymispMISPEvent method) 25load_default_feeds() (pymispPyMISP method)
14load_file() (pymispMISPEvent method) 25load_openioc() (pymisptools method) 40load_openioc_file() (pymisptools method) 40load_stix() (in module pymisptoolsstix) 40
Mmake_stix_package() (in module
pymisptoolsstix) 40malware_binary() (pymispMISPAttribute prop-
erty) 27malware_binary() (pymispMISPObjectAttribute
property) 30misp_instance_version() (pymispPyMISP
property) 14misp_instance_version_master()
(pymispPyMISP property) 14MISPAttribute (class in pymisp) 26MISPEncode (class in pymisp) 24MISPEvent (class in pymisp) 24MISPObject (class in pymisp) 28MISPObjectAttribute (class in pymisp) 29MISPObjectReference (class in pymisp) 31MISPOrganisation (class in pymisp) 34MISPTag (class in pymisp) 32MISPUser (class in pymisp) 33module
pymisp 7pymisptools 37pymisptoolsstix 40
Nnoticelists() (pymispPyMISP method) 14
Oobject_templates() (pymispPyMISP method) 14organisation_blacklists() (pymispPyMISP
method) 14organisations() (pymispPyMISP method) 14
Ppop() (pymispMISPAttribute method) 27
pop() (pymispMISPEvent method) 25pop() (pymispMISPObject method) 29pop() (pymispMISPObjectAttribute method) 30pop() (pymispMISPObjectReference method) 31pop() (pymispMISPOrganisation method) 34pop() (pymispMISPTag method) 32pop() (pymispMISPUser method) 33pop() (pymisptoolsFileObject method) 38pop() (pymisptoolsVTReportObject method) 39popitem() (pymispMISPAttribute method) 27popitem() (pymispMISPEvent method) 25popitem() (pymispMISPObject method) 29popitem() (pymispMISPObjectAttribute method) 30popitem() (pymispMISPObjectReference method) 31popitem() (pymispMISPOrganisation method) 34popitem() (pymispMISPTag method) 32popitem() (pymispMISPUser method) 33popitem() (pymisptoolsFileObject method) 38popitem() (pymisptoolsVTReportObject method) 39publish() (pymispMISPEvent method) 25publish() (pymispPyMISP method) 14push_event_to_ZMQ() (pymispPyMISP method)
14pymisp
module 7PyMISP (class in pymisp) 7pymisptools
module 37pymisptoolsstix
module 40pymisp_version_main() (pymispPyMISP prop-
erty) 15
Rrecommended_pymisp_version()
(pymispPyMISP property) 15remote_acl() (pymispPyMISP method) 15remove_org_from_sharing_group()
(pymispPyMISP method) 15remove_server_from_sharing_group()
(pymispPyMISP method) 15roles() (pymispPyMISP method) 15
Ssearch() (pymispPyMISP method) 15search_feeds() (pymispPyMISP method) 17search_index() (pymispPyMISP method) 18search_logs() (pymispPyMISP method) 18search_sightings() (pymispPyMISP method) 19server_pull() (pymispPyMISP method) 20server_push() (pymispPyMISP method) 20servers() (pymispPyMISP method) 20set_date() (pymispMISPEvent method) 25
48 Index
PyMISP Documentation Release main
set_not_jsonable() (pymispAbstractMISPmethod) 23
set_not_jsonable() (pymispMISPAttributemethod) 27
set_not_jsonable() (pymispMISPEvent method)25
set_not_jsonable() (pymispMISPObjectmethod) 29
set_not_jsonable() (pymispMISPObjectAttributemethod) 30
set_not_jsonable()(pymispMISPObjectReference method)31
set_not_jsonable() (pymispMISPOrganisationmethod) 35
set_not_jsonable() (pymispMISPTag method)32
set_not_jsonable() (pymispMISPUser method)33
set_not_jsonable() (pymisptoolsFileObjectmethod) 38
set_not_jsonable()(pymisptoolsVTReportObject method)39
set_user_setting() (pymispPyMISP method) 20setdefault() (pymispMISPAttribute method) 27setdefault() (pymispMISPEvent method) 25setdefault() (pymispMISPObject method) 29setdefault() (pymispMISPObjectAttribute
method) 30setdefault() (pymispMISPObjectReference
method) 31setdefault() (pymispMISPOrganisation method)
35setdefault() (pymispMISPTag method) 33setdefault() (pymispMISPUser method) 34setdefault() (pymisptoolsFileObject method) 38setdefault() (pymisptoolsVTReportObject
method) 40sharing_groups() (pymispPyMISP method) 20sightings() (pymispPyMISP method) 20
Ttag() (pymispPyMISP method) 20tags() (pymispMISPAttribute property) 27tags() (pymispMISPEvent property) 26tags() (pymispMISPObjectAttribute property) 30tags() (pymispPyMISP method) 20tags_statistics() (pymispPyMISP method) 20taxonomies() (pymispPyMISP method) 20to_dict() (pymispAbstractMISP method) 23to_dict() (pymispMISPAttribute method) 27to_dict() (pymispMISPEvent method) 26to_dict() (pymispMISPObject method) 29
to_dict() (pymispMISPObjectAttribute method) 30to_dict() (pymispMISPObjectReference method) 32to_dict() (pymispMISPOrganisation method) 35to_dict() (pymispMISPTag method) 33to_dict() (pymispMISPUser method) 34to_dict() (pymisptoolsFileObject method) 38to_dict() (pymisptoolsVTReportObject method) 40to_feed() (pymispMISPEvent method) 26to_json() (pymispAbstractMISP method) 23to_json() (pymispMISPAttribute method) 27to_json() (pymispMISPEvent method) 26to_json() (pymispMISPObject method) 29to_json() (pymispMISPObjectAttribute method) 31to_json() (pymispMISPObjectReference method) 32to_json() (pymispMISPOrganisation method) 35to_json() (pymispMISPTag method) 33to_json() (pymispMISPUser method) 34to_json() (pymisptoolsFileObject method) 38to_json() (pymisptoolsVTReportObject method) 40toggle_warninglist() (pymispPyMISP method)
20
Uunpublish() (pymispMISPEvent method) 26untag() (pymispPyMISP method) 21update() (pymispMISPAttribute method) 28update() (pymispMISPEvent method) 26update() (pymispMISPObject method) 29update() (pymispMISPObjectAttribute method) 31update() (pymispMISPObjectReference method) 32update() (pymispMISPOrganisation method) 35update() (pymispMISPTag method) 33update() (pymispMISPUser method) 34update() (pymisptoolsFileObject method) 38update() (pymisptoolsVTReportObject method) 40update_attribute() (pymispPyMISP method) 21update_attribute_proposal()
(pymispPyMISP method) 21update_event() (pymispPyMISP method) 21update_event_blacklist() (pymispPyMISP
method) 21update_feed() (pymispPyMISP method) 21update_galaxies() (pymispPyMISP method) 21update_not_jsonable() (pymispAbstractMISP
method) 23update_not_jsonable() (pymispMISPAttribute
method) 28update_not_jsonable() (pymispMISPEvent
method) 26update_not_jsonable() (pymispMISPObject
method) 29update_not_jsonable()
(pymispMISPObjectAttribute method) 31
Index 49
PyMISP Documentation Release main
update_not_jsonable()(pymispMISPObjectReference method)32
update_not_jsonable()(pymispMISPOrganisation method) 35
update_not_jsonable() (pymispMISPTagmethod) 33
update_not_jsonable() (pymispMISPUsermethod) 34
update_not_jsonable() (pymisptoolsFileObjectmethod) 38
update_not_jsonable()(pymisptoolsVTReportObject method)40
update_noticelists() (pymispPyMISP method)21
update_object() (pymispPyMISP method) 21update_object_templates() (pymispPyMISP
method) 21update_organisation() (pymispPyMISP
method) 21update_organisation_blacklist()
(pymispPyMISP method) 21update_server() (pymispPyMISP method) 22update_tag() (pymispPyMISP method) 22update_taxonomies() (pymispPyMISP method)
22update_user() (pymispPyMISP method) 22update_warninglists() (pymispPyMISP
method) 22upload_stix() (pymispPyMISP method) 22user_registrations() (pymispPyMISP method)
22user_settings() (pymispPyMISP method) 22users() (pymispPyMISP method) 22users_statistics() (pymispPyMISP method) 22
Vvalues() (pymispMISPAttribute method) 28values() (pymispMISPEvent method) 26values() (pymispMISPObject method) 29values() (pymispMISPObjectAttribute method) 31values() (pymispMISPObjectReference method) 32values() (pymispMISPOrganisation method) 35values() (pymispMISPTag method) 33values() (pymispMISPUser method) 34values() (pymisptoolsFileObject method) 38values() (pymisptoolsVTReportObject method) 40values_in_warninglist() (pymispPyMISP
method) 22version() (pymispPyMISP property) 22VTReportObject (class in pymisptools) 38
Wwarninglists() (pymispPyMISP method) 22
50 Index
- README
- pymisp
- PyMISP
- PyMISPExpanded (Python 36+ only)
- MISPAbstract
- MISPEncode
- MISPEvent
- MISPAttribute
- MISPObject
- MISPObjectAttribute
- MISPObjectReference
- MISPTag
- MISPUser
- MISPOrganisation
- pymisp - Tools
- File Object
- ELF Object
- PE Object
- Mach-O Object
- VT Report Object
- STIX
- OpenIOC
- Indices and tables
- Python Module Index
- Index
PyMISP Documentation Release main
Creating a new MISP object generator should be done using a pre-defined template and inherit AbstractMISPObject-Generator
Your new MISPObject generator need to generate attributes and add them as class properties using add_attribute
When the object is sent to MISP all the class properties will be exported to the JSON export
5
PyMISP Documentation Release main
6 Chapter 1 README
CHAPTER
TWO
PYMISP
21 PyMISP
class pymispPyMISP(url key ssl=True debug=False proxies= cert=None auth=None tool=timeout=None)
Python API for MISP
Parameters
bull url (str) ndash URL of the MISP instance you want to connect to
bull key (str) ndash API key of the user you want to use
bull ssl (bool) ndash can be True or False (to check or to not check the validity of the certificateOr a CA_BUNDLE in case of self signed or other certificate (the concatenation of all thecrt of the chain)
bull debug (bool) ndash Write all the debug information to stderr
bull proxies (Mapping) ndash Proxy dict as describes here httpdocspython-requestsorgenmasteruseradvancedproxies
bull cert (Optional[Tuple[str tuple]]) ndash Client certificate as described there httpdocspython-requestsorgenmasteruseradvancedclient-side-certificates
bull auth (Optional[AuthBase]) ndash The auth parameter is passed directly to requests asdescribed here httpdocspython-requestsorgenmasteruserauthentication
bull tool (str) ndash The software using PyMISP (string) used to set a unique user-agent
bull timeout (Union[float Tuple[float float] None]) ndash Timeout as describedhere httpsrequestsreadthedocsioenmasteruseradvancedtimeouts
accept_attribute_proposal(proposal)Accept a proposal
Return type Dict
add_attribute(event attribute pythonify=False)Add an attribute to an existing MISP event NOTE MISP 24113+ you can pass a list of attributes Inthat case the pythonified response is the following lsquoattributesrsquo [MISPAttribute] lsquoerrorsrsquo errors byattributes
Return type Union[Dict MISPAttribute MISPShadowAttribute]
add_attribute_proposal(event attribute pythonify=False)Propose a new attribute in an event
Return type Union[Dict MISPShadowAttribute]
7
PyMISP Documentation Release main
add_event(event pythonify=False)Add a new event on a MISP instance
Return type Union[Dict MISPEvent]
add_event_blacklist(uuids comment=None event_info=None event_orgc=None)Add a new event in the blacklist
Return type Dict
add_feed(feed pythonify=False)Add a new feed on a MISP instance
Return type Union[Dict MISPFeed]
add_object(event misp_object pythonify=False)Add a MISP Object to an existing MISP event
Return type Union[Dict MISPObject]
add_object_reference(misp_object_reference pythonify=False)Add a reference to an object
Return type Union[Dict MISPObjectReference]
add_org_to_sharing_group(sharing_group organisation extend=False)Add an organisation to a sharing group sharing_group Sharing grouprsquos local instance ID or Sharinggrouprsquos global UUID organisation Organisationrsquos local instance ID or Organisationrsquos global UUID orOrganisationrsquos name as known to the curent instance extend Allow the organisation to extend the group
Return type Dict
add_organisation(organisation pythonify=False)Add an organisation
Return type Union[Dict MISPOrganisation]
add_organisation_blacklist(uuids comment=None org_name=None)Add a new organisation in the blacklist
Return type Dict
add_server(server pythonify=False)Add a server to synchronise with Note You probably want to use ExpandedPyMISPget_sync_config andExpandedPyMISPimport_server instead
Return type Union[Dict MISPServer]
add_server_to_sharing_group(sharing_group server all_orgs=False)Add a server to a sharing group sharing_group Sharing grouprsquos local instance ID or Sharing grouprsquosglobal UUID server Serverrsquos local instance ID or URL of the Server or Serverrsquos name as known to thecurent instance all_orgs Add all the organisations of the server to the group
Return type Dict
add_sharing_group(sharing_group pythonify=False)Add a new sharing group
Return type Union[Dict MISPSharingGroup]
add_sighting(sighting attribute=None pythonify=False)Add a new sighting (globally or to a specific attribute)
Return type Union[Dict MISPSighting]
8 Chapter 2 pymisp
PyMISP Documentation Release main
add_tag(tag pythonify=False)Add a new tag on a MISP instance Notes
bull The user calling this method needs the Tag Editor permission
bull It doesnrsquot add a tag to an event simply create it on a MISP instance
Return type Union[Dict MISPTag]
add_user(user pythonify=False)Add a new user
Return type Union[Dict MISPUser]
attributes_statistics(context=type percentage=False)Get attributes statistics from the MISP instance
Return type Dict
build_complex_query(or_parameters=None and_parameters=None not_parameters=None)Build a complex search query MISP expects a dictionary with AND OR and NOT keys
Return type Dict[str List[~SearchType]]
cache_all_feeds()Cache all the feeds
Return type Dict
cache_feed(feed)Cache a specific feed
Return type Dict
cache_freetext_feeds()Cache all the freetext feeds
Return type Dict
cache_misp_feeds()Cache all the MISP feeds
Return type Dict
change_sharing_group_on_entity(misp_entity sharing_group_id pythonify=False)Change the sharing group of an event an attribute or an object
Return type Union[Dict MISPEvent MISPObject MISPAttributeMISPShadowAttribute]
change_user_password(new_password)Thange the password of the curent user
Return type Dict
communities(pythonify=False)Get all the communities
Return type Union[Dict List[MISPCommunity]]
compare_feeds()Generate the comparison matrix for all the MISP feeds
Return type Dict
21 PyMISP 9
PyMISP Documentation Release main
contact_event_reporter(event message)Send a message to the reporter of an event
Return type Dict
delegate_event(event=None organisation=None event_delegation=None distribution=- 1 mes-sage= pythonify=False)
Note distribution == -1 means recipient decides
Return type Union[Dict MISPEventDelegation]
delete_attribute(attribute hard=False)Delete an attribute from a MISP instance
Return type Dict
delete_attribute_proposal(attribute)Propose the deletion of an attribute
Return type Dict
delete_event(event)Delete an event from a MISP instance
Return type Dict
delete_event_blacklist(event_blacklist)Delete a blacklisted event
Return type Dict
delete_feed(feed)Delete a feed from a MISP instance
Return type Dict
delete_object(misp_object)Delete an object from a MISP instance
Return type Dict
delete_object_reference(object_reference)Delete a reference to an object
Return type Dict
delete_organisation(organisation)Delete an organisation
Return type Dict
delete_organisation_blacklist(organisation_blacklist)Delete a blacklisted organisation
Return type Dict
delete_server(server)Delete a sync server
Return type Dict
delete_sharing_group(sharing_group)Delete a sharing group
Return type Dict
10 Chapter 2 pymisp
PyMISP Documentation Release main
delete_sighting(sighting)Delete a sighting from a MISP instance
Return type Dict
delete_tag(tag)Delete an attribute from a MISP instance
Return type Dict
delete_user(user)Delete a user
Return type Dict
delete_user_setting(user_setting user=None)Delete a user setting
Return type Dict
property describe_types_localReturns the content of describe types from the package
Return type Dict
property describe_types_remoteReturns the content of describe types from the remote instance
Return type Dict
direct_call(url data=None params= kw_params=)Very lightweight call that posts a data blob (python dictionary or json string) on the URL
Return type Any
disable_feed(feed pythonify=False)Disable a feed
Return type Union[Dict MISPFeed]
disable_feed_cache(feed pythonify=False)Disable the caching of a feed
Return type Union[Dict MISPFeed]
disable_noticelist(noticelist)Disable a noticelist by id
Return type Dict
disable_tag(tag pythonify=False)Disable a tag
Return type Union[Dict MISPTag]
disable_taxonomy(taxonomy)Disable a taxonomy
Return type Dict
disable_taxonomy_tags(taxonomy)Disable all the tags of a taxonomy
Return type Dict
disable_warninglist(warninglist)Disable a warninglist
21 PyMISP 11
PyMISP Documentation Release main
Return type Dict
discard_attribute_proposal(proposal)Discard a proposal
Return type Dict
enable_feed(feed pythonify=False)Enable a feed (fetching it will create event(s)
Return type Union[Dict MISPFeed]
enable_feed_cache(feed pythonify=False)Enable the caching of a feed
Return type Union[Dict MISPFeed]
enable_noticelist(noticelist)Enable a noticelist by id
Return type Dict
enable_tag(tag pythonify=False)Enable a tag
Return type Union[Dict MISPTag]
enable_taxonomy(taxonomy)Enable a taxonomy
Return type Dict
enable_taxonomy_tags(taxonomy)Enable all the tags of a taxonomy NOTE this automatically done when you call enable_taxonomy
Return type Dict
enable_warninglist(warninglist)Enable a warninglist
Return type Dict
event_blacklists(pythonify=False)Get all the blacklisted events
Return type Union[Dict List[MISPEventBlacklist]]
event_delegations(pythonify=False)Get all the event delegations
Return type Union[Dict List[MISPEventDelegation]]
feeds(pythonify=False)Get the list of existing feeds
Return type Union[Dict List[MISPFeed]]
fetch_feed(feed)Fetch one single feed
Return type Dict
freetext(event string adhereToWarninglists=False distribution=None returnMetaAttributes=Falsepythonify=False kwargs)
Pass a text to the freetext importer
Return type Union[Dict List[MISPAttribute]]
12 Chapter 2 pymisp
PyMISP Documentation Release main
galaxies(pythonify=False)Get all the galaxies
Return type Union[Dict List[MISPGalaxy]]
get_all_functions(not_implemented=False)Get all methods available vi the API allow to get the ones that are not implemented
get_attribute(attribute pythonify=False)Get an attribute from a MISP instance
Return type Union[Dict MISPAttribute]
get_community(community pythonify=False)Get an community from a MISP instance
Return type Union[Dict MISPCommunity]
get_event(event deleted=False extended=False pythonify=False)Get an event from a MISP instance
Return type Union[Dict MISPEvent]
get_feed(feed pythonify=False)Get a feed by id
Return type Union[Dict MISPFeed]
get_galaxy(galaxy pythonify=False)Get a galaxy by id
Return type Union[Dict MISPGalaxy]
get_noticelist(noticelist pythonify=False)Get a noticelist by id
Return type Union[Dict MISPNoticelist]
get_object(misp_object pythonify=False)Get an object from the remote MISP instance
Return type Union[Dict MISPObject]
get_object_template(object_template pythonify=False)Gets the full object template corresponting the UUID passed as parameter
Return type Union[Dict MISPObjectTemplate]
get_organisation(organisation pythonify=False)Get an organisation
Return type Union[Dict MISPOrganisation]
get_sync_config(pythonify=False)WARNING This method only works if the user calling it is a sync user
Return type Union[Dict MISPServer]
get_tag(tag pythonify=False)Get a tag by id
Return type Union[Dict MISPTag]
get_taxonomy(taxonomy pythonify=False)Get a taxonomy from a MISP instance
Return type Union[Dict MISPTaxonomy]
21 PyMISP 13
PyMISP Documentation Release main
get_user(user=me pythonify=False expanded=False)Get a user me means the owner of the API key doing the query expanded also returns a MISPRole and aMISPUserSetting
Return type Union[Dict MISPUser Tuple[MISPUser MISPRoleList[MISPUserSetting]]]
get_user_setting(user_setting user=None pythonify=False)Get an user setting
Return type Union[Dict MISPUserSetting]
get_warninglist(warninglist pythonify=False)Get a warninglist
Return type Union[Dict MISPWarninglist]
import_server(server pythonify=False)Import a sync server config received from get_sync_config
Return type Union[Dict MISPServer]
load_default_feeds()Load all the default feeds
Return type Dict
property misp_instance_versionReturns the version of the instance
Return type Dict
property misp_instance_version_masterGet the most recent version from github
Return type Dict
noticelists(pythonify=False)Get all the noticelists
Return type Union[Dict List[MISPNoticelist]]
object_templates(pythonify=False)Get all the object templates
Return type Union[Dict List[MISPObjectTemplate]]
organisation_blacklists(pythonify=False)Get all the blacklisted organisations
Return type Union[Dict List[MISPOrganisationBlacklist]]
organisations(scope=local pythonify=False)Get all the organisations
Return type Union[Dict List[MISPOrganisation]]
publish(event alert=False)Publish the event with one single HTTP POST The default is to not send a mail as it is assumed thismethod is called on update
Return type Dict
push_event_to_ZMQ(event)Force push an event on ZMQ
14 Chapter 2 pymisp
PyMISP Documentation Release main
Return type Dict
property pymisp_version_mainGet the most recent version of PyMISP from github
Return type Dict
property recommended_pymisp_versionReturns the recommended API version from the server
Return type Dict
remote_acl(debug_type=findMissingFunctionNames)This should return an empty list unless the ACL is outdated debug_type can only be printAllFunction-Names findMissingFunctionNames or printRoleAccess
Return type Dict
remove_org_from_sharing_group(sharing_group organisation)Remove an organisation from a sharing group sharing_group Sharing grouprsquos local instance ID orSharing grouprsquos global UUID organisation Organisationrsquos local instance ID or Organisationrsquos globalUUID or Organisationrsquos name as known to the curent instance
Return type Dict
remove_server_from_sharing_group(sharing_group server)Remove a server from a sharing group sharing_group Sharing grouprsquos local instance ID or Sharinggrouprsquos global UUID server Serverrsquos local instance ID or URL of the Server or Serverrsquos name as knownto the curent instance
Return type Dict
roles(pythonify=False)Get the existing roles
Return type Union[Dict List[MISPRole]]
search(controller=events return_format=json limit=None page=None value=Nonetype_attribute=None category=None org=None tags=None quick_filter=None quick-Filter=None date_from=None date_to=None eventid=None with_attachments=NonewithAttachments=None metadata=None uuid=None publish_timestamp=Nonelast=None timestamp=None published=None enforce_warninglist=None enforceWarn-inglist=None to_ids=None deleted=None include_event_uuid=None includeEventU-uid=None include_event_tags=None includeEventTags=None event_timestamp=Nonesg_reference_only=None eventinfo=None searchall=None requested_attributes=None in-clude_context=None includeContext=None headerless=None include_sightings=NoneincludeSightings=None include_correlations=None includeCorrelations=None in-clude_decay_score=None includeDecayScore=None object_name=None pythonify=Falsekwargs)
Search in the MISP instance
Parameters
bull return_format (str) ndash Set the return format of the search (Currently supported jsonxml openioc suricata snort - more formats are being moved to restSearch with the goalbeing that all searches happen through this API) Can be passed as the first parameter afterrestSearch or via the JSON payload
bull limit (Optional[int]) ndash Limit the number of results returned depending on thescope (for example 10 attributes or 10 full events)
bull page (Optional[int]) ndash If a limit is set sets the page to be returned page 3 limit 100will return records 201-gt300)
21 PyMISP 15
PyMISP Documentation Release main
bull value (Optional[~SearchParameterTypes]) ndash Search for the given value in the at-tributesrsquo value field
bull type_attribute (Optional[~SearchParameterTypes]) ndash The attribute type anyvalid MISP attribute type is accepted
bull category (Optional[~SearchParameterTypes]) ndash The attribute category any validMISP attribute category is accepted
bull org (Optional[~SearchParameterTypes]) ndash Search by the creator organisation by sup-plying the organisation identifier
bull tags (Optional[~SearchParameterTypes]) ndash Tags to search or to exclude You canpass a list or the output of build_complex_query
bull quick_filter (Optional[str]) ndash The string passed to this field will ignore all ofthe other arguments MISP will return an xml json (depending on the header sent) of allevents that have a sub-string match on value in the event info event orgc or any of theattribute value1 value2 fields or in the attribute comment
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull eventid (Optional[~SearchType]) ndash The events that should be included excludedfrom the search
bull with_attachments (Optional[bool]) ndash If set encodes the attachments zippedmalware samples as base64 in the data field within each attribute
bull metadata (Optional[bool]) ndash Only the metadata (event tags relations) is returnedattributes and proposals are omitted
bull uuid (Optional[str]) ndash Restrict the results by uuid
bull publish_timestamp (Union[date int str float NoneTuple[Union[date int str float None] Union[date int str floatNone]]]) ndash Restrict the results by the last publish timestamp (newer than)
bull timestamp (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash Restrict the resultsby the timestamp (last edit) Any event with a timestamp newer than the given timestampwill be returned In case you are dealing with attributes as scope the attributersquos timestampwill be used for the lookup
bull published (Optional[bool]) ndash Set whether published or unpublished events shouldbe returned Do not set the parameter if you want both
bull enforce_warninglist (Optional[bool]) ndash Remove any attributes from the resultthat would cause a hit on a warninglist entry
bull to_ids (Union[~ToIDSType List[~ToIDSType] None]) ndash By default all attributesare returned that match the other filter parameters irregardless of their to_ids setting Torestrict the returned data set to to_ids only attributes set this parameter to 1 0 for the oneswith to_ids set to False
bull deleted (Optional[str]) ndash If this parameter is set to 1 it will only return soft-deletedattributes [ldquo0rdquo ldquo1rdquo] will return the active ones as well as the soft-deleted ones
bull include_event_uuid (Optional[bool]) ndash Instead of just including the event IDalso include the event UUID in each of the attributes
16 Chapter 2 pymisp
PyMISP Documentation Release main
bull include_event_tags (Optional[bool]) ndash Include the event level tags in each ofthe attributes
bull event_timestamp (Union[date int str float None]) ndash Only return at-tributes from events that have received a modification after the given timestamp
bull sg_reference_only (Optional[bool]) ndash If this flag is set sharing group objectswill not be included instead only the sharing group ID is set
bull eventinfo (Optional[str]) ndash Filter on the eventrsquos info field
bull searchall (Optional[bool]) ndash Search for a full or a substring (delimited by forsubstrings) in the event info event tags attribute tags attribute values or attribute commentfields
bull requested_attributes (Optional[str]) ndash [CSV only] Select the fields that youwish to include in the CSV export By setting event level fields additionally includeCon-text is not required to get event metadata
bull include_context (Optional[bool]) ndash [Attribute only] Include the event data witheach attribute [CSV output] Add event level metadata in every line of the CSV
bull headerless (Optional[bool]) ndash [CSV Only] The CSV created when this setting isset to true will not contain the header row
bull include_sightings (Optional[bool]) ndash [JSON Only - Attribute] Include thesightings of the matching attributes
bull include_decay_score (Optional[bool]) ndash Include the decay score at attributelevel
bull include_correlations (Optional[bool]) ndash [JSON Only - attribute] Include thecorrelations of the matching attributes
bull object_name (Optional[str]) ndash [objects controller only] Search for objects withthat name
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead of the plainjson output Warning it might use a lot of RAM
Deprecated
Parameters
bull quickFilter (Optional[str]) ndash synponym for quick_filter
bull withAttachments (Optional[bool]) ndash synonym for with_attachments
bull last (Union[date int str float None Tuple[Union[date int strfloat None] Union[date int str float None]]]) ndash synonym for pub-lish_timestamp
bull enforceWarninglist (Optional[bool]) ndash synonym for enforce_warninglist
bull includeEventUuid (Optional[bool]) ndash synonym for include_event_uuid
bull includeEventTags (Optional[bool]) ndash synonym for include_event_tags
bull includeContext (Optional[bool]) ndash synonym for include_context
Return type Union[Dict str List[Union[MISPEvent MISPAttributeMISPObject]]]
search_feeds(value=None pythonify=False)Search in the feeds cached on the servers
21 PyMISP 17
PyMISP Documentation Release main
Return type Union[Dict List[MISPFeed]]
search_index(published=None eventid=None tags=None date_from=None date_to=Noneeventinfo=None threatlevel=None distribution=None analysis=None org=Nonetimestamp=None pythonify=None)
Search only at the index level Using in front of a value means NOT (default is OR)
Parameters
bull published (Optional[bool]) ndash Set whether published or unpublished events shouldbe returned Do not set the parameter if you want both
bull eventid (Optional[~SearchType]) ndash The events that should be included excludedfrom the search
bull tags (Optional[~SearchParameterTypes]) ndash Tags to search or to exclude You canpass a list or the output of build_complex_query
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull eventinfo (Optional[str]) ndash Filter on the eventrsquos info field
bull threatlevel (Optional[List[~SearchType]]) ndash Threat level(s) (1234) | list
bull distribution (Optional[List[~SearchType]]) ndash Distribution level(s) (0123) |list
bull analysis (Optional[List[~SearchType]]) ndash Analysis level(s) (012) | list
bull org (Optional[~SearchParameterTypes]) ndash Search by the creator organisation by sup-plying the organisation identifier
bull timestamp (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash Restrict the resultsby the timestamp (last edit) Any event with a timestamp newer than the given timestampwill be returned In case you are dealing with attributes as scope the attributersquos timestampwill be used for the lookup
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead or the plainjson output Warning it might use a lot of RAM
Return type Union[Dict List[MISPEvent]]
search_logs(limit=None page=None log_id=None title=None created=None model=None ac-tion=None user_id=None change=None email=None org=None description=Noneip=None pythonify=False)
Search in logs
Note to run substring queries simply appendprependencapsulate the search term with
Parameters
bull limit (Optional[int]) ndash Limit the number of results returned depending on thescope (for example 10 attributes or 10 full events)
bull page (Optional[int]) ndash If a limit is set sets the page to be returned page 3 limit 100will return records 201-gt300)
bull log_id (Optional[int]) ndash Log ID
bull title (Optional[str]) ndash Log Title
18 Chapter 2 pymisp
PyMISP Documentation Release main
bull created (Union[date int str float None]) ndash Creation timestamp
bull model (Optional[str]) ndash Model name that generated the log entry
bull action (Optional[str]) ndash The thing that was done
bull user_id (Optional[int]) ndash ID of the user doing the action
bull change (Optional[str]) ndash Change that occured
bull email (Optional[str]) ndash Email of the user
bull org (Optional[str]) ndash Organisation of the User doing the action
bull description (Optional[str]) ndash Description of the action
bull ip (Optional[str]) ndash Origination IP of the User doing the action
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead or the plainjson output Warning it might use a lot of RAM
Return type Union[Dict List[MISPLog]]
search_sightings(context=None context_id=None type_sighting=None date_from=Nonedate_to=None publish_timestamp=None last=None org=None source=Noneinclude_attribute=None include_event_meta=None pythonify=False)
Search sightings
Parameters
bull context (Optional[str]) ndash The context of the search Can be either ldquoattributerdquoldquoeventrdquo or nothing (will then match on events and attributes)
bull context_id (Optional[~SearchType]) ndash Only relevant if context is either ldquoattributerdquoor ldquoeventrdquo Then it is the relevant ID
bull type_sighting (Optional[str]) ndash Type of sighting
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull publish_timestamp (Union[date int str float NoneTuple[Union[date int str float None] Union[date int str floatNone]]]) ndash Restrict the results by the last publish timestamp (newer than)
bull org (Optional[~SearchType]) ndash Search by the creator organisation by supplying theorganisation identifier
bull source (Optional[str]) ndash Source of the sighting
bull include_attribute (Optional[bool]) ndash Include the attribute
bull include_event_meta (Optional[bool]) ndash Include the meta information of theevent
Deprecated
Parameters last (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash synonym for pub-lish_timestamp
Example
21 PyMISP 19
PyMISP Documentation Release main
gtgtgt mispsearch_sightings(publish_timestamp=30d) search sightings for therarr˓last 30 days on the instance[ ]gtgtgt mispsearch_sightings(context=attribute context_id=6 include_rarr˓attribute=True) return list of sighting for attribute 6 along with therarr˓attribute itself[ ]gtgtgt mispsearch_sightings(context=event context_id=17 include_event_rarr˓meta=True org=2) return list of sighting for event 17 filtered with orgrarr˓id 2
Return type Union[Dict List[Dict[str Union[MISPEvent MISPAttributeMISPSighting]]]]
server_pull(server event=None)Initialize a pull from a sync server
Return type Dict
server_push(server event=None)Initialize a push to a sync server
Return type Dict
servers(pythonify=False)Get the existing servers the MISP instance can synchronise with
Return type Union[Dict List[MISPServer]]
set_user_setting(user_setting value user=None pythonify=False)Get an user setting
Return type Union[Dict MISPUserSetting]
sharing_groups(pythonify=False)Get the existing sharing groups
Return type Union[Dict List[MISPSharingGroup]]
sightings(misp_entity=None org=None pythonify=False)Get the list of sighting related to a MISPEvent or a MISPAttribute (depending on type of misp_entity)
Return type Union[Dict List[MISPSighting]]
tag(misp_entity tag local=False)Tag an event or an attribute misp_entity can be a MISPEvent a MISP Attribute or a UUID
Return type Dict
tags(pythonify=False)Get the list of existing tags
Return type Union[Dict List[MISPTag]]
tags_statistics(percentage=False name_sort=False)Get tags statistics from the MISP instance
Return type Dict
taxonomies(pythonify=False)Get all the taxonomies
Return type Union[Dict List[MISPTaxonomy]]
20 Chapter 2 pymisp
PyMISP Documentation Release main
toggle_warninglist(warninglist_id=None warninglist_name=None force_enable=False)Toggle (enabledisable) the status of a warninglist by ID type warninglist_id Union[str intList[int] None] param warninglist_id ID of the WarningList type force_enable bool paramforce_enable Force the warning list in the enabled state (does nothing is already enabled)
Return type Dict
untag(misp_entity tag)Untag an event or an attribute misp_entity can be a UUID
Return type Dict
update_attribute(attribute attribute_id=None pythonify=False)Update an attribute on a MISP instance
Return type Union[Dict MISPAttribute MISPShadowAttribute]
update_attribute_proposal(initial_attribute attribute pythonify=False)Propose a change for an attribute
Return type Union[Dict MISPShadowAttribute]
update_event(event event_id=None pythonify=False)Update an event on a MISP instance
Return type Union[Dict MISPEvent]
update_event_blacklist(event_blacklist event_blacklist_id=None pythonify=False)Update an event in the blacklist
Return type Union[Dict MISPEventBlacklist]
update_feed(feed feed_id=None pythonify=False)Update a feed on a MISP instance
Return type Union[Dict MISPFeed]
update_galaxies()Update all the galaxies
Return type Dict
update_noticelists()Update all the noticelists
Return type Dict
update_object(misp_object object_id=None pythonify=False)Update an object on a MISP instance
Return type Union[Dict MISPObject]
update_object_templates()Trigger an update of the object templates
Return type Dict
update_organisation(organisation organisation_id=None pythonify=False)Update an organisation
Return type Union[Dict MISPOrganisation]
update_organisation_blacklist(organisation_blacklist organisation_blacklist_id=Nonepythonify=False)
Update an organisation in the blacklist
Return type Union[Dict MISPOrganisationBlacklist]
21 PyMISP 21
PyMISP Documentation Release main
update_server(server server_id=None pythonify=False)Update a server to synchronise with
Return type Union[Dict MISPServer]
update_tag(tag tag_id=None pythonify=False)Edit only the provided parameters of a tag
Return type Union[Dict MISPTag]
update_taxonomies()Update all the taxonomies
Return type Dict
update_user(user user_id=None pythonify=False)Update an event on a MISP instance
Return type Union[Dict MISPUser]
update_warninglists()Update all the warninglists
Return type Dict
upload_stix(path version=2)Upload a STIX file to MISP param path Path to the STIX on the disk (can be a path-like object or apseudofile) type version str param version Can be 1 or 2
user_registrations(pythonify=False)Get all the user registrations
Return type Union[Dict List[MISPInbox]]
user_settings(pythonify=False)Get all the user settings
Return type Union[Dict List[MISPUserSetting]]
users(pythonify=False)Get all the users
Return type Union[Dict List[MISPUser]]
users_statistics(context=data)Get users statistics from the MISP instance
Return type Dict
values_in_warninglist(value)Check if IOC values are in warninglist
Return type Dict
property versionReturns the version of PyMISP yoursquore curently using
Return type Dict
warninglists(pythonify=False)Get all the warninglists
Return type Union[Dict List[MISPWarninglist]]
22 Chapter 2 pymisp
PyMISP Documentation Release main
22 PyMISPExpanded (Python 36+ only)
pymispExpandedPyMISPalias of pymispapiPyMISP
23 MISPAbstract
class pymispAbstractMISP(kwargs)
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
Return type None
from_json(json_string)Load a JSON string
Return type None
jsonable()This method is used by the JSON encoder
Return type Dict
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
22 PyMISPExpanded (Python 36+ only) 23
PyMISP Documentation Release main
24 MISPEncode
class pymispMISPEncode(args kwargs)
default(obj)Implement this method in a subclass such that it returns a serializable object for o or calls the baseimplementation (to raise a TypeError)
For example to support arbitrary iterators you could implement default like this
def default(self o)try
iterable = iter(o)except TypeError
passelse
return list(iterable) Let the base class default method raise the TypeErrorreturn JSONEncoderdefault(self o)
25 MISPEvent
class pymispMISPEvent(describe_types=None strict_validation=False kwargs)
add_attribute(type value kwargs)Add an attribute type and value are required but you can pass all other parameters supported by MISPAt-tribute
Return type Union[MISPAttribute List[MISPAttribute]]
add_attribute_tag(tag attribute_identifier)Add a tag to an existing attribute raise an Exception if the attribute doesnrsquot exists tag Tag name as astring MISPTag instance or dictionary attribute_identifier can be an ID UUID or the value
Return type List[MISPAttribute]
add_object(obj=None kwargs)Add an object to the Event either by passing a MISPObject or a dictionary
Return type MISPObject
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a tag to the attribute (by name or a MISPTag object)
Return type MISPShadowAttribute
clear()rarr None Remove all items from D
delete_attribute(attribute_id)Delete an attribute you can search by ID or UUID
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
24 Chapter 2 pymisp
PyMISP Documentation Release main
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attribute_tag(attribute_identifier)Return the tags associated to an attribute or an object attribute attribute_identifier can be an ID UUIDor the value
Return type List[MISPTag]
get_object_by_id(object_id)Get an object by ID (the ID is the one set by the server when creating the new object)
Return type MISPObject
get_object_by_uuid(object_uuid)Get an object by UUID (UUID is set by the server when creating the new object)
Return type MISPObject
get_objects_by_name(object_name)Get an object by UUID (UUID is set by the server when creating the new object)
Return type List[MISPObject]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
load(json_event validate=False metadata_only=False)Load a JSON dump from a pseudo file or a JSON string
load_file(event_path validate=False metadata_only=False)Load a JSON dump from a file on the disk
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
publish()Mark the attribute as published
set_date(d=None ignore_invalid=False)Set a date for the event (string datetime or date object)
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
25 MISPEvent 25
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Event
Return type List[MISPTag]
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_feed(valid_distributions=[0 1 2 3 4 5] with_meta=False)Generate a json output for MISP Feed Notes
bull valid_distributions only makes sense if the distribution key is set (ie the event is exported from aMISP instance)
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
unpublish()Mark the attribute as un-published (set publish flag to false)
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
26 MISPAttribute
class pymispMISPAttribute(describe_types=None strict=False)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
26 Chapter 2 pymisp
PyMISP Documentation Release main
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
26 MISPAttribute 27
PyMISP Documentation Release main
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
27 MISPObject
class pymispMISPObject(name strict=False standalone=True default_attributes_parameters=kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
28 Chapter 2 pymisp
PyMISP Documentation Release main
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
28 MISPObjectAttribute
class pymispMISPObjectAttribute(definition)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
28 MISPObjectAttribute 29
PyMISP Documentation Release main
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(object_relation value kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
30 Chapter 2 pymisp
PyMISP Documentation Release main
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
29 MISPObjectReference
class pymispMISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
29 MISPObjectReference 31
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
210 MISPTag
class pymispMISPTag(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
32 Chapter 2 pymisp
PyMISP Documentation Release main
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
211 MISPUser
class pymispMISPUser(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
211 MISPUser 33
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation
class pymispMISPOrganisation
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
34 Chapter 2 pymisp
PyMISP Documentation Release main
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation 35
PyMISP Documentation Release main
36 Chapter 2 pymisp
CHAPTER
THREE
PYMISP - TOOLS
31 File Object
class pymisptoolsFileObject(filepath=None pseudofile=None filename=None kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Contains the logic where all the values of the object are gathered
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
37
PyMISP Documentation Release main
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
32 ELF Object
33 PE Object
34 Mach-O Object
35 VT Report Object
class pymisptoolsVTReportObject(apikey indicator vt_proxies=None kwargs)VirusTotal Report
Apikey VirusTotal API key (private works but only public features are supported right now)
38 Chapter 3 pymisp - Tools
PyMISP Documentation Release main
Indicator IOC to search VirusTotal for
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Parse the VirusTotal report for relevant attributes
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
35 VT Report Object 39
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
36 STIX
pymisptoolsstixload_stix(stix distribution=3 threat_level_id=2 analysis=0)Returns a MISPEvent object from a STIX package
pymisptoolsstixmake_stix_package(misp_event to_json=False to_xml=False)Returns a STIXPackage from a MISPEvent
Optionally can return the package in json or xml
37 OpenIOC
toolsload_openioc()
toolsload_openioc_file()
40 Chapter 3 pymisp - Tools
CHAPTER
FOUR
INDICES AND TABLES
bull genindex
bull modindex
bull search
41
PyMISP Documentation Release main
42 Chapter 4 Indices and tables
PYTHON MODULE INDEX
ppymisp 7pymisptools 37pymisptoolsstix 40
43
PyMISP Documentation Release main
44 Python Module Index
INDEX
AAbstractMISP (class in pymisp) 23accept_attribute_proposal()
(pymispPyMISP method) 7add_attribute() (pymispMISPEvent method) 24add_attribute() (pymispMISPObject method) 28add_attribute() (pymispPyMISP method) 7add_attribute() (pymisptoolsFileObject method)
37add_attribute() (pymisptoolsVTReportObject
method) 39add_attribute_proposal() (pymispPyMISP
method) 7add_attribute_tag() (pymispMISPEvent
method) 24add_attributes() (pymispMISPObject method)
28add_attributes() (pymisptoolsFileObject
method) 37add_attributes() (pymisptoolsVTReportObject
method) 39add_event() (pymispPyMISP method) 7add_event_blacklist() (pymispPyMISP
method) 8add_feed() (pymispPyMISP method) 8add_object() (pymispMISPEvent method) 24add_object() (pymispPyMISP method) 8add_object_reference() (pymispPyMISP
method) 8add_org_to_sharing_group() (pymispPyMISP
method) 8add_organisation() (pymispPyMISP method) 8add_organisation_blacklist()
(pymispPyMISP method) 8add_proposal() (pymispMISPAttribute method) 26add_proposal() (pymispMISPEvent method) 24add_proposal() (pymispMISPObjectAttribute
method) 29add_reference() (pymispMISPObject method) 28add_reference() (pymisptoolsFileObject method)
37add_reference() (pymisptoolsVTReportObject
method) 39add_server() (pymispPyMISP method) 8add_server_to_sharing_group()
(pymispPyMISP method) 8add_shadow_attribute() (pymispMISPAttribute
method) 26add_shadow_attribute() (pymispMISPEvent
method) 24add_shadow_attribute()
(pymispMISPObjectAttribute method) 29add_sharing_group() (pymispPyMISP method) 8add_sighting() (pymispMISPAttribute method) 26add_sighting() (pymispMISPObjectAttribute
method) 29add_sighting() (pymispPyMISP method) 8add_tag() (pymispPyMISP method) 8add_user() (pymispPyMISP method) 9attributes_statistics() (pymispPyMISP
method) 9
Bbuild_complex_query() (pymispPyMISP
method) 9
Ccache_all_feeds() (pymispPyMISP method) 9cache_feed() (pymispPyMISP method) 9cache_freetext_feeds() (pymispPyMISP
method) 9cache_misp_feeds() (pymispPyMISP method) 9change_sharing_group_on_entity()
(pymispPyMISP method) 9change_user_password() (pymispPyMISP
method) 9clear() (pymispMISPAttribute method) 26clear() (pymispMISPEvent method) 24clear() (pymispMISPObject method) 28clear() (pymispMISPObjectAttribute method) 29clear() (pymispMISPObjectReference method) 31clear() (pymispMISPOrganisation method) 34clear() (pymispMISPTag method) 32clear() (pymispMISPUser method) 33
45
PyMISP Documentation Release main
clear() (pymisptoolsFileObject method) 37clear() (pymisptoolsVTReportObject method) 39communities() (pymispPyMISP method) 9compare_feeds() (pymispPyMISP method) 9contact_event_reporter() (pymispPyMISP
method) 9
Ddefault() (pymispMISPEncode method) 24delegate_event() (pymispPyMISP method) 10delete() (pymispMISPAttribute method) 26delete() (pymispMISPObjectAttribute method) 30delete_attribute() (pymispMISPEvent method)
24delete_attribute() (pymispPyMISP method) 10delete_attribute_proposal()
(pymispPyMISP method) 10delete_event() (pymispPyMISP method) 10delete_event_blacklist() (pymispPyMISP
method) 10delete_feed() (pymispPyMISP method) 10delete_object() (pymispPyMISP method) 10delete_object_reference() (pymispPyMISP
method) 10delete_organisation() (pymispPyMISP
method) 10delete_organisation_blacklist()
(pymispPyMISP method) 10delete_server() (pymispPyMISP method) 10delete_sharing_group() (pymispPyMISP
method) 10delete_sighting() (pymispPyMISP method) 10delete_tag() (pymispPyMISP method) 11delete_user() (pymispPyMISP method) 11delete_user_setting() (pymispPyMISP
method) 11describe_types_local() (pymispPyMISP prop-
erty) 11describe_types_remote() (pymispPyMISP
property) 11direct_call() (pymispPyMISP method) 11disable_feed() (pymispPyMISP method) 11disable_feed_cache() (pymispPyMISP method)
11disable_noticelist() (pymispPyMISP method)
11disable_tag() (pymispPyMISP method) 11disable_taxonomy() (pymispPyMISP method) 11disable_taxonomy_tags() (pymispPyMISP
method) 11disable_warninglist() (pymispPyMISP
method) 11discard_attribute_proposal()
(pymispPyMISP method) 12
Eedited() (pymispAbstractMISP property) 23edited() (pymispMISPAttribute property) 26edited() (pymispMISPEvent property) 24edited() (pymispMISPObject property) 28edited() (pymispMISPObjectAttribute property) 30edited() (pymispMISPObjectReference property) 31edited() (pymispMISPOrganisation property) 34edited() (pymispMISPTag property) 32edited() (pymispMISPUser property) 33edited() (pymisptoolsFileObject property) 37edited() (pymisptoolsVTReportObject property) 39enable_feed() (pymispPyMISP method) 12enable_feed_cache() (pymispPyMISP method)
12enable_noticelist() (pymispPyMISP method)
12enable_tag() (pymispPyMISP method) 12enable_taxonomy() (pymispPyMISP method) 12enable_taxonomy_tags() (pymispPyMISP
method) 12enable_warninglist() (pymispPyMISP method)
12event_blacklists() (pymispPyMISP method) 12event_delegations() (pymispPyMISP method)
12ExpandedPyMISP (in module pymisp) 23
Ffeeds() (pymispPyMISP method) 12fetch_feed() (pymispPyMISP method) 12FileObject (class in pymisptools) 37freetext() (pymispPyMISP method) 12from_dict() (pymispAbstractMISP method) 23from_dict() (pymispMISPAttribute method) 27from_dict() (pymispMISPEvent method) 25from_dict() (pymispMISPObject method) 28from_dict() (pymispMISPObjectAttribute method)
30from_dict() (pymispMISPObjectReference method)
31from_dict() (pymispMISPOrganisation method) 34from_dict() (pymispMISPTag method) 32from_dict() (pymispMISPUser method) 33from_dict() (pymisptoolsFileObject method) 37from_dict() (pymisptoolsVTReportObject method)
39from_json() (pymispAbstractMISP method) 23from_json() (pymispMISPAttribute method) 27from_json() (pymispMISPEvent method) 25from_json() (pymispMISPObject method) 28from_json() (pymispMISPObjectAttribute method)
30
46 Index
PyMISP Documentation Release main
from_json() (pymispMISPObjectReference method)31
from_json() (pymispMISPOrganisation method) 34from_json() (pymispMISPTag method) 32from_json() (pymispMISPUser method) 33from_json() (pymisptoolsFileObject method) 37from_json() (pymisptoolsVTReportObject method)
39
Ggalaxies() (pymispPyMISP method) 12generate_attributes() (pymisptoolsFileObject
method) 37generate_attributes()
(pymisptoolsVTReportObject method)39
get() (pymispMISPAttribute method) 27get() (pymispMISPEvent method) 25get() (pymispMISPObject method) 28get() (pymispMISPObjectAttribute method) 30get() (pymispMISPObjectReference method) 31get() (pymispMISPOrganisation method) 34get() (pymispMISPTag method) 32get() (pymispMISPUser method) 33get() (pymisptoolsFileObject method) 37get() (pymisptoolsVTReportObject method) 39get_all_functions() (pymispPyMISP method)
13get_attribute() (pymispPyMISP method) 13get_attribute_tag() (pymispMISPEvent
method) 25get_attributes_by_relation()
(pymispMISPObject method) 28get_attributes_by_relation()
(pymisptoolsFileObject method) 37get_attributes_by_relation()
(pymisptoolsVTReportObject method)39
get_community() (pymispPyMISP method) 13get_event() (pymispPyMISP method) 13get_feed() (pymispPyMISP method) 13get_galaxy() (pymispPyMISP method) 13get_noticelist() (pymispPyMISP method) 13get_object() (pymispPyMISP method) 13get_object_by_id() (pymispMISPEvent method)
25get_object_by_uuid() (pymispMISPEvent
method) 25get_object_template() (pymispPyMISP
method) 13get_objects_by_name() (pymispMISPEvent
method) 25get_organisation() (pymispPyMISP method) 13get_sync_config() (pymispPyMISP method) 13
get_tag() (pymispPyMISP method) 13get_taxonomy() (pymispPyMISP method) 13get_user() (pymispPyMISP method) 13get_user_setting() (pymispPyMISP method) 14get_warninglist() (pymispPyMISP method) 14
Hhas_attributes_by_relation()
(pymispMISPObject method) 28has_attributes_by_relation()
(pymisptoolsFileObject method) 37has_attributes_by_relation()
(pymisptoolsVTReportObject method)39
hash_values() (pymispMISPAttribute method) 27hash_values() (pymispMISPObjectAttribute
method) 30
Iimport_server() (pymispPyMISP method) 14items() (pymispMISPAttribute method) 27items() (pymispMISPEvent method) 25items() (pymispMISPObject method) 29items() (pymispMISPObjectAttribute method) 30items() (pymispMISPObjectReference method) 31items() (pymispMISPOrganisation method) 34items() (pymispMISPTag method) 32items() (pymispMISPUser method) 33items() (pymisptoolsFileObject method) 38items() (pymisptoolsVTReportObject method) 39
Jjsonable() (pymispAbstractMISP method) 23jsonable() (pymispMISPAttribute method) 27jsonable() (pymispMISPEvent method) 25jsonable() (pymispMISPObject method) 29jsonable() (pymispMISPObjectAttribute method)
30jsonable() (pymispMISPObjectReference method)
31jsonable() (pymispMISPOrganisation method) 34jsonable() (pymispMISPTag method) 32jsonable() (pymispMISPUser method) 33jsonable() (pymisptoolsFileObject method) 38jsonable() (pymisptoolsVTReportObject method)
39
Kkeys() (pymispMISPAttribute method) 27keys() (pymispMISPEvent method) 25keys() (pymispMISPObject method) 29keys() (pymispMISPObjectAttribute method) 30keys() (pymispMISPObjectReference method) 31keys() (pymispMISPOrganisation method) 34
Index 47
PyMISP Documentation Release main
keys() (pymispMISPTag method) 32keys() (pymispMISPUser method) 33keys() (pymisptoolsFileObject method) 38keys() (pymisptoolsVTReportObject method) 39known_types() (pymispMISPAttribute property) 27known_types() (pymispMISPObjectAttribute prop-
erty) 30
Lload() (pymispMISPEvent method) 25load_default_feeds() (pymispPyMISP method)
14load_file() (pymispMISPEvent method) 25load_openioc() (pymisptools method) 40load_openioc_file() (pymisptools method) 40load_stix() (in module pymisptoolsstix) 40
Mmake_stix_package() (in module
pymisptoolsstix) 40malware_binary() (pymispMISPAttribute prop-
erty) 27malware_binary() (pymispMISPObjectAttribute
property) 30misp_instance_version() (pymispPyMISP
property) 14misp_instance_version_master()
(pymispPyMISP property) 14MISPAttribute (class in pymisp) 26MISPEncode (class in pymisp) 24MISPEvent (class in pymisp) 24MISPObject (class in pymisp) 28MISPObjectAttribute (class in pymisp) 29MISPObjectReference (class in pymisp) 31MISPOrganisation (class in pymisp) 34MISPTag (class in pymisp) 32MISPUser (class in pymisp) 33module
pymisp 7pymisptools 37pymisptoolsstix 40
Nnoticelists() (pymispPyMISP method) 14
Oobject_templates() (pymispPyMISP method) 14organisation_blacklists() (pymispPyMISP
method) 14organisations() (pymispPyMISP method) 14
Ppop() (pymispMISPAttribute method) 27
pop() (pymispMISPEvent method) 25pop() (pymispMISPObject method) 29pop() (pymispMISPObjectAttribute method) 30pop() (pymispMISPObjectReference method) 31pop() (pymispMISPOrganisation method) 34pop() (pymispMISPTag method) 32pop() (pymispMISPUser method) 33pop() (pymisptoolsFileObject method) 38pop() (pymisptoolsVTReportObject method) 39popitem() (pymispMISPAttribute method) 27popitem() (pymispMISPEvent method) 25popitem() (pymispMISPObject method) 29popitem() (pymispMISPObjectAttribute method) 30popitem() (pymispMISPObjectReference method) 31popitem() (pymispMISPOrganisation method) 34popitem() (pymispMISPTag method) 32popitem() (pymispMISPUser method) 33popitem() (pymisptoolsFileObject method) 38popitem() (pymisptoolsVTReportObject method) 39publish() (pymispMISPEvent method) 25publish() (pymispPyMISP method) 14push_event_to_ZMQ() (pymispPyMISP method)
14pymisp
module 7PyMISP (class in pymisp) 7pymisptools
module 37pymisptoolsstix
module 40pymisp_version_main() (pymispPyMISP prop-
erty) 15
Rrecommended_pymisp_version()
(pymispPyMISP property) 15remote_acl() (pymispPyMISP method) 15remove_org_from_sharing_group()
(pymispPyMISP method) 15remove_server_from_sharing_group()
(pymispPyMISP method) 15roles() (pymispPyMISP method) 15
Ssearch() (pymispPyMISP method) 15search_feeds() (pymispPyMISP method) 17search_index() (pymispPyMISP method) 18search_logs() (pymispPyMISP method) 18search_sightings() (pymispPyMISP method) 19server_pull() (pymispPyMISP method) 20server_push() (pymispPyMISP method) 20servers() (pymispPyMISP method) 20set_date() (pymispMISPEvent method) 25
48 Index
PyMISP Documentation Release main
set_not_jsonable() (pymispAbstractMISPmethod) 23
set_not_jsonable() (pymispMISPAttributemethod) 27
set_not_jsonable() (pymispMISPEvent method)25
set_not_jsonable() (pymispMISPObjectmethod) 29
set_not_jsonable() (pymispMISPObjectAttributemethod) 30
set_not_jsonable()(pymispMISPObjectReference method)31
set_not_jsonable() (pymispMISPOrganisationmethod) 35
set_not_jsonable() (pymispMISPTag method)32
set_not_jsonable() (pymispMISPUser method)33
set_not_jsonable() (pymisptoolsFileObjectmethod) 38
set_not_jsonable()(pymisptoolsVTReportObject method)39
set_user_setting() (pymispPyMISP method) 20setdefault() (pymispMISPAttribute method) 27setdefault() (pymispMISPEvent method) 25setdefault() (pymispMISPObject method) 29setdefault() (pymispMISPObjectAttribute
method) 30setdefault() (pymispMISPObjectReference
method) 31setdefault() (pymispMISPOrganisation method)
35setdefault() (pymispMISPTag method) 33setdefault() (pymispMISPUser method) 34setdefault() (pymisptoolsFileObject method) 38setdefault() (pymisptoolsVTReportObject
method) 40sharing_groups() (pymispPyMISP method) 20sightings() (pymispPyMISP method) 20
Ttag() (pymispPyMISP method) 20tags() (pymispMISPAttribute property) 27tags() (pymispMISPEvent property) 26tags() (pymispMISPObjectAttribute property) 30tags() (pymispPyMISP method) 20tags_statistics() (pymispPyMISP method) 20taxonomies() (pymispPyMISP method) 20to_dict() (pymispAbstractMISP method) 23to_dict() (pymispMISPAttribute method) 27to_dict() (pymispMISPEvent method) 26to_dict() (pymispMISPObject method) 29
to_dict() (pymispMISPObjectAttribute method) 30to_dict() (pymispMISPObjectReference method) 32to_dict() (pymispMISPOrganisation method) 35to_dict() (pymispMISPTag method) 33to_dict() (pymispMISPUser method) 34to_dict() (pymisptoolsFileObject method) 38to_dict() (pymisptoolsVTReportObject method) 40to_feed() (pymispMISPEvent method) 26to_json() (pymispAbstractMISP method) 23to_json() (pymispMISPAttribute method) 27to_json() (pymispMISPEvent method) 26to_json() (pymispMISPObject method) 29to_json() (pymispMISPObjectAttribute method) 31to_json() (pymispMISPObjectReference method) 32to_json() (pymispMISPOrganisation method) 35to_json() (pymispMISPTag method) 33to_json() (pymispMISPUser method) 34to_json() (pymisptoolsFileObject method) 38to_json() (pymisptoolsVTReportObject method) 40toggle_warninglist() (pymispPyMISP method)
20
Uunpublish() (pymispMISPEvent method) 26untag() (pymispPyMISP method) 21update() (pymispMISPAttribute method) 28update() (pymispMISPEvent method) 26update() (pymispMISPObject method) 29update() (pymispMISPObjectAttribute method) 31update() (pymispMISPObjectReference method) 32update() (pymispMISPOrganisation method) 35update() (pymispMISPTag method) 33update() (pymispMISPUser method) 34update() (pymisptoolsFileObject method) 38update() (pymisptoolsVTReportObject method) 40update_attribute() (pymispPyMISP method) 21update_attribute_proposal()
(pymispPyMISP method) 21update_event() (pymispPyMISP method) 21update_event_blacklist() (pymispPyMISP
method) 21update_feed() (pymispPyMISP method) 21update_galaxies() (pymispPyMISP method) 21update_not_jsonable() (pymispAbstractMISP
method) 23update_not_jsonable() (pymispMISPAttribute
method) 28update_not_jsonable() (pymispMISPEvent
method) 26update_not_jsonable() (pymispMISPObject
method) 29update_not_jsonable()
(pymispMISPObjectAttribute method) 31
Index 49
PyMISP Documentation Release main
update_not_jsonable()(pymispMISPObjectReference method)32
update_not_jsonable()(pymispMISPOrganisation method) 35
update_not_jsonable() (pymispMISPTagmethod) 33
update_not_jsonable() (pymispMISPUsermethod) 34
update_not_jsonable() (pymisptoolsFileObjectmethod) 38
update_not_jsonable()(pymisptoolsVTReportObject method)40
update_noticelists() (pymispPyMISP method)21
update_object() (pymispPyMISP method) 21update_object_templates() (pymispPyMISP
method) 21update_organisation() (pymispPyMISP
method) 21update_organisation_blacklist()
(pymispPyMISP method) 21update_server() (pymispPyMISP method) 22update_tag() (pymispPyMISP method) 22update_taxonomies() (pymispPyMISP method)
22update_user() (pymispPyMISP method) 22update_warninglists() (pymispPyMISP
method) 22upload_stix() (pymispPyMISP method) 22user_registrations() (pymispPyMISP method)
22user_settings() (pymispPyMISP method) 22users() (pymispPyMISP method) 22users_statistics() (pymispPyMISP method) 22
Vvalues() (pymispMISPAttribute method) 28values() (pymispMISPEvent method) 26values() (pymispMISPObject method) 29values() (pymispMISPObjectAttribute method) 31values() (pymispMISPObjectReference method) 32values() (pymispMISPOrganisation method) 35values() (pymispMISPTag method) 33values() (pymispMISPUser method) 34values() (pymisptoolsFileObject method) 38values() (pymisptoolsVTReportObject method) 40values_in_warninglist() (pymispPyMISP
method) 22version() (pymispPyMISP property) 22VTReportObject (class in pymisptools) 38
Wwarninglists() (pymispPyMISP method) 22
50 Index
- README
- pymisp
- PyMISP
- PyMISPExpanded (Python 36+ only)
- MISPAbstract
- MISPEncode
- MISPEvent
- MISPAttribute
- MISPObject
- MISPObjectAttribute
- MISPObjectReference
- MISPTag
- MISPUser
- MISPOrganisation
- pymisp - Tools
- File Object
- ELF Object
- PE Object
- Mach-O Object
- VT Report Object
- STIX
- OpenIOC
- Indices and tables
- Python Module Index
- Index
PyMISP Documentation Release main
6 Chapter 1 README
CHAPTER
TWO
PYMISP
21 PyMISP
class pymispPyMISP(url key ssl=True debug=False proxies= cert=None auth=None tool=timeout=None)
Python API for MISP
Parameters
bull url (str) ndash URL of the MISP instance you want to connect to
bull key (str) ndash API key of the user you want to use
bull ssl (bool) ndash can be True or False (to check or to not check the validity of the certificateOr a CA_BUNDLE in case of self signed or other certificate (the concatenation of all thecrt of the chain)
bull debug (bool) ndash Write all the debug information to stderr
bull proxies (Mapping) ndash Proxy dict as describes here httpdocspython-requestsorgenmasteruseradvancedproxies
bull cert (Optional[Tuple[str tuple]]) ndash Client certificate as described there httpdocspython-requestsorgenmasteruseradvancedclient-side-certificates
bull auth (Optional[AuthBase]) ndash The auth parameter is passed directly to requests asdescribed here httpdocspython-requestsorgenmasteruserauthentication
bull tool (str) ndash The software using PyMISP (string) used to set a unique user-agent
bull timeout (Union[float Tuple[float float] None]) ndash Timeout as describedhere httpsrequestsreadthedocsioenmasteruseradvancedtimeouts
accept_attribute_proposal(proposal)Accept a proposal
Return type Dict
add_attribute(event attribute pythonify=False)Add an attribute to an existing MISP event NOTE MISP 24113+ you can pass a list of attributes Inthat case the pythonified response is the following lsquoattributesrsquo [MISPAttribute] lsquoerrorsrsquo errors byattributes
Return type Union[Dict MISPAttribute MISPShadowAttribute]
add_attribute_proposal(event attribute pythonify=False)Propose a new attribute in an event
Return type Union[Dict MISPShadowAttribute]
7
PyMISP Documentation Release main
add_event(event pythonify=False)Add a new event on a MISP instance
Return type Union[Dict MISPEvent]
add_event_blacklist(uuids comment=None event_info=None event_orgc=None)Add a new event in the blacklist
Return type Dict
add_feed(feed pythonify=False)Add a new feed on a MISP instance
Return type Union[Dict MISPFeed]
add_object(event misp_object pythonify=False)Add a MISP Object to an existing MISP event
Return type Union[Dict MISPObject]
add_object_reference(misp_object_reference pythonify=False)Add a reference to an object
Return type Union[Dict MISPObjectReference]
add_org_to_sharing_group(sharing_group organisation extend=False)Add an organisation to a sharing group sharing_group Sharing grouprsquos local instance ID or Sharinggrouprsquos global UUID organisation Organisationrsquos local instance ID or Organisationrsquos global UUID orOrganisationrsquos name as known to the curent instance extend Allow the organisation to extend the group
Return type Dict
add_organisation(organisation pythonify=False)Add an organisation
Return type Union[Dict MISPOrganisation]
add_organisation_blacklist(uuids comment=None org_name=None)Add a new organisation in the blacklist
Return type Dict
add_server(server pythonify=False)Add a server to synchronise with Note You probably want to use ExpandedPyMISPget_sync_config andExpandedPyMISPimport_server instead
Return type Union[Dict MISPServer]
add_server_to_sharing_group(sharing_group server all_orgs=False)Add a server to a sharing group sharing_group Sharing grouprsquos local instance ID or Sharing grouprsquosglobal UUID server Serverrsquos local instance ID or URL of the Server or Serverrsquos name as known to thecurent instance all_orgs Add all the organisations of the server to the group
Return type Dict
add_sharing_group(sharing_group pythonify=False)Add a new sharing group
Return type Union[Dict MISPSharingGroup]
add_sighting(sighting attribute=None pythonify=False)Add a new sighting (globally or to a specific attribute)
Return type Union[Dict MISPSighting]
8 Chapter 2 pymisp
PyMISP Documentation Release main
add_tag(tag pythonify=False)Add a new tag on a MISP instance Notes
bull The user calling this method needs the Tag Editor permission
bull It doesnrsquot add a tag to an event simply create it on a MISP instance
Return type Union[Dict MISPTag]
add_user(user pythonify=False)Add a new user
Return type Union[Dict MISPUser]
attributes_statistics(context=type percentage=False)Get attributes statistics from the MISP instance
Return type Dict
build_complex_query(or_parameters=None and_parameters=None not_parameters=None)Build a complex search query MISP expects a dictionary with AND OR and NOT keys
Return type Dict[str List[~SearchType]]
cache_all_feeds()Cache all the feeds
Return type Dict
cache_feed(feed)Cache a specific feed
Return type Dict
cache_freetext_feeds()Cache all the freetext feeds
Return type Dict
cache_misp_feeds()Cache all the MISP feeds
Return type Dict
change_sharing_group_on_entity(misp_entity sharing_group_id pythonify=False)Change the sharing group of an event an attribute or an object
Return type Union[Dict MISPEvent MISPObject MISPAttributeMISPShadowAttribute]
change_user_password(new_password)Thange the password of the curent user
Return type Dict
communities(pythonify=False)Get all the communities
Return type Union[Dict List[MISPCommunity]]
compare_feeds()Generate the comparison matrix for all the MISP feeds
Return type Dict
21 PyMISP 9
PyMISP Documentation Release main
contact_event_reporter(event message)Send a message to the reporter of an event
Return type Dict
delegate_event(event=None organisation=None event_delegation=None distribution=- 1 mes-sage= pythonify=False)
Note distribution == -1 means recipient decides
Return type Union[Dict MISPEventDelegation]
delete_attribute(attribute hard=False)Delete an attribute from a MISP instance
Return type Dict
delete_attribute_proposal(attribute)Propose the deletion of an attribute
Return type Dict
delete_event(event)Delete an event from a MISP instance
Return type Dict
delete_event_blacklist(event_blacklist)Delete a blacklisted event
Return type Dict
delete_feed(feed)Delete a feed from a MISP instance
Return type Dict
delete_object(misp_object)Delete an object from a MISP instance
Return type Dict
delete_object_reference(object_reference)Delete a reference to an object
Return type Dict
delete_organisation(organisation)Delete an organisation
Return type Dict
delete_organisation_blacklist(organisation_blacklist)Delete a blacklisted organisation
Return type Dict
delete_server(server)Delete a sync server
Return type Dict
delete_sharing_group(sharing_group)Delete a sharing group
Return type Dict
10 Chapter 2 pymisp
PyMISP Documentation Release main
delete_sighting(sighting)Delete a sighting from a MISP instance
Return type Dict
delete_tag(tag)Delete an attribute from a MISP instance
Return type Dict
delete_user(user)Delete a user
Return type Dict
delete_user_setting(user_setting user=None)Delete a user setting
Return type Dict
property describe_types_localReturns the content of describe types from the package
Return type Dict
property describe_types_remoteReturns the content of describe types from the remote instance
Return type Dict
direct_call(url data=None params= kw_params=)Very lightweight call that posts a data blob (python dictionary or json string) on the URL
Return type Any
disable_feed(feed pythonify=False)Disable a feed
Return type Union[Dict MISPFeed]
disable_feed_cache(feed pythonify=False)Disable the caching of a feed
Return type Union[Dict MISPFeed]
disable_noticelist(noticelist)Disable a noticelist by id
Return type Dict
disable_tag(tag pythonify=False)Disable a tag
Return type Union[Dict MISPTag]
disable_taxonomy(taxonomy)Disable a taxonomy
Return type Dict
disable_taxonomy_tags(taxonomy)Disable all the tags of a taxonomy
Return type Dict
disable_warninglist(warninglist)Disable a warninglist
21 PyMISP 11
PyMISP Documentation Release main
Return type Dict
discard_attribute_proposal(proposal)Discard a proposal
Return type Dict
enable_feed(feed pythonify=False)Enable a feed (fetching it will create event(s)
Return type Union[Dict MISPFeed]
enable_feed_cache(feed pythonify=False)Enable the caching of a feed
Return type Union[Dict MISPFeed]
enable_noticelist(noticelist)Enable a noticelist by id
Return type Dict
enable_tag(tag pythonify=False)Enable a tag
Return type Union[Dict MISPTag]
enable_taxonomy(taxonomy)Enable a taxonomy
Return type Dict
enable_taxonomy_tags(taxonomy)Enable all the tags of a taxonomy NOTE this automatically done when you call enable_taxonomy
Return type Dict
enable_warninglist(warninglist)Enable a warninglist
Return type Dict
event_blacklists(pythonify=False)Get all the blacklisted events
Return type Union[Dict List[MISPEventBlacklist]]
event_delegations(pythonify=False)Get all the event delegations
Return type Union[Dict List[MISPEventDelegation]]
feeds(pythonify=False)Get the list of existing feeds
Return type Union[Dict List[MISPFeed]]
fetch_feed(feed)Fetch one single feed
Return type Dict
freetext(event string adhereToWarninglists=False distribution=None returnMetaAttributes=Falsepythonify=False kwargs)
Pass a text to the freetext importer
Return type Union[Dict List[MISPAttribute]]
12 Chapter 2 pymisp
PyMISP Documentation Release main
galaxies(pythonify=False)Get all the galaxies
Return type Union[Dict List[MISPGalaxy]]
get_all_functions(not_implemented=False)Get all methods available vi the API allow to get the ones that are not implemented
get_attribute(attribute pythonify=False)Get an attribute from a MISP instance
Return type Union[Dict MISPAttribute]
get_community(community pythonify=False)Get an community from a MISP instance
Return type Union[Dict MISPCommunity]
get_event(event deleted=False extended=False pythonify=False)Get an event from a MISP instance
Return type Union[Dict MISPEvent]
get_feed(feed pythonify=False)Get a feed by id
Return type Union[Dict MISPFeed]
get_galaxy(galaxy pythonify=False)Get a galaxy by id
Return type Union[Dict MISPGalaxy]
get_noticelist(noticelist pythonify=False)Get a noticelist by id
Return type Union[Dict MISPNoticelist]
get_object(misp_object pythonify=False)Get an object from the remote MISP instance
Return type Union[Dict MISPObject]
get_object_template(object_template pythonify=False)Gets the full object template corresponting the UUID passed as parameter
Return type Union[Dict MISPObjectTemplate]
get_organisation(organisation pythonify=False)Get an organisation
Return type Union[Dict MISPOrganisation]
get_sync_config(pythonify=False)WARNING This method only works if the user calling it is a sync user
Return type Union[Dict MISPServer]
get_tag(tag pythonify=False)Get a tag by id
Return type Union[Dict MISPTag]
get_taxonomy(taxonomy pythonify=False)Get a taxonomy from a MISP instance
Return type Union[Dict MISPTaxonomy]
21 PyMISP 13
PyMISP Documentation Release main
get_user(user=me pythonify=False expanded=False)Get a user me means the owner of the API key doing the query expanded also returns a MISPRole and aMISPUserSetting
Return type Union[Dict MISPUser Tuple[MISPUser MISPRoleList[MISPUserSetting]]]
get_user_setting(user_setting user=None pythonify=False)Get an user setting
Return type Union[Dict MISPUserSetting]
get_warninglist(warninglist pythonify=False)Get a warninglist
Return type Union[Dict MISPWarninglist]
import_server(server pythonify=False)Import a sync server config received from get_sync_config
Return type Union[Dict MISPServer]
load_default_feeds()Load all the default feeds
Return type Dict
property misp_instance_versionReturns the version of the instance
Return type Dict
property misp_instance_version_masterGet the most recent version from github
Return type Dict
noticelists(pythonify=False)Get all the noticelists
Return type Union[Dict List[MISPNoticelist]]
object_templates(pythonify=False)Get all the object templates
Return type Union[Dict List[MISPObjectTemplate]]
organisation_blacklists(pythonify=False)Get all the blacklisted organisations
Return type Union[Dict List[MISPOrganisationBlacklist]]
organisations(scope=local pythonify=False)Get all the organisations
Return type Union[Dict List[MISPOrganisation]]
publish(event alert=False)Publish the event with one single HTTP POST The default is to not send a mail as it is assumed thismethod is called on update
Return type Dict
push_event_to_ZMQ(event)Force push an event on ZMQ
14 Chapter 2 pymisp
PyMISP Documentation Release main
Return type Dict
property pymisp_version_mainGet the most recent version of PyMISP from github
Return type Dict
property recommended_pymisp_versionReturns the recommended API version from the server
Return type Dict
remote_acl(debug_type=findMissingFunctionNames)This should return an empty list unless the ACL is outdated debug_type can only be printAllFunction-Names findMissingFunctionNames or printRoleAccess
Return type Dict
remove_org_from_sharing_group(sharing_group organisation)Remove an organisation from a sharing group sharing_group Sharing grouprsquos local instance ID orSharing grouprsquos global UUID organisation Organisationrsquos local instance ID or Organisationrsquos globalUUID or Organisationrsquos name as known to the curent instance
Return type Dict
remove_server_from_sharing_group(sharing_group server)Remove a server from a sharing group sharing_group Sharing grouprsquos local instance ID or Sharinggrouprsquos global UUID server Serverrsquos local instance ID or URL of the Server or Serverrsquos name as knownto the curent instance
Return type Dict
roles(pythonify=False)Get the existing roles
Return type Union[Dict List[MISPRole]]
search(controller=events return_format=json limit=None page=None value=Nonetype_attribute=None category=None org=None tags=None quick_filter=None quick-Filter=None date_from=None date_to=None eventid=None with_attachments=NonewithAttachments=None metadata=None uuid=None publish_timestamp=Nonelast=None timestamp=None published=None enforce_warninglist=None enforceWarn-inglist=None to_ids=None deleted=None include_event_uuid=None includeEventU-uid=None include_event_tags=None includeEventTags=None event_timestamp=Nonesg_reference_only=None eventinfo=None searchall=None requested_attributes=None in-clude_context=None includeContext=None headerless=None include_sightings=NoneincludeSightings=None include_correlations=None includeCorrelations=None in-clude_decay_score=None includeDecayScore=None object_name=None pythonify=Falsekwargs)
Search in the MISP instance
Parameters
bull return_format (str) ndash Set the return format of the search (Currently supported jsonxml openioc suricata snort - more formats are being moved to restSearch with the goalbeing that all searches happen through this API) Can be passed as the first parameter afterrestSearch or via the JSON payload
bull limit (Optional[int]) ndash Limit the number of results returned depending on thescope (for example 10 attributes or 10 full events)
bull page (Optional[int]) ndash If a limit is set sets the page to be returned page 3 limit 100will return records 201-gt300)
21 PyMISP 15
PyMISP Documentation Release main
bull value (Optional[~SearchParameterTypes]) ndash Search for the given value in the at-tributesrsquo value field
bull type_attribute (Optional[~SearchParameterTypes]) ndash The attribute type anyvalid MISP attribute type is accepted
bull category (Optional[~SearchParameterTypes]) ndash The attribute category any validMISP attribute category is accepted
bull org (Optional[~SearchParameterTypes]) ndash Search by the creator organisation by sup-plying the organisation identifier
bull tags (Optional[~SearchParameterTypes]) ndash Tags to search or to exclude You canpass a list or the output of build_complex_query
bull quick_filter (Optional[str]) ndash The string passed to this field will ignore all ofthe other arguments MISP will return an xml json (depending on the header sent) of allevents that have a sub-string match on value in the event info event orgc or any of theattribute value1 value2 fields or in the attribute comment
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull eventid (Optional[~SearchType]) ndash The events that should be included excludedfrom the search
bull with_attachments (Optional[bool]) ndash If set encodes the attachments zippedmalware samples as base64 in the data field within each attribute
bull metadata (Optional[bool]) ndash Only the metadata (event tags relations) is returnedattributes and proposals are omitted
bull uuid (Optional[str]) ndash Restrict the results by uuid
bull publish_timestamp (Union[date int str float NoneTuple[Union[date int str float None] Union[date int str floatNone]]]) ndash Restrict the results by the last publish timestamp (newer than)
bull timestamp (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash Restrict the resultsby the timestamp (last edit) Any event with a timestamp newer than the given timestampwill be returned In case you are dealing with attributes as scope the attributersquos timestampwill be used for the lookup
bull published (Optional[bool]) ndash Set whether published or unpublished events shouldbe returned Do not set the parameter if you want both
bull enforce_warninglist (Optional[bool]) ndash Remove any attributes from the resultthat would cause a hit on a warninglist entry
bull to_ids (Union[~ToIDSType List[~ToIDSType] None]) ndash By default all attributesare returned that match the other filter parameters irregardless of their to_ids setting Torestrict the returned data set to to_ids only attributes set this parameter to 1 0 for the oneswith to_ids set to False
bull deleted (Optional[str]) ndash If this parameter is set to 1 it will only return soft-deletedattributes [ldquo0rdquo ldquo1rdquo] will return the active ones as well as the soft-deleted ones
bull include_event_uuid (Optional[bool]) ndash Instead of just including the event IDalso include the event UUID in each of the attributes
16 Chapter 2 pymisp
PyMISP Documentation Release main
bull include_event_tags (Optional[bool]) ndash Include the event level tags in each ofthe attributes
bull event_timestamp (Union[date int str float None]) ndash Only return at-tributes from events that have received a modification after the given timestamp
bull sg_reference_only (Optional[bool]) ndash If this flag is set sharing group objectswill not be included instead only the sharing group ID is set
bull eventinfo (Optional[str]) ndash Filter on the eventrsquos info field
bull searchall (Optional[bool]) ndash Search for a full or a substring (delimited by forsubstrings) in the event info event tags attribute tags attribute values or attribute commentfields
bull requested_attributes (Optional[str]) ndash [CSV only] Select the fields that youwish to include in the CSV export By setting event level fields additionally includeCon-text is not required to get event metadata
bull include_context (Optional[bool]) ndash [Attribute only] Include the event data witheach attribute [CSV output] Add event level metadata in every line of the CSV
bull headerless (Optional[bool]) ndash [CSV Only] The CSV created when this setting isset to true will not contain the header row
bull include_sightings (Optional[bool]) ndash [JSON Only - Attribute] Include thesightings of the matching attributes
bull include_decay_score (Optional[bool]) ndash Include the decay score at attributelevel
bull include_correlations (Optional[bool]) ndash [JSON Only - attribute] Include thecorrelations of the matching attributes
bull object_name (Optional[str]) ndash [objects controller only] Search for objects withthat name
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead of the plainjson output Warning it might use a lot of RAM
Deprecated
Parameters
bull quickFilter (Optional[str]) ndash synponym for quick_filter
bull withAttachments (Optional[bool]) ndash synonym for with_attachments
bull last (Union[date int str float None Tuple[Union[date int strfloat None] Union[date int str float None]]]) ndash synonym for pub-lish_timestamp
bull enforceWarninglist (Optional[bool]) ndash synonym for enforce_warninglist
bull includeEventUuid (Optional[bool]) ndash synonym for include_event_uuid
bull includeEventTags (Optional[bool]) ndash synonym for include_event_tags
bull includeContext (Optional[bool]) ndash synonym for include_context
Return type Union[Dict str List[Union[MISPEvent MISPAttributeMISPObject]]]
search_feeds(value=None pythonify=False)Search in the feeds cached on the servers
21 PyMISP 17
PyMISP Documentation Release main
Return type Union[Dict List[MISPFeed]]
search_index(published=None eventid=None tags=None date_from=None date_to=Noneeventinfo=None threatlevel=None distribution=None analysis=None org=Nonetimestamp=None pythonify=None)
Search only at the index level Using in front of a value means NOT (default is OR)
Parameters
bull published (Optional[bool]) ndash Set whether published or unpublished events shouldbe returned Do not set the parameter if you want both
bull eventid (Optional[~SearchType]) ndash The events that should be included excludedfrom the search
bull tags (Optional[~SearchParameterTypes]) ndash Tags to search or to exclude You canpass a list or the output of build_complex_query
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull eventinfo (Optional[str]) ndash Filter on the eventrsquos info field
bull threatlevel (Optional[List[~SearchType]]) ndash Threat level(s) (1234) | list
bull distribution (Optional[List[~SearchType]]) ndash Distribution level(s) (0123) |list
bull analysis (Optional[List[~SearchType]]) ndash Analysis level(s) (012) | list
bull org (Optional[~SearchParameterTypes]) ndash Search by the creator organisation by sup-plying the organisation identifier
bull timestamp (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash Restrict the resultsby the timestamp (last edit) Any event with a timestamp newer than the given timestampwill be returned In case you are dealing with attributes as scope the attributersquos timestampwill be used for the lookup
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead or the plainjson output Warning it might use a lot of RAM
Return type Union[Dict List[MISPEvent]]
search_logs(limit=None page=None log_id=None title=None created=None model=None ac-tion=None user_id=None change=None email=None org=None description=Noneip=None pythonify=False)
Search in logs
Note to run substring queries simply appendprependencapsulate the search term with
Parameters
bull limit (Optional[int]) ndash Limit the number of results returned depending on thescope (for example 10 attributes or 10 full events)
bull page (Optional[int]) ndash If a limit is set sets the page to be returned page 3 limit 100will return records 201-gt300)
bull log_id (Optional[int]) ndash Log ID
bull title (Optional[str]) ndash Log Title
18 Chapter 2 pymisp
PyMISP Documentation Release main
bull created (Union[date int str float None]) ndash Creation timestamp
bull model (Optional[str]) ndash Model name that generated the log entry
bull action (Optional[str]) ndash The thing that was done
bull user_id (Optional[int]) ndash ID of the user doing the action
bull change (Optional[str]) ndash Change that occured
bull email (Optional[str]) ndash Email of the user
bull org (Optional[str]) ndash Organisation of the User doing the action
bull description (Optional[str]) ndash Description of the action
bull ip (Optional[str]) ndash Origination IP of the User doing the action
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead or the plainjson output Warning it might use a lot of RAM
Return type Union[Dict List[MISPLog]]
search_sightings(context=None context_id=None type_sighting=None date_from=Nonedate_to=None publish_timestamp=None last=None org=None source=Noneinclude_attribute=None include_event_meta=None pythonify=False)
Search sightings
Parameters
bull context (Optional[str]) ndash The context of the search Can be either ldquoattributerdquoldquoeventrdquo or nothing (will then match on events and attributes)
bull context_id (Optional[~SearchType]) ndash Only relevant if context is either ldquoattributerdquoor ldquoeventrdquo Then it is the relevant ID
bull type_sighting (Optional[str]) ndash Type of sighting
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull publish_timestamp (Union[date int str float NoneTuple[Union[date int str float None] Union[date int str floatNone]]]) ndash Restrict the results by the last publish timestamp (newer than)
bull org (Optional[~SearchType]) ndash Search by the creator organisation by supplying theorganisation identifier
bull source (Optional[str]) ndash Source of the sighting
bull include_attribute (Optional[bool]) ndash Include the attribute
bull include_event_meta (Optional[bool]) ndash Include the meta information of theevent
Deprecated
Parameters last (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash synonym for pub-lish_timestamp
Example
21 PyMISP 19
PyMISP Documentation Release main
gtgtgt mispsearch_sightings(publish_timestamp=30d) search sightings for therarr˓last 30 days on the instance[ ]gtgtgt mispsearch_sightings(context=attribute context_id=6 include_rarr˓attribute=True) return list of sighting for attribute 6 along with therarr˓attribute itself[ ]gtgtgt mispsearch_sightings(context=event context_id=17 include_event_rarr˓meta=True org=2) return list of sighting for event 17 filtered with orgrarr˓id 2
Return type Union[Dict List[Dict[str Union[MISPEvent MISPAttributeMISPSighting]]]]
server_pull(server event=None)Initialize a pull from a sync server
Return type Dict
server_push(server event=None)Initialize a push to a sync server
Return type Dict
servers(pythonify=False)Get the existing servers the MISP instance can synchronise with
Return type Union[Dict List[MISPServer]]
set_user_setting(user_setting value user=None pythonify=False)Get an user setting
Return type Union[Dict MISPUserSetting]
sharing_groups(pythonify=False)Get the existing sharing groups
Return type Union[Dict List[MISPSharingGroup]]
sightings(misp_entity=None org=None pythonify=False)Get the list of sighting related to a MISPEvent or a MISPAttribute (depending on type of misp_entity)
Return type Union[Dict List[MISPSighting]]
tag(misp_entity tag local=False)Tag an event or an attribute misp_entity can be a MISPEvent a MISP Attribute or a UUID
Return type Dict
tags(pythonify=False)Get the list of existing tags
Return type Union[Dict List[MISPTag]]
tags_statistics(percentage=False name_sort=False)Get tags statistics from the MISP instance
Return type Dict
taxonomies(pythonify=False)Get all the taxonomies
Return type Union[Dict List[MISPTaxonomy]]
20 Chapter 2 pymisp
PyMISP Documentation Release main
toggle_warninglist(warninglist_id=None warninglist_name=None force_enable=False)Toggle (enabledisable) the status of a warninglist by ID type warninglist_id Union[str intList[int] None] param warninglist_id ID of the WarningList type force_enable bool paramforce_enable Force the warning list in the enabled state (does nothing is already enabled)
Return type Dict
untag(misp_entity tag)Untag an event or an attribute misp_entity can be a UUID
Return type Dict
update_attribute(attribute attribute_id=None pythonify=False)Update an attribute on a MISP instance
Return type Union[Dict MISPAttribute MISPShadowAttribute]
update_attribute_proposal(initial_attribute attribute pythonify=False)Propose a change for an attribute
Return type Union[Dict MISPShadowAttribute]
update_event(event event_id=None pythonify=False)Update an event on a MISP instance
Return type Union[Dict MISPEvent]
update_event_blacklist(event_blacklist event_blacklist_id=None pythonify=False)Update an event in the blacklist
Return type Union[Dict MISPEventBlacklist]
update_feed(feed feed_id=None pythonify=False)Update a feed on a MISP instance
Return type Union[Dict MISPFeed]
update_galaxies()Update all the galaxies
Return type Dict
update_noticelists()Update all the noticelists
Return type Dict
update_object(misp_object object_id=None pythonify=False)Update an object on a MISP instance
Return type Union[Dict MISPObject]
update_object_templates()Trigger an update of the object templates
Return type Dict
update_organisation(organisation organisation_id=None pythonify=False)Update an organisation
Return type Union[Dict MISPOrganisation]
update_organisation_blacklist(organisation_blacklist organisation_blacklist_id=Nonepythonify=False)
Update an organisation in the blacklist
Return type Union[Dict MISPOrganisationBlacklist]
21 PyMISP 21
PyMISP Documentation Release main
update_server(server server_id=None pythonify=False)Update a server to synchronise with
Return type Union[Dict MISPServer]
update_tag(tag tag_id=None pythonify=False)Edit only the provided parameters of a tag
Return type Union[Dict MISPTag]
update_taxonomies()Update all the taxonomies
Return type Dict
update_user(user user_id=None pythonify=False)Update an event on a MISP instance
Return type Union[Dict MISPUser]
update_warninglists()Update all the warninglists
Return type Dict
upload_stix(path version=2)Upload a STIX file to MISP param path Path to the STIX on the disk (can be a path-like object or apseudofile) type version str param version Can be 1 or 2
user_registrations(pythonify=False)Get all the user registrations
Return type Union[Dict List[MISPInbox]]
user_settings(pythonify=False)Get all the user settings
Return type Union[Dict List[MISPUserSetting]]
users(pythonify=False)Get all the users
Return type Union[Dict List[MISPUser]]
users_statistics(context=data)Get users statistics from the MISP instance
Return type Dict
values_in_warninglist(value)Check if IOC values are in warninglist
Return type Dict
property versionReturns the version of PyMISP yoursquore curently using
Return type Dict
warninglists(pythonify=False)Get all the warninglists
Return type Union[Dict List[MISPWarninglist]]
22 Chapter 2 pymisp
PyMISP Documentation Release main
22 PyMISPExpanded (Python 36+ only)
pymispExpandedPyMISPalias of pymispapiPyMISP
23 MISPAbstract
class pymispAbstractMISP(kwargs)
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
Return type None
from_json(json_string)Load a JSON string
Return type None
jsonable()This method is used by the JSON encoder
Return type Dict
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
22 PyMISPExpanded (Python 36+ only) 23
PyMISP Documentation Release main
24 MISPEncode
class pymispMISPEncode(args kwargs)
default(obj)Implement this method in a subclass such that it returns a serializable object for o or calls the baseimplementation (to raise a TypeError)
For example to support arbitrary iterators you could implement default like this
def default(self o)try
iterable = iter(o)except TypeError
passelse
return list(iterable) Let the base class default method raise the TypeErrorreturn JSONEncoderdefault(self o)
25 MISPEvent
class pymispMISPEvent(describe_types=None strict_validation=False kwargs)
add_attribute(type value kwargs)Add an attribute type and value are required but you can pass all other parameters supported by MISPAt-tribute
Return type Union[MISPAttribute List[MISPAttribute]]
add_attribute_tag(tag attribute_identifier)Add a tag to an existing attribute raise an Exception if the attribute doesnrsquot exists tag Tag name as astring MISPTag instance or dictionary attribute_identifier can be an ID UUID or the value
Return type List[MISPAttribute]
add_object(obj=None kwargs)Add an object to the Event either by passing a MISPObject or a dictionary
Return type MISPObject
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a tag to the attribute (by name or a MISPTag object)
Return type MISPShadowAttribute
clear()rarr None Remove all items from D
delete_attribute(attribute_id)Delete an attribute you can search by ID or UUID
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
24 Chapter 2 pymisp
PyMISP Documentation Release main
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attribute_tag(attribute_identifier)Return the tags associated to an attribute or an object attribute attribute_identifier can be an ID UUIDor the value
Return type List[MISPTag]
get_object_by_id(object_id)Get an object by ID (the ID is the one set by the server when creating the new object)
Return type MISPObject
get_object_by_uuid(object_uuid)Get an object by UUID (UUID is set by the server when creating the new object)
Return type MISPObject
get_objects_by_name(object_name)Get an object by UUID (UUID is set by the server when creating the new object)
Return type List[MISPObject]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
load(json_event validate=False metadata_only=False)Load a JSON dump from a pseudo file or a JSON string
load_file(event_path validate=False metadata_only=False)Load a JSON dump from a file on the disk
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
publish()Mark the attribute as published
set_date(d=None ignore_invalid=False)Set a date for the event (string datetime or date object)
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
25 MISPEvent 25
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Event
Return type List[MISPTag]
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_feed(valid_distributions=[0 1 2 3 4 5] with_meta=False)Generate a json output for MISP Feed Notes
bull valid_distributions only makes sense if the distribution key is set (ie the event is exported from aMISP instance)
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
unpublish()Mark the attribute as un-published (set publish flag to false)
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
26 MISPAttribute
class pymispMISPAttribute(describe_types=None strict=False)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
26 Chapter 2 pymisp
PyMISP Documentation Release main
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
26 MISPAttribute 27
PyMISP Documentation Release main
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
27 MISPObject
class pymispMISPObject(name strict=False standalone=True default_attributes_parameters=kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
28 Chapter 2 pymisp
PyMISP Documentation Release main
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
28 MISPObjectAttribute
class pymispMISPObjectAttribute(definition)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
28 MISPObjectAttribute 29
PyMISP Documentation Release main
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(object_relation value kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
30 Chapter 2 pymisp
PyMISP Documentation Release main
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
29 MISPObjectReference
class pymispMISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
29 MISPObjectReference 31
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
210 MISPTag
class pymispMISPTag(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
32 Chapter 2 pymisp
PyMISP Documentation Release main
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
211 MISPUser
class pymispMISPUser(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
211 MISPUser 33
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation
class pymispMISPOrganisation
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
34 Chapter 2 pymisp
PyMISP Documentation Release main
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation 35
PyMISP Documentation Release main
36 Chapter 2 pymisp
CHAPTER
THREE
PYMISP - TOOLS
31 File Object
class pymisptoolsFileObject(filepath=None pseudofile=None filename=None kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Contains the logic where all the values of the object are gathered
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
37
PyMISP Documentation Release main
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
32 ELF Object
33 PE Object
34 Mach-O Object
35 VT Report Object
class pymisptoolsVTReportObject(apikey indicator vt_proxies=None kwargs)VirusTotal Report
Apikey VirusTotal API key (private works but only public features are supported right now)
38 Chapter 3 pymisp - Tools
PyMISP Documentation Release main
Indicator IOC to search VirusTotal for
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Parse the VirusTotal report for relevant attributes
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
35 VT Report Object 39
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
36 STIX
pymisptoolsstixload_stix(stix distribution=3 threat_level_id=2 analysis=0)Returns a MISPEvent object from a STIX package
pymisptoolsstixmake_stix_package(misp_event to_json=False to_xml=False)Returns a STIXPackage from a MISPEvent
Optionally can return the package in json or xml
37 OpenIOC
toolsload_openioc()
toolsload_openioc_file()
40 Chapter 3 pymisp - Tools
CHAPTER
FOUR
INDICES AND TABLES
bull genindex
bull modindex
bull search
41
PyMISP Documentation Release main
42 Chapter 4 Indices and tables
PYTHON MODULE INDEX
ppymisp 7pymisptools 37pymisptoolsstix 40
43
PyMISP Documentation Release main
44 Python Module Index
INDEX
AAbstractMISP (class in pymisp) 23accept_attribute_proposal()
(pymispPyMISP method) 7add_attribute() (pymispMISPEvent method) 24add_attribute() (pymispMISPObject method) 28add_attribute() (pymispPyMISP method) 7add_attribute() (pymisptoolsFileObject method)
37add_attribute() (pymisptoolsVTReportObject
method) 39add_attribute_proposal() (pymispPyMISP
method) 7add_attribute_tag() (pymispMISPEvent
method) 24add_attributes() (pymispMISPObject method)
28add_attributes() (pymisptoolsFileObject
method) 37add_attributes() (pymisptoolsVTReportObject
method) 39add_event() (pymispPyMISP method) 7add_event_blacklist() (pymispPyMISP
method) 8add_feed() (pymispPyMISP method) 8add_object() (pymispMISPEvent method) 24add_object() (pymispPyMISP method) 8add_object_reference() (pymispPyMISP
method) 8add_org_to_sharing_group() (pymispPyMISP
method) 8add_organisation() (pymispPyMISP method) 8add_organisation_blacklist()
(pymispPyMISP method) 8add_proposal() (pymispMISPAttribute method) 26add_proposal() (pymispMISPEvent method) 24add_proposal() (pymispMISPObjectAttribute
method) 29add_reference() (pymispMISPObject method) 28add_reference() (pymisptoolsFileObject method)
37add_reference() (pymisptoolsVTReportObject
method) 39add_server() (pymispPyMISP method) 8add_server_to_sharing_group()
(pymispPyMISP method) 8add_shadow_attribute() (pymispMISPAttribute
method) 26add_shadow_attribute() (pymispMISPEvent
method) 24add_shadow_attribute()
(pymispMISPObjectAttribute method) 29add_sharing_group() (pymispPyMISP method) 8add_sighting() (pymispMISPAttribute method) 26add_sighting() (pymispMISPObjectAttribute
method) 29add_sighting() (pymispPyMISP method) 8add_tag() (pymispPyMISP method) 8add_user() (pymispPyMISP method) 9attributes_statistics() (pymispPyMISP
method) 9
Bbuild_complex_query() (pymispPyMISP
method) 9
Ccache_all_feeds() (pymispPyMISP method) 9cache_feed() (pymispPyMISP method) 9cache_freetext_feeds() (pymispPyMISP
method) 9cache_misp_feeds() (pymispPyMISP method) 9change_sharing_group_on_entity()
(pymispPyMISP method) 9change_user_password() (pymispPyMISP
method) 9clear() (pymispMISPAttribute method) 26clear() (pymispMISPEvent method) 24clear() (pymispMISPObject method) 28clear() (pymispMISPObjectAttribute method) 29clear() (pymispMISPObjectReference method) 31clear() (pymispMISPOrganisation method) 34clear() (pymispMISPTag method) 32clear() (pymispMISPUser method) 33
45
PyMISP Documentation Release main
clear() (pymisptoolsFileObject method) 37clear() (pymisptoolsVTReportObject method) 39communities() (pymispPyMISP method) 9compare_feeds() (pymispPyMISP method) 9contact_event_reporter() (pymispPyMISP
method) 9
Ddefault() (pymispMISPEncode method) 24delegate_event() (pymispPyMISP method) 10delete() (pymispMISPAttribute method) 26delete() (pymispMISPObjectAttribute method) 30delete_attribute() (pymispMISPEvent method)
24delete_attribute() (pymispPyMISP method) 10delete_attribute_proposal()
(pymispPyMISP method) 10delete_event() (pymispPyMISP method) 10delete_event_blacklist() (pymispPyMISP
method) 10delete_feed() (pymispPyMISP method) 10delete_object() (pymispPyMISP method) 10delete_object_reference() (pymispPyMISP
method) 10delete_organisation() (pymispPyMISP
method) 10delete_organisation_blacklist()
(pymispPyMISP method) 10delete_server() (pymispPyMISP method) 10delete_sharing_group() (pymispPyMISP
method) 10delete_sighting() (pymispPyMISP method) 10delete_tag() (pymispPyMISP method) 11delete_user() (pymispPyMISP method) 11delete_user_setting() (pymispPyMISP
method) 11describe_types_local() (pymispPyMISP prop-
erty) 11describe_types_remote() (pymispPyMISP
property) 11direct_call() (pymispPyMISP method) 11disable_feed() (pymispPyMISP method) 11disable_feed_cache() (pymispPyMISP method)
11disable_noticelist() (pymispPyMISP method)
11disable_tag() (pymispPyMISP method) 11disable_taxonomy() (pymispPyMISP method) 11disable_taxonomy_tags() (pymispPyMISP
method) 11disable_warninglist() (pymispPyMISP
method) 11discard_attribute_proposal()
(pymispPyMISP method) 12
Eedited() (pymispAbstractMISP property) 23edited() (pymispMISPAttribute property) 26edited() (pymispMISPEvent property) 24edited() (pymispMISPObject property) 28edited() (pymispMISPObjectAttribute property) 30edited() (pymispMISPObjectReference property) 31edited() (pymispMISPOrganisation property) 34edited() (pymispMISPTag property) 32edited() (pymispMISPUser property) 33edited() (pymisptoolsFileObject property) 37edited() (pymisptoolsVTReportObject property) 39enable_feed() (pymispPyMISP method) 12enable_feed_cache() (pymispPyMISP method)
12enable_noticelist() (pymispPyMISP method)
12enable_tag() (pymispPyMISP method) 12enable_taxonomy() (pymispPyMISP method) 12enable_taxonomy_tags() (pymispPyMISP
method) 12enable_warninglist() (pymispPyMISP method)
12event_blacklists() (pymispPyMISP method) 12event_delegations() (pymispPyMISP method)
12ExpandedPyMISP (in module pymisp) 23
Ffeeds() (pymispPyMISP method) 12fetch_feed() (pymispPyMISP method) 12FileObject (class in pymisptools) 37freetext() (pymispPyMISP method) 12from_dict() (pymispAbstractMISP method) 23from_dict() (pymispMISPAttribute method) 27from_dict() (pymispMISPEvent method) 25from_dict() (pymispMISPObject method) 28from_dict() (pymispMISPObjectAttribute method)
30from_dict() (pymispMISPObjectReference method)
31from_dict() (pymispMISPOrganisation method) 34from_dict() (pymispMISPTag method) 32from_dict() (pymispMISPUser method) 33from_dict() (pymisptoolsFileObject method) 37from_dict() (pymisptoolsVTReportObject method)
39from_json() (pymispAbstractMISP method) 23from_json() (pymispMISPAttribute method) 27from_json() (pymispMISPEvent method) 25from_json() (pymispMISPObject method) 28from_json() (pymispMISPObjectAttribute method)
30
46 Index
PyMISP Documentation Release main
from_json() (pymispMISPObjectReference method)31
from_json() (pymispMISPOrganisation method) 34from_json() (pymispMISPTag method) 32from_json() (pymispMISPUser method) 33from_json() (pymisptoolsFileObject method) 37from_json() (pymisptoolsVTReportObject method)
39
Ggalaxies() (pymispPyMISP method) 12generate_attributes() (pymisptoolsFileObject
method) 37generate_attributes()
(pymisptoolsVTReportObject method)39
get() (pymispMISPAttribute method) 27get() (pymispMISPEvent method) 25get() (pymispMISPObject method) 28get() (pymispMISPObjectAttribute method) 30get() (pymispMISPObjectReference method) 31get() (pymispMISPOrganisation method) 34get() (pymispMISPTag method) 32get() (pymispMISPUser method) 33get() (pymisptoolsFileObject method) 37get() (pymisptoolsVTReportObject method) 39get_all_functions() (pymispPyMISP method)
13get_attribute() (pymispPyMISP method) 13get_attribute_tag() (pymispMISPEvent
method) 25get_attributes_by_relation()
(pymispMISPObject method) 28get_attributes_by_relation()
(pymisptoolsFileObject method) 37get_attributes_by_relation()
(pymisptoolsVTReportObject method)39
get_community() (pymispPyMISP method) 13get_event() (pymispPyMISP method) 13get_feed() (pymispPyMISP method) 13get_galaxy() (pymispPyMISP method) 13get_noticelist() (pymispPyMISP method) 13get_object() (pymispPyMISP method) 13get_object_by_id() (pymispMISPEvent method)
25get_object_by_uuid() (pymispMISPEvent
method) 25get_object_template() (pymispPyMISP
method) 13get_objects_by_name() (pymispMISPEvent
method) 25get_organisation() (pymispPyMISP method) 13get_sync_config() (pymispPyMISP method) 13
get_tag() (pymispPyMISP method) 13get_taxonomy() (pymispPyMISP method) 13get_user() (pymispPyMISP method) 13get_user_setting() (pymispPyMISP method) 14get_warninglist() (pymispPyMISP method) 14
Hhas_attributes_by_relation()
(pymispMISPObject method) 28has_attributes_by_relation()
(pymisptoolsFileObject method) 37has_attributes_by_relation()
(pymisptoolsVTReportObject method)39
hash_values() (pymispMISPAttribute method) 27hash_values() (pymispMISPObjectAttribute
method) 30
Iimport_server() (pymispPyMISP method) 14items() (pymispMISPAttribute method) 27items() (pymispMISPEvent method) 25items() (pymispMISPObject method) 29items() (pymispMISPObjectAttribute method) 30items() (pymispMISPObjectReference method) 31items() (pymispMISPOrganisation method) 34items() (pymispMISPTag method) 32items() (pymispMISPUser method) 33items() (pymisptoolsFileObject method) 38items() (pymisptoolsVTReportObject method) 39
Jjsonable() (pymispAbstractMISP method) 23jsonable() (pymispMISPAttribute method) 27jsonable() (pymispMISPEvent method) 25jsonable() (pymispMISPObject method) 29jsonable() (pymispMISPObjectAttribute method)
30jsonable() (pymispMISPObjectReference method)
31jsonable() (pymispMISPOrganisation method) 34jsonable() (pymispMISPTag method) 32jsonable() (pymispMISPUser method) 33jsonable() (pymisptoolsFileObject method) 38jsonable() (pymisptoolsVTReportObject method)
39
Kkeys() (pymispMISPAttribute method) 27keys() (pymispMISPEvent method) 25keys() (pymispMISPObject method) 29keys() (pymispMISPObjectAttribute method) 30keys() (pymispMISPObjectReference method) 31keys() (pymispMISPOrganisation method) 34
Index 47
PyMISP Documentation Release main
keys() (pymispMISPTag method) 32keys() (pymispMISPUser method) 33keys() (pymisptoolsFileObject method) 38keys() (pymisptoolsVTReportObject method) 39known_types() (pymispMISPAttribute property) 27known_types() (pymispMISPObjectAttribute prop-
erty) 30
Lload() (pymispMISPEvent method) 25load_default_feeds() (pymispPyMISP method)
14load_file() (pymispMISPEvent method) 25load_openioc() (pymisptools method) 40load_openioc_file() (pymisptools method) 40load_stix() (in module pymisptoolsstix) 40
Mmake_stix_package() (in module
pymisptoolsstix) 40malware_binary() (pymispMISPAttribute prop-
erty) 27malware_binary() (pymispMISPObjectAttribute
property) 30misp_instance_version() (pymispPyMISP
property) 14misp_instance_version_master()
(pymispPyMISP property) 14MISPAttribute (class in pymisp) 26MISPEncode (class in pymisp) 24MISPEvent (class in pymisp) 24MISPObject (class in pymisp) 28MISPObjectAttribute (class in pymisp) 29MISPObjectReference (class in pymisp) 31MISPOrganisation (class in pymisp) 34MISPTag (class in pymisp) 32MISPUser (class in pymisp) 33module
pymisp 7pymisptools 37pymisptoolsstix 40
Nnoticelists() (pymispPyMISP method) 14
Oobject_templates() (pymispPyMISP method) 14organisation_blacklists() (pymispPyMISP
method) 14organisations() (pymispPyMISP method) 14
Ppop() (pymispMISPAttribute method) 27
pop() (pymispMISPEvent method) 25pop() (pymispMISPObject method) 29pop() (pymispMISPObjectAttribute method) 30pop() (pymispMISPObjectReference method) 31pop() (pymispMISPOrganisation method) 34pop() (pymispMISPTag method) 32pop() (pymispMISPUser method) 33pop() (pymisptoolsFileObject method) 38pop() (pymisptoolsVTReportObject method) 39popitem() (pymispMISPAttribute method) 27popitem() (pymispMISPEvent method) 25popitem() (pymispMISPObject method) 29popitem() (pymispMISPObjectAttribute method) 30popitem() (pymispMISPObjectReference method) 31popitem() (pymispMISPOrganisation method) 34popitem() (pymispMISPTag method) 32popitem() (pymispMISPUser method) 33popitem() (pymisptoolsFileObject method) 38popitem() (pymisptoolsVTReportObject method) 39publish() (pymispMISPEvent method) 25publish() (pymispPyMISP method) 14push_event_to_ZMQ() (pymispPyMISP method)
14pymisp
module 7PyMISP (class in pymisp) 7pymisptools
module 37pymisptoolsstix
module 40pymisp_version_main() (pymispPyMISP prop-
erty) 15
Rrecommended_pymisp_version()
(pymispPyMISP property) 15remote_acl() (pymispPyMISP method) 15remove_org_from_sharing_group()
(pymispPyMISP method) 15remove_server_from_sharing_group()
(pymispPyMISP method) 15roles() (pymispPyMISP method) 15
Ssearch() (pymispPyMISP method) 15search_feeds() (pymispPyMISP method) 17search_index() (pymispPyMISP method) 18search_logs() (pymispPyMISP method) 18search_sightings() (pymispPyMISP method) 19server_pull() (pymispPyMISP method) 20server_push() (pymispPyMISP method) 20servers() (pymispPyMISP method) 20set_date() (pymispMISPEvent method) 25
48 Index
PyMISP Documentation Release main
set_not_jsonable() (pymispAbstractMISPmethod) 23
set_not_jsonable() (pymispMISPAttributemethod) 27
set_not_jsonable() (pymispMISPEvent method)25
set_not_jsonable() (pymispMISPObjectmethod) 29
set_not_jsonable() (pymispMISPObjectAttributemethod) 30
set_not_jsonable()(pymispMISPObjectReference method)31
set_not_jsonable() (pymispMISPOrganisationmethod) 35
set_not_jsonable() (pymispMISPTag method)32
set_not_jsonable() (pymispMISPUser method)33
set_not_jsonable() (pymisptoolsFileObjectmethod) 38
set_not_jsonable()(pymisptoolsVTReportObject method)39
set_user_setting() (pymispPyMISP method) 20setdefault() (pymispMISPAttribute method) 27setdefault() (pymispMISPEvent method) 25setdefault() (pymispMISPObject method) 29setdefault() (pymispMISPObjectAttribute
method) 30setdefault() (pymispMISPObjectReference
method) 31setdefault() (pymispMISPOrganisation method)
35setdefault() (pymispMISPTag method) 33setdefault() (pymispMISPUser method) 34setdefault() (pymisptoolsFileObject method) 38setdefault() (pymisptoolsVTReportObject
method) 40sharing_groups() (pymispPyMISP method) 20sightings() (pymispPyMISP method) 20
Ttag() (pymispPyMISP method) 20tags() (pymispMISPAttribute property) 27tags() (pymispMISPEvent property) 26tags() (pymispMISPObjectAttribute property) 30tags() (pymispPyMISP method) 20tags_statistics() (pymispPyMISP method) 20taxonomies() (pymispPyMISP method) 20to_dict() (pymispAbstractMISP method) 23to_dict() (pymispMISPAttribute method) 27to_dict() (pymispMISPEvent method) 26to_dict() (pymispMISPObject method) 29
to_dict() (pymispMISPObjectAttribute method) 30to_dict() (pymispMISPObjectReference method) 32to_dict() (pymispMISPOrganisation method) 35to_dict() (pymispMISPTag method) 33to_dict() (pymispMISPUser method) 34to_dict() (pymisptoolsFileObject method) 38to_dict() (pymisptoolsVTReportObject method) 40to_feed() (pymispMISPEvent method) 26to_json() (pymispAbstractMISP method) 23to_json() (pymispMISPAttribute method) 27to_json() (pymispMISPEvent method) 26to_json() (pymispMISPObject method) 29to_json() (pymispMISPObjectAttribute method) 31to_json() (pymispMISPObjectReference method) 32to_json() (pymispMISPOrganisation method) 35to_json() (pymispMISPTag method) 33to_json() (pymispMISPUser method) 34to_json() (pymisptoolsFileObject method) 38to_json() (pymisptoolsVTReportObject method) 40toggle_warninglist() (pymispPyMISP method)
20
Uunpublish() (pymispMISPEvent method) 26untag() (pymispPyMISP method) 21update() (pymispMISPAttribute method) 28update() (pymispMISPEvent method) 26update() (pymispMISPObject method) 29update() (pymispMISPObjectAttribute method) 31update() (pymispMISPObjectReference method) 32update() (pymispMISPOrganisation method) 35update() (pymispMISPTag method) 33update() (pymispMISPUser method) 34update() (pymisptoolsFileObject method) 38update() (pymisptoolsVTReportObject method) 40update_attribute() (pymispPyMISP method) 21update_attribute_proposal()
(pymispPyMISP method) 21update_event() (pymispPyMISP method) 21update_event_blacklist() (pymispPyMISP
method) 21update_feed() (pymispPyMISP method) 21update_galaxies() (pymispPyMISP method) 21update_not_jsonable() (pymispAbstractMISP
method) 23update_not_jsonable() (pymispMISPAttribute
method) 28update_not_jsonable() (pymispMISPEvent
method) 26update_not_jsonable() (pymispMISPObject
method) 29update_not_jsonable()
(pymispMISPObjectAttribute method) 31
Index 49
PyMISP Documentation Release main
update_not_jsonable()(pymispMISPObjectReference method)32
update_not_jsonable()(pymispMISPOrganisation method) 35
update_not_jsonable() (pymispMISPTagmethod) 33
update_not_jsonable() (pymispMISPUsermethod) 34
update_not_jsonable() (pymisptoolsFileObjectmethod) 38
update_not_jsonable()(pymisptoolsVTReportObject method)40
update_noticelists() (pymispPyMISP method)21
update_object() (pymispPyMISP method) 21update_object_templates() (pymispPyMISP
method) 21update_organisation() (pymispPyMISP
method) 21update_organisation_blacklist()
(pymispPyMISP method) 21update_server() (pymispPyMISP method) 22update_tag() (pymispPyMISP method) 22update_taxonomies() (pymispPyMISP method)
22update_user() (pymispPyMISP method) 22update_warninglists() (pymispPyMISP
method) 22upload_stix() (pymispPyMISP method) 22user_registrations() (pymispPyMISP method)
22user_settings() (pymispPyMISP method) 22users() (pymispPyMISP method) 22users_statistics() (pymispPyMISP method) 22
Vvalues() (pymispMISPAttribute method) 28values() (pymispMISPEvent method) 26values() (pymispMISPObject method) 29values() (pymispMISPObjectAttribute method) 31values() (pymispMISPObjectReference method) 32values() (pymispMISPOrganisation method) 35values() (pymispMISPTag method) 33values() (pymispMISPUser method) 34values() (pymisptoolsFileObject method) 38values() (pymisptoolsVTReportObject method) 40values_in_warninglist() (pymispPyMISP
method) 22version() (pymispPyMISP property) 22VTReportObject (class in pymisptools) 38
Wwarninglists() (pymispPyMISP method) 22
50 Index
- README
- pymisp
- PyMISP
- PyMISPExpanded (Python 36+ only)
- MISPAbstract
- MISPEncode
- MISPEvent
- MISPAttribute
- MISPObject
- MISPObjectAttribute
- MISPObjectReference
- MISPTag
- MISPUser
- MISPOrganisation
- pymisp - Tools
- File Object
- ELF Object
- PE Object
- Mach-O Object
- VT Report Object
- STIX
- OpenIOC
- Indices and tables
- Python Module Index
- Index
CHAPTER
TWO
PYMISP
21 PyMISP
class pymispPyMISP(url key ssl=True debug=False proxies= cert=None auth=None tool=timeout=None)
Python API for MISP
Parameters
bull url (str) ndash URL of the MISP instance you want to connect to
bull key (str) ndash API key of the user you want to use
bull ssl (bool) ndash can be True or False (to check or to not check the validity of the certificateOr a CA_BUNDLE in case of self signed or other certificate (the concatenation of all thecrt of the chain)
bull debug (bool) ndash Write all the debug information to stderr
bull proxies (Mapping) ndash Proxy dict as describes here httpdocspython-requestsorgenmasteruseradvancedproxies
bull cert (Optional[Tuple[str tuple]]) ndash Client certificate as described there httpdocspython-requestsorgenmasteruseradvancedclient-side-certificates
bull auth (Optional[AuthBase]) ndash The auth parameter is passed directly to requests asdescribed here httpdocspython-requestsorgenmasteruserauthentication
bull tool (str) ndash The software using PyMISP (string) used to set a unique user-agent
bull timeout (Union[float Tuple[float float] None]) ndash Timeout as describedhere httpsrequestsreadthedocsioenmasteruseradvancedtimeouts
accept_attribute_proposal(proposal)Accept a proposal
Return type Dict
add_attribute(event attribute pythonify=False)Add an attribute to an existing MISP event NOTE MISP 24113+ you can pass a list of attributes Inthat case the pythonified response is the following lsquoattributesrsquo [MISPAttribute] lsquoerrorsrsquo errors byattributes
Return type Union[Dict MISPAttribute MISPShadowAttribute]
add_attribute_proposal(event attribute pythonify=False)Propose a new attribute in an event
Return type Union[Dict MISPShadowAttribute]
7
PyMISP Documentation Release main
add_event(event pythonify=False)Add a new event on a MISP instance
Return type Union[Dict MISPEvent]
add_event_blacklist(uuids comment=None event_info=None event_orgc=None)Add a new event in the blacklist
Return type Dict
add_feed(feed pythonify=False)Add a new feed on a MISP instance
Return type Union[Dict MISPFeed]
add_object(event misp_object pythonify=False)Add a MISP Object to an existing MISP event
Return type Union[Dict MISPObject]
add_object_reference(misp_object_reference pythonify=False)Add a reference to an object
Return type Union[Dict MISPObjectReference]
add_org_to_sharing_group(sharing_group organisation extend=False)Add an organisation to a sharing group sharing_group Sharing grouprsquos local instance ID or Sharinggrouprsquos global UUID organisation Organisationrsquos local instance ID or Organisationrsquos global UUID orOrganisationrsquos name as known to the curent instance extend Allow the organisation to extend the group
Return type Dict
add_organisation(organisation pythonify=False)Add an organisation
Return type Union[Dict MISPOrganisation]
add_organisation_blacklist(uuids comment=None org_name=None)Add a new organisation in the blacklist
Return type Dict
add_server(server pythonify=False)Add a server to synchronise with Note You probably want to use ExpandedPyMISPget_sync_config andExpandedPyMISPimport_server instead
Return type Union[Dict MISPServer]
add_server_to_sharing_group(sharing_group server all_orgs=False)Add a server to a sharing group sharing_group Sharing grouprsquos local instance ID or Sharing grouprsquosglobal UUID server Serverrsquos local instance ID or URL of the Server or Serverrsquos name as known to thecurent instance all_orgs Add all the organisations of the server to the group
Return type Dict
add_sharing_group(sharing_group pythonify=False)Add a new sharing group
Return type Union[Dict MISPSharingGroup]
add_sighting(sighting attribute=None pythonify=False)Add a new sighting (globally or to a specific attribute)
Return type Union[Dict MISPSighting]
8 Chapter 2 pymisp
PyMISP Documentation Release main
add_tag(tag pythonify=False)Add a new tag on a MISP instance Notes
bull The user calling this method needs the Tag Editor permission
bull It doesnrsquot add a tag to an event simply create it on a MISP instance
Return type Union[Dict MISPTag]
add_user(user pythonify=False)Add a new user
Return type Union[Dict MISPUser]
attributes_statistics(context=type percentage=False)Get attributes statistics from the MISP instance
Return type Dict
build_complex_query(or_parameters=None and_parameters=None not_parameters=None)Build a complex search query MISP expects a dictionary with AND OR and NOT keys
Return type Dict[str List[~SearchType]]
cache_all_feeds()Cache all the feeds
Return type Dict
cache_feed(feed)Cache a specific feed
Return type Dict
cache_freetext_feeds()Cache all the freetext feeds
Return type Dict
cache_misp_feeds()Cache all the MISP feeds
Return type Dict
change_sharing_group_on_entity(misp_entity sharing_group_id pythonify=False)Change the sharing group of an event an attribute or an object
Return type Union[Dict MISPEvent MISPObject MISPAttributeMISPShadowAttribute]
change_user_password(new_password)Thange the password of the curent user
Return type Dict
communities(pythonify=False)Get all the communities
Return type Union[Dict List[MISPCommunity]]
compare_feeds()Generate the comparison matrix for all the MISP feeds
Return type Dict
21 PyMISP 9
PyMISP Documentation Release main
contact_event_reporter(event message)Send a message to the reporter of an event
Return type Dict
delegate_event(event=None organisation=None event_delegation=None distribution=- 1 mes-sage= pythonify=False)
Note distribution == -1 means recipient decides
Return type Union[Dict MISPEventDelegation]
delete_attribute(attribute hard=False)Delete an attribute from a MISP instance
Return type Dict
delete_attribute_proposal(attribute)Propose the deletion of an attribute
Return type Dict
delete_event(event)Delete an event from a MISP instance
Return type Dict
delete_event_blacklist(event_blacklist)Delete a blacklisted event
Return type Dict
delete_feed(feed)Delete a feed from a MISP instance
Return type Dict
delete_object(misp_object)Delete an object from a MISP instance
Return type Dict
delete_object_reference(object_reference)Delete a reference to an object
Return type Dict
delete_organisation(organisation)Delete an organisation
Return type Dict
delete_organisation_blacklist(organisation_blacklist)Delete a blacklisted organisation
Return type Dict
delete_server(server)Delete a sync server
Return type Dict
delete_sharing_group(sharing_group)Delete a sharing group
Return type Dict
10 Chapter 2 pymisp
PyMISP Documentation Release main
delete_sighting(sighting)Delete a sighting from a MISP instance
Return type Dict
delete_tag(tag)Delete an attribute from a MISP instance
Return type Dict
delete_user(user)Delete a user
Return type Dict
delete_user_setting(user_setting user=None)Delete a user setting
Return type Dict
property describe_types_localReturns the content of describe types from the package
Return type Dict
property describe_types_remoteReturns the content of describe types from the remote instance
Return type Dict
direct_call(url data=None params= kw_params=)Very lightweight call that posts a data blob (python dictionary or json string) on the URL
Return type Any
disable_feed(feed pythonify=False)Disable a feed
Return type Union[Dict MISPFeed]
disable_feed_cache(feed pythonify=False)Disable the caching of a feed
Return type Union[Dict MISPFeed]
disable_noticelist(noticelist)Disable a noticelist by id
Return type Dict
disable_tag(tag pythonify=False)Disable a tag
Return type Union[Dict MISPTag]
disable_taxonomy(taxonomy)Disable a taxonomy
Return type Dict
disable_taxonomy_tags(taxonomy)Disable all the tags of a taxonomy
Return type Dict
disable_warninglist(warninglist)Disable a warninglist
21 PyMISP 11
PyMISP Documentation Release main
Return type Dict
discard_attribute_proposal(proposal)Discard a proposal
Return type Dict
enable_feed(feed pythonify=False)Enable a feed (fetching it will create event(s)
Return type Union[Dict MISPFeed]
enable_feed_cache(feed pythonify=False)Enable the caching of a feed
Return type Union[Dict MISPFeed]
enable_noticelist(noticelist)Enable a noticelist by id
Return type Dict
enable_tag(tag pythonify=False)Enable a tag
Return type Union[Dict MISPTag]
enable_taxonomy(taxonomy)Enable a taxonomy
Return type Dict
enable_taxonomy_tags(taxonomy)Enable all the tags of a taxonomy NOTE this automatically done when you call enable_taxonomy
Return type Dict
enable_warninglist(warninglist)Enable a warninglist
Return type Dict
event_blacklists(pythonify=False)Get all the blacklisted events
Return type Union[Dict List[MISPEventBlacklist]]
event_delegations(pythonify=False)Get all the event delegations
Return type Union[Dict List[MISPEventDelegation]]
feeds(pythonify=False)Get the list of existing feeds
Return type Union[Dict List[MISPFeed]]
fetch_feed(feed)Fetch one single feed
Return type Dict
freetext(event string adhereToWarninglists=False distribution=None returnMetaAttributes=Falsepythonify=False kwargs)
Pass a text to the freetext importer
Return type Union[Dict List[MISPAttribute]]
12 Chapter 2 pymisp
PyMISP Documentation Release main
galaxies(pythonify=False)Get all the galaxies
Return type Union[Dict List[MISPGalaxy]]
get_all_functions(not_implemented=False)Get all methods available vi the API allow to get the ones that are not implemented
get_attribute(attribute pythonify=False)Get an attribute from a MISP instance
Return type Union[Dict MISPAttribute]
get_community(community pythonify=False)Get an community from a MISP instance
Return type Union[Dict MISPCommunity]
get_event(event deleted=False extended=False pythonify=False)Get an event from a MISP instance
Return type Union[Dict MISPEvent]
get_feed(feed pythonify=False)Get a feed by id
Return type Union[Dict MISPFeed]
get_galaxy(galaxy pythonify=False)Get a galaxy by id
Return type Union[Dict MISPGalaxy]
get_noticelist(noticelist pythonify=False)Get a noticelist by id
Return type Union[Dict MISPNoticelist]
get_object(misp_object pythonify=False)Get an object from the remote MISP instance
Return type Union[Dict MISPObject]
get_object_template(object_template pythonify=False)Gets the full object template corresponting the UUID passed as parameter
Return type Union[Dict MISPObjectTemplate]
get_organisation(organisation pythonify=False)Get an organisation
Return type Union[Dict MISPOrganisation]
get_sync_config(pythonify=False)WARNING This method only works if the user calling it is a sync user
Return type Union[Dict MISPServer]
get_tag(tag pythonify=False)Get a tag by id
Return type Union[Dict MISPTag]
get_taxonomy(taxonomy pythonify=False)Get a taxonomy from a MISP instance
Return type Union[Dict MISPTaxonomy]
21 PyMISP 13
PyMISP Documentation Release main
get_user(user=me pythonify=False expanded=False)Get a user me means the owner of the API key doing the query expanded also returns a MISPRole and aMISPUserSetting
Return type Union[Dict MISPUser Tuple[MISPUser MISPRoleList[MISPUserSetting]]]
get_user_setting(user_setting user=None pythonify=False)Get an user setting
Return type Union[Dict MISPUserSetting]
get_warninglist(warninglist pythonify=False)Get a warninglist
Return type Union[Dict MISPWarninglist]
import_server(server pythonify=False)Import a sync server config received from get_sync_config
Return type Union[Dict MISPServer]
load_default_feeds()Load all the default feeds
Return type Dict
property misp_instance_versionReturns the version of the instance
Return type Dict
property misp_instance_version_masterGet the most recent version from github
Return type Dict
noticelists(pythonify=False)Get all the noticelists
Return type Union[Dict List[MISPNoticelist]]
object_templates(pythonify=False)Get all the object templates
Return type Union[Dict List[MISPObjectTemplate]]
organisation_blacklists(pythonify=False)Get all the blacklisted organisations
Return type Union[Dict List[MISPOrganisationBlacklist]]
organisations(scope=local pythonify=False)Get all the organisations
Return type Union[Dict List[MISPOrganisation]]
publish(event alert=False)Publish the event with one single HTTP POST The default is to not send a mail as it is assumed thismethod is called on update
Return type Dict
push_event_to_ZMQ(event)Force push an event on ZMQ
14 Chapter 2 pymisp
PyMISP Documentation Release main
Return type Dict
property pymisp_version_mainGet the most recent version of PyMISP from github
Return type Dict
property recommended_pymisp_versionReturns the recommended API version from the server
Return type Dict
remote_acl(debug_type=findMissingFunctionNames)This should return an empty list unless the ACL is outdated debug_type can only be printAllFunction-Names findMissingFunctionNames or printRoleAccess
Return type Dict
remove_org_from_sharing_group(sharing_group organisation)Remove an organisation from a sharing group sharing_group Sharing grouprsquos local instance ID orSharing grouprsquos global UUID organisation Organisationrsquos local instance ID or Organisationrsquos globalUUID or Organisationrsquos name as known to the curent instance
Return type Dict
remove_server_from_sharing_group(sharing_group server)Remove a server from a sharing group sharing_group Sharing grouprsquos local instance ID or Sharinggrouprsquos global UUID server Serverrsquos local instance ID or URL of the Server or Serverrsquos name as knownto the curent instance
Return type Dict
roles(pythonify=False)Get the existing roles
Return type Union[Dict List[MISPRole]]
search(controller=events return_format=json limit=None page=None value=Nonetype_attribute=None category=None org=None tags=None quick_filter=None quick-Filter=None date_from=None date_to=None eventid=None with_attachments=NonewithAttachments=None metadata=None uuid=None publish_timestamp=Nonelast=None timestamp=None published=None enforce_warninglist=None enforceWarn-inglist=None to_ids=None deleted=None include_event_uuid=None includeEventU-uid=None include_event_tags=None includeEventTags=None event_timestamp=Nonesg_reference_only=None eventinfo=None searchall=None requested_attributes=None in-clude_context=None includeContext=None headerless=None include_sightings=NoneincludeSightings=None include_correlations=None includeCorrelations=None in-clude_decay_score=None includeDecayScore=None object_name=None pythonify=Falsekwargs)
Search in the MISP instance
Parameters
bull return_format (str) ndash Set the return format of the search (Currently supported jsonxml openioc suricata snort - more formats are being moved to restSearch with the goalbeing that all searches happen through this API) Can be passed as the first parameter afterrestSearch or via the JSON payload
bull limit (Optional[int]) ndash Limit the number of results returned depending on thescope (for example 10 attributes or 10 full events)
bull page (Optional[int]) ndash If a limit is set sets the page to be returned page 3 limit 100will return records 201-gt300)
21 PyMISP 15
PyMISP Documentation Release main
bull value (Optional[~SearchParameterTypes]) ndash Search for the given value in the at-tributesrsquo value field
bull type_attribute (Optional[~SearchParameterTypes]) ndash The attribute type anyvalid MISP attribute type is accepted
bull category (Optional[~SearchParameterTypes]) ndash The attribute category any validMISP attribute category is accepted
bull org (Optional[~SearchParameterTypes]) ndash Search by the creator organisation by sup-plying the organisation identifier
bull tags (Optional[~SearchParameterTypes]) ndash Tags to search or to exclude You canpass a list or the output of build_complex_query
bull quick_filter (Optional[str]) ndash The string passed to this field will ignore all ofthe other arguments MISP will return an xml json (depending on the header sent) of allevents that have a sub-string match on value in the event info event orgc or any of theattribute value1 value2 fields or in the attribute comment
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull eventid (Optional[~SearchType]) ndash The events that should be included excludedfrom the search
bull with_attachments (Optional[bool]) ndash If set encodes the attachments zippedmalware samples as base64 in the data field within each attribute
bull metadata (Optional[bool]) ndash Only the metadata (event tags relations) is returnedattributes and proposals are omitted
bull uuid (Optional[str]) ndash Restrict the results by uuid
bull publish_timestamp (Union[date int str float NoneTuple[Union[date int str float None] Union[date int str floatNone]]]) ndash Restrict the results by the last publish timestamp (newer than)
bull timestamp (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash Restrict the resultsby the timestamp (last edit) Any event with a timestamp newer than the given timestampwill be returned In case you are dealing with attributes as scope the attributersquos timestampwill be used for the lookup
bull published (Optional[bool]) ndash Set whether published or unpublished events shouldbe returned Do not set the parameter if you want both
bull enforce_warninglist (Optional[bool]) ndash Remove any attributes from the resultthat would cause a hit on a warninglist entry
bull to_ids (Union[~ToIDSType List[~ToIDSType] None]) ndash By default all attributesare returned that match the other filter parameters irregardless of their to_ids setting Torestrict the returned data set to to_ids only attributes set this parameter to 1 0 for the oneswith to_ids set to False
bull deleted (Optional[str]) ndash If this parameter is set to 1 it will only return soft-deletedattributes [ldquo0rdquo ldquo1rdquo] will return the active ones as well as the soft-deleted ones
bull include_event_uuid (Optional[bool]) ndash Instead of just including the event IDalso include the event UUID in each of the attributes
16 Chapter 2 pymisp
PyMISP Documentation Release main
bull include_event_tags (Optional[bool]) ndash Include the event level tags in each ofthe attributes
bull event_timestamp (Union[date int str float None]) ndash Only return at-tributes from events that have received a modification after the given timestamp
bull sg_reference_only (Optional[bool]) ndash If this flag is set sharing group objectswill not be included instead only the sharing group ID is set
bull eventinfo (Optional[str]) ndash Filter on the eventrsquos info field
bull searchall (Optional[bool]) ndash Search for a full or a substring (delimited by forsubstrings) in the event info event tags attribute tags attribute values or attribute commentfields
bull requested_attributes (Optional[str]) ndash [CSV only] Select the fields that youwish to include in the CSV export By setting event level fields additionally includeCon-text is not required to get event metadata
bull include_context (Optional[bool]) ndash [Attribute only] Include the event data witheach attribute [CSV output] Add event level metadata in every line of the CSV
bull headerless (Optional[bool]) ndash [CSV Only] The CSV created when this setting isset to true will not contain the header row
bull include_sightings (Optional[bool]) ndash [JSON Only - Attribute] Include thesightings of the matching attributes
bull include_decay_score (Optional[bool]) ndash Include the decay score at attributelevel
bull include_correlations (Optional[bool]) ndash [JSON Only - attribute] Include thecorrelations of the matching attributes
bull object_name (Optional[str]) ndash [objects controller only] Search for objects withthat name
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead of the plainjson output Warning it might use a lot of RAM
Deprecated
Parameters
bull quickFilter (Optional[str]) ndash synponym for quick_filter
bull withAttachments (Optional[bool]) ndash synonym for with_attachments
bull last (Union[date int str float None Tuple[Union[date int strfloat None] Union[date int str float None]]]) ndash synonym for pub-lish_timestamp
bull enforceWarninglist (Optional[bool]) ndash synonym for enforce_warninglist
bull includeEventUuid (Optional[bool]) ndash synonym for include_event_uuid
bull includeEventTags (Optional[bool]) ndash synonym for include_event_tags
bull includeContext (Optional[bool]) ndash synonym for include_context
Return type Union[Dict str List[Union[MISPEvent MISPAttributeMISPObject]]]
search_feeds(value=None pythonify=False)Search in the feeds cached on the servers
21 PyMISP 17
PyMISP Documentation Release main
Return type Union[Dict List[MISPFeed]]
search_index(published=None eventid=None tags=None date_from=None date_to=Noneeventinfo=None threatlevel=None distribution=None analysis=None org=Nonetimestamp=None pythonify=None)
Search only at the index level Using in front of a value means NOT (default is OR)
Parameters
bull published (Optional[bool]) ndash Set whether published or unpublished events shouldbe returned Do not set the parameter if you want both
bull eventid (Optional[~SearchType]) ndash The events that should be included excludedfrom the search
bull tags (Optional[~SearchParameterTypes]) ndash Tags to search or to exclude You canpass a list or the output of build_complex_query
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull eventinfo (Optional[str]) ndash Filter on the eventrsquos info field
bull threatlevel (Optional[List[~SearchType]]) ndash Threat level(s) (1234) | list
bull distribution (Optional[List[~SearchType]]) ndash Distribution level(s) (0123) |list
bull analysis (Optional[List[~SearchType]]) ndash Analysis level(s) (012) | list
bull org (Optional[~SearchParameterTypes]) ndash Search by the creator organisation by sup-plying the organisation identifier
bull timestamp (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash Restrict the resultsby the timestamp (last edit) Any event with a timestamp newer than the given timestampwill be returned In case you are dealing with attributes as scope the attributersquos timestampwill be used for the lookup
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead or the plainjson output Warning it might use a lot of RAM
Return type Union[Dict List[MISPEvent]]
search_logs(limit=None page=None log_id=None title=None created=None model=None ac-tion=None user_id=None change=None email=None org=None description=Noneip=None pythonify=False)
Search in logs
Note to run substring queries simply appendprependencapsulate the search term with
Parameters
bull limit (Optional[int]) ndash Limit the number of results returned depending on thescope (for example 10 attributes or 10 full events)
bull page (Optional[int]) ndash If a limit is set sets the page to be returned page 3 limit 100will return records 201-gt300)
bull log_id (Optional[int]) ndash Log ID
bull title (Optional[str]) ndash Log Title
18 Chapter 2 pymisp
PyMISP Documentation Release main
bull created (Union[date int str float None]) ndash Creation timestamp
bull model (Optional[str]) ndash Model name that generated the log entry
bull action (Optional[str]) ndash The thing that was done
bull user_id (Optional[int]) ndash ID of the user doing the action
bull change (Optional[str]) ndash Change that occured
bull email (Optional[str]) ndash Email of the user
bull org (Optional[str]) ndash Organisation of the User doing the action
bull description (Optional[str]) ndash Description of the action
bull ip (Optional[str]) ndash Origination IP of the User doing the action
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead or the plainjson output Warning it might use a lot of RAM
Return type Union[Dict List[MISPLog]]
search_sightings(context=None context_id=None type_sighting=None date_from=Nonedate_to=None publish_timestamp=None last=None org=None source=Noneinclude_attribute=None include_event_meta=None pythonify=False)
Search sightings
Parameters
bull context (Optional[str]) ndash The context of the search Can be either ldquoattributerdquoldquoeventrdquo or nothing (will then match on events and attributes)
bull context_id (Optional[~SearchType]) ndash Only relevant if context is either ldquoattributerdquoor ldquoeventrdquo Then it is the relevant ID
bull type_sighting (Optional[str]) ndash Type of sighting
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull publish_timestamp (Union[date int str float NoneTuple[Union[date int str float None] Union[date int str floatNone]]]) ndash Restrict the results by the last publish timestamp (newer than)
bull org (Optional[~SearchType]) ndash Search by the creator organisation by supplying theorganisation identifier
bull source (Optional[str]) ndash Source of the sighting
bull include_attribute (Optional[bool]) ndash Include the attribute
bull include_event_meta (Optional[bool]) ndash Include the meta information of theevent
Deprecated
Parameters last (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash synonym for pub-lish_timestamp
Example
21 PyMISP 19
PyMISP Documentation Release main
gtgtgt mispsearch_sightings(publish_timestamp=30d) search sightings for therarr˓last 30 days on the instance[ ]gtgtgt mispsearch_sightings(context=attribute context_id=6 include_rarr˓attribute=True) return list of sighting for attribute 6 along with therarr˓attribute itself[ ]gtgtgt mispsearch_sightings(context=event context_id=17 include_event_rarr˓meta=True org=2) return list of sighting for event 17 filtered with orgrarr˓id 2
Return type Union[Dict List[Dict[str Union[MISPEvent MISPAttributeMISPSighting]]]]
server_pull(server event=None)Initialize a pull from a sync server
Return type Dict
server_push(server event=None)Initialize a push to a sync server
Return type Dict
servers(pythonify=False)Get the existing servers the MISP instance can synchronise with
Return type Union[Dict List[MISPServer]]
set_user_setting(user_setting value user=None pythonify=False)Get an user setting
Return type Union[Dict MISPUserSetting]
sharing_groups(pythonify=False)Get the existing sharing groups
Return type Union[Dict List[MISPSharingGroup]]
sightings(misp_entity=None org=None pythonify=False)Get the list of sighting related to a MISPEvent or a MISPAttribute (depending on type of misp_entity)
Return type Union[Dict List[MISPSighting]]
tag(misp_entity tag local=False)Tag an event or an attribute misp_entity can be a MISPEvent a MISP Attribute or a UUID
Return type Dict
tags(pythonify=False)Get the list of existing tags
Return type Union[Dict List[MISPTag]]
tags_statistics(percentage=False name_sort=False)Get tags statistics from the MISP instance
Return type Dict
taxonomies(pythonify=False)Get all the taxonomies
Return type Union[Dict List[MISPTaxonomy]]
20 Chapter 2 pymisp
PyMISP Documentation Release main
toggle_warninglist(warninglist_id=None warninglist_name=None force_enable=False)Toggle (enabledisable) the status of a warninglist by ID type warninglist_id Union[str intList[int] None] param warninglist_id ID of the WarningList type force_enable bool paramforce_enable Force the warning list in the enabled state (does nothing is already enabled)
Return type Dict
untag(misp_entity tag)Untag an event or an attribute misp_entity can be a UUID
Return type Dict
update_attribute(attribute attribute_id=None pythonify=False)Update an attribute on a MISP instance
Return type Union[Dict MISPAttribute MISPShadowAttribute]
update_attribute_proposal(initial_attribute attribute pythonify=False)Propose a change for an attribute
Return type Union[Dict MISPShadowAttribute]
update_event(event event_id=None pythonify=False)Update an event on a MISP instance
Return type Union[Dict MISPEvent]
update_event_blacklist(event_blacklist event_blacklist_id=None pythonify=False)Update an event in the blacklist
Return type Union[Dict MISPEventBlacklist]
update_feed(feed feed_id=None pythonify=False)Update a feed on a MISP instance
Return type Union[Dict MISPFeed]
update_galaxies()Update all the galaxies
Return type Dict
update_noticelists()Update all the noticelists
Return type Dict
update_object(misp_object object_id=None pythonify=False)Update an object on a MISP instance
Return type Union[Dict MISPObject]
update_object_templates()Trigger an update of the object templates
Return type Dict
update_organisation(organisation organisation_id=None pythonify=False)Update an organisation
Return type Union[Dict MISPOrganisation]
update_organisation_blacklist(organisation_blacklist organisation_blacklist_id=Nonepythonify=False)
Update an organisation in the blacklist
Return type Union[Dict MISPOrganisationBlacklist]
21 PyMISP 21
PyMISP Documentation Release main
update_server(server server_id=None pythonify=False)Update a server to synchronise with
Return type Union[Dict MISPServer]
update_tag(tag tag_id=None pythonify=False)Edit only the provided parameters of a tag
Return type Union[Dict MISPTag]
update_taxonomies()Update all the taxonomies
Return type Dict
update_user(user user_id=None pythonify=False)Update an event on a MISP instance
Return type Union[Dict MISPUser]
update_warninglists()Update all the warninglists
Return type Dict
upload_stix(path version=2)Upload a STIX file to MISP param path Path to the STIX on the disk (can be a path-like object or apseudofile) type version str param version Can be 1 or 2
user_registrations(pythonify=False)Get all the user registrations
Return type Union[Dict List[MISPInbox]]
user_settings(pythonify=False)Get all the user settings
Return type Union[Dict List[MISPUserSetting]]
users(pythonify=False)Get all the users
Return type Union[Dict List[MISPUser]]
users_statistics(context=data)Get users statistics from the MISP instance
Return type Dict
values_in_warninglist(value)Check if IOC values are in warninglist
Return type Dict
property versionReturns the version of PyMISP yoursquore curently using
Return type Dict
warninglists(pythonify=False)Get all the warninglists
Return type Union[Dict List[MISPWarninglist]]
22 Chapter 2 pymisp
PyMISP Documentation Release main
22 PyMISPExpanded (Python 36+ only)
pymispExpandedPyMISPalias of pymispapiPyMISP
23 MISPAbstract
class pymispAbstractMISP(kwargs)
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
Return type None
from_json(json_string)Load a JSON string
Return type None
jsonable()This method is used by the JSON encoder
Return type Dict
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
22 PyMISPExpanded (Python 36+ only) 23
PyMISP Documentation Release main
24 MISPEncode
class pymispMISPEncode(args kwargs)
default(obj)Implement this method in a subclass such that it returns a serializable object for o or calls the baseimplementation (to raise a TypeError)
For example to support arbitrary iterators you could implement default like this
def default(self o)try
iterable = iter(o)except TypeError
passelse
return list(iterable) Let the base class default method raise the TypeErrorreturn JSONEncoderdefault(self o)
25 MISPEvent
class pymispMISPEvent(describe_types=None strict_validation=False kwargs)
add_attribute(type value kwargs)Add an attribute type and value are required but you can pass all other parameters supported by MISPAt-tribute
Return type Union[MISPAttribute List[MISPAttribute]]
add_attribute_tag(tag attribute_identifier)Add a tag to an existing attribute raise an Exception if the attribute doesnrsquot exists tag Tag name as astring MISPTag instance or dictionary attribute_identifier can be an ID UUID or the value
Return type List[MISPAttribute]
add_object(obj=None kwargs)Add an object to the Event either by passing a MISPObject or a dictionary
Return type MISPObject
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a tag to the attribute (by name or a MISPTag object)
Return type MISPShadowAttribute
clear()rarr None Remove all items from D
delete_attribute(attribute_id)Delete an attribute you can search by ID or UUID
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
24 Chapter 2 pymisp
PyMISP Documentation Release main
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attribute_tag(attribute_identifier)Return the tags associated to an attribute or an object attribute attribute_identifier can be an ID UUIDor the value
Return type List[MISPTag]
get_object_by_id(object_id)Get an object by ID (the ID is the one set by the server when creating the new object)
Return type MISPObject
get_object_by_uuid(object_uuid)Get an object by UUID (UUID is set by the server when creating the new object)
Return type MISPObject
get_objects_by_name(object_name)Get an object by UUID (UUID is set by the server when creating the new object)
Return type List[MISPObject]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
load(json_event validate=False metadata_only=False)Load a JSON dump from a pseudo file or a JSON string
load_file(event_path validate=False metadata_only=False)Load a JSON dump from a file on the disk
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
publish()Mark the attribute as published
set_date(d=None ignore_invalid=False)Set a date for the event (string datetime or date object)
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
25 MISPEvent 25
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Event
Return type List[MISPTag]
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_feed(valid_distributions=[0 1 2 3 4 5] with_meta=False)Generate a json output for MISP Feed Notes
bull valid_distributions only makes sense if the distribution key is set (ie the event is exported from aMISP instance)
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
unpublish()Mark the attribute as un-published (set publish flag to false)
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
26 MISPAttribute
class pymispMISPAttribute(describe_types=None strict=False)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
26 Chapter 2 pymisp
PyMISP Documentation Release main
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
26 MISPAttribute 27
PyMISP Documentation Release main
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
27 MISPObject
class pymispMISPObject(name strict=False standalone=True default_attributes_parameters=kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
28 Chapter 2 pymisp
PyMISP Documentation Release main
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
28 MISPObjectAttribute
class pymispMISPObjectAttribute(definition)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
28 MISPObjectAttribute 29
PyMISP Documentation Release main
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(object_relation value kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
30 Chapter 2 pymisp
PyMISP Documentation Release main
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
29 MISPObjectReference
class pymispMISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
29 MISPObjectReference 31
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
210 MISPTag
class pymispMISPTag(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
32 Chapter 2 pymisp
PyMISP Documentation Release main
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
211 MISPUser
class pymispMISPUser(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
211 MISPUser 33
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation
class pymispMISPOrganisation
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
34 Chapter 2 pymisp
PyMISP Documentation Release main
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation 35
PyMISP Documentation Release main
36 Chapter 2 pymisp
CHAPTER
THREE
PYMISP - TOOLS
31 File Object
class pymisptoolsFileObject(filepath=None pseudofile=None filename=None kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Contains the logic where all the values of the object are gathered
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
37
PyMISP Documentation Release main
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
32 ELF Object
33 PE Object
34 Mach-O Object
35 VT Report Object
class pymisptoolsVTReportObject(apikey indicator vt_proxies=None kwargs)VirusTotal Report
Apikey VirusTotal API key (private works but only public features are supported right now)
38 Chapter 3 pymisp - Tools
PyMISP Documentation Release main
Indicator IOC to search VirusTotal for
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Parse the VirusTotal report for relevant attributes
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
35 VT Report Object 39
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
36 STIX
pymisptoolsstixload_stix(stix distribution=3 threat_level_id=2 analysis=0)Returns a MISPEvent object from a STIX package
pymisptoolsstixmake_stix_package(misp_event to_json=False to_xml=False)Returns a STIXPackage from a MISPEvent
Optionally can return the package in json or xml
37 OpenIOC
toolsload_openioc()
toolsload_openioc_file()
40 Chapter 3 pymisp - Tools
CHAPTER
FOUR
INDICES AND TABLES
bull genindex
bull modindex
bull search
41
PyMISP Documentation Release main
42 Chapter 4 Indices and tables
PYTHON MODULE INDEX
ppymisp 7pymisptools 37pymisptoolsstix 40
43
PyMISP Documentation Release main
44 Python Module Index
INDEX
AAbstractMISP (class in pymisp) 23accept_attribute_proposal()
(pymispPyMISP method) 7add_attribute() (pymispMISPEvent method) 24add_attribute() (pymispMISPObject method) 28add_attribute() (pymispPyMISP method) 7add_attribute() (pymisptoolsFileObject method)
37add_attribute() (pymisptoolsVTReportObject
method) 39add_attribute_proposal() (pymispPyMISP
method) 7add_attribute_tag() (pymispMISPEvent
method) 24add_attributes() (pymispMISPObject method)
28add_attributes() (pymisptoolsFileObject
method) 37add_attributes() (pymisptoolsVTReportObject
method) 39add_event() (pymispPyMISP method) 7add_event_blacklist() (pymispPyMISP
method) 8add_feed() (pymispPyMISP method) 8add_object() (pymispMISPEvent method) 24add_object() (pymispPyMISP method) 8add_object_reference() (pymispPyMISP
method) 8add_org_to_sharing_group() (pymispPyMISP
method) 8add_organisation() (pymispPyMISP method) 8add_organisation_blacklist()
(pymispPyMISP method) 8add_proposal() (pymispMISPAttribute method) 26add_proposal() (pymispMISPEvent method) 24add_proposal() (pymispMISPObjectAttribute
method) 29add_reference() (pymispMISPObject method) 28add_reference() (pymisptoolsFileObject method)
37add_reference() (pymisptoolsVTReportObject
method) 39add_server() (pymispPyMISP method) 8add_server_to_sharing_group()
(pymispPyMISP method) 8add_shadow_attribute() (pymispMISPAttribute
method) 26add_shadow_attribute() (pymispMISPEvent
method) 24add_shadow_attribute()
(pymispMISPObjectAttribute method) 29add_sharing_group() (pymispPyMISP method) 8add_sighting() (pymispMISPAttribute method) 26add_sighting() (pymispMISPObjectAttribute
method) 29add_sighting() (pymispPyMISP method) 8add_tag() (pymispPyMISP method) 8add_user() (pymispPyMISP method) 9attributes_statistics() (pymispPyMISP
method) 9
Bbuild_complex_query() (pymispPyMISP
method) 9
Ccache_all_feeds() (pymispPyMISP method) 9cache_feed() (pymispPyMISP method) 9cache_freetext_feeds() (pymispPyMISP
method) 9cache_misp_feeds() (pymispPyMISP method) 9change_sharing_group_on_entity()
(pymispPyMISP method) 9change_user_password() (pymispPyMISP
method) 9clear() (pymispMISPAttribute method) 26clear() (pymispMISPEvent method) 24clear() (pymispMISPObject method) 28clear() (pymispMISPObjectAttribute method) 29clear() (pymispMISPObjectReference method) 31clear() (pymispMISPOrganisation method) 34clear() (pymispMISPTag method) 32clear() (pymispMISPUser method) 33
45
PyMISP Documentation Release main
clear() (pymisptoolsFileObject method) 37clear() (pymisptoolsVTReportObject method) 39communities() (pymispPyMISP method) 9compare_feeds() (pymispPyMISP method) 9contact_event_reporter() (pymispPyMISP
method) 9
Ddefault() (pymispMISPEncode method) 24delegate_event() (pymispPyMISP method) 10delete() (pymispMISPAttribute method) 26delete() (pymispMISPObjectAttribute method) 30delete_attribute() (pymispMISPEvent method)
24delete_attribute() (pymispPyMISP method) 10delete_attribute_proposal()
(pymispPyMISP method) 10delete_event() (pymispPyMISP method) 10delete_event_blacklist() (pymispPyMISP
method) 10delete_feed() (pymispPyMISP method) 10delete_object() (pymispPyMISP method) 10delete_object_reference() (pymispPyMISP
method) 10delete_organisation() (pymispPyMISP
method) 10delete_organisation_blacklist()
(pymispPyMISP method) 10delete_server() (pymispPyMISP method) 10delete_sharing_group() (pymispPyMISP
method) 10delete_sighting() (pymispPyMISP method) 10delete_tag() (pymispPyMISP method) 11delete_user() (pymispPyMISP method) 11delete_user_setting() (pymispPyMISP
method) 11describe_types_local() (pymispPyMISP prop-
erty) 11describe_types_remote() (pymispPyMISP
property) 11direct_call() (pymispPyMISP method) 11disable_feed() (pymispPyMISP method) 11disable_feed_cache() (pymispPyMISP method)
11disable_noticelist() (pymispPyMISP method)
11disable_tag() (pymispPyMISP method) 11disable_taxonomy() (pymispPyMISP method) 11disable_taxonomy_tags() (pymispPyMISP
method) 11disable_warninglist() (pymispPyMISP
method) 11discard_attribute_proposal()
(pymispPyMISP method) 12
Eedited() (pymispAbstractMISP property) 23edited() (pymispMISPAttribute property) 26edited() (pymispMISPEvent property) 24edited() (pymispMISPObject property) 28edited() (pymispMISPObjectAttribute property) 30edited() (pymispMISPObjectReference property) 31edited() (pymispMISPOrganisation property) 34edited() (pymispMISPTag property) 32edited() (pymispMISPUser property) 33edited() (pymisptoolsFileObject property) 37edited() (pymisptoolsVTReportObject property) 39enable_feed() (pymispPyMISP method) 12enable_feed_cache() (pymispPyMISP method)
12enable_noticelist() (pymispPyMISP method)
12enable_tag() (pymispPyMISP method) 12enable_taxonomy() (pymispPyMISP method) 12enable_taxonomy_tags() (pymispPyMISP
method) 12enable_warninglist() (pymispPyMISP method)
12event_blacklists() (pymispPyMISP method) 12event_delegations() (pymispPyMISP method)
12ExpandedPyMISP (in module pymisp) 23
Ffeeds() (pymispPyMISP method) 12fetch_feed() (pymispPyMISP method) 12FileObject (class in pymisptools) 37freetext() (pymispPyMISP method) 12from_dict() (pymispAbstractMISP method) 23from_dict() (pymispMISPAttribute method) 27from_dict() (pymispMISPEvent method) 25from_dict() (pymispMISPObject method) 28from_dict() (pymispMISPObjectAttribute method)
30from_dict() (pymispMISPObjectReference method)
31from_dict() (pymispMISPOrganisation method) 34from_dict() (pymispMISPTag method) 32from_dict() (pymispMISPUser method) 33from_dict() (pymisptoolsFileObject method) 37from_dict() (pymisptoolsVTReportObject method)
39from_json() (pymispAbstractMISP method) 23from_json() (pymispMISPAttribute method) 27from_json() (pymispMISPEvent method) 25from_json() (pymispMISPObject method) 28from_json() (pymispMISPObjectAttribute method)
30
46 Index
PyMISP Documentation Release main
from_json() (pymispMISPObjectReference method)31
from_json() (pymispMISPOrganisation method) 34from_json() (pymispMISPTag method) 32from_json() (pymispMISPUser method) 33from_json() (pymisptoolsFileObject method) 37from_json() (pymisptoolsVTReportObject method)
39
Ggalaxies() (pymispPyMISP method) 12generate_attributes() (pymisptoolsFileObject
method) 37generate_attributes()
(pymisptoolsVTReportObject method)39
get() (pymispMISPAttribute method) 27get() (pymispMISPEvent method) 25get() (pymispMISPObject method) 28get() (pymispMISPObjectAttribute method) 30get() (pymispMISPObjectReference method) 31get() (pymispMISPOrganisation method) 34get() (pymispMISPTag method) 32get() (pymispMISPUser method) 33get() (pymisptoolsFileObject method) 37get() (pymisptoolsVTReportObject method) 39get_all_functions() (pymispPyMISP method)
13get_attribute() (pymispPyMISP method) 13get_attribute_tag() (pymispMISPEvent
method) 25get_attributes_by_relation()
(pymispMISPObject method) 28get_attributes_by_relation()
(pymisptoolsFileObject method) 37get_attributes_by_relation()
(pymisptoolsVTReportObject method)39
get_community() (pymispPyMISP method) 13get_event() (pymispPyMISP method) 13get_feed() (pymispPyMISP method) 13get_galaxy() (pymispPyMISP method) 13get_noticelist() (pymispPyMISP method) 13get_object() (pymispPyMISP method) 13get_object_by_id() (pymispMISPEvent method)
25get_object_by_uuid() (pymispMISPEvent
method) 25get_object_template() (pymispPyMISP
method) 13get_objects_by_name() (pymispMISPEvent
method) 25get_organisation() (pymispPyMISP method) 13get_sync_config() (pymispPyMISP method) 13
get_tag() (pymispPyMISP method) 13get_taxonomy() (pymispPyMISP method) 13get_user() (pymispPyMISP method) 13get_user_setting() (pymispPyMISP method) 14get_warninglist() (pymispPyMISP method) 14
Hhas_attributes_by_relation()
(pymispMISPObject method) 28has_attributes_by_relation()
(pymisptoolsFileObject method) 37has_attributes_by_relation()
(pymisptoolsVTReportObject method)39
hash_values() (pymispMISPAttribute method) 27hash_values() (pymispMISPObjectAttribute
method) 30
Iimport_server() (pymispPyMISP method) 14items() (pymispMISPAttribute method) 27items() (pymispMISPEvent method) 25items() (pymispMISPObject method) 29items() (pymispMISPObjectAttribute method) 30items() (pymispMISPObjectReference method) 31items() (pymispMISPOrganisation method) 34items() (pymispMISPTag method) 32items() (pymispMISPUser method) 33items() (pymisptoolsFileObject method) 38items() (pymisptoolsVTReportObject method) 39
Jjsonable() (pymispAbstractMISP method) 23jsonable() (pymispMISPAttribute method) 27jsonable() (pymispMISPEvent method) 25jsonable() (pymispMISPObject method) 29jsonable() (pymispMISPObjectAttribute method)
30jsonable() (pymispMISPObjectReference method)
31jsonable() (pymispMISPOrganisation method) 34jsonable() (pymispMISPTag method) 32jsonable() (pymispMISPUser method) 33jsonable() (pymisptoolsFileObject method) 38jsonable() (pymisptoolsVTReportObject method)
39
Kkeys() (pymispMISPAttribute method) 27keys() (pymispMISPEvent method) 25keys() (pymispMISPObject method) 29keys() (pymispMISPObjectAttribute method) 30keys() (pymispMISPObjectReference method) 31keys() (pymispMISPOrganisation method) 34
Index 47
PyMISP Documentation Release main
keys() (pymispMISPTag method) 32keys() (pymispMISPUser method) 33keys() (pymisptoolsFileObject method) 38keys() (pymisptoolsVTReportObject method) 39known_types() (pymispMISPAttribute property) 27known_types() (pymispMISPObjectAttribute prop-
erty) 30
Lload() (pymispMISPEvent method) 25load_default_feeds() (pymispPyMISP method)
14load_file() (pymispMISPEvent method) 25load_openioc() (pymisptools method) 40load_openioc_file() (pymisptools method) 40load_stix() (in module pymisptoolsstix) 40
Mmake_stix_package() (in module
pymisptoolsstix) 40malware_binary() (pymispMISPAttribute prop-
erty) 27malware_binary() (pymispMISPObjectAttribute
property) 30misp_instance_version() (pymispPyMISP
property) 14misp_instance_version_master()
(pymispPyMISP property) 14MISPAttribute (class in pymisp) 26MISPEncode (class in pymisp) 24MISPEvent (class in pymisp) 24MISPObject (class in pymisp) 28MISPObjectAttribute (class in pymisp) 29MISPObjectReference (class in pymisp) 31MISPOrganisation (class in pymisp) 34MISPTag (class in pymisp) 32MISPUser (class in pymisp) 33module
pymisp 7pymisptools 37pymisptoolsstix 40
Nnoticelists() (pymispPyMISP method) 14
Oobject_templates() (pymispPyMISP method) 14organisation_blacklists() (pymispPyMISP
method) 14organisations() (pymispPyMISP method) 14
Ppop() (pymispMISPAttribute method) 27
pop() (pymispMISPEvent method) 25pop() (pymispMISPObject method) 29pop() (pymispMISPObjectAttribute method) 30pop() (pymispMISPObjectReference method) 31pop() (pymispMISPOrganisation method) 34pop() (pymispMISPTag method) 32pop() (pymispMISPUser method) 33pop() (pymisptoolsFileObject method) 38pop() (pymisptoolsVTReportObject method) 39popitem() (pymispMISPAttribute method) 27popitem() (pymispMISPEvent method) 25popitem() (pymispMISPObject method) 29popitem() (pymispMISPObjectAttribute method) 30popitem() (pymispMISPObjectReference method) 31popitem() (pymispMISPOrganisation method) 34popitem() (pymispMISPTag method) 32popitem() (pymispMISPUser method) 33popitem() (pymisptoolsFileObject method) 38popitem() (pymisptoolsVTReportObject method) 39publish() (pymispMISPEvent method) 25publish() (pymispPyMISP method) 14push_event_to_ZMQ() (pymispPyMISP method)
14pymisp
module 7PyMISP (class in pymisp) 7pymisptools
module 37pymisptoolsstix
module 40pymisp_version_main() (pymispPyMISP prop-
erty) 15
Rrecommended_pymisp_version()
(pymispPyMISP property) 15remote_acl() (pymispPyMISP method) 15remove_org_from_sharing_group()
(pymispPyMISP method) 15remove_server_from_sharing_group()
(pymispPyMISP method) 15roles() (pymispPyMISP method) 15
Ssearch() (pymispPyMISP method) 15search_feeds() (pymispPyMISP method) 17search_index() (pymispPyMISP method) 18search_logs() (pymispPyMISP method) 18search_sightings() (pymispPyMISP method) 19server_pull() (pymispPyMISP method) 20server_push() (pymispPyMISP method) 20servers() (pymispPyMISP method) 20set_date() (pymispMISPEvent method) 25
48 Index
PyMISP Documentation Release main
set_not_jsonable() (pymispAbstractMISPmethod) 23
set_not_jsonable() (pymispMISPAttributemethod) 27
set_not_jsonable() (pymispMISPEvent method)25
set_not_jsonable() (pymispMISPObjectmethod) 29
set_not_jsonable() (pymispMISPObjectAttributemethod) 30
set_not_jsonable()(pymispMISPObjectReference method)31
set_not_jsonable() (pymispMISPOrganisationmethod) 35
set_not_jsonable() (pymispMISPTag method)32
set_not_jsonable() (pymispMISPUser method)33
set_not_jsonable() (pymisptoolsFileObjectmethod) 38
set_not_jsonable()(pymisptoolsVTReportObject method)39
set_user_setting() (pymispPyMISP method) 20setdefault() (pymispMISPAttribute method) 27setdefault() (pymispMISPEvent method) 25setdefault() (pymispMISPObject method) 29setdefault() (pymispMISPObjectAttribute
method) 30setdefault() (pymispMISPObjectReference
method) 31setdefault() (pymispMISPOrganisation method)
35setdefault() (pymispMISPTag method) 33setdefault() (pymispMISPUser method) 34setdefault() (pymisptoolsFileObject method) 38setdefault() (pymisptoolsVTReportObject
method) 40sharing_groups() (pymispPyMISP method) 20sightings() (pymispPyMISP method) 20
Ttag() (pymispPyMISP method) 20tags() (pymispMISPAttribute property) 27tags() (pymispMISPEvent property) 26tags() (pymispMISPObjectAttribute property) 30tags() (pymispPyMISP method) 20tags_statistics() (pymispPyMISP method) 20taxonomies() (pymispPyMISP method) 20to_dict() (pymispAbstractMISP method) 23to_dict() (pymispMISPAttribute method) 27to_dict() (pymispMISPEvent method) 26to_dict() (pymispMISPObject method) 29
to_dict() (pymispMISPObjectAttribute method) 30to_dict() (pymispMISPObjectReference method) 32to_dict() (pymispMISPOrganisation method) 35to_dict() (pymispMISPTag method) 33to_dict() (pymispMISPUser method) 34to_dict() (pymisptoolsFileObject method) 38to_dict() (pymisptoolsVTReportObject method) 40to_feed() (pymispMISPEvent method) 26to_json() (pymispAbstractMISP method) 23to_json() (pymispMISPAttribute method) 27to_json() (pymispMISPEvent method) 26to_json() (pymispMISPObject method) 29to_json() (pymispMISPObjectAttribute method) 31to_json() (pymispMISPObjectReference method) 32to_json() (pymispMISPOrganisation method) 35to_json() (pymispMISPTag method) 33to_json() (pymispMISPUser method) 34to_json() (pymisptoolsFileObject method) 38to_json() (pymisptoolsVTReportObject method) 40toggle_warninglist() (pymispPyMISP method)
20
Uunpublish() (pymispMISPEvent method) 26untag() (pymispPyMISP method) 21update() (pymispMISPAttribute method) 28update() (pymispMISPEvent method) 26update() (pymispMISPObject method) 29update() (pymispMISPObjectAttribute method) 31update() (pymispMISPObjectReference method) 32update() (pymispMISPOrganisation method) 35update() (pymispMISPTag method) 33update() (pymispMISPUser method) 34update() (pymisptoolsFileObject method) 38update() (pymisptoolsVTReportObject method) 40update_attribute() (pymispPyMISP method) 21update_attribute_proposal()
(pymispPyMISP method) 21update_event() (pymispPyMISP method) 21update_event_blacklist() (pymispPyMISP
method) 21update_feed() (pymispPyMISP method) 21update_galaxies() (pymispPyMISP method) 21update_not_jsonable() (pymispAbstractMISP
method) 23update_not_jsonable() (pymispMISPAttribute
method) 28update_not_jsonable() (pymispMISPEvent
method) 26update_not_jsonable() (pymispMISPObject
method) 29update_not_jsonable()
(pymispMISPObjectAttribute method) 31
Index 49
PyMISP Documentation Release main
update_not_jsonable()(pymispMISPObjectReference method)32
update_not_jsonable()(pymispMISPOrganisation method) 35
update_not_jsonable() (pymispMISPTagmethod) 33
update_not_jsonable() (pymispMISPUsermethod) 34
update_not_jsonable() (pymisptoolsFileObjectmethod) 38
update_not_jsonable()(pymisptoolsVTReportObject method)40
update_noticelists() (pymispPyMISP method)21
update_object() (pymispPyMISP method) 21update_object_templates() (pymispPyMISP
method) 21update_organisation() (pymispPyMISP
method) 21update_organisation_blacklist()
(pymispPyMISP method) 21update_server() (pymispPyMISP method) 22update_tag() (pymispPyMISP method) 22update_taxonomies() (pymispPyMISP method)
22update_user() (pymispPyMISP method) 22update_warninglists() (pymispPyMISP
method) 22upload_stix() (pymispPyMISP method) 22user_registrations() (pymispPyMISP method)
22user_settings() (pymispPyMISP method) 22users() (pymispPyMISP method) 22users_statistics() (pymispPyMISP method) 22
Vvalues() (pymispMISPAttribute method) 28values() (pymispMISPEvent method) 26values() (pymispMISPObject method) 29values() (pymispMISPObjectAttribute method) 31values() (pymispMISPObjectReference method) 32values() (pymispMISPOrganisation method) 35values() (pymispMISPTag method) 33values() (pymispMISPUser method) 34values() (pymisptoolsFileObject method) 38values() (pymisptoolsVTReportObject method) 40values_in_warninglist() (pymispPyMISP
method) 22version() (pymispPyMISP property) 22VTReportObject (class in pymisptools) 38
Wwarninglists() (pymispPyMISP method) 22
50 Index
- README
- pymisp
- PyMISP
- PyMISPExpanded (Python 36+ only)
- MISPAbstract
- MISPEncode
- MISPEvent
- MISPAttribute
- MISPObject
- MISPObjectAttribute
- MISPObjectReference
- MISPTag
- MISPUser
- MISPOrganisation
- pymisp - Tools
- File Object
- ELF Object
- PE Object
- Mach-O Object
- VT Report Object
- STIX
- OpenIOC
- Indices and tables
- Python Module Index
- Index
PyMISP Documentation Release main
add_event(event pythonify=False)Add a new event on a MISP instance
Return type Union[Dict MISPEvent]
add_event_blacklist(uuids comment=None event_info=None event_orgc=None)Add a new event in the blacklist
Return type Dict
add_feed(feed pythonify=False)Add a new feed on a MISP instance
Return type Union[Dict MISPFeed]
add_object(event misp_object pythonify=False)Add a MISP Object to an existing MISP event
Return type Union[Dict MISPObject]
add_object_reference(misp_object_reference pythonify=False)Add a reference to an object
Return type Union[Dict MISPObjectReference]
add_org_to_sharing_group(sharing_group organisation extend=False)Add an organisation to a sharing group sharing_group Sharing grouprsquos local instance ID or Sharinggrouprsquos global UUID organisation Organisationrsquos local instance ID or Organisationrsquos global UUID orOrganisationrsquos name as known to the curent instance extend Allow the organisation to extend the group
Return type Dict
add_organisation(organisation pythonify=False)Add an organisation
Return type Union[Dict MISPOrganisation]
add_organisation_blacklist(uuids comment=None org_name=None)Add a new organisation in the blacklist
Return type Dict
add_server(server pythonify=False)Add a server to synchronise with Note You probably want to use ExpandedPyMISPget_sync_config andExpandedPyMISPimport_server instead
Return type Union[Dict MISPServer]
add_server_to_sharing_group(sharing_group server all_orgs=False)Add a server to a sharing group sharing_group Sharing grouprsquos local instance ID or Sharing grouprsquosglobal UUID server Serverrsquos local instance ID or URL of the Server or Serverrsquos name as known to thecurent instance all_orgs Add all the organisations of the server to the group
Return type Dict
add_sharing_group(sharing_group pythonify=False)Add a new sharing group
Return type Union[Dict MISPSharingGroup]
add_sighting(sighting attribute=None pythonify=False)Add a new sighting (globally or to a specific attribute)
Return type Union[Dict MISPSighting]
8 Chapter 2 pymisp
PyMISP Documentation Release main
add_tag(tag pythonify=False)Add a new tag on a MISP instance Notes
bull The user calling this method needs the Tag Editor permission
bull It doesnrsquot add a tag to an event simply create it on a MISP instance
Return type Union[Dict MISPTag]
add_user(user pythonify=False)Add a new user
Return type Union[Dict MISPUser]
attributes_statistics(context=type percentage=False)Get attributes statistics from the MISP instance
Return type Dict
build_complex_query(or_parameters=None and_parameters=None not_parameters=None)Build a complex search query MISP expects a dictionary with AND OR and NOT keys
Return type Dict[str List[~SearchType]]
cache_all_feeds()Cache all the feeds
Return type Dict
cache_feed(feed)Cache a specific feed
Return type Dict
cache_freetext_feeds()Cache all the freetext feeds
Return type Dict
cache_misp_feeds()Cache all the MISP feeds
Return type Dict
change_sharing_group_on_entity(misp_entity sharing_group_id pythonify=False)Change the sharing group of an event an attribute or an object
Return type Union[Dict MISPEvent MISPObject MISPAttributeMISPShadowAttribute]
change_user_password(new_password)Thange the password of the curent user
Return type Dict
communities(pythonify=False)Get all the communities
Return type Union[Dict List[MISPCommunity]]
compare_feeds()Generate the comparison matrix for all the MISP feeds
Return type Dict
21 PyMISP 9
PyMISP Documentation Release main
contact_event_reporter(event message)Send a message to the reporter of an event
Return type Dict
delegate_event(event=None organisation=None event_delegation=None distribution=- 1 mes-sage= pythonify=False)
Note distribution == -1 means recipient decides
Return type Union[Dict MISPEventDelegation]
delete_attribute(attribute hard=False)Delete an attribute from a MISP instance
Return type Dict
delete_attribute_proposal(attribute)Propose the deletion of an attribute
Return type Dict
delete_event(event)Delete an event from a MISP instance
Return type Dict
delete_event_blacklist(event_blacklist)Delete a blacklisted event
Return type Dict
delete_feed(feed)Delete a feed from a MISP instance
Return type Dict
delete_object(misp_object)Delete an object from a MISP instance
Return type Dict
delete_object_reference(object_reference)Delete a reference to an object
Return type Dict
delete_organisation(organisation)Delete an organisation
Return type Dict
delete_organisation_blacklist(organisation_blacklist)Delete a blacklisted organisation
Return type Dict
delete_server(server)Delete a sync server
Return type Dict
delete_sharing_group(sharing_group)Delete a sharing group
Return type Dict
10 Chapter 2 pymisp
PyMISP Documentation Release main
delete_sighting(sighting)Delete a sighting from a MISP instance
Return type Dict
delete_tag(tag)Delete an attribute from a MISP instance
Return type Dict
delete_user(user)Delete a user
Return type Dict
delete_user_setting(user_setting user=None)Delete a user setting
Return type Dict
property describe_types_localReturns the content of describe types from the package
Return type Dict
property describe_types_remoteReturns the content of describe types from the remote instance
Return type Dict
direct_call(url data=None params= kw_params=)Very lightweight call that posts a data blob (python dictionary or json string) on the URL
Return type Any
disable_feed(feed pythonify=False)Disable a feed
Return type Union[Dict MISPFeed]
disable_feed_cache(feed pythonify=False)Disable the caching of a feed
Return type Union[Dict MISPFeed]
disable_noticelist(noticelist)Disable a noticelist by id
Return type Dict
disable_tag(tag pythonify=False)Disable a tag
Return type Union[Dict MISPTag]
disable_taxonomy(taxonomy)Disable a taxonomy
Return type Dict
disable_taxonomy_tags(taxonomy)Disable all the tags of a taxonomy
Return type Dict
disable_warninglist(warninglist)Disable a warninglist
21 PyMISP 11
PyMISP Documentation Release main
Return type Dict
discard_attribute_proposal(proposal)Discard a proposal
Return type Dict
enable_feed(feed pythonify=False)Enable a feed (fetching it will create event(s)
Return type Union[Dict MISPFeed]
enable_feed_cache(feed pythonify=False)Enable the caching of a feed
Return type Union[Dict MISPFeed]
enable_noticelist(noticelist)Enable a noticelist by id
Return type Dict
enable_tag(tag pythonify=False)Enable a tag
Return type Union[Dict MISPTag]
enable_taxonomy(taxonomy)Enable a taxonomy
Return type Dict
enable_taxonomy_tags(taxonomy)Enable all the tags of a taxonomy NOTE this automatically done when you call enable_taxonomy
Return type Dict
enable_warninglist(warninglist)Enable a warninglist
Return type Dict
event_blacklists(pythonify=False)Get all the blacklisted events
Return type Union[Dict List[MISPEventBlacklist]]
event_delegations(pythonify=False)Get all the event delegations
Return type Union[Dict List[MISPEventDelegation]]
feeds(pythonify=False)Get the list of existing feeds
Return type Union[Dict List[MISPFeed]]
fetch_feed(feed)Fetch one single feed
Return type Dict
freetext(event string adhereToWarninglists=False distribution=None returnMetaAttributes=Falsepythonify=False kwargs)
Pass a text to the freetext importer
Return type Union[Dict List[MISPAttribute]]
12 Chapter 2 pymisp
PyMISP Documentation Release main
galaxies(pythonify=False)Get all the galaxies
Return type Union[Dict List[MISPGalaxy]]
get_all_functions(not_implemented=False)Get all methods available vi the API allow to get the ones that are not implemented
get_attribute(attribute pythonify=False)Get an attribute from a MISP instance
Return type Union[Dict MISPAttribute]
get_community(community pythonify=False)Get an community from a MISP instance
Return type Union[Dict MISPCommunity]
get_event(event deleted=False extended=False pythonify=False)Get an event from a MISP instance
Return type Union[Dict MISPEvent]
get_feed(feed pythonify=False)Get a feed by id
Return type Union[Dict MISPFeed]
get_galaxy(galaxy pythonify=False)Get a galaxy by id
Return type Union[Dict MISPGalaxy]
get_noticelist(noticelist pythonify=False)Get a noticelist by id
Return type Union[Dict MISPNoticelist]
get_object(misp_object pythonify=False)Get an object from the remote MISP instance
Return type Union[Dict MISPObject]
get_object_template(object_template pythonify=False)Gets the full object template corresponting the UUID passed as parameter
Return type Union[Dict MISPObjectTemplate]
get_organisation(organisation pythonify=False)Get an organisation
Return type Union[Dict MISPOrganisation]
get_sync_config(pythonify=False)WARNING This method only works if the user calling it is a sync user
Return type Union[Dict MISPServer]
get_tag(tag pythonify=False)Get a tag by id
Return type Union[Dict MISPTag]
get_taxonomy(taxonomy pythonify=False)Get a taxonomy from a MISP instance
Return type Union[Dict MISPTaxonomy]
21 PyMISP 13
PyMISP Documentation Release main
get_user(user=me pythonify=False expanded=False)Get a user me means the owner of the API key doing the query expanded also returns a MISPRole and aMISPUserSetting
Return type Union[Dict MISPUser Tuple[MISPUser MISPRoleList[MISPUserSetting]]]
get_user_setting(user_setting user=None pythonify=False)Get an user setting
Return type Union[Dict MISPUserSetting]
get_warninglist(warninglist pythonify=False)Get a warninglist
Return type Union[Dict MISPWarninglist]
import_server(server pythonify=False)Import a sync server config received from get_sync_config
Return type Union[Dict MISPServer]
load_default_feeds()Load all the default feeds
Return type Dict
property misp_instance_versionReturns the version of the instance
Return type Dict
property misp_instance_version_masterGet the most recent version from github
Return type Dict
noticelists(pythonify=False)Get all the noticelists
Return type Union[Dict List[MISPNoticelist]]
object_templates(pythonify=False)Get all the object templates
Return type Union[Dict List[MISPObjectTemplate]]
organisation_blacklists(pythonify=False)Get all the blacklisted organisations
Return type Union[Dict List[MISPOrganisationBlacklist]]
organisations(scope=local pythonify=False)Get all the organisations
Return type Union[Dict List[MISPOrganisation]]
publish(event alert=False)Publish the event with one single HTTP POST The default is to not send a mail as it is assumed thismethod is called on update
Return type Dict
push_event_to_ZMQ(event)Force push an event on ZMQ
14 Chapter 2 pymisp
PyMISP Documentation Release main
Return type Dict
property pymisp_version_mainGet the most recent version of PyMISP from github
Return type Dict
property recommended_pymisp_versionReturns the recommended API version from the server
Return type Dict
remote_acl(debug_type=findMissingFunctionNames)This should return an empty list unless the ACL is outdated debug_type can only be printAllFunction-Names findMissingFunctionNames or printRoleAccess
Return type Dict
remove_org_from_sharing_group(sharing_group organisation)Remove an organisation from a sharing group sharing_group Sharing grouprsquos local instance ID orSharing grouprsquos global UUID organisation Organisationrsquos local instance ID or Organisationrsquos globalUUID or Organisationrsquos name as known to the curent instance
Return type Dict
remove_server_from_sharing_group(sharing_group server)Remove a server from a sharing group sharing_group Sharing grouprsquos local instance ID or Sharinggrouprsquos global UUID server Serverrsquos local instance ID or URL of the Server or Serverrsquos name as knownto the curent instance
Return type Dict
roles(pythonify=False)Get the existing roles
Return type Union[Dict List[MISPRole]]
search(controller=events return_format=json limit=None page=None value=Nonetype_attribute=None category=None org=None tags=None quick_filter=None quick-Filter=None date_from=None date_to=None eventid=None with_attachments=NonewithAttachments=None metadata=None uuid=None publish_timestamp=Nonelast=None timestamp=None published=None enforce_warninglist=None enforceWarn-inglist=None to_ids=None deleted=None include_event_uuid=None includeEventU-uid=None include_event_tags=None includeEventTags=None event_timestamp=Nonesg_reference_only=None eventinfo=None searchall=None requested_attributes=None in-clude_context=None includeContext=None headerless=None include_sightings=NoneincludeSightings=None include_correlations=None includeCorrelations=None in-clude_decay_score=None includeDecayScore=None object_name=None pythonify=Falsekwargs)
Search in the MISP instance
Parameters
bull return_format (str) ndash Set the return format of the search (Currently supported jsonxml openioc suricata snort - more formats are being moved to restSearch with the goalbeing that all searches happen through this API) Can be passed as the first parameter afterrestSearch or via the JSON payload
bull limit (Optional[int]) ndash Limit the number of results returned depending on thescope (for example 10 attributes or 10 full events)
bull page (Optional[int]) ndash If a limit is set sets the page to be returned page 3 limit 100will return records 201-gt300)
21 PyMISP 15
PyMISP Documentation Release main
bull value (Optional[~SearchParameterTypes]) ndash Search for the given value in the at-tributesrsquo value field
bull type_attribute (Optional[~SearchParameterTypes]) ndash The attribute type anyvalid MISP attribute type is accepted
bull category (Optional[~SearchParameterTypes]) ndash The attribute category any validMISP attribute category is accepted
bull org (Optional[~SearchParameterTypes]) ndash Search by the creator organisation by sup-plying the organisation identifier
bull tags (Optional[~SearchParameterTypes]) ndash Tags to search or to exclude You canpass a list or the output of build_complex_query
bull quick_filter (Optional[str]) ndash The string passed to this field will ignore all ofthe other arguments MISP will return an xml json (depending on the header sent) of allevents that have a sub-string match on value in the event info event orgc or any of theattribute value1 value2 fields or in the attribute comment
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull eventid (Optional[~SearchType]) ndash The events that should be included excludedfrom the search
bull with_attachments (Optional[bool]) ndash If set encodes the attachments zippedmalware samples as base64 in the data field within each attribute
bull metadata (Optional[bool]) ndash Only the metadata (event tags relations) is returnedattributes and proposals are omitted
bull uuid (Optional[str]) ndash Restrict the results by uuid
bull publish_timestamp (Union[date int str float NoneTuple[Union[date int str float None] Union[date int str floatNone]]]) ndash Restrict the results by the last publish timestamp (newer than)
bull timestamp (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash Restrict the resultsby the timestamp (last edit) Any event with a timestamp newer than the given timestampwill be returned In case you are dealing with attributes as scope the attributersquos timestampwill be used for the lookup
bull published (Optional[bool]) ndash Set whether published or unpublished events shouldbe returned Do not set the parameter if you want both
bull enforce_warninglist (Optional[bool]) ndash Remove any attributes from the resultthat would cause a hit on a warninglist entry
bull to_ids (Union[~ToIDSType List[~ToIDSType] None]) ndash By default all attributesare returned that match the other filter parameters irregardless of their to_ids setting Torestrict the returned data set to to_ids only attributes set this parameter to 1 0 for the oneswith to_ids set to False
bull deleted (Optional[str]) ndash If this parameter is set to 1 it will only return soft-deletedattributes [ldquo0rdquo ldquo1rdquo] will return the active ones as well as the soft-deleted ones
bull include_event_uuid (Optional[bool]) ndash Instead of just including the event IDalso include the event UUID in each of the attributes
16 Chapter 2 pymisp
PyMISP Documentation Release main
bull include_event_tags (Optional[bool]) ndash Include the event level tags in each ofthe attributes
bull event_timestamp (Union[date int str float None]) ndash Only return at-tributes from events that have received a modification after the given timestamp
bull sg_reference_only (Optional[bool]) ndash If this flag is set sharing group objectswill not be included instead only the sharing group ID is set
bull eventinfo (Optional[str]) ndash Filter on the eventrsquos info field
bull searchall (Optional[bool]) ndash Search for a full or a substring (delimited by forsubstrings) in the event info event tags attribute tags attribute values or attribute commentfields
bull requested_attributes (Optional[str]) ndash [CSV only] Select the fields that youwish to include in the CSV export By setting event level fields additionally includeCon-text is not required to get event metadata
bull include_context (Optional[bool]) ndash [Attribute only] Include the event data witheach attribute [CSV output] Add event level metadata in every line of the CSV
bull headerless (Optional[bool]) ndash [CSV Only] The CSV created when this setting isset to true will not contain the header row
bull include_sightings (Optional[bool]) ndash [JSON Only - Attribute] Include thesightings of the matching attributes
bull include_decay_score (Optional[bool]) ndash Include the decay score at attributelevel
bull include_correlations (Optional[bool]) ndash [JSON Only - attribute] Include thecorrelations of the matching attributes
bull object_name (Optional[str]) ndash [objects controller only] Search for objects withthat name
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead of the plainjson output Warning it might use a lot of RAM
Deprecated
Parameters
bull quickFilter (Optional[str]) ndash synponym for quick_filter
bull withAttachments (Optional[bool]) ndash synonym for with_attachments
bull last (Union[date int str float None Tuple[Union[date int strfloat None] Union[date int str float None]]]) ndash synonym for pub-lish_timestamp
bull enforceWarninglist (Optional[bool]) ndash synonym for enforce_warninglist
bull includeEventUuid (Optional[bool]) ndash synonym for include_event_uuid
bull includeEventTags (Optional[bool]) ndash synonym for include_event_tags
bull includeContext (Optional[bool]) ndash synonym for include_context
Return type Union[Dict str List[Union[MISPEvent MISPAttributeMISPObject]]]
search_feeds(value=None pythonify=False)Search in the feeds cached on the servers
21 PyMISP 17
PyMISP Documentation Release main
Return type Union[Dict List[MISPFeed]]
search_index(published=None eventid=None tags=None date_from=None date_to=Noneeventinfo=None threatlevel=None distribution=None analysis=None org=Nonetimestamp=None pythonify=None)
Search only at the index level Using in front of a value means NOT (default is OR)
Parameters
bull published (Optional[bool]) ndash Set whether published or unpublished events shouldbe returned Do not set the parameter if you want both
bull eventid (Optional[~SearchType]) ndash The events that should be included excludedfrom the search
bull tags (Optional[~SearchParameterTypes]) ndash Tags to search or to exclude You canpass a list or the output of build_complex_query
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull eventinfo (Optional[str]) ndash Filter on the eventrsquos info field
bull threatlevel (Optional[List[~SearchType]]) ndash Threat level(s) (1234) | list
bull distribution (Optional[List[~SearchType]]) ndash Distribution level(s) (0123) |list
bull analysis (Optional[List[~SearchType]]) ndash Analysis level(s) (012) | list
bull org (Optional[~SearchParameterTypes]) ndash Search by the creator organisation by sup-plying the organisation identifier
bull timestamp (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash Restrict the resultsby the timestamp (last edit) Any event with a timestamp newer than the given timestampwill be returned In case you are dealing with attributes as scope the attributersquos timestampwill be used for the lookup
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead or the plainjson output Warning it might use a lot of RAM
Return type Union[Dict List[MISPEvent]]
search_logs(limit=None page=None log_id=None title=None created=None model=None ac-tion=None user_id=None change=None email=None org=None description=Noneip=None pythonify=False)
Search in logs
Note to run substring queries simply appendprependencapsulate the search term with
Parameters
bull limit (Optional[int]) ndash Limit the number of results returned depending on thescope (for example 10 attributes or 10 full events)
bull page (Optional[int]) ndash If a limit is set sets the page to be returned page 3 limit 100will return records 201-gt300)
bull log_id (Optional[int]) ndash Log ID
bull title (Optional[str]) ndash Log Title
18 Chapter 2 pymisp
PyMISP Documentation Release main
bull created (Union[date int str float None]) ndash Creation timestamp
bull model (Optional[str]) ndash Model name that generated the log entry
bull action (Optional[str]) ndash The thing that was done
bull user_id (Optional[int]) ndash ID of the user doing the action
bull change (Optional[str]) ndash Change that occured
bull email (Optional[str]) ndash Email of the user
bull org (Optional[str]) ndash Organisation of the User doing the action
bull description (Optional[str]) ndash Description of the action
bull ip (Optional[str]) ndash Origination IP of the User doing the action
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead or the plainjson output Warning it might use a lot of RAM
Return type Union[Dict List[MISPLog]]
search_sightings(context=None context_id=None type_sighting=None date_from=Nonedate_to=None publish_timestamp=None last=None org=None source=Noneinclude_attribute=None include_event_meta=None pythonify=False)
Search sightings
Parameters
bull context (Optional[str]) ndash The context of the search Can be either ldquoattributerdquoldquoeventrdquo or nothing (will then match on events and attributes)
bull context_id (Optional[~SearchType]) ndash Only relevant if context is either ldquoattributerdquoor ldquoeventrdquo Then it is the relevant ID
bull type_sighting (Optional[str]) ndash Type of sighting
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull publish_timestamp (Union[date int str float NoneTuple[Union[date int str float None] Union[date int str floatNone]]]) ndash Restrict the results by the last publish timestamp (newer than)
bull org (Optional[~SearchType]) ndash Search by the creator organisation by supplying theorganisation identifier
bull source (Optional[str]) ndash Source of the sighting
bull include_attribute (Optional[bool]) ndash Include the attribute
bull include_event_meta (Optional[bool]) ndash Include the meta information of theevent
Deprecated
Parameters last (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash synonym for pub-lish_timestamp
Example
21 PyMISP 19
PyMISP Documentation Release main
gtgtgt mispsearch_sightings(publish_timestamp=30d) search sightings for therarr˓last 30 days on the instance[ ]gtgtgt mispsearch_sightings(context=attribute context_id=6 include_rarr˓attribute=True) return list of sighting for attribute 6 along with therarr˓attribute itself[ ]gtgtgt mispsearch_sightings(context=event context_id=17 include_event_rarr˓meta=True org=2) return list of sighting for event 17 filtered with orgrarr˓id 2
Return type Union[Dict List[Dict[str Union[MISPEvent MISPAttributeMISPSighting]]]]
server_pull(server event=None)Initialize a pull from a sync server
Return type Dict
server_push(server event=None)Initialize a push to a sync server
Return type Dict
servers(pythonify=False)Get the existing servers the MISP instance can synchronise with
Return type Union[Dict List[MISPServer]]
set_user_setting(user_setting value user=None pythonify=False)Get an user setting
Return type Union[Dict MISPUserSetting]
sharing_groups(pythonify=False)Get the existing sharing groups
Return type Union[Dict List[MISPSharingGroup]]
sightings(misp_entity=None org=None pythonify=False)Get the list of sighting related to a MISPEvent or a MISPAttribute (depending on type of misp_entity)
Return type Union[Dict List[MISPSighting]]
tag(misp_entity tag local=False)Tag an event or an attribute misp_entity can be a MISPEvent a MISP Attribute or a UUID
Return type Dict
tags(pythonify=False)Get the list of existing tags
Return type Union[Dict List[MISPTag]]
tags_statistics(percentage=False name_sort=False)Get tags statistics from the MISP instance
Return type Dict
taxonomies(pythonify=False)Get all the taxonomies
Return type Union[Dict List[MISPTaxonomy]]
20 Chapter 2 pymisp
PyMISP Documentation Release main
toggle_warninglist(warninglist_id=None warninglist_name=None force_enable=False)Toggle (enabledisable) the status of a warninglist by ID type warninglist_id Union[str intList[int] None] param warninglist_id ID of the WarningList type force_enable bool paramforce_enable Force the warning list in the enabled state (does nothing is already enabled)
Return type Dict
untag(misp_entity tag)Untag an event or an attribute misp_entity can be a UUID
Return type Dict
update_attribute(attribute attribute_id=None pythonify=False)Update an attribute on a MISP instance
Return type Union[Dict MISPAttribute MISPShadowAttribute]
update_attribute_proposal(initial_attribute attribute pythonify=False)Propose a change for an attribute
Return type Union[Dict MISPShadowAttribute]
update_event(event event_id=None pythonify=False)Update an event on a MISP instance
Return type Union[Dict MISPEvent]
update_event_blacklist(event_blacklist event_blacklist_id=None pythonify=False)Update an event in the blacklist
Return type Union[Dict MISPEventBlacklist]
update_feed(feed feed_id=None pythonify=False)Update a feed on a MISP instance
Return type Union[Dict MISPFeed]
update_galaxies()Update all the galaxies
Return type Dict
update_noticelists()Update all the noticelists
Return type Dict
update_object(misp_object object_id=None pythonify=False)Update an object on a MISP instance
Return type Union[Dict MISPObject]
update_object_templates()Trigger an update of the object templates
Return type Dict
update_organisation(organisation organisation_id=None pythonify=False)Update an organisation
Return type Union[Dict MISPOrganisation]
update_organisation_blacklist(organisation_blacklist organisation_blacklist_id=Nonepythonify=False)
Update an organisation in the blacklist
Return type Union[Dict MISPOrganisationBlacklist]
21 PyMISP 21
PyMISP Documentation Release main
update_server(server server_id=None pythonify=False)Update a server to synchronise with
Return type Union[Dict MISPServer]
update_tag(tag tag_id=None pythonify=False)Edit only the provided parameters of a tag
Return type Union[Dict MISPTag]
update_taxonomies()Update all the taxonomies
Return type Dict
update_user(user user_id=None pythonify=False)Update an event on a MISP instance
Return type Union[Dict MISPUser]
update_warninglists()Update all the warninglists
Return type Dict
upload_stix(path version=2)Upload a STIX file to MISP param path Path to the STIX on the disk (can be a path-like object or apseudofile) type version str param version Can be 1 or 2
user_registrations(pythonify=False)Get all the user registrations
Return type Union[Dict List[MISPInbox]]
user_settings(pythonify=False)Get all the user settings
Return type Union[Dict List[MISPUserSetting]]
users(pythonify=False)Get all the users
Return type Union[Dict List[MISPUser]]
users_statistics(context=data)Get users statistics from the MISP instance
Return type Dict
values_in_warninglist(value)Check if IOC values are in warninglist
Return type Dict
property versionReturns the version of PyMISP yoursquore curently using
Return type Dict
warninglists(pythonify=False)Get all the warninglists
Return type Union[Dict List[MISPWarninglist]]
22 Chapter 2 pymisp
PyMISP Documentation Release main
22 PyMISPExpanded (Python 36+ only)
pymispExpandedPyMISPalias of pymispapiPyMISP
23 MISPAbstract
class pymispAbstractMISP(kwargs)
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
Return type None
from_json(json_string)Load a JSON string
Return type None
jsonable()This method is used by the JSON encoder
Return type Dict
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
22 PyMISPExpanded (Python 36+ only) 23
PyMISP Documentation Release main
24 MISPEncode
class pymispMISPEncode(args kwargs)
default(obj)Implement this method in a subclass such that it returns a serializable object for o or calls the baseimplementation (to raise a TypeError)
For example to support arbitrary iterators you could implement default like this
def default(self o)try
iterable = iter(o)except TypeError
passelse
return list(iterable) Let the base class default method raise the TypeErrorreturn JSONEncoderdefault(self o)
25 MISPEvent
class pymispMISPEvent(describe_types=None strict_validation=False kwargs)
add_attribute(type value kwargs)Add an attribute type and value are required but you can pass all other parameters supported by MISPAt-tribute
Return type Union[MISPAttribute List[MISPAttribute]]
add_attribute_tag(tag attribute_identifier)Add a tag to an existing attribute raise an Exception if the attribute doesnrsquot exists tag Tag name as astring MISPTag instance or dictionary attribute_identifier can be an ID UUID or the value
Return type List[MISPAttribute]
add_object(obj=None kwargs)Add an object to the Event either by passing a MISPObject or a dictionary
Return type MISPObject
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a tag to the attribute (by name or a MISPTag object)
Return type MISPShadowAttribute
clear()rarr None Remove all items from D
delete_attribute(attribute_id)Delete an attribute you can search by ID or UUID
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
24 Chapter 2 pymisp
PyMISP Documentation Release main
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attribute_tag(attribute_identifier)Return the tags associated to an attribute or an object attribute attribute_identifier can be an ID UUIDor the value
Return type List[MISPTag]
get_object_by_id(object_id)Get an object by ID (the ID is the one set by the server when creating the new object)
Return type MISPObject
get_object_by_uuid(object_uuid)Get an object by UUID (UUID is set by the server when creating the new object)
Return type MISPObject
get_objects_by_name(object_name)Get an object by UUID (UUID is set by the server when creating the new object)
Return type List[MISPObject]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
load(json_event validate=False metadata_only=False)Load a JSON dump from a pseudo file or a JSON string
load_file(event_path validate=False metadata_only=False)Load a JSON dump from a file on the disk
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
publish()Mark the attribute as published
set_date(d=None ignore_invalid=False)Set a date for the event (string datetime or date object)
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
25 MISPEvent 25
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Event
Return type List[MISPTag]
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_feed(valid_distributions=[0 1 2 3 4 5] with_meta=False)Generate a json output for MISP Feed Notes
bull valid_distributions only makes sense if the distribution key is set (ie the event is exported from aMISP instance)
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
unpublish()Mark the attribute as un-published (set publish flag to false)
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
26 MISPAttribute
class pymispMISPAttribute(describe_types=None strict=False)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
26 Chapter 2 pymisp
PyMISP Documentation Release main
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
26 MISPAttribute 27
PyMISP Documentation Release main
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
27 MISPObject
class pymispMISPObject(name strict=False standalone=True default_attributes_parameters=kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
28 Chapter 2 pymisp
PyMISP Documentation Release main
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
28 MISPObjectAttribute
class pymispMISPObjectAttribute(definition)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
28 MISPObjectAttribute 29
PyMISP Documentation Release main
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(object_relation value kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
30 Chapter 2 pymisp
PyMISP Documentation Release main
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
29 MISPObjectReference
class pymispMISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
29 MISPObjectReference 31
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
210 MISPTag
class pymispMISPTag(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
32 Chapter 2 pymisp
PyMISP Documentation Release main
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
211 MISPUser
class pymispMISPUser(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
211 MISPUser 33
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation
class pymispMISPOrganisation
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
34 Chapter 2 pymisp
PyMISP Documentation Release main
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation 35
PyMISP Documentation Release main
36 Chapter 2 pymisp
CHAPTER
THREE
PYMISP - TOOLS
31 File Object
class pymisptoolsFileObject(filepath=None pseudofile=None filename=None kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Contains the logic where all the values of the object are gathered
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
37
PyMISP Documentation Release main
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
32 ELF Object
33 PE Object
34 Mach-O Object
35 VT Report Object
class pymisptoolsVTReportObject(apikey indicator vt_proxies=None kwargs)VirusTotal Report
Apikey VirusTotal API key (private works but only public features are supported right now)
38 Chapter 3 pymisp - Tools
PyMISP Documentation Release main
Indicator IOC to search VirusTotal for
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Parse the VirusTotal report for relevant attributes
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
35 VT Report Object 39
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
36 STIX
pymisptoolsstixload_stix(stix distribution=3 threat_level_id=2 analysis=0)Returns a MISPEvent object from a STIX package
pymisptoolsstixmake_stix_package(misp_event to_json=False to_xml=False)Returns a STIXPackage from a MISPEvent
Optionally can return the package in json or xml
37 OpenIOC
toolsload_openioc()
toolsload_openioc_file()
40 Chapter 3 pymisp - Tools
CHAPTER
FOUR
INDICES AND TABLES
bull genindex
bull modindex
bull search
41
PyMISP Documentation Release main
42 Chapter 4 Indices and tables
PYTHON MODULE INDEX
ppymisp 7pymisptools 37pymisptoolsstix 40
43
PyMISP Documentation Release main
44 Python Module Index
INDEX
AAbstractMISP (class in pymisp) 23accept_attribute_proposal()
(pymispPyMISP method) 7add_attribute() (pymispMISPEvent method) 24add_attribute() (pymispMISPObject method) 28add_attribute() (pymispPyMISP method) 7add_attribute() (pymisptoolsFileObject method)
37add_attribute() (pymisptoolsVTReportObject
method) 39add_attribute_proposal() (pymispPyMISP
method) 7add_attribute_tag() (pymispMISPEvent
method) 24add_attributes() (pymispMISPObject method)
28add_attributes() (pymisptoolsFileObject
method) 37add_attributes() (pymisptoolsVTReportObject
method) 39add_event() (pymispPyMISP method) 7add_event_blacklist() (pymispPyMISP
method) 8add_feed() (pymispPyMISP method) 8add_object() (pymispMISPEvent method) 24add_object() (pymispPyMISP method) 8add_object_reference() (pymispPyMISP
method) 8add_org_to_sharing_group() (pymispPyMISP
method) 8add_organisation() (pymispPyMISP method) 8add_organisation_blacklist()
(pymispPyMISP method) 8add_proposal() (pymispMISPAttribute method) 26add_proposal() (pymispMISPEvent method) 24add_proposal() (pymispMISPObjectAttribute
method) 29add_reference() (pymispMISPObject method) 28add_reference() (pymisptoolsFileObject method)
37add_reference() (pymisptoolsVTReportObject
method) 39add_server() (pymispPyMISP method) 8add_server_to_sharing_group()
(pymispPyMISP method) 8add_shadow_attribute() (pymispMISPAttribute
method) 26add_shadow_attribute() (pymispMISPEvent
method) 24add_shadow_attribute()
(pymispMISPObjectAttribute method) 29add_sharing_group() (pymispPyMISP method) 8add_sighting() (pymispMISPAttribute method) 26add_sighting() (pymispMISPObjectAttribute
method) 29add_sighting() (pymispPyMISP method) 8add_tag() (pymispPyMISP method) 8add_user() (pymispPyMISP method) 9attributes_statistics() (pymispPyMISP
method) 9
Bbuild_complex_query() (pymispPyMISP
method) 9
Ccache_all_feeds() (pymispPyMISP method) 9cache_feed() (pymispPyMISP method) 9cache_freetext_feeds() (pymispPyMISP
method) 9cache_misp_feeds() (pymispPyMISP method) 9change_sharing_group_on_entity()
(pymispPyMISP method) 9change_user_password() (pymispPyMISP
method) 9clear() (pymispMISPAttribute method) 26clear() (pymispMISPEvent method) 24clear() (pymispMISPObject method) 28clear() (pymispMISPObjectAttribute method) 29clear() (pymispMISPObjectReference method) 31clear() (pymispMISPOrganisation method) 34clear() (pymispMISPTag method) 32clear() (pymispMISPUser method) 33
45
PyMISP Documentation Release main
clear() (pymisptoolsFileObject method) 37clear() (pymisptoolsVTReportObject method) 39communities() (pymispPyMISP method) 9compare_feeds() (pymispPyMISP method) 9contact_event_reporter() (pymispPyMISP
method) 9
Ddefault() (pymispMISPEncode method) 24delegate_event() (pymispPyMISP method) 10delete() (pymispMISPAttribute method) 26delete() (pymispMISPObjectAttribute method) 30delete_attribute() (pymispMISPEvent method)
24delete_attribute() (pymispPyMISP method) 10delete_attribute_proposal()
(pymispPyMISP method) 10delete_event() (pymispPyMISP method) 10delete_event_blacklist() (pymispPyMISP
method) 10delete_feed() (pymispPyMISP method) 10delete_object() (pymispPyMISP method) 10delete_object_reference() (pymispPyMISP
method) 10delete_organisation() (pymispPyMISP
method) 10delete_organisation_blacklist()
(pymispPyMISP method) 10delete_server() (pymispPyMISP method) 10delete_sharing_group() (pymispPyMISP
method) 10delete_sighting() (pymispPyMISP method) 10delete_tag() (pymispPyMISP method) 11delete_user() (pymispPyMISP method) 11delete_user_setting() (pymispPyMISP
method) 11describe_types_local() (pymispPyMISP prop-
erty) 11describe_types_remote() (pymispPyMISP
property) 11direct_call() (pymispPyMISP method) 11disable_feed() (pymispPyMISP method) 11disable_feed_cache() (pymispPyMISP method)
11disable_noticelist() (pymispPyMISP method)
11disable_tag() (pymispPyMISP method) 11disable_taxonomy() (pymispPyMISP method) 11disable_taxonomy_tags() (pymispPyMISP
method) 11disable_warninglist() (pymispPyMISP
method) 11discard_attribute_proposal()
(pymispPyMISP method) 12
Eedited() (pymispAbstractMISP property) 23edited() (pymispMISPAttribute property) 26edited() (pymispMISPEvent property) 24edited() (pymispMISPObject property) 28edited() (pymispMISPObjectAttribute property) 30edited() (pymispMISPObjectReference property) 31edited() (pymispMISPOrganisation property) 34edited() (pymispMISPTag property) 32edited() (pymispMISPUser property) 33edited() (pymisptoolsFileObject property) 37edited() (pymisptoolsVTReportObject property) 39enable_feed() (pymispPyMISP method) 12enable_feed_cache() (pymispPyMISP method)
12enable_noticelist() (pymispPyMISP method)
12enable_tag() (pymispPyMISP method) 12enable_taxonomy() (pymispPyMISP method) 12enable_taxonomy_tags() (pymispPyMISP
method) 12enable_warninglist() (pymispPyMISP method)
12event_blacklists() (pymispPyMISP method) 12event_delegations() (pymispPyMISP method)
12ExpandedPyMISP (in module pymisp) 23
Ffeeds() (pymispPyMISP method) 12fetch_feed() (pymispPyMISP method) 12FileObject (class in pymisptools) 37freetext() (pymispPyMISP method) 12from_dict() (pymispAbstractMISP method) 23from_dict() (pymispMISPAttribute method) 27from_dict() (pymispMISPEvent method) 25from_dict() (pymispMISPObject method) 28from_dict() (pymispMISPObjectAttribute method)
30from_dict() (pymispMISPObjectReference method)
31from_dict() (pymispMISPOrganisation method) 34from_dict() (pymispMISPTag method) 32from_dict() (pymispMISPUser method) 33from_dict() (pymisptoolsFileObject method) 37from_dict() (pymisptoolsVTReportObject method)
39from_json() (pymispAbstractMISP method) 23from_json() (pymispMISPAttribute method) 27from_json() (pymispMISPEvent method) 25from_json() (pymispMISPObject method) 28from_json() (pymispMISPObjectAttribute method)
30
46 Index
PyMISP Documentation Release main
from_json() (pymispMISPObjectReference method)31
from_json() (pymispMISPOrganisation method) 34from_json() (pymispMISPTag method) 32from_json() (pymispMISPUser method) 33from_json() (pymisptoolsFileObject method) 37from_json() (pymisptoolsVTReportObject method)
39
Ggalaxies() (pymispPyMISP method) 12generate_attributes() (pymisptoolsFileObject
method) 37generate_attributes()
(pymisptoolsVTReportObject method)39
get() (pymispMISPAttribute method) 27get() (pymispMISPEvent method) 25get() (pymispMISPObject method) 28get() (pymispMISPObjectAttribute method) 30get() (pymispMISPObjectReference method) 31get() (pymispMISPOrganisation method) 34get() (pymispMISPTag method) 32get() (pymispMISPUser method) 33get() (pymisptoolsFileObject method) 37get() (pymisptoolsVTReportObject method) 39get_all_functions() (pymispPyMISP method)
13get_attribute() (pymispPyMISP method) 13get_attribute_tag() (pymispMISPEvent
method) 25get_attributes_by_relation()
(pymispMISPObject method) 28get_attributes_by_relation()
(pymisptoolsFileObject method) 37get_attributes_by_relation()
(pymisptoolsVTReportObject method)39
get_community() (pymispPyMISP method) 13get_event() (pymispPyMISP method) 13get_feed() (pymispPyMISP method) 13get_galaxy() (pymispPyMISP method) 13get_noticelist() (pymispPyMISP method) 13get_object() (pymispPyMISP method) 13get_object_by_id() (pymispMISPEvent method)
25get_object_by_uuid() (pymispMISPEvent
method) 25get_object_template() (pymispPyMISP
method) 13get_objects_by_name() (pymispMISPEvent
method) 25get_organisation() (pymispPyMISP method) 13get_sync_config() (pymispPyMISP method) 13
get_tag() (pymispPyMISP method) 13get_taxonomy() (pymispPyMISP method) 13get_user() (pymispPyMISP method) 13get_user_setting() (pymispPyMISP method) 14get_warninglist() (pymispPyMISP method) 14
Hhas_attributes_by_relation()
(pymispMISPObject method) 28has_attributes_by_relation()
(pymisptoolsFileObject method) 37has_attributes_by_relation()
(pymisptoolsVTReportObject method)39
hash_values() (pymispMISPAttribute method) 27hash_values() (pymispMISPObjectAttribute
method) 30
Iimport_server() (pymispPyMISP method) 14items() (pymispMISPAttribute method) 27items() (pymispMISPEvent method) 25items() (pymispMISPObject method) 29items() (pymispMISPObjectAttribute method) 30items() (pymispMISPObjectReference method) 31items() (pymispMISPOrganisation method) 34items() (pymispMISPTag method) 32items() (pymispMISPUser method) 33items() (pymisptoolsFileObject method) 38items() (pymisptoolsVTReportObject method) 39
Jjsonable() (pymispAbstractMISP method) 23jsonable() (pymispMISPAttribute method) 27jsonable() (pymispMISPEvent method) 25jsonable() (pymispMISPObject method) 29jsonable() (pymispMISPObjectAttribute method)
30jsonable() (pymispMISPObjectReference method)
31jsonable() (pymispMISPOrganisation method) 34jsonable() (pymispMISPTag method) 32jsonable() (pymispMISPUser method) 33jsonable() (pymisptoolsFileObject method) 38jsonable() (pymisptoolsVTReportObject method)
39
Kkeys() (pymispMISPAttribute method) 27keys() (pymispMISPEvent method) 25keys() (pymispMISPObject method) 29keys() (pymispMISPObjectAttribute method) 30keys() (pymispMISPObjectReference method) 31keys() (pymispMISPOrganisation method) 34
Index 47
PyMISP Documentation Release main
keys() (pymispMISPTag method) 32keys() (pymispMISPUser method) 33keys() (pymisptoolsFileObject method) 38keys() (pymisptoolsVTReportObject method) 39known_types() (pymispMISPAttribute property) 27known_types() (pymispMISPObjectAttribute prop-
erty) 30
Lload() (pymispMISPEvent method) 25load_default_feeds() (pymispPyMISP method)
14load_file() (pymispMISPEvent method) 25load_openioc() (pymisptools method) 40load_openioc_file() (pymisptools method) 40load_stix() (in module pymisptoolsstix) 40
Mmake_stix_package() (in module
pymisptoolsstix) 40malware_binary() (pymispMISPAttribute prop-
erty) 27malware_binary() (pymispMISPObjectAttribute
property) 30misp_instance_version() (pymispPyMISP
property) 14misp_instance_version_master()
(pymispPyMISP property) 14MISPAttribute (class in pymisp) 26MISPEncode (class in pymisp) 24MISPEvent (class in pymisp) 24MISPObject (class in pymisp) 28MISPObjectAttribute (class in pymisp) 29MISPObjectReference (class in pymisp) 31MISPOrganisation (class in pymisp) 34MISPTag (class in pymisp) 32MISPUser (class in pymisp) 33module
pymisp 7pymisptools 37pymisptoolsstix 40
Nnoticelists() (pymispPyMISP method) 14
Oobject_templates() (pymispPyMISP method) 14organisation_blacklists() (pymispPyMISP
method) 14organisations() (pymispPyMISP method) 14
Ppop() (pymispMISPAttribute method) 27
pop() (pymispMISPEvent method) 25pop() (pymispMISPObject method) 29pop() (pymispMISPObjectAttribute method) 30pop() (pymispMISPObjectReference method) 31pop() (pymispMISPOrganisation method) 34pop() (pymispMISPTag method) 32pop() (pymispMISPUser method) 33pop() (pymisptoolsFileObject method) 38pop() (pymisptoolsVTReportObject method) 39popitem() (pymispMISPAttribute method) 27popitem() (pymispMISPEvent method) 25popitem() (pymispMISPObject method) 29popitem() (pymispMISPObjectAttribute method) 30popitem() (pymispMISPObjectReference method) 31popitem() (pymispMISPOrganisation method) 34popitem() (pymispMISPTag method) 32popitem() (pymispMISPUser method) 33popitem() (pymisptoolsFileObject method) 38popitem() (pymisptoolsVTReportObject method) 39publish() (pymispMISPEvent method) 25publish() (pymispPyMISP method) 14push_event_to_ZMQ() (pymispPyMISP method)
14pymisp
module 7PyMISP (class in pymisp) 7pymisptools
module 37pymisptoolsstix
module 40pymisp_version_main() (pymispPyMISP prop-
erty) 15
Rrecommended_pymisp_version()
(pymispPyMISP property) 15remote_acl() (pymispPyMISP method) 15remove_org_from_sharing_group()
(pymispPyMISP method) 15remove_server_from_sharing_group()
(pymispPyMISP method) 15roles() (pymispPyMISP method) 15
Ssearch() (pymispPyMISP method) 15search_feeds() (pymispPyMISP method) 17search_index() (pymispPyMISP method) 18search_logs() (pymispPyMISP method) 18search_sightings() (pymispPyMISP method) 19server_pull() (pymispPyMISP method) 20server_push() (pymispPyMISP method) 20servers() (pymispPyMISP method) 20set_date() (pymispMISPEvent method) 25
48 Index
PyMISP Documentation Release main
set_not_jsonable() (pymispAbstractMISPmethod) 23
set_not_jsonable() (pymispMISPAttributemethod) 27
set_not_jsonable() (pymispMISPEvent method)25
set_not_jsonable() (pymispMISPObjectmethod) 29
set_not_jsonable() (pymispMISPObjectAttributemethod) 30
set_not_jsonable()(pymispMISPObjectReference method)31
set_not_jsonable() (pymispMISPOrganisationmethod) 35
set_not_jsonable() (pymispMISPTag method)32
set_not_jsonable() (pymispMISPUser method)33
set_not_jsonable() (pymisptoolsFileObjectmethod) 38
set_not_jsonable()(pymisptoolsVTReportObject method)39
set_user_setting() (pymispPyMISP method) 20setdefault() (pymispMISPAttribute method) 27setdefault() (pymispMISPEvent method) 25setdefault() (pymispMISPObject method) 29setdefault() (pymispMISPObjectAttribute
method) 30setdefault() (pymispMISPObjectReference
method) 31setdefault() (pymispMISPOrganisation method)
35setdefault() (pymispMISPTag method) 33setdefault() (pymispMISPUser method) 34setdefault() (pymisptoolsFileObject method) 38setdefault() (pymisptoolsVTReportObject
method) 40sharing_groups() (pymispPyMISP method) 20sightings() (pymispPyMISP method) 20
Ttag() (pymispPyMISP method) 20tags() (pymispMISPAttribute property) 27tags() (pymispMISPEvent property) 26tags() (pymispMISPObjectAttribute property) 30tags() (pymispPyMISP method) 20tags_statistics() (pymispPyMISP method) 20taxonomies() (pymispPyMISP method) 20to_dict() (pymispAbstractMISP method) 23to_dict() (pymispMISPAttribute method) 27to_dict() (pymispMISPEvent method) 26to_dict() (pymispMISPObject method) 29
to_dict() (pymispMISPObjectAttribute method) 30to_dict() (pymispMISPObjectReference method) 32to_dict() (pymispMISPOrganisation method) 35to_dict() (pymispMISPTag method) 33to_dict() (pymispMISPUser method) 34to_dict() (pymisptoolsFileObject method) 38to_dict() (pymisptoolsVTReportObject method) 40to_feed() (pymispMISPEvent method) 26to_json() (pymispAbstractMISP method) 23to_json() (pymispMISPAttribute method) 27to_json() (pymispMISPEvent method) 26to_json() (pymispMISPObject method) 29to_json() (pymispMISPObjectAttribute method) 31to_json() (pymispMISPObjectReference method) 32to_json() (pymispMISPOrganisation method) 35to_json() (pymispMISPTag method) 33to_json() (pymispMISPUser method) 34to_json() (pymisptoolsFileObject method) 38to_json() (pymisptoolsVTReportObject method) 40toggle_warninglist() (pymispPyMISP method)
20
Uunpublish() (pymispMISPEvent method) 26untag() (pymispPyMISP method) 21update() (pymispMISPAttribute method) 28update() (pymispMISPEvent method) 26update() (pymispMISPObject method) 29update() (pymispMISPObjectAttribute method) 31update() (pymispMISPObjectReference method) 32update() (pymispMISPOrganisation method) 35update() (pymispMISPTag method) 33update() (pymispMISPUser method) 34update() (pymisptoolsFileObject method) 38update() (pymisptoolsVTReportObject method) 40update_attribute() (pymispPyMISP method) 21update_attribute_proposal()
(pymispPyMISP method) 21update_event() (pymispPyMISP method) 21update_event_blacklist() (pymispPyMISP
method) 21update_feed() (pymispPyMISP method) 21update_galaxies() (pymispPyMISP method) 21update_not_jsonable() (pymispAbstractMISP
method) 23update_not_jsonable() (pymispMISPAttribute
method) 28update_not_jsonable() (pymispMISPEvent
method) 26update_not_jsonable() (pymispMISPObject
method) 29update_not_jsonable()
(pymispMISPObjectAttribute method) 31
Index 49
PyMISP Documentation Release main
update_not_jsonable()(pymispMISPObjectReference method)32
update_not_jsonable()(pymispMISPOrganisation method) 35
update_not_jsonable() (pymispMISPTagmethod) 33
update_not_jsonable() (pymispMISPUsermethod) 34
update_not_jsonable() (pymisptoolsFileObjectmethod) 38
update_not_jsonable()(pymisptoolsVTReportObject method)40
update_noticelists() (pymispPyMISP method)21
update_object() (pymispPyMISP method) 21update_object_templates() (pymispPyMISP
method) 21update_organisation() (pymispPyMISP
method) 21update_organisation_blacklist()
(pymispPyMISP method) 21update_server() (pymispPyMISP method) 22update_tag() (pymispPyMISP method) 22update_taxonomies() (pymispPyMISP method)
22update_user() (pymispPyMISP method) 22update_warninglists() (pymispPyMISP
method) 22upload_stix() (pymispPyMISP method) 22user_registrations() (pymispPyMISP method)
22user_settings() (pymispPyMISP method) 22users() (pymispPyMISP method) 22users_statistics() (pymispPyMISP method) 22
Vvalues() (pymispMISPAttribute method) 28values() (pymispMISPEvent method) 26values() (pymispMISPObject method) 29values() (pymispMISPObjectAttribute method) 31values() (pymispMISPObjectReference method) 32values() (pymispMISPOrganisation method) 35values() (pymispMISPTag method) 33values() (pymispMISPUser method) 34values() (pymisptoolsFileObject method) 38values() (pymisptoolsVTReportObject method) 40values_in_warninglist() (pymispPyMISP
method) 22version() (pymispPyMISP property) 22VTReportObject (class in pymisptools) 38
Wwarninglists() (pymispPyMISP method) 22
50 Index
- README
- pymisp
- PyMISP
- PyMISPExpanded (Python 36+ only)
- MISPAbstract
- MISPEncode
- MISPEvent
- MISPAttribute
- MISPObject
- MISPObjectAttribute
- MISPObjectReference
- MISPTag
- MISPUser
- MISPOrganisation
- pymisp - Tools
- File Object
- ELF Object
- PE Object
- Mach-O Object
- VT Report Object
- STIX
- OpenIOC
- Indices and tables
- Python Module Index
- Index
PyMISP Documentation Release main
add_tag(tag pythonify=False)Add a new tag on a MISP instance Notes
bull The user calling this method needs the Tag Editor permission
bull It doesnrsquot add a tag to an event simply create it on a MISP instance
Return type Union[Dict MISPTag]
add_user(user pythonify=False)Add a new user
Return type Union[Dict MISPUser]
attributes_statistics(context=type percentage=False)Get attributes statistics from the MISP instance
Return type Dict
build_complex_query(or_parameters=None and_parameters=None not_parameters=None)Build a complex search query MISP expects a dictionary with AND OR and NOT keys
Return type Dict[str List[~SearchType]]
cache_all_feeds()Cache all the feeds
Return type Dict
cache_feed(feed)Cache a specific feed
Return type Dict
cache_freetext_feeds()Cache all the freetext feeds
Return type Dict
cache_misp_feeds()Cache all the MISP feeds
Return type Dict
change_sharing_group_on_entity(misp_entity sharing_group_id pythonify=False)Change the sharing group of an event an attribute or an object
Return type Union[Dict MISPEvent MISPObject MISPAttributeMISPShadowAttribute]
change_user_password(new_password)Thange the password of the curent user
Return type Dict
communities(pythonify=False)Get all the communities
Return type Union[Dict List[MISPCommunity]]
compare_feeds()Generate the comparison matrix for all the MISP feeds
Return type Dict
21 PyMISP 9
PyMISP Documentation Release main
contact_event_reporter(event message)Send a message to the reporter of an event
Return type Dict
delegate_event(event=None organisation=None event_delegation=None distribution=- 1 mes-sage= pythonify=False)
Note distribution == -1 means recipient decides
Return type Union[Dict MISPEventDelegation]
delete_attribute(attribute hard=False)Delete an attribute from a MISP instance
Return type Dict
delete_attribute_proposal(attribute)Propose the deletion of an attribute
Return type Dict
delete_event(event)Delete an event from a MISP instance
Return type Dict
delete_event_blacklist(event_blacklist)Delete a blacklisted event
Return type Dict
delete_feed(feed)Delete a feed from a MISP instance
Return type Dict
delete_object(misp_object)Delete an object from a MISP instance
Return type Dict
delete_object_reference(object_reference)Delete a reference to an object
Return type Dict
delete_organisation(organisation)Delete an organisation
Return type Dict
delete_organisation_blacklist(organisation_blacklist)Delete a blacklisted organisation
Return type Dict
delete_server(server)Delete a sync server
Return type Dict
delete_sharing_group(sharing_group)Delete a sharing group
Return type Dict
10 Chapter 2 pymisp
PyMISP Documentation Release main
delete_sighting(sighting)Delete a sighting from a MISP instance
Return type Dict
delete_tag(tag)Delete an attribute from a MISP instance
Return type Dict
delete_user(user)Delete a user
Return type Dict
delete_user_setting(user_setting user=None)Delete a user setting
Return type Dict
property describe_types_localReturns the content of describe types from the package
Return type Dict
property describe_types_remoteReturns the content of describe types from the remote instance
Return type Dict
direct_call(url data=None params= kw_params=)Very lightweight call that posts a data blob (python dictionary or json string) on the URL
Return type Any
disable_feed(feed pythonify=False)Disable a feed
Return type Union[Dict MISPFeed]
disable_feed_cache(feed pythonify=False)Disable the caching of a feed
Return type Union[Dict MISPFeed]
disable_noticelist(noticelist)Disable a noticelist by id
Return type Dict
disable_tag(tag pythonify=False)Disable a tag
Return type Union[Dict MISPTag]
disable_taxonomy(taxonomy)Disable a taxonomy
Return type Dict
disable_taxonomy_tags(taxonomy)Disable all the tags of a taxonomy
Return type Dict
disable_warninglist(warninglist)Disable a warninglist
21 PyMISP 11
PyMISP Documentation Release main
Return type Dict
discard_attribute_proposal(proposal)Discard a proposal
Return type Dict
enable_feed(feed pythonify=False)Enable a feed (fetching it will create event(s)
Return type Union[Dict MISPFeed]
enable_feed_cache(feed pythonify=False)Enable the caching of a feed
Return type Union[Dict MISPFeed]
enable_noticelist(noticelist)Enable a noticelist by id
Return type Dict
enable_tag(tag pythonify=False)Enable a tag
Return type Union[Dict MISPTag]
enable_taxonomy(taxonomy)Enable a taxonomy
Return type Dict
enable_taxonomy_tags(taxonomy)Enable all the tags of a taxonomy NOTE this automatically done when you call enable_taxonomy
Return type Dict
enable_warninglist(warninglist)Enable a warninglist
Return type Dict
event_blacklists(pythonify=False)Get all the blacklisted events
Return type Union[Dict List[MISPEventBlacklist]]
event_delegations(pythonify=False)Get all the event delegations
Return type Union[Dict List[MISPEventDelegation]]
feeds(pythonify=False)Get the list of existing feeds
Return type Union[Dict List[MISPFeed]]
fetch_feed(feed)Fetch one single feed
Return type Dict
freetext(event string adhereToWarninglists=False distribution=None returnMetaAttributes=Falsepythonify=False kwargs)
Pass a text to the freetext importer
Return type Union[Dict List[MISPAttribute]]
12 Chapter 2 pymisp
PyMISP Documentation Release main
galaxies(pythonify=False)Get all the galaxies
Return type Union[Dict List[MISPGalaxy]]
get_all_functions(not_implemented=False)Get all methods available vi the API allow to get the ones that are not implemented
get_attribute(attribute pythonify=False)Get an attribute from a MISP instance
Return type Union[Dict MISPAttribute]
get_community(community pythonify=False)Get an community from a MISP instance
Return type Union[Dict MISPCommunity]
get_event(event deleted=False extended=False pythonify=False)Get an event from a MISP instance
Return type Union[Dict MISPEvent]
get_feed(feed pythonify=False)Get a feed by id
Return type Union[Dict MISPFeed]
get_galaxy(galaxy pythonify=False)Get a galaxy by id
Return type Union[Dict MISPGalaxy]
get_noticelist(noticelist pythonify=False)Get a noticelist by id
Return type Union[Dict MISPNoticelist]
get_object(misp_object pythonify=False)Get an object from the remote MISP instance
Return type Union[Dict MISPObject]
get_object_template(object_template pythonify=False)Gets the full object template corresponting the UUID passed as parameter
Return type Union[Dict MISPObjectTemplate]
get_organisation(organisation pythonify=False)Get an organisation
Return type Union[Dict MISPOrganisation]
get_sync_config(pythonify=False)WARNING This method only works if the user calling it is a sync user
Return type Union[Dict MISPServer]
get_tag(tag pythonify=False)Get a tag by id
Return type Union[Dict MISPTag]
get_taxonomy(taxonomy pythonify=False)Get a taxonomy from a MISP instance
Return type Union[Dict MISPTaxonomy]
21 PyMISP 13
PyMISP Documentation Release main
get_user(user=me pythonify=False expanded=False)Get a user me means the owner of the API key doing the query expanded also returns a MISPRole and aMISPUserSetting
Return type Union[Dict MISPUser Tuple[MISPUser MISPRoleList[MISPUserSetting]]]
get_user_setting(user_setting user=None pythonify=False)Get an user setting
Return type Union[Dict MISPUserSetting]
get_warninglist(warninglist pythonify=False)Get a warninglist
Return type Union[Dict MISPWarninglist]
import_server(server pythonify=False)Import a sync server config received from get_sync_config
Return type Union[Dict MISPServer]
load_default_feeds()Load all the default feeds
Return type Dict
property misp_instance_versionReturns the version of the instance
Return type Dict
property misp_instance_version_masterGet the most recent version from github
Return type Dict
noticelists(pythonify=False)Get all the noticelists
Return type Union[Dict List[MISPNoticelist]]
object_templates(pythonify=False)Get all the object templates
Return type Union[Dict List[MISPObjectTemplate]]
organisation_blacklists(pythonify=False)Get all the blacklisted organisations
Return type Union[Dict List[MISPOrganisationBlacklist]]
organisations(scope=local pythonify=False)Get all the organisations
Return type Union[Dict List[MISPOrganisation]]
publish(event alert=False)Publish the event with one single HTTP POST The default is to not send a mail as it is assumed thismethod is called on update
Return type Dict
push_event_to_ZMQ(event)Force push an event on ZMQ
14 Chapter 2 pymisp
PyMISP Documentation Release main
Return type Dict
property pymisp_version_mainGet the most recent version of PyMISP from github
Return type Dict
property recommended_pymisp_versionReturns the recommended API version from the server
Return type Dict
remote_acl(debug_type=findMissingFunctionNames)This should return an empty list unless the ACL is outdated debug_type can only be printAllFunction-Names findMissingFunctionNames or printRoleAccess
Return type Dict
remove_org_from_sharing_group(sharing_group organisation)Remove an organisation from a sharing group sharing_group Sharing grouprsquos local instance ID orSharing grouprsquos global UUID organisation Organisationrsquos local instance ID or Organisationrsquos globalUUID or Organisationrsquos name as known to the curent instance
Return type Dict
remove_server_from_sharing_group(sharing_group server)Remove a server from a sharing group sharing_group Sharing grouprsquos local instance ID or Sharinggrouprsquos global UUID server Serverrsquos local instance ID or URL of the Server or Serverrsquos name as knownto the curent instance
Return type Dict
roles(pythonify=False)Get the existing roles
Return type Union[Dict List[MISPRole]]
search(controller=events return_format=json limit=None page=None value=Nonetype_attribute=None category=None org=None tags=None quick_filter=None quick-Filter=None date_from=None date_to=None eventid=None with_attachments=NonewithAttachments=None metadata=None uuid=None publish_timestamp=Nonelast=None timestamp=None published=None enforce_warninglist=None enforceWarn-inglist=None to_ids=None deleted=None include_event_uuid=None includeEventU-uid=None include_event_tags=None includeEventTags=None event_timestamp=Nonesg_reference_only=None eventinfo=None searchall=None requested_attributes=None in-clude_context=None includeContext=None headerless=None include_sightings=NoneincludeSightings=None include_correlations=None includeCorrelations=None in-clude_decay_score=None includeDecayScore=None object_name=None pythonify=Falsekwargs)
Search in the MISP instance
Parameters
bull return_format (str) ndash Set the return format of the search (Currently supported jsonxml openioc suricata snort - more formats are being moved to restSearch with the goalbeing that all searches happen through this API) Can be passed as the first parameter afterrestSearch or via the JSON payload
bull limit (Optional[int]) ndash Limit the number of results returned depending on thescope (for example 10 attributes or 10 full events)
bull page (Optional[int]) ndash If a limit is set sets the page to be returned page 3 limit 100will return records 201-gt300)
21 PyMISP 15
PyMISP Documentation Release main
bull value (Optional[~SearchParameterTypes]) ndash Search for the given value in the at-tributesrsquo value field
bull type_attribute (Optional[~SearchParameterTypes]) ndash The attribute type anyvalid MISP attribute type is accepted
bull category (Optional[~SearchParameterTypes]) ndash The attribute category any validMISP attribute category is accepted
bull org (Optional[~SearchParameterTypes]) ndash Search by the creator organisation by sup-plying the organisation identifier
bull tags (Optional[~SearchParameterTypes]) ndash Tags to search or to exclude You canpass a list or the output of build_complex_query
bull quick_filter (Optional[str]) ndash The string passed to this field will ignore all ofthe other arguments MISP will return an xml json (depending on the header sent) of allevents that have a sub-string match on value in the event info event orgc or any of theattribute value1 value2 fields or in the attribute comment
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull eventid (Optional[~SearchType]) ndash The events that should be included excludedfrom the search
bull with_attachments (Optional[bool]) ndash If set encodes the attachments zippedmalware samples as base64 in the data field within each attribute
bull metadata (Optional[bool]) ndash Only the metadata (event tags relations) is returnedattributes and proposals are omitted
bull uuid (Optional[str]) ndash Restrict the results by uuid
bull publish_timestamp (Union[date int str float NoneTuple[Union[date int str float None] Union[date int str floatNone]]]) ndash Restrict the results by the last publish timestamp (newer than)
bull timestamp (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash Restrict the resultsby the timestamp (last edit) Any event with a timestamp newer than the given timestampwill be returned In case you are dealing with attributes as scope the attributersquos timestampwill be used for the lookup
bull published (Optional[bool]) ndash Set whether published or unpublished events shouldbe returned Do not set the parameter if you want both
bull enforce_warninglist (Optional[bool]) ndash Remove any attributes from the resultthat would cause a hit on a warninglist entry
bull to_ids (Union[~ToIDSType List[~ToIDSType] None]) ndash By default all attributesare returned that match the other filter parameters irregardless of their to_ids setting Torestrict the returned data set to to_ids only attributes set this parameter to 1 0 for the oneswith to_ids set to False
bull deleted (Optional[str]) ndash If this parameter is set to 1 it will only return soft-deletedattributes [ldquo0rdquo ldquo1rdquo] will return the active ones as well as the soft-deleted ones
bull include_event_uuid (Optional[bool]) ndash Instead of just including the event IDalso include the event UUID in each of the attributes
16 Chapter 2 pymisp
PyMISP Documentation Release main
bull include_event_tags (Optional[bool]) ndash Include the event level tags in each ofthe attributes
bull event_timestamp (Union[date int str float None]) ndash Only return at-tributes from events that have received a modification after the given timestamp
bull sg_reference_only (Optional[bool]) ndash If this flag is set sharing group objectswill not be included instead only the sharing group ID is set
bull eventinfo (Optional[str]) ndash Filter on the eventrsquos info field
bull searchall (Optional[bool]) ndash Search for a full or a substring (delimited by forsubstrings) in the event info event tags attribute tags attribute values or attribute commentfields
bull requested_attributes (Optional[str]) ndash [CSV only] Select the fields that youwish to include in the CSV export By setting event level fields additionally includeCon-text is not required to get event metadata
bull include_context (Optional[bool]) ndash [Attribute only] Include the event data witheach attribute [CSV output] Add event level metadata in every line of the CSV
bull headerless (Optional[bool]) ndash [CSV Only] The CSV created when this setting isset to true will not contain the header row
bull include_sightings (Optional[bool]) ndash [JSON Only - Attribute] Include thesightings of the matching attributes
bull include_decay_score (Optional[bool]) ndash Include the decay score at attributelevel
bull include_correlations (Optional[bool]) ndash [JSON Only - attribute] Include thecorrelations of the matching attributes
bull object_name (Optional[str]) ndash [objects controller only] Search for objects withthat name
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead of the plainjson output Warning it might use a lot of RAM
Deprecated
Parameters
bull quickFilter (Optional[str]) ndash synponym for quick_filter
bull withAttachments (Optional[bool]) ndash synonym for with_attachments
bull last (Union[date int str float None Tuple[Union[date int strfloat None] Union[date int str float None]]]) ndash synonym for pub-lish_timestamp
bull enforceWarninglist (Optional[bool]) ndash synonym for enforce_warninglist
bull includeEventUuid (Optional[bool]) ndash synonym for include_event_uuid
bull includeEventTags (Optional[bool]) ndash synonym for include_event_tags
bull includeContext (Optional[bool]) ndash synonym for include_context
Return type Union[Dict str List[Union[MISPEvent MISPAttributeMISPObject]]]
search_feeds(value=None pythonify=False)Search in the feeds cached on the servers
21 PyMISP 17
PyMISP Documentation Release main
Return type Union[Dict List[MISPFeed]]
search_index(published=None eventid=None tags=None date_from=None date_to=Noneeventinfo=None threatlevel=None distribution=None analysis=None org=Nonetimestamp=None pythonify=None)
Search only at the index level Using in front of a value means NOT (default is OR)
Parameters
bull published (Optional[bool]) ndash Set whether published or unpublished events shouldbe returned Do not set the parameter if you want both
bull eventid (Optional[~SearchType]) ndash The events that should be included excludedfrom the search
bull tags (Optional[~SearchParameterTypes]) ndash Tags to search or to exclude You canpass a list or the output of build_complex_query
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull eventinfo (Optional[str]) ndash Filter on the eventrsquos info field
bull threatlevel (Optional[List[~SearchType]]) ndash Threat level(s) (1234) | list
bull distribution (Optional[List[~SearchType]]) ndash Distribution level(s) (0123) |list
bull analysis (Optional[List[~SearchType]]) ndash Analysis level(s) (012) | list
bull org (Optional[~SearchParameterTypes]) ndash Search by the creator organisation by sup-plying the organisation identifier
bull timestamp (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash Restrict the resultsby the timestamp (last edit) Any event with a timestamp newer than the given timestampwill be returned In case you are dealing with attributes as scope the attributersquos timestampwill be used for the lookup
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead or the plainjson output Warning it might use a lot of RAM
Return type Union[Dict List[MISPEvent]]
search_logs(limit=None page=None log_id=None title=None created=None model=None ac-tion=None user_id=None change=None email=None org=None description=Noneip=None pythonify=False)
Search in logs
Note to run substring queries simply appendprependencapsulate the search term with
Parameters
bull limit (Optional[int]) ndash Limit the number of results returned depending on thescope (for example 10 attributes or 10 full events)
bull page (Optional[int]) ndash If a limit is set sets the page to be returned page 3 limit 100will return records 201-gt300)
bull log_id (Optional[int]) ndash Log ID
bull title (Optional[str]) ndash Log Title
18 Chapter 2 pymisp
PyMISP Documentation Release main
bull created (Union[date int str float None]) ndash Creation timestamp
bull model (Optional[str]) ndash Model name that generated the log entry
bull action (Optional[str]) ndash The thing that was done
bull user_id (Optional[int]) ndash ID of the user doing the action
bull change (Optional[str]) ndash Change that occured
bull email (Optional[str]) ndash Email of the user
bull org (Optional[str]) ndash Organisation of the User doing the action
bull description (Optional[str]) ndash Description of the action
bull ip (Optional[str]) ndash Origination IP of the User doing the action
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead or the plainjson output Warning it might use a lot of RAM
Return type Union[Dict List[MISPLog]]
search_sightings(context=None context_id=None type_sighting=None date_from=Nonedate_to=None publish_timestamp=None last=None org=None source=Noneinclude_attribute=None include_event_meta=None pythonify=False)
Search sightings
Parameters
bull context (Optional[str]) ndash The context of the search Can be either ldquoattributerdquoldquoeventrdquo or nothing (will then match on events and attributes)
bull context_id (Optional[~SearchType]) ndash Only relevant if context is either ldquoattributerdquoor ldquoeventrdquo Then it is the relevant ID
bull type_sighting (Optional[str]) ndash Type of sighting
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull publish_timestamp (Union[date int str float NoneTuple[Union[date int str float None] Union[date int str floatNone]]]) ndash Restrict the results by the last publish timestamp (newer than)
bull org (Optional[~SearchType]) ndash Search by the creator organisation by supplying theorganisation identifier
bull source (Optional[str]) ndash Source of the sighting
bull include_attribute (Optional[bool]) ndash Include the attribute
bull include_event_meta (Optional[bool]) ndash Include the meta information of theevent
Deprecated
Parameters last (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash synonym for pub-lish_timestamp
Example
21 PyMISP 19
PyMISP Documentation Release main
gtgtgt mispsearch_sightings(publish_timestamp=30d) search sightings for therarr˓last 30 days on the instance[ ]gtgtgt mispsearch_sightings(context=attribute context_id=6 include_rarr˓attribute=True) return list of sighting for attribute 6 along with therarr˓attribute itself[ ]gtgtgt mispsearch_sightings(context=event context_id=17 include_event_rarr˓meta=True org=2) return list of sighting for event 17 filtered with orgrarr˓id 2
Return type Union[Dict List[Dict[str Union[MISPEvent MISPAttributeMISPSighting]]]]
server_pull(server event=None)Initialize a pull from a sync server
Return type Dict
server_push(server event=None)Initialize a push to a sync server
Return type Dict
servers(pythonify=False)Get the existing servers the MISP instance can synchronise with
Return type Union[Dict List[MISPServer]]
set_user_setting(user_setting value user=None pythonify=False)Get an user setting
Return type Union[Dict MISPUserSetting]
sharing_groups(pythonify=False)Get the existing sharing groups
Return type Union[Dict List[MISPSharingGroup]]
sightings(misp_entity=None org=None pythonify=False)Get the list of sighting related to a MISPEvent or a MISPAttribute (depending on type of misp_entity)
Return type Union[Dict List[MISPSighting]]
tag(misp_entity tag local=False)Tag an event or an attribute misp_entity can be a MISPEvent a MISP Attribute or a UUID
Return type Dict
tags(pythonify=False)Get the list of existing tags
Return type Union[Dict List[MISPTag]]
tags_statistics(percentage=False name_sort=False)Get tags statistics from the MISP instance
Return type Dict
taxonomies(pythonify=False)Get all the taxonomies
Return type Union[Dict List[MISPTaxonomy]]
20 Chapter 2 pymisp
PyMISP Documentation Release main
toggle_warninglist(warninglist_id=None warninglist_name=None force_enable=False)Toggle (enabledisable) the status of a warninglist by ID type warninglist_id Union[str intList[int] None] param warninglist_id ID of the WarningList type force_enable bool paramforce_enable Force the warning list in the enabled state (does nothing is already enabled)
Return type Dict
untag(misp_entity tag)Untag an event or an attribute misp_entity can be a UUID
Return type Dict
update_attribute(attribute attribute_id=None pythonify=False)Update an attribute on a MISP instance
Return type Union[Dict MISPAttribute MISPShadowAttribute]
update_attribute_proposal(initial_attribute attribute pythonify=False)Propose a change for an attribute
Return type Union[Dict MISPShadowAttribute]
update_event(event event_id=None pythonify=False)Update an event on a MISP instance
Return type Union[Dict MISPEvent]
update_event_blacklist(event_blacklist event_blacklist_id=None pythonify=False)Update an event in the blacklist
Return type Union[Dict MISPEventBlacklist]
update_feed(feed feed_id=None pythonify=False)Update a feed on a MISP instance
Return type Union[Dict MISPFeed]
update_galaxies()Update all the galaxies
Return type Dict
update_noticelists()Update all the noticelists
Return type Dict
update_object(misp_object object_id=None pythonify=False)Update an object on a MISP instance
Return type Union[Dict MISPObject]
update_object_templates()Trigger an update of the object templates
Return type Dict
update_organisation(organisation organisation_id=None pythonify=False)Update an organisation
Return type Union[Dict MISPOrganisation]
update_organisation_blacklist(organisation_blacklist organisation_blacklist_id=Nonepythonify=False)
Update an organisation in the blacklist
Return type Union[Dict MISPOrganisationBlacklist]
21 PyMISP 21
PyMISP Documentation Release main
update_server(server server_id=None pythonify=False)Update a server to synchronise with
Return type Union[Dict MISPServer]
update_tag(tag tag_id=None pythonify=False)Edit only the provided parameters of a tag
Return type Union[Dict MISPTag]
update_taxonomies()Update all the taxonomies
Return type Dict
update_user(user user_id=None pythonify=False)Update an event on a MISP instance
Return type Union[Dict MISPUser]
update_warninglists()Update all the warninglists
Return type Dict
upload_stix(path version=2)Upload a STIX file to MISP param path Path to the STIX on the disk (can be a path-like object or apseudofile) type version str param version Can be 1 or 2
user_registrations(pythonify=False)Get all the user registrations
Return type Union[Dict List[MISPInbox]]
user_settings(pythonify=False)Get all the user settings
Return type Union[Dict List[MISPUserSetting]]
users(pythonify=False)Get all the users
Return type Union[Dict List[MISPUser]]
users_statistics(context=data)Get users statistics from the MISP instance
Return type Dict
values_in_warninglist(value)Check if IOC values are in warninglist
Return type Dict
property versionReturns the version of PyMISP yoursquore curently using
Return type Dict
warninglists(pythonify=False)Get all the warninglists
Return type Union[Dict List[MISPWarninglist]]
22 Chapter 2 pymisp
PyMISP Documentation Release main
22 PyMISPExpanded (Python 36+ only)
pymispExpandedPyMISPalias of pymispapiPyMISP
23 MISPAbstract
class pymispAbstractMISP(kwargs)
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
Return type None
from_json(json_string)Load a JSON string
Return type None
jsonable()This method is used by the JSON encoder
Return type Dict
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
22 PyMISPExpanded (Python 36+ only) 23
PyMISP Documentation Release main
24 MISPEncode
class pymispMISPEncode(args kwargs)
default(obj)Implement this method in a subclass such that it returns a serializable object for o or calls the baseimplementation (to raise a TypeError)
For example to support arbitrary iterators you could implement default like this
def default(self o)try
iterable = iter(o)except TypeError
passelse
return list(iterable) Let the base class default method raise the TypeErrorreturn JSONEncoderdefault(self o)
25 MISPEvent
class pymispMISPEvent(describe_types=None strict_validation=False kwargs)
add_attribute(type value kwargs)Add an attribute type and value are required but you can pass all other parameters supported by MISPAt-tribute
Return type Union[MISPAttribute List[MISPAttribute]]
add_attribute_tag(tag attribute_identifier)Add a tag to an existing attribute raise an Exception if the attribute doesnrsquot exists tag Tag name as astring MISPTag instance or dictionary attribute_identifier can be an ID UUID or the value
Return type List[MISPAttribute]
add_object(obj=None kwargs)Add an object to the Event either by passing a MISPObject or a dictionary
Return type MISPObject
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a tag to the attribute (by name or a MISPTag object)
Return type MISPShadowAttribute
clear()rarr None Remove all items from D
delete_attribute(attribute_id)Delete an attribute you can search by ID or UUID
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
24 Chapter 2 pymisp
PyMISP Documentation Release main
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attribute_tag(attribute_identifier)Return the tags associated to an attribute or an object attribute attribute_identifier can be an ID UUIDor the value
Return type List[MISPTag]
get_object_by_id(object_id)Get an object by ID (the ID is the one set by the server when creating the new object)
Return type MISPObject
get_object_by_uuid(object_uuid)Get an object by UUID (UUID is set by the server when creating the new object)
Return type MISPObject
get_objects_by_name(object_name)Get an object by UUID (UUID is set by the server when creating the new object)
Return type List[MISPObject]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
load(json_event validate=False metadata_only=False)Load a JSON dump from a pseudo file or a JSON string
load_file(event_path validate=False metadata_only=False)Load a JSON dump from a file on the disk
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
publish()Mark the attribute as published
set_date(d=None ignore_invalid=False)Set a date for the event (string datetime or date object)
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
25 MISPEvent 25
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Event
Return type List[MISPTag]
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_feed(valid_distributions=[0 1 2 3 4 5] with_meta=False)Generate a json output for MISP Feed Notes
bull valid_distributions only makes sense if the distribution key is set (ie the event is exported from aMISP instance)
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
unpublish()Mark the attribute as un-published (set publish flag to false)
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
26 MISPAttribute
class pymispMISPAttribute(describe_types=None strict=False)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
26 Chapter 2 pymisp
PyMISP Documentation Release main
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
26 MISPAttribute 27
PyMISP Documentation Release main
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
27 MISPObject
class pymispMISPObject(name strict=False standalone=True default_attributes_parameters=kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
28 Chapter 2 pymisp
PyMISP Documentation Release main
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
28 MISPObjectAttribute
class pymispMISPObjectAttribute(definition)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
28 MISPObjectAttribute 29
PyMISP Documentation Release main
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(object_relation value kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
30 Chapter 2 pymisp
PyMISP Documentation Release main
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
29 MISPObjectReference
class pymispMISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
29 MISPObjectReference 31
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
210 MISPTag
class pymispMISPTag(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
32 Chapter 2 pymisp
PyMISP Documentation Release main
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
211 MISPUser
class pymispMISPUser(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
211 MISPUser 33
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation
class pymispMISPOrganisation
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
34 Chapter 2 pymisp
PyMISP Documentation Release main
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation 35
PyMISP Documentation Release main
36 Chapter 2 pymisp
CHAPTER
THREE
PYMISP - TOOLS
31 File Object
class pymisptoolsFileObject(filepath=None pseudofile=None filename=None kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Contains the logic where all the values of the object are gathered
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
37
PyMISP Documentation Release main
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
32 ELF Object
33 PE Object
34 Mach-O Object
35 VT Report Object
class pymisptoolsVTReportObject(apikey indicator vt_proxies=None kwargs)VirusTotal Report
Apikey VirusTotal API key (private works but only public features are supported right now)
38 Chapter 3 pymisp - Tools
PyMISP Documentation Release main
Indicator IOC to search VirusTotal for
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Parse the VirusTotal report for relevant attributes
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
35 VT Report Object 39
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
36 STIX
pymisptoolsstixload_stix(stix distribution=3 threat_level_id=2 analysis=0)Returns a MISPEvent object from a STIX package
pymisptoolsstixmake_stix_package(misp_event to_json=False to_xml=False)Returns a STIXPackage from a MISPEvent
Optionally can return the package in json or xml
37 OpenIOC
toolsload_openioc()
toolsload_openioc_file()
40 Chapter 3 pymisp - Tools
CHAPTER
FOUR
INDICES AND TABLES
bull genindex
bull modindex
bull search
41
PyMISP Documentation Release main
42 Chapter 4 Indices and tables
PYTHON MODULE INDEX
ppymisp 7pymisptools 37pymisptoolsstix 40
43
PyMISP Documentation Release main
44 Python Module Index
INDEX
AAbstractMISP (class in pymisp) 23accept_attribute_proposal()
(pymispPyMISP method) 7add_attribute() (pymispMISPEvent method) 24add_attribute() (pymispMISPObject method) 28add_attribute() (pymispPyMISP method) 7add_attribute() (pymisptoolsFileObject method)
37add_attribute() (pymisptoolsVTReportObject
method) 39add_attribute_proposal() (pymispPyMISP
method) 7add_attribute_tag() (pymispMISPEvent
method) 24add_attributes() (pymispMISPObject method)
28add_attributes() (pymisptoolsFileObject
method) 37add_attributes() (pymisptoolsVTReportObject
method) 39add_event() (pymispPyMISP method) 7add_event_blacklist() (pymispPyMISP
method) 8add_feed() (pymispPyMISP method) 8add_object() (pymispMISPEvent method) 24add_object() (pymispPyMISP method) 8add_object_reference() (pymispPyMISP
method) 8add_org_to_sharing_group() (pymispPyMISP
method) 8add_organisation() (pymispPyMISP method) 8add_organisation_blacklist()
(pymispPyMISP method) 8add_proposal() (pymispMISPAttribute method) 26add_proposal() (pymispMISPEvent method) 24add_proposal() (pymispMISPObjectAttribute
method) 29add_reference() (pymispMISPObject method) 28add_reference() (pymisptoolsFileObject method)
37add_reference() (pymisptoolsVTReportObject
method) 39add_server() (pymispPyMISP method) 8add_server_to_sharing_group()
(pymispPyMISP method) 8add_shadow_attribute() (pymispMISPAttribute
method) 26add_shadow_attribute() (pymispMISPEvent
method) 24add_shadow_attribute()
(pymispMISPObjectAttribute method) 29add_sharing_group() (pymispPyMISP method) 8add_sighting() (pymispMISPAttribute method) 26add_sighting() (pymispMISPObjectAttribute
method) 29add_sighting() (pymispPyMISP method) 8add_tag() (pymispPyMISP method) 8add_user() (pymispPyMISP method) 9attributes_statistics() (pymispPyMISP
method) 9
Bbuild_complex_query() (pymispPyMISP
method) 9
Ccache_all_feeds() (pymispPyMISP method) 9cache_feed() (pymispPyMISP method) 9cache_freetext_feeds() (pymispPyMISP
method) 9cache_misp_feeds() (pymispPyMISP method) 9change_sharing_group_on_entity()
(pymispPyMISP method) 9change_user_password() (pymispPyMISP
method) 9clear() (pymispMISPAttribute method) 26clear() (pymispMISPEvent method) 24clear() (pymispMISPObject method) 28clear() (pymispMISPObjectAttribute method) 29clear() (pymispMISPObjectReference method) 31clear() (pymispMISPOrganisation method) 34clear() (pymispMISPTag method) 32clear() (pymispMISPUser method) 33
45
PyMISP Documentation Release main
clear() (pymisptoolsFileObject method) 37clear() (pymisptoolsVTReportObject method) 39communities() (pymispPyMISP method) 9compare_feeds() (pymispPyMISP method) 9contact_event_reporter() (pymispPyMISP
method) 9
Ddefault() (pymispMISPEncode method) 24delegate_event() (pymispPyMISP method) 10delete() (pymispMISPAttribute method) 26delete() (pymispMISPObjectAttribute method) 30delete_attribute() (pymispMISPEvent method)
24delete_attribute() (pymispPyMISP method) 10delete_attribute_proposal()
(pymispPyMISP method) 10delete_event() (pymispPyMISP method) 10delete_event_blacklist() (pymispPyMISP
method) 10delete_feed() (pymispPyMISP method) 10delete_object() (pymispPyMISP method) 10delete_object_reference() (pymispPyMISP
method) 10delete_organisation() (pymispPyMISP
method) 10delete_organisation_blacklist()
(pymispPyMISP method) 10delete_server() (pymispPyMISP method) 10delete_sharing_group() (pymispPyMISP
method) 10delete_sighting() (pymispPyMISP method) 10delete_tag() (pymispPyMISP method) 11delete_user() (pymispPyMISP method) 11delete_user_setting() (pymispPyMISP
method) 11describe_types_local() (pymispPyMISP prop-
erty) 11describe_types_remote() (pymispPyMISP
property) 11direct_call() (pymispPyMISP method) 11disable_feed() (pymispPyMISP method) 11disable_feed_cache() (pymispPyMISP method)
11disable_noticelist() (pymispPyMISP method)
11disable_tag() (pymispPyMISP method) 11disable_taxonomy() (pymispPyMISP method) 11disable_taxonomy_tags() (pymispPyMISP
method) 11disable_warninglist() (pymispPyMISP
method) 11discard_attribute_proposal()
(pymispPyMISP method) 12
Eedited() (pymispAbstractMISP property) 23edited() (pymispMISPAttribute property) 26edited() (pymispMISPEvent property) 24edited() (pymispMISPObject property) 28edited() (pymispMISPObjectAttribute property) 30edited() (pymispMISPObjectReference property) 31edited() (pymispMISPOrganisation property) 34edited() (pymispMISPTag property) 32edited() (pymispMISPUser property) 33edited() (pymisptoolsFileObject property) 37edited() (pymisptoolsVTReportObject property) 39enable_feed() (pymispPyMISP method) 12enable_feed_cache() (pymispPyMISP method)
12enable_noticelist() (pymispPyMISP method)
12enable_tag() (pymispPyMISP method) 12enable_taxonomy() (pymispPyMISP method) 12enable_taxonomy_tags() (pymispPyMISP
method) 12enable_warninglist() (pymispPyMISP method)
12event_blacklists() (pymispPyMISP method) 12event_delegations() (pymispPyMISP method)
12ExpandedPyMISP (in module pymisp) 23
Ffeeds() (pymispPyMISP method) 12fetch_feed() (pymispPyMISP method) 12FileObject (class in pymisptools) 37freetext() (pymispPyMISP method) 12from_dict() (pymispAbstractMISP method) 23from_dict() (pymispMISPAttribute method) 27from_dict() (pymispMISPEvent method) 25from_dict() (pymispMISPObject method) 28from_dict() (pymispMISPObjectAttribute method)
30from_dict() (pymispMISPObjectReference method)
31from_dict() (pymispMISPOrganisation method) 34from_dict() (pymispMISPTag method) 32from_dict() (pymispMISPUser method) 33from_dict() (pymisptoolsFileObject method) 37from_dict() (pymisptoolsVTReportObject method)
39from_json() (pymispAbstractMISP method) 23from_json() (pymispMISPAttribute method) 27from_json() (pymispMISPEvent method) 25from_json() (pymispMISPObject method) 28from_json() (pymispMISPObjectAttribute method)
30
46 Index
PyMISP Documentation Release main
from_json() (pymispMISPObjectReference method)31
from_json() (pymispMISPOrganisation method) 34from_json() (pymispMISPTag method) 32from_json() (pymispMISPUser method) 33from_json() (pymisptoolsFileObject method) 37from_json() (pymisptoolsVTReportObject method)
39
Ggalaxies() (pymispPyMISP method) 12generate_attributes() (pymisptoolsFileObject
method) 37generate_attributes()
(pymisptoolsVTReportObject method)39
get() (pymispMISPAttribute method) 27get() (pymispMISPEvent method) 25get() (pymispMISPObject method) 28get() (pymispMISPObjectAttribute method) 30get() (pymispMISPObjectReference method) 31get() (pymispMISPOrganisation method) 34get() (pymispMISPTag method) 32get() (pymispMISPUser method) 33get() (pymisptoolsFileObject method) 37get() (pymisptoolsVTReportObject method) 39get_all_functions() (pymispPyMISP method)
13get_attribute() (pymispPyMISP method) 13get_attribute_tag() (pymispMISPEvent
method) 25get_attributes_by_relation()
(pymispMISPObject method) 28get_attributes_by_relation()
(pymisptoolsFileObject method) 37get_attributes_by_relation()
(pymisptoolsVTReportObject method)39
get_community() (pymispPyMISP method) 13get_event() (pymispPyMISP method) 13get_feed() (pymispPyMISP method) 13get_galaxy() (pymispPyMISP method) 13get_noticelist() (pymispPyMISP method) 13get_object() (pymispPyMISP method) 13get_object_by_id() (pymispMISPEvent method)
25get_object_by_uuid() (pymispMISPEvent
method) 25get_object_template() (pymispPyMISP
method) 13get_objects_by_name() (pymispMISPEvent
method) 25get_organisation() (pymispPyMISP method) 13get_sync_config() (pymispPyMISP method) 13
get_tag() (pymispPyMISP method) 13get_taxonomy() (pymispPyMISP method) 13get_user() (pymispPyMISP method) 13get_user_setting() (pymispPyMISP method) 14get_warninglist() (pymispPyMISP method) 14
Hhas_attributes_by_relation()
(pymispMISPObject method) 28has_attributes_by_relation()
(pymisptoolsFileObject method) 37has_attributes_by_relation()
(pymisptoolsVTReportObject method)39
hash_values() (pymispMISPAttribute method) 27hash_values() (pymispMISPObjectAttribute
method) 30
Iimport_server() (pymispPyMISP method) 14items() (pymispMISPAttribute method) 27items() (pymispMISPEvent method) 25items() (pymispMISPObject method) 29items() (pymispMISPObjectAttribute method) 30items() (pymispMISPObjectReference method) 31items() (pymispMISPOrganisation method) 34items() (pymispMISPTag method) 32items() (pymispMISPUser method) 33items() (pymisptoolsFileObject method) 38items() (pymisptoolsVTReportObject method) 39
Jjsonable() (pymispAbstractMISP method) 23jsonable() (pymispMISPAttribute method) 27jsonable() (pymispMISPEvent method) 25jsonable() (pymispMISPObject method) 29jsonable() (pymispMISPObjectAttribute method)
30jsonable() (pymispMISPObjectReference method)
31jsonable() (pymispMISPOrganisation method) 34jsonable() (pymispMISPTag method) 32jsonable() (pymispMISPUser method) 33jsonable() (pymisptoolsFileObject method) 38jsonable() (pymisptoolsVTReportObject method)
39
Kkeys() (pymispMISPAttribute method) 27keys() (pymispMISPEvent method) 25keys() (pymispMISPObject method) 29keys() (pymispMISPObjectAttribute method) 30keys() (pymispMISPObjectReference method) 31keys() (pymispMISPOrganisation method) 34
Index 47
PyMISP Documentation Release main
keys() (pymispMISPTag method) 32keys() (pymispMISPUser method) 33keys() (pymisptoolsFileObject method) 38keys() (pymisptoolsVTReportObject method) 39known_types() (pymispMISPAttribute property) 27known_types() (pymispMISPObjectAttribute prop-
erty) 30
Lload() (pymispMISPEvent method) 25load_default_feeds() (pymispPyMISP method)
14load_file() (pymispMISPEvent method) 25load_openioc() (pymisptools method) 40load_openioc_file() (pymisptools method) 40load_stix() (in module pymisptoolsstix) 40
Mmake_stix_package() (in module
pymisptoolsstix) 40malware_binary() (pymispMISPAttribute prop-
erty) 27malware_binary() (pymispMISPObjectAttribute
property) 30misp_instance_version() (pymispPyMISP
property) 14misp_instance_version_master()
(pymispPyMISP property) 14MISPAttribute (class in pymisp) 26MISPEncode (class in pymisp) 24MISPEvent (class in pymisp) 24MISPObject (class in pymisp) 28MISPObjectAttribute (class in pymisp) 29MISPObjectReference (class in pymisp) 31MISPOrganisation (class in pymisp) 34MISPTag (class in pymisp) 32MISPUser (class in pymisp) 33module
pymisp 7pymisptools 37pymisptoolsstix 40
Nnoticelists() (pymispPyMISP method) 14
Oobject_templates() (pymispPyMISP method) 14organisation_blacklists() (pymispPyMISP
method) 14organisations() (pymispPyMISP method) 14
Ppop() (pymispMISPAttribute method) 27
pop() (pymispMISPEvent method) 25pop() (pymispMISPObject method) 29pop() (pymispMISPObjectAttribute method) 30pop() (pymispMISPObjectReference method) 31pop() (pymispMISPOrganisation method) 34pop() (pymispMISPTag method) 32pop() (pymispMISPUser method) 33pop() (pymisptoolsFileObject method) 38pop() (pymisptoolsVTReportObject method) 39popitem() (pymispMISPAttribute method) 27popitem() (pymispMISPEvent method) 25popitem() (pymispMISPObject method) 29popitem() (pymispMISPObjectAttribute method) 30popitem() (pymispMISPObjectReference method) 31popitem() (pymispMISPOrganisation method) 34popitem() (pymispMISPTag method) 32popitem() (pymispMISPUser method) 33popitem() (pymisptoolsFileObject method) 38popitem() (pymisptoolsVTReportObject method) 39publish() (pymispMISPEvent method) 25publish() (pymispPyMISP method) 14push_event_to_ZMQ() (pymispPyMISP method)
14pymisp
module 7PyMISP (class in pymisp) 7pymisptools
module 37pymisptoolsstix
module 40pymisp_version_main() (pymispPyMISP prop-
erty) 15
Rrecommended_pymisp_version()
(pymispPyMISP property) 15remote_acl() (pymispPyMISP method) 15remove_org_from_sharing_group()
(pymispPyMISP method) 15remove_server_from_sharing_group()
(pymispPyMISP method) 15roles() (pymispPyMISP method) 15
Ssearch() (pymispPyMISP method) 15search_feeds() (pymispPyMISP method) 17search_index() (pymispPyMISP method) 18search_logs() (pymispPyMISP method) 18search_sightings() (pymispPyMISP method) 19server_pull() (pymispPyMISP method) 20server_push() (pymispPyMISP method) 20servers() (pymispPyMISP method) 20set_date() (pymispMISPEvent method) 25
48 Index
PyMISP Documentation Release main
set_not_jsonable() (pymispAbstractMISPmethod) 23
set_not_jsonable() (pymispMISPAttributemethod) 27
set_not_jsonable() (pymispMISPEvent method)25
set_not_jsonable() (pymispMISPObjectmethod) 29
set_not_jsonable() (pymispMISPObjectAttributemethod) 30
set_not_jsonable()(pymispMISPObjectReference method)31
set_not_jsonable() (pymispMISPOrganisationmethod) 35
set_not_jsonable() (pymispMISPTag method)32
set_not_jsonable() (pymispMISPUser method)33
set_not_jsonable() (pymisptoolsFileObjectmethod) 38
set_not_jsonable()(pymisptoolsVTReportObject method)39
set_user_setting() (pymispPyMISP method) 20setdefault() (pymispMISPAttribute method) 27setdefault() (pymispMISPEvent method) 25setdefault() (pymispMISPObject method) 29setdefault() (pymispMISPObjectAttribute
method) 30setdefault() (pymispMISPObjectReference
method) 31setdefault() (pymispMISPOrganisation method)
35setdefault() (pymispMISPTag method) 33setdefault() (pymispMISPUser method) 34setdefault() (pymisptoolsFileObject method) 38setdefault() (pymisptoolsVTReportObject
method) 40sharing_groups() (pymispPyMISP method) 20sightings() (pymispPyMISP method) 20
Ttag() (pymispPyMISP method) 20tags() (pymispMISPAttribute property) 27tags() (pymispMISPEvent property) 26tags() (pymispMISPObjectAttribute property) 30tags() (pymispPyMISP method) 20tags_statistics() (pymispPyMISP method) 20taxonomies() (pymispPyMISP method) 20to_dict() (pymispAbstractMISP method) 23to_dict() (pymispMISPAttribute method) 27to_dict() (pymispMISPEvent method) 26to_dict() (pymispMISPObject method) 29
to_dict() (pymispMISPObjectAttribute method) 30to_dict() (pymispMISPObjectReference method) 32to_dict() (pymispMISPOrganisation method) 35to_dict() (pymispMISPTag method) 33to_dict() (pymispMISPUser method) 34to_dict() (pymisptoolsFileObject method) 38to_dict() (pymisptoolsVTReportObject method) 40to_feed() (pymispMISPEvent method) 26to_json() (pymispAbstractMISP method) 23to_json() (pymispMISPAttribute method) 27to_json() (pymispMISPEvent method) 26to_json() (pymispMISPObject method) 29to_json() (pymispMISPObjectAttribute method) 31to_json() (pymispMISPObjectReference method) 32to_json() (pymispMISPOrganisation method) 35to_json() (pymispMISPTag method) 33to_json() (pymispMISPUser method) 34to_json() (pymisptoolsFileObject method) 38to_json() (pymisptoolsVTReportObject method) 40toggle_warninglist() (pymispPyMISP method)
20
Uunpublish() (pymispMISPEvent method) 26untag() (pymispPyMISP method) 21update() (pymispMISPAttribute method) 28update() (pymispMISPEvent method) 26update() (pymispMISPObject method) 29update() (pymispMISPObjectAttribute method) 31update() (pymispMISPObjectReference method) 32update() (pymispMISPOrganisation method) 35update() (pymispMISPTag method) 33update() (pymispMISPUser method) 34update() (pymisptoolsFileObject method) 38update() (pymisptoolsVTReportObject method) 40update_attribute() (pymispPyMISP method) 21update_attribute_proposal()
(pymispPyMISP method) 21update_event() (pymispPyMISP method) 21update_event_blacklist() (pymispPyMISP
method) 21update_feed() (pymispPyMISP method) 21update_galaxies() (pymispPyMISP method) 21update_not_jsonable() (pymispAbstractMISP
method) 23update_not_jsonable() (pymispMISPAttribute
method) 28update_not_jsonable() (pymispMISPEvent
method) 26update_not_jsonable() (pymispMISPObject
method) 29update_not_jsonable()
(pymispMISPObjectAttribute method) 31
Index 49
PyMISP Documentation Release main
update_not_jsonable()(pymispMISPObjectReference method)32
update_not_jsonable()(pymispMISPOrganisation method) 35
update_not_jsonable() (pymispMISPTagmethod) 33
update_not_jsonable() (pymispMISPUsermethod) 34
update_not_jsonable() (pymisptoolsFileObjectmethod) 38
update_not_jsonable()(pymisptoolsVTReportObject method)40
update_noticelists() (pymispPyMISP method)21
update_object() (pymispPyMISP method) 21update_object_templates() (pymispPyMISP
method) 21update_organisation() (pymispPyMISP
method) 21update_organisation_blacklist()
(pymispPyMISP method) 21update_server() (pymispPyMISP method) 22update_tag() (pymispPyMISP method) 22update_taxonomies() (pymispPyMISP method)
22update_user() (pymispPyMISP method) 22update_warninglists() (pymispPyMISP
method) 22upload_stix() (pymispPyMISP method) 22user_registrations() (pymispPyMISP method)
22user_settings() (pymispPyMISP method) 22users() (pymispPyMISP method) 22users_statistics() (pymispPyMISP method) 22
Vvalues() (pymispMISPAttribute method) 28values() (pymispMISPEvent method) 26values() (pymispMISPObject method) 29values() (pymispMISPObjectAttribute method) 31values() (pymispMISPObjectReference method) 32values() (pymispMISPOrganisation method) 35values() (pymispMISPTag method) 33values() (pymispMISPUser method) 34values() (pymisptoolsFileObject method) 38values() (pymisptoolsVTReportObject method) 40values_in_warninglist() (pymispPyMISP
method) 22version() (pymispPyMISP property) 22VTReportObject (class in pymisptools) 38
Wwarninglists() (pymispPyMISP method) 22
50 Index
- README
- pymisp
- PyMISP
- PyMISPExpanded (Python 36+ only)
- MISPAbstract
- MISPEncode
- MISPEvent
- MISPAttribute
- MISPObject
- MISPObjectAttribute
- MISPObjectReference
- MISPTag
- MISPUser
- MISPOrganisation
- pymisp - Tools
- File Object
- ELF Object
- PE Object
- Mach-O Object
- VT Report Object
- STIX
- OpenIOC
- Indices and tables
- Python Module Index
- Index
PyMISP Documentation Release main
contact_event_reporter(event message)Send a message to the reporter of an event
Return type Dict
delegate_event(event=None organisation=None event_delegation=None distribution=- 1 mes-sage= pythonify=False)
Note distribution == -1 means recipient decides
Return type Union[Dict MISPEventDelegation]
delete_attribute(attribute hard=False)Delete an attribute from a MISP instance
Return type Dict
delete_attribute_proposal(attribute)Propose the deletion of an attribute
Return type Dict
delete_event(event)Delete an event from a MISP instance
Return type Dict
delete_event_blacklist(event_blacklist)Delete a blacklisted event
Return type Dict
delete_feed(feed)Delete a feed from a MISP instance
Return type Dict
delete_object(misp_object)Delete an object from a MISP instance
Return type Dict
delete_object_reference(object_reference)Delete a reference to an object
Return type Dict
delete_organisation(organisation)Delete an organisation
Return type Dict
delete_organisation_blacklist(organisation_blacklist)Delete a blacklisted organisation
Return type Dict
delete_server(server)Delete a sync server
Return type Dict
delete_sharing_group(sharing_group)Delete a sharing group
Return type Dict
10 Chapter 2 pymisp
PyMISP Documentation Release main
delete_sighting(sighting)Delete a sighting from a MISP instance
Return type Dict
delete_tag(tag)Delete an attribute from a MISP instance
Return type Dict
delete_user(user)Delete a user
Return type Dict
delete_user_setting(user_setting user=None)Delete a user setting
Return type Dict
property describe_types_localReturns the content of describe types from the package
Return type Dict
property describe_types_remoteReturns the content of describe types from the remote instance
Return type Dict
direct_call(url data=None params= kw_params=)Very lightweight call that posts a data blob (python dictionary or json string) on the URL
Return type Any
disable_feed(feed pythonify=False)Disable a feed
Return type Union[Dict MISPFeed]
disable_feed_cache(feed pythonify=False)Disable the caching of a feed
Return type Union[Dict MISPFeed]
disable_noticelist(noticelist)Disable a noticelist by id
Return type Dict
disable_tag(tag pythonify=False)Disable a tag
Return type Union[Dict MISPTag]
disable_taxonomy(taxonomy)Disable a taxonomy
Return type Dict
disable_taxonomy_tags(taxonomy)Disable all the tags of a taxonomy
Return type Dict
disable_warninglist(warninglist)Disable a warninglist
21 PyMISP 11
PyMISP Documentation Release main
Return type Dict
discard_attribute_proposal(proposal)Discard a proposal
Return type Dict
enable_feed(feed pythonify=False)Enable a feed (fetching it will create event(s)
Return type Union[Dict MISPFeed]
enable_feed_cache(feed pythonify=False)Enable the caching of a feed
Return type Union[Dict MISPFeed]
enable_noticelist(noticelist)Enable a noticelist by id
Return type Dict
enable_tag(tag pythonify=False)Enable a tag
Return type Union[Dict MISPTag]
enable_taxonomy(taxonomy)Enable a taxonomy
Return type Dict
enable_taxonomy_tags(taxonomy)Enable all the tags of a taxonomy NOTE this automatically done when you call enable_taxonomy
Return type Dict
enable_warninglist(warninglist)Enable a warninglist
Return type Dict
event_blacklists(pythonify=False)Get all the blacklisted events
Return type Union[Dict List[MISPEventBlacklist]]
event_delegations(pythonify=False)Get all the event delegations
Return type Union[Dict List[MISPEventDelegation]]
feeds(pythonify=False)Get the list of existing feeds
Return type Union[Dict List[MISPFeed]]
fetch_feed(feed)Fetch one single feed
Return type Dict
freetext(event string adhereToWarninglists=False distribution=None returnMetaAttributes=Falsepythonify=False kwargs)
Pass a text to the freetext importer
Return type Union[Dict List[MISPAttribute]]
12 Chapter 2 pymisp
PyMISP Documentation Release main
galaxies(pythonify=False)Get all the galaxies
Return type Union[Dict List[MISPGalaxy]]
get_all_functions(not_implemented=False)Get all methods available vi the API allow to get the ones that are not implemented
get_attribute(attribute pythonify=False)Get an attribute from a MISP instance
Return type Union[Dict MISPAttribute]
get_community(community pythonify=False)Get an community from a MISP instance
Return type Union[Dict MISPCommunity]
get_event(event deleted=False extended=False pythonify=False)Get an event from a MISP instance
Return type Union[Dict MISPEvent]
get_feed(feed pythonify=False)Get a feed by id
Return type Union[Dict MISPFeed]
get_galaxy(galaxy pythonify=False)Get a galaxy by id
Return type Union[Dict MISPGalaxy]
get_noticelist(noticelist pythonify=False)Get a noticelist by id
Return type Union[Dict MISPNoticelist]
get_object(misp_object pythonify=False)Get an object from the remote MISP instance
Return type Union[Dict MISPObject]
get_object_template(object_template pythonify=False)Gets the full object template corresponting the UUID passed as parameter
Return type Union[Dict MISPObjectTemplate]
get_organisation(organisation pythonify=False)Get an organisation
Return type Union[Dict MISPOrganisation]
get_sync_config(pythonify=False)WARNING This method only works if the user calling it is a sync user
Return type Union[Dict MISPServer]
get_tag(tag pythonify=False)Get a tag by id
Return type Union[Dict MISPTag]
get_taxonomy(taxonomy pythonify=False)Get a taxonomy from a MISP instance
Return type Union[Dict MISPTaxonomy]
21 PyMISP 13
PyMISP Documentation Release main
get_user(user=me pythonify=False expanded=False)Get a user me means the owner of the API key doing the query expanded also returns a MISPRole and aMISPUserSetting
Return type Union[Dict MISPUser Tuple[MISPUser MISPRoleList[MISPUserSetting]]]
get_user_setting(user_setting user=None pythonify=False)Get an user setting
Return type Union[Dict MISPUserSetting]
get_warninglist(warninglist pythonify=False)Get a warninglist
Return type Union[Dict MISPWarninglist]
import_server(server pythonify=False)Import a sync server config received from get_sync_config
Return type Union[Dict MISPServer]
load_default_feeds()Load all the default feeds
Return type Dict
property misp_instance_versionReturns the version of the instance
Return type Dict
property misp_instance_version_masterGet the most recent version from github
Return type Dict
noticelists(pythonify=False)Get all the noticelists
Return type Union[Dict List[MISPNoticelist]]
object_templates(pythonify=False)Get all the object templates
Return type Union[Dict List[MISPObjectTemplate]]
organisation_blacklists(pythonify=False)Get all the blacklisted organisations
Return type Union[Dict List[MISPOrganisationBlacklist]]
organisations(scope=local pythonify=False)Get all the organisations
Return type Union[Dict List[MISPOrganisation]]
publish(event alert=False)Publish the event with one single HTTP POST The default is to not send a mail as it is assumed thismethod is called on update
Return type Dict
push_event_to_ZMQ(event)Force push an event on ZMQ
14 Chapter 2 pymisp
PyMISP Documentation Release main
Return type Dict
property pymisp_version_mainGet the most recent version of PyMISP from github
Return type Dict
property recommended_pymisp_versionReturns the recommended API version from the server
Return type Dict
remote_acl(debug_type=findMissingFunctionNames)This should return an empty list unless the ACL is outdated debug_type can only be printAllFunction-Names findMissingFunctionNames or printRoleAccess
Return type Dict
remove_org_from_sharing_group(sharing_group organisation)Remove an organisation from a sharing group sharing_group Sharing grouprsquos local instance ID orSharing grouprsquos global UUID organisation Organisationrsquos local instance ID or Organisationrsquos globalUUID or Organisationrsquos name as known to the curent instance
Return type Dict
remove_server_from_sharing_group(sharing_group server)Remove a server from a sharing group sharing_group Sharing grouprsquos local instance ID or Sharinggrouprsquos global UUID server Serverrsquos local instance ID or URL of the Server or Serverrsquos name as knownto the curent instance
Return type Dict
roles(pythonify=False)Get the existing roles
Return type Union[Dict List[MISPRole]]
search(controller=events return_format=json limit=None page=None value=Nonetype_attribute=None category=None org=None tags=None quick_filter=None quick-Filter=None date_from=None date_to=None eventid=None with_attachments=NonewithAttachments=None metadata=None uuid=None publish_timestamp=Nonelast=None timestamp=None published=None enforce_warninglist=None enforceWarn-inglist=None to_ids=None deleted=None include_event_uuid=None includeEventU-uid=None include_event_tags=None includeEventTags=None event_timestamp=Nonesg_reference_only=None eventinfo=None searchall=None requested_attributes=None in-clude_context=None includeContext=None headerless=None include_sightings=NoneincludeSightings=None include_correlations=None includeCorrelations=None in-clude_decay_score=None includeDecayScore=None object_name=None pythonify=Falsekwargs)
Search in the MISP instance
Parameters
bull return_format (str) ndash Set the return format of the search (Currently supported jsonxml openioc suricata snort - more formats are being moved to restSearch with the goalbeing that all searches happen through this API) Can be passed as the first parameter afterrestSearch or via the JSON payload
bull limit (Optional[int]) ndash Limit the number of results returned depending on thescope (for example 10 attributes or 10 full events)
bull page (Optional[int]) ndash If a limit is set sets the page to be returned page 3 limit 100will return records 201-gt300)
21 PyMISP 15
PyMISP Documentation Release main
bull value (Optional[~SearchParameterTypes]) ndash Search for the given value in the at-tributesrsquo value field
bull type_attribute (Optional[~SearchParameterTypes]) ndash The attribute type anyvalid MISP attribute type is accepted
bull category (Optional[~SearchParameterTypes]) ndash The attribute category any validMISP attribute category is accepted
bull org (Optional[~SearchParameterTypes]) ndash Search by the creator organisation by sup-plying the organisation identifier
bull tags (Optional[~SearchParameterTypes]) ndash Tags to search or to exclude You canpass a list or the output of build_complex_query
bull quick_filter (Optional[str]) ndash The string passed to this field will ignore all ofthe other arguments MISP will return an xml json (depending on the header sent) of allevents that have a sub-string match on value in the event info event orgc or any of theattribute value1 value2 fields or in the attribute comment
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull eventid (Optional[~SearchType]) ndash The events that should be included excludedfrom the search
bull with_attachments (Optional[bool]) ndash If set encodes the attachments zippedmalware samples as base64 in the data field within each attribute
bull metadata (Optional[bool]) ndash Only the metadata (event tags relations) is returnedattributes and proposals are omitted
bull uuid (Optional[str]) ndash Restrict the results by uuid
bull publish_timestamp (Union[date int str float NoneTuple[Union[date int str float None] Union[date int str floatNone]]]) ndash Restrict the results by the last publish timestamp (newer than)
bull timestamp (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash Restrict the resultsby the timestamp (last edit) Any event with a timestamp newer than the given timestampwill be returned In case you are dealing with attributes as scope the attributersquos timestampwill be used for the lookup
bull published (Optional[bool]) ndash Set whether published or unpublished events shouldbe returned Do not set the parameter if you want both
bull enforce_warninglist (Optional[bool]) ndash Remove any attributes from the resultthat would cause a hit on a warninglist entry
bull to_ids (Union[~ToIDSType List[~ToIDSType] None]) ndash By default all attributesare returned that match the other filter parameters irregardless of their to_ids setting Torestrict the returned data set to to_ids only attributes set this parameter to 1 0 for the oneswith to_ids set to False
bull deleted (Optional[str]) ndash If this parameter is set to 1 it will only return soft-deletedattributes [ldquo0rdquo ldquo1rdquo] will return the active ones as well as the soft-deleted ones
bull include_event_uuid (Optional[bool]) ndash Instead of just including the event IDalso include the event UUID in each of the attributes
16 Chapter 2 pymisp
PyMISP Documentation Release main
bull include_event_tags (Optional[bool]) ndash Include the event level tags in each ofthe attributes
bull event_timestamp (Union[date int str float None]) ndash Only return at-tributes from events that have received a modification after the given timestamp
bull sg_reference_only (Optional[bool]) ndash If this flag is set sharing group objectswill not be included instead only the sharing group ID is set
bull eventinfo (Optional[str]) ndash Filter on the eventrsquos info field
bull searchall (Optional[bool]) ndash Search for a full or a substring (delimited by forsubstrings) in the event info event tags attribute tags attribute values or attribute commentfields
bull requested_attributes (Optional[str]) ndash [CSV only] Select the fields that youwish to include in the CSV export By setting event level fields additionally includeCon-text is not required to get event metadata
bull include_context (Optional[bool]) ndash [Attribute only] Include the event data witheach attribute [CSV output] Add event level metadata in every line of the CSV
bull headerless (Optional[bool]) ndash [CSV Only] The CSV created when this setting isset to true will not contain the header row
bull include_sightings (Optional[bool]) ndash [JSON Only - Attribute] Include thesightings of the matching attributes
bull include_decay_score (Optional[bool]) ndash Include the decay score at attributelevel
bull include_correlations (Optional[bool]) ndash [JSON Only - attribute] Include thecorrelations of the matching attributes
bull object_name (Optional[str]) ndash [objects controller only] Search for objects withthat name
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead of the plainjson output Warning it might use a lot of RAM
Deprecated
Parameters
bull quickFilter (Optional[str]) ndash synponym for quick_filter
bull withAttachments (Optional[bool]) ndash synonym for with_attachments
bull last (Union[date int str float None Tuple[Union[date int strfloat None] Union[date int str float None]]]) ndash synonym for pub-lish_timestamp
bull enforceWarninglist (Optional[bool]) ndash synonym for enforce_warninglist
bull includeEventUuid (Optional[bool]) ndash synonym for include_event_uuid
bull includeEventTags (Optional[bool]) ndash synonym for include_event_tags
bull includeContext (Optional[bool]) ndash synonym for include_context
Return type Union[Dict str List[Union[MISPEvent MISPAttributeMISPObject]]]
search_feeds(value=None pythonify=False)Search in the feeds cached on the servers
21 PyMISP 17
PyMISP Documentation Release main
Return type Union[Dict List[MISPFeed]]
search_index(published=None eventid=None tags=None date_from=None date_to=Noneeventinfo=None threatlevel=None distribution=None analysis=None org=Nonetimestamp=None pythonify=None)
Search only at the index level Using in front of a value means NOT (default is OR)
Parameters
bull published (Optional[bool]) ndash Set whether published or unpublished events shouldbe returned Do not set the parameter if you want both
bull eventid (Optional[~SearchType]) ndash The events that should be included excludedfrom the search
bull tags (Optional[~SearchParameterTypes]) ndash Tags to search or to exclude You canpass a list or the output of build_complex_query
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull eventinfo (Optional[str]) ndash Filter on the eventrsquos info field
bull threatlevel (Optional[List[~SearchType]]) ndash Threat level(s) (1234) | list
bull distribution (Optional[List[~SearchType]]) ndash Distribution level(s) (0123) |list
bull analysis (Optional[List[~SearchType]]) ndash Analysis level(s) (012) | list
bull org (Optional[~SearchParameterTypes]) ndash Search by the creator organisation by sup-plying the organisation identifier
bull timestamp (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash Restrict the resultsby the timestamp (last edit) Any event with a timestamp newer than the given timestampwill be returned In case you are dealing with attributes as scope the attributersquos timestampwill be used for the lookup
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead or the plainjson output Warning it might use a lot of RAM
Return type Union[Dict List[MISPEvent]]
search_logs(limit=None page=None log_id=None title=None created=None model=None ac-tion=None user_id=None change=None email=None org=None description=Noneip=None pythonify=False)
Search in logs
Note to run substring queries simply appendprependencapsulate the search term with
Parameters
bull limit (Optional[int]) ndash Limit the number of results returned depending on thescope (for example 10 attributes or 10 full events)
bull page (Optional[int]) ndash If a limit is set sets the page to be returned page 3 limit 100will return records 201-gt300)
bull log_id (Optional[int]) ndash Log ID
bull title (Optional[str]) ndash Log Title
18 Chapter 2 pymisp
PyMISP Documentation Release main
bull created (Union[date int str float None]) ndash Creation timestamp
bull model (Optional[str]) ndash Model name that generated the log entry
bull action (Optional[str]) ndash The thing that was done
bull user_id (Optional[int]) ndash ID of the user doing the action
bull change (Optional[str]) ndash Change that occured
bull email (Optional[str]) ndash Email of the user
bull org (Optional[str]) ndash Organisation of the User doing the action
bull description (Optional[str]) ndash Description of the action
bull ip (Optional[str]) ndash Origination IP of the User doing the action
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead or the plainjson output Warning it might use a lot of RAM
Return type Union[Dict List[MISPLog]]
search_sightings(context=None context_id=None type_sighting=None date_from=Nonedate_to=None publish_timestamp=None last=None org=None source=Noneinclude_attribute=None include_event_meta=None pythonify=False)
Search sightings
Parameters
bull context (Optional[str]) ndash The context of the search Can be either ldquoattributerdquoldquoeventrdquo or nothing (will then match on events and attributes)
bull context_id (Optional[~SearchType]) ndash Only relevant if context is either ldquoattributerdquoor ldquoeventrdquo Then it is the relevant ID
bull type_sighting (Optional[str]) ndash Type of sighting
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull publish_timestamp (Union[date int str float NoneTuple[Union[date int str float None] Union[date int str floatNone]]]) ndash Restrict the results by the last publish timestamp (newer than)
bull org (Optional[~SearchType]) ndash Search by the creator organisation by supplying theorganisation identifier
bull source (Optional[str]) ndash Source of the sighting
bull include_attribute (Optional[bool]) ndash Include the attribute
bull include_event_meta (Optional[bool]) ndash Include the meta information of theevent
Deprecated
Parameters last (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash synonym for pub-lish_timestamp
Example
21 PyMISP 19
PyMISP Documentation Release main
gtgtgt mispsearch_sightings(publish_timestamp=30d) search sightings for therarr˓last 30 days on the instance[ ]gtgtgt mispsearch_sightings(context=attribute context_id=6 include_rarr˓attribute=True) return list of sighting for attribute 6 along with therarr˓attribute itself[ ]gtgtgt mispsearch_sightings(context=event context_id=17 include_event_rarr˓meta=True org=2) return list of sighting for event 17 filtered with orgrarr˓id 2
Return type Union[Dict List[Dict[str Union[MISPEvent MISPAttributeMISPSighting]]]]
server_pull(server event=None)Initialize a pull from a sync server
Return type Dict
server_push(server event=None)Initialize a push to a sync server
Return type Dict
servers(pythonify=False)Get the existing servers the MISP instance can synchronise with
Return type Union[Dict List[MISPServer]]
set_user_setting(user_setting value user=None pythonify=False)Get an user setting
Return type Union[Dict MISPUserSetting]
sharing_groups(pythonify=False)Get the existing sharing groups
Return type Union[Dict List[MISPSharingGroup]]
sightings(misp_entity=None org=None pythonify=False)Get the list of sighting related to a MISPEvent or a MISPAttribute (depending on type of misp_entity)
Return type Union[Dict List[MISPSighting]]
tag(misp_entity tag local=False)Tag an event or an attribute misp_entity can be a MISPEvent a MISP Attribute or a UUID
Return type Dict
tags(pythonify=False)Get the list of existing tags
Return type Union[Dict List[MISPTag]]
tags_statistics(percentage=False name_sort=False)Get tags statistics from the MISP instance
Return type Dict
taxonomies(pythonify=False)Get all the taxonomies
Return type Union[Dict List[MISPTaxonomy]]
20 Chapter 2 pymisp
PyMISP Documentation Release main
toggle_warninglist(warninglist_id=None warninglist_name=None force_enable=False)Toggle (enabledisable) the status of a warninglist by ID type warninglist_id Union[str intList[int] None] param warninglist_id ID of the WarningList type force_enable bool paramforce_enable Force the warning list in the enabled state (does nothing is already enabled)
Return type Dict
untag(misp_entity tag)Untag an event or an attribute misp_entity can be a UUID
Return type Dict
update_attribute(attribute attribute_id=None pythonify=False)Update an attribute on a MISP instance
Return type Union[Dict MISPAttribute MISPShadowAttribute]
update_attribute_proposal(initial_attribute attribute pythonify=False)Propose a change for an attribute
Return type Union[Dict MISPShadowAttribute]
update_event(event event_id=None pythonify=False)Update an event on a MISP instance
Return type Union[Dict MISPEvent]
update_event_blacklist(event_blacklist event_blacklist_id=None pythonify=False)Update an event in the blacklist
Return type Union[Dict MISPEventBlacklist]
update_feed(feed feed_id=None pythonify=False)Update a feed on a MISP instance
Return type Union[Dict MISPFeed]
update_galaxies()Update all the galaxies
Return type Dict
update_noticelists()Update all the noticelists
Return type Dict
update_object(misp_object object_id=None pythonify=False)Update an object on a MISP instance
Return type Union[Dict MISPObject]
update_object_templates()Trigger an update of the object templates
Return type Dict
update_organisation(organisation organisation_id=None pythonify=False)Update an organisation
Return type Union[Dict MISPOrganisation]
update_organisation_blacklist(organisation_blacklist organisation_blacklist_id=Nonepythonify=False)
Update an organisation in the blacklist
Return type Union[Dict MISPOrganisationBlacklist]
21 PyMISP 21
PyMISP Documentation Release main
update_server(server server_id=None pythonify=False)Update a server to synchronise with
Return type Union[Dict MISPServer]
update_tag(tag tag_id=None pythonify=False)Edit only the provided parameters of a tag
Return type Union[Dict MISPTag]
update_taxonomies()Update all the taxonomies
Return type Dict
update_user(user user_id=None pythonify=False)Update an event on a MISP instance
Return type Union[Dict MISPUser]
update_warninglists()Update all the warninglists
Return type Dict
upload_stix(path version=2)Upload a STIX file to MISP param path Path to the STIX on the disk (can be a path-like object or apseudofile) type version str param version Can be 1 or 2
user_registrations(pythonify=False)Get all the user registrations
Return type Union[Dict List[MISPInbox]]
user_settings(pythonify=False)Get all the user settings
Return type Union[Dict List[MISPUserSetting]]
users(pythonify=False)Get all the users
Return type Union[Dict List[MISPUser]]
users_statistics(context=data)Get users statistics from the MISP instance
Return type Dict
values_in_warninglist(value)Check if IOC values are in warninglist
Return type Dict
property versionReturns the version of PyMISP yoursquore curently using
Return type Dict
warninglists(pythonify=False)Get all the warninglists
Return type Union[Dict List[MISPWarninglist]]
22 Chapter 2 pymisp
PyMISP Documentation Release main
22 PyMISPExpanded (Python 36+ only)
pymispExpandedPyMISPalias of pymispapiPyMISP
23 MISPAbstract
class pymispAbstractMISP(kwargs)
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
Return type None
from_json(json_string)Load a JSON string
Return type None
jsonable()This method is used by the JSON encoder
Return type Dict
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
22 PyMISPExpanded (Python 36+ only) 23
PyMISP Documentation Release main
24 MISPEncode
class pymispMISPEncode(args kwargs)
default(obj)Implement this method in a subclass such that it returns a serializable object for o or calls the baseimplementation (to raise a TypeError)
For example to support arbitrary iterators you could implement default like this
def default(self o)try
iterable = iter(o)except TypeError
passelse
return list(iterable) Let the base class default method raise the TypeErrorreturn JSONEncoderdefault(self o)
25 MISPEvent
class pymispMISPEvent(describe_types=None strict_validation=False kwargs)
add_attribute(type value kwargs)Add an attribute type and value are required but you can pass all other parameters supported by MISPAt-tribute
Return type Union[MISPAttribute List[MISPAttribute]]
add_attribute_tag(tag attribute_identifier)Add a tag to an existing attribute raise an Exception if the attribute doesnrsquot exists tag Tag name as astring MISPTag instance or dictionary attribute_identifier can be an ID UUID or the value
Return type List[MISPAttribute]
add_object(obj=None kwargs)Add an object to the Event either by passing a MISPObject or a dictionary
Return type MISPObject
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a tag to the attribute (by name or a MISPTag object)
Return type MISPShadowAttribute
clear()rarr None Remove all items from D
delete_attribute(attribute_id)Delete an attribute you can search by ID or UUID
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
24 Chapter 2 pymisp
PyMISP Documentation Release main
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attribute_tag(attribute_identifier)Return the tags associated to an attribute or an object attribute attribute_identifier can be an ID UUIDor the value
Return type List[MISPTag]
get_object_by_id(object_id)Get an object by ID (the ID is the one set by the server when creating the new object)
Return type MISPObject
get_object_by_uuid(object_uuid)Get an object by UUID (UUID is set by the server when creating the new object)
Return type MISPObject
get_objects_by_name(object_name)Get an object by UUID (UUID is set by the server when creating the new object)
Return type List[MISPObject]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
load(json_event validate=False metadata_only=False)Load a JSON dump from a pseudo file or a JSON string
load_file(event_path validate=False metadata_only=False)Load a JSON dump from a file on the disk
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
publish()Mark the attribute as published
set_date(d=None ignore_invalid=False)Set a date for the event (string datetime or date object)
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
25 MISPEvent 25
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Event
Return type List[MISPTag]
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_feed(valid_distributions=[0 1 2 3 4 5] with_meta=False)Generate a json output for MISP Feed Notes
bull valid_distributions only makes sense if the distribution key is set (ie the event is exported from aMISP instance)
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
unpublish()Mark the attribute as un-published (set publish flag to false)
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
26 MISPAttribute
class pymispMISPAttribute(describe_types=None strict=False)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
26 Chapter 2 pymisp
PyMISP Documentation Release main
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
26 MISPAttribute 27
PyMISP Documentation Release main
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
27 MISPObject
class pymispMISPObject(name strict=False standalone=True default_attributes_parameters=kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
28 Chapter 2 pymisp
PyMISP Documentation Release main
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
28 MISPObjectAttribute
class pymispMISPObjectAttribute(definition)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
28 MISPObjectAttribute 29
PyMISP Documentation Release main
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(object_relation value kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
30 Chapter 2 pymisp
PyMISP Documentation Release main
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
29 MISPObjectReference
class pymispMISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
29 MISPObjectReference 31
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
210 MISPTag
class pymispMISPTag(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
32 Chapter 2 pymisp
PyMISP Documentation Release main
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
211 MISPUser
class pymispMISPUser(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
211 MISPUser 33
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation
class pymispMISPOrganisation
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
34 Chapter 2 pymisp
PyMISP Documentation Release main
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation 35
PyMISP Documentation Release main
36 Chapter 2 pymisp
CHAPTER
THREE
PYMISP - TOOLS
31 File Object
class pymisptoolsFileObject(filepath=None pseudofile=None filename=None kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Contains the logic where all the values of the object are gathered
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
37
PyMISP Documentation Release main
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
32 ELF Object
33 PE Object
34 Mach-O Object
35 VT Report Object
class pymisptoolsVTReportObject(apikey indicator vt_proxies=None kwargs)VirusTotal Report
Apikey VirusTotal API key (private works but only public features are supported right now)
38 Chapter 3 pymisp - Tools
PyMISP Documentation Release main
Indicator IOC to search VirusTotal for
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Parse the VirusTotal report for relevant attributes
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
35 VT Report Object 39
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
36 STIX
pymisptoolsstixload_stix(stix distribution=3 threat_level_id=2 analysis=0)Returns a MISPEvent object from a STIX package
pymisptoolsstixmake_stix_package(misp_event to_json=False to_xml=False)Returns a STIXPackage from a MISPEvent
Optionally can return the package in json or xml
37 OpenIOC
toolsload_openioc()
toolsload_openioc_file()
40 Chapter 3 pymisp - Tools
CHAPTER
FOUR
INDICES AND TABLES
bull genindex
bull modindex
bull search
41
PyMISP Documentation Release main
42 Chapter 4 Indices and tables
PYTHON MODULE INDEX
ppymisp 7pymisptools 37pymisptoolsstix 40
43
PyMISP Documentation Release main
44 Python Module Index
INDEX
AAbstractMISP (class in pymisp) 23accept_attribute_proposal()
(pymispPyMISP method) 7add_attribute() (pymispMISPEvent method) 24add_attribute() (pymispMISPObject method) 28add_attribute() (pymispPyMISP method) 7add_attribute() (pymisptoolsFileObject method)
37add_attribute() (pymisptoolsVTReportObject
method) 39add_attribute_proposal() (pymispPyMISP
method) 7add_attribute_tag() (pymispMISPEvent
method) 24add_attributes() (pymispMISPObject method)
28add_attributes() (pymisptoolsFileObject
method) 37add_attributes() (pymisptoolsVTReportObject
method) 39add_event() (pymispPyMISP method) 7add_event_blacklist() (pymispPyMISP
method) 8add_feed() (pymispPyMISP method) 8add_object() (pymispMISPEvent method) 24add_object() (pymispPyMISP method) 8add_object_reference() (pymispPyMISP
method) 8add_org_to_sharing_group() (pymispPyMISP
method) 8add_organisation() (pymispPyMISP method) 8add_organisation_blacklist()
(pymispPyMISP method) 8add_proposal() (pymispMISPAttribute method) 26add_proposal() (pymispMISPEvent method) 24add_proposal() (pymispMISPObjectAttribute
method) 29add_reference() (pymispMISPObject method) 28add_reference() (pymisptoolsFileObject method)
37add_reference() (pymisptoolsVTReportObject
method) 39add_server() (pymispPyMISP method) 8add_server_to_sharing_group()
(pymispPyMISP method) 8add_shadow_attribute() (pymispMISPAttribute
method) 26add_shadow_attribute() (pymispMISPEvent
method) 24add_shadow_attribute()
(pymispMISPObjectAttribute method) 29add_sharing_group() (pymispPyMISP method) 8add_sighting() (pymispMISPAttribute method) 26add_sighting() (pymispMISPObjectAttribute
method) 29add_sighting() (pymispPyMISP method) 8add_tag() (pymispPyMISP method) 8add_user() (pymispPyMISP method) 9attributes_statistics() (pymispPyMISP
method) 9
Bbuild_complex_query() (pymispPyMISP
method) 9
Ccache_all_feeds() (pymispPyMISP method) 9cache_feed() (pymispPyMISP method) 9cache_freetext_feeds() (pymispPyMISP
method) 9cache_misp_feeds() (pymispPyMISP method) 9change_sharing_group_on_entity()
(pymispPyMISP method) 9change_user_password() (pymispPyMISP
method) 9clear() (pymispMISPAttribute method) 26clear() (pymispMISPEvent method) 24clear() (pymispMISPObject method) 28clear() (pymispMISPObjectAttribute method) 29clear() (pymispMISPObjectReference method) 31clear() (pymispMISPOrganisation method) 34clear() (pymispMISPTag method) 32clear() (pymispMISPUser method) 33
45
PyMISP Documentation Release main
clear() (pymisptoolsFileObject method) 37clear() (pymisptoolsVTReportObject method) 39communities() (pymispPyMISP method) 9compare_feeds() (pymispPyMISP method) 9contact_event_reporter() (pymispPyMISP
method) 9
Ddefault() (pymispMISPEncode method) 24delegate_event() (pymispPyMISP method) 10delete() (pymispMISPAttribute method) 26delete() (pymispMISPObjectAttribute method) 30delete_attribute() (pymispMISPEvent method)
24delete_attribute() (pymispPyMISP method) 10delete_attribute_proposal()
(pymispPyMISP method) 10delete_event() (pymispPyMISP method) 10delete_event_blacklist() (pymispPyMISP
method) 10delete_feed() (pymispPyMISP method) 10delete_object() (pymispPyMISP method) 10delete_object_reference() (pymispPyMISP
method) 10delete_organisation() (pymispPyMISP
method) 10delete_organisation_blacklist()
(pymispPyMISP method) 10delete_server() (pymispPyMISP method) 10delete_sharing_group() (pymispPyMISP
method) 10delete_sighting() (pymispPyMISP method) 10delete_tag() (pymispPyMISP method) 11delete_user() (pymispPyMISP method) 11delete_user_setting() (pymispPyMISP
method) 11describe_types_local() (pymispPyMISP prop-
erty) 11describe_types_remote() (pymispPyMISP
property) 11direct_call() (pymispPyMISP method) 11disable_feed() (pymispPyMISP method) 11disable_feed_cache() (pymispPyMISP method)
11disable_noticelist() (pymispPyMISP method)
11disable_tag() (pymispPyMISP method) 11disable_taxonomy() (pymispPyMISP method) 11disable_taxonomy_tags() (pymispPyMISP
method) 11disable_warninglist() (pymispPyMISP
method) 11discard_attribute_proposal()
(pymispPyMISP method) 12
Eedited() (pymispAbstractMISP property) 23edited() (pymispMISPAttribute property) 26edited() (pymispMISPEvent property) 24edited() (pymispMISPObject property) 28edited() (pymispMISPObjectAttribute property) 30edited() (pymispMISPObjectReference property) 31edited() (pymispMISPOrganisation property) 34edited() (pymispMISPTag property) 32edited() (pymispMISPUser property) 33edited() (pymisptoolsFileObject property) 37edited() (pymisptoolsVTReportObject property) 39enable_feed() (pymispPyMISP method) 12enable_feed_cache() (pymispPyMISP method)
12enable_noticelist() (pymispPyMISP method)
12enable_tag() (pymispPyMISP method) 12enable_taxonomy() (pymispPyMISP method) 12enable_taxonomy_tags() (pymispPyMISP
method) 12enable_warninglist() (pymispPyMISP method)
12event_blacklists() (pymispPyMISP method) 12event_delegations() (pymispPyMISP method)
12ExpandedPyMISP (in module pymisp) 23
Ffeeds() (pymispPyMISP method) 12fetch_feed() (pymispPyMISP method) 12FileObject (class in pymisptools) 37freetext() (pymispPyMISP method) 12from_dict() (pymispAbstractMISP method) 23from_dict() (pymispMISPAttribute method) 27from_dict() (pymispMISPEvent method) 25from_dict() (pymispMISPObject method) 28from_dict() (pymispMISPObjectAttribute method)
30from_dict() (pymispMISPObjectReference method)
31from_dict() (pymispMISPOrganisation method) 34from_dict() (pymispMISPTag method) 32from_dict() (pymispMISPUser method) 33from_dict() (pymisptoolsFileObject method) 37from_dict() (pymisptoolsVTReportObject method)
39from_json() (pymispAbstractMISP method) 23from_json() (pymispMISPAttribute method) 27from_json() (pymispMISPEvent method) 25from_json() (pymispMISPObject method) 28from_json() (pymispMISPObjectAttribute method)
30
46 Index
PyMISP Documentation Release main
from_json() (pymispMISPObjectReference method)31
from_json() (pymispMISPOrganisation method) 34from_json() (pymispMISPTag method) 32from_json() (pymispMISPUser method) 33from_json() (pymisptoolsFileObject method) 37from_json() (pymisptoolsVTReportObject method)
39
Ggalaxies() (pymispPyMISP method) 12generate_attributes() (pymisptoolsFileObject
method) 37generate_attributes()
(pymisptoolsVTReportObject method)39
get() (pymispMISPAttribute method) 27get() (pymispMISPEvent method) 25get() (pymispMISPObject method) 28get() (pymispMISPObjectAttribute method) 30get() (pymispMISPObjectReference method) 31get() (pymispMISPOrganisation method) 34get() (pymispMISPTag method) 32get() (pymispMISPUser method) 33get() (pymisptoolsFileObject method) 37get() (pymisptoolsVTReportObject method) 39get_all_functions() (pymispPyMISP method)
13get_attribute() (pymispPyMISP method) 13get_attribute_tag() (pymispMISPEvent
method) 25get_attributes_by_relation()
(pymispMISPObject method) 28get_attributes_by_relation()
(pymisptoolsFileObject method) 37get_attributes_by_relation()
(pymisptoolsVTReportObject method)39
get_community() (pymispPyMISP method) 13get_event() (pymispPyMISP method) 13get_feed() (pymispPyMISP method) 13get_galaxy() (pymispPyMISP method) 13get_noticelist() (pymispPyMISP method) 13get_object() (pymispPyMISP method) 13get_object_by_id() (pymispMISPEvent method)
25get_object_by_uuid() (pymispMISPEvent
method) 25get_object_template() (pymispPyMISP
method) 13get_objects_by_name() (pymispMISPEvent
method) 25get_organisation() (pymispPyMISP method) 13get_sync_config() (pymispPyMISP method) 13
get_tag() (pymispPyMISP method) 13get_taxonomy() (pymispPyMISP method) 13get_user() (pymispPyMISP method) 13get_user_setting() (pymispPyMISP method) 14get_warninglist() (pymispPyMISP method) 14
Hhas_attributes_by_relation()
(pymispMISPObject method) 28has_attributes_by_relation()
(pymisptoolsFileObject method) 37has_attributes_by_relation()
(pymisptoolsVTReportObject method)39
hash_values() (pymispMISPAttribute method) 27hash_values() (pymispMISPObjectAttribute
method) 30
Iimport_server() (pymispPyMISP method) 14items() (pymispMISPAttribute method) 27items() (pymispMISPEvent method) 25items() (pymispMISPObject method) 29items() (pymispMISPObjectAttribute method) 30items() (pymispMISPObjectReference method) 31items() (pymispMISPOrganisation method) 34items() (pymispMISPTag method) 32items() (pymispMISPUser method) 33items() (pymisptoolsFileObject method) 38items() (pymisptoolsVTReportObject method) 39
Jjsonable() (pymispAbstractMISP method) 23jsonable() (pymispMISPAttribute method) 27jsonable() (pymispMISPEvent method) 25jsonable() (pymispMISPObject method) 29jsonable() (pymispMISPObjectAttribute method)
30jsonable() (pymispMISPObjectReference method)
31jsonable() (pymispMISPOrganisation method) 34jsonable() (pymispMISPTag method) 32jsonable() (pymispMISPUser method) 33jsonable() (pymisptoolsFileObject method) 38jsonable() (pymisptoolsVTReportObject method)
39
Kkeys() (pymispMISPAttribute method) 27keys() (pymispMISPEvent method) 25keys() (pymispMISPObject method) 29keys() (pymispMISPObjectAttribute method) 30keys() (pymispMISPObjectReference method) 31keys() (pymispMISPOrganisation method) 34
Index 47
PyMISP Documentation Release main
keys() (pymispMISPTag method) 32keys() (pymispMISPUser method) 33keys() (pymisptoolsFileObject method) 38keys() (pymisptoolsVTReportObject method) 39known_types() (pymispMISPAttribute property) 27known_types() (pymispMISPObjectAttribute prop-
erty) 30
Lload() (pymispMISPEvent method) 25load_default_feeds() (pymispPyMISP method)
14load_file() (pymispMISPEvent method) 25load_openioc() (pymisptools method) 40load_openioc_file() (pymisptools method) 40load_stix() (in module pymisptoolsstix) 40
Mmake_stix_package() (in module
pymisptoolsstix) 40malware_binary() (pymispMISPAttribute prop-
erty) 27malware_binary() (pymispMISPObjectAttribute
property) 30misp_instance_version() (pymispPyMISP
property) 14misp_instance_version_master()
(pymispPyMISP property) 14MISPAttribute (class in pymisp) 26MISPEncode (class in pymisp) 24MISPEvent (class in pymisp) 24MISPObject (class in pymisp) 28MISPObjectAttribute (class in pymisp) 29MISPObjectReference (class in pymisp) 31MISPOrganisation (class in pymisp) 34MISPTag (class in pymisp) 32MISPUser (class in pymisp) 33module
pymisp 7pymisptools 37pymisptoolsstix 40
Nnoticelists() (pymispPyMISP method) 14
Oobject_templates() (pymispPyMISP method) 14organisation_blacklists() (pymispPyMISP
method) 14organisations() (pymispPyMISP method) 14
Ppop() (pymispMISPAttribute method) 27
pop() (pymispMISPEvent method) 25pop() (pymispMISPObject method) 29pop() (pymispMISPObjectAttribute method) 30pop() (pymispMISPObjectReference method) 31pop() (pymispMISPOrganisation method) 34pop() (pymispMISPTag method) 32pop() (pymispMISPUser method) 33pop() (pymisptoolsFileObject method) 38pop() (pymisptoolsVTReportObject method) 39popitem() (pymispMISPAttribute method) 27popitem() (pymispMISPEvent method) 25popitem() (pymispMISPObject method) 29popitem() (pymispMISPObjectAttribute method) 30popitem() (pymispMISPObjectReference method) 31popitem() (pymispMISPOrganisation method) 34popitem() (pymispMISPTag method) 32popitem() (pymispMISPUser method) 33popitem() (pymisptoolsFileObject method) 38popitem() (pymisptoolsVTReportObject method) 39publish() (pymispMISPEvent method) 25publish() (pymispPyMISP method) 14push_event_to_ZMQ() (pymispPyMISP method)
14pymisp
module 7PyMISP (class in pymisp) 7pymisptools
module 37pymisptoolsstix
module 40pymisp_version_main() (pymispPyMISP prop-
erty) 15
Rrecommended_pymisp_version()
(pymispPyMISP property) 15remote_acl() (pymispPyMISP method) 15remove_org_from_sharing_group()
(pymispPyMISP method) 15remove_server_from_sharing_group()
(pymispPyMISP method) 15roles() (pymispPyMISP method) 15
Ssearch() (pymispPyMISP method) 15search_feeds() (pymispPyMISP method) 17search_index() (pymispPyMISP method) 18search_logs() (pymispPyMISP method) 18search_sightings() (pymispPyMISP method) 19server_pull() (pymispPyMISP method) 20server_push() (pymispPyMISP method) 20servers() (pymispPyMISP method) 20set_date() (pymispMISPEvent method) 25
48 Index
PyMISP Documentation Release main
set_not_jsonable() (pymispAbstractMISPmethod) 23
set_not_jsonable() (pymispMISPAttributemethod) 27
set_not_jsonable() (pymispMISPEvent method)25
set_not_jsonable() (pymispMISPObjectmethod) 29
set_not_jsonable() (pymispMISPObjectAttributemethod) 30
set_not_jsonable()(pymispMISPObjectReference method)31
set_not_jsonable() (pymispMISPOrganisationmethod) 35
set_not_jsonable() (pymispMISPTag method)32
set_not_jsonable() (pymispMISPUser method)33
set_not_jsonable() (pymisptoolsFileObjectmethod) 38
set_not_jsonable()(pymisptoolsVTReportObject method)39
set_user_setting() (pymispPyMISP method) 20setdefault() (pymispMISPAttribute method) 27setdefault() (pymispMISPEvent method) 25setdefault() (pymispMISPObject method) 29setdefault() (pymispMISPObjectAttribute
method) 30setdefault() (pymispMISPObjectReference
method) 31setdefault() (pymispMISPOrganisation method)
35setdefault() (pymispMISPTag method) 33setdefault() (pymispMISPUser method) 34setdefault() (pymisptoolsFileObject method) 38setdefault() (pymisptoolsVTReportObject
method) 40sharing_groups() (pymispPyMISP method) 20sightings() (pymispPyMISP method) 20
Ttag() (pymispPyMISP method) 20tags() (pymispMISPAttribute property) 27tags() (pymispMISPEvent property) 26tags() (pymispMISPObjectAttribute property) 30tags() (pymispPyMISP method) 20tags_statistics() (pymispPyMISP method) 20taxonomies() (pymispPyMISP method) 20to_dict() (pymispAbstractMISP method) 23to_dict() (pymispMISPAttribute method) 27to_dict() (pymispMISPEvent method) 26to_dict() (pymispMISPObject method) 29
to_dict() (pymispMISPObjectAttribute method) 30to_dict() (pymispMISPObjectReference method) 32to_dict() (pymispMISPOrganisation method) 35to_dict() (pymispMISPTag method) 33to_dict() (pymispMISPUser method) 34to_dict() (pymisptoolsFileObject method) 38to_dict() (pymisptoolsVTReportObject method) 40to_feed() (pymispMISPEvent method) 26to_json() (pymispAbstractMISP method) 23to_json() (pymispMISPAttribute method) 27to_json() (pymispMISPEvent method) 26to_json() (pymispMISPObject method) 29to_json() (pymispMISPObjectAttribute method) 31to_json() (pymispMISPObjectReference method) 32to_json() (pymispMISPOrganisation method) 35to_json() (pymispMISPTag method) 33to_json() (pymispMISPUser method) 34to_json() (pymisptoolsFileObject method) 38to_json() (pymisptoolsVTReportObject method) 40toggle_warninglist() (pymispPyMISP method)
20
Uunpublish() (pymispMISPEvent method) 26untag() (pymispPyMISP method) 21update() (pymispMISPAttribute method) 28update() (pymispMISPEvent method) 26update() (pymispMISPObject method) 29update() (pymispMISPObjectAttribute method) 31update() (pymispMISPObjectReference method) 32update() (pymispMISPOrganisation method) 35update() (pymispMISPTag method) 33update() (pymispMISPUser method) 34update() (pymisptoolsFileObject method) 38update() (pymisptoolsVTReportObject method) 40update_attribute() (pymispPyMISP method) 21update_attribute_proposal()
(pymispPyMISP method) 21update_event() (pymispPyMISP method) 21update_event_blacklist() (pymispPyMISP
method) 21update_feed() (pymispPyMISP method) 21update_galaxies() (pymispPyMISP method) 21update_not_jsonable() (pymispAbstractMISP
method) 23update_not_jsonable() (pymispMISPAttribute
method) 28update_not_jsonable() (pymispMISPEvent
method) 26update_not_jsonable() (pymispMISPObject
method) 29update_not_jsonable()
(pymispMISPObjectAttribute method) 31
Index 49
PyMISP Documentation Release main
update_not_jsonable()(pymispMISPObjectReference method)32
update_not_jsonable()(pymispMISPOrganisation method) 35
update_not_jsonable() (pymispMISPTagmethod) 33
update_not_jsonable() (pymispMISPUsermethod) 34
update_not_jsonable() (pymisptoolsFileObjectmethod) 38
update_not_jsonable()(pymisptoolsVTReportObject method)40
update_noticelists() (pymispPyMISP method)21
update_object() (pymispPyMISP method) 21update_object_templates() (pymispPyMISP
method) 21update_organisation() (pymispPyMISP
method) 21update_organisation_blacklist()
(pymispPyMISP method) 21update_server() (pymispPyMISP method) 22update_tag() (pymispPyMISP method) 22update_taxonomies() (pymispPyMISP method)
22update_user() (pymispPyMISP method) 22update_warninglists() (pymispPyMISP
method) 22upload_stix() (pymispPyMISP method) 22user_registrations() (pymispPyMISP method)
22user_settings() (pymispPyMISP method) 22users() (pymispPyMISP method) 22users_statistics() (pymispPyMISP method) 22
Vvalues() (pymispMISPAttribute method) 28values() (pymispMISPEvent method) 26values() (pymispMISPObject method) 29values() (pymispMISPObjectAttribute method) 31values() (pymispMISPObjectReference method) 32values() (pymispMISPOrganisation method) 35values() (pymispMISPTag method) 33values() (pymispMISPUser method) 34values() (pymisptoolsFileObject method) 38values() (pymisptoolsVTReportObject method) 40values_in_warninglist() (pymispPyMISP
method) 22version() (pymispPyMISP property) 22VTReportObject (class in pymisptools) 38
Wwarninglists() (pymispPyMISP method) 22
50 Index
- README
- pymisp
- PyMISP
- PyMISPExpanded (Python 36+ only)
- MISPAbstract
- MISPEncode
- MISPEvent
- MISPAttribute
- MISPObject
- MISPObjectAttribute
- MISPObjectReference
- MISPTag
- MISPUser
- MISPOrganisation
- pymisp - Tools
- File Object
- ELF Object
- PE Object
- Mach-O Object
- VT Report Object
- STIX
- OpenIOC
- Indices and tables
- Python Module Index
- Index
PyMISP Documentation Release main
delete_sighting(sighting)Delete a sighting from a MISP instance
Return type Dict
delete_tag(tag)Delete an attribute from a MISP instance
Return type Dict
delete_user(user)Delete a user
Return type Dict
delete_user_setting(user_setting user=None)Delete a user setting
Return type Dict
property describe_types_localReturns the content of describe types from the package
Return type Dict
property describe_types_remoteReturns the content of describe types from the remote instance
Return type Dict
direct_call(url data=None params= kw_params=)Very lightweight call that posts a data blob (python dictionary or json string) on the URL
Return type Any
disable_feed(feed pythonify=False)Disable a feed
Return type Union[Dict MISPFeed]
disable_feed_cache(feed pythonify=False)Disable the caching of a feed
Return type Union[Dict MISPFeed]
disable_noticelist(noticelist)Disable a noticelist by id
Return type Dict
disable_tag(tag pythonify=False)Disable a tag
Return type Union[Dict MISPTag]
disable_taxonomy(taxonomy)Disable a taxonomy
Return type Dict
disable_taxonomy_tags(taxonomy)Disable all the tags of a taxonomy
Return type Dict
disable_warninglist(warninglist)Disable a warninglist
21 PyMISP 11
PyMISP Documentation Release main
Return type Dict
discard_attribute_proposal(proposal)Discard a proposal
Return type Dict
enable_feed(feed pythonify=False)Enable a feed (fetching it will create event(s)
Return type Union[Dict MISPFeed]
enable_feed_cache(feed pythonify=False)Enable the caching of a feed
Return type Union[Dict MISPFeed]
enable_noticelist(noticelist)Enable a noticelist by id
Return type Dict
enable_tag(tag pythonify=False)Enable a tag
Return type Union[Dict MISPTag]
enable_taxonomy(taxonomy)Enable a taxonomy
Return type Dict
enable_taxonomy_tags(taxonomy)Enable all the tags of a taxonomy NOTE this automatically done when you call enable_taxonomy
Return type Dict
enable_warninglist(warninglist)Enable a warninglist
Return type Dict
event_blacklists(pythonify=False)Get all the blacklisted events
Return type Union[Dict List[MISPEventBlacklist]]
event_delegations(pythonify=False)Get all the event delegations
Return type Union[Dict List[MISPEventDelegation]]
feeds(pythonify=False)Get the list of existing feeds
Return type Union[Dict List[MISPFeed]]
fetch_feed(feed)Fetch one single feed
Return type Dict
freetext(event string adhereToWarninglists=False distribution=None returnMetaAttributes=Falsepythonify=False kwargs)
Pass a text to the freetext importer
Return type Union[Dict List[MISPAttribute]]
12 Chapter 2 pymisp
PyMISP Documentation Release main
galaxies(pythonify=False)Get all the galaxies
Return type Union[Dict List[MISPGalaxy]]
get_all_functions(not_implemented=False)Get all methods available vi the API allow to get the ones that are not implemented
get_attribute(attribute pythonify=False)Get an attribute from a MISP instance
Return type Union[Dict MISPAttribute]
get_community(community pythonify=False)Get an community from a MISP instance
Return type Union[Dict MISPCommunity]
get_event(event deleted=False extended=False pythonify=False)Get an event from a MISP instance
Return type Union[Dict MISPEvent]
get_feed(feed pythonify=False)Get a feed by id
Return type Union[Dict MISPFeed]
get_galaxy(galaxy pythonify=False)Get a galaxy by id
Return type Union[Dict MISPGalaxy]
get_noticelist(noticelist pythonify=False)Get a noticelist by id
Return type Union[Dict MISPNoticelist]
get_object(misp_object pythonify=False)Get an object from the remote MISP instance
Return type Union[Dict MISPObject]
get_object_template(object_template pythonify=False)Gets the full object template corresponting the UUID passed as parameter
Return type Union[Dict MISPObjectTemplate]
get_organisation(organisation pythonify=False)Get an organisation
Return type Union[Dict MISPOrganisation]
get_sync_config(pythonify=False)WARNING This method only works if the user calling it is a sync user
Return type Union[Dict MISPServer]
get_tag(tag pythonify=False)Get a tag by id
Return type Union[Dict MISPTag]
get_taxonomy(taxonomy pythonify=False)Get a taxonomy from a MISP instance
Return type Union[Dict MISPTaxonomy]
21 PyMISP 13
PyMISP Documentation Release main
get_user(user=me pythonify=False expanded=False)Get a user me means the owner of the API key doing the query expanded also returns a MISPRole and aMISPUserSetting
Return type Union[Dict MISPUser Tuple[MISPUser MISPRoleList[MISPUserSetting]]]
get_user_setting(user_setting user=None pythonify=False)Get an user setting
Return type Union[Dict MISPUserSetting]
get_warninglist(warninglist pythonify=False)Get a warninglist
Return type Union[Dict MISPWarninglist]
import_server(server pythonify=False)Import a sync server config received from get_sync_config
Return type Union[Dict MISPServer]
load_default_feeds()Load all the default feeds
Return type Dict
property misp_instance_versionReturns the version of the instance
Return type Dict
property misp_instance_version_masterGet the most recent version from github
Return type Dict
noticelists(pythonify=False)Get all the noticelists
Return type Union[Dict List[MISPNoticelist]]
object_templates(pythonify=False)Get all the object templates
Return type Union[Dict List[MISPObjectTemplate]]
organisation_blacklists(pythonify=False)Get all the blacklisted organisations
Return type Union[Dict List[MISPOrganisationBlacklist]]
organisations(scope=local pythonify=False)Get all the organisations
Return type Union[Dict List[MISPOrganisation]]
publish(event alert=False)Publish the event with one single HTTP POST The default is to not send a mail as it is assumed thismethod is called on update
Return type Dict
push_event_to_ZMQ(event)Force push an event on ZMQ
14 Chapter 2 pymisp
PyMISP Documentation Release main
Return type Dict
property pymisp_version_mainGet the most recent version of PyMISP from github
Return type Dict
property recommended_pymisp_versionReturns the recommended API version from the server
Return type Dict
remote_acl(debug_type=findMissingFunctionNames)This should return an empty list unless the ACL is outdated debug_type can only be printAllFunction-Names findMissingFunctionNames or printRoleAccess
Return type Dict
remove_org_from_sharing_group(sharing_group organisation)Remove an organisation from a sharing group sharing_group Sharing grouprsquos local instance ID orSharing grouprsquos global UUID organisation Organisationrsquos local instance ID or Organisationrsquos globalUUID or Organisationrsquos name as known to the curent instance
Return type Dict
remove_server_from_sharing_group(sharing_group server)Remove a server from a sharing group sharing_group Sharing grouprsquos local instance ID or Sharinggrouprsquos global UUID server Serverrsquos local instance ID or URL of the Server or Serverrsquos name as knownto the curent instance
Return type Dict
roles(pythonify=False)Get the existing roles
Return type Union[Dict List[MISPRole]]
search(controller=events return_format=json limit=None page=None value=Nonetype_attribute=None category=None org=None tags=None quick_filter=None quick-Filter=None date_from=None date_to=None eventid=None with_attachments=NonewithAttachments=None metadata=None uuid=None publish_timestamp=Nonelast=None timestamp=None published=None enforce_warninglist=None enforceWarn-inglist=None to_ids=None deleted=None include_event_uuid=None includeEventU-uid=None include_event_tags=None includeEventTags=None event_timestamp=Nonesg_reference_only=None eventinfo=None searchall=None requested_attributes=None in-clude_context=None includeContext=None headerless=None include_sightings=NoneincludeSightings=None include_correlations=None includeCorrelations=None in-clude_decay_score=None includeDecayScore=None object_name=None pythonify=Falsekwargs)
Search in the MISP instance
Parameters
bull return_format (str) ndash Set the return format of the search (Currently supported jsonxml openioc suricata snort - more formats are being moved to restSearch with the goalbeing that all searches happen through this API) Can be passed as the first parameter afterrestSearch or via the JSON payload
bull limit (Optional[int]) ndash Limit the number of results returned depending on thescope (for example 10 attributes or 10 full events)
bull page (Optional[int]) ndash If a limit is set sets the page to be returned page 3 limit 100will return records 201-gt300)
21 PyMISP 15
PyMISP Documentation Release main
bull value (Optional[~SearchParameterTypes]) ndash Search for the given value in the at-tributesrsquo value field
bull type_attribute (Optional[~SearchParameterTypes]) ndash The attribute type anyvalid MISP attribute type is accepted
bull category (Optional[~SearchParameterTypes]) ndash The attribute category any validMISP attribute category is accepted
bull org (Optional[~SearchParameterTypes]) ndash Search by the creator organisation by sup-plying the organisation identifier
bull tags (Optional[~SearchParameterTypes]) ndash Tags to search or to exclude You canpass a list or the output of build_complex_query
bull quick_filter (Optional[str]) ndash The string passed to this field will ignore all ofthe other arguments MISP will return an xml json (depending on the header sent) of allevents that have a sub-string match on value in the event info event orgc or any of theattribute value1 value2 fields or in the attribute comment
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull eventid (Optional[~SearchType]) ndash The events that should be included excludedfrom the search
bull with_attachments (Optional[bool]) ndash If set encodes the attachments zippedmalware samples as base64 in the data field within each attribute
bull metadata (Optional[bool]) ndash Only the metadata (event tags relations) is returnedattributes and proposals are omitted
bull uuid (Optional[str]) ndash Restrict the results by uuid
bull publish_timestamp (Union[date int str float NoneTuple[Union[date int str float None] Union[date int str floatNone]]]) ndash Restrict the results by the last publish timestamp (newer than)
bull timestamp (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash Restrict the resultsby the timestamp (last edit) Any event with a timestamp newer than the given timestampwill be returned In case you are dealing with attributes as scope the attributersquos timestampwill be used for the lookup
bull published (Optional[bool]) ndash Set whether published or unpublished events shouldbe returned Do not set the parameter if you want both
bull enforce_warninglist (Optional[bool]) ndash Remove any attributes from the resultthat would cause a hit on a warninglist entry
bull to_ids (Union[~ToIDSType List[~ToIDSType] None]) ndash By default all attributesare returned that match the other filter parameters irregardless of their to_ids setting Torestrict the returned data set to to_ids only attributes set this parameter to 1 0 for the oneswith to_ids set to False
bull deleted (Optional[str]) ndash If this parameter is set to 1 it will only return soft-deletedattributes [ldquo0rdquo ldquo1rdquo] will return the active ones as well as the soft-deleted ones
bull include_event_uuid (Optional[bool]) ndash Instead of just including the event IDalso include the event UUID in each of the attributes
16 Chapter 2 pymisp
PyMISP Documentation Release main
bull include_event_tags (Optional[bool]) ndash Include the event level tags in each ofthe attributes
bull event_timestamp (Union[date int str float None]) ndash Only return at-tributes from events that have received a modification after the given timestamp
bull sg_reference_only (Optional[bool]) ndash If this flag is set sharing group objectswill not be included instead only the sharing group ID is set
bull eventinfo (Optional[str]) ndash Filter on the eventrsquos info field
bull searchall (Optional[bool]) ndash Search for a full or a substring (delimited by forsubstrings) in the event info event tags attribute tags attribute values or attribute commentfields
bull requested_attributes (Optional[str]) ndash [CSV only] Select the fields that youwish to include in the CSV export By setting event level fields additionally includeCon-text is not required to get event metadata
bull include_context (Optional[bool]) ndash [Attribute only] Include the event data witheach attribute [CSV output] Add event level metadata in every line of the CSV
bull headerless (Optional[bool]) ndash [CSV Only] The CSV created when this setting isset to true will not contain the header row
bull include_sightings (Optional[bool]) ndash [JSON Only - Attribute] Include thesightings of the matching attributes
bull include_decay_score (Optional[bool]) ndash Include the decay score at attributelevel
bull include_correlations (Optional[bool]) ndash [JSON Only - attribute] Include thecorrelations of the matching attributes
bull object_name (Optional[str]) ndash [objects controller only] Search for objects withthat name
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead of the plainjson output Warning it might use a lot of RAM
Deprecated
Parameters
bull quickFilter (Optional[str]) ndash synponym for quick_filter
bull withAttachments (Optional[bool]) ndash synonym for with_attachments
bull last (Union[date int str float None Tuple[Union[date int strfloat None] Union[date int str float None]]]) ndash synonym for pub-lish_timestamp
bull enforceWarninglist (Optional[bool]) ndash synonym for enforce_warninglist
bull includeEventUuid (Optional[bool]) ndash synonym for include_event_uuid
bull includeEventTags (Optional[bool]) ndash synonym for include_event_tags
bull includeContext (Optional[bool]) ndash synonym for include_context
Return type Union[Dict str List[Union[MISPEvent MISPAttributeMISPObject]]]
search_feeds(value=None pythonify=False)Search in the feeds cached on the servers
21 PyMISP 17
PyMISP Documentation Release main
Return type Union[Dict List[MISPFeed]]
search_index(published=None eventid=None tags=None date_from=None date_to=Noneeventinfo=None threatlevel=None distribution=None analysis=None org=Nonetimestamp=None pythonify=None)
Search only at the index level Using in front of a value means NOT (default is OR)
Parameters
bull published (Optional[bool]) ndash Set whether published or unpublished events shouldbe returned Do not set the parameter if you want both
bull eventid (Optional[~SearchType]) ndash The events that should be included excludedfrom the search
bull tags (Optional[~SearchParameterTypes]) ndash Tags to search or to exclude You canpass a list or the output of build_complex_query
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull eventinfo (Optional[str]) ndash Filter on the eventrsquos info field
bull threatlevel (Optional[List[~SearchType]]) ndash Threat level(s) (1234) | list
bull distribution (Optional[List[~SearchType]]) ndash Distribution level(s) (0123) |list
bull analysis (Optional[List[~SearchType]]) ndash Analysis level(s) (012) | list
bull org (Optional[~SearchParameterTypes]) ndash Search by the creator organisation by sup-plying the organisation identifier
bull timestamp (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash Restrict the resultsby the timestamp (last edit) Any event with a timestamp newer than the given timestampwill be returned In case you are dealing with attributes as scope the attributersquos timestampwill be used for the lookup
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead or the plainjson output Warning it might use a lot of RAM
Return type Union[Dict List[MISPEvent]]
search_logs(limit=None page=None log_id=None title=None created=None model=None ac-tion=None user_id=None change=None email=None org=None description=Noneip=None pythonify=False)
Search in logs
Note to run substring queries simply appendprependencapsulate the search term with
Parameters
bull limit (Optional[int]) ndash Limit the number of results returned depending on thescope (for example 10 attributes or 10 full events)
bull page (Optional[int]) ndash If a limit is set sets the page to be returned page 3 limit 100will return records 201-gt300)
bull log_id (Optional[int]) ndash Log ID
bull title (Optional[str]) ndash Log Title
18 Chapter 2 pymisp
PyMISP Documentation Release main
bull created (Union[date int str float None]) ndash Creation timestamp
bull model (Optional[str]) ndash Model name that generated the log entry
bull action (Optional[str]) ndash The thing that was done
bull user_id (Optional[int]) ndash ID of the user doing the action
bull change (Optional[str]) ndash Change that occured
bull email (Optional[str]) ndash Email of the user
bull org (Optional[str]) ndash Organisation of the User doing the action
bull description (Optional[str]) ndash Description of the action
bull ip (Optional[str]) ndash Origination IP of the User doing the action
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead or the plainjson output Warning it might use a lot of RAM
Return type Union[Dict List[MISPLog]]
search_sightings(context=None context_id=None type_sighting=None date_from=Nonedate_to=None publish_timestamp=None last=None org=None source=Noneinclude_attribute=None include_event_meta=None pythonify=False)
Search sightings
Parameters
bull context (Optional[str]) ndash The context of the search Can be either ldquoattributerdquoldquoeventrdquo or nothing (will then match on events and attributes)
bull context_id (Optional[~SearchType]) ndash Only relevant if context is either ldquoattributerdquoor ldquoeventrdquo Then it is the relevant ID
bull type_sighting (Optional[str]) ndash Type of sighting
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull publish_timestamp (Union[date int str float NoneTuple[Union[date int str float None] Union[date int str floatNone]]]) ndash Restrict the results by the last publish timestamp (newer than)
bull org (Optional[~SearchType]) ndash Search by the creator organisation by supplying theorganisation identifier
bull source (Optional[str]) ndash Source of the sighting
bull include_attribute (Optional[bool]) ndash Include the attribute
bull include_event_meta (Optional[bool]) ndash Include the meta information of theevent
Deprecated
Parameters last (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash synonym for pub-lish_timestamp
Example
21 PyMISP 19
PyMISP Documentation Release main
gtgtgt mispsearch_sightings(publish_timestamp=30d) search sightings for therarr˓last 30 days on the instance[ ]gtgtgt mispsearch_sightings(context=attribute context_id=6 include_rarr˓attribute=True) return list of sighting for attribute 6 along with therarr˓attribute itself[ ]gtgtgt mispsearch_sightings(context=event context_id=17 include_event_rarr˓meta=True org=2) return list of sighting for event 17 filtered with orgrarr˓id 2
Return type Union[Dict List[Dict[str Union[MISPEvent MISPAttributeMISPSighting]]]]
server_pull(server event=None)Initialize a pull from a sync server
Return type Dict
server_push(server event=None)Initialize a push to a sync server
Return type Dict
servers(pythonify=False)Get the existing servers the MISP instance can synchronise with
Return type Union[Dict List[MISPServer]]
set_user_setting(user_setting value user=None pythonify=False)Get an user setting
Return type Union[Dict MISPUserSetting]
sharing_groups(pythonify=False)Get the existing sharing groups
Return type Union[Dict List[MISPSharingGroup]]
sightings(misp_entity=None org=None pythonify=False)Get the list of sighting related to a MISPEvent or a MISPAttribute (depending on type of misp_entity)
Return type Union[Dict List[MISPSighting]]
tag(misp_entity tag local=False)Tag an event or an attribute misp_entity can be a MISPEvent a MISP Attribute or a UUID
Return type Dict
tags(pythonify=False)Get the list of existing tags
Return type Union[Dict List[MISPTag]]
tags_statistics(percentage=False name_sort=False)Get tags statistics from the MISP instance
Return type Dict
taxonomies(pythonify=False)Get all the taxonomies
Return type Union[Dict List[MISPTaxonomy]]
20 Chapter 2 pymisp
PyMISP Documentation Release main
toggle_warninglist(warninglist_id=None warninglist_name=None force_enable=False)Toggle (enabledisable) the status of a warninglist by ID type warninglist_id Union[str intList[int] None] param warninglist_id ID of the WarningList type force_enable bool paramforce_enable Force the warning list in the enabled state (does nothing is already enabled)
Return type Dict
untag(misp_entity tag)Untag an event or an attribute misp_entity can be a UUID
Return type Dict
update_attribute(attribute attribute_id=None pythonify=False)Update an attribute on a MISP instance
Return type Union[Dict MISPAttribute MISPShadowAttribute]
update_attribute_proposal(initial_attribute attribute pythonify=False)Propose a change for an attribute
Return type Union[Dict MISPShadowAttribute]
update_event(event event_id=None pythonify=False)Update an event on a MISP instance
Return type Union[Dict MISPEvent]
update_event_blacklist(event_blacklist event_blacklist_id=None pythonify=False)Update an event in the blacklist
Return type Union[Dict MISPEventBlacklist]
update_feed(feed feed_id=None pythonify=False)Update a feed on a MISP instance
Return type Union[Dict MISPFeed]
update_galaxies()Update all the galaxies
Return type Dict
update_noticelists()Update all the noticelists
Return type Dict
update_object(misp_object object_id=None pythonify=False)Update an object on a MISP instance
Return type Union[Dict MISPObject]
update_object_templates()Trigger an update of the object templates
Return type Dict
update_organisation(organisation organisation_id=None pythonify=False)Update an organisation
Return type Union[Dict MISPOrganisation]
update_organisation_blacklist(organisation_blacklist organisation_blacklist_id=Nonepythonify=False)
Update an organisation in the blacklist
Return type Union[Dict MISPOrganisationBlacklist]
21 PyMISP 21
PyMISP Documentation Release main
update_server(server server_id=None pythonify=False)Update a server to synchronise with
Return type Union[Dict MISPServer]
update_tag(tag tag_id=None pythonify=False)Edit only the provided parameters of a tag
Return type Union[Dict MISPTag]
update_taxonomies()Update all the taxonomies
Return type Dict
update_user(user user_id=None pythonify=False)Update an event on a MISP instance
Return type Union[Dict MISPUser]
update_warninglists()Update all the warninglists
Return type Dict
upload_stix(path version=2)Upload a STIX file to MISP param path Path to the STIX on the disk (can be a path-like object or apseudofile) type version str param version Can be 1 or 2
user_registrations(pythonify=False)Get all the user registrations
Return type Union[Dict List[MISPInbox]]
user_settings(pythonify=False)Get all the user settings
Return type Union[Dict List[MISPUserSetting]]
users(pythonify=False)Get all the users
Return type Union[Dict List[MISPUser]]
users_statistics(context=data)Get users statistics from the MISP instance
Return type Dict
values_in_warninglist(value)Check if IOC values are in warninglist
Return type Dict
property versionReturns the version of PyMISP yoursquore curently using
Return type Dict
warninglists(pythonify=False)Get all the warninglists
Return type Union[Dict List[MISPWarninglist]]
22 Chapter 2 pymisp
PyMISP Documentation Release main
22 PyMISPExpanded (Python 36+ only)
pymispExpandedPyMISPalias of pymispapiPyMISP
23 MISPAbstract
class pymispAbstractMISP(kwargs)
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
Return type None
from_json(json_string)Load a JSON string
Return type None
jsonable()This method is used by the JSON encoder
Return type Dict
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
22 PyMISPExpanded (Python 36+ only) 23
PyMISP Documentation Release main
24 MISPEncode
class pymispMISPEncode(args kwargs)
default(obj)Implement this method in a subclass such that it returns a serializable object for o or calls the baseimplementation (to raise a TypeError)
For example to support arbitrary iterators you could implement default like this
def default(self o)try
iterable = iter(o)except TypeError
passelse
return list(iterable) Let the base class default method raise the TypeErrorreturn JSONEncoderdefault(self o)
25 MISPEvent
class pymispMISPEvent(describe_types=None strict_validation=False kwargs)
add_attribute(type value kwargs)Add an attribute type and value are required but you can pass all other parameters supported by MISPAt-tribute
Return type Union[MISPAttribute List[MISPAttribute]]
add_attribute_tag(tag attribute_identifier)Add a tag to an existing attribute raise an Exception if the attribute doesnrsquot exists tag Tag name as astring MISPTag instance or dictionary attribute_identifier can be an ID UUID or the value
Return type List[MISPAttribute]
add_object(obj=None kwargs)Add an object to the Event either by passing a MISPObject or a dictionary
Return type MISPObject
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a tag to the attribute (by name or a MISPTag object)
Return type MISPShadowAttribute
clear()rarr None Remove all items from D
delete_attribute(attribute_id)Delete an attribute you can search by ID or UUID
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
24 Chapter 2 pymisp
PyMISP Documentation Release main
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attribute_tag(attribute_identifier)Return the tags associated to an attribute or an object attribute attribute_identifier can be an ID UUIDor the value
Return type List[MISPTag]
get_object_by_id(object_id)Get an object by ID (the ID is the one set by the server when creating the new object)
Return type MISPObject
get_object_by_uuid(object_uuid)Get an object by UUID (UUID is set by the server when creating the new object)
Return type MISPObject
get_objects_by_name(object_name)Get an object by UUID (UUID is set by the server when creating the new object)
Return type List[MISPObject]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
load(json_event validate=False metadata_only=False)Load a JSON dump from a pseudo file or a JSON string
load_file(event_path validate=False metadata_only=False)Load a JSON dump from a file on the disk
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
publish()Mark the attribute as published
set_date(d=None ignore_invalid=False)Set a date for the event (string datetime or date object)
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
25 MISPEvent 25
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Event
Return type List[MISPTag]
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_feed(valid_distributions=[0 1 2 3 4 5] with_meta=False)Generate a json output for MISP Feed Notes
bull valid_distributions only makes sense if the distribution key is set (ie the event is exported from aMISP instance)
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
unpublish()Mark the attribute as un-published (set publish flag to false)
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
26 MISPAttribute
class pymispMISPAttribute(describe_types=None strict=False)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
26 Chapter 2 pymisp
PyMISP Documentation Release main
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
26 MISPAttribute 27
PyMISP Documentation Release main
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
27 MISPObject
class pymispMISPObject(name strict=False standalone=True default_attributes_parameters=kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
28 Chapter 2 pymisp
PyMISP Documentation Release main
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
28 MISPObjectAttribute
class pymispMISPObjectAttribute(definition)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
28 MISPObjectAttribute 29
PyMISP Documentation Release main
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(object_relation value kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
30 Chapter 2 pymisp
PyMISP Documentation Release main
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
29 MISPObjectReference
class pymispMISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
29 MISPObjectReference 31
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
210 MISPTag
class pymispMISPTag(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
32 Chapter 2 pymisp
PyMISP Documentation Release main
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
211 MISPUser
class pymispMISPUser(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
211 MISPUser 33
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation
class pymispMISPOrganisation
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
34 Chapter 2 pymisp
PyMISP Documentation Release main
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation 35
PyMISP Documentation Release main
36 Chapter 2 pymisp
CHAPTER
THREE
PYMISP - TOOLS
31 File Object
class pymisptoolsFileObject(filepath=None pseudofile=None filename=None kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Contains the logic where all the values of the object are gathered
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
37
PyMISP Documentation Release main
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
32 ELF Object
33 PE Object
34 Mach-O Object
35 VT Report Object
class pymisptoolsVTReportObject(apikey indicator vt_proxies=None kwargs)VirusTotal Report
Apikey VirusTotal API key (private works but only public features are supported right now)
38 Chapter 3 pymisp - Tools
PyMISP Documentation Release main
Indicator IOC to search VirusTotal for
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Parse the VirusTotal report for relevant attributes
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
35 VT Report Object 39
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
36 STIX
pymisptoolsstixload_stix(stix distribution=3 threat_level_id=2 analysis=0)Returns a MISPEvent object from a STIX package
pymisptoolsstixmake_stix_package(misp_event to_json=False to_xml=False)Returns a STIXPackage from a MISPEvent
Optionally can return the package in json or xml
37 OpenIOC
toolsload_openioc()
toolsload_openioc_file()
40 Chapter 3 pymisp - Tools
CHAPTER
FOUR
INDICES AND TABLES
bull genindex
bull modindex
bull search
41
PyMISP Documentation Release main
42 Chapter 4 Indices and tables
PYTHON MODULE INDEX
ppymisp 7pymisptools 37pymisptoolsstix 40
43
PyMISP Documentation Release main
44 Python Module Index
INDEX
AAbstractMISP (class in pymisp) 23accept_attribute_proposal()
(pymispPyMISP method) 7add_attribute() (pymispMISPEvent method) 24add_attribute() (pymispMISPObject method) 28add_attribute() (pymispPyMISP method) 7add_attribute() (pymisptoolsFileObject method)
37add_attribute() (pymisptoolsVTReportObject
method) 39add_attribute_proposal() (pymispPyMISP
method) 7add_attribute_tag() (pymispMISPEvent
method) 24add_attributes() (pymispMISPObject method)
28add_attributes() (pymisptoolsFileObject
method) 37add_attributes() (pymisptoolsVTReportObject
method) 39add_event() (pymispPyMISP method) 7add_event_blacklist() (pymispPyMISP
method) 8add_feed() (pymispPyMISP method) 8add_object() (pymispMISPEvent method) 24add_object() (pymispPyMISP method) 8add_object_reference() (pymispPyMISP
method) 8add_org_to_sharing_group() (pymispPyMISP
method) 8add_organisation() (pymispPyMISP method) 8add_organisation_blacklist()
(pymispPyMISP method) 8add_proposal() (pymispMISPAttribute method) 26add_proposal() (pymispMISPEvent method) 24add_proposal() (pymispMISPObjectAttribute
method) 29add_reference() (pymispMISPObject method) 28add_reference() (pymisptoolsFileObject method)
37add_reference() (pymisptoolsVTReportObject
method) 39add_server() (pymispPyMISP method) 8add_server_to_sharing_group()
(pymispPyMISP method) 8add_shadow_attribute() (pymispMISPAttribute
method) 26add_shadow_attribute() (pymispMISPEvent
method) 24add_shadow_attribute()
(pymispMISPObjectAttribute method) 29add_sharing_group() (pymispPyMISP method) 8add_sighting() (pymispMISPAttribute method) 26add_sighting() (pymispMISPObjectAttribute
method) 29add_sighting() (pymispPyMISP method) 8add_tag() (pymispPyMISP method) 8add_user() (pymispPyMISP method) 9attributes_statistics() (pymispPyMISP
method) 9
Bbuild_complex_query() (pymispPyMISP
method) 9
Ccache_all_feeds() (pymispPyMISP method) 9cache_feed() (pymispPyMISP method) 9cache_freetext_feeds() (pymispPyMISP
method) 9cache_misp_feeds() (pymispPyMISP method) 9change_sharing_group_on_entity()
(pymispPyMISP method) 9change_user_password() (pymispPyMISP
method) 9clear() (pymispMISPAttribute method) 26clear() (pymispMISPEvent method) 24clear() (pymispMISPObject method) 28clear() (pymispMISPObjectAttribute method) 29clear() (pymispMISPObjectReference method) 31clear() (pymispMISPOrganisation method) 34clear() (pymispMISPTag method) 32clear() (pymispMISPUser method) 33
45
PyMISP Documentation Release main
clear() (pymisptoolsFileObject method) 37clear() (pymisptoolsVTReportObject method) 39communities() (pymispPyMISP method) 9compare_feeds() (pymispPyMISP method) 9contact_event_reporter() (pymispPyMISP
method) 9
Ddefault() (pymispMISPEncode method) 24delegate_event() (pymispPyMISP method) 10delete() (pymispMISPAttribute method) 26delete() (pymispMISPObjectAttribute method) 30delete_attribute() (pymispMISPEvent method)
24delete_attribute() (pymispPyMISP method) 10delete_attribute_proposal()
(pymispPyMISP method) 10delete_event() (pymispPyMISP method) 10delete_event_blacklist() (pymispPyMISP
method) 10delete_feed() (pymispPyMISP method) 10delete_object() (pymispPyMISP method) 10delete_object_reference() (pymispPyMISP
method) 10delete_organisation() (pymispPyMISP
method) 10delete_organisation_blacklist()
(pymispPyMISP method) 10delete_server() (pymispPyMISP method) 10delete_sharing_group() (pymispPyMISP
method) 10delete_sighting() (pymispPyMISP method) 10delete_tag() (pymispPyMISP method) 11delete_user() (pymispPyMISP method) 11delete_user_setting() (pymispPyMISP
method) 11describe_types_local() (pymispPyMISP prop-
erty) 11describe_types_remote() (pymispPyMISP
property) 11direct_call() (pymispPyMISP method) 11disable_feed() (pymispPyMISP method) 11disable_feed_cache() (pymispPyMISP method)
11disable_noticelist() (pymispPyMISP method)
11disable_tag() (pymispPyMISP method) 11disable_taxonomy() (pymispPyMISP method) 11disable_taxonomy_tags() (pymispPyMISP
method) 11disable_warninglist() (pymispPyMISP
method) 11discard_attribute_proposal()
(pymispPyMISP method) 12
Eedited() (pymispAbstractMISP property) 23edited() (pymispMISPAttribute property) 26edited() (pymispMISPEvent property) 24edited() (pymispMISPObject property) 28edited() (pymispMISPObjectAttribute property) 30edited() (pymispMISPObjectReference property) 31edited() (pymispMISPOrganisation property) 34edited() (pymispMISPTag property) 32edited() (pymispMISPUser property) 33edited() (pymisptoolsFileObject property) 37edited() (pymisptoolsVTReportObject property) 39enable_feed() (pymispPyMISP method) 12enable_feed_cache() (pymispPyMISP method)
12enable_noticelist() (pymispPyMISP method)
12enable_tag() (pymispPyMISP method) 12enable_taxonomy() (pymispPyMISP method) 12enable_taxonomy_tags() (pymispPyMISP
method) 12enable_warninglist() (pymispPyMISP method)
12event_blacklists() (pymispPyMISP method) 12event_delegations() (pymispPyMISP method)
12ExpandedPyMISP (in module pymisp) 23
Ffeeds() (pymispPyMISP method) 12fetch_feed() (pymispPyMISP method) 12FileObject (class in pymisptools) 37freetext() (pymispPyMISP method) 12from_dict() (pymispAbstractMISP method) 23from_dict() (pymispMISPAttribute method) 27from_dict() (pymispMISPEvent method) 25from_dict() (pymispMISPObject method) 28from_dict() (pymispMISPObjectAttribute method)
30from_dict() (pymispMISPObjectReference method)
31from_dict() (pymispMISPOrganisation method) 34from_dict() (pymispMISPTag method) 32from_dict() (pymispMISPUser method) 33from_dict() (pymisptoolsFileObject method) 37from_dict() (pymisptoolsVTReportObject method)
39from_json() (pymispAbstractMISP method) 23from_json() (pymispMISPAttribute method) 27from_json() (pymispMISPEvent method) 25from_json() (pymispMISPObject method) 28from_json() (pymispMISPObjectAttribute method)
30
46 Index
PyMISP Documentation Release main
from_json() (pymispMISPObjectReference method)31
from_json() (pymispMISPOrganisation method) 34from_json() (pymispMISPTag method) 32from_json() (pymispMISPUser method) 33from_json() (pymisptoolsFileObject method) 37from_json() (pymisptoolsVTReportObject method)
39
Ggalaxies() (pymispPyMISP method) 12generate_attributes() (pymisptoolsFileObject
method) 37generate_attributes()
(pymisptoolsVTReportObject method)39
get() (pymispMISPAttribute method) 27get() (pymispMISPEvent method) 25get() (pymispMISPObject method) 28get() (pymispMISPObjectAttribute method) 30get() (pymispMISPObjectReference method) 31get() (pymispMISPOrganisation method) 34get() (pymispMISPTag method) 32get() (pymispMISPUser method) 33get() (pymisptoolsFileObject method) 37get() (pymisptoolsVTReportObject method) 39get_all_functions() (pymispPyMISP method)
13get_attribute() (pymispPyMISP method) 13get_attribute_tag() (pymispMISPEvent
method) 25get_attributes_by_relation()
(pymispMISPObject method) 28get_attributes_by_relation()
(pymisptoolsFileObject method) 37get_attributes_by_relation()
(pymisptoolsVTReportObject method)39
get_community() (pymispPyMISP method) 13get_event() (pymispPyMISP method) 13get_feed() (pymispPyMISP method) 13get_galaxy() (pymispPyMISP method) 13get_noticelist() (pymispPyMISP method) 13get_object() (pymispPyMISP method) 13get_object_by_id() (pymispMISPEvent method)
25get_object_by_uuid() (pymispMISPEvent
method) 25get_object_template() (pymispPyMISP
method) 13get_objects_by_name() (pymispMISPEvent
method) 25get_organisation() (pymispPyMISP method) 13get_sync_config() (pymispPyMISP method) 13
get_tag() (pymispPyMISP method) 13get_taxonomy() (pymispPyMISP method) 13get_user() (pymispPyMISP method) 13get_user_setting() (pymispPyMISP method) 14get_warninglist() (pymispPyMISP method) 14
Hhas_attributes_by_relation()
(pymispMISPObject method) 28has_attributes_by_relation()
(pymisptoolsFileObject method) 37has_attributes_by_relation()
(pymisptoolsVTReportObject method)39
hash_values() (pymispMISPAttribute method) 27hash_values() (pymispMISPObjectAttribute
method) 30
Iimport_server() (pymispPyMISP method) 14items() (pymispMISPAttribute method) 27items() (pymispMISPEvent method) 25items() (pymispMISPObject method) 29items() (pymispMISPObjectAttribute method) 30items() (pymispMISPObjectReference method) 31items() (pymispMISPOrganisation method) 34items() (pymispMISPTag method) 32items() (pymispMISPUser method) 33items() (pymisptoolsFileObject method) 38items() (pymisptoolsVTReportObject method) 39
Jjsonable() (pymispAbstractMISP method) 23jsonable() (pymispMISPAttribute method) 27jsonable() (pymispMISPEvent method) 25jsonable() (pymispMISPObject method) 29jsonable() (pymispMISPObjectAttribute method)
30jsonable() (pymispMISPObjectReference method)
31jsonable() (pymispMISPOrganisation method) 34jsonable() (pymispMISPTag method) 32jsonable() (pymispMISPUser method) 33jsonable() (pymisptoolsFileObject method) 38jsonable() (pymisptoolsVTReportObject method)
39
Kkeys() (pymispMISPAttribute method) 27keys() (pymispMISPEvent method) 25keys() (pymispMISPObject method) 29keys() (pymispMISPObjectAttribute method) 30keys() (pymispMISPObjectReference method) 31keys() (pymispMISPOrganisation method) 34
Index 47
PyMISP Documentation Release main
keys() (pymispMISPTag method) 32keys() (pymispMISPUser method) 33keys() (pymisptoolsFileObject method) 38keys() (pymisptoolsVTReportObject method) 39known_types() (pymispMISPAttribute property) 27known_types() (pymispMISPObjectAttribute prop-
erty) 30
Lload() (pymispMISPEvent method) 25load_default_feeds() (pymispPyMISP method)
14load_file() (pymispMISPEvent method) 25load_openioc() (pymisptools method) 40load_openioc_file() (pymisptools method) 40load_stix() (in module pymisptoolsstix) 40
Mmake_stix_package() (in module
pymisptoolsstix) 40malware_binary() (pymispMISPAttribute prop-
erty) 27malware_binary() (pymispMISPObjectAttribute
property) 30misp_instance_version() (pymispPyMISP
property) 14misp_instance_version_master()
(pymispPyMISP property) 14MISPAttribute (class in pymisp) 26MISPEncode (class in pymisp) 24MISPEvent (class in pymisp) 24MISPObject (class in pymisp) 28MISPObjectAttribute (class in pymisp) 29MISPObjectReference (class in pymisp) 31MISPOrganisation (class in pymisp) 34MISPTag (class in pymisp) 32MISPUser (class in pymisp) 33module
pymisp 7pymisptools 37pymisptoolsstix 40
Nnoticelists() (pymispPyMISP method) 14
Oobject_templates() (pymispPyMISP method) 14organisation_blacklists() (pymispPyMISP
method) 14organisations() (pymispPyMISP method) 14
Ppop() (pymispMISPAttribute method) 27
pop() (pymispMISPEvent method) 25pop() (pymispMISPObject method) 29pop() (pymispMISPObjectAttribute method) 30pop() (pymispMISPObjectReference method) 31pop() (pymispMISPOrganisation method) 34pop() (pymispMISPTag method) 32pop() (pymispMISPUser method) 33pop() (pymisptoolsFileObject method) 38pop() (pymisptoolsVTReportObject method) 39popitem() (pymispMISPAttribute method) 27popitem() (pymispMISPEvent method) 25popitem() (pymispMISPObject method) 29popitem() (pymispMISPObjectAttribute method) 30popitem() (pymispMISPObjectReference method) 31popitem() (pymispMISPOrganisation method) 34popitem() (pymispMISPTag method) 32popitem() (pymispMISPUser method) 33popitem() (pymisptoolsFileObject method) 38popitem() (pymisptoolsVTReportObject method) 39publish() (pymispMISPEvent method) 25publish() (pymispPyMISP method) 14push_event_to_ZMQ() (pymispPyMISP method)
14pymisp
module 7PyMISP (class in pymisp) 7pymisptools
module 37pymisptoolsstix
module 40pymisp_version_main() (pymispPyMISP prop-
erty) 15
Rrecommended_pymisp_version()
(pymispPyMISP property) 15remote_acl() (pymispPyMISP method) 15remove_org_from_sharing_group()
(pymispPyMISP method) 15remove_server_from_sharing_group()
(pymispPyMISP method) 15roles() (pymispPyMISP method) 15
Ssearch() (pymispPyMISP method) 15search_feeds() (pymispPyMISP method) 17search_index() (pymispPyMISP method) 18search_logs() (pymispPyMISP method) 18search_sightings() (pymispPyMISP method) 19server_pull() (pymispPyMISP method) 20server_push() (pymispPyMISP method) 20servers() (pymispPyMISP method) 20set_date() (pymispMISPEvent method) 25
48 Index
PyMISP Documentation Release main
set_not_jsonable() (pymispAbstractMISPmethod) 23
set_not_jsonable() (pymispMISPAttributemethod) 27
set_not_jsonable() (pymispMISPEvent method)25
set_not_jsonable() (pymispMISPObjectmethod) 29
set_not_jsonable() (pymispMISPObjectAttributemethod) 30
set_not_jsonable()(pymispMISPObjectReference method)31
set_not_jsonable() (pymispMISPOrganisationmethod) 35
set_not_jsonable() (pymispMISPTag method)32
set_not_jsonable() (pymispMISPUser method)33
set_not_jsonable() (pymisptoolsFileObjectmethod) 38
set_not_jsonable()(pymisptoolsVTReportObject method)39
set_user_setting() (pymispPyMISP method) 20setdefault() (pymispMISPAttribute method) 27setdefault() (pymispMISPEvent method) 25setdefault() (pymispMISPObject method) 29setdefault() (pymispMISPObjectAttribute
method) 30setdefault() (pymispMISPObjectReference
method) 31setdefault() (pymispMISPOrganisation method)
35setdefault() (pymispMISPTag method) 33setdefault() (pymispMISPUser method) 34setdefault() (pymisptoolsFileObject method) 38setdefault() (pymisptoolsVTReportObject
method) 40sharing_groups() (pymispPyMISP method) 20sightings() (pymispPyMISP method) 20
Ttag() (pymispPyMISP method) 20tags() (pymispMISPAttribute property) 27tags() (pymispMISPEvent property) 26tags() (pymispMISPObjectAttribute property) 30tags() (pymispPyMISP method) 20tags_statistics() (pymispPyMISP method) 20taxonomies() (pymispPyMISP method) 20to_dict() (pymispAbstractMISP method) 23to_dict() (pymispMISPAttribute method) 27to_dict() (pymispMISPEvent method) 26to_dict() (pymispMISPObject method) 29
to_dict() (pymispMISPObjectAttribute method) 30to_dict() (pymispMISPObjectReference method) 32to_dict() (pymispMISPOrganisation method) 35to_dict() (pymispMISPTag method) 33to_dict() (pymispMISPUser method) 34to_dict() (pymisptoolsFileObject method) 38to_dict() (pymisptoolsVTReportObject method) 40to_feed() (pymispMISPEvent method) 26to_json() (pymispAbstractMISP method) 23to_json() (pymispMISPAttribute method) 27to_json() (pymispMISPEvent method) 26to_json() (pymispMISPObject method) 29to_json() (pymispMISPObjectAttribute method) 31to_json() (pymispMISPObjectReference method) 32to_json() (pymispMISPOrganisation method) 35to_json() (pymispMISPTag method) 33to_json() (pymispMISPUser method) 34to_json() (pymisptoolsFileObject method) 38to_json() (pymisptoolsVTReportObject method) 40toggle_warninglist() (pymispPyMISP method)
20
Uunpublish() (pymispMISPEvent method) 26untag() (pymispPyMISP method) 21update() (pymispMISPAttribute method) 28update() (pymispMISPEvent method) 26update() (pymispMISPObject method) 29update() (pymispMISPObjectAttribute method) 31update() (pymispMISPObjectReference method) 32update() (pymispMISPOrganisation method) 35update() (pymispMISPTag method) 33update() (pymispMISPUser method) 34update() (pymisptoolsFileObject method) 38update() (pymisptoolsVTReportObject method) 40update_attribute() (pymispPyMISP method) 21update_attribute_proposal()
(pymispPyMISP method) 21update_event() (pymispPyMISP method) 21update_event_blacklist() (pymispPyMISP
method) 21update_feed() (pymispPyMISP method) 21update_galaxies() (pymispPyMISP method) 21update_not_jsonable() (pymispAbstractMISP
method) 23update_not_jsonable() (pymispMISPAttribute
method) 28update_not_jsonable() (pymispMISPEvent
method) 26update_not_jsonable() (pymispMISPObject
method) 29update_not_jsonable()
(pymispMISPObjectAttribute method) 31
Index 49
PyMISP Documentation Release main
update_not_jsonable()(pymispMISPObjectReference method)32
update_not_jsonable()(pymispMISPOrganisation method) 35
update_not_jsonable() (pymispMISPTagmethod) 33
update_not_jsonable() (pymispMISPUsermethod) 34
update_not_jsonable() (pymisptoolsFileObjectmethod) 38
update_not_jsonable()(pymisptoolsVTReportObject method)40
update_noticelists() (pymispPyMISP method)21
update_object() (pymispPyMISP method) 21update_object_templates() (pymispPyMISP
method) 21update_organisation() (pymispPyMISP
method) 21update_organisation_blacklist()
(pymispPyMISP method) 21update_server() (pymispPyMISP method) 22update_tag() (pymispPyMISP method) 22update_taxonomies() (pymispPyMISP method)
22update_user() (pymispPyMISP method) 22update_warninglists() (pymispPyMISP
method) 22upload_stix() (pymispPyMISP method) 22user_registrations() (pymispPyMISP method)
22user_settings() (pymispPyMISP method) 22users() (pymispPyMISP method) 22users_statistics() (pymispPyMISP method) 22
Vvalues() (pymispMISPAttribute method) 28values() (pymispMISPEvent method) 26values() (pymispMISPObject method) 29values() (pymispMISPObjectAttribute method) 31values() (pymispMISPObjectReference method) 32values() (pymispMISPOrganisation method) 35values() (pymispMISPTag method) 33values() (pymispMISPUser method) 34values() (pymisptoolsFileObject method) 38values() (pymisptoolsVTReportObject method) 40values_in_warninglist() (pymispPyMISP
method) 22version() (pymispPyMISP property) 22VTReportObject (class in pymisptools) 38
Wwarninglists() (pymispPyMISP method) 22
50 Index
- README
- pymisp
- PyMISP
- PyMISPExpanded (Python 36+ only)
- MISPAbstract
- MISPEncode
- MISPEvent
- MISPAttribute
- MISPObject
- MISPObjectAttribute
- MISPObjectReference
- MISPTag
- MISPUser
- MISPOrganisation
- pymisp - Tools
- File Object
- ELF Object
- PE Object
- Mach-O Object
- VT Report Object
- STIX
- OpenIOC
- Indices and tables
- Python Module Index
- Index
PyMISP Documentation Release main
Return type Dict
discard_attribute_proposal(proposal)Discard a proposal
Return type Dict
enable_feed(feed pythonify=False)Enable a feed (fetching it will create event(s)
Return type Union[Dict MISPFeed]
enable_feed_cache(feed pythonify=False)Enable the caching of a feed
Return type Union[Dict MISPFeed]
enable_noticelist(noticelist)Enable a noticelist by id
Return type Dict
enable_tag(tag pythonify=False)Enable a tag
Return type Union[Dict MISPTag]
enable_taxonomy(taxonomy)Enable a taxonomy
Return type Dict
enable_taxonomy_tags(taxonomy)Enable all the tags of a taxonomy NOTE this automatically done when you call enable_taxonomy
Return type Dict
enable_warninglist(warninglist)Enable a warninglist
Return type Dict
event_blacklists(pythonify=False)Get all the blacklisted events
Return type Union[Dict List[MISPEventBlacklist]]
event_delegations(pythonify=False)Get all the event delegations
Return type Union[Dict List[MISPEventDelegation]]
feeds(pythonify=False)Get the list of existing feeds
Return type Union[Dict List[MISPFeed]]
fetch_feed(feed)Fetch one single feed
Return type Dict
freetext(event string adhereToWarninglists=False distribution=None returnMetaAttributes=Falsepythonify=False kwargs)
Pass a text to the freetext importer
Return type Union[Dict List[MISPAttribute]]
12 Chapter 2 pymisp
PyMISP Documentation Release main
galaxies(pythonify=False)Get all the galaxies
Return type Union[Dict List[MISPGalaxy]]
get_all_functions(not_implemented=False)Get all methods available vi the API allow to get the ones that are not implemented
get_attribute(attribute pythonify=False)Get an attribute from a MISP instance
Return type Union[Dict MISPAttribute]
get_community(community pythonify=False)Get an community from a MISP instance
Return type Union[Dict MISPCommunity]
get_event(event deleted=False extended=False pythonify=False)Get an event from a MISP instance
Return type Union[Dict MISPEvent]
get_feed(feed pythonify=False)Get a feed by id
Return type Union[Dict MISPFeed]
get_galaxy(galaxy pythonify=False)Get a galaxy by id
Return type Union[Dict MISPGalaxy]
get_noticelist(noticelist pythonify=False)Get a noticelist by id
Return type Union[Dict MISPNoticelist]
get_object(misp_object pythonify=False)Get an object from the remote MISP instance
Return type Union[Dict MISPObject]
get_object_template(object_template pythonify=False)Gets the full object template corresponting the UUID passed as parameter
Return type Union[Dict MISPObjectTemplate]
get_organisation(organisation pythonify=False)Get an organisation
Return type Union[Dict MISPOrganisation]
get_sync_config(pythonify=False)WARNING This method only works if the user calling it is a sync user
Return type Union[Dict MISPServer]
get_tag(tag pythonify=False)Get a tag by id
Return type Union[Dict MISPTag]
get_taxonomy(taxonomy pythonify=False)Get a taxonomy from a MISP instance
Return type Union[Dict MISPTaxonomy]
21 PyMISP 13
PyMISP Documentation Release main
get_user(user=me pythonify=False expanded=False)Get a user me means the owner of the API key doing the query expanded also returns a MISPRole and aMISPUserSetting
Return type Union[Dict MISPUser Tuple[MISPUser MISPRoleList[MISPUserSetting]]]
get_user_setting(user_setting user=None pythonify=False)Get an user setting
Return type Union[Dict MISPUserSetting]
get_warninglist(warninglist pythonify=False)Get a warninglist
Return type Union[Dict MISPWarninglist]
import_server(server pythonify=False)Import a sync server config received from get_sync_config
Return type Union[Dict MISPServer]
load_default_feeds()Load all the default feeds
Return type Dict
property misp_instance_versionReturns the version of the instance
Return type Dict
property misp_instance_version_masterGet the most recent version from github
Return type Dict
noticelists(pythonify=False)Get all the noticelists
Return type Union[Dict List[MISPNoticelist]]
object_templates(pythonify=False)Get all the object templates
Return type Union[Dict List[MISPObjectTemplate]]
organisation_blacklists(pythonify=False)Get all the blacklisted organisations
Return type Union[Dict List[MISPOrganisationBlacklist]]
organisations(scope=local pythonify=False)Get all the organisations
Return type Union[Dict List[MISPOrganisation]]
publish(event alert=False)Publish the event with one single HTTP POST The default is to not send a mail as it is assumed thismethod is called on update
Return type Dict
push_event_to_ZMQ(event)Force push an event on ZMQ
14 Chapter 2 pymisp
PyMISP Documentation Release main
Return type Dict
property pymisp_version_mainGet the most recent version of PyMISP from github
Return type Dict
property recommended_pymisp_versionReturns the recommended API version from the server
Return type Dict
remote_acl(debug_type=findMissingFunctionNames)This should return an empty list unless the ACL is outdated debug_type can only be printAllFunction-Names findMissingFunctionNames or printRoleAccess
Return type Dict
remove_org_from_sharing_group(sharing_group organisation)Remove an organisation from a sharing group sharing_group Sharing grouprsquos local instance ID orSharing grouprsquos global UUID organisation Organisationrsquos local instance ID or Organisationrsquos globalUUID or Organisationrsquos name as known to the curent instance
Return type Dict
remove_server_from_sharing_group(sharing_group server)Remove a server from a sharing group sharing_group Sharing grouprsquos local instance ID or Sharinggrouprsquos global UUID server Serverrsquos local instance ID or URL of the Server or Serverrsquos name as knownto the curent instance
Return type Dict
roles(pythonify=False)Get the existing roles
Return type Union[Dict List[MISPRole]]
search(controller=events return_format=json limit=None page=None value=Nonetype_attribute=None category=None org=None tags=None quick_filter=None quick-Filter=None date_from=None date_to=None eventid=None with_attachments=NonewithAttachments=None metadata=None uuid=None publish_timestamp=Nonelast=None timestamp=None published=None enforce_warninglist=None enforceWarn-inglist=None to_ids=None deleted=None include_event_uuid=None includeEventU-uid=None include_event_tags=None includeEventTags=None event_timestamp=Nonesg_reference_only=None eventinfo=None searchall=None requested_attributes=None in-clude_context=None includeContext=None headerless=None include_sightings=NoneincludeSightings=None include_correlations=None includeCorrelations=None in-clude_decay_score=None includeDecayScore=None object_name=None pythonify=Falsekwargs)
Search in the MISP instance
Parameters
bull return_format (str) ndash Set the return format of the search (Currently supported jsonxml openioc suricata snort - more formats are being moved to restSearch with the goalbeing that all searches happen through this API) Can be passed as the first parameter afterrestSearch or via the JSON payload
bull limit (Optional[int]) ndash Limit the number of results returned depending on thescope (for example 10 attributes or 10 full events)
bull page (Optional[int]) ndash If a limit is set sets the page to be returned page 3 limit 100will return records 201-gt300)
21 PyMISP 15
PyMISP Documentation Release main
bull value (Optional[~SearchParameterTypes]) ndash Search for the given value in the at-tributesrsquo value field
bull type_attribute (Optional[~SearchParameterTypes]) ndash The attribute type anyvalid MISP attribute type is accepted
bull category (Optional[~SearchParameterTypes]) ndash The attribute category any validMISP attribute category is accepted
bull org (Optional[~SearchParameterTypes]) ndash Search by the creator organisation by sup-plying the organisation identifier
bull tags (Optional[~SearchParameterTypes]) ndash Tags to search or to exclude You canpass a list or the output of build_complex_query
bull quick_filter (Optional[str]) ndash The string passed to this field will ignore all ofthe other arguments MISP will return an xml json (depending on the header sent) of allevents that have a sub-string match on value in the event info event orgc or any of theattribute value1 value2 fields or in the attribute comment
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull eventid (Optional[~SearchType]) ndash The events that should be included excludedfrom the search
bull with_attachments (Optional[bool]) ndash If set encodes the attachments zippedmalware samples as base64 in the data field within each attribute
bull metadata (Optional[bool]) ndash Only the metadata (event tags relations) is returnedattributes and proposals are omitted
bull uuid (Optional[str]) ndash Restrict the results by uuid
bull publish_timestamp (Union[date int str float NoneTuple[Union[date int str float None] Union[date int str floatNone]]]) ndash Restrict the results by the last publish timestamp (newer than)
bull timestamp (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash Restrict the resultsby the timestamp (last edit) Any event with a timestamp newer than the given timestampwill be returned In case you are dealing with attributes as scope the attributersquos timestampwill be used for the lookup
bull published (Optional[bool]) ndash Set whether published or unpublished events shouldbe returned Do not set the parameter if you want both
bull enforce_warninglist (Optional[bool]) ndash Remove any attributes from the resultthat would cause a hit on a warninglist entry
bull to_ids (Union[~ToIDSType List[~ToIDSType] None]) ndash By default all attributesare returned that match the other filter parameters irregardless of their to_ids setting Torestrict the returned data set to to_ids only attributes set this parameter to 1 0 for the oneswith to_ids set to False
bull deleted (Optional[str]) ndash If this parameter is set to 1 it will only return soft-deletedattributes [ldquo0rdquo ldquo1rdquo] will return the active ones as well as the soft-deleted ones
bull include_event_uuid (Optional[bool]) ndash Instead of just including the event IDalso include the event UUID in each of the attributes
16 Chapter 2 pymisp
PyMISP Documentation Release main
bull include_event_tags (Optional[bool]) ndash Include the event level tags in each ofthe attributes
bull event_timestamp (Union[date int str float None]) ndash Only return at-tributes from events that have received a modification after the given timestamp
bull sg_reference_only (Optional[bool]) ndash If this flag is set sharing group objectswill not be included instead only the sharing group ID is set
bull eventinfo (Optional[str]) ndash Filter on the eventrsquos info field
bull searchall (Optional[bool]) ndash Search for a full or a substring (delimited by forsubstrings) in the event info event tags attribute tags attribute values or attribute commentfields
bull requested_attributes (Optional[str]) ndash [CSV only] Select the fields that youwish to include in the CSV export By setting event level fields additionally includeCon-text is not required to get event metadata
bull include_context (Optional[bool]) ndash [Attribute only] Include the event data witheach attribute [CSV output] Add event level metadata in every line of the CSV
bull headerless (Optional[bool]) ndash [CSV Only] The CSV created when this setting isset to true will not contain the header row
bull include_sightings (Optional[bool]) ndash [JSON Only - Attribute] Include thesightings of the matching attributes
bull include_decay_score (Optional[bool]) ndash Include the decay score at attributelevel
bull include_correlations (Optional[bool]) ndash [JSON Only - attribute] Include thecorrelations of the matching attributes
bull object_name (Optional[str]) ndash [objects controller only] Search for objects withthat name
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead of the plainjson output Warning it might use a lot of RAM
Deprecated
Parameters
bull quickFilter (Optional[str]) ndash synponym for quick_filter
bull withAttachments (Optional[bool]) ndash synonym for with_attachments
bull last (Union[date int str float None Tuple[Union[date int strfloat None] Union[date int str float None]]]) ndash synonym for pub-lish_timestamp
bull enforceWarninglist (Optional[bool]) ndash synonym for enforce_warninglist
bull includeEventUuid (Optional[bool]) ndash synonym for include_event_uuid
bull includeEventTags (Optional[bool]) ndash synonym for include_event_tags
bull includeContext (Optional[bool]) ndash synonym for include_context
Return type Union[Dict str List[Union[MISPEvent MISPAttributeMISPObject]]]
search_feeds(value=None pythonify=False)Search in the feeds cached on the servers
21 PyMISP 17
PyMISP Documentation Release main
Return type Union[Dict List[MISPFeed]]
search_index(published=None eventid=None tags=None date_from=None date_to=Noneeventinfo=None threatlevel=None distribution=None analysis=None org=Nonetimestamp=None pythonify=None)
Search only at the index level Using in front of a value means NOT (default is OR)
Parameters
bull published (Optional[bool]) ndash Set whether published or unpublished events shouldbe returned Do not set the parameter if you want both
bull eventid (Optional[~SearchType]) ndash The events that should be included excludedfrom the search
bull tags (Optional[~SearchParameterTypes]) ndash Tags to search or to exclude You canpass a list or the output of build_complex_query
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull eventinfo (Optional[str]) ndash Filter on the eventrsquos info field
bull threatlevel (Optional[List[~SearchType]]) ndash Threat level(s) (1234) | list
bull distribution (Optional[List[~SearchType]]) ndash Distribution level(s) (0123) |list
bull analysis (Optional[List[~SearchType]]) ndash Analysis level(s) (012) | list
bull org (Optional[~SearchParameterTypes]) ndash Search by the creator organisation by sup-plying the organisation identifier
bull timestamp (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash Restrict the resultsby the timestamp (last edit) Any event with a timestamp newer than the given timestampwill be returned In case you are dealing with attributes as scope the attributersquos timestampwill be used for the lookup
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead or the plainjson output Warning it might use a lot of RAM
Return type Union[Dict List[MISPEvent]]
search_logs(limit=None page=None log_id=None title=None created=None model=None ac-tion=None user_id=None change=None email=None org=None description=Noneip=None pythonify=False)
Search in logs
Note to run substring queries simply appendprependencapsulate the search term with
Parameters
bull limit (Optional[int]) ndash Limit the number of results returned depending on thescope (for example 10 attributes or 10 full events)
bull page (Optional[int]) ndash If a limit is set sets the page to be returned page 3 limit 100will return records 201-gt300)
bull log_id (Optional[int]) ndash Log ID
bull title (Optional[str]) ndash Log Title
18 Chapter 2 pymisp
PyMISP Documentation Release main
bull created (Union[date int str float None]) ndash Creation timestamp
bull model (Optional[str]) ndash Model name that generated the log entry
bull action (Optional[str]) ndash The thing that was done
bull user_id (Optional[int]) ndash ID of the user doing the action
bull change (Optional[str]) ndash Change that occured
bull email (Optional[str]) ndash Email of the user
bull org (Optional[str]) ndash Organisation of the User doing the action
bull description (Optional[str]) ndash Description of the action
bull ip (Optional[str]) ndash Origination IP of the User doing the action
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead or the plainjson output Warning it might use a lot of RAM
Return type Union[Dict List[MISPLog]]
search_sightings(context=None context_id=None type_sighting=None date_from=Nonedate_to=None publish_timestamp=None last=None org=None source=Noneinclude_attribute=None include_event_meta=None pythonify=False)
Search sightings
Parameters
bull context (Optional[str]) ndash The context of the search Can be either ldquoattributerdquoldquoeventrdquo or nothing (will then match on events and attributes)
bull context_id (Optional[~SearchType]) ndash Only relevant if context is either ldquoattributerdquoor ldquoeventrdquo Then it is the relevant ID
bull type_sighting (Optional[str]) ndash Type of sighting
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull publish_timestamp (Union[date int str float NoneTuple[Union[date int str float None] Union[date int str floatNone]]]) ndash Restrict the results by the last publish timestamp (newer than)
bull org (Optional[~SearchType]) ndash Search by the creator organisation by supplying theorganisation identifier
bull source (Optional[str]) ndash Source of the sighting
bull include_attribute (Optional[bool]) ndash Include the attribute
bull include_event_meta (Optional[bool]) ndash Include the meta information of theevent
Deprecated
Parameters last (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash synonym for pub-lish_timestamp
Example
21 PyMISP 19
PyMISP Documentation Release main
gtgtgt mispsearch_sightings(publish_timestamp=30d) search sightings for therarr˓last 30 days on the instance[ ]gtgtgt mispsearch_sightings(context=attribute context_id=6 include_rarr˓attribute=True) return list of sighting for attribute 6 along with therarr˓attribute itself[ ]gtgtgt mispsearch_sightings(context=event context_id=17 include_event_rarr˓meta=True org=2) return list of sighting for event 17 filtered with orgrarr˓id 2
Return type Union[Dict List[Dict[str Union[MISPEvent MISPAttributeMISPSighting]]]]
server_pull(server event=None)Initialize a pull from a sync server
Return type Dict
server_push(server event=None)Initialize a push to a sync server
Return type Dict
servers(pythonify=False)Get the existing servers the MISP instance can synchronise with
Return type Union[Dict List[MISPServer]]
set_user_setting(user_setting value user=None pythonify=False)Get an user setting
Return type Union[Dict MISPUserSetting]
sharing_groups(pythonify=False)Get the existing sharing groups
Return type Union[Dict List[MISPSharingGroup]]
sightings(misp_entity=None org=None pythonify=False)Get the list of sighting related to a MISPEvent or a MISPAttribute (depending on type of misp_entity)
Return type Union[Dict List[MISPSighting]]
tag(misp_entity tag local=False)Tag an event or an attribute misp_entity can be a MISPEvent a MISP Attribute or a UUID
Return type Dict
tags(pythonify=False)Get the list of existing tags
Return type Union[Dict List[MISPTag]]
tags_statistics(percentage=False name_sort=False)Get tags statistics from the MISP instance
Return type Dict
taxonomies(pythonify=False)Get all the taxonomies
Return type Union[Dict List[MISPTaxonomy]]
20 Chapter 2 pymisp
PyMISP Documentation Release main
toggle_warninglist(warninglist_id=None warninglist_name=None force_enable=False)Toggle (enabledisable) the status of a warninglist by ID type warninglist_id Union[str intList[int] None] param warninglist_id ID of the WarningList type force_enable bool paramforce_enable Force the warning list in the enabled state (does nothing is already enabled)
Return type Dict
untag(misp_entity tag)Untag an event or an attribute misp_entity can be a UUID
Return type Dict
update_attribute(attribute attribute_id=None pythonify=False)Update an attribute on a MISP instance
Return type Union[Dict MISPAttribute MISPShadowAttribute]
update_attribute_proposal(initial_attribute attribute pythonify=False)Propose a change for an attribute
Return type Union[Dict MISPShadowAttribute]
update_event(event event_id=None pythonify=False)Update an event on a MISP instance
Return type Union[Dict MISPEvent]
update_event_blacklist(event_blacklist event_blacklist_id=None pythonify=False)Update an event in the blacklist
Return type Union[Dict MISPEventBlacklist]
update_feed(feed feed_id=None pythonify=False)Update a feed on a MISP instance
Return type Union[Dict MISPFeed]
update_galaxies()Update all the galaxies
Return type Dict
update_noticelists()Update all the noticelists
Return type Dict
update_object(misp_object object_id=None pythonify=False)Update an object on a MISP instance
Return type Union[Dict MISPObject]
update_object_templates()Trigger an update of the object templates
Return type Dict
update_organisation(organisation organisation_id=None pythonify=False)Update an organisation
Return type Union[Dict MISPOrganisation]
update_organisation_blacklist(organisation_blacklist organisation_blacklist_id=Nonepythonify=False)
Update an organisation in the blacklist
Return type Union[Dict MISPOrganisationBlacklist]
21 PyMISP 21
PyMISP Documentation Release main
update_server(server server_id=None pythonify=False)Update a server to synchronise with
Return type Union[Dict MISPServer]
update_tag(tag tag_id=None pythonify=False)Edit only the provided parameters of a tag
Return type Union[Dict MISPTag]
update_taxonomies()Update all the taxonomies
Return type Dict
update_user(user user_id=None pythonify=False)Update an event on a MISP instance
Return type Union[Dict MISPUser]
update_warninglists()Update all the warninglists
Return type Dict
upload_stix(path version=2)Upload a STIX file to MISP param path Path to the STIX on the disk (can be a path-like object or apseudofile) type version str param version Can be 1 or 2
user_registrations(pythonify=False)Get all the user registrations
Return type Union[Dict List[MISPInbox]]
user_settings(pythonify=False)Get all the user settings
Return type Union[Dict List[MISPUserSetting]]
users(pythonify=False)Get all the users
Return type Union[Dict List[MISPUser]]
users_statistics(context=data)Get users statistics from the MISP instance
Return type Dict
values_in_warninglist(value)Check if IOC values are in warninglist
Return type Dict
property versionReturns the version of PyMISP yoursquore curently using
Return type Dict
warninglists(pythonify=False)Get all the warninglists
Return type Union[Dict List[MISPWarninglist]]
22 Chapter 2 pymisp
PyMISP Documentation Release main
22 PyMISPExpanded (Python 36+ only)
pymispExpandedPyMISPalias of pymispapiPyMISP
23 MISPAbstract
class pymispAbstractMISP(kwargs)
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
Return type None
from_json(json_string)Load a JSON string
Return type None
jsonable()This method is used by the JSON encoder
Return type Dict
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
22 PyMISPExpanded (Python 36+ only) 23
PyMISP Documentation Release main
24 MISPEncode
class pymispMISPEncode(args kwargs)
default(obj)Implement this method in a subclass such that it returns a serializable object for o or calls the baseimplementation (to raise a TypeError)
For example to support arbitrary iterators you could implement default like this
def default(self o)try
iterable = iter(o)except TypeError
passelse
return list(iterable) Let the base class default method raise the TypeErrorreturn JSONEncoderdefault(self o)
25 MISPEvent
class pymispMISPEvent(describe_types=None strict_validation=False kwargs)
add_attribute(type value kwargs)Add an attribute type and value are required but you can pass all other parameters supported by MISPAt-tribute
Return type Union[MISPAttribute List[MISPAttribute]]
add_attribute_tag(tag attribute_identifier)Add a tag to an existing attribute raise an Exception if the attribute doesnrsquot exists tag Tag name as astring MISPTag instance or dictionary attribute_identifier can be an ID UUID or the value
Return type List[MISPAttribute]
add_object(obj=None kwargs)Add an object to the Event either by passing a MISPObject or a dictionary
Return type MISPObject
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a tag to the attribute (by name or a MISPTag object)
Return type MISPShadowAttribute
clear()rarr None Remove all items from D
delete_attribute(attribute_id)Delete an attribute you can search by ID or UUID
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
24 Chapter 2 pymisp
PyMISP Documentation Release main
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attribute_tag(attribute_identifier)Return the tags associated to an attribute or an object attribute attribute_identifier can be an ID UUIDor the value
Return type List[MISPTag]
get_object_by_id(object_id)Get an object by ID (the ID is the one set by the server when creating the new object)
Return type MISPObject
get_object_by_uuid(object_uuid)Get an object by UUID (UUID is set by the server when creating the new object)
Return type MISPObject
get_objects_by_name(object_name)Get an object by UUID (UUID is set by the server when creating the new object)
Return type List[MISPObject]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
load(json_event validate=False metadata_only=False)Load a JSON dump from a pseudo file or a JSON string
load_file(event_path validate=False metadata_only=False)Load a JSON dump from a file on the disk
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
publish()Mark the attribute as published
set_date(d=None ignore_invalid=False)Set a date for the event (string datetime or date object)
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
25 MISPEvent 25
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Event
Return type List[MISPTag]
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_feed(valid_distributions=[0 1 2 3 4 5] with_meta=False)Generate a json output for MISP Feed Notes
bull valid_distributions only makes sense if the distribution key is set (ie the event is exported from aMISP instance)
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
unpublish()Mark the attribute as un-published (set publish flag to false)
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
26 MISPAttribute
class pymispMISPAttribute(describe_types=None strict=False)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
26 Chapter 2 pymisp
PyMISP Documentation Release main
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
26 MISPAttribute 27
PyMISP Documentation Release main
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
27 MISPObject
class pymispMISPObject(name strict=False standalone=True default_attributes_parameters=kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
28 Chapter 2 pymisp
PyMISP Documentation Release main
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
28 MISPObjectAttribute
class pymispMISPObjectAttribute(definition)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
28 MISPObjectAttribute 29
PyMISP Documentation Release main
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(object_relation value kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
30 Chapter 2 pymisp
PyMISP Documentation Release main
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
29 MISPObjectReference
class pymispMISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
29 MISPObjectReference 31
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
210 MISPTag
class pymispMISPTag(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
32 Chapter 2 pymisp
PyMISP Documentation Release main
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
211 MISPUser
class pymispMISPUser(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
211 MISPUser 33
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation
class pymispMISPOrganisation
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
34 Chapter 2 pymisp
PyMISP Documentation Release main
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation 35
PyMISP Documentation Release main
36 Chapter 2 pymisp
CHAPTER
THREE
PYMISP - TOOLS
31 File Object
class pymisptoolsFileObject(filepath=None pseudofile=None filename=None kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Contains the logic where all the values of the object are gathered
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
37
PyMISP Documentation Release main
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
32 ELF Object
33 PE Object
34 Mach-O Object
35 VT Report Object
class pymisptoolsVTReportObject(apikey indicator vt_proxies=None kwargs)VirusTotal Report
Apikey VirusTotal API key (private works but only public features are supported right now)
38 Chapter 3 pymisp - Tools
PyMISP Documentation Release main
Indicator IOC to search VirusTotal for
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Parse the VirusTotal report for relevant attributes
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
35 VT Report Object 39
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
36 STIX
pymisptoolsstixload_stix(stix distribution=3 threat_level_id=2 analysis=0)Returns a MISPEvent object from a STIX package
pymisptoolsstixmake_stix_package(misp_event to_json=False to_xml=False)Returns a STIXPackage from a MISPEvent
Optionally can return the package in json or xml
37 OpenIOC
toolsload_openioc()
toolsload_openioc_file()
40 Chapter 3 pymisp - Tools
CHAPTER
FOUR
INDICES AND TABLES
bull genindex
bull modindex
bull search
41
PyMISP Documentation Release main
42 Chapter 4 Indices and tables
PYTHON MODULE INDEX
ppymisp 7pymisptools 37pymisptoolsstix 40
43
PyMISP Documentation Release main
44 Python Module Index
INDEX
AAbstractMISP (class in pymisp) 23accept_attribute_proposal()
(pymispPyMISP method) 7add_attribute() (pymispMISPEvent method) 24add_attribute() (pymispMISPObject method) 28add_attribute() (pymispPyMISP method) 7add_attribute() (pymisptoolsFileObject method)
37add_attribute() (pymisptoolsVTReportObject
method) 39add_attribute_proposal() (pymispPyMISP
method) 7add_attribute_tag() (pymispMISPEvent
method) 24add_attributes() (pymispMISPObject method)
28add_attributes() (pymisptoolsFileObject
method) 37add_attributes() (pymisptoolsVTReportObject
method) 39add_event() (pymispPyMISP method) 7add_event_blacklist() (pymispPyMISP
method) 8add_feed() (pymispPyMISP method) 8add_object() (pymispMISPEvent method) 24add_object() (pymispPyMISP method) 8add_object_reference() (pymispPyMISP
method) 8add_org_to_sharing_group() (pymispPyMISP
method) 8add_organisation() (pymispPyMISP method) 8add_organisation_blacklist()
(pymispPyMISP method) 8add_proposal() (pymispMISPAttribute method) 26add_proposal() (pymispMISPEvent method) 24add_proposal() (pymispMISPObjectAttribute
method) 29add_reference() (pymispMISPObject method) 28add_reference() (pymisptoolsFileObject method)
37add_reference() (pymisptoolsVTReportObject
method) 39add_server() (pymispPyMISP method) 8add_server_to_sharing_group()
(pymispPyMISP method) 8add_shadow_attribute() (pymispMISPAttribute
method) 26add_shadow_attribute() (pymispMISPEvent
method) 24add_shadow_attribute()
(pymispMISPObjectAttribute method) 29add_sharing_group() (pymispPyMISP method) 8add_sighting() (pymispMISPAttribute method) 26add_sighting() (pymispMISPObjectAttribute
method) 29add_sighting() (pymispPyMISP method) 8add_tag() (pymispPyMISP method) 8add_user() (pymispPyMISP method) 9attributes_statistics() (pymispPyMISP
method) 9
Bbuild_complex_query() (pymispPyMISP
method) 9
Ccache_all_feeds() (pymispPyMISP method) 9cache_feed() (pymispPyMISP method) 9cache_freetext_feeds() (pymispPyMISP
method) 9cache_misp_feeds() (pymispPyMISP method) 9change_sharing_group_on_entity()
(pymispPyMISP method) 9change_user_password() (pymispPyMISP
method) 9clear() (pymispMISPAttribute method) 26clear() (pymispMISPEvent method) 24clear() (pymispMISPObject method) 28clear() (pymispMISPObjectAttribute method) 29clear() (pymispMISPObjectReference method) 31clear() (pymispMISPOrganisation method) 34clear() (pymispMISPTag method) 32clear() (pymispMISPUser method) 33
45
PyMISP Documentation Release main
clear() (pymisptoolsFileObject method) 37clear() (pymisptoolsVTReportObject method) 39communities() (pymispPyMISP method) 9compare_feeds() (pymispPyMISP method) 9contact_event_reporter() (pymispPyMISP
method) 9
Ddefault() (pymispMISPEncode method) 24delegate_event() (pymispPyMISP method) 10delete() (pymispMISPAttribute method) 26delete() (pymispMISPObjectAttribute method) 30delete_attribute() (pymispMISPEvent method)
24delete_attribute() (pymispPyMISP method) 10delete_attribute_proposal()
(pymispPyMISP method) 10delete_event() (pymispPyMISP method) 10delete_event_blacklist() (pymispPyMISP
method) 10delete_feed() (pymispPyMISP method) 10delete_object() (pymispPyMISP method) 10delete_object_reference() (pymispPyMISP
method) 10delete_organisation() (pymispPyMISP
method) 10delete_organisation_blacklist()
(pymispPyMISP method) 10delete_server() (pymispPyMISP method) 10delete_sharing_group() (pymispPyMISP
method) 10delete_sighting() (pymispPyMISP method) 10delete_tag() (pymispPyMISP method) 11delete_user() (pymispPyMISP method) 11delete_user_setting() (pymispPyMISP
method) 11describe_types_local() (pymispPyMISP prop-
erty) 11describe_types_remote() (pymispPyMISP
property) 11direct_call() (pymispPyMISP method) 11disable_feed() (pymispPyMISP method) 11disable_feed_cache() (pymispPyMISP method)
11disable_noticelist() (pymispPyMISP method)
11disable_tag() (pymispPyMISP method) 11disable_taxonomy() (pymispPyMISP method) 11disable_taxonomy_tags() (pymispPyMISP
method) 11disable_warninglist() (pymispPyMISP
method) 11discard_attribute_proposal()
(pymispPyMISP method) 12
Eedited() (pymispAbstractMISP property) 23edited() (pymispMISPAttribute property) 26edited() (pymispMISPEvent property) 24edited() (pymispMISPObject property) 28edited() (pymispMISPObjectAttribute property) 30edited() (pymispMISPObjectReference property) 31edited() (pymispMISPOrganisation property) 34edited() (pymispMISPTag property) 32edited() (pymispMISPUser property) 33edited() (pymisptoolsFileObject property) 37edited() (pymisptoolsVTReportObject property) 39enable_feed() (pymispPyMISP method) 12enable_feed_cache() (pymispPyMISP method)
12enable_noticelist() (pymispPyMISP method)
12enable_tag() (pymispPyMISP method) 12enable_taxonomy() (pymispPyMISP method) 12enable_taxonomy_tags() (pymispPyMISP
method) 12enable_warninglist() (pymispPyMISP method)
12event_blacklists() (pymispPyMISP method) 12event_delegations() (pymispPyMISP method)
12ExpandedPyMISP (in module pymisp) 23
Ffeeds() (pymispPyMISP method) 12fetch_feed() (pymispPyMISP method) 12FileObject (class in pymisptools) 37freetext() (pymispPyMISP method) 12from_dict() (pymispAbstractMISP method) 23from_dict() (pymispMISPAttribute method) 27from_dict() (pymispMISPEvent method) 25from_dict() (pymispMISPObject method) 28from_dict() (pymispMISPObjectAttribute method)
30from_dict() (pymispMISPObjectReference method)
31from_dict() (pymispMISPOrganisation method) 34from_dict() (pymispMISPTag method) 32from_dict() (pymispMISPUser method) 33from_dict() (pymisptoolsFileObject method) 37from_dict() (pymisptoolsVTReportObject method)
39from_json() (pymispAbstractMISP method) 23from_json() (pymispMISPAttribute method) 27from_json() (pymispMISPEvent method) 25from_json() (pymispMISPObject method) 28from_json() (pymispMISPObjectAttribute method)
30
46 Index
PyMISP Documentation Release main
from_json() (pymispMISPObjectReference method)31
from_json() (pymispMISPOrganisation method) 34from_json() (pymispMISPTag method) 32from_json() (pymispMISPUser method) 33from_json() (pymisptoolsFileObject method) 37from_json() (pymisptoolsVTReportObject method)
39
Ggalaxies() (pymispPyMISP method) 12generate_attributes() (pymisptoolsFileObject
method) 37generate_attributes()
(pymisptoolsVTReportObject method)39
get() (pymispMISPAttribute method) 27get() (pymispMISPEvent method) 25get() (pymispMISPObject method) 28get() (pymispMISPObjectAttribute method) 30get() (pymispMISPObjectReference method) 31get() (pymispMISPOrganisation method) 34get() (pymispMISPTag method) 32get() (pymispMISPUser method) 33get() (pymisptoolsFileObject method) 37get() (pymisptoolsVTReportObject method) 39get_all_functions() (pymispPyMISP method)
13get_attribute() (pymispPyMISP method) 13get_attribute_tag() (pymispMISPEvent
method) 25get_attributes_by_relation()
(pymispMISPObject method) 28get_attributes_by_relation()
(pymisptoolsFileObject method) 37get_attributes_by_relation()
(pymisptoolsVTReportObject method)39
get_community() (pymispPyMISP method) 13get_event() (pymispPyMISP method) 13get_feed() (pymispPyMISP method) 13get_galaxy() (pymispPyMISP method) 13get_noticelist() (pymispPyMISP method) 13get_object() (pymispPyMISP method) 13get_object_by_id() (pymispMISPEvent method)
25get_object_by_uuid() (pymispMISPEvent
method) 25get_object_template() (pymispPyMISP
method) 13get_objects_by_name() (pymispMISPEvent
method) 25get_organisation() (pymispPyMISP method) 13get_sync_config() (pymispPyMISP method) 13
get_tag() (pymispPyMISP method) 13get_taxonomy() (pymispPyMISP method) 13get_user() (pymispPyMISP method) 13get_user_setting() (pymispPyMISP method) 14get_warninglist() (pymispPyMISP method) 14
Hhas_attributes_by_relation()
(pymispMISPObject method) 28has_attributes_by_relation()
(pymisptoolsFileObject method) 37has_attributes_by_relation()
(pymisptoolsVTReportObject method)39
hash_values() (pymispMISPAttribute method) 27hash_values() (pymispMISPObjectAttribute
method) 30
Iimport_server() (pymispPyMISP method) 14items() (pymispMISPAttribute method) 27items() (pymispMISPEvent method) 25items() (pymispMISPObject method) 29items() (pymispMISPObjectAttribute method) 30items() (pymispMISPObjectReference method) 31items() (pymispMISPOrganisation method) 34items() (pymispMISPTag method) 32items() (pymispMISPUser method) 33items() (pymisptoolsFileObject method) 38items() (pymisptoolsVTReportObject method) 39
Jjsonable() (pymispAbstractMISP method) 23jsonable() (pymispMISPAttribute method) 27jsonable() (pymispMISPEvent method) 25jsonable() (pymispMISPObject method) 29jsonable() (pymispMISPObjectAttribute method)
30jsonable() (pymispMISPObjectReference method)
31jsonable() (pymispMISPOrganisation method) 34jsonable() (pymispMISPTag method) 32jsonable() (pymispMISPUser method) 33jsonable() (pymisptoolsFileObject method) 38jsonable() (pymisptoolsVTReportObject method)
39
Kkeys() (pymispMISPAttribute method) 27keys() (pymispMISPEvent method) 25keys() (pymispMISPObject method) 29keys() (pymispMISPObjectAttribute method) 30keys() (pymispMISPObjectReference method) 31keys() (pymispMISPOrganisation method) 34
Index 47
PyMISP Documentation Release main
keys() (pymispMISPTag method) 32keys() (pymispMISPUser method) 33keys() (pymisptoolsFileObject method) 38keys() (pymisptoolsVTReportObject method) 39known_types() (pymispMISPAttribute property) 27known_types() (pymispMISPObjectAttribute prop-
erty) 30
Lload() (pymispMISPEvent method) 25load_default_feeds() (pymispPyMISP method)
14load_file() (pymispMISPEvent method) 25load_openioc() (pymisptools method) 40load_openioc_file() (pymisptools method) 40load_stix() (in module pymisptoolsstix) 40
Mmake_stix_package() (in module
pymisptoolsstix) 40malware_binary() (pymispMISPAttribute prop-
erty) 27malware_binary() (pymispMISPObjectAttribute
property) 30misp_instance_version() (pymispPyMISP
property) 14misp_instance_version_master()
(pymispPyMISP property) 14MISPAttribute (class in pymisp) 26MISPEncode (class in pymisp) 24MISPEvent (class in pymisp) 24MISPObject (class in pymisp) 28MISPObjectAttribute (class in pymisp) 29MISPObjectReference (class in pymisp) 31MISPOrganisation (class in pymisp) 34MISPTag (class in pymisp) 32MISPUser (class in pymisp) 33module
pymisp 7pymisptools 37pymisptoolsstix 40
Nnoticelists() (pymispPyMISP method) 14
Oobject_templates() (pymispPyMISP method) 14organisation_blacklists() (pymispPyMISP
method) 14organisations() (pymispPyMISP method) 14
Ppop() (pymispMISPAttribute method) 27
pop() (pymispMISPEvent method) 25pop() (pymispMISPObject method) 29pop() (pymispMISPObjectAttribute method) 30pop() (pymispMISPObjectReference method) 31pop() (pymispMISPOrganisation method) 34pop() (pymispMISPTag method) 32pop() (pymispMISPUser method) 33pop() (pymisptoolsFileObject method) 38pop() (pymisptoolsVTReportObject method) 39popitem() (pymispMISPAttribute method) 27popitem() (pymispMISPEvent method) 25popitem() (pymispMISPObject method) 29popitem() (pymispMISPObjectAttribute method) 30popitem() (pymispMISPObjectReference method) 31popitem() (pymispMISPOrganisation method) 34popitem() (pymispMISPTag method) 32popitem() (pymispMISPUser method) 33popitem() (pymisptoolsFileObject method) 38popitem() (pymisptoolsVTReportObject method) 39publish() (pymispMISPEvent method) 25publish() (pymispPyMISP method) 14push_event_to_ZMQ() (pymispPyMISP method)
14pymisp
module 7PyMISP (class in pymisp) 7pymisptools
module 37pymisptoolsstix
module 40pymisp_version_main() (pymispPyMISP prop-
erty) 15
Rrecommended_pymisp_version()
(pymispPyMISP property) 15remote_acl() (pymispPyMISP method) 15remove_org_from_sharing_group()
(pymispPyMISP method) 15remove_server_from_sharing_group()
(pymispPyMISP method) 15roles() (pymispPyMISP method) 15
Ssearch() (pymispPyMISP method) 15search_feeds() (pymispPyMISP method) 17search_index() (pymispPyMISP method) 18search_logs() (pymispPyMISP method) 18search_sightings() (pymispPyMISP method) 19server_pull() (pymispPyMISP method) 20server_push() (pymispPyMISP method) 20servers() (pymispPyMISP method) 20set_date() (pymispMISPEvent method) 25
48 Index
PyMISP Documentation Release main
set_not_jsonable() (pymispAbstractMISPmethod) 23
set_not_jsonable() (pymispMISPAttributemethod) 27
set_not_jsonable() (pymispMISPEvent method)25
set_not_jsonable() (pymispMISPObjectmethod) 29
set_not_jsonable() (pymispMISPObjectAttributemethod) 30
set_not_jsonable()(pymispMISPObjectReference method)31
set_not_jsonable() (pymispMISPOrganisationmethod) 35
set_not_jsonable() (pymispMISPTag method)32
set_not_jsonable() (pymispMISPUser method)33
set_not_jsonable() (pymisptoolsFileObjectmethod) 38
set_not_jsonable()(pymisptoolsVTReportObject method)39
set_user_setting() (pymispPyMISP method) 20setdefault() (pymispMISPAttribute method) 27setdefault() (pymispMISPEvent method) 25setdefault() (pymispMISPObject method) 29setdefault() (pymispMISPObjectAttribute
method) 30setdefault() (pymispMISPObjectReference
method) 31setdefault() (pymispMISPOrganisation method)
35setdefault() (pymispMISPTag method) 33setdefault() (pymispMISPUser method) 34setdefault() (pymisptoolsFileObject method) 38setdefault() (pymisptoolsVTReportObject
method) 40sharing_groups() (pymispPyMISP method) 20sightings() (pymispPyMISP method) 20
Ttag() (pymispPyMISP method) 20tags() (pymispMISPAttribute property) 27tags() (pymispMISPEvent property) 26tags() (pymispMISPObjectAttribute property) 30tags() (pymispPyMISP method) 20tags_statistics() (pymispPyMISP method) 20taxonomies() (pymispPyMISP method) 20to_dict() (pymispAbstractMISP method) 23to_dict() (pymispMISPAttribute method) 27to_dict() (pymispMISPEvent method) 26to_dict() (pymispMISPObject method) 29
to_dict() (pymispMISPObjectAttribute method) 30to_dict() (pymispMISPObjectReference method) 32to_dict() (pymispMISPOrganisation method) 35to_dict() (pymispMISPTag method) 33to_dict() (pymispMISPUser method) 34to_dict() (pymisptoolsFileObject method) 38to_dict() (pymisptoolsVTReportObject method) 40to_feed() (pymispMISPEvent method) 26to_json() (pymispAbstractMISP method) 23to_json() (pymispMISPAttribute method) 27to_json() (pymispMISPEvent method) 26to_json() (pymispMISPObject method) 29to_json() (pymispMISPObjectAttribute method) 31to_json() (pymispMISPObjectReference method) 32to_json() (pymispMISPOrganisation method) 35to_json() (pymispMISPTag method) 33to_json() (pymispMISPUser method) 34to_json() (pymisptoolsFileObject method) 38to_json() (pymisptoolsVTReportObject method) 40toggle_warninglist() (pymispPyMISP method)
20
Uunpublish() (pymispMISPEvent method) 26untag() (pymispPyMISP method) 21update() (pymispMISPAttribute method) 28update() (pymispMISPEvent method) 26update() (pymispMISPObject method) 29update() (pymispMISPObjectAttribute method) 31update() (pymispMISPObjectReference method) 32update() (pymispMISPOrganisation method) 35update() (pymispMISPTag method) 33update() (pymispMISPUser method) 34update() (pymisptoolsFileObject method) 38update() (pymisptoolsVTReportObject method) 40update_attribute() (pymispPyMISP method) 21update_attribute_proposal()
(pymispPyMISP method) 21update_event() (pymispPyMISP method) 21update_event_blacklist() (pymispPyMISP
method) 21update_feed() (pymispPyMISP method) 21update_galaxies() (pymispPyMISP method) 21update_not_jsonable() (pymispAbstractMISP
method) 23update_not_jsonable() (pymispMISPAttribute
method) 28update_not_jsonable() (pymispMISPEvent
method) 26update_not_jsonable() (pymispMISPObject
method) 29update_not_jsonable()
(pymispMISPObjectAttribute method) 31
Index 49
PyMISP Documentation Release main
update_not_jsonable()(pymispMISPObjectReference method)32
update_not_jsonable()(pymispMISPOrganisation method) 35
update_not_jsonable() (pymispMISPTagmethod) 33
update_not_jsonable() (pymispMISPUsermethod) 34
update_not_jsonable() (pymisptoolsFileObjectmethod) 38
update_not_jsonable()(pymisptoolsVTReportObject method)40
update_noticelists() (pymispPyMISP method)21
update_object() (pymispPyMISP method) 21update_object_templates() (pymispPyMISP
method) 21update_organisation() (pymispPyMISP
method) 21update_organisation_blacklist()
(pymispPyMISP method) 21update_server() (pymispPyMISP method) 22update_tag() (pymispPyMISP method) 22update_taxonomies() (pymispPyMISP method)
22update_user() (pymispPyMISP method) 22update_warninglists() (pymispPyMISP
method) 22upload_stix() (pymispPyMISP method) 22user_registrations() (pymispPyMISP method)
22user_settings() (pymispPyMISP method) 22users() (pymispPyMISP method) 22users_statistics() (pymispPyMISP method) 22
Vvalues() (pymispMISPAttribute method) 28values() (pymispMISPEvent method) 26values() (pymispMISPObject method) 29values() (pymispMISPObjectAttribute method) 31values() (pymispMISPObjectReference method) 32values() (pymispMISPOrganisation method) 35values() (pymispMISPTag method) 33values() (pymispMISPUser method) 34values() (pymisptoolsFileObject method) 38values() (pymisptoolsVTReportObject method) 40values_in_warninglist() (pymispPyMISP
method) 22version() (pymispPyMISP property) 22VTReportObject (class in pymisptools) 38
Wwarninglists() (pymispPyMISP method) 22
50 Index
- README
- pymisp
- PyMISP
- PyMISPExpanded (Python 36+ only)
- MISPAbstract
- MISPEncode
- MISPEvent
- MISPAttribute
- MISPObject
- MISPObjectAttribute
- MISPObjectReference
- MISPTag
- MISPUser
- MISPOrganisation
- pymisp - Tools
- File Object
- ELF Object
- PE Object
- Mach-O Object
- VT Report Object
- STIX
- OpenIOC
- Indices and tables
- Python Module Index
- Index
PyMISP Documentation Release main
galaxies(pythonify=False)Get all the galaxies
Return type Union[Dict List[MISPGalaxy]]
get_all_functions(not_implemented=False)Get all methods available vi the API allow to get the ones that are not implemented
get_attribute(attribute pythonify=False)Get an attribute from a MISP instance
Return type Union[Dict MISPAttribute]
get_community(community pythonify=False)Get an community from a MISP instance
Return type Union[Dict MISPCommunity]
get_event(event deleted=False extended=False pythonify=False)Get an event from a MISP instance
Return type Union[Dict MISPEvent]
get_feed(feed pythonify=False)Get a feed by id
Return type Union[Dict MISPFeed]
get_galaxy(galaxy pythonify=False)Get a galaxy by id
Return type Union[Dict MISPGalaxy]
get_noticelist(noticelist pythonify=False)Get a noticelist by id
Return type Union[Dict MISPNoticelist]
get_object(misp_object pythonify=False)Get an object from the remote MISP instance
Return type Union[Dict MISPObject]
get_object_template(object_template pythonify=False)Gets the full object template corresponting the UUID passed as parameter
Return type Union[Dict MISPObjectTemplate]
get_organisation(organisation pythonify=False)Get an organisation
Return type Union[Dict MISPOrganisation]
get_sync_config(pythonify=False)WARNING This method only works if the user calling it is a sync user
Return type Union[Dict MISPServer]
get_tag(tag pythonify=False)Get a tag by id
Return type Union[Dict MISPTag]
get_taxonomy(taxonomy pythonify=False)Get a taxonomy from a MISP instance
Return type Union[Dict MISPTaxonomy]
21 PyMISP 13
PyMISP Documentation Release main
get_user(user=me pythonify=False expanded=False)Get a user me means the owner of the API key doing the query expanded also returns a MISPRole and aMISPUserSetting
Return type Union[Dict MISPUser Tuple[MISPUser MISPRoleList[MISPUserSetting]]]
get_user_setting(user_setting user=None pythonify=False)Get an user setting
Return type Union[Dict MISPUserSetting]
get_warninglist(warninglist pythonify=False)Get a warninglist
Return type Union[Dict MISPWarninglist]
import_server(server pythonify=False)Import a sync server config received from get_sync_config
Return type Union[Dict MISPServer]
load_default_feeds()Load all the default feeds
Return type Dict
property misp_instance_versionReturns the version of the instance
Return type Dict
property misp_instance_version_masterGet the most recent version from github
Return type Dict
noticelists(pythonify=False)Get all the noticelists
Return type Union[Dict List[MISPNoticelist]]
object_templates(pythonify=False)Get all the object templates
Return type Union[Dict List[MISPObjectTemplate]]
organisation_blacklists(pythonify=False)Get all the blacklisted organisations
Return type Union[Dict List[MISPOrganisationBlacklist]]
organisations(scope=local pythonify=False)Get all the organisations
Return type Union[Dict List[MISPOrganisation]]
publish(event alert=False)Publish the event with one single HTTP POST The default is to not send a mail as it is assumed thismethod is called on update
Return type Dict
push_event_to_ZMQ(event)Force push an event on ZMQ
14 Chapter 2 pymisp
PyMISP Documentation Release main
Return type Dict
property pymisp_version_mainGet the most recent version of PyMISP from github
Return type Dict
property recommended_pymisp_versionReturns the recommended API version from the server
Return type Dict
remote_acl(debug_type=findMissingFunctionNames)This should return an empty list unless the ACL is outdated debug_type can only be printAllFunction-Names findMissingFunctionNames or printRoleAccess
Return type Dict
remove_org_from_sharing_group(sharing_group organisation)Remove an organisation from a sharing group sharing_group Sharing grouprsquos local instance ID orSharing grouprsquos global UUID organisation Organisationrsquos local instance ID or Organisationrsquos globalUUID or Organisationrsquos name as known to the curent instance
Return type Dict
remove_server_from_sharing_group(sharing_group server)Remove a server from a sharing group sharing_group Sharing grouprsquos local instance ID or Sharinggrouprsquos global UUID server Serverrsquos local instance ID or URL of the Server or Serverrsquos name as knownto the curent instance
Return type Dict
roles(pythonify=False)Get the existing roles
Return type Union[Dict List[MISPRole]]
search(controller=events return_format=json limit=None page=None value=Nonetype_attribute=None category=None org=None tags=None quick_filter=None quick-Filter=None date_from=None date_to=None eventid=None with_attachments=NonewithAttachments=None metadata=None uuid=None publish_timestamp=Nonelast=None timestamp=None published=None enforce_warninglist=None enforceWarn-inglist=None to_ids=None deleted=None include_event_uuid=None includeEventU-uid=None include_event_tags=None includeEventTags=None event_timestamp=Nonesg_reference_only=None eventinfo=None searchall=None requested_attributes=None in-clude_context=None includeContext=None headerless=None include_sightings=NoneincludeSightings=None include_correlations=None includeCorrelations=None in-clude_decay_score=None includeDecayScore=None object_name=None pythonify=Falsekwargs)
Search in the MISP instance
Parameters
bull return_format (str) ndash Set the return format of the search (Currently supported jsonxml openioc suricata snort - more formats are being moved to restSearch with the goalbeing that all searches happen through this API) Can be passed as the first parameter afterrestSearch or via the JSON payload
bull limit (Optional[int]) ndash Limit the number of results returned depending on thescope (for example 10 attributes or 10 full events)
bull page (Optional[int]) ndash If a limit is set sets the page to be returned page 3 limit 100will return records 201-gt300)
21 PyMISP 15
PyMISP Documentation Release main
bull value (Optional[~SearchParameterTypes]) ndash Search for the given value in the at-tributesrsquo value field
bull type_attribute (Optional[~SearchParameterTypes]) ndash The attribute type anyvalid MISP attribute type is accepted
bull category (Optional[~SearchParameterTypes]) ndash The attribute category any validMISP attribute category is accepted
bull org (Optional[~SearchParameterTypes]) ndash Search by the creator organisation by sup-plying the organisation identifier
bull tags (Optional[~SearchParameterTypes]) ndash Tags to search or to exclude You canpass a list or the output of build_complex_query
bull quick_filter (Optional[str]) ndash The string passed to this field will ignore all ofthe other arguments MISP will return an xml json (depending on the header sent) of allevents that have a sub-string match on value in the event info event orgc or any of theattribute value1 value2 fields or in the attribute comment
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull eventid (Optional[~SearchType]) ndash The events that should be included excludedfrom the search
bull with_attachments (Optional[bool]) ndash If set encodes the attachments zippedmalware samples as base64 in the data field within each attribute
bull metadata (Optional[bool]) ndash Only the metadata (event tags relations) is returnedattributes and proposals are omitted
bull uuid (Optional[str]) ndash Restrict the results by uuid
bull publish_timestamp (Union[date int str float NoneTuple[Union[date int str float None] Union[date int str floatNone]]]) ndash Restrict the results by the last publish timestamp (newer than)
bull timestamp (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash Restrict the resultsby the timestamp (last edit) Any event with a timestamp newer than the given timestampwill be returned In case you are dealing with attributes as scope the attributersquos timestampwill be used for the lookup
bull published (Optional[bool]) ndash Set whether published or unpublished events shouldbe returned Do not set the parameter if you want both
bull enforce_warninglist (Optional[bool]) ndash Remove any attributes from the resultthat would cause a hit on a warninglist entry
bull to_ids (Union[~ToIDSType List[~ToIDSType] None]) ndash By default all attributesare returned that match the other filter parameters irregardless of their to_ids setting Torestrict the returned data set to to_ids only attributes set this parameter to 1 0 for the oneswith to_ids set to False
bull deleted (Optional[str]) ndash If this parameter is set to 1 it will only return soft-deletedattributes [ldquo0rdquo ldquo1rdquo] will return the active ones as well as the soft-deleted ones
bull include_event_uuid (Optional[bool]) ndash Instead of just including the event IDalso include the event UUID in each of the attributes
16 Chapter 2 pymisp
PyMISP Documentation Release main
bull include_event_tags (Optional[bool]) ndash Include the event level tags in each ofthe attributes
bull event_timestamp (Union[date int str float None]) ndash Only return at-tributes from events that have received a modification after the given timestamp
bull sg_reference_only (Optional[bool]) ndash If this flag is set sharing group objectswill not be included instead only the sharing group ID is set
bull eventinfo (Optional[str]) ndash Filter on the eventrsquos info field
bull searchall (Optional[bool]) ndash Search for a full or a substring (delimited by forsubstrings) in the event info event tags attribute tags attribute values or attribute commentfields
bull requested_attributes (Optional[str]) ndash [CSV only] Select the fields that youwish to include in the CSV export By setting event level fields additionally includeCon-text is not required to get event metadata
bull include_context (Optional[bool]) ndash [Attribute only] Include the event data witheach attribute [CSV output] Add event level metadata in every line of the CSV
bull headerless (Optional[bool]) ndash [CSV Only] The CSV created when this setting isset to true will not contain the header row
bull include_sightings (Optional[bool]) ndash [JSON Only - Attribute] Include thesightings of the matching attributes
bull include_decay_score (Optional[bool]) ndash Include the decay score at attributelevel
bull include_correlations (Optional[bool]) ndash [JSON Only - attribute] Include thecorrelations of the matching attributes
bull object_name (Optional[str]) ndash [objects controller only] Search for objects withthat name
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead of the plainjson output Warning it might use a lot of RAM
Deprecated
Parameters
bull quickFilter (Optional[str]) ndash synponym for quick_filter
bull withAttachments (Optional[bool]) ndash synonym for with_attachments
bull last (Union[date int str float None Tuple[Union[date int strfloat None] Union[date int str float None]]]) ndash synonym for pub-lish_timestamp
bull enforceWarninglist (Optional[bool]) ndash synonym for enforce_warninglist
bull includeEventUuid (Optional[bool]) ndash synonym for include_event_uuid
bull includeEventTags (Optional[bool]) ndash synonym for include_event_tags
bull includeContext (Optional[bool]) ndash synonym for include_context
Return type Union[Dict str List[Union[MISPEvent MISPAttributeMISPObject]]]
search_feeds(value=None pythonify=False)Search in the feeds cached on the servers
21 PyMISP 17
PyMISP Documentation Release main
Return type Union[Dict List[MISPFeed]]
search_index(published=None eventid=None tags=None date_from=None date_to=Noneeventinfo=None threatlevel=None distribution=None analysis=None org=Nonetimestamp=None pythonify=None)
Search only at the index level Using in front of a value means NOT (default is OR)
Parameters
bull published (Optional[bool]) ndash Set whether published or unpublished events shouldbe returned Do not set the parameter if you want both
bull eventid (Optional[~SearchType]) ndash The events that should be included excludedfrom the search
bull tags (Optional[~SearchParameterTypes]) ndash Tags to search or to exclude You canpass a list or the output of build_complex_query
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull eventinfo (Optional[str]) ndash Filter on the eventrsquos info field
bull threatlevel (Optional[List[~SearchType]]) ndash Threat level(s) (1234) | list
bull distribution (Optional[List[~SearchType]]) ndash Distribution level(s) (0123) |list
bull analysis (Optional[List[~SearchType]]) ndash Analysis level(s) (012) | list
bull org (Optional[~SearchParameterTypes]) ndash Search by the creator organisation by sup-plying the organisation identifier
bull timestamp (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash Restrict the resultsby the timestamp (last edit) Any event with a timestamp newer than the given timestampwill be returned In case you are dealing with attributes as scope the attributersquos timestampwill be used for the lookup
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead or the plainjson output Warning it might use a lot of RAM
Return type Union[Dict List[MISPEvent]]
search_logs(limit=None page=None log_id=None title=None created=None model=None ac-tion=None user_id=None change=None email=None org=None description=Noneip=None pythonify=False)
Search in logs
Note to run substring queries simply appendprependencapsulate the search term with
Parameters
bull limit (Optional[int]) ndash Limit the number of results returned depending on thescope (for example 10 attributes or 10 full events)
bull page (Optional[int]) ndash If a limit is set sets the page to be returned page 3 limit 100will return records 201-gt300)
bull log_id (Optional[int]) ndash Log ID
bull title (Optional[str]) ndash Log Title
18 Chapter 2 pymisp
PyMISP Documentation Release main
bull created (Union[date int str float None]) ndash Creation timestamp
bull model (Optional[str]) ndash Model name that generated the log entry
bull action (Optional[str]) ndash The thing that was done
bull user_id (Optional[int]) ndash ID of the user doing the action
bull change (Optional[str]) ndash Change that occured
bull email (Optional[str]) ndash Email of the user
bull org (Optional[str]) ndash Organisation of the User doing the action
bull description (Optional[str]) ndash Description of the action
bull ip (Optional[str]) ndash Origination IP of the User doing the action
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead or the plainjson output Warning it might use a lot of RAM
Return type Union[Dict List[MISPLog]]
search_sightings(context=None context_id=None type_sighting=None date_from=Nonedate_to=None publish_timestamp=None last=None org=None source=Noneinclude_attribute=None include_event_meta=None pythonify=False)
Search sightings
Parameters
bull context (Optional[str]) ndash The context of the search Can be either ldquoattributerdquoldquoeventrdquo or nothing (will then match on events and attributes)
bull context_id (Optional[~SearchType]) ndash Only relevant if context is either ldquoattributerdquoor ldquoeventrdquo Then it is the relevant ID
bull type_sighting (Optional[str]) ndash Type of sighting
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull publish_timestamp (Union[date int str float NoneTuple[Union[date int str float None] Union[date int str floatNone]]]) ndash Restrict the results by the last publish timestamp (newer than)
bull org (Optional[~SearchType]) ndash Search by the creator organisation by supplying theorganisation identifier
bull source (Optional[str]) ndash Source of the sighting
bull include_attribute (Optional[bool]) ndash Include the attribute
bull include_event_meta (Optional[bool]) ndash Include the meta information of theevent
Deprecated
Parameters last (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash synonym for pub-lish_timestamp
Example
21 PyMISP 19
PyMISP Documentation Release main
gtgtgt mispsearch_sightings(publish_timestamp=30d) search sightings for therarr˓last 30 days on the instance[ ]gtgtgt mispsearch_sightings(context=attribute context_id=6 include_rarr˓attribute=True) return list of sighting for attribute 6 along with therarr˓attribute itself[ ]gtgtgt mispsearch_sightings(context=event context_id=17 include_event_rarr˓meta=True org=2) return list of sighting for event 17 filtered with orgrarr˓id 2
Return type Union[Dict List[Dict[str Union[MISPEvent MISPAttributeMISPSighting]]]]
server_pull(server event=None)Initialize a pull from a sync server
Return type Dict
server_push(server event=None)Initialize a push to a sync server
Return type Dict
servers(pythonify=False)Get the existing servers the MISP instance can synchronise with
Return type Union[Dict List[MISPServer]]
set_user_setting(user_setting value user=None pythonify=False)Get an user setting
Return type Union[Dict MISPUserSetting]
sharing_groups(pythonify=False)Get the existing sharing groups
Return type Union[Dict List[MISPSharingGroup]]
sightings(misp_entity=None org=None pythonify=False)Get the list of sighting related to a MISPEvent or a MISPAttribute (depending on type of misp_entity)
Return type Union[Dict List[MISPSighting]]
tag(misp_entity tag local=False)Tag an event or an attribute misp_entity can be a MISPEvent a MISP Attribute or a UUID
Return type Dict
tags(pythonify=False)Get the list of existing tags
Return type Union[Dict List[MISPTag]]
tags_statistics(percentage=False name_sort=False)Get tags statistics from the MISP instance
Return type Dict
taxonomies(pythonify=False)Get all the taxonomies
Return type Union[Dict List[MISPTaxonomy]]
20 Chapter 2 pymisp
PyMISP Documentation Release main
toggle_warninglist(warninglist_id=None warninglist_name=None force_enable=False)Toggle (enabledisable) the status of a warninglist by ID type warninglist_id Union[str intList[int] None] param warninglist_id ID of the WarningList type force_enable bool paramforce_enable Force the warning list in the enabled state (does nothing is already enabled)
Return type Dict
untag(misp_entity tag)Untag an event or an attribute misp_entity can be a UUID
Return type Dict
update_attribute(attribute attribute_id=None pythonify=False)Update an attribute on a MISP instance
Return type Union[Dict MISPAttribute MISPShadowAttribute]
update_attribute_proposal(initial_attribute attribute pythonify=False)Propose a change for an attribute
Return type Union[Dict MISPShadowAttribute]
update_event(event event_id=None pythonify=False)Update an event on a MISP instance
Return type Union[Dict MISPEvent]
update_event_blacklist(event_blacklist event_blacklist_id=None pythonify=False)Update an event in the blacklist
Return type Union[Dict MISPEventBlacklist]
update_feed(feed feed_id=None pythonify=False)Update a feed on a MISP instance
Return type Union[Dict MISPFeed]
update_galaxies()Update all the galaxies
Return type Dict
update_noticelists()Update all the noticelists
Return type Dict
update_object(misp_object object_id=None pythonify=False)Update an object on a MISP instance
Return type Union[Dict MISPObject]
update_object_templates()Trigger an update of the object templates
Return type Dict
update_organisation(organisation organisation_id=None pythonify=False)Update an organisation
Return type Union[Dict MISPOrganisation]
update_organisation_blacklist(organisation_blacklist organisation_blacklist_id=Nonepythonify=False)
Update an organisation in the blacklist
Return type Union[Dict MISPOrganisationBlacklist]
21 PyMISP 21
PyMISP Documentation Release main
update_server(server server_id=None pythonify=False)Update a server to synchronise with
Return type Union[Dict MISPServer]
update_tag(tag tag_id=None pythonify=False)Edit only the provided parameters of a tag
Return type Union[Dict MISPTag]
update_taxonomies()Update all the taxonomies
Return type Dict
update_user(user user_id=None pythonify=False)Update an event on a MISP instance
Return type Union[Dict MISPUser]
update_warninglists()Update all the warninglists
Return type Dict
upload_stix(path version=2)Upload a STIX file to MISP param path Path to the STIX on the disk (can be a path-like object or apseudofile) type version str param version Can be 1 or 2
user_registrations(pythonify=False)Get all the user registrations
Return type Union[Dict List[MISPInbox]]
user_settings(pythonify=False)Get all the user settings
Return type Union[Dict List[MISPUserSetting]]
users(pythonify=False)Get all the users
Return type Union[Dict List[MISPUser]]
users_statistics(context=data)Get users statistics from the MISP instance
Return type Dict
values_in_warninglist(value)Check if IOC values are in warninglist
Return type Dict
property versionReturns the version of PyMISP yoursquore curently using
Return type Dict
warninglists(pythonify=False)Get all the warninglists
Return type Union[Dict List[MISPWarninglist]]
22 Chapter 2 pymisp
PyMISP Documentation Release main
22 PyMISPExpanded (Python 36+ only)
pymispExpandedPyMISPalias of pymispapiPyMISP
23 MISPAbstract
class pymispAbstractMISP(kwargs)
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
Return type None
from_json(json_string)Load a JSON string
Return type None
jsonable()This method is used by the JSON encoder
Return type Dict
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
22 PyMISPExpanded (Python 36+ only) 23
PyMISP Documentation Release main
24 MISPEncode
class pymispMISPEncode(args kwargs)
default(obj)Implement this method in a subclass such that it returns a serializable object for o or calls the baseimplementation (to raise a TypeError)
For example to support arbitrary iterators you could implement default like this
def default(self o)try
iterable = iter(o)except TypeError
passelse
return list(iterable) Let the base class default method raise the TypeErrorreturn JSONEncoderdefault(self o)
25 MISPEvent
class pymispMISPEvent(describe_types=None strict_validation=False kwargs)
add_attribute(type value kwargs)Add an attribute type and value are required but you can pass all other parameters supported by MISPAt-tribute
Return type Union[MISPAttribute List[MISPAttribute]]
add_attribute_tag(tag attribute_identifier)Add a tag to an existing attribute raise an Exception if the attribute doesnrsquot exists tag Tag name as astring MISPTag instance or dictionary attribute_identifier can be an ID UUID or the value
Return type List[MISPAttribute]
add_object(obj=None kwargs)Add an object to the Event either by passing a MISPObject or a dictionary
Return type MISPObject
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a tag to the attribute (by name or a MISPTag object)
Return type MISPShadowAttribute
clear()rarr None Remove all items from D
delete_attribute(attribute_id)Delete an attribute you can search by ID or UUID
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
24 Chapter 2 pymisp
PyMISP Documentation Release main
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attribute_tag(attribute_identifier)Return the tags associated to an attribute or an object attribute attribute_identifier can be an ID UUIDor the value
Return type List[MISPTag]
get_object_by_id(object_id)Get an object by ID (the ID is the one set by the server when creating the new object)
Return type MISPObject
get_object_by_uuid(object_uuid)Get an object by UUID (UUID is set by the server when creating the new object)
Return type MISPObject
get_objects_by_name(object_name)Get an object by UUID (UUID is set by the server when creating the new object)
Return type List[MISPObject]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
load(json_event validate=False metadata_only=False)Load a JSON dump from a pseudo file or a JSON string
load_file(event_path validate=False metadata_only=False)Load a JSON dump from a file on the disk
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
publish()Mark the attribute as published
set_date(d=None ignore_invalid=False)Set a date for the event (string datetime or date object)
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
25 MISPEvent 25
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Event
Return type List[MISPTag]
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_feed(valid_distributions=[0 1 2 3 4 5] with_meta=False)Generate a json output for MISP Feed Notes
bull valid_distributions only makes sense if the distribution key is set (ie the event is exported from aMISP instance)
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
unpublish()Mark the attribute as un-published (set publish flag to false)
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
26 MISPAttribute
class pymispMISPAttribute(describe_types=None strict=False)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
26 Chapter 2 pymisp
PyMISP Documentation Release main
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
26 MISPAttribute 27
PyMISP Documentation Release main
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
27 MISPObject
class pymispMISPObject(name strict=False standalone=True default_attributes_parameters=kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
28 Chapter 2 pymisp
PyMISP Documentation Release main
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
28 MISPObjectAttribute
class pymispMISPObjectAttribute(definition)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
28 MISPObjectAttribute 29
PyMISP Documentation Release main
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(object_relation value kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
30 Chapter 2 pymisp
PyMISP Documentation Release main
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
29 MISPObjectReference
class pymispMISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
29 MISPObjectReference 31
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
210 MISPTag
class pymispMISPTag(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
32 Chapter 2 pymisp
PyMISP Documentation Release main
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
211 MISPUser
class pymispMISPUser(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
211 MISPUser 33
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation
class pymispMISPOrganisation
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
34 Chapter 2 pymisp
PyMISP Documentation Release main
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation 35
PyMISP Documentation Release main
36 Chapter 2 pymisp
CHAPTER
THREE
PYMISP - TOOLS
31 File Object
class pymisptoolsFileObject(filepath=None pseudofile=None filename=None kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Contains the logic where all the values of the object are gathered
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
37
PyMISP Documentation Release main
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
32 ELF Object
33 PE Object
34 Mach-O Object
35 VT Report Object
class pymisptoolsVTReportObject(apikey indicator vt_proxies=None kwargs)VirusTotal Report
Apikey VirusTotal API key (private works but only public features are supported right now)
38 Chapter 3 pymisp - Tools
PyMISP Documentation Release main
Indicator IOC to search VirusTotal for
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Parse the VirusTotal report for relevant attributes
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
35 VT Report Object 39
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
36 STIX
pymisptoolsstixload_stix(stix distribution=3 threat_level_id=2 analysis=0)Returns a MISPEvent object from a STIX package
pymisptoolsstixmake_stix_package(misp_event to_json=False to_xml=False)Returns a STIXPackage from a MISPEvent
Optionally can return the package in json or xml
37 OpenIOC
toolsload_openioc()
toolsload_openioc_file()
40 Chapter 3 pymisp - Tools
CHAPTER
FOUR
INDICES AND TABLES
bull genindex
bull modindex
bull search
41
PyMISP Documentation Release main
42 Chapter 4 Indices and tables
PYTHON MODULE INDEX
ppymisp 7pymisptools 37pymisptoolsstix 40
43
PyMISP Documentation Release main
44 Python Module Index
INDEX
AAbstractMISP (class in pymisp) 23accept_attribute_proposal()
(pymispPyMISP method) 7add_attribute() (pymispMISPEvent method) 24add_attribute() (pymispMISPObject method) 28add_attribute() (pymispPyMISP method) 7add_attribute() (pymisptoolsFileObject method)
37add_attribute() (pymisptoolsVTReportObject
method) 39add_attribute_proposal() (pymispPyMISP
method) 7add_attribute_tag() (pymispMISPEvent
method) 24add_attributes() (pymispMISPObject method)
28add_attributes() (pymisptoolsFileObject
method) 37add_attributes() (pymisptoolsVTReportObject
method) 39add_event() (pymispPyMISP method) 7add_event_blacklist() (pymispPyMISP
method) 8add_feed() (pymispPyMISP method) 8add_object() (pymispMISPEvent method) 24add_object() (pymispPyMISP method) 8add_object_reference() (pymispPyMISP
method) 8add_org_to_sharing_group() (pymispPyMISP
method) 8add_organisation() (pymispPyMISP method) 8add_organisation_blacklist()
(pymispPyMISP method) 8add_proposal() (pymispMISPAttribute method) 26add_proposal() (pymispMISPEvent method) 24add_proposal() (pymispMISPObjectAttribute
method) 29add_reference() (pymispMISPObject method) 28add_reference() (pymisptoolsFileObject method)
37add_reference() (pymisptoolsVTReportObject
method) 39add_server() (pymispPyMISP method) 8add_server_to_sharing_group()
(pymispPyMISP method) 8add_shadow_attribute() (pymispMISPAttribute
method) 26add_shadow_attribute() (pymispMISPEvent
method) 24add_shadow_attribute()
(pymispMISPObjectAttribute method) 29add_sharing_group() (pymispPyMISP method) 8add_sighting() (pymispMISPAttribute method) 26add_sighting() (pymispMISPObjectAttribute
method) 29add_sighting() (pymispPyMISP method) 8add_tag() (pymispPyMISP method) 8add_user() (pymispPyMISP method) 9attributes_statistics() (pymispPyMISP
method) 9
Bbuild_complex_query() (pymispPyMISP
method) 9
Ccache_all_feeds() (pymispPyMISP method) 9cache_feed() (pymispPyMISP method) 9cache_freetext_feeds() (pymispPyMISP
method) 9cache_misp_feeds() (pymispPyMISP method) 9change_sharing_group_on_entity()
(pymispPyMISP method) 9change_user_password() (pymispPyMISP
method) 9clear() (pymispMISPAttribute method) 26clear() (pymispMISPEvent method) 24clear() (pymispMISPObject method) 28clear() (pymispMISPObjectAttribute method) 29clear() (pymispMISPObjectReference method) 31clear() (pymispMISPOrganisation method) 34clear() (pymispMISPTag method) 32clear() (pymispMISPUser method) 33
45
PyMISP Documentation Release main
clear() (pymisptoolsFileObject method) 37clear() (pymisptoolsVTReportObject method) 39communities() (pymispPyMISP method) 9compare_feeds() (pymispPyMISP method) 9contact_event_reporter() (pymispPyMISP
method) 9
Ddefault() (pymispMISPEncode method) 24delegate_event() (pymispPyMISP method) 10delete() (pymispMISPAttribute method) 26delete() (pymispMISPObjectAttribute method) 30delete_attribute() (pymispMISPEvent method)
24delete_attribute() (pymispPyMISP method) 10delete_attribute_proposal()
(pymispPyMISP method) 10delete_event() (pymispPyMISP method) 10delete_event_blacklist() (pymispPyMISP
method) 10delete_feed() (pymispPyMISP method) 10delete_object() (pymispPyMISP method) 10delete_object_reference() (pymispPyMISP
method) 10delete_organisation() (pymispPyMISP
method) 10delete_organisation_blacklist()
(pymispPyMISP method) 10delete_server() (pymispPyMISP method) 10delete_sharing_group() (pymispPyMISP
method) 10delete_sighting() (pymispPyMISP method) 10delete_tag() (pymispPyMISP method) 11delete_user() (pymispPyMISP method) 11delete_user_setting() (pymispPyMISP
method) 11describe_types_local() (pymispPyMISP prop-
erty) 11describe_types_remote() (pymispPyMISP
property) 11direct_call() (pymispPyMISP method) 11disable_feed() (pymispPyMISP method) 11disable_feed_cache() (pymispPyMISP method)
11disable_noticelist() (pymispPyMISP method)
11disable_tag() (pymispPyMISP method) 11disable_taxonomy() (pymispPyMISP method) 11disable_taxonomy_tags() (pymispPyMISP
method) 11disable_warninglist() (pymispPyMISP
method) 11discard_attribute_proposal()
(pymispPyMISP method) 12
Eedited() (pymispAbstractMISP property) 23edited() (pymispMISPAttribute property) 26edited() (pymispMISPEvent property) 24edited() (pymispMISPObject property) 28edited() (pymispMISPObjectAttribute property) 30edited() (pymispMISPObjectReference property) 31edited() (pymispMISPOrganisation property) 34edited() (pymispMISPTag property) 32edited() (pymispMISPUser property) 33edited() (pymisptoolsFileObject property) 37edited() (pymisptoolsVTReportObject property) 39enable_feed() (pymispPyMISP method) 12enable_feed_cache() (pymispPyMISP method)
12enable_noticelist() (pymispPyMISP method)
12enable_tag() (pymispPyMISP method) 12enable_taxonomy() (pymispPyMISP method) 12enable_taxonomy_tags() (pymispPyMISP
method) 12enable_warninglist() (pymispPyMISP method)
12event_blacklists() (pymispPyMISP method) 12event_delegations() (pymispPyMISP method)
12ExpandedPyMISP (in module pymisp) 23
Ffeeds() (pymispPyMISP method) 12fetch_feed() (pymispPyMISP method) 12FileObject (class in pymisptools) 37freetext() (pymispPyMISP method) 12from_dict() (pymispAbstractMISP method) 23from_dict() (pymispMISPAttribute method) 27from_dict() (pymispMISPEvent method) 25from_dict() (pymispMISPObject method) 28from_dict() (pymispMISPObjectAttribute method)
30from_dict() (pymispMISPObjectReference method)
31from_dict() (pymispMISPOrganisation method) 34from_dict() (pymispMISPTag method) 32from_dict() (pymispMISPUser method) 33from_dict() (pymisptoolsFileObject method) 37from_dict() (pymisptoolsVTReportObject method)
39from_json() (pymispAbstractMISP method) 23from_json() (pymispMISPAttribute method) 27from_json() (pymispMISPEvent method) 25from_json() (pymispMISPObject method) 28from_json() (pymispMISPObjectAttribute method)
30
46 Index
PyMISP Documentation Release main
from_json() (pymispMISPObjectReference method)31
from_json() (pymispMISPOrganisation method) 34from_json() (pymispMISPTag method) 32from_json() (pymispMISPUser method) 33from_json() (pymisptoolsFileObject method) 37from_json() (pymisptoolsVTReportObject method)
39
Ggalaxies() (pymispPyMISP method) 12generate_attributes() (pymisptoolsFileObject
method) 37generate_attributes()
(pymisptoolsVTReportObject method)39
get() (pymispMISPAttribute method) 27get() (pymispMISPEvent method) 25get() (pymispMISPObject method) 28get() (pymispMISPObjectAttribute method) 30get() (pymispMISPObjectReference method) 31get() (pymispMISPOrganisation method) 34get() (pymispMISPTag method) 32get() (pymispMISPUser method) 33get() (pymisptoolsFileObject method) 37get() (pymisptoolsVTReportObject method) 39get_all_functions() (pymispPyMISP method)
13get_attribute() (pymispPyMISP method) 13get_attribute_tag() (pymispMISPEvent
method) 25get_attributes_by_relation()
(pymispMISPObject method) 28get_attributes_by_relation()
(pymisptoolsFileObject method) 37get_attributes_by_relation()
(pymisptoolsVTReportObject method)39
get_community() (pymispPyMISP method) 13get_event() (pymispPyMISP method) 13get_feed() (pymispPyMISP method) 13get_galaxy() (pymispPyMISP method) 13get_noticelist() (pymispPyMISP method) 13get_object() (pymispPyMISP method) 13get_object_by_id() (pymispMISPEvent method)
25get_object_by_uuid() (pymispMISPEvent
method) 25get_object_template() (pymispPyMISP
method) 13get_objects_by_name() (pymispMISPEvent
method) 25get_organisation() (pymispPyMISP method) 13get_sync_config() (pymispPyMISP method) 13
get_tag() (pymispPyMISP method) 13get_taxonomy() (pymispPyMISP method) 13get_user() (pymispPyMISP method) 13get_user_setting() (pymispPyMISP method) 14get_warninglist() (pymispPyMISP method) 14
Hhas_attributes_by_relation()
(pymispMISPObject method) 28has_attributes_by_relation()
(pymisptoolsFileObject method) 37has_attributes_by_relation()
(pymisptoolsVTReportObject method)39
hash_values() (pymispMISPAttribute method) 27hash_values() (pymispMISPObjectAttribute
method) 30
Iimport_server() (pymispPyMISP method) 14items() (pymispMISPAttribute method) 27items() (pymispMISPEvent method) 25items() (pymispMISPObject method) 29items() (pymispMISPObjectAttribute method) 30items() (pymispMISPObjectReference method) 31items() (pymispMISPOrganisation method) 34items() (pymispMISPTag method) 32items() (pymispMISPUser method) 33items() (pymisptoolsFileObject method) 38items() (pymisptoolsVTReportObject method) 39
Jjsonable() (pymispAbstractMISP method) 23jsonable() (pymispMISPAttribute method) 27jsonable() (pymispMISPEvent method) 25jsonable() (pymispMISPObject method) 29jsonable() (pymispMISPObjectAttribute method)
30jsonable() (pymispMISPObjectReference method)
31jsonable() (pymispMISPOrganisation method) 34jsonable() (pymispMISPTag method) 32jsonable() (pymispMISPUser method) 33jsonable() (pymisptoolsFileObject method) 38jsonable() (pymisptoolsVTReportObject method)
39
Kkeys() (pymispMISPAttribute method) 27keys() (pymispMISPEvent method) 25keys() (pymispMISPObject method) 29keys() (pymispMISPObjectAttribute method) 30keys() (pymispMISPObjectReference method) 31keys() (pymispMISPOrganisation method) 34
Index 47
PyMISP Documentation Release main
keys() (pymispMISPTag method) 32keys() (pymispMISPUser method) 33keys() (pymisptoolsFileObject method) 38keys() (pymisptoolsVTReportObject method) 39known_types() (pymispMISPAttribute property) 27known_types() (pymispMISPObjectAttribute prop-
erty) 30
Lload() (pymispMISPEvent method) 25load_default_feeds() (pymispPyMISP method)
14load_file() (pymispMISPEvent method) 25load_openioc() (pymisptools method) 40load_openioc_file() (pymisptools method) 40load_stix() (in module pymisptoolsstix) 40
Mmake_stix_package() (in module
pymisptoolsstix) 40malware_binary() (pymispMISPAttribute prop-
erty) 27malware_binary() (pymispMISPObjectAttribute
property) 30misp_instance_version() (pymispPyMISP
property) 14misp_instance_version_master()
(pymispPyMISP property) 14MISPAttribute (class in pymisp) 26MISPEncode (class in pymisp) 24MISPEvent (class in pymisp) 24MISPObject (class in pymisp) 28MISPObjectAttribute (class in pymisp) 29MISPObjectReference (class in pymisp) 31MISPOrganisation (class in pymisp) 34MISPTag (class in pymisp) 32MISPUser (class in pymisp) 33module
pymisp 7pymisptools 37pymisptoolsstix 40
Nnoticelists() (pymispPyMISP method) 14
Oobject_templates() (pymispPyMISP method) 14organisation_blacklists() (pymispPyMISP
method) 14organisations() (pymispPyMISP method) 14
Ppop() (pymispMISPAttribute method) 27
pop() (pymispMISPEvent method) 25pop() (pymispMISPObject method) 29pop() (pymispMISPObjectAttribute method) 30pop() (pymispMISPObjectReference method) 31pop() (pymispMISPOrganisation method) 34pop() (pymispMISPTag method) 32pop() (pymispMISPUser method) 33pop() (pymisptoolsFileObject method) 38pop() (pymisptoolsVTReportObject method) 39popitem() (pymispMISPAttribute method) 27popitem() (pymispMISPEvent method) 25popitem() (pymispMISPObject method) 29popitem() (pymispMISPObjectAttribute method) 30popitem() (pymispMISPObjectReference method) 31popitem() (pymispMISPOrganisation method) 34popitem() (pymispMISPTag method) 32popitem() (pymispMISPUser method) 33popitem() (pymisptoolsFileObject method) 38popitem() (pymisptoolsVTReportObject method) 39publish() (pymispMISPEvent method) 25publish() (pymispPyMISP method) 14push_event_to_ZMQ() (pymispPyMISP method)
14pymisp
module 7PyMISP (class in pymisp) 7pymisptools
module 37pymisptoolsstix
module 40pymisp_version_main() (pymispPyMISP prop-
erty) 15
Rrecommended_pymisp_version()
(pymispPyMISP property) 15remote_acl() (pymispPyMISP method) 15remove_org_from_sharing_group()
(pymispPyMISP method) 15remove_server_from_sharing_group()
(pymispPyMISP method) 15roles() (pymispPyMISP method) 15
Ssearch() (pymispPyMISP method) 15search_feeds() (pymispPyMISP method) 17search_index() (pymispPyMISP method) 18search_logs() (pymispPyMISP method) 18search_sightings() (pymispPyMISP method) 19server_pull() (pymispPyMISP method) 20server_push() (pymispPyMISP method) 20servers() (pymispPyMISP method) 20set_date() (pymispMISPEvent method) 25
48 Index
PyMISP Documentation Release main
set_not_jsonable() (pymispAbstractMISPmethod) 23
set_not_jsonable() (pymispMISPAttributemethod) 27
set_not_jsonable() (pymispMISPEvent method)25
set_not_jsonable() (pymispMISPObjectmethod) 29
set_not_jsonable() (pymispMISPObjectAttributemethod) 30
set_not_jsonable()(pymispMISPObjectReference method)31
set_not_jsonable() (pymispMISPOrganisationmethod) 35
set_not_jsonable() (pymispMISPTag method)32
set_not_jsonable() (pymispMISPUser method)33
set_not_jsonable() (pymisptoolsFileObjectmethod) 38
set_not_jsonable()(pymisptoolsVTReportObject method)39
set_user_setting() (pymispPyMISP method) 20setdefault() (pymispMISPAttribute method) 27setdefault() (pymispMISPEvent method) 25setdefault() (pymispMISPObject method) 29setdefault() (pymispMISPObjectAttribute
method) 30setdefault() (pymispMISPObjectReference
method) 31setdefault() (pymispMISPOrganisation method)
35setdefault() (pymispMISPTag method) 33setdefault() (pymispMISPUser method) 34setdefault() (pymisptoolsFileObject method) 38setdefault() (pymisptoolsVTReportObject
method) 40sharing_groups() (pymispPyMISP method) 20sightings() (pymispPyMISP method) 20
Ttag() (pymispPyMISP method) 20tags() (pymispMISPAttribute property) 27tags() (pymispMISPEvent property) 26tags() (pymispMISPObjectAttribute property) 30tags() (pymispPyMISP method) 20tags_statistics() (pymispPyMISP method) 20taxonomies() (pymispPyMISP method) 20to_dict() (pymispAbstractMISP method) 23to_dict() (pymispMISPAttribute method) 27to_dict() (pymispMISPEvent method) 26to_dict() (pymispMISPObject method) 29
to_dict() (pymispMISPObjectAttribute method) 30to_dict() (pymispMISPObjectReference method) 32to_dict() (pymispMISPOrganisation method) 35to_dict() (pymispMISPTag method) 33to_dict() (pymispMISPUser method) 34to_dict() (pymisptoolsFileObject method) 38to_dict() (pymisptoolsVTReportObject method) 40to_feed() (pymispMISPEvent method) 26to_json() (pymispAbstractMISP method) 23to_json() (pymispMISPAttribute method) 27to_json() (pymispMISPEvent method) 26to_json() (pymispMISPObject method) 29to_json() (pymispMISPObjectAttribute method) 31to_json() (pymispMISPObjectReference method) 32to_json() (pymispMISPOrganisation method) 35to_json() (pymispMISPTag method) 33to_json() (pymispMISPUser method) 34to_json() (pymisptoolsFileObject method) 38to_json() (pymisptoolsVTReportObject method) 40toggle_warninglist() (pymispPyMISP method)
20
Uunpublish() (pymispMISPEvent method) 26untag() (pymispPyMISP method) 21update() (pymispMISPAttribute method) 28update() (pymispMISPEvent method) 26update() (pymispMISPObject method) 29update() (pymispMISPObjectAttribute method) 31update() (pymispMISPObjectReference method) 32update() (pymispMISPOrganisation method) 35update() (pymispMISPTag method) 33update() (pymispMISPUser method) 34update() (pymisptoolsFileObject method) 38update() (pymisptoolsVTReportObject method) 40update_attribute() (pymispPyMISP method) 21update_attribute_proposal()
(pymispPyMISP method) 21update_event() (pymispPyMISP method) 21update_event_blacklist() (pymispPyMISP
method) 21update_feed() (pymispPyMISP method) 21update_galaxies() (pymispPyMISP method) 21update_not_jsonable() (pymispAbstractMISP
method) 23update_not_jsonable() (pymispMISPAttribute
method) 28update_not_jsonable() (pymispMISPEvent
method) 26update_not_jsonable() (pymispMISPObject
method) 29update_not_jsonable()
(pymispMISPObjectAttribute method) 31
Index 49
PyMISP Documentation Release main
update_not_jsonable()(pymispMISPObjectReference method)32
update_not_jsonable()(pymispMISPOrganisation method) 35
update_not_jsonable() (pymispMISPTagmethod) 33
update_not_jsonable() (pymispMISPUsermethod) 34
update_not_jsonable() (pymisptoolsFileObjectmethod) 38
update_not_jsonable()(pymisptoolsVTReportObject method)40
update_noticelists() (pymispPyMISP method)21
update_object() (pymispPyMISP method) 21update_object_templates() (pymispPyMISP
method) 21update_organisation() (pymispPyMISP
method) 21update_organisation_blacklist()
(pymispPyMISP method) 21update_server() (pymispPyMISP method) 22update_tag() (pymispPyMISP method) 22update_taxonomies() (pymispPyMISP method)
22update_user() (pymispPyMISP method) 22update_warninglists() (pymispPyMISP
method) 22upload_stix() (pymispPyMISP method) 22user_registrations() (pymispPyMISP method)
22user_settings() (pymispPyMISP method) 22users() (pymispPyMISP method) 22users_statistics() (pymispPyMISP method) 22
Vvalues() (pymispMISPAttribute method) 28values() (pymispMISPEvent method) 26values() (pymispMISPObject method) 29values() (pymispMISPObjectAttribute method) 31values() (pymispMISPObjectReference method) 32values() (pymispMISPOrganisation method) 35values() (pymispMISPTag method) 33values() (pymispMISPUser method) 34values() (pymisptoolsFileObject method) 38values() (pymisptoolsVTReportObject method) 40values_in_warninglist() (pymispPyMISP
method) 22version() (pymispPyMISP property) 22VTReportObject (class in pymisptools) 38
Wwarninglists() (pymispPyMISP method) 22
50 Index
- README
- pymisp
- PyMISP
- PyMISPExpanded (Python 36+ only)
- MISPAbstract
- MISPEncode
- MISPEvent
- MISPAttribute
- MISPObject
- MISPObjectAttribute
- MISPObjectReference
- MISPTag
- MISPUser
- MISPOrganisation
- pymisp - Tools
- File Object
- ELF Object
- PE Object
- Mach-O Object
- VT Report Object
- STIX
- OpenIOC
- Indices and tables
- Python Module Index
- Index
PyMISP Documentation Release main
get_user(user=me pythonify=False expanded=False)Get a user me means the owner of the API key doing the query expanded also returns a MISPRole and aMISPUserSetting
Return type Union[Dict MISPUser Tuple[MISPUser MISPRoleList[MISPUserSetting]]]
get_user_setting(user_setting user=None pythonify=False)Get an user setting
Return type Union[Dict MISPUserSetting]
get_warninglist(warninglist pythonify=False)Get a warninglist
Return type Union[Dict MISPWarninglist]
import_server(server pythonify=False)Import a sync server config received from get_sync_config
Return type Union[Dict MISPServer]
load_default_feeds()Load all the default feeds
Return type Dict
property misp_instance_versionReturns the version of the instance
Return type Dict
property misp_instance_version_masterGet the most recent version from github
Return type Dict
noticelists(pythonify=False)Get all the noticelists
Return type Union[Dict List[MISPNoticelist]]
object_templates(pythonify=False)Get all the object templates
Return type Union[Dict List[MISPObjectTemplate]]
organisation_blacklists(pythonify=False)Get all the blacklisted organisations
Return type Union[Dict List[MISPOrganisationBlacklist]]
organisations(scope=local pythonify=False)Get all the organisations
Return type Union[Dict List[MISPOrganisation]]
publish(event alert=False)Publish the event with one single HTTP POST The default is to not send a mail as it is assumed thismethod is called on update
Return type Dict
push_event_to_ZMQ(event)Force push an event on ZMQ
14 Chapter 2 pymisp
PyMISP Documentation Release main
Return type Dict
property pymisp_version_mainGet the most recent version of PyMISP from github
Return type Dict
property recommended_pymisp_versionReturns the recommended API version from the server
Return type Dict
remote_acl(debug_type=findMissingFunctionNames)This should return an empty list unless the ACL is outdated debug_type can only be printAllFunction-Names findMissingFunctionNames or printRoleAccess
Return type Dict
remove_org_from_sharing_group(sharing_group organisation)Remove an organisation from a sharing group sharing_group Sharing grouprsquos local instance ID orSharing grouprsquos global UUID organisation Organisationrsquos local instance ID or Organisationrsquos globalUUID or Organisationrsquos name as known to the curent instance
Return type Dict
remove_server_from_sharing_group(sharing_group server)Remove a server from a sharing group sharing_group Sharing grouprsquos local instance ID or Sharinggrouprsquos global UUID server Serverrsquos local instance ID or URL of the Server or Serverrsquos name as knownto the curent instance
Return type Dict
roles(pythonify=False)Get the existing roles
Return type Union[Dict List[MISPRole]]
search(controller=events return_format=json limit=None page=None value=Nonetype_attribute=None category=None org=None tags=None quick_filter=None quick-Filter=None date_from=None date_to=None eventid=None with_attachments=NonewithAttachments=None metadata=None uuid=None publish_timestamp=Nonelast=None timestamp=None published=None enforce_warninglist=None enforceWarn-inglist=None to_ids=None deleted=None include_event_uuid=None includeEventU-uid=None include_event_tags=None includeEventTags=None event_timestamp=Nonesg_reference_only=None eventinfo=None searchall=None requested_attributes=None in-clude_context=None includeContext=None headerless=None include_sightings=NoneincludeSightings=None include_correlations=None includeCorrelations=None in-clude_decay_score=None includeDecayScore=None object_name=None pythonify=Falsekwargs)
Search in the MISP instance
Parameters
bull return_format (str) ndash Set the return format of the search (Currently supported jsonxml openioc suricata snort - more formats are being moved to restSearch with the goalbeing that all searches happen through this API) Can be passed as the first parameter afterrestSearch or via the JSON payload
bull limit (Optional[int]) ndash Limit the number of results returned depending on thescope (for example 10 attributes or 10 full events)
bull page (Optional[int]) ndash If a limit is set sets the page to be returned page 3 limit 100will return records 201-gt300)
21 PyMISP 15
PyMISP Documentation Release main
bull value (Optional[~SearchParameterTypes]) ndash Search for the given value in the at-tributesrsquo value field
bull type_attribute (Optional[~SearchParameterTypes]) ndash The attribute type anyvalid MISP attribute type is accepted
bull category (Optional[~SearchParameterTypes]) ndash The attribute category any validMISP attribute category is accepted
bull org (Optional[~SearchParameterTypes]) ndash Search by the creator organisation by sup-plying the organisation identifier
bull tags (Optional[~SearchParameterTypes]) ndash Tags to search or to exclude You canpass a list or the output of build_complex_query
bull quick_filter (Optional[str]) ndash The string passed to this field will ignore all ofthe other arguments MISP will return an xml json (depending on the header sent) of allevents that have a sub-string match on value in the event info event orgc or any of theattribute value1 value2 fields or in the attribute comment
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull eventid (Optional[~SearchType]) ndash The events that should be included excludedfrom the search
bull with_attachments (Optional[bool]) ndash If set encodes the attachments zippedmalware samples as base64 in the data field within each attribute
bull metadata (Optional[bool]) ndash Only the metadata (event tags relations) is returnedattributes and proposals are omitted
bull uuid (Optional[str]) ndash Restrict the results by uuid
bull publish_timestamp (Union[date int str float NoneTuple[Union[date int str float None] Union[date int str floatNone]]]) ndash Restrict the results by the last publish timestamp (newer than)
bull timestamp (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash Restrict the resultsby the timestamp (last edit) Any event with a timestamp newer than the given timestampwill be returned In case you are dealing with attributes as scope the attributersquos timestampwill be used for the lookup
bull published (Optional[bool]) ndash Set whether published or unpublished events shouldbe returned Do not set the parameter if you want both
bull enforce_warninglist (Optional[bool]) ndash Remove any attributes from the resultthat would cause a hit on a warninglist entry
bull to_ids (Union[~ToIDSType List[~ToIDSType] None]) ndash By default all attributesare returned that match the other filter parameters irregardless of their to_ids setting Torestrict the returned data set to to_ids only attributes set this parameter to 1 0 for the oneswith to_ids set to False
bull deleted (Optional[str]) ndash If this parameter is set to 1 it will only return soft-deletedattributes [ldquo0rdquo ldquo1rdquo] will return the active ones as well as the soft-deleted ones
bull include_event_uuid (Optional[bool]) ndash Instead of just including the event IDalso include the event UUID in each of the attributes
16 Chapter 2 pymisp
PyMISP Documentation Release main
bull include_event_tags (Optional[bool]) ndash Include the event level tags in each ofthe attributes
bull event_timestamp (Union[date int str float None]) ndash Only return at-tributes from events that have received a modification after the given timestamp
bull sg_reference_only (Optional[bool]) ndash If this flag is set sharing group objectswill not be included instead only the sharing group ID is set
bull eventinfo (Optional[str]) ndash Filter on the eventrsquos info field
bull searchall (Optional[bool]) ndash Search for a full or a substring (delimited by forsubstrings) in the event info event tags attribute tags attribute values or attribute commentfields
bull requested_attributes (Optional[str]) ndash [CSV only] Select the fields that youwish to include in the CSV export By setting event level fields additionally includeCon-text is not required to get event metadata
bull include_context (Optional[bool]) ndash [Attribute only] Include the event data witheach attribute [CSV output] Add event level metadata in every line of the CSV
bull headerless (Optional[bool]) ndash [CSV Only] The CSV created when this setting isset to true will not contain the header row
bull include_sightings (Optional[bool]) ndash [JSON Only - Attribute] Include thesightings of the matching attributes
bull include_decay_score (Optional[bool]) ndash Include the decay score at attributelevel
bull include_correlations (Optional[bool]) ndash [JSON Only - attribute] Include thecorrelations of the matching attributes
bull object_name (Optional[str]) ndash [objects controller only] Search for objects withthat name
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead of the plainjson output Warning it might use a lot of RAM
Deprecated
Parameters
bull quickFilter (Optional[str]) ndash synponym for quick_filter
bull withAttachments (Optional[bool]) ndash synonym for with_attachments
bull last (Union[date int str float None Tuple[Union[date int strfloat None] Union[date int str float None]]]) ndash synonym for pub-lish_timestamp
bull enforceWarninglist (Optional[bool]) ndash synonym for enforce_warninglist
bull includeEventUuid (Optional[bool]) ndash synonym for include_event_uuid
bull includeEventTags (Optional[bool]) ndash synonym for include_event_tags
bull includeContext (Optional[bool]) ndash synonym for include_context
Return type Union[Dict str List[Union[MISPEvent MISPAttributeMISPObject]]]
search_feeds(value=None pythonify=False)Search in the feeds cached on the servers
21 PyMISP 17
PyMISP Documentation Release main
Return type Union[Dict List[MISPFeed]]
search_index(published=None eventid=None tags=None date_from=None date_to=Noneeventinfo=None threatlevel=None distribution=None analysis=None org=Nonetimestamp=None pythonify=None)
Search only at the index level Using in front of a value means NOT (default is OR)
Parameters
bull published (Optional[bool]) ndash Set whether published or unpublished events shouldbe returned Do not set the parameter if you want both
bull eventid (Optional[~SearchType]) ndash The events that should be included excludedfrom the search
bull tags (Optional[~SearchParameterTypes]) ndash Tags to search or to exclude You canpass a list or the output of build_complex_query
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull eventinfo (Optional[str]) ndash Filter on the eventrsquos info field
bull threatlevel (Optional[List[~SearchType]]) ndash Threat level(s) (1234) | list
bull distribution (Optional[List[~SearchType]]) ndash Distribution level(s) (0123) |list
bull analysis (Optional[List[~SearchType]]) ndash Analysis level(s) (012) | list
bull org (Optional[~SearchParameterTypes]) ndash Search by the creator organisation by sup-plying the organisation identifier
bull timestamp (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash Restrict the resultsby the timestamp (last edit) Any event with a timestamp newer than the given timestampwill be returned In case you are dealing with attributes as scope the attributersquos timestampwill be used for the lookup
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead or the plainjson output Warning it might use a lot of RAM
Return type Union[Dict List[MISPEvent]]
search_logs(limit=None page=None log_id=None title=None created=None model=None ac-tion=None user_id=None change=None email=None org=None description=Noneip=None pythonify=False)
Search in logs
Note to run substring queries simply appendprependencapsulate the search term with
Parameters
bull limit (Optional[int]) ndash Limit the number of results returned depending on thescope (for example 10 attributes or 10 full events)
bull page (Optional[int]) ndash If a limit is set sets the page to be returned page 3 limit 100will return records 201-gt300)
bull log_id (Optional[int]) ndash Log ID
bull title (Optional[str]) ndash Log Title
18 Chapter 2 pymisp
PyMISP Documentation Release main
bull created (Union[date int str float None]) ndash Creation timestamp
bull model (Optional[str]) ndash Model name that generated the log entry
bull action (Optional[str]) ndash The thing that was done
bull user_id (Optional[int]) ndash ID of the user doing the action
bull change (Optional[str]) ndash Change that occured
bull email (Optional[str]) ndash Email of the user
bull org (Optional[str]) ndash Organisation of the User doing the action
bull description (Optional[str]) ndash Description of the action
bull ip (Optional[str]) ndash Origination IP of the User doing the action
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead or the plainjson output Warning it might use a lot of RAM
Return type Union[Dict List[MISPLog]]
search_sightings(context=None context_id=None type_sighting=None date_from=Nonedate_to=None publish_timestamp=None last=None org=None source=Noneinclude_attribute=None include_event_meta=None pythonify=False)
Search sightings
Parameters
bull context (Optional[str]) ndash The context of the search Can be either ldquoattributerdquoldquoeventrdquo or nothing (will then match on events and attributes)
bull context_id (Optional[~SearchType]) ndash Only relevant if context is either ldquoattributerdquoor ldquoeventrdquo Then it is the relevant ID
bull type_sighting (Optional[str]) ndash Type of sighting
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull publish_timestamp (Union[date int str float NoneTuple[Union[date int str float None] Union[date int str floatNone]]]) ndash Restrict the results by the last publish timestamp (newer than)
bull org (Optional[~SearchType]) ndash Search by the creator organisation by supplying theorganisation identifier
bull source (Optional[str]) ndash Source of the sighting
bull include_attribute (Optional[bool]) ndash Include the attribute
bull include_event_meta (Optional[bool]) ndash Include the meta information of theevent
Deprecated
Parameters last (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash synonym for pub-lish_timestamp
Example
21 PyMISP 19
PyMISP Documentation Release main
gtgtgt mispsearch_sightings(publish_timestamp=30d) search sightings for therarr˓last 30 days on the instance[ ]gtgtgt mispsearch_sightings(context=attribute context_id=6 include_rarr˓attribute=True) return list of sighting for attribute 6 along with therarr˓attribute itself[ ]gtgtgt mispsearch_sightings(context=event context_id=17 include_event_rarr˓meta=True org=2) return list of sighting for event 17 filtered with orgrarr˓id 2
Return type Union[Dict List[Dict[str Union[MISPEvent MISPAttributeMISPSighting]]]]
server_pull(server event=None)Initialize a pull from a sync server
Return type Dict
server_push(server event=None)Initialize a push to a sync server
Return type Dict
servers(pythonify=False)Get the existing servers the MISP instance can synchronise with
Return type Union[Dict List[MISPServer]]
set_user_setting(user_setting value user=None pythonify=False)Get an user setting
Return type Union[Dict MISPUserSetting]
sharing_groups(pythonify=False)Get the existing sharing groups
Return type Union[Dict List[MISPSharingGroup]]
sightings(misp_entity=None org=None pythonify=False)Get the list of sighting related to a MISPEvent or a MISPAttribute (depending on type of misp_entity)
Return type Union[Dict List[MISPSighting]]
tag(misp_entity tag local=False)Tag an event or an attribute misp_entity can be a MISPEvent a MISP Attribute or a UUID
Return type Dict
tags(pythonify=False)Get the list of existing tags
Return type Union[Dict List[MISPTag]]
tags_statistics(percentage=False name_sort=False)Get tags statistics from the MISP instance
Return type Dict
taxonomies(pythonify=False)Get all the taxonomies
Return type Union[Dict List[MISPTaxonomy]]
20 Chapter 2 pymisp
PyMISP Documentation Release main
toggle_warninglist(warninglist_id=None warninglist_name=None force_enable=False)Toggle (enabledisable) the status of a warninglist by ID type warninglist_id Union[str intList[int] None] param warninglist_id ID of the WarningList type force_enable bool paramforce_enable Force the warning list in the enabled state (does nothing is already enabled)
Return type Dict
untag(misp_entity tag)Untag an event or an attribute misp_entity can be a UUID
Return type Dict
update_attribute(attribute attribute_id=None pythonify=False)Update an attribute on a MISP instance
Return type Union[Dict MISPAttribute MISPShadowAttribute]
update_attribute_proposal(initial_attribute attribute pythonify=False)Propose a change for an attribute
Return type Union[Dict MISPShadowAttribute]
update_event(event event_id=None pythonify=False)Update an event on a MISP instance
Return type Union[Dict MISPEvent]
update_event_blacklist(event_blacklist event_blacklist_id=None pythonify=False)Update an event in the blacklist
Return type Union[Dict MISPEventBlacklist]
update_feed(feed feed_id=None pythonify=False)Update a feed on a MISP instance
Return type Union[Dict MISPFeed]
update_galaxies()Update all the galaxies
Return type Dict
update_noticelists()Update all the noticelists
Return type Dict
update_object(misp_object object_id=None pythonify=False)Update an object on a MISP instance
Return type Union[Dict MISPObject]
update_object_templates()Trigger an update of the object templates
Return type Dict
update_organisation(organisation organisation_id=None pythonify=False)Update an organisation
Return type Union[Dict MISPOrganisation]
update_organisation_blacklist(organisation_blacklist organisation_blacklist_id=Nonepythonify=False)
Update an organisation in the blacklist
Return type Union[Dict MISPOrganisationBlacklist]
21 PyMISP 21
PyMISP Documentation Release main
update_server(server server_id=None pythonify=False)Update a server to synchronise with
Return type Union[Dict MISPServer]
update_tag(tag tag_id=None pythonify=False)Edit only the provided parameters of a tag
Return type Union[Dict MISPTag]
update_taxonomies()Update all the taxonomies
Return type Dict
update_user(user user_id=None pythonify=False)Update an event on a MISP instance
Return type Union[Dict MISPUser]
update_warninglists()Update all the warninglists
Return type Dict
upload_stix(path version=2)Upload a STIX file to MISP param path Path to the STIX on the disk (can be a path-like object or apseudofile) type version str param version Can be 1 or 2
user_registrations(pythonify=False)Get all the user registrations
Return type Union[Dict List[MISPInbox]]
user_settings(pythonify=False)Get all the user settings
Return type Union[Dict List[MISPUserSetting]]
users(pythonify=False)Get all the users
Return type Union[Dict List[MISPUser]]
users_statistics(context=data)Get users statistics from the MISP instance
Return type Dict
values_in_warninglist(value)Check if IOC values are in warninglist
Return type Dict
property versionReturns the version of PyMISP yoursquore curently using
Return type Dict
warninglists(pythonify=False)Get all the warninglists
Return type Union[Dict List[MISPWarninglist]]
22 Chapter 2 pymisp
PyMISP Documentation Release main
22 PyMISPExpanded (Python 36+ only)
pymispExpandedPyMISPalias of pymispapiPyMISP
23 MISPAbstract
class pymispAbstractMISP(kwargs)
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
Return type None
from_json(json_string)Load a JSON string
Return type None
jsonable()This method is used by the JSON encoder
Return type Dict
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
22 PyMISPExpanded (Python 36+ only) 23
PyMISP Documentation Release main
24 MISPEncode
class pymispMISPEncode(args kwargs)
default(obj)Implement this method in a subclass such that it returns a serializable object for o or calls the baseimplementation (to raise a TypeError)
For example to support arbitrary iterators you could implement default like this
def default(self o)try
iterable = iter(o)except TypeError
passelse
return list(iterable) Let the base class default method raise the TypeErrorreturn JSONEncoderdefault(self o)
25 MISPEvent
class pymispMISPEvent(describe_types=None strict_validation=False kwargs)
add_attribute(type value kwargs)Add an attribute type and value are required but you can pass all other parameters supported by MISPAt-tribute
Return type Union[MISPAttribute List[MISPAttribute]]
add_attribute_tag(tag attribute_identifier)Add a tag to an existing attribute raise an Exception if the attribute doesnrsquot exists tag Tag name as astring MISPTag instance or dictionary attribute_identifier can be an ID UUID or the value
Return type List[MISPAttribute]
add_object(obj=None kwargs)Add an object to the Event either by passing a MISPObject or a dictionary
Return type MISPObject
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a tag to the attribute (by name or a MISPTag object)
Return type MISPShadowAttribute
clear()rarr None Remove all items from D
delete_attribute(attribute_id)Delete an attribute you can search by ID or UUID
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
24 Chapter 2 pymisp
PyMISP Documentation Release main
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attribute_tag(attribute_identifier)Return the tags associated to an attribute or an object attribute attribute_identifier can be an ID UUIDor the value
Return type List[MISPTag]
get_object_by_id(object_id)Get an object by ID (the ID is the one set by the server when creating the new object)
Return type MISPObject
get_object_by_uuid(object_uuid)Get an object by UUID (UUID is set by the server when creating the new object)
Return type MISPObject
get_objects_by_name(object_name)Get an object by UUID (UUID is set by the server when creating the new object)
Return type List[MISPObject]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
load(json_event validate=False metadata_only=False)Load a JSON dump from a pseudo file or a JSON string
load_file(event_path validate=False metadata_only=False)Load a JSON dump from a file on the disk
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
publish()Mark the attribute as published
set_date(d=None ignore_invalid=False)Set a date for the event (string datetime or date object)
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
25 MISPEvent 25
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Event
Return type List[MISPTag]
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_feed(valid_distributions=[0 1 2 3 4 5] with_meta=False)Generate a json output for MISP Feed Notes
bull valid_distributions only makes sense if the distribution key is set (ie the event is exported from aMISP instance)
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
unpublish()Mark the attribute as un-published (set publish flag to false)
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
26 MISPAttribute
class pymispMISPAttribute(describe_types=None strict=False)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
26 Chapter 2 pymisp
PyMISP Documentation Release main
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
26 MISPAttribute 27
PyMISP Documentation Release main
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
27 MISPObject
class pymispMISPObject(name strict=False standalone=True default_attributes_parameters=kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
28 Chapter 2 pymisp
PyMISP Documentation Release main
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
28 MISPObjectAttribute
class pymispMISPObjectAttribute(definition)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
28 MISPObjectAttribute 29
PyMISP Documentation Release main
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(object_relation value kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
30 Chapter 2 pymisp
PyMISP Documentation Release main
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
29 MISPObjectReference
class pymispMISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
29 MISPObjectReference 31
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
210 MISPTag
class pymispMISPTag(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
32 Chapter 2 pymisp
PyMISP Documentation Release main
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
211 MISPUser
class pymispMISPUser(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
211 MISPUser 33
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation
class pymispMISPOrganisation
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
34 Chapter 2 pymisp
PyMISP Documentation Release main
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation 35
PyMISP Documentation Release main
36 Chapter 2 pymisp
CHAPTER
THREE
PYMISP - TOOLS
31 File Object
class pymisptoolsFileObject(filepath=None pseudofile=None filename=None kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Contains the logic where all the values of the object are gathered
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
37
PyMISP Documentation Release main
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
32 ELF Object
33 PE Object
34 Mach-O Object
35 VT Report Object
class pymisptoolsVTReportObject(apikey indicator vt_proxies=None kwargs)VirusTotal Report
Apikey VirusTotal API key (private works but only public features are supported right now)
38 Chapter 3 pymisp - Tools
PyMISP Documentation Release main
Indicator IOC to search VirusTotal for
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Parse the VirusTotal report for relevant attributes
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
35 VT Report Object 39
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
36 STIX
pymisptoolsstixload_stix(stix distribution=3 threat_level_id=2 analysis=0)Returns a MISPEvent object from a STIX package
pymisptoolsstixmake_stix_package(misp_event to_json=False to_xml=False)Returns a STIXPackage from a MISPEvent
Optionally can return the package in json or xml
37 OpenIOC
toolsload_openioc()
toolsload_openioc_file()
40 Chapter 3 pymisp - Tools
CHAPTER
FOUR
INDICES AND TABLES
bull genindex
bull modindex
bull search
41
PyMISP Documentation Release main
42 Chapter 4 Indices and tables
PYTHON MODULE INDEX
ppymisp 7pymisptools 37pymisptoolsstix 40
43
PyMISP Documentation Release main
44 Python Module Index
INDEX
AAbstractMISP (class in pymisp) 23accept_attribute_proposal()
(pymispPyMISP method) 7add_attribute() (pymispMISPEvent method) 24add_attribute() (pymispMISPObject method) 28add_attribute() (pymispPyMISP method) 7add_attribute() (pymisptoolsFileObject method)
37add_attribute() (pymisptoolsVTReportObject
method) 39add_attribute_proposal() (pymispPyMISP
method) 7add_attribute_tag() (pymispMISPEvent
method) 24add_attributes() (pymispMISPObject method)
28add_attributes() (pymisptoolsFileObject
method) 37add_attributes() (pymisptoolsVTReportObject
method) 39add_event() (pymispPyMISP method) 7add_event_blacklist() (pymispPyMISP
method) 8add_feed() (pymispPyMISP method) 8add_object() (pymispMISPEvent method) 24add_object() (pymispPyMISP method) 8add_object_reference() (pymispPyMISP
method) 8add_org_to_sharing_group() (pymispPyMISP
method) 8add_organisation() (pymispPyMISP method) 8add_organisation_blacklist()
(pymispPyMISP method) 8add_proposal() (pymispMISPAttribute method) 26add_proposal() (pymispMISPEvent method) 24add_proposal() (pymispMISPObjectAttribute
method) 29add_reference() (pymispMISPObject method) 28add_reference() (pymisptoolsFileObject method)
37add_reference() (pymisptoolsVTReportObject
method) 39add_server() (pymispPyMISP method) 8add_server_to_sharing_group()
(pymispPyMISP method) 8add_shadow_attribute() (pymispMISPAttribute
method) 26add_shadow_attribute() (pymispMISPEvent
method) 24add_shadow_attribute()
(pymispMISPObjectAttribute method) 29add_sharing_group() (pymispPyMISP method) 8add_sighting() (pymispMISPAttribute method) 26add_sighting() (pymispMISPObjectAttribute
method) 29add_sighting() (pymispPyMISP method) 8add_tag() (pymispPyMISP method) 8add_user() (pymispPyMISP method) 9attributes_statistics() (pymispPyMISP
method) 9
Bbuild_complex_query() (pymispPyMISP
method) 9
Ccache_all_feeds() (pymispPyMISP method) 9cache_feed() (pymispPyMISP method) 9cache_freetext_feeds() (pymispPyMISP
method) 9cache_misp_feeds() (pymispPyMISP method) 9change_sharing_group_on_entity()
(pymispPyMISP method) 9change_user_password() (pymispPyMISP
method) 9clear() (pymispMISPAttribute method) 26clear() (pymispMISPEvent method) 24clear() (pymispMISPObject method) 28clear() (pymispMISPObjectAttribute method) 29clear() (pymispMISPObjectReference method) 31clear() (pymispMISPOrganisation method) 34clear() (pymispMISPTag method) 32clear() (pymispMISPUser method) 33
45
PyMISP Documentation Release main
clear() (pymisptoolsFileObject method) 37clear() (pymisptoolsVTReportObject method) 39communities() (pymispPyMISP method) 9compare_feeds() (pymispPyMISP method) 9contact_event_reporter() (pymispPyMISP
method) 9
Ddefault() (pymispMISPEncode method) 24delegate_event() (pymispPyMISP method) 10delete() (pymispMISPAttribute method) 26delete() (pymispMISPObjectAttribute method) 30delete_attribute() (pymispMISPEvent method)
24delete_attribute() (pymispPyMISP method) 10delete_attribute_proposal()
(pymispPyMISP method) 10delete_event() (pymispPyMISP method) 10delete_event_blacklist() (pymispPyMISP
method) 10delete_feed() (pymispPyMISP method) 10delete_object() (pymispPyMISP method) 10delete_object_reference() (pymispPyMISP
method) 10delete_organisation() (pymispPyMISP
method) 10delete_organisation_blacklist()
(pymispPyMISP method) 10delete_server() (pymispPyMISP method) 10delete_sharing_group() (pymispPyMISP
method) 10delete_sighting() (pymispPyMISP method) 10delete_tag() (pymispPyMISP method) 11delete_user() (pymispPyMISP method) 11delete_user_setting() (pymispPyMISP
method) 11describe_types_local() (pymispPyMISP prop-
erty) 11describe_types_remote() (pymispPyMISP
property) 11direct_call() (pymispPyMISP method) 11disable_feed() (pymispPyMISP method) 11disable_feed_cache() (pymispPyMISP method)
11disable_noticelist() (pymispPyMISP method)
11disable_tag() (pymispPyMISP method) 11disable_taxonomy() (pymispPyMISP method) 11disable_taxonomy_tags() (pymispPyMISP
method) 11disable_warninglist() (pymispPyMISP
method) 11discard_attribute_proposal()
(pymispPyMISP method) 12
Eedited() (pymispAbstractMISP property) 23edited() (pymispMISPAttribute property) 26edited() (pymispMISPEvent property) 24edited() (pymispMISPObject property) 28edited() (pymispMISPObjectAttribute property) 30edited() (pymispMISPObjectReference property) 31edited() (pymispMISPOrganisation property) 34edited() (pymispMISPTag property) 32edited() (pymispMISPUser property) 33edited() (pymisptoolsFileObject property) 37edited() (pymisptoolsVTReportObject property) 39enable_feed() (pymispPyMISP method) 12enable_feed_cache() (pymispPyMISP method)
12enable_noticelist() (pymispPyMISP method)
12enable_tag() (pymispPyMISP method) 12enable_taxonomy() (pymispPyMISP method) 12enable_taxonomy_tags() (pymispPyMISP
method) 12enable_warninglist() (pymispPyMISP method)
12event_blacklists() (pymispPyMISP method) 12event_delegations() (pymispPyMISP method)
12ExpandedPyMISP (in module pymisp) 23
Ffeeds() (pymispPyMISP method) 12fetch_feed() (pymispPyMISP method) 12FileObject (class in pymisptools) 37freetext() (pymispPyMISP method) 12from_dict() (pymispAbstractMISP method) 23from_dict() (pymispMISPAttribute method) 27from_dict() (pymispMISPEvent method) 25from_dict() (pymispMISPObject method) 28from_dict() (pymispMISPObjectAttribute method)
30from_dict() (pymispMISPObjectReference method)
31from_dict() (pymispMISPOrganisation method) 34from_dict() (pymispMISPTag method) 32from_dict() (pymispMISPUser method) 33from_dict() (pymisptoolsFileObject method) 37from_dict() (pymisptoolsVTReportObject method)
39from_json() (pymispAbstractMISP method) 23from_json() (pymispMISPAttribute method) 27from_json() (pymispMISPEvent method) 25from_json() (pymispMISPObject method) 28from_json() (pymispMISPObjectAttribute method)
30
46 Index
PyMISP Documentation Release main
from_json() (pymispMISPObjectReference method)31
from_json() (pymispMISPOrganisation method) 34from_json() (pymispMISPTag method) 32from_json() (pymispMISPUser method) 33from_json() (pymisptoolsFileObject method) 37from_json() (pymisptoolsVTReportObject method)
39
Ggalaxies() (pymispPyMISP method) 12generate_attributes() (pymisptoolsFileObject
method) 37generate_attributes()
(pymisptoolsVTReportObject method)39
get() (pymispMISPAttribute method) 27get() (pymispMISPEvent method) 25get() (pymispMISPObject method) 28get() (pymispMISPObjectAttribute method) 30get() (pymispMISPObjectReference method) 31get() (pymispMISPOrganisation method) 34get() (pymispMISPTag method) 32get() (pymispMISPUser method) 33get() (pymisptoolsFileObject method) 37get() (pymisptoolsVTReportObject method) 39get_all_functions() (pymispPyMISP method)
13get_attribute() (pymispPyMISP method) 13get_attribute_tag() (pymispMISPEvent
method) 25get_attributes_by_relation()
(pymispMISPObject method) 28get_attributes_by_relation()
(pymisptoolsFileObject method) 37get_attributes_by_relation()
(pymisptoolsVTReportObject method)39
get_community() (pymispPyMISP method) 13get_event() (pymispPyMISP method) 13get_feed() (pymispPyMISP method) 13get_galaxy() (pymispPyMISP method) 13get_noticelist() (pymispPyMISP method) 13get_object() (pymispPyMISP method) 13get_object_by_id() (pymispMISPEvent method)
25get_object_by_uuid() (pymispMISPEvent
method) 25get_object_template() (pymispPyMISP
method) 13get_objects_by_name() (pymispMISPEvent
method) 25get_organisation() (pymispPyMISP method) 13get_sync_config() (pymispPyMISP method) 13
get_tag() (pymispPyMISP method) 13get_taxonomy() (pymispPyMISP method) 13get_user() (pymispPyMISP method) 13get_user_setting() (pymispPyMISP method) 14get_warninglist() (pymispPyMISP method) 14
Hhas_attributes_by_relation()
(pymispMISPObject method) 28has_attributes_by_relation()
(pymisptoolsFileObject method) 37has_attributes_by_relation()
(pymisptoolsVTReportObject method)39
hash_values() (pymispMISPAttribute method) 27hash_values() (pymispMISPObjectAttribute
method) 30
Iimport_server() (pymispPyMISP method) 14items() (pymispMISPAttribute method) 27items() (pymispMISPEvent method) 25items() (pymispMISPObject method) 29items() (pymispMISPObjectAttribute method) 30items() (pymispMISPObjectReference method) 31items() (pymispMISPOrganisation method) 34items() (pymispMISPTag method) 32items() (pymispMISPUser method) 33items() (pymisptoolsFileObject method) 38items() (pymisptoolsVTReportObject method) 39
Jjsonable() (pymispAbstractMISP method) 23jsonable() (pymispMISPAttribute method) 27jsonable() (pymispMISPEvent method) 25jsonable() (pymispMISPObject method) 29jsonable() (pymispMISPObjectAttribute method)
30jsonable() (pymispMISPObjectReference method)
31jsonable() (pymispMISPOrganisation method) 34jsonable() (pymispMISPTag method) 32jsonable() (pymispMISPUser method) 33jsonable() (pymisptoolsFileObject method) 38jsonable() (pymisptoolsVTReportObject method)
39
Kkeys() (pymispMISPAttribute method) 27keys() (pymispMISPEvent method) 25keys() (pymispMISPObject method) 29keys() (pymispMISPObjectAttribute method) 30keys() (pymispMISPObjectReference method) 31keys() (pymispMISPOrganisation method) 34
Index 47
PyMISP Documentation Release main
keys() (pymispMISPTag method) 32keys() (pymispMISPUser method) 33keys() (pymisptoolsFileObject method) 38keys() (pymisptoolsVTReportObject method) 39known_types() (pymispMISPAttribute property) 27known_types() (pymispMISPObjectAttribute prop-
erty) 30
Lload() (pymispMISPEvent method) 25load_default_feeds() (pymispPyMISP method)
14load_file() (pymispMISPEvent method) 25load_openioc() (pymisptools method) 40load_openioc_file() (pymisptools method) 40load_stix() (in module pymisptoolsstix) 40
Mmake_stix_package() (in module
pymisptoolsstix) 40malware_binary() (pymispMISPAttribute prop-
erty) 27malware_binary() (pymispMISPObjectAttribute
property) 30misp_instance_version() (pymispPyMISP
property) 14misp_instance_version_master()
(pymispPyMISP property) 14MISPAttribute (class in pymisp) 26MISPEncode (class in pymisp) 24MISPEvent (class in pymisp) 24MISPObject (class in pymisp) 28MISPObjectAttribute (class in pymisp) 29MISPObjectReference (class in pymisp) 31MISPOrganisation (class in pymisp) 34MISPTag (class in pymisp) 32MISPUser (class in pymisp) 33module
pymisp 7pymisptools 37pymisptoolsstix 40
Nnoticelists() (pymispPyMISP method) 14
Oobject_templates() (pymispPyMISP method) 14organisation_blacklists() (pymispPyMISP
method) 14organisations() (pymispPyMISP method) 14
Ppop() (pymispMISPAttribute method) 27
pop() (pymispMISPEvent method) 25pop() (pymispMISPObject method) 29pop() (pymispMISPObjectAttribute method) 30pop() (pymispMISPObjectReference method) 31pop() (pymispMISPOrganisation method) 34pop() (pymispMISPTag method) 32pop() (pymispMISPUser method) 33pop() (pymisptoolsFileObject method) 38pop() (pymisptoolsVTReportObject method) 39popitem() (pymispMISPAttribute method) 27popitem() (pymispMISPEvent method) 25popitem() (pymispMISPObject method) 29popitem() (pymispMISPObjectAttribute method) 30popitem() (pymispMISPObjectReference method) 31popitem() (pymispMISPOrganisation method) 34popitem() (pymispMISPTag method) 32popitem() (pymispMISPUser method) 33popitem() (pymisptoolsFileObject method) 38popitem() (pymisptoolsVTReportObject method) 39publish() (pymispMISPEvent method) 25publish() (pymispPyMISP method) 14push_event_to_ZMQ() (pymispPyMISP method)
14pymisp
module 7PyMISP (class in pymisp) 7pymisptools
module 37pymisptoolsstix
module 40pymisp_version_main() (pymispPyMISP prop-
erty) 15
Rrecommended_pymisp_version()
(pymispPyMISP property) 15remote_acl() (pymispPyMISP method) 15remove_org_from_sharing_group()
(pymispPyMISP method) 15remove_server_from_sharing_group()
(pymispPyMISP method) 15roles() (pymispPyMISP method) 15
Ssearch() (pymispPyMISP method) 15search_feeds() (pymispPyMISP method) 17search_index() (pymispPyMISP method) 18search_logs() (pymispPyMISP method) 18search_sightings() (pymispPyMISP method) 19server_pull() (pymispPyMISP method) 20server_push() (pymispPyMISP method) 20servers() (pymispPyMISP method) 20set_date() (pymispMISPEvent method) 25
48 Index
PyMISP Documentation Release main
set_not_jsonable() (pymispAbstractMISPmethod) 23
set_not_jsonable() (pymispMISPAttributemethod) 27
set_not_jsonable() (pymispMISPEvent method)25
set_not_jsonable() (pymispMISPObjectmethod) 29
set_not_jsonable() (pymispMISPObjectAttributemethod) 30
set_not_jsonable()(pymispMISPObjectReference method)31
set_not_jsonable() (pymispMISPOrganisationmethod) 35
set_not_jsonable() (pymispMISPTag method)32
set_not_jsonable() (pymispMISPUser method)33
set_not_jsonable() (pymisptoolsFileObjectmethod) 38
set_not_jsonable()(pymisptoolsVTReportObject method)39
set_user_setting() (pymispPyMISP method) 20setdefault() (pymispMISPAttribute method) 27setdefault() (pymispMISPEvent method) 25setdefault() (pymispMISPObject method) 29setdefault() (pymispMISPObjectAttribute
method) 30setdefault() (pymispMISPObjectReference
method) 31setdefault() (pymispMISPOrganisation method)
35setdefault() (pymispMISPTag method) 33setdefault() (pymispMISPUser method) 34setdefault() (pymisptoolsFileObject method) 38setdefault() (pymisptoolsVTReportObject
method) 40sharing_groups() (pymispPyMISP method) 20sightings() (pymispPyMISP method) 20
Ttag() (pymispPyMISP method) 20tags() (pymispMISPAttribute property) 27tags() (pymispMISPEvent property) 26tags() (pymispMISPObjectAttribute property) 30tags() (pymispPyMISP method) 20tags_statistics() (pymispPyMISP method) 20taxonomies() (pymispPyMISP method) 20to_dict() (pymispAbstractMISP method) 23to_dict() (pymispMISPAttribute method) 27to_dict() (pymispMISPEvent method) 26to_dict() (pymispMISPObject method) 29
to_dict() (pymispMISPObjectAttribute method) 30to_dict() (pymispMISPObjectReference method) 32to_dict() (pymispMISPOrganisation method) 35to_dict() (pymispMISPTag method) 33to_dict() (pymispMISPUser method) 34to_dict() (pymisptoolsFileObject method) 38to_dict() (pymisptoolsVTReportObject method) 40to_feed() (pymispMISPEvent method) 26to_json() (pymispAbstractMISP method) 23to_json() (pymispMISPAttribute method) 27to_json() (pymispMISPEvent method) 26to_json() (pymispMISPObject method) 29to_json() (pymispMISPObjectAttribute method) 31to_json() (pymispMISPObjectReference method) 32to_json() (pymispMISPOrganisation method) 35to_json() (pymispMISPTag method) 33to_json() (pymispMISPUser method) 34to_json() (pymisptoolsFileObject method) 38to_json() (pymisptoolsVTReportObject method) 40toggle_warninglist() (pymispPyMISP method)
20
Uunpublish() (pymispMISPEvent method) 26untag() (pymispPyMISP method) 21update() (pymispMISPAttribute method) 28update() (pymispMISPEvent method) 26update() (pymispMISPObject method) 29update() (pymispMISPObjectAttribute method) 31update() (pymispMISPObjectReference method) 32update() (pymispMISPOrganisation method) 35update() (pymispMISPTag method) 33update() (pymispMISPUser method) 34update() (pymisptoolsFileObject method) 38update() (pymisptoolsVTReportObject method) 40update_attribute() (pymispPyMISP method) 21update_attribute_proposal()
(pymispPyMISP method) 21update_event() (pymispPyMISP method) 21update_event_blacklist() (pymispPyMISP
method) 21update_feed() (pymispPyMISP method) 21update_galaxies() (pymispPyMISP method) 21update_not_jsonable() (pymispAbstractMISP
method) 23update_not_jsonable() (pymispMISPAttribute
method) 28update_not_jsonable() (pymispMISPEvent
method) 26update_not_jsonable() (pymispMISPObject
method) 29update_not_jsonable()
(pymispMISPObjectAttribute method) 31
Index 49
PyMISP Documentation Release main
update_not_jsonable()(pymispMISPObjectReference method)32
update_not_jsonable()(pymispMISPOrganisation method) 35
update_not_jsonable() (pymispMISPTagmethod) 33
update_not_jsonable() (pymispMISPUsermethod) 34
update_not_jsonable() (pymisptoolsFileObjectmethod) 38
update_not_jsonable()(pymisptoolsVTReportObject method)40
update_noticelists() (pymispPyMISP method)21
update_object() (pymispPyMISP method) 21update_object_templates() (pymispPyMISP
method) 21update_organisation() (pymispPyMISP
method) 21update_organisation_blacklist()
(pymispPyMISP method) 21update_server() (pymispPyMISP method) 22update_tag() (pymispPyMISP method) 22update_taxonomies() (pymispPyMISP method)
22update_user() (pymispPyMISP method) 22update_warninglists() (pymispPyMISP
method) 22upload_stix() (pymispPyMISP method) 22user_registrations() (pymispPyMISP method)
22user_settings() (pymispPyMISP method) 22users() (pymispPyMISP method) 22users_statistics() (pymispPyMISP method) 22
Vvalues() (pymispMISPAttribute method) 28values() (pymispMISPEvent method) 26values() (pymispMISPObject method) 29values() (pymispMISPObjectAttribute method) 31values() (pymispMISPObjectReference method) 32values() (pymispMISPOrganisation method) 35values() (pymispMISPTag method) 33values() (pymispMISPUser method) 34values() (pymisptoolsFileObject method) 38values() (pymisptoolsVTReportObject method) 40values_in_warninglist() (pymispPyMISP
method) 22version() (pymispPyMISP property) 22VTReportObject (class in pymisptools) 38
Wwarninglists() (pymispPyMISP method) 22
50 Index
- README
- pymisp
- PyMISP
- PyMISPExpanded (Python 36+ only)
- MISPAbstract
- MISPEncode
- MISPEvent
- MISPAttribute
- MISPObject
- MISPObjectAttribute
- MISPObjectReference
- MISPTag
- MISPUser
- MISPOrganisation
- pymisp - Tools
- File Object
- ELF Object
- PE Object
- Mach-O Object
- VT Report Object
- STIX
- OpenIOC
- Indices and tables
- Python Module Index
- Index
PyMISP Documentation Release main
Return type Dict
property pymisp_version_mainGet the most recent version of PyMISP from github
Return type Dict
property recommended_pymisp_versionReturns the recommended API version from the server
Return type Dict
remote_acl(debug_type=findMissingFunctionNames)This should return an empty list unless the ACL is outdated debug_type can only be printAllFunction-Names findMissingFunctionNames or printRoleAccess
Return type Dict
remove_org_from_sharing_group(sharing_group organisation)Remove an organisation from a sharing group sharing_group Sharing grouprsquos local instance ID orSharing grouprsquos global UUID organisation Organisationrsquos local instance ID or Organisationrsquos globalUUID or Organisationrsquos name as known to the curent instance
Return type Dict
remove_server_from_sharing_group(sharing_group server)Remove a server from a sharing group sharing_group Sharing grouprsquos local instance ID or Sharinggrouprsquos global UUID server Serverrsquos local instance ID or URL of the Server or Serverrsquos name as knownto the curent instance
Return type Dict
roles(pythonify=False)Get the existing roles
Return type Union[Dict List[MISPRole]]
search(controller=events return_format=json limit=None page=None value=Nonetype_attribute=None category=None org=None tags=None quick_filter=None quick-Filter=None date_from=None date_to=None eventid=None with_attachments=NonewithAttachments=None metadata=None uuid=None publish_timestamp=Nonelast=None timestamp=None published=None enforce_warninglist=None enforceWarn-inglist=None to_ids=None deleted=None include_event_uuid=None includeEventU-uid=None include_event_tags=None includeEventTags=None event_timestamp=Nonesg_reference_only=None eventinfo=None searchall=None requested_attributes=None in-clude_context=None includeContext=None headerless=None include_sightings=NoneincludeSightings=None include_correlations=None includeCorrelations=None in-clude_decay_score=None includeDecayScore=None object_name=None pythonify=Falsekwargs)
Search in the MISP instance
Parameters
bull return_format (str) ndash Set the return format of the search (Currently supported jsonxml openioc suricata snort - more formats are being moved to restSearch with the goalbeing that all searches happen through this API) Can be passed as the first parameter afterrestSearch or via the JSON payload
bull limit (Optional[int]) ndash Limit the number of results returned depending on thescope (for example 10 attributes or 10 full events)
bull page (Optional[int]) ndash If a limit is set sets the page to be returned page 3 limit 100will return records 201-gt300)
21 PyMISP 15
PyMISP Documentation Release main
bull value (Optional[~SearchParameterTypes]) ndash Search for the given value in the at-tributesrsquo value field
bull type_attribute (Optional[~SearchParameterTypes]) ndash The attribute type anyvalid MISP attribute type is accepted
bull category (Optional[~SearchParameterTypes]) ndash The attribute category any validMISP attribute category is accepted
bull org (Optional[~SearchParameterTypes]) ndash Search by the creator organisation by sup-plying the organisation identifier
bull tags (Optional[~SearchParameterTypes]) ndash Tags to search or to exclude You canpass a list or the output of build_complex_query
bull quick_filter (Optional[str]) ndash The string passed to this field will ignore all ofthe other arguments MISP will return an xml json (depending on the header sent) of allevents that have a sub-string match on value in the event info event orgc or any of theattribute value1 value2 fields or in the attribute comment
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull eventid (Optional[~SearchType]) ndash The events that should be included excludedfrom the search
bull with_attachments (Optional[bool]) ndash If set encodes the attachments zippedmalware samples as base64 in the data field within each attribute
bull metadata (Optional[bool]) ndash Only the metadata (event tags relations) is returnedattributes and proposals are omitted
bull uuid (Optional[str]) ndash Restrict the results by uuid
bull publish_timestamp (Union[date int str float NoneTuple[Union[date int str float None] Union[date int str floatNone]]]) ndash Restrict the results by the last publish timestamp (newer than)
bull timestamp (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash Restrict the resultsby the timestamp (last edit) Any event with a timestamp newer than the given timestampwill be returned In case you are dealing with attributes as scope the attributersquos timestampwill be used for the lookup
bull published (Optional[bool]) ndash Set whether published or unpublished events shouldbe returned Do not set the parameter if you want both
bull enforce_warninglist (Optional[bool]) ndash Remove any attributes from the resultthat would cause a hit on a warninglist entry
bull to_ids (Union[~ToIDSType List[~ToIDSType] None]) ndash By default all attributesare returned that match the other filter parameters irregardless of their to_ids setting Torestrict the returned data set to to_ids only attributes set this parameter to 1 0 for the oneswith to_ids set to False
bull deleted (Optional[str]) ndash If this parameter is set to 1 it will only return soft-deletedattributes [ldquo0rdquo ldquo1rdquo] will return the active ones as well as the soft-deleted ones
bull include_event_uuid (Optional[bool]) ndash Instead of just including the event IDalso include the event UUID in each of the attributes
16 Chapter 2 pymisp
PyMISP Documentation Release main
bull include_event_tags (Optional[bool]) ndash Include the event level tags in each ofthe attributes
bull event_timestamp (Union[date int str float None]) ndash Only return at-tributes from events that have received a modification after the given timestamp
bull sg_reference_only (Optional[bool]) ndash If this flag is set sharing group objectswill not be included instead only the sharing group ID is set
bull eventinfo (Optional[str]) ndash Filter on the eventrsquos info field
bull searchall (Optional[bool]) ndash Search for a full or a substring (delimited by forsubstrings) in the event info event tags attribute tags attribute values or attribute commentfields
bull requested_attributes (Optional[str]) ndash [CSV only] Select the fields that youwish to include in the CSV export By setting event level fields additionally includeCon-text is not required to get event metadata
bull include_context (Optional[bool]) ndash [Attribute only] Include the event data witheach attribute [CSV output] Add event level metadata in every line of the CSV
bull headerless (Optional[bool]) ndash [CSV Only] The CSV created when this setting isset to true will not contain the header row
bull include_sightings (Optional[bool]) ndash [JSON Only - Attribute] Include thesightings of the matching attributes
bull include_decay_score (Optional[bool]) ndash Include the decay score at attributelevel
bull include_correlations (Optional[bool]) ndash [JSON Only - attribute] Include thecorrelations of the matching attributes
bull object_name (Optional[str]) ndash [objects controller only] Search for objects withthat name
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead of the plainjson output Warning it might use a lot of RAM
Deprecated
Parameters
bull quickFilter (Optional[str]) ndash synponym for quick_filter
bull withAttachments (Optional[bool]) ndash synonym for with_attachments
bull last (Union[date int str float None Tuple[Union[date int strfloat None] Union[date int str float None]]]) ndash synonym for pub-lish_timestamp
bull enforceWarninglist (Optional[bool]) ndash synonym for enforce_warninglist
bull includeEventUuid (Optional[bool]) ndash synonym for include_event_uuid
bull includeEventTags (Optional[bool]) ndash synonym for include_event_tags
bull includeContext (Optional[bool]) ndash synonym for include_context
Return type Union[Dict str List[Union[MISPEvent MISPAttributeMISPObject]]]
search_feeds(value=None pythonify=False)Search in the feeds cached on the servers
21 PyMISP 17
PyMISP Documentation Release main
Return type Union[Dict List[MISPFeed]]
search_index(published=None eventid=None tags=None date_from=None date_to=Noneeventinfo=None threatlevel=None distribution=None analysis=None org=Nonetimestamp=None pythonify=None)
Search only at the index level Using in front of a value means NOT (default is OR)
Parameters
bull published (Optional[bool]) ndash Set whether published or unpublished events shouldbe returned Do not set the parameter if you want both
bull eventid (Optional[~SearchType]) ndash The events that should be included excludedfrom the search
bull tags (Optional[~SearchParameterTypes]) ndash Tags to search or to exclude You canpass a list or the output of build_complex_query
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull eventinfo (Optional[str]) ndash Filter on the eventrsquos info field
bull threatlevel (Optional[List[~SearchType]]) ndash Threat level(s) (1234) | list
bull distribution (Optional[List[~SearchType]]) ndash Distribution level(s) (0123) |list
bull analysis (Optional[List[~SearchType]]) ndash Analysis level(s) (012) | list
bull org (Optional[~SearchParameterTypes]) ndash Search by the creator organisation by sup-plying the organisation identifier
bull timestamp (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash Restrict the resultsby the timestamp (last edit) Any event with a timestamp newer than the given timestampwill be returned In case you are dealing with attributes as scope the attributersquos timestampwill be used for the lookup
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead or the plainjson output Warning it might use a lot of RAM
Return type Union[Dict List[MISPEvent]]
search_logs(limit=None page=None log_id=None title=None created=None model=None ac-tion=None user_id=None change=None email=None org=None description=Noneip=None pythonify=False)
Search in logs
Note to run substring queries simply appendprependencapsulate the search term with
Parameters
bull limit (Optional[int]) ndash Limit the number of results returned depending on thescope (for example 10 attributes or 10 full events)
bull page (Optional[int]) ndash If a limit is set sets the page to be returned page 3 limit 100will return records 201-gt300)
bull log_id (Optional[int]) ndash Log ID
bull title (Optional[str]) ndash Log Title
18 Chapter 2 pymisp
PyMISP Documentation Release main
bull created (Union[date int str float None]) ndash Creation timestamp
bull model (Optional[str]) ndash Model name that generated the log entry
bull action (Optional[str]) ndash The thing that was done
bull user_id (Optional[int]) ndash ID of the user doing the action
bull change (Optional[str]) ndash Change that occured
bull email (Optional[str]) ndash Email of the user
bull org (Optional[str]) ndash Organisation of the User doing the action
bull description (Optional[str]) ndash Description of the action
bull ip (Optional[str]) ndash Origination IP of the User doing the action
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead or the plainjson output Warning it might use a lot of RAM
Return type Union[Dict List[MISPLog]]
search_sightings(context=None context_id=None type_sighting=None date_from=Nonedate_to=None publish_timestamp=None last=None org=None source=Noneinclude_attribute=None include_event_meta=None pythonify=False)
Search sightings
Parameters
bull context (Optional[str]) ndash The context of the search Can be either ldquoattributerdquoldquoeventrdquo or nothing (will then match on events and attributes)
bull context_id (Optional[~SearchType]) ndash Only relevant if context is either ldquoattributerdquoor ldquoeventrdquo Then it is the relevant ID
bull type_sighting (Optional[str]) ndash Type of sighting
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull publish_timestamp (Union[date int str float NoneTuple[Union[date int str float None] Union[date int str floatNone]]]) ndash Restrict the results by the last publish timestamp (newer than)
bull org (Optional[~SearchType]) ndash Search by the creator organisation by supplying theorganisation identifier
bull source (Optional[str]) ndash Source of the sighting
bull include_attribute (Optional[bool]) ndash Include the attribute
bull include_event_meta (Optional[bool]) ndash Include the meta information of theevent
Deprecated
Parameters last (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash synonym for pub-lish_timestamp
Example
21 PyMISP 19
PyMISP Documentation Release main
gtgtgt mispsearch_sightings(publish_timestamp=30d) search sightings for therarr˓last 30 days on the instance[ ]gtgtgt mispsearch_sightings(context=attribute context_id=6 include_rarr˓attribute=True) return list of sighting for attribute 6 along with therarr˓attribute itself[ ]gtgtgt mispsearch_sightings(context=event context_id=17 include_event_rarr˓meta=True org=2) return list of sighting for event 17 filtered with orgrarr˓id 2
Return type Union[Dict List[Dict[str Union[MISPEvent MISPAttributeMISPSighting]]]]
server_pull(server event=None)Initialize a pull from a sync server
Return type Dict
server_push(server event=None)Initialize a push to a sync server
Return type Dict
servers(pythonify=False)Get the existing servers the MISP instance can synchronise with
Return type Union[Dict List[MISPServer]]
set_user_setting(user_setting value user=None pythonify=False)Get an user setting
Return type Union[Dict MISPUserSetting]
sharing_groups(pythonify=False)Get the existing sharing groups
Return type Union[Dict List[MISPSharingGroup]]
sightings(misp_entity=None org=None pythonify=False)Get the list of sighting related to a MISPEvent or a MISPAttribute (depending on type of misp_entity)
Return type Union[Dict List[MISPSighting]]
tag(misp_entity tag local=False)Tag an event or an attribute misp_entity can be a MISPEvent a MISP Attribute or a UUID
Return type Dict
tags(pythonify=False)Get the list of existing tags
Return type Union[Dict List[MISPTag]]
tags_statistics(percentage=False name_sort=False)Get tags statistics from the MISP instance
Return type Dict
taxonomies(pythonify=False)Get all the taxonomies
Return type Union[Dict List[MISPTaxonomy]]
20 Chapter 2 pymisp
PyMISP Documentation Release main
toggle_warninglist(warninglist_id=None warninglist_name=None force_enable=False)Toggle (enabledisable) the status of a warninglist by ID type warninglist_id Union[str intList[int] None] param warninglist_id ID of the WarningList type force_enable bool paramforce_enable Force the warning list in the enabled state (does nothing is already enabled)
Return type Dict
untag(misp_entity tag)Untag an event or an attribute misp_entity can be a UUID
Return type Dict
update_attribute(attribute attribute_id=None pythonify=False)Update an attribute on a MISP instance
Return type Union[Dict MISPAttribute MISPShadowAttribute]
update_attribute_proposal(initial_attribute attribute pythonify=False)Propose a change for an attribute
Return type Union[Dict MISPShadowAttribute]
update_event(event event_id=None pythonify=False)Update an event on a MISP instance
Return type Union[Dict MISPEvent]
update_event_blacklist(event_blacklist event_blacklist_id=None pythonify=False)Update an event in the blacklist
Return type Union[Dict MISPEventBlacklist]
update_feed(feed feed_id=None pythonify=False)Update a feed on a MISP instance
Return type Union[Dict MISPFeed]
update_galaxies()Update all the galaxies
Return type Dict
update_noticelists()Update all the noticelists
Return type Dict
update_object(misp_object object_id=None pythonify=False)Update an object on a MISP instance
Return type Union[Dict MISPObject]
update_object_templates()Trigger an update of the object templates
Return type Dict
update_organisation(organisation organisation_id=None pythonify=False)Update an organisation
Return type Union[Dict MISPOrganisation]
update_organisation_blacklist(organisation_blacklist organisation_blacklist_id=Nonepythonify=False)
Update an organisation in the blacklist
Return type Union[Dict MISPOrganisationBlacklist]
21 PyMISP 21
PyMISP Documentation Release main
update_server(server server_id=None pythonify=False)Update a server to synchronise with
Return type Union[Dict MISPServer]
update_tag(tag tag_id=None pythonify=False)Edit only the provided parameters of a tag
Return type Union[Dict MISPTag]
update_taxonomies()Update all the taxonomies
Return type Dict
update_user(user user_id=None pythonify=False)Update an event on a MISP instance
Return type Union[Dict MISPUser]
update_warninglists()Update all the warninglists
Return type Dict
upload_stix(path version=2)Upload a STIX file to MISP param path Path to the STIX on the disk (can be a path-like object or apseudofile) type version str param version Can be 1 or 2
user_registrations(pythonify=False)Get all the user registrations
Return type Union[Dict List[MISPInbox]]
user_settings(pythonify=False)Get all the user settings
Return type Union[Dict List[MISPUserSetting]]
users(pythonify=False)Get all the users
Return type Union[Dict List[MISPUser]]
users_statistics(context=data)Get users statistics from the MISP instance
Return type Dict
values_in_warninglist(value)Check if IOC values are in warninglist
Return type Dict
property versionReturns the version of PyMISP yoursquore curently using
Return type Dict
warninglists(pythonify=False)Get all the warninglists
Return type Union[Dict List[MISPWarninglist]]
22 Chapter 2 pymisp
PyMISP Documentation Release main
22 PyMISPExpanded (Python 36+ only)
pymispExpandedPyMISPalias of pymispapiPyMISP
23 MISPAbstract
class pymispAbstractMISP(kwargs)
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
Return type None
from_json(json_string)Load a JSON string
Return type None
jsonable()This method is used by the JSON encoder
Return type Dict
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
22 PyMISPExpanded (Python 36+ only) 23
PyMISP Documentation Release main
24 MISPEncode
class pymispMISPEncode(args kwargs)
default(obj)Implement this method in a subclass such that it returns a serializable object for o or calls the baseimplementation (to raise a TypeError)
For example to support arbitrary iterators you could implement default like this
def default(self o)try
iterable = iter(o)except TypeError
passelse
return list(iterable) Let the base class default method raise the TypeErrorreturn JSONEncoderdefault(self o)
25 MISPEvent
class pymispMISPEvent(describe_types=None strict_validation=False kwargs)
add_attribute(type value kwargs)Add an attribute type and value are required but you can pass all other parameters supported by MISPAt-tribute
Return type Union[MISPAttribute List[MISPAttribute]]
add_attribute_tag(tag attribute_identifier)Add a tag to an existing attribute raise an Exception if the attribute doesnrsquot exists tag Tag name as astring MISPTag instance or dictionary attribute_identifier can be an ID UUID or the value
Return type List[MISPAttribute]
add_object(obj=None kwargs)Add an object to the Event either by passing a MISPObject or a dictionary
Return type MISPObject
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a tag to the attribute (by name or a MISPTag object)
Return type MISPShadowAttribute
clear()rarr None Remove all items from D
delete_attribute(attribute_id)Delete an attribute you can search by ID or UUID
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
24 Chapter 2 pymisp
PyMISP Documentation Release main
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attribute_tag(attribute_identifier)Return the tags associated to an attribute or an object attribute attribute_identifier can be an ID UUIDor the value
Return type List[MISPTag]
get_object_by_id(object_id)Get an object by ID (the ID is the one set by the server when creating the new object)
Return type MISPObject
get_object_by_uuid(object_uuid)Get an object by UUID (UUID is set by the server when creating the new object)
Return type MISPObject
get_objects_by_name(object_name)Get an object by UUID (UUID is set by the server when creating the new object)
Return type List[MISPObject]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
load(json_event validate=False metadata_only=False)Load a JSON dump from a pseudo file or a JSON string
load_file(event_path validate=False metadata_only=False)Load a JSON dump from a file on the disk
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
publish()Mark the attribute as published
set_date(d=None ignore_invalid=False)Set a date for the event (string datetime or date object)
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
25 MISPEvent 25
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Event
Return type List[MISPTag]
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_feed(valid_distributions=[0 1 2 3 4 5] with_meta=False)Generate a json output for MISP Feed Notes
bull valid_distributions only makes sense if the distribution key is set (ie the event is exported from aMISP instance)
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
unpublish()Mark the attribute as un-published (set publish flag to false)
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
26 MISPAttribute
class pymispMISPAttribute(describe_types=None strict=False)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
26 Chapter 2 pymisp
PyMISP Documentation Release main
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
26 MISPAttribute 27
PyMISP Documentation Release main
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
27 MISPObject
class pymispMISPObject(name strict=False standalone=True default_attributes_parameters=kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
28 Chapter 2 pymisp
PyMISP Documentation Release main
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
28 MISPObjectAttribute
class pymispMISPObjectAttribute(definition)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
28 MISPObjectAttribute 29
PyMISP Documentation Release main
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(object_relation value kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
30 Chapter 2 pymisp
PyMISP Documentation Release main
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
29 MISPObjectReference
class pymispMISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
29 MISPObjectReference 31
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
210 MISPTag
class pymispMISPTag(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
32 Chapter 2 pymisp
PyMISP Documentation Release main
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
211 MISPUser
class pymispMISPUser(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
211 MISPUser 33
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation
class pymispMISPOrganisation
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
34 Chapter 2 pymisp
PyMISP Documentation Release main
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation 35
PyMISP Documentation Release main
36 Chapter 2 pymisp
CHAPTER
THREE
PYMISP - TOOLS
31 File Object
class pymisptoolsFileObject(filepath=None pseudofile=None filename=None kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Contains the logic where all the values of the object are gathered
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
37
PyMISP Documentation Release main
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
32 ELF Object
33 PE Object
34 Mach-O Object
35 VT Report Object
class pymisptoolsVTReportObject(apikey indicator vt_proxies=None kwargs)VirusTotal Report
Apikey VirusTotal API key (private works but only public features are supported right now)
38 Chapter 3 pymisp - Tools
PyMISP Documentation Release main
Indicator IOC to search VirusTotal for
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Parse the VirusTotal report for relevant attributes
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
35 VT Report Object 39
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
36 STIX
pymisptoolsstixload_stix(stix distribution=3 threat_level_id=2 analysis=0)Returns a MISPEvent object from a STIX package
pymisptoolsstixmake_stix_package(misp_event to_json=False to_xml=False)Returns a STIXPackage from a MISPEvent
Optionally can return the package in json or xml
37 OpenIOC
toolsload_openioc()
toolsload_openioc_file()
40 Chapter 3 pymisp - Tools
CHAPTER
FOUR
INDICES AND TABLES
bull genindex
bull modindex
bull search
41
PyMISP Documentation Release main
42 Chapter 4 Indices and tables
PYTHON MODULE INDEX
ppymisp 7pymisptools 37pymisptoolsstix 40
43
PyMISP Documentation Release main
44 Python Module Index
INDEX
AAbstractMISP (class in pymisp) 23accept_attribute_proposal()
(pymispPyMISP method) 7add_attribute() (pymispMISPEvent method) 24add_attribute() (pymispMISPObject method) 28add_attribute() (pymispPyMISP method) 7add_attribute() (pymisptoolsFileObject method)
37add_attribute() (pymisptoolsVTReportObject
method) 39add_attribute_proposal() (pymispPyMISP
method) 7add_attribute_tag() (pymispMISPEvent
method) 24add_attributes() (pymispMISPObject method)
28add_attributes() (pymisptoolsFileObject
method) 37add_attributes() (pymisptoolsVTReportObject
method) 39add_event() (pymispPyMISP method) 7add_event_blacklist() (pymispPyMISP
method) 8add_feed() (pymispPyMISP method) 8add_object() (pymispMISPEvent method) 24add_object() (pymispPyMISP method) 8add_object_reference() (pymispPyMISP
method) 8add_org_to_sharing_group() (pymispPyMISP
method) 8add_organisation() (pymispPyMISP method) 8add_organisation_blacklist()
(pymispPyMISP method) 8add_proposal() (pymispMISPAttribute method) 26add_proposal() (pymispMISPEvent method) 24add_proposal() (pymispMISPObjectAttribute
method) 29add_reference() (pymispMISPObject method) 28add_reference() (pymisptoolsFileObject method)
37add_reference() (pymisptoolsVTReportObject
method) 39add_server() (pymispPyMISP method) 8add_server_to_sharing_group()
(pymispPyMISP method) 8add_shadow_attribute() (pymispMISPAttribute
method) 26add_shadow_attribute() (pymispMISPEvent
method) 24add_shadow_attribute()
(pymispMISPObjectAttribute method) 29add_sharing_group() (pymispPyMISP method) 8add_sighting() (pymispMISPAttribute method) 26add_sighting() (pymispMISPObjectAttribute
method) 29add_sighting() (pymispPyMISP method) 8add_tag() (pymispPyMISP method) 8add_user() (pymispPyMISP method) 9attributes_statistics() (pymispPyMISP
method) 9
Bbuild_complex_query() (pymispPyMISP
method) 9
Ccache_all_feeds() (pymispPyMISP method) 9cache_feed() (pymispPyMISP method) 9cache_freetext_feeds() (pymispPyMISP
method) 9cache_misp_feeds() (pymispPyMISP method) 9change_sharing_group_on_entity()
(pymispPyMISP method) 9change_user_password() (pymispPyMISP
method) 9clear() (pymispMISPAttribute method) 26clear() (pymispMISPEvent method) 24clear() (pymispMISPObject method) 28clear() (pymispMISPObjectAttribute method) 29clear() (pymispMISPObjectReference method) 31clear() (pymispMISPOrganisation method) 34clear() (pymispMISPTag method) 32clear() (pymispMISPUser method) 33
45
PyMISP Documentation Release main
clear() (pymisptoolsFileObject method) 37clear() (pymisptoolsVTReportObject method) 39communities() (pymispPyMISP method) 9compare_feeds() (pymispPyMISP method) 9contact_event_reporter() (pymispPyMISP
method) 9
Ddefault() (pymispMISPEncode method) 24delegate_event() (pymispPyMISP method) 10delete() (pymispMISPAttribute method) 26delete() (pymispMISPObjectAttribute method) 30delete_attribute() (pymispMISPEvent method)
24delete_attribute() (pymispPyMISP method) 10delete_attribute_proposal()
(pymispPyMISP method) 10delete_event() (pymispPyMISP method) 10delete_event_blacklist() (pymispPyMISP
method) 10delete_feed() (pymispPyMISP method) 10delete_object() (pymispPyMISP method) 10delete_object_reference() (pymispPyMISP
method) 10delete_organisation() (pymispPyMISP
method) 10delete_organisation_blacklist()
(pymispPyMISP method) 10delete_server() (pymispPyMISP method) 10delete_sharing_group() (pymispPyMISP
method) 10delete_sighting() (pymispPyMISP method) 10delete_tag() (pymispPyMISP method) 11delete_user() (pymispPyMISP method) 11delete_user_setting() (pymispPyMISP
method) 11describe_types_local() (pymispPyMISP prop-
erty) 11describe_types_remote() (pymispPyMISP
property) 11direct_call() (pymispPyMISP method) 11disable_feed() (pymispPyMISP method) 11disable_feed_cache() (pymispPyMISP method)
11disable_noticelist() (pymispPyMISP method)
11disable_tag() (pymispPyMISP method) 11disable_taxonomy() (pymispPyMISP method) 11disable_taxonomy_tags() (pymispPyMISP
method) 11disable_warninglist() (pymispPyMISP
method) 11discard_attribute_proposal()
(pymispPyMISP method) 12
Eedited() (pymispAbstractMISP property) 23edited() (pymispMISPAttribute property) 26edited() (pymispMISPEvent property) 24edited() (pymispMISPObject property) 28edited() (pymispMISPObjectAttribute property) 30edited() (pymispMISPObjectReference property) 31edited() (pymispMISPOrganisation property) 34edited() (pymispMISPTag property) 32edited() (pymispMISPUser property) 33edited() (pymisptoolsFileObject property) 37edited() (pymisptoolsVTReportObject property) 39enable_feed() (pymispPyMISP method) 12enable_feed_cache() (pymispPyMISP method)
12enable_noticelist() (pymispPyMISP method)
12enable_tag() (pymispPyMISP method) 12enable_taxonomy() (pymispPyMISP method) 12enable_taxonomy_tags() (pymispPyMISP
method) 12enable_warninglist() (pymispPyMISP method)
12event_blacklists() (pymispPyMISP method) 12event_delegations() (pymispPyMISP method)
12ExpandedPyMISP (in module pymisp) 23
Ffeeds() (pymispPyMISP method) 12fetch_feed() (pymispPyMISP method) 12FileObject (class in pymisptools) 37freetext() (pymispPyMISP method) 12from_dict() (pymispAbstractMISP method) 23from_dict() (pymispMISPAttribute method) 27from_dict() (pymispMISPEvent method) 25from_dict() (pymispMISPObject method) 28from_dict() (pymispMISPObjectAttribute method)
30from_dict() (pymispMISPObjectReference method)
31from_dict() (pymispMISPOrganisation method) 34from_dict() (pymispMISPTag method) 32from_dict() (pymispMISPUser method) 33from_dict() (pymisptoolsFileObject method) 37from_dict() (pymisptoolsVTReportObject method)
39from_json() (pymispAbstractMISP method) 23from_json() (pymispMISPAttribute method) 27from_json() (pymispMISPEvent method) 25from_json() (pymispMISPObject method) 28from_json() (pymispMISPObjectAttribute method)
30
46 Index
PyMISP Documentation Release main
from_json() (pymispMISPObjectReference method)31
from_json() (pymispMISPOrganisation method) 34from_json() (pymispMISPTag method) 32from_json() (pymispMISPUser method) 33from_json() (pymisptoolsFileObject method) 37from_json() (pymisptoolsVTReportObject method)
39
Ggalaxies() (pymispPyMISP method) 12generate_attributes() (pymisptoolsFileObject
method) 37generate_attributes()
(pymisptoolsVTReportObject method)39
get() (pymispMISPAttribute method) 27get() (pymispMISPEvent method) 25get() (pymispMISPObject method) 28get() (pymispMISPObjectAttribute method) 30get() (pymispMISPObjectReference method) 31get() (pymispMISPOrganisation method) 34get() (pymispMISPTag method) 32get() (pymispMISPUser method) 33get() (pymisptoolsFileObject method) 37get() (pymisptoolsVTReportObject method) 39get_all_functions() (pymispPyMISP method)
13get_attribute() (pymispPyMISP method) 13get_attribute_tag() (pymispMISPEvent
method) 25get_attributes_by_relation()
(pymispMISPObject method) 28get_attributes_by_relation()
(pymisptoolsFileObject method) 37get_attributes_by_relation()
(pymisptoolsVTReportObject method)39
get_community() (pymispPyMISP method) 13get_event() (pymispPyMISP method) 13get_feed() (pymispPyMISP method) 13get_galaxy() (pymispPyMISP method) 13get_noticelist() (pymispPyMISP method) 13get_object() (pymispPyMISP method) 13get_object_by_id() (pymispMISPEvent method)
25get_object_by_uuid() (pymispMISPEvent
method) 25get_object_template() (pymispPyMISP
method) 13get_objects_by_name() (pymispMISPEvent
method) 25get_organisation() (pymispPyMISP method) 13get_sync_config() (pymispPyMISP method) 13
get_tag() (pymispPyMISP method) 13get_taxonomy() (pymispPyMISP method) 13get_user() (pymispPyMISP method) 13get_user_setting() (pymispPyMISP method) 14get_warninglist() (pymispPyMISP method) 14
Hhas_attributes_by_relation()
(pymispMISPObject method) 28has_attributes_by_relation()
(pymisptoolsFileObject method) 37has_attributes_by_relation()
(pymisptoolsVTReportObject method)39
hash_values() (pymispMISPAttribute method) 27hash_values() (pymispMISPObjectAttribute
method) 30
Iimport_server() (pymispPyMISP method) 14items() (pymispMISPAttribute method) 27items() (pymispMISPEvent method) 25items() (pymispMISPObject method) 29items() (pymispMISPObjectAttribute method) 30items() (pymispMISPObjectReference method) 31items() (pymispMISPOrganisation method) 34items() (pymispMISPTag method) 32items() (pymispMISPUser method) 33items() (pymisptoolsFileObject method) 38items() (pymisptoolsVTReportObject method) 39
Jjsonable() (pymispAbstractMISP method) 23jsonable() (pymispMISPAttribute method) 27jsonable() (pymispMISPEvent method) 25jsonable() (pymispMISPObject method) 29jsonable() (pymispMISPObjectAttribute method)
30jsonable() (pymispMISPObjectReference method)
31jsonable() (pymispMISPOrganisation method) 34jsonable() (pymispMISPTag method) 32jsonable() (pymispMISPUser method) 33jsonable() (pymisptoolsFileObject method) 38jsonable() (pymisptoolsVTReportObject method)
39
Kkeys() (pymispMISPAttribute method) 27keys() (pymispMISPEvent method) 25keys() (pymispMISPObject method) 29keys() (pymispMISPObjectAttribute method) 30keys() (pymispMISPObjectReference method) 31keys() (pymispMISPOrganisation method) 34
Index 47
PyMISP Documentation Release main
keys() (pymispMISPTag method) 32keys() (pymispMISPUser method) 33keys() (pymisptoolsFileObject method) 38keys() (pymisptoolsVTReportObject method) 39known_types() (pymispMISPAttribute property) 27known_types() (pymispMISPObjectAttribute prop-
erty) 30
Lload() (pymispMISPEvent method) 25load_default_feeds() (pymispPyMISP method)
14load_file() (pymispMISPEvent method) 25load_openioc() (pymisptools method) 40load_openioc_file() (pymisptools method) 40load_stix() (in module pymisptoolsstix) 40
Mmake_stix_package() (in module
pymisptoolsstix) 40malware_binary() (pymispMISPAttribute prop-
erty) 27malware_binary() (pymispMISPObjectAttribute
property) 30misp_instance_version() (pymispPyMISP
property) 14misp_instance_version_master()
(pymispPyMISP property) 14MISPAttribute (class in pymisp) 26MISPEncode (class in pymisp) 24MISPEvent (class in pymisp) 24MISPObject (class in pymisp) 28MISPObjectAttribute (class in pymisp) 29MISPObjectReference (class in pymisp) 31MISPOrganisation (class in pymisp) 34MISPTag (class in pymisp) 32MISPUser (class in pymisp) 33module
pymisp 7pymisptools 37pymisptoolsstix 40
Nnoticelists() (pymispPyMISP method) 14
Oobject_templates() (pymispPyMISP method) 14organisation_blacklists() (pymispPyMISP
method) 14organisations() (pymispPyMISP method) 14
Ppop() (pymispMISPAttribute method) 27
pop() (pymispMISPEvent method) 25pop() (pymispMISPObject method) 29pop() (pymispMISPObjectAttribute method) 30pop() (pymispMISPObjectReference method) 31pop() (pymispMISPOrganisation method) 34pop() (pymispMISPTag method) 32pop() (pymispMISPUser method) 33pop() (pymisptoolsFileObject method) 38pop() (pymisptoolsVTReportObject method) 39popitem() (pymispMISPAttribute method) 27popitem() (pymispMISPEvent method) 25popitem() (pymispMISPObject method) 29popitem() (pymispMISPObjectAttribute method) 30popitem() (pymispMISPObjectReference method) 31popitem() (pymispMISPOrganisation method) 34popitem() (pymispMISPTag method) 32popitem() (pymispMISPUser method) 33popitem() (pymisptoolsFileObject method) 38popitem() (pymisptoolsVTReportObject method) 39publish() (pymispMISPEvent method) 25publish() (pymispPyMISP method) 14push_event_to_ZMQ() (pymispPyMISP method)
14pymisp
module 7PyMISP (class in pymisp) 7pymisptools
module 37pymisptoolsstix
module 40pymisp_version_main() (pymispPyMISP prop-
erty) 15
Rrecommended_pymisp_version()
(pymispPyMISP property) 15remote_acl() (pymispPyMISP method) 15remove_org_from_sharing_group()
(pymispPyMISP method) 15remove_server_from_sharing_group()
(pymispPyMISP method) 15roles() (pymispPyMISP method) 15
Ssearch() (pymispPyMISP method) 15search_feeds() (pymispPyMISP method) 17search_index() (pymispPyMISP method) 18search_logs() (pymispPyMISP method) 18search_sightings() (pymispPyMISP method) 19server_pull() (pymispPyMISP method) 20server_push() (pymispPyMISP method) 20servers() (pymispPyMISP method) 20set_date() (pymispMISPEvent method) 25
48 Index
PyMISP Documentation Release main
set_not_jsonable() (pymispAbstractMISPmethod) 23
set_not_jsonable() (pymispMISPAttributemethod) 27
set_not_jsonable() (pymispMISPEvent method)25
set_not_jsonable() (pymispMISPObjectmethod) 29
set_not_jsonable() (pymispMISPObjectAttributemethod) 30
set_not_jsonable()(pymispMISPObjectReference method)31
set_not_jsonable() (pymispMISPOrganisationmethod) 35
set_not_jsonable() (pymispMISPTag method)32
set_not_jsonable() (pymispMISPUser method)33
set_not_jsonable() (pymisptoolsFileObjectmethod) 38
set_not_jsonable()(pymisptoolsVTReportObject method)39
set_user_setting() (pymispPyMISP method) 20setdefault() (pymispMISPAttribute method) 27setdefault() (pymispMISPEvent method) 25setdefault() (pymispMISPObject method) 29setdefault() (pymispMISPObjectAttribute
method) 30setdefault() (pymispMISPObjectReference
method) 31setdefault() (pymispMISPOrganisation method)
35setdefault() (pymispMISPTag method) 33setdefault() (pymispMISPUser method) 34setdefault() (pymisptoolsFileObject method) 38setdefault() (pymisptoolsVTReportObject
method) 40sharing_groups() (pymispPyMISP method) 20sightings() (pymispPyMISP method) 20
Ttag() (pymispPyMISP method) 20tags() (pymispMISPAttribute property) 27tags() (pymispMISPEvent property) 26tags() (pymispMISPObjectAttribute property) 30tags() (pymispPyMISP method) 20tags_statistics() (pymispPyMISP method) 20taxonomies() (pymispPyMISP method) 20to_dict() (pymispAbstractMISP method) 23to_dict() (pymispMISPAttribute method) 27to_dict() (pymispMISPEvent method) 26to_dict() (pymispMISPObject method) 29
to_dict() (pymispMISPObjectAttribute method) 30to_dict() (pymispMISPObjectReference method) 32to_dict() (pymispMISPOrganisation method) 35to_dict() (pymispMISPTag method) 33to_dict() (pymispMISPUser method) 34to_dict() (pymisptoolsFileObject method) 38to_dict() (pymisptoolsVTReportObject method) 40to_feed() (pymispMISPEvent method) 26to_json() (pymispAbstractMISP method) 23to_json() (pymispMISPAttribute method) 27to_json() (pymispMISPEvent method) 26to_json() (pymispMISPObject method) 29to_json() (pymispMISPObjectAttribute method) 31to_json() (pymispMISPObjectReference method) 32to_json() (pymispMISPOrganisation method) 35to_json() (pymispMISPTag method) 33to_json() (pymispMISPUser method) 34to_json() (pymisptoolsFileObject method) 38to_json() (pymisptoolsVTReportObject method) 40toggle_warninglist() (pymispPyMISP method)
20
Uunpublish() (pymispMISPEvent method) 26untag() (pymispPyMISP method) 21update() (pymispMISPAttribute method) 28update() (pymispMISPEvent method) 26update() (pymispMISPObject method) 29update() (pymispMISPObjectAttribute method) 31update() (pymispMISPObjectReference method) 32update() (pymispMISPOrganisation method) 35update() (pymispMISPTag method) 33update() (pymispMISPUser method) 34update() (pymisptoolsFileObject method) 38update() (pymisptoolsVTReportObject method) 40update_attribute() (pymispPyMISP method) 21update_attribute_proposal()
(pymispPyMISP method) 21update_event() (pymispPyMISP method) 21update_event_blacklist() (pymispPyMISP
method) 21update_feed() (pymispPyMISP method) 21update_galaxies() (pymispPyMISP method) 21update_not_jsonable() (pymispAbstractMISP
method) 23update_not_jsonable() (pymispMISPAttribute
method) 28update_not_jsonable() (pymispMISPEvent
method) 26update_not_jsonable() (pymispMISPObject
method) 29update_not_jsonable()
(pymispMISPObjectAttribute method) 31
Index 49
PyMISP Documentation Release main
update_not_jsonable()(pymispMISPObjectReference method)32
update_not_jsonable()(pymispMISPOrganisation method) 35
update_not_jsonable() (pymispMISPTagmethod) 33
update_not_jsonable() (pymispMISPUsermethod) 34
update_not_jsonable() (pymisptoolsFileObjectmethod) 38
update_not_jsonable()(pymisptoolsVTReportObject method)40
update_noticelists() (pymispPyMISP method)21
update_object() (pymispPyMISP method) 21update_object_templates() (pymispPyMISP
method) 21update_organisation() (pymispPyMISP
method) 21update_organisation_blacklist()
(pymispPyMISP method) 21update_server() (pymispPyMISP method) 22update_tag() (pymispPyMISP method) 22update_taxonomies() (pymispPyMISP method)
22update_user() (pymispPyMISP method) 22update_warninglists() (pymispPyMISP
method) 22upload_stix() (pymispPyMISP method) 22user_registrations() (pymispPyMISP method)
22user_settings() (pymispPyMISP method) 22users() (pymispPyMISP method) 22users_statistics() (pymispPyMISP method) 22
Vvalues() (pymispMISPAttribute method) 28values() (pymispMISPEvent method) 26values() (pymispMISPObject method) 29values() (pymispMISPObjectAttribute method) 31values() (pymispMISPObjectReference method) 32values() (pymispMISPOrganisation method) 35values() (pymispMISPTag method) 33values() (pymispMISPUser method) 34values() (pymisptoolsFileObject method) 38values() (pymisptoolsVTReportObject method) 40values_in_warninglist() (pymispPyMISP
method) 22version() (pymispPyMISP property) 22VTReportObject (class in pymisptools) 38
Wwarninglists() (pymispPyMISP method) 22
50 Index
- README
- pymisp
- PyMISP
- PyMISPExpanded (Python 36+ only)
- MISPAbstract
- MISPEncode
- MISPEvent
- MISPAttribute
- MISPObject
- MISPObjectAttribute
- MISPObjectReference
- MISPTag
- MISPUser
- MISPOrganisation
- pymisp - Tools
- File Object
- ELF Object
- PE Object
- Mach-O Object
- VT Report Object
- STIX
- OpenIOC
- Indices and tables
- Python Module Index
- Index
PyMISP Documentation Release main
bull value (Optional[~SearchParameterTypes]) ndash Search for the given value in the at-tributesrsquo value field
bull type_attribute (Optional[~SearchParameterTypes]) ndash The attribute type anyvalid MISP attribute type is accepted
bull category (Optional[~SearchParameterTypes]) ndash The attribute category any validMISP attribute category is accepted
bull org (Optional[~SearchParameterTypes]) ndash Search by the creator organisation by sup-plying the organisation identifier
bull tags (Optional[~SearchParameterTypes]) ndash Tags to search or to exclude You canpass a list or the output of build_complex_query
bull quick_filter (Optional[str]) ndash The string passed to this field will ignore all ofthe other arguments MISP will return an xml json (depending on the header sent) of allevents that have a sub-string match on value in the event info event orgc or any of theattribute value1 value2 fields or in the attribute comment
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull eventid (Optional[~SearchType]) ndash The events that should be included excludedfrom the search
bull with_attachments (Optional[bool]) ndash If set encodes the attachments zippedmalware samples as base64 in the data field within each attribute
bull metadata (Optional[bool]) ndash Only the metadata (event tags relations) is returnedattributes and proposals are omitted
bull uuid (Optional[str]) ndash Restrict the results by uuid
bull publish_timestamp (Union[date int str float NoneTuple[Union[date int str float None] Union[date int str floatNone]]]) ndash Restrict the results by the last publish timestamp (newer than)
bull timestamp (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash Restrict the resultsby the timestamp (last edit) Any event with a timestamp newer than the given timestampwill be returned In case you are dealing with attributes as scope the attributersquos timestampwill be used for the lookup
bull published (Optional[bool]) ndash Set whether published or unpublished events shouldbe returned Do not set the parameter if you want both
bull enforce_warninglist (Optional[bool]) ndash Remove any attributes from the resultthat would cause a hit on a warninglist entry
bull to_ids (Union[~ToIDSType List[~ToIDSType] None]) ndash By default all attributesare returned that match the other filter parameters irregardless of their to_ids setting Torestrict the returned data set to to_ids only attributes set this parameter to 1 0 for the oneswith to_ids set to False
bull deleted (Optional[str]) ndash If this parameter is set to 1 it will only return soft-deletedattributes [ldquo0rdquo ldquo1rdquo] will return the active ones as well as the soft-deleted ones
bull include_event_uuid (Optional[bool]) ndash Instead of just including the event IDalso include the event UUID in each of the attributes
16 Chapter 2 pymisp
PyMISP Documentation Release main
bull include_event_tags (Optional[bool]) ndash Include the event level tags in each ofthe attributes
bull event_timestamp (Union[date int str float None]) ndash Only return at-tributes from events that have received a modification after the given timestamp
bull sg_reference_only (Optional[bool]) ndash If this flag is set sharing group objectswill not be included instead only the sharing group ID is set
bull eventinfo (Optional[str]) ndash Filter on the eventrsquos info field
bull searchall (Optional[bool]) ndash Search for a full or a substring (delimited by forsubstrings) in the event info event tags attribute tags attribute values or attribute commentfields
bull requested_attributes (Optional[str]) ndash [CSV only] Select the fields that youwish to include in the CSV export By setting event level fields additionally includeCon-text is not required to get event metadata
bull include_context (Optional[bool]) ndash [Attribute only] Include the event data witheach attribute [CSV output] Add event level metadata in every line of the CSV
bull headerless (Optional[bool]) ndash [CSV Only] The CSV created when this setting isset to true will not contain the header row
bull include_sightings (Optional[bool]) ndash [JSON Only - Attribute] Include thesightings of the matching attributes
bull include_decay_score (Optional[bool]) ndash Include the decay score at attributelevel
bull include_correlations (Optional[bool]) ndash [JSON Only - attribute] Include thecorrelations of the matching attributes
bull object_name (Optional[str]) ndash [objects controller only] Search for objects withthat name
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead of the plainjson output Warning it might use a lot of RAM
Deprecated
Parameters
bull quickFilter (Optional[str]) ndash synponym for quick_filter
bull withAttachments (Optional[bool]) ndash synonym for with_attachments
bull last (Union[date int str float None Tuple[Union[date int strfloat None] Union[date int str float None]]]) ndash synonym for pub-lish_timestamp
bull enforceWarninglist (Optional[bool]) ndash synonym for enforce_warninglist
bull includeEventUuid (Optional[bool]) ndash synonym for include_event_uuid
bull includeEventTags (Optional[bool]) ndash synonym for include_event_tags
bull includeContext (Optional[bool]) ndash synonym for include_context
Return type Union[Dict str List[Union[MISPEvent MISPAttributeMISPObject]]]
search_feeds(value=None pythonify=False)Search in the feeds cached on the servers
21 PyMISP 17
PyMISP Documentation Release main
Return type Union[Dict List[MISPFeed]]
search_index(published=None eventid=None tags=None date_from=None date_to=Noneeventinfo=None threatlevel=None distribution=None analysis=None org=Nonetimestamp=None pythonify=None)
Search only at the index level Using in front of a value means NOT (default is OR)
Parameters
bull published (Optional[bool]) ndash Set whether published or unpublished events shouldbe returned Do not set the parameter if you want both
bull eventid (Optional[~SearchType]) ndash The events that should be included excludedfrom the search
bull tags (Optional[~SearchParameterTypes]) ndash Tags to search or to exclude You canpass a list or the output of build_complex_query
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull eventinfo (Optional[str]) ndash Filter on the eventrsquos info field
bull threatlevel (Optional[List[~SearchType]]) ndash Threat level(s) (1234) | list
bull distribution (Optional[List[~SearchType]]) ndash Distribution level(s) (0123) |list
bull analysis (Optional[List[~SearchType]]) ndash Analysis level(s) (012) | list
bull org (Optional[~SearchParameterTypes]) ndash Search by the creator organisation by sup-plying the organisation identifier
bull timestamp (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash Restrict the resultsby the timestamp (last edit) Any event with a timestamp newer than the given timestampwill be returned In case you are dealing with attributes as scope the attributersquos timestampwill be used for the lookup
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead or the plainjson output Warning it might use a lot of RAM
Return type Union[Dict List[MISPEvent]]
search_logs(limit=None page=None log_id=None title=None created=None model=None ac-tion=None user_id=None change=None email=None org=None description=Noneip=None pythonify=False)
Search in logs
Note to run substring queries simply appendprependencapsulate the search term with
Parameters
bull limit (Optional[int]) ndash Limit the number of results returned depending on thescope (for example 10 attributes or 10 full events)
bull page (Optional[int]) ndash If a limit is set sets the page to be returned page 3 limit 100will return records 201-gt300)
bull log_id (Optional[int]) ndash Log ID
bull title (Optional[str]) ndash Log Title
18 Chapter 2 pymisp
PyMISP Documentation Release main
bull created (Union[date int str float None]) ndash Creation timestamp
bull model (Optional[str]) ndash Model name that generated the log entry
bull action (Optional[str]) ndash The thing that was done
bull user_id (Optional[int]) ndash ID of the user doing the action
bull change (Optional[str]) ndash Change that occured
bull email (Optional[str]) ndash Email of the user
bull org (Optional[str]) ndash Organisation of the User doing the action
bull description (Optional[str]) ndash Description of the action
bull ip (Optional[str]) ndash Origination IP of the User doing the action
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead or the plainjson output Warning it might use a lot of RAM
Return type Union[Dict List[MISPLog]]
search_sightings(context=None context_id=None type_sighting=None date_from=Nonedate_to=None publish_timestamp=None last=None org=None source=Noneinclude_attribute=None include_event_meta=None pythonify=False)
Search sightings
Parameters
bull context (Optional[str]) ndash The context of the search Can be either ldquoattributerdquoldquoeventrdquo or nothing (will then match on events and attributes)
bull context_id (Optional[~SearchType]) ndash Only relevant if context is either ldquoattributerdquoor ldquoeventrdquo Then it is the relevant ID
bull type_sighting (Optional[str]) ndash Type of sighting
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull publish_timestamp (Union[date int str float NoneTuple[Union[date int str float None] Union[date int str floatNone]]]) ndash Restrict the results by the last publish timestamp (newer than)
bull org (Optional[~SearchType]) ndash Search by the creator organisation by supplying theorganisation identifier
bull source (Optional[str]) ndash Source of the sighting
bull include_attribute (Optional[bool]) ndash Include the attribute
bull include_event_meta (Optional[bool]) ndash Include the meta information of theevent
Deprecated
Parameters last (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash synonym for pub-lish_timestamp
Example
21 PyMISP 19
PyMISP Documentation Release main
gtgtgt mispsearch_sightings(publish_timestamp=30d) search sightings for therarr˓last 30 days on the instance[ ]gtgtgt mispsearch_sightings(context=attribute context_id=6 include_rarr˓attribute=True) return list of sighting for attribute 6 along with therarr˓attribute itself[ ]gtgtgt mispsearch_sightings(context=event context_id=17 include_event_rarr˓meta=True org=2) return list of sighting for event 17 filtered with orgrarr˓id 2
Return type Union[Dict List[Dict[str Union[MISPEvent MISPAttributeMISPSighting]]]]
server_pull(server event=None)Initialize a pull from a sync server
Return type Dict
server_push(server event=None)Initialize a push to a sync server
Return type Dict
servers(pythonify=False)Get the existing servers the MISP instance can synchronise with
Return type Union[Dict List[MISPServer]]
set_user_setting(user_setting value user=None pythonify=False)Get an user setting
Return type Union[Dict MISPUserSetting]
sharing_groups(pythonify=False)Get the existing sharing groups
Return type Union[Dict List[MISPSharingGroup]]
sightings(misp_entity=None org=None pythonify=False)Get the list of sighting related to a MISPEvent or a MISPAttribute (depending on type of misp_entity)
Return type Union[Dict List[MISPSighting]]
tag(misp_entity tag local=False)Tag an event or an attribute misp_entity can be a MISPEvent a MISP Attribute or a UUID
Return type Dict
tags(pythonify=False)Get the list of existing tags
Return type Union[Dict List[MISPTag]]
tags_statistics(percentage=False name_sort=False)Get tags statistics from the MISP instance
Return type Dict
taxonomies(pythonify=False)Get all the taxonomies
Return type Union[Dict List[MISPTaxonomy]]
20 Chapter 2 pymisp
PyMISP Documentation Release main
toggle_warninglist(warninglist_id=None warninglist_name=None force_enable=False)Toggle (enabledisable) the status of a warninglist by ID type warninglist_id Union[str intList[int] None] param warninglist_id ID of the WarningList type force_enable bool paramforce_enable Force the warning list in the enabled state (does nothing is already enabled)
Return type Dict
untag(misp_entity tag)Untag an event or an attribute misp_entity can be a UUID
Return type Dict
update_attribute(attribute attribute_id=None pythonify=False)Update an attribute on a MISP instance
Return type Union[Dict MISPAttribute MISPShadowAttribute]
update_attribute_proposal(initial_attribute attribute pythonify=False)Propose a change for an attribute
Return type Union[Dict MISPShadowAttribute]
update_event(event event_id=None pythonify=False)Update an event on a MISP instance
Return type Union[Dict MISPEvent]
update_event_blacklist(event_blacklist event_blacklist_id=None pythonify=False)Update an event in the blacklist
Return type Union[Dict MISPEventBlacklist]
update_feed(feed feed_id=None pythonify=False)Update a feed on a MISP instance
Return type Union[Dict MISPFeed]
update_galaxies()Update all the galaxies
Return type Dict
update_noticelists()Update all the noticelists
Return type Dict
update_object(misp_object object_id=None pythonify=False)Update an object on a MISP instance
Return type Union[Dict MISPObject]
update_object_templates()Trigger an update of the object templates
Return type Dict
update_organisation(organisation organisation_id=None pythonify=False)Update an organisation
Return type Union[Dict MISPOrganisation]
update_organisation_blacklist(organisation_blacklist organisation_blacklist_id=Nonepythonify=False)
Update an organisation in the blacklist
Return type Union[Dict MISPOrganisationBlacklist]
21 PyMISP 21
PyMISP Documentation Release main
update_server(server server_id=None pythonify=False)Update a server to synchronise with
Return type Union[Dict MISPServer]
update_tag(tag tag_id=None pythonify=False)Edit only the provided parameters of a tag
Return type Union[Dict MISPTag]
update_taxonomies()Update all the taxonomies
Return type Dict
update_user(user user_id=None pythonify=False)Update an event on a MISP instance
Return type Union[Dict MISPUser]
update_warninglists()Update all the warninglists
Return type Dict
upload_stix(path version=2)Upload a STIX file to MISP param path Path to the STIX on the disk (can be a path-like object or apseudofile) type version str param version Can be 1 or 2
user_registrations(pythonify=False)Get all the user registrations
Return type Union[Dict List[MISPInbox]]
user_settings(pythonify=False)Get all the user settings
Return type Union[Dict List[MISPUserSetting]]
users(pythonify=False)Get all the users
Return type Union[Dict List[MISPUser]]
users_statistics(context=data)Get users statistics from the MISP instance
Return type Dict
values_in_warninglist(value)Check if IOC values are in warninglist
Return type Dict
property versionReturns the version of PyMISP yoursquore curently using
Return type Dict
warninglists(pythonify=False)Get all the warninglists
Return type Union[Dict List[MISPWarninglist]]
22 Chapter 2 pymisp
PyMISP Documentation Release main
22 PyMISPExpanded (Python 36+ only)
pymispExpandedPyMISPalias of pymispapiPyMISP
23 MISPAbstract
class pymispAbstractMISP(kwargs)
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
Return type None
from_json(json_string)Load a JSON string
Return type None
jsonable()This method is used by the JSON encoder
Return type Dict
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
22 PyMISPExpanded (Python 36+ only) 23
PyMISP Documentation Release main
24 MISPEncode
class pymispMISPEncode(args kwargs)
default(obj)Implement this method in a subclass such that it returns a serializable object for o or calls the baseimplementation (to raise a TypeError)
For example to support arbitrary iterators you could implement default like this
def default(self o)try
iterable = iter(o)except TypeError
passelse
return list(iterable) Let the base class default method raise the TypeErrorreturn JSONEncoderdefault(self o)
25 MISPEvent
class pymispMISPEvent(describe_types=None strict_validation=False kwargs)
add_attribute(type value kwargs)Add an attribute type and value are required but you can pass all other parameters supported by MISPAt-tribute
Return type Union[MISPAttribute List[MISPAttribute]]
add_attribute_tag(tag attribute_identifier)Add a tag to an existing attribute raise an Exception if the attribute doesnrsquot exists tag Tag name as astring MISPTag instance or dictionary attribute_identifier can be an ID UUID or the value
Return type List[MISPAttribute]
add_object(obj=None kwargs)Add an object to the Event either by passing a MISPObject or a dictionary
Return type MISPObject
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a tag to the attribute (by name or a MISPTag object)
Return type MISPShadowAttribute
clear()rarr None Remove all items from D
delete_attribute(attribute_id)Delete an attribute you can search by ID or UUID
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
24 Chapter 2 pymisp
PyMISP Documentation Release main
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attribute_tag(attribute_identifier)Return the tags associated to an attribute or an object attribute attribute_identifier can be an ID UUIDor the value
Return type List[MISPTag]
get_object_by_id(object_id)Get an object by ID (the ID is the one set by the server when creating the new object)
Return type MISPObject
get_object_by_uuid(object_uuid)Get an object by UUID (UUID is set by the server when creating the new object)
Return type MISPObject
get_objects_by_name(object_name)Get an object by UUID (UUID is set by the server when creating the new object)
Return type List[MISPObject]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
load(json_event validate=False metadata_only=False)Load a JSON dump from a pseudo file or a JSON string
load_file(event_path validate=False metadata_only=False)Load a JSON dump from a file on the disk
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
publish()Mark the attribute as published
set_date(d=None ignore_invalid=False)Set a date for the event (string datetime or date object)
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
25 MISPEvent 25
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Event
Return type List[MISPTag]
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_feed(valid_distributions=[0 1 2 3 4 5] with_meta=False)Generate a json output for MISP Feed Notes
bull valid_distributions only makes sense if the distribution key is set (ie the event is exported from aMISP instance)
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
unpublish()Mark the attribute as un-published (set publish flag to false)
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
26 MISPAttribute
class pymispMISPAttribute(describe_types=None strict=False)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
26 Chapter 2 pymisp
PyMISP Documentation Release main
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
26 MISPAttribute 27
PyMISP Documentation Release main
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
27 MISPObject
class pymispMISPObject(name strict=False standalone=True default_attributes_parameters=kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
28 Chapter 2 pymisp
PyMISP Documentation Release main
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
28 MISPObjectAttribute
class pymispMISPObjectAttribute(definition)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
28 MISPObjectAttribute 29
PyMISP Documentation Release main
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(object_relation value kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
30 Chapter 2 pymisp
PyMISP Documentation Release main
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
29 MISPObjectReference
class pymispMISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
29 MISPObjectReference 31
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
210 MISPTag
class pymispMISPTag(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
32 Chapter 2 pymisp
PyMISP Documentation Release main
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
211 MISPUser
class pymispMISPUser(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
211 MISPUser 33
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation
class pymispMISPOrganisation
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
34 Chapter 2 pymisp
PyMISP Documentation Release main
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation 35
PyMISP Documentation Release main
36 Chapter 2 pymisp
CHAPTER
THREE
PYMISP - TOOLS
31 File Object
class pymisptoolsFileObject(filepath=None pseudofile=None filename=None kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Contains the logic where all the values of the object are gathered
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
37
PyMISP Documentation Release main
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
32 ELF Object
33 PE Object
34 Mach-O Object
35 VT Report Object
class pymisptoolsVTReportObject(apikey indicator vt_proxies=None kwargs)VirusTotal Report
Apikey VirusTotal API key (private works but only public features are supported right now)
38 Chapter 3 pymisp - Tools
PyMISP Documentation Release main
Indicator IOC to search VirusTotal for
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Parse the VirusTotal report for relevant attributes
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
35 VT Report Object 39
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
36 STIX
pymisptoolsstixload_stix(stix distribution=3 threat_level_id=2 analysis=0)Returns a MISPEvent object from a STIX package
pymisptoolsstixmake_stix_package(misp_event to_json=False to_xml=False)Returns a STIXPackage from a MISPEvent
Optionally can return the package in json or xml
37 OpenIOC
toolsload_openioc()
toolsload_openioc_file()
40 Chapter 3 pymisp - Tools
CHAPTER
FOUR
INDICES AND TABLES
bull genindex
bull modindex
bull search
41
PyMISP Documentation Release main
42 Chapter 4 Indices and tables
PYTHON MODULE INDEX
ppymisp 7pymisptools 37pymisptoolsstix 40
43
PyMISP Documentation Release main
44 Python Module Index
INDEX
AAbstractMISP (class in pymisp) 23accept_attribute_proposal()
(pymispPyMISP method) 7add_attribute() (pymispMISPEvent method) 24add_attribute() (pymispMISPObject method) 28add_attribute() (pymispPyMISP method) 7add_attribute() (pymisptoolsFileObject method)
37add_attribute() (pymisptoolsVTReportObject
method) 39add_attribute_proposal() (pymispPyMISP
method) 7add_attribute_tag() (pymispMISPEvent
method) 24add_attributes() (pymispMISPObject method)
28add_attributes() (pymisptoolsFileObject
method) 37add_attributes() (pymisptoolsVTReportObject
method) 39add_event() (pymispPyMISP method) 7add_event_blacklist() (pymispPyMISP
method) 8add_feed() (pymispPyMISP method) 8add_object() (pymispMISPEvent method) 24add_object() (pymispPyMISP method) 8add_object_reference() (pymispPyMISP
method) 8add_org_to_sharing_group() (pymispPyMISP
method) 8add_organisation() (pymispPyMISP method) 8add_organisation_blacklist()
(pymispPyMISP method) 8add_proposal() (pymispMISPAttribute method) 26add_proposal() (pymispMISPEvent method) 24add_proposal() (pymispMISPObjectAttribute
method) 29add_reference() (pymispMISPObject method) 28add_reference() (pymisptoolsFileObject method)
37add_reference() (pymisptoolsVTReportObject
method) 39add_server() (pymispPyMISP method) 8add_server_to_sharing_group()
(pymispPyMISP method) 8add_shadow_attribute() (pymispMISPAttribute
method) 26add_shadow_attribute() (pymispMISPEvent
method) 24add_shadow_attribute()
(pymispMISPObjectAttribute method) 29add_sharing_group() (pymispPyMISP method) 8add_sighting() (pymispMISPAttribute method) 26add_sighting() (pymispMISPObjectAttribute
method) 29add_sighting() (pymispPyMISP method) 8add_tag() (pymispPyMISP method) 8add_user() (pymispPyMISP method) 9attributes_statistics() (pymispPyMISP
method) 9
Bbuild_complex_query() (pymispPyMISP
method) 9
Ccache_all_feeds() (pymispPyMISP method) 9cache_feed() (pymispPyMISP method) 9cache_freetext_feeds() (pymispPyMISP
method) 9cache_misp_feeds() (pymispPyMISP method) 9change_sharing_group_on_entity()
(pymispPyMISP method) 9change_user_password() (pymispPyMISP
method) 9clear() (pymispMISPAttribute method) 26clear() (pymispMISPEvent method) 24clear() (pymispMISPObject method) 28clear() (pymispMISPObjectAttribute method) 29clear() (pymispMISPObjectReference method) 31clear() (pymispMISPOrganisation method) 34clear() (pymispMISPTag method) 32clear() (pymispMISPUser method) 33
45
PyMISP Documentation Release main
clear() (pymisptoolsFileObject method) 37clear() (pymisptoolsVTReportObject method) 39communities() (pymispPyMISP method) 9compare_feeds() (pymispPyMISP method) 9contact_event_reporter() (pymispPyMISP
method) 9
Ddefault() (pymispMISPEncode method) 24delegate_event() (pymispPyMISP method) 10delete() (pymispMISPAttribute method) 26delete() (pymispMISPObjectAttribute method) 30delete_attribute() (pymispMISPEvent method)
24delete_attribute() (pymispPyMISP method) 10delete_attribute_proposal()
(pymispPyMISP method) 10delete_event() (pymispPyMISP method) 10delete_event_blacklist() (pymispPyMISP
method) 10delete_feed() (pymispPyMISP method) 10delete_object() (pymispPyMISP method) 10delete_object_reference() (pymispPyMISP
method) 10delete_organisation() (pymispPyMISP
method) 10delete_organisation_blacklist()
(pymispPyMISP method) 10delete_server() (pymispPyMISP method) 10delete_sharing_group() (pymispPyMISP
method) 10delete_sighting() (pymispPyMISP method) 10delete_tag() (pymispPyMISP method) 11delete_user() (pymispPyMISP method) 11delete_user_setting() (pymispPyMISP
method) 11describe_types_local() (pymispPyMISP prop-
erty) 11describe_types_remote() (pymispPyMISP
property) 11direct_call() (pymispPyMISP method) 11disable_feed() (pymispPyMISP method) 11disable_feed_cache() (pymispPyMISP method)
11disable_noticelist() (pymispPyMISP method)
11disable_tag() (pymispPyMISP method) 11disable_taxonomy() (pymispPyMISP method) 11disable_taxonomy_tags() (pymispPyMISP
method) 11disable_warninglist() (pymispPyMISP
method) 11discard_attribute_proposal()
(pymispPyMISP method) 12
Eedited() (pymispAbstractMISP property) 23edited() (pymispMISPAttribute property) 26edited() (pymispMISPEvent property) 24edited() (pymispMISPObject property) 28edited() (pymispMISPObjectAttribute property) 30edited() (pymispMISPObjectReference property) 31edited() (pymispMISPOrganisation property) 34edited() (pymispMISPTag property) 32edited() (pymispMISPUser property) 33edited() (pymisptoolsFileObject property) 37edited() (pymisptoolsVTReportObject property) 39enable_feed() (pymispPyMISP method) 12enable_feed_cache() (pymispPyMISP method)
12enable_noticelist() (pymispPyMISP method)
12enable_tag() (pymispPyMISP method) 12enable_taxonomy() (pymispPyMISP method) 12enable_taxonomy_tags() (pymispPyMISP
method) 12enable_warninglist() (pymispPyMISP method)
12event_blacklists() (pymispPyMISP method) 12event_delegations() (pymispPyMISP method)
12ExpandedPyMISP (in module pymisp) 23
Ffeeds() (pymispPyMISP method) 12fetch_feed() (pymispPyMISP method) 12FileObject (class in pymisptools) 37freetext() (pymispPyMISP method) 12from_dict() (pymispAbstractMISP method) 23from_dict() (pymispMISPAttribute method) 27from_dict() (pymispMISPEvent method) 25from_dict() (pymispMISPObject method) 28from_dict() (pymispMISPObjectAttribute method)
30from_dict() (pymispMISPObjectReference method)
31from_dict() (pymispMISPOrganisation method) 34from_dict() (pymispMISPTag method) 32from_dict() (pymispMISPUser method) 33from_dict() (pymisptoolsFileObject method) 37from_dict() (pymisptoolsVTReportObject method)
39from_json() (pymispAbstractMISP method) 23from_json() (pymispMISPAttribute method) 27from_json() (pymispMISPEvent method) 25from_json() (pymispMISPObject method) 28from_json() (pymispMISPObjectAttribute method)
30
46 Index
PyMISP Documentation Release main
from_json() (pymispMISPObjectReference method)31
from_json() (pymispMISPOrganisation method) 34from_json() (pymispMISPTag method) 32from_json() (pymispMISPUser method) 33from_json() (pymisptoolsFileObject method) 37from_json() (pymisptoolsVTReportObject method)
39
Ggalaxies() (pymispPyMISP method) 12generate_attributes() (pymisptoolsFileObject
method) 37generate_attributes()
(pymisptoolsVTReportObject method)39
get() (pymispMISPAttribute method) 27get() (pymispMISPEvent method) 25get() (pymispMISPObject method) 28get() (pymispMISPObjectAttribute method) 30get() (pymispMISPObjectReference method) 31get() (pymispMISPOrganisation method) 34get() (pymispMISPTag method) 32get() (pymispMISPUser method) 33get() (pymisptoolsFileObject method) 37get() (pymisptoolsVTReportObject method) 39get_all_functions() (pymispPyMISP method)
13get_attribute() (pymispPyMISP method) 13get_attribute_tag() (pymispMISPEvent
method) 25get_attributes_by_relation()
(pymispMISPObject method) 28get_attributes_by_relation()
(pymisptoolsFileObject method) 37get_attributes_by_relation()
(pymisptoolsVTReportObject method)39
get_community() (pymispPyMISP method) 13get_event() (pymispPyMISP method) 13get_feed() (pymispPyMISP method) 13get_galaxy() (pymispPyMISP method) 13get_noticelist() (pymispPyMISP method) 13get_object() (pymispPyMISP method) 13get_object_by_id() (pymispMISPEvent method)
25get_object_by_uuid() (pymispMISPEvent
method) 25get_object_template() (pymispPyMISP
method) 13get_objects_by_name() (pymispMISPEvent
method) 25get_organisation() (pymispPyMISP method) 13get_sync_config() (pymispPyMISP method) 13
get_tag() (pymispPyMISP method) 13get_taxonomy() (pymispPyMISP method) 13get_user() (pymispPyMISP method) 13get_user_setting() (pymispPyMISP method) 14get_warninglist() (pymispPyMISP method) 14
Hhas_attributes_by_relation()
(pymispMISPObject method) 28has_attributes_by_relation()
(pymisptoolsFileObject method) 37has_attributes_by_relation()
(pymisptoolsVTReportObject method)39
hash_values() (pymispMISPAttribute method) 27hash_values() (pymispMISPObjectAttribute
method) 30
Iimport_server() (pymispPyMISP method) 14items() (pymispMISPAttribute method) 27items() (pymispMISPEvent method) 25items() (pymispMISPObject method) 29items() (pymispMISPObjectAttribute method) 30items() (pymispMISPObjectReference method) 31items() (pymispMISPOrganisation method) 34items() (pymispMISPTag method) 32items() (pymispMISPUser method) 33items() (pymisptoolsFileObject method) 38items() (pymisptoolsVTReportObject method) 39
Jjsonable() (pymispAbstractMISP method) 23jsonable() (pymispMISPAttribute method) 27jsonable() (pymispMISPEvent method) 25jsonable() (pymispMISPObject method) 29jsonable() (pymispMISPObjectAttribute method)
30jsonable() (pymispMISPObjectReference method)
31jsonable() (pymispMISPOrganisation method) 34jsonable() (pymispMISPTag method) 32jsonable() (pymispMISPUser method) 33jsonable() (pymisptoolsFileObject method) 38jsonable() (pymisptoolsVTReportObject method)
39
Kkeys() (pymispMISPAttribute method) 27keys() (pymispMISPEvent method) 25keys() (pymispMISPObject method) 29keys() (pymispMISPObjectAttribute method) 30keys() (pymispMISPObjectReference method) 31keys() (pymispMISPOrganisation method) 34
Index 47
PyMISP Documentation Release main
keys() (pymispMISPTag method) 32keys() (pymispMISPUser method) 33keys() (pymisptoolsFileObject method) 38keys() (pymisptoolsVTReportObject method) 39known_types() (pymispMISPAttribute property) 27known_types() (pymispMISPObjectAttribute prop-
erty) 30
Lload() (pymispMISPEvent method) 25load_default_feeds() (pymispPyMISP method)
14load_file() (pymispMISPEvent method) 25load_openioc() (pymisptools method) 40load_openioc_file() (pymisptools method) 40load_stix() (in module pymisptoolsstix) 40
Mmake_stix_package() (in module
pymisptoolsstix) 40malware_binary() (pymispMISPAttribute prop-
erty) 27malware_binary() (pymispMISPObjectAttribute
property) 30misp_instance_version() (pymispPyMISP
property) 14misp_instance_version_master()
(pymispPyMISP property) 14MISPAttribute (class in pymisp) 26MISPEncode (class in pymisp) 24MISPEvent (class in pymisp) 24MISPObject (class in pymisp) 28MISPObjectAttribute (class in pymisp) 29MISPObjectReference (class in pymisp) 31MISPOrganisation (class in pymisp) 34MISPTag (class in pymisp) 32MISPUser (class in pymisp) 33module
pymisp 7pymisptools 37pymisptoolsstix 40
Nnoticelists() (pymispPyMISP method) 14
Oobject_templates() (pymispPyMISP method) 14organisation_blacklists() (pymispPyMISP
method) 14organisations() (pymispPyMISP method) 14
Ppop() (pymispMISPAttribute method) 27
pop() (pymispMISPEvent method) 25pop() (pymispMISPObject method) 29pop() (pymispMISPObjectAttribute method) 30pop() (pymispMISPObjectReference method) 31pop() (pymispMISPOrganisation method) 34pop() (pymispMISPTag method) 32pop() (pymispMISPUser method) 33pop() (pymisptoolsFileObject method) 38pop() (pymisptoolsVTReportObject method) 39popitem() (pymispMISPAttribute method) 27popitem() (pymispMISPEvent method) 25popitem() (pymispMISPObject method) 29popitem() (pymispMISPObjectAttribute method) 30popitem() (pymispMISPObjectReference method) 31popitem() (pymispMISPOrganisation method) 34popitem() (pymispMISPTag method) 32popitem() (pymispMISPUser method) 33popitem() (pymisptoolsFileObject method) 38popitem() (pymisptoolsVTReportObject method) 39publish() (pymispMISPEvent method) 25publish() (pymispPyMISP method) 14push_event_to_ZMQ() (pymispPyMISP method)
14pymisp
module 7PyMISP (class in pymisp) 7pymisptools
module 37pymisptoolsstix
module 40pymisp_version_main() (pymispPyMISP prop-
erty) 15
Rrecommended_pymisp_version()
(pymispPyMISP property) 15remote_acl() (pymispPyMISP method) 15remove_org_from_sharing_group()
(pymispPyMISP method) 15remove_server_from_sharing_group()
(pymispPyMISP method) 15roles() (pymispPyMISP method) 15
Ssearch() (pymispPyMISP method) 15search_feeds() (pymispPyMISP method) 17search_index() (pymispPyMISP method) 18search_logs() (pymispPyMISP method) 18search_sightings() (pymispPyMISP method) 19server_pull() (pymispPyMISP method) 20server_push() (pymispPyMISP method) 20servers() (pymispPyMISP method) 20set_date() (pymispMISPEvent method) 25
48 Index
PyMISP Documentation Release main
set_not_jsonable() (pymispAbstractMISPmethod) 23
set_not_jsonable() (pymispMISPAttributemethod) 27
set_not_jsonable() (pymispMISPEvent method)25
set_not_jsonable() (pymispMISPObjectmethod) 29
set_not_jsonable() (pymispMISPObjectAttributemethod) 30
set_not_jsonable()(pymispMISPObjectReference method)31
set_not_jsonable() (pymispMISPOrganisationmethod) 35
set_not_jsonable() (pymispMISPTag method)32
set_not_jsonable() (pymispMISPUser method)33
set_not_jsonable() (pymisptoolsFileObjectmethod) 38
set_not_jsonable()(pymisptoolsVTReportObject method)39
set_user_setting() (pymispPyMISP method) 20setdefault() (pymispMISPAttribute method) 27setdefault() (pymispMISPEvent method) 25setdefault() (pymispMISPObject method) 29setdefault() (pymispMISPObjectAttribute
method) 30setdefault() (pymispMISPObjectReference
method) 31setdefault() (pymispMISPOrganisation method)
35setdefault() (pymispMISPTag method) 33setdefault() (pymispMISPUser method) 34setdefault() (pymisptoolsFileObject method) 38setdefault() (pymisptoolsVTReportObject
method) 40sharing_groups() (pymispPyMISP method) 20sightings() (pymispPyMISP method) 20
Ttag() (pymispPyMISP method) 20tags() (pymispMISPAttribute property) 27tags() (pymispMISPEvent property) 26tags() (pymispMISPObjectAttribute property) 30tags() (pymispPyMISP method) 20tags_statistics() (pymispPyMISP method) 20taxonomies() (pymispPyMISP method) 20to_dict() (pymispAbstractMISP method) 23to_dict() (pymispMISPAttribute method) 27to_dict() (pymispMISPEvent method) 26to_dict() (pymispMISPObject method) 29
to_dict() (pymispMISPObjectAttribute method) 30to_dict() (pymispMISPObjectReference method) 32to_dict() (pymispMISPOrganisation method) 35to_dict() (pymispMISPTag method) 33to_dict() (pymispMISPUser method) 34to_dict() (pymisptoolsFileObject method) 38to_dict() (pymisptoolsVTReportObject method) 40to_feed() (pymispMISPEvent method) 26to_json() (pymispAbstractMISP method) 23to_json() (pymispMISPAttribute method) 27to_json() (pymispMISPEvent method) 26to_json() (pymispMISPObject method) 29to_json() (pymispMISPObjectAttribute method) 31to_json() (pymispMISPObjectReference method) 32to_json() (pymispMISPOrganisation method) 35to_json() (pymispMISPTag method) 33to_json() (pymispMISPUser method) 34to_json() (pymisptoolsFileObject method) 38to_json() (pymisptoolsVTReportObject method) 40toggle_warninglist() (pymispPyMISP method)
20
Uunpublish() (pymispMISPEvent method) 26untag() (pymispPyMISP method) 21update() (pymispMISPAttribute method) 28update() (pymispMISPEvent method) 26update() (pymispMISPObject method) 29update() (pymispMISPObjectAttribute method) 31update() (pymispMISPObjectReference method) 32update() (pymispMISPOrganisation method) 35update() (pymispMISPTag method) 33update() (pymispMISPUser method) 34update() (pymisptoolsFileObject method) 38update() (pymisptoolsVTReportObject method) 40update_attribute() (pymispPyMISP method) 21update_attribute_proposal()
(pymispPyMISP method) 21update_event() (pymispPyMISP method) 21update_event_blacklist() (pymispPyMISP
method) 21update_feed() (pymispPyMISP method) 21update_galaxies() (pymispPyMISP method) 21update_not_jsonable() (pymispAbstractMISP
method) 23update_not_jsonable() (pymispMISPAttribute
method) 28update_not_jsonable() (pymispMISPEvent
method) 26update_not_jsonable() (pymispMISPObject
method) 29update_not_jsonable()
(pymispMISPObjectAttribute method) 31
Index 49
PyMISP Documentation Release main
update_not_jsonable()(pymispMISPObjectReference method)32
update_not_jsonable()(pymispMISPOrganisation method) 35
update_not_jsonable() (pymispMISPTagmethod) 33
update_not_jsonable() (pymispMISPUsermethod) 34
update_not_jsonable() (pymisptoolsFileObjectmethod) 38
update_not_jsonable()(pymisptoolsVTReportObject method)40
update_noticelists() (pymispPyMISP method)21
update_object() (pymispPyMISP method) 21update_object_templates() (pymispPyMISP
method) 21update_organisation() (pymispPyMISP
method) 21update_organisation_blacklist()
(pymispPyMISP method) 21update_server() (pymispPyMISP method) 22update_tag() (pymispPyMISP method) 22update_taxonomies() (pymispPyMISP method)
22update_user() (pymispPyMISP method) 22update_warninglists() (pymispPyMISP
method) 22upload_stix() (pymispPyMISP method) 22user_registrations() (pymispPyMISP method)
22user_settings() (pymispPyMISP method) 22users() (pymispPyMISP method) 22users_statistics() (pymispPyMISP method) 22
Vvalues() (pymispMISPAttribute method) 28values() (pymispMISPEvent method) 26values() (pymispMISPObject method) 29values() (pymispMISPObjectAttribute method) 31values() (pymispMISPObjectReference method) 32values() (pymispMISPOrganisation method) 35values() (pymispMISPTag method) 33values() (pymispMISPUser method) 34values() (pymisptoolsFileObject method) 38values() (pymisptoolsVTReportObject method) 40values_in_warninglist() (pymispPyMISP
method) 22version() (pymispPyMISP property) 22VTReportObject (class in pymisptools) 38
Wwarninglists() (pymispPyMISP method) 22
50 Index
- README
- pymisp
- PyMISP
- PyMISPExpanded (Python 36+ only)
- MISPAbstract
- MISPEncode
- MISPEvent
- MISPAttribute
- MISPObject
- MISPObjectAttribute
- MISPObjectReference
- MISPTag
- MISPUser
- MISPOrganisation
- pymisp - Tools
- File Object
- ELF Object
- PE Object
- Mach-O Object
- VT Report Object
- STIX
- OpenIOC
- Indices and tables
- Python Module Index
- Index
PyMISP Documentation Release main
bull include_event_tags (Optional[bool]) ndash Include the event level tags in each ofthe attributes
bull event_timestamp (Union[date int str float None]) ndash Only return at-tributes from events that have received a modification after the given timestamp
bull sg_reference_only (Optional[bool]) ndash If this flag is set sharing group objectswill not be included instead only the sharing group ID is set
bull eventinfo (Optional[str]) ndash Filter on the eventrsquos info field
bull searchall (Optional[bool]) ndash Search for a full or a substring (delimited by forsubstrings) in the event info event tags attribute tags attribute values or attribute commentfields
bull requested_attributes (Optional[str]) ndash [CSV only] Select the fields that youwish to include in the CSV export By setting event level fields additionally includeCon-text is not required to get event metadata
bull include_context (Optional[bool]) ndash [Attribute only] Include the event data witheach attribute [CSV output] Add event level metadata in every line of the CSV
bull headerless (Optional[bool]) ndash [CSV Only] The CSV created when this setting isset to true will not contain the header row
bull include_sightings (Optional[bool]) ndash [JSON Only - Attribute] Include thesightings of the matching attributes
bull include_decay_score (Optional[bool]) ndash Include the decay score at attributelevel
bull include_correlations (Optional[bool]) ndash [JSON Only - attribute] Include thecorrelations of the matching attributes
bull object_name (Optional[str]) ndash [objects controller only] Search for objects withthat name
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead of the plainjson output Warning it might use a lot of RAM
Deprecated
Parameters
bull quickFilter (Optional[str]) ndash synponym for quick_filter
bull withAttachments (Optional[bool]) ndash synonym for with_attachments
bull last (Union[date int str float None Tuple[Union[date int strfloat None] Union[date int str float None]]]) ndash synonym for pub-lish_timestamp
bull enforceWarninglist (Optional[bool]) ndash synonym for enforce_warninglist
bull includeEventUuid (Optional[bool]) ndash synonym for include_event_uuid
bull includeEventTags (Optional[bool]) ndash synonym for include_event_tags
bull includeContext (Optional[bool]) ndash synonym for include_context
Return type Union[Dict str List[Union[MISPEvent MISPAttributeMISPObject]]]
search_feeds(value=None pythonify=False)Search in the feeds cached on the servers
21 PyMISP 17
PyMISP Documentation Release main
Return type Union[Dict List[MISPFeed]]
search_index(published=None eventid=None tags=None date_from=None date_to=Noneeventinfo=None threatlevel=None distribution=None analysis=None org=Nonetimestamp=None pythonify=None)
Search only at the index level Using in front of a value means NOT (default is OR)
Parameters
bull published (Optional[bool]) ndash Set whether published or unpublished events shouldbe returned Do not set the parameter if you want both
bull eventid (Optional[~SearchType]) ndash The events that should be included excludedfrom the search
bull tags (Optional[~SearchParameterTypes]) ndash Tags to search or to exclude You canpass a list or the output of build_complex_query
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull eventinfo (Optional[str]) ndash Filter on the eventrsquos info field
bull threatlevel (Optional[List[~SearchType]]) ndash Threat level(s) (1234) | list
bull distribution (Optional[List[~SearchType]]) ndash Distribution level(s) (0123) |list
bull analysis (Optional[List[~SearchType]]) ndash Analysis level(s) (012) | list
bull org (Optional[~SearchParameterTypes]) ndash Search by the creator organisation by sup-plying the organisation identifier
bull timestamp (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash Restrict the resultsby the timestamp (last edit) Any event with a timestamp newer than the given timestampwill be returned In case you are dealing with attributes as scope the attributersquos timestampwill be used for the lookup
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead or the plainjson output Warning it might use a lot of RAM
Return type Union[Dict List[MISPEvent]]
search_logs(limit=None page=None log_id=None title=None created=None model=None ac-tion=None user_id=None change=None email=None org=None description=Noneip=None pythonify=False)
Search in logs
Note to run substring queries simply appendprependencapsulate the search term with
Parameters
bull limit (Optional[int]) ndash Limit the number of results returned depending on thescope (for example 10 attributes or 10 full events)
bull page (Optional[int]) ndash If a limit is set sets the page to be returned page 3 limit 100will return records 201-gt300)
bull log_id (Optional[int]) ndash Log ID
bull title (Optional[str]) ndash Log Title
18 Chapter 2 pymisp
PyMISP Documentation Release main
bull created (Union[date int str float None]) ndash Creation timestamp
bull model (Optional[str]) ndash Model name that generated the log entry
bull action (Optional[str]) ndash The thing that was done
bull user_id (Optional[int]) ndash ID of the user doing the action
bull change (Optional[str]) ndash Change that occured
bull email (Optional[str]) ndash Email of the user
bull org (Optional[str]) ndash Organisation of the User doing the action
bull description (Optional[str]) ndash Description of the action
bull ip (Optional[str]) ndash Origination IP of the User doing the action
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead or the plainjson output Warning it might use a lot of RAM
Return type Union[Dict List[MISPLog]]
search_sightings(context=None context_id=None type_sighting=None date_from=Nonedate_to=None publish_timestamp=None last=None org=None source=Noneinclude_attribute=None include_event_meta=None pythonify=False)
Search sightings
Parameters
bull context (Optional[str]) ndash The context of the search Can be either ldquoattributerdquoldquoeventrdquo or nothing (will then match on events and attributes)
bull context_id (Optional[~SearchType]) ndash Only relevant if context is either ldquoattributerdquoor ldquoeventrdquo Then it is the relevant ID
bull type_sighting (Optional[str]) ndash Type of sighting
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull publish_timestamp (Union[date int str float NoneTuple[Union[date int str float None] Union[date int str floatNone]]]) ndash Restrict the results by the last publish timestamp (newer than)
bull org (Optional[~SearchType]) ndash Search by the creator organisation by supplying theorganisation identifier
bull source (Optional[str]) ndash Source of the sighting
bull include_attribute (Optional[bool]) ndash Include the attribute
bull include_event_meta (Optional[bool]) ndash Include the meta information of theevent
Deprecated
Parameters last (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash synonym for pub-lish_timestamp
Example
21 PyMISP 19
PyMISP Documentation Release main
gtgtgt mispsearch_sightings(publish_timestamp=30d) search sightings for therarr˓last 30 days on the instance[ ]gtgtgt mispsearch_sightings(context=attribute context_id=6 include_rarr˓attribute=True) return list of sighting for attribute 6 along with therarr˓attribute itself[ ]gtgtgt mispsearch_sightings(context=event context_id=17 include_event_rarr˓meta=True org=2) return list of sighting for event 17 filtered with orgrarr˓id 2
Return type Union[Dict List[Dict[str Union[MISPEvent MISPAttributeMISPSighting]]]]
server_pull(server event=None)Initialize a pull from a sync server
Return type Dict
server_push(server event=None)Initialize a push to a sync server
Return type Dict
servers(pythonify=False)Get the existing servers the MISP instance can synchronise with
Return type Union[Dict List[MISPServer]]
set_user_setting(user_setting value user=None pythonify=False)Get an user setting
Return type Union[Dict MISPUserSetting]
sharing_groups(pythonify=False)Get the existing sharing groups
Return type Union[Dict List[MISPSharingGroup]]
sightings(misp_entity=None org=None pythonify=False)Get the list of sighting related to a MISPEvent or a MISPAttribute (depending on type of misp_entity)
Return type Union[Dict List[MISPSighting]]
tag(misp_entity tag local=False)Tag an event or an attribute misp_entity can be a MISPEvent a MISP Attribute or a UUID
Return type Dict
tags(pythonify=False)Get the list of existing tags
Return type Union[Dict List[MISPTag]]
tags_statistics(percentage=False name_sort=False)Get tags statistics from the MISP instance
Return type Dict
taxonomies(pythonify=False)Get all the taxonomies
Return type Union[Dict List[MISPTaxonomy]]
20 Chapter 2 pymisp
PyMISP Documentation Release main
toggle_warninglist(warninglist_id=None warninglist_name=None force_enable=False)Toggle (enabledisable) the status of a warninglist by ID type warninglist_id Union[str intList[int] None] param warninglist_id ID of the WarningList type force_enable bool paramforce_enable Force the warning list in the enabled state (does nothing is already enabled)
Return type Dict
untag(misp_entity tag)Untag an event or an attribute misp_entity can be a UUID
Return type Dict
update_attribute(attribute attribute_id=None pythonify=False)Update an attribute on a MISP instance
Return type Union[Dict MISPAttribute MISPShadowAttribute]
update_attribute_proposal(initial_attribute attribute pythonify=False)Propose a change for an attribute
Return type Union[Dict MISPShadowAttribute]
update_event(event event_id=None pythonify=False)Update an event on a MISP instance
Return type Union[Dict MISPEvent]
update_event_blacklist(event_blacklist event_blacklist_id=None pythonify=False)Update an event in the blacklist
Return type Union[Dict MISPEventBlacklist]
update_feed(feed feed_id=None pythonify=False)Update a feed on a MISP instance
Return type Union[Dict MISPFeed]
update_galaxies()Update all the galaxies
Return type Dict
update_noticelists()Update all the noticelists
Return type Dict
update_object(misp_object object_id=None pythonify=False)Update an object on a MISP instance
Return type Union[Dict MISPObject]
update_object_templates()Trigger an update of the object templates
Return type Dict
update_organisation(organisation organisation_id=None pythonify=False)Update an organisation
Return type Union[Dict MISPOrganisation]
update_organisation_blacklist(organisation_blacklist organisation_blacklist_id=Nonepythonify=False)
Update an organisation in the blacklist
Return type Union[Dict MISPOrganisationBlacklist]
21 PyMISP 21
PyMISP Documentation Release main
update_server(server server_id=None pythonify=False)Update a server to synchronise with
Return type Union[Dict MISPServer]
update_tag(tag tag_id=None pythonify=False)Edit only the provided parameters of a tag
Return type Union[Dict MISPTag]
update_taxonomies()Update all the taxonomies
Return type Dict
update_user(user user_id=None pythonify=False)Update an event on a MISP instance
Return type Union[Dict MISPUser]
update_warninglists()Update all the warninglists
Return type Dict
upload_stix(path version=2)Upload a STIX file to MISP param path Path to the STIX on the disk (can be a path-like object or apseudofile) type version str param version Can be 1 or 2
user_registrations(pythonify=False)Get all the user registrations
Return type Union[Dict List[MISPInbox]]
user_settings(pythonify=False)Get all the user settings
Return type Union[Dict List[MISPUserSetting]]
users(pythonify=False)Get all the users
Return type Union[Dict List[MISPUser]]
users_statistics(context=data)Get users statistics from the MISP instance
Return type Dict
values_in_warninglist(value)Check if IOC values are in warninglist
Return type Dict
property versionReturns the version of PyMISP yoursquore curently using
Return type Dict
warninglists(pythonify=False)Get all the warninglists
Return type Union[Dict List[MISPWarninglist]]
22 Chapter 2 pymisp
PyMISP Documentation Release main
22 PyMISPExpanded (Python 36+ only)
pymispExpandedPyMISPalias of pymispapiPyMISP
23 MISPAbstract
class pymispAbstractMISP(kwargs)
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
Return type None
from_json(json_string)Load a JSON string
Return type None
jsonable()This method is used by the JSON encoder
Return type Dict
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
22 PyMISPExpanded (Python 36+ only) 23
PyMISP Documentation Release main
24 MISPEncode
class pymispMISPEncode(args kwargs)
default(obj)Implement this method in a subclass such that it returns a serializable object for o or calls the baseimplementation (to raise a TypeError)
For example to support arbitrary iterators you could implement default like this
def default(self o)try
iterable = iter(o)except TypeError
passelse
return list(iterable) Let the base class default method raise the TypeErrorreturn JSONEncoderdefault(self o)
25 MISPEvent
class pymispMISPEvent(describe_types=None strict_validation=False kwargs)
add_attribute(type value kwargs)Add an attribute type and value are required but you can pass all other parameters supported by MISPAt-tribute
Return type Union[MISPAttribute List[MISPAttribute]]
add_attribute_tag(tag attribute_identifier)Add a tag to an existing attribute raise an Exception if the attribute doesnrsquot exists tag Tag name as astring MISPTag instance or dictionary attribute_identifier can be an ID UUID or the value
Return type List[MISPAttribute]
add_object(obj=None kwargs)Add an object to the Event either by passing a MISPObject or a dictionary
Return type MISPObject
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a tag to the attribute (by name or a MISPTag object)
Return type MISPShadowAttribute
clear()rarr None Remove all items from D
delete_attribute(attribute_id)Delete an attribute you can search by ID or UUID
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
24 Chapter 2 pymisp
PyMISP Documentation Release main
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attribute_tag(attribute_identifier)Return the tags associated to an attribute or an object attribute attribute_identifier can be an ID UUIDor the value
Return type List[MISPTag]
get_object_by_id(object_id)Get an object by ID (the ID is the one set by the server when creating the new object)
Return type MISPObject
get_object_by_uuid(object_uuid)Get an object by UUID (UUID is set by the server when creating the new object)
Return type MISPObject
get_objects_by_name(object_name)Get an object by UUID (UUID is set by the server when creating the new object)
Return type List[MISPObject]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
load(json_event validate=False metadata_only=False)Load a JSON dump from a pseudo file or a JSON string
load_file(event_path validate=False metadata_only=False)Load a JSON dump from a file on the disk
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
publish()Mark the attribute as published
set_date(d=None ignore_invalid=False)Set a date for the event (string datetime or date object)
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
25 MISPEvent 25
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Event
Return type List[MISPTag]
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_feed(valid_distributions=[0 1 2 3 4 5] with_meta=False)Generate a json output for MISP Feed Notes
bull valid_distributions only makes sense if the distribution key is set (ie the event is exported from aMISP instance)
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
unpublish()Mark the attribute as un-published (set publish flag to false)
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
26 MISPAttribute
class pymispMISPAttribute(describe_types=None strict=False)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
26 Chapter 2 pymisp
PyMISP Documentation Release main
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
26 MISPAttribute 27
PyMISP Documentation Release main
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
27 MISPObject
class pymispMISPObject(name strict=False standalone=True default_attributes_parameters=kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
28 Chapter 2 pymisp
PyMISP Documentation Release main
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
28 MISPObjectAttribute
class pymispMISPObjectAttribute(definition)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
28 MISPObjectAttribute 29
PyMISP Documentation Release main
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(object_relation value kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
30 Chapter 2 pymisp
PyMISP Documentation Release main
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
29 MISPObjectReference
class pymispMISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
29 MISPObjectReference 31
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
210 MISPTag
class pymispMISPTag(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
32 Chapter 2 pymisp
PyMISP Documentation Release main
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
211 MISPUser
class pymispMISPUser(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
211 MISPUser 33
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation
class pymispMISPOrganisation
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
34 Chapter 2 pymisp
PyMISP Documentation Release main
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation 35
PyMISP Documentation Release main
36 Chapter 2 pymisp
CHAPTER
THREE
PYMISP - TOOLS
31 File Object
class pymisptoolsFileObject(filepath=None pseudofile=None filename=None kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Contains the logic where all the values of the object are gathered
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
37
PyMISP Documentation Release main
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
32 ELF Object
33 PE Object
34 Mach-O Object
35 VT Report Object
class pymisptoolsVTReportObject(apikey indicator vt_proxies=None kwargs)VirusTotal Report
Apikey VirusTotal API key (private works but only public features are supported right now)
38 Chapter 3 pymisp - Tools
PyMISP Documentation Release main
Indicator IOC to search VirusTotal for
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Parse the VirusTotal report for relevant attributes
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
35 VT Report Object 39
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
36 STIX
pymisptoolsstixload_stix(stix distribution=3 threat_level_id=2 analysis=0)Returns a MISPEvent object from a STIX package
pymisptoolsstixmake_stix_package(misp_event to_json=False to_xml=False)Returns a STIXPackage from a MISPEvent
Optionally can return the package in json or xml
37 OpenIOC
toolsload_openioc()
toolsload_openioc_file()
40 Chapter 3 pymisp - Tools
CHAPTER
FOUR
INDICES AND TABLES
bull genindex
bull modindex
bull search
41
PyMISP Documentation Release main
42 Chapter 4 Indices and tables
PYTHON MODULE INDEX
ppymisp 7pymisptools 37pymisptoolsstix 40
43
PyMISP Documentation Release main
44 Python Module Index
INDEX
AAbstractMISP (class in pymisp) 23accept_attribute_proposal()
(pymispPyMISP method) 7add_attribute() (pymispMISPEvent method) 24add_attribute() (pymispMISPObject method) 28add_attribute() (pymispPyMISP method) 7add_attribute() (pymisptoolsFileObject method)
37add_attribute() (pymisptoolsVTReportObject
method) 39add_attribute_proposal() (pymispPyMISP
method) 7add_attribute_tag() (pymispMISPEvent
method) 24add_attributes() (pymispMISPObject method)
28add_attributes() (pymisptoolsFileObject
method) 37add_attributes() (pymisptoolsVTReportObject
method) 39add_event() (pymispPyMISP method) 7add_event_blacklist() (pymispPyMISP
method) 8add_feed() (pymispPyMISP method) 8add_object() (pymispMISPEvent method) 24add_object() (pymispPyMISP method) 8add_object_reference() (pymispPyMISP
method) 8add_org_to_sharing_group() (pymispPyMISP
method) 8add_organisation() (pymispPyMISP method) 8add_organisation_blacklist()
(pymispPyMISP method) 8add_proposal() (pymispMISPAttribute method) 26add_proposal() (pymispMISPEvent method) 24add_proposal() (pymispMISPObjectAttribute
method) 29add_reference() (pymispMISPObject method) 28add_reference() (pymisptoolsFileObject method)
37add_reference() (pymisptoolsVTReportObject
method) 39add_server() (pymispPyMISP method) 8add_server_to_sharing_group()
(pymispPyMISP method) 8add_shadow_attribute() (pymispMISPAttribute
method) 26add_shadow_attribute() (pymispMISPEvent
method) 24add_shadow_attribute()
(pymispMISPObjectAttribute method) 29add_sharing_group() (pymispPyMISP method) 8add_sighting() (pymispMISPAttribute method) 26add_sighting() (pymispMISPObjectAttribute
method) 29add_sighting() (pymispPyMISP method) 8add_tag() (pymispPyMISP method) 8add_user() (pymispPyMISP method) 9attributes_statistics() (pymispPyMISP
method) 9
Bbuild_complex_query() (pymispPyMISP
method) 9
Ccache_all_feeds() (pymispPyMISP method) 9cache_feed() (pymispPyMISP method) 9cache_freetext_feeds() (pymispPyMISP
method) 9cache_misp_feeds() (pymispPyMISP method) 9change_sharing_group_on_entity()
(pymispPyMISP method) 9change_user_password() (pymispPyMISP
method) 9clear() (pymispMISPAttribute method) 26clear() (pymispMISPEvent method) 24clear() (pymispMISPObject method) 28clear() (pymispMISPObjectAttribute method) 29clear() (pymispMISPObjectReference method) 31clear() (pymispMISPOrganisation method) 34clear() (pymispMISPTag method) 32clear() (pymispMISPUser method) 33
45
PyMISP Documentation Release main
clear() (pymisptoolsFileObject method) 37clear() (pymisptoolsVTReportObject method) 39communities() (pymispPyMISP method) 9compare_feeds() (pymispPyMISP method) 9contact_event_reporter() (pymispPyMISP
method) 9
Ddefault() (pymispMISPEncode method) 24delegate_event() (pymispPyMISP method) 10delete() (pymispMISPAttribute method) 26delete() (pymispMISPObjectAttribute method) 30delete_attribute() (pymispMISPEvent method)
24delete_attribute() (pymispPyMISP method) 10delete_attribute_proposal()
(pymispPyMISP method) 10delete_event() (pymispPyMISP method) 10delete_event_blacklist() (pymispPyMISP
method) 10delete_feed() (pymispPyMISP method) 10delete_object() (pymispPyMISP method) 10delete_object_reference() (pymispPyMISP
method) 10delete_organisation() (pymispPyMISP
method) 10delete_organisation_blacklist()
(pymispPyMISP method) 10delete_server() (pymispPyMISP method) 10delete_sharing_group() (pymispPyMISP
method) 10delete_sighting() (pymispPyMISP method) 10delete_tag() (pymispPyMISP method) 11delete_user() (pymispPyMISP method) 11delete_user_setting() (pymispPyMISP
method) 11describe_types_local() (pymispPyMISP prop-
erty) 11describe_types_remote() (pymispPyMISP
property) 11direct_call() (pymispPyMISP method) 11disable_feed() (pymispPyMISP method) 11disable_feed_cache() (pymispPyMISP method)
11disable_noticelist() (pymispPyMISP method)
11disable_tag() (pymispPyMISP method) 11disable_taxonomy() (pymispPyMISP method) 11disable_taxonomy_tags() (pymispPyMISP
method) 11disable_warninglist() (pymispPyMISP
method) 11discard_attribute_proposal()
(pymispPyMISP method) 12
Eedited() (pymispAbstractMISP property) 23edited() (pymispMISPAttribute property) 26edited() (pymispMISPEvent property) 24edited() (pymispMISPObject property) 28edited() (pymispMISPObjectAttribute property) 30edited() (pymispMISPObjectReference property) 31edited() (pymispMISPOrganisation property) 34edited() (pymispMISPTag property) 32edited() (pymispMISPUser property) 33edited() (pymisptoolsFileObject property) 37edited() (pymisptoolsVTReportObject property) 39enable_feed() (pymispPyMISP method) 12enable_feed_cache() (pymispPyMISP method)
12enable_noticelist() (pymispPyMISP method)
12enable_tag() (pymispPyMISP method) 12enable_taxonomy() (pymispPyMISP method) 12enable_taxonomy_tags() (pymispPyMISP
method) 12enable_warninglist() (pymispPyMISP method)
12event_blacklists() (pymispPyMISP method) 12event_delegations() (pymispPyMISP method)
12ExpandedPyMISP (in module pymisp) 23
Ffeeds() (pymispPyMISP method) 12fetch_feed() (pymispPyMISP method) 12FileObject (class in pymisptools) 37freetext() (pymispPyMISP method) 12from_dict() (pymispAbstractMISP method) 23from_dict() (pymispMISPAttribute method) 27from_dict() (pymispMISPEvent method) 25from_dict() (pymispMISPObject method) 28from_dict() (pymispMISPObjectAttribute method)
30from_dict() (pymispMISPObjectReference method)
31from_dict() (pymispMISPOrganisation method) 34from_dict() (pymispMISPTag method) 32from_dict() (pymispMISPUser method) 33from_dict() (pymisptoolsFileObject method) 37from_dict() (pymisptoolsVTReportObject method)
39from_json() (pymispAbstractMISP method) 23from_json() (pymispMISPAttribute method) 27from_json() (pymispMISPEvent method) 25from_json() (pymispMISPObject method) 28from_json() (pymispMISPObjectAttribute method)
30
46 Index
PyMISP Documentation Release main
from_json() (pymispMISPObjectReference method)31
from_json() (pymispMISPOrganisation method) 34from_json() (pymispMISPTag method) 32from_json() (pymispMISPUser method) 33from_json() (pymisptoolsFileObject method) 37from_json() (pymisptoolsVTReportObject method)
39
Ggalaxies() (pymispPyMISP method) 12generate_attributes() (pymisptoolsFileObject
method) 37generate_attributes()
(pymisptoolsVTReportObject method)39
get() (pymispMISPAttribute method) 27get() (pymispMISPEvent method) 25get() (pymispMISPObject method) 28get() (pymispMISPObjectAttribute method) 30get() (pymispMISPObjectReference method) 31get() (pymispMISPOrganisation method) 34get() (pymispMISPTag method) 32get() (pymispMISPUser method) 33get() (pymisptoolsFileObject method) 37get() (pymisptoolsVTReportObject method) 39get_all_functions() (pymispPyMISP method)
13get_attribute() (pymispPyMISP method) 13get_attribute_tag() (pymispMISPEvent
method) 25get_attributes_by_relation()
(pymispMISPObject method) 28get_attributes_by_relation()
(pymisptoolsFileObject method) 37get_attributes_by_relation()
(pymisptoolsVTReportObject method)39
get_community() (pymispPyMISP method) 13get_event() (pymispPyMISP method) 13get_feed() (pymispPyMISP method) 13get_galaxy() (pymispPyMISP method) 13get_noticelist() (pymispPyMISP method) 13get_object() (pymispPyMISP method) 13get_object_by_id() (pymispMISPEvent method)
25get_object_by_uuid() (pymispMISPEvent
method) 25get_object_template() (pymispPyMISP
method) 13get_objects_by_name() (pymispMISPEvent
method) 25get_organisation() (pymispPyMISP method) 13get_sync_config() (pymispPyMISP method) 13
get_tag() (pymispPyMISP method) 13get_taxonomy() (pymispPyMISP method) 13get_user() (pymispPyMISP method) 13get_user_setting() (pymispPyMISP method) 14get_warninglist() (pymispPyMISP method) 14
Hhas_attributes_by_relation()
(pymispMISPObject method) 28has_attributes_by_relation()
(pymisptoolsFileObject method) 37has_attributes_by_relation()
(pymisptoolsVTReportObject method)39
hash_values() (pymispMISPAttribute method) 27hash_values() (pymispMISPObjectAttribute
method) 30
Iimport_server() (pymispPyMISP method) 14items() (pymispMISPAttribute method) 27items() (pymispMISPEvent method) 25items() (pymispMISPObject method) 29items() (pymispMISPObjectAttribute method) 30items() (pymispMISPObjectReference method) 31items() (pymispMISPOrganisation method) 34items() (pymispMISPTag method) 32items() (pymispMISPUser method) 33items() (pymisptoolsFileObject method) 38items() (pymisptoolsVTReportObject method) 39
Jjsonable() (pymispAbstractMISP method) 23jsonable() (pymispMISPAttribute method) 27jsonable() (pymispMISPEvent method) 25jsonable() (pymispMISPObject method) 29jsonable() (pymispMISPObjectAttribute method)
30jsonable() (pymispMISPObjectReference method)
31jsonable() (pymispMISPOrganisation method) 34jsonable() (pymispMISPTag method) 32jsonable() (pymispMISPUser method) 33jsonable() (pymisptoolsFileObject method) 38jsonable() (pymisptoolsVTReportObject method)
39
Kkeys() (pymispMISPAttribute method) 27keys() (pymispMISPEvent method) 25keys() (pymispMISPObject method) 29keys() (pymispMISPObjectAttribute method) 30keys() (pymispMISPObjectReference method) 31keys() (pymispMISPOrganisation method) 34
Index 47
PyMISP Documentation Release main
keys() (pymispMISPTag method) 32keys() (pymispMISPUser method) 33keys() (pymisptoolsFileObject method) 38keys() (pymisptoolsVTReportObject method) 39known_types() (pymispMISPAttribute property) 27known_types() (pymispMISPObjectAttribute prop-
erty) 30
Lload() (pymispMISPEvent method) 25load_default_feeds() (pymispPyMISP method)
14load_file() (pymispMISPEvent method) 25load_openioc() (pymisptools method) 40load_openioc_file() (pymisptools method) 40load_stix() (in module pymisptoolsstix) 40
Mmake_stix_package() (in module
pymisptoolsstix) 40malware_binary() (pymispMISPAttribute prop-
erty) 27malware_binary() (pymispMISPObjectAttribute
property) 30misp_instance_version() (pymispPyMISP
property) 14misp_instance_version_master()
(pymispPyMISP property) 14MISPAttribute (class in pymisp) 26MISPEncode (class in pymisp) 24MISPEvent (class in pymisp) 24MISPObject (class in pymisp) 28MISPObjectAttribute (class in pymisp) 29MISPObjectReference (class in pymisp) 31MISPOrganisation (class in pymisp) 34MISPTag (class in pymisp) 32MISPUser (class in pymisp) 33module
pymisp 7pymisptools 37pymisptoolsstix 40
Nnoticelists() (pymispPyMISP method) 14
Oobject_templates() (pymispPyMISP method) 14organisation_blacklists() (pymispPyMISP
method) 14organisations() (pymispPyMISP method) 14
Ppop() (pymispMISPAttribute method) 27
pop() (pymispMISPEvent method) 25pop() (pymispMISPObject method) 29pop() (pymispMISPObjectAttribute method) 30pop() (pymispMISPObjectReference method) 31pop() (pymispMISPOrganisation method) 34pop() (pymispMISPTag method) 32pop() (pymispMISPUser method) 33pop() (pymisptoolsFileObject method) 38pop() (pymisptoolsVTReportObject method) 39popitem() (pymispMISPAttribute method) 27popitem() (pymispMISPEvent method) 25popitem() (pymispMISPObject method) 29popitem() (pymispMISPObjectAttribute method) 30popitem() (pymispMISPObjectReference method) 31popitem() (pymispMISPOrganisation method) 34popitem() (pymispMISPTag method) 32popitem() (pymispMISPUser method) 33popitem() (pymisptoolsFileObject method) 38popitem() (pymisptoolsVTReportObject method) 39publish() (pymispMISPEvent method) 25publish() (pymispPyMISP method) 14push_event_to_ZMQ() (pymispPyMISP method)
14pymisp
module 7PyMISP (class in pymisp) 7pymisptools
module 37pymisptoolsstix
module 40pymisp_version_main() (pymispPyMISP prop-
erty) 15
Rrecommended_pymisp_version()
(pymispPyMISP property) 15remote_acl() (pymispPyMISP method) 15remove_org_from_sharing_group()
(pymispPyMISP method) 15remove_server_from_sharing_group()
(pymispPyMISP method) 15roles() (pymispPyMISP method) 15
Ssearch() (pymispPyMISP method) 15search_feeds() (pymispPyMISP method) 17search_index() (pymispPyMISP method) 18search_logs() (pymispPyMISP method) 18search_sightings() (pymispPyMISP method) 19server_pull() (pymispPyMISP method) 20server_push() (pymispPyMISP method) 20servers() (pymispPyMISP method) 20set_date() (pymispMISPEvent method) 25
48 Index
PyMISP Documentation Release main
set_not_jsonable() (pymispAbstractMISPmethod) 23
set_not_jsonable() (pymispMISPAttributemethod) 27
set_not_jsonable() (pymispMISPEvent method)25
set_not_jsonable() (pymispMISPObjectmethod) 29
set_not_jsonable() (pymispMISPObjectAttributemethod) 30
set_not_jsonable()(pymispMISPObjectReference method)31
set_not_jsonable() (pymispMISPOrganisationmethod) 35
set_not_jsonable() (pymispMISPTag method)32
set_not_jsonable() (pymispMISPUser method)33
set_not_jsonable() (pymisptoolsFileObjectmethod) 38
set_not_jsonable()(pymisptoolsVTReportObject method)39
set_user_setting() (pymispPyMISP method) 20setdefault() (pymispMISPAttribute method) 27setdefault() (pymispMISPEvent method) 25setdefault() (pymispMISPObject method) 29setdefault() (pymispMISPObjectAttribute
method) 30setdefault() (pymispMISPObjectReference
method) 31setdefault() (pymispMISPOrganisation method)
35setdefault() (pymispMISPTag method) 33setdefault() (pymispMISPUser method) 34setdefault() (pymisptoolsFileObject method) 38setdefault() (pymisptoolsVTReportObject
method) 40sharing_groups() (pymispPyMISP method) 20sightings() (pymispPyMISP method) 20
Ttag() (pymispPyMISP method) 20tags() (pymispMISPAttribute property) 27tags() (pymispMISPEvent property) 26tags() (pymispMISPObjectAttribute property) 30tags() (pymispPyMISP method) 20tags_statistics() (pymispPyMISP method) 20taxonomies() (pymispPyMISP method) 20to_dict() (pymispAbstractMISP method) 23to_dict() (pymispMISPAttribute method) 27to_dict() (pymispMISPEvent method) 26to_dict() (pymispMISPObject method) 29
to_dict() (pymispMISPObjectAttribute method) 30to_dict() (pymispMISPObjectReference method) 32to_dict() (pymispMISPOrganisation method) 35to_dict() (pymispMISPTag method) 33to_dict() (pymispMISPUser method) 34to_dict() (pymisptoolsFileObject method) 38to_dict() (pymisptoolsVTReportObject method) 40to_feed() (pymispMISPEvent method) 26to_json() (pymispAbstractMISP method) 23to_json() (pymispMISPAttribute method) 27to_json() (pymispMISPEvent method) 26to_json() (pymispMISPObject method) 29to_json() (pymispMISPObjectAttribute method) 31to_json() (pymispMISPObjectReference method) 32to_json() (pymispMISPOrganisation method) 35to_json() (pymispMISPTag method) 33to_json() (pymispMISPUser method) 34to_json() (pymisptoolsFileObject method) 38to_json() (pymisptoolsVTReportObject method) 40toggle_warninglist() (pymispPyMISP method)
20
Uunpublish() (pymispMISPEvent method) 26untag() (pymispPyMISP method) 21update() (pymispMISPAttribute method) 28update() (pymispMISPEvent method) 26update() (pymispMISPObject method) 29update() (pymispMISPObjectAttribute method) 31update() (pymispMISPObjectReference method) 32update() (pymispMISPOrganisation method) 35update() (pymispMISPTag method) 33update() (pymispMISPUser method) 34update() (pymisptoolsFileObject method) 38update() (pymisptoolsVTReportObject method) 40update_attribute() (pymispPyMISP method) 21update_attribute_proposal()
(pymispPyMISP method) 21update_event() (pymispPyMISP method) 21update_event_blacklist() (pymispPyMISP
method) 21update_feed() (pymispPyMISP method) 21update_galaxies() (pymispPyMISP method) 21update_not_jsonable() (pymispAbstractMISP
method) 23update_not_jsonable() (pymispMISPAttribute
method) 28update_not_jsonable() (pymispMISPEvent
method) 26update_not_jsonable() (pymispMISPObject
method) 29update_not_jsonable()
(pymispMISPObjectAttribute method) 31
Index 49
PyMISP Documentation Release main
update_not_jsonable()(pymispMISPObjectReference method)32
update_not_jsonable()(pymispMISPOrganisation method) 35
update_not_jsonable() (pymispMISPTagmethod) 33
update_not_jsonable() (pymispMISPUsermethod) 34
update_not_jsonable() (pymisptoolsFileObjectmethod) 38
update_not_jsonable()(pymisptoolsVTReportObject method)40
update_noticelists() (pymispPyMISP method)21
update_object() (pymispPyMISP method) 21update_object_templates() (pymispPyMISP
method) 21update_organisation() (pymispPyMISP
method) 21update_organisation_blacklist()
(pymispPyMISP method) 21update_server() (pymispPyMISP method) 22update_tag() (pymispPyMISP method) 22update_taxonomies() (pymispPyMISP method)
22update_user() (pymispPyMISP method) 22update_warninglists() (pymispPyMISP
method) 22upload_stix() (pymispPyMISP method) 22user_registrations() (pymispPyMISP method)
22user_settings() (pymispPyMISP method) 22users() (pymispPyMISP method) 22users_statistics() (pymispPyMISP method) 22
Vvalues() (pymispMISPAttribute method) 28values() (pymispMISPEvent method) 26values() (pymispMISPObject method) 29values() (pymispMISPObjectAttribute method) 31values() (pymispMISPObjectReference method) 32values() (pymispMISPOrganisation method) 35values() (pymispMISPTag method) 33values() (pymispMISPUser method) 34values() (pymisptoolsFileObject method) 38values() (pymisptoolsVTReportObject method) 40values_in_warninglist() (pymispPyMISP
method) 22version() (pymispPyMISP property) 22VTReportObject (class in pymisptools) 38
Wwarninglists() (pymispPyMISP method) 22
50 Index
- README
- pymisp
- PyMISP
- PyMISPExpanded (Python 36+ only)
- MISPAbstract
- MISPEncode
- MISPEvent
- MISPAttribute
- MISPObject
- MISPObjectAttribute
- MISPObjectReference
- MISPTag
- MISPUser
- MISPOrganisation
- pymisp - Tools
- File Object
- ELF Object
- PE Object
- Mach-O Object
- VT Report Object
- STIX
- OpenIOC
- Indices and tables
- Python Module Index
- Index
PyMISP Documentation Release main
Return type Union[Dict List[MISPFeed]]
search_index(published=None eventid=None tags=None date_from=None date_to=Noneeventinfo=None threatlevel=None distribution=None analysis=None org=Nonetimestamp=None pythonify=None)
Search only at the index level Using in front of a value means NOT (default is OR)
Parameters
bull published (Optional[bool]) ndash Set whether published or unpublished events shouldbe returned Do not set the parameter if you want both
bull eventid (Optional[~SearchType]) ndash The events that should be included excludedfrom the search
bull tags (Optional[~SearchParameterTypes]) ndash Tags to search or to exclude You canpass a list or the output of build_complex_query
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull eventinfo (Optional[str]) ndash Filter on the eventrsquos info field
bull threatlevel (Optional[List[~SearchType]]) ndash Threat level(s) (1234) | list
bull distribution (Optional[List[~SearchType]]) ndash Distribution level(s) (0123) |list
bull analysis (Optional[List[~SearchType]]) ndash Analysis level(s) (012) | list
bull org (Optional[~SearchParameterTypes]) ndash Search by the creator organisation by sup-plying the organisation identifier
bull timestamp (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash Restrict the resultsby the timestamp (last edit) Any event with a timestamp newer than the given timestampwill be returned In case you are dealing with attributes as scope the attributersquos timestampwill be used for the lookup
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead or the plainjson output Warning it might use a lot of RAM
Return type Union[Dict List[MISPEvent]]
search_logs(limit=None page=None log_id=None title=None created=None model=None ac-tion=None user_id=None change=None email=None org=None description=Noneip=None pythonify=False)
Search in logs
Note to run substring queries simply appendprependencapsulate the search term with
Parameters
bull limit (Optional[int]) ndash Limit the number of results returned depending on thescope (for example 10 attributes or 10 full events)
bull page (Optional[int]) ndash If a limit is set sets the page to be returned page 3 limit 100will return records 201-gt300)
bull log_id (Optional[int]) ndash Log ID
bull title (Optional[str]) ndash Log Title
18 Chapter 2 pymisp
PyMISP Documentation Release main
bull created (Union[date int str float None]) ndash Creation timestamp
bull model (Optional[str]) ndash Model name that generated the log entry
bull action (Optional[str]) ndash The thing that was done
bull user_id (Optional[int]) ndash ID of the user doing the action
bull change (Optional[str]) ndash Change that occured
bull email (Optional[str]) ndash Email of the user
bull org (Optional[str]) ndash Organisation of the User doing the action
bull description (Optional[str]) ndash Description of the action
bull ip (Optional[str]) ndash Origination IP of the User doing the action
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead or the plainjson output Warning it might use a lot of RAM
Return type Union[Dict List[MISPLog]]
search_sightings(context=None context_id=None type_sighting=None date_from=Nonedate_to=None publish_timestamp=None last=None org=None source=Noneinclude_attribute=None include_event_meta=None pythonify=False)
Search sightings
Parameters
bull context (Optional[str]) ndash The context of the search Can be either ldquoattributerdquoldquoeventrdquo or nothing (will then match on events and attributes)
bull context_id (Optional[~SearchType]) ndash Only relevant if context is either ldquoattributerdquoor ldquoeventrdquo Then it is the relevant ID
bull type_sighting (Optional[str]) ndash Type of sighting
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull publish_timestamp (Union[date int str float NoneTuple[Union[date int str float None] Union[date int str floatNone]]]) ndash Restrict the results by the last publish timestamp (newer than)
bull org (Optional[~SearchType]) ndash Search by the creator organisation by supplying theorganisation identifier
bull source (Optional[str]) ndash Source of the sighting
bull include_attribute (Optional[bool]) ndash Include the attribute
bull include_event_meta (Optional[bool]) ndash Include the meta information of theevent
Deprecated
Parameters last (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash synonym for pub-lish_timestamp
Example
21 PyMISP 19
PyMISP Documentation Release main
gtgtgt mispsearch_sightings(publish_timestamp=30d) search sightings for therarr˓last 30 days on the instance[ ]gtgtgt mispsearch_sightings(context=attribute context_id=6 include_rarr˓attribute=True) return list of sighting for attribute 6 along with therarr˓attribute itself[ ]gtgtgt mispsearch_sightings(context=event context_id=17 include_event_rarr˓meta=True org=2) return list of sighting for event 17 filtered with orgrarr˓id 2
Return type Union[Dict List[Dict[str Union[MISPEvent MISPAttributeMISPSighting]]]]
server_pull(server event=None)Initialize a pull from a sync server
Return type Dict
server_push(server event=None)Initialize a push to a sync server
Return type Dict
servers(pythonify=False)Get the existing servers the MISP instance can synchronise with
Return type Union[Dict List[MISPServer]]
set_user_setting(user_setting value user=None pythonify=False)Get an user setting
Return type Union[Dict MISPUserSetting]
sharing_groups(pythonify=False)Get the existing sharing groups
Return type Union[Dict List[MISPSharingGroup]]
sightings(misp_entity=None org=None pythonify=False)Get the list of sighting related to a MISPEvent or a MISPAttribute (depending on type of misp_entity)
Return type Union[Dict List[MISPSighting]]
tag(misp_entity tag local=False)Tag an event or an attribute misp_entity can be a MISPEvent a MISP Attribute or a UUID
Return type Dict
tags(pythonify=False)Get the list of existing tags
Return type Union[Dict List[MISPTag]]
tags_statistics(percentage=False name_sort=False)Get tags statistics from the MISP instance
Return type Dict
taxonomies(pythonify=False)Get all the taxonomies
Return type Union[Dict List[MISPTaxonomy]]
20 Chapter 2 pymisp
PyMISP Documentation Release main
toggle_warninglist(warninglist_id=None warninglist_name=None force_enable=False)Toggle (enabledisable) the status of a warninglist by ID type warninglist_id Union[str intList[int] None] param warninglist_id ID of the WarningList type force_enable bool paramforce_enable Force the warning list in the enabled state (does nothing is already enabled)
Return type Dict
untag(misp_entity tag)Untag an event or an attribute misp_entity can be a UUID
Return type Dict
update_attribute(attribute attribute_id=None pythonify=False)Update an attribute on a MISP instance
Return type Union[Dict MISPAttribute MISPShadowAttribute]
update_attribute_proposal(initial_attribute attribute pythonify=False)Propose a change for an attribute
Return type Union[Dict MISPShadowAttribute]
update_event(event event_id=None pythonify=False)Update an event on a MISP instance
Return type Union[Dict MISPEvent]
update_event_blacklist(event_blacklist event_blacklist_id=None pythonify=False)Update an event in the blacklist
Return type Union[Dict MISPEventBlacklist]
update_feed(feed feed_id=None pythonify=False)Update a feed on a MISP instance
Return type Union[Dict MISPFeed]
update_galaxies()Update all the galaxies
Return type Dict
update_noticelists()Update all the noticelists
Return type Dict
update_object(misp_object object_id=None pythonify=False)Update an object on a MISP instance
Return type Union[Dict MISPObject]
update_object_templates()Trigger an update of the object templates
Return type Dict
update_organisation(organisation organisation_id=None pythonify=False)Update an organisation
Return type Union[Dict MISPOrganisation]
update_organisation_blacklist(organisation_blacklist organisation_blacklist_id=Nonepythonify=False)
Update an organisation in the blacklist
Return type Union[Dict MISPOrganisationBlacklist]
21 PyMISP 21
PyMISP Documentation Release main
update_server(server server_id=None pythonify=False)Update a server to synchronise with
Return type Union[Dict MISPServer]
update_tag(tag tag_id=None pythonify=False)Edit only the provided parameters of a tag
Return type Union[Dict MISPTag]
update_taxonomies()Update all the taxonomies
Return type Dict
update_user(user user_id=None pythonify=False)Update an event on a MISP instance
Return type Union[Dict MISPUser]
update_warninglists()Update all the warninglists
Return type Dict
upload_stix(path version=2)Upload a STIX file to MISP param path Path to the STIX on the disk (can be a path-like object or apseudofile) type version str param version Can be 1 or 2
user_registrations(pythonify=False)Get all the user registrations
Return type Union[Dict List[MISPInbox]]
user_settings(pythonify=False)Get all the user settings
Return type Union[Dict List[MISPUserSetting]]
users(pythonify=False)Get all the users
Return type Union[Dict List[MISPUser]]
users_statistics(context=data)Get users statistics from the MISP instance
Return type Dict
values_in_warninglist(value)Check if IOC values are in warninglist
Return type Dict
property versionReturns the version of PyMISP yoursquore curently using
Return type Dict
warninglists(pythonify=False)Get all the warninglists
Return type Union[Dict List[MISPWarninglist]]
22 Chapter 2 pymisp
PyMISP Documentation Release main
22 PyMISPExpanded (Python 36+ only)
pymispExpandedPyMISPalias of pymispapiPyMISP
23 MISPAbstract
class pymispAbstractMISP(kwargs)
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
Return type None
from_json(json_string)Load a JSON string
Return type None
jsonable()This method is used by the JSON encoder
Return type Dict
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
22 PyMISPExpanded (Python 36+ only) 23
PyMISP Documentation Release main
24 MISPEncode
class pymispMISPEncode(args kwargs)
default(obj)Implement this method in a subclass such that it returns a serializable object for o or calls the baseimplementation (to raise a TypeError)
For example to support arbitrary iterators you could implement default like this
def default(self o)try
iterable = iter(o)except TypeError
passelse
return list(iterable) Let the base class default method raise the TypeErrorreturn JSONEncoderdefault(self o)
25 MISPEvent
class pymispMISPEvent(describe_types=None strict_validation=False kwargs)
add_attribute(type value kwargs)Add an attribute type and value are required but you can pass all other parameters supported by MISPAt-tribute
Return type Union[MISPAttribute List[MISPAttribute]]
add_attribute_tag(tag attribute_identifier)Add a tag to an existing attribute raise an Exception if the attribute doesnrsquot exists tag Tag name as astring MISPTag instance or dictionary attribute_identifier can be an ID UUID or the value
Return type List[MISPAttribute]
add_object(obj=None kwargs)Add an object to the Event either by passing a MISPObject or a dictionary
Return type MISPObject
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a tag to the attribute (by name or a MISPTag object)
Return type MISPShadowAttribute
clear()rarr None Remove all items from D
delete_attribute(attribute_id)Delete an attribute you can search by ID or UUID
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
24 Chapter 2 pymisp
PyMISP Documentation Release main
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attribute_tag(attribute_identifier)Return the tags associated to an attribute or an object attribute attribute_identifier can be an ID UUIDor the value
Return type List[MISPTag]
get_object_by_id(object_id)Get an object by ID (the ID is the one set by the server when creating the new object)
Return type MISPObject
get_object_by_uuid(object_uuid)Get an object by UUID (UUID is set by the server when creating the new object)
Return type MISPObject
get_objects_by_name(object_name)Get an object by UUID (UUID is set by the server when creating the new object)
Return type List[MISPObject]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
load(json_event validate=False metadata_only=False)Load a JSON dump from a pseudo file or a JSON string
load_file(event_path validate=False metadata_only=False)Load a JSON dump from a file on the disk
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
publish()Mark the attribute as published
set_date(d=None ignore_invalid=False)Set a date for the event (string datetime or date object)
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
25 MISPEvent 25
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Event
Return type List[MISPTag]
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_feed(valid_distributions=[0 1 2 3 4 5] with_meta=False)Generate a json output for MISP Feed Notes
bull valid_distributions only makes sense if the distribution key is set (ie the event is exported from aMISP instance)
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
unpublish()Mark the attribute as un-published (set publish flag to false)
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
26 MISPAttribute
class pymispMISPAttribute(describe_types=None strict=False)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
26 Chapter 2 pymisp
PyMISP Documentation Release main
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
26 MISPAttribute 27
PyMISP Documentation Release main
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
27 MISPObject
class pymispMISPObject(name strict=False standalone=True default_attributes_parameters=kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
28 Chapter 2 pymisp
PyMISP Documentation Release main
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
28 MISPObjectAttribute
class pymispMISPObjectAttribute(definition)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
28 MISPObjectAttribute 29
PyMISP Documentation Release main
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(object_relation value kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
30 Chapter 2 pymisp
PyMISP Documentation Release main
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
29 MISPObjectReference
class pymispMISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
29 MISPObjectReference 31
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
210 MISPTag
class pymispMISPTag(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
32 Chapter 2 pymisp
PyMISP Documentation Release main
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
211 MISPUser
class pymispMISPUser(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
211 MISPUser 33
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation
class pymispMISPOrganisation
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
34 Chapter 2 pymisp
PyMISP Documentation Release main
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation 35
PyMISP Documentation Release main
36 Chapter 2 pymisp
CHAPTER
THREE
PYMISP - TOOLS
31 File Object
class pymisptoolsFileObject(filepath=None pseudofile=None filename=None kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Contains the logic where all the values of the object are gathered
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
37
PyMISP Documentation Release main
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
32 ELF Object
33 PE Object
34 Mach-O Object
35 VT Report Object
class pymisptoolsVTReportObject(apikey indicator vt_proxies=None kwargs)VirusTotal Report
Apikey VirusTotal API key (private works but only public features are supported right now)
38 Chapter 3 pymisp - Tools
PyMISP Documentation Release main
Indicator IOC to search VirusTotal for
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Parse the VirusTotal report for relevant attributes
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
35 VT Report Object 39
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
36 STIX
pymisptoolsstixload_stix(stix distribution=3 threat_level_id=2 analysis=0)Returns a MISPEvent object from a STIX package
pymisptoolsstixmake_stix_package(misp_event to_json=False to_xml=False)Returns a STIXPackage from a MISPEvent
Optionally can return the package in json or xml
37 OpenIOC
toolsload_openioc()
toolsload_openioc_file()
40 Chapter 3 pymisp - Tools
CHAPTER
FOUR
INDICES AND TABLES
bull genindex
bull modindex
bull search
41
PyMISP Documentation Release main
42 Chapter 4 Indices and tables
PYTHON MODULE INDEX
ppymisp 7pymisptools 37pymisptoolsstix 40
43
PyMISP Documentation Release main
44 Python Module Index
INDEX
AAbstractMISP (class in pymisp) 23accept_attribute_proposal()
(pymispPyMISP method) 7add_attribute() (pymispMISPEvent method) 24add_attribute() (pymispMISPObject method) 28add_attribute() (pymispPyMISP method) 7add_attribute() (pymisptoolsFileObject method)
37add_attribute() (pymisptoolsVTReportObject
method) 39add_attribute_proposal() (pymispPyMISP
method) 7add_attribute_tag() (pymispMISPEvent
method) 24add_attributes() (pymispMISPObject method)
28add_attributes() (pymisptoolsFileObject
method) 37add_attributes() (pymisptoolsVTReportObject
method) 39add_event() (pymispPyMISP method) 7add_event_blacklist() (pymispPyMISP
method) 8add_feed() (pymispPyMISP method) 8add_object() (pymispMISPEvent method) 24add_object() (pymispPyMISP method) 8add_object_reference() (pymispPyMISP
method) 8add_org_to_sharing_group() (pymispPyMISP
method) 8add_organisation() (pymispPyMISP method) 8add_organisation_blacklist()
(pymispPyMISP method) 8add_proposal() (pymispMISPAttribute method) 26add_proposal() (pymispMISPEvent method) 24add_proposal() (pymispMISPObjectAttribute
method) 29add_reference() (pymispMISPObject method) 28add_reference() (pymisptoolsFileObject method)
37add_reference() (pymisptoolsVTReportObject
method) 39add_server() (pymispPyMISP method) 8add_server_to_sharing_group()
(pymispPyMISP method) 8add_shadow_attribute() (pymispMISPAttribute
method) 26add_shadow_attribute() (pymispMISPEvent
method) 24add_shadow_attribute()
(pymispMISPObjectAttribute method) 29add_sharing_group() (pymispPyMISP method) 8add_sighting() (pymispMISPAttribute method) 26add_sighting() (pymispMISPObjectAttribute
method) 29add_sighting() (pymispPyMISP method) 8add_tag() (pymispPyMISP method) 8add_user() (pymispPyMISP method) 9attributes_statistics() (pymispPyMISP
method) 9
Bbuild_complex_query() (pymispPyMISP
method) 9
Ccache_all_feeds() (pymispPyMISP method) 9cache_feed() (pymispPyMISP method) 9cache_freetext_feeds() (pymispPyMISP
method) 9cache_misp_feeds() (pymispPyMISP method) 9change_sharing_group_on_entity()
(pymispPyMISP method) 9change_user_password() (pymispPyMISP
method) 9clear() (pymispMISPAttribute method) 26clear() (pymispMISPEvent method) 24clear() (pymispMISPObject method) 28clear() (pymispMISPObjectAttribute method) 29clear() (pymispMISPObjectReference method) 31clear() (pymispMISPOrganisation method) 34clear() (pymispMISPTag method) 32clear() (pymispMISPUser method) 33
45
PyMISP Documentation Release main
clear() (pymisptoolsFileObject method) 37clear() (pymisptoolsVTReportObject method) 39communities() (pymispPyMISP method) 9compare_feeds() (pymispPyMISP method) 9contact_event_reporter() (pymispPyMISP
method) 9
Ddefault() (pymispMISPEncode method) 24delegate_event() (pymispPyMISP method) 10delete() (pymispMISPAttribute method) 26delete() (pymispMISPObjectAttribute method) 30delete_attribute() (pymispMISPEvent method)
24delete_attribute() (pymispPyMISP method) 10delete_attribute_proposal()
(pymispPyMISP method) 10delete_event() (pymispPyMISP method) 10delete_event_blacklist() (pymispPyMISP
method) 10delete_feed() (pymispPyMISP method) 10delete_object() (pymispPyMISP method) 10delete_object_reference() (pymispPyMISP
method) 10delete_organisation() (pymispPyMISP
method) 10delete_organisation_blacklist()
(pymispPyMISP method) 10delete_server() (pymispPyMISP method) 10delete_sharing_group() (pymispPyMISP
method) 10delete_sighting() (pymispPyMISP method) 10delete_tag() (pymispPyMISP method) 11delete_user() (pymispPyMISP method) 11delete_user_setting() (pymispPyMISP
method) 11describe_types_local() (pymispPyMISP prop-
erty) 11describe_types_remote() (pymispPyMISP
property) 11direct_call() (pymispPyMISP method) 11disable_feed() (pymispPyMISP method) 11disable_feed_cache() (pymispPyMISP method)
11disable_noticelist() (pymispPyMISP method)
11disable_tag() (pymispPyMISP method) 11disable_taxonomy() (pymispPyMISP method) 11disable_taxonomy_tags() (pymispPyMISP
method) 11disable_warninglist() (pymispPyMISP
method) 11discard_attribute_proposal()
(pymispPyMISP method) 12
Eedited() (pymispAbstractMISP property) 23edited() (pymispMISPAttribute property) 26edited() (pymispMISPEvent property) 24edited() (pymispMISPObject property) 28edited() (pymispMISPObjectAttribute property) 30edited() (pymispMISPObjectReference property) 31edited() (pymispMISPOrganisation property) 34edited() (pymispMISPTag property) 32edited() (pymispMISPUser property) 33edited() (pymisptoolsFileObject property) 37edited() (pymisptoolsVTReportObject property) 39enable_feed() (pymispPyMISP method) 12enable_feed_cache() (pymispPyMISP method)
12enable_noticelist() (pymispPyMISP method)
12enable_tag() (pymispPyMISP method) 12enable_taxonomy() (pymispPyMISP method) 12enable_taxonomy_tags() (pymispPyMISP
method) 12enable_warninglist() (pymispPyMISP method)
12event_blacklists() (pymispPyMISP method) 12event_delegations() (pymispPyMISP method)
12ExpandedPyMISP (in module pymisp) 23
Ffeeds() (pymispPyMISP method) 12fetch_feed() (pymispPyMISP method) 12FileObject (class in pymisptools) 37freetext() (pymispPyMISP method) 12from_dict() (pymispAbstractMISP method) 23from_dict() (pymispMISPAttribute method) 27from_dict() (pymispMISPEvent method) 25from_dict() (pymispMISPObject method) 28from_dict() (pymispMISPObjectAttribute method)
30from_dict() (pymispMISPObjectReference method)
31from_dict() (pymispMISPOrganisation method) 34from_dict() (pymispMISPTag method) 32from_dict() (pymispMISPUser method) 33from_dict() (pymisptoolsFileObject method) 37from_dict() (pymisptoolsVTReportObject method)
39from_json() (pymispAbstractMISP method) 23from_json() (pymispMISPAttribute method) 27from_json() (pymispMISPEvent method) 25from_json() (pymispMISPObject method) 28from_json() (pymispMISPObjectAttribute method)
30
46 Index
PyMISP Documentation Release main
from_json() (pymispMISPObjectReference method)31
from_json() (pymispMISPOrganisation method) 34from_json() (pymispMISPTag method) 32from_json() (pymispMISPUser method) 33from_json() (pymisptoolsFileObject method) 37from_json() (pymisptoolsVTReportObject method)
39
Ggalaxies() (pymispPyMISP method) 12generate_attributes() (pymisptoolsFileObject
method) 37generate_attributes()
(pymisptoolsVTReportObject method)39
get() (pymispMISPAttribute method) 27get() (pymispMISPEvent method) 25get() (pymispMISPObject method) 28get() (pymispMISPObjectAttribute method) 30get() (pymispMISPObjectReference method) 31get() (pymispMISPOrganisation method) 34get() (pymispMISPTag method) 32get() (pymispMISPUser method) 33get() (pymisptoolsFileObject method) 37get() (pymisptoolsVTReportObject method) 39get_all_functions() (pymispPyMISP method)
13get_attribute() (pymispPyMISP method) 13get_attribute_tag() (pymispMISPEvent
method) 25get_attributes_by_relation()
(pymispMISPObject method) 28get_attributes_by_relation()
(pymisptoolsFileObject method) 37get_attributes_by_relation()
(pymisptoolsVTReportObject method)39
get_community() (pymispPyMISP method) 13get_event() (pymispPyMISP method) 13get_feed() (pymispPyMISP method) 13get_galaxy() (pymispPyMISP method) 13get_noticelist() (pymispPyMISP method) 13get_object() (pymispPyMISP method) 13get_object_by_id() (pymispMISPEvent method)
25get_object_by_uuid() (pymispMISPEvent
method) 25get_object_template() (pymispPyMISP
method) 13get_objects_by_name() (pymispMISPEvent
method) 25get_organisation() (pymispPyMISP method) 13get_sync_config() (pymispPyMISP method) 13
get_tag() (pymispPyMISP method) 13get_taxonomy() (pymispPyMISP method) 13get_user() (pymispPyMISP method) 13get_user_setting() (pymispPyMISP method) 14get_warninglist() (pymispPyMISP method) 14
Hhas_attributes_by_relation()
(pymispMISPObject method) 28has_attributes_by_relation()
(pymisptoolsFileObject method) 37has_attributes_by_relation()
(pymisptoolsVTReportObject method)39
hash_values() (pymispMISPAttribute method) 27hash_values() (pymispMISPObjectAttribute
method) 30
Iimport_server() (pymispPyMISP method) 14items() (pymispMISPAttribute method) 27items() (pymispMISPEvent method) 25items() (pymispMISPObject method) 29items() (pymispMISPObjectAttribute method) 30items() (pymispMISPObjectReference method) 31items() (pymispMISPOrganisation method) 34items() (pymispMISPTag method) 32items() (pymispMISPUser method) 33items() (pymisptoolsFileObject method) 38items() (pymisptoolsVTReportObject method) 39
Jjsonable() (pymispAbstractMISP method) 23jsonable() (pymispMISPAttribute method) 27jsonable() (pymispMISPEvent method) 25jsonable() (pymispMISPObject method) 29jsonable() (pymispMISPObjectAttribute method)
30jsonable() (pymispMISPObjectReference method)
31jsonable() (pymispMISPOrganisation method) 34jsonable() (pymispMISPTag method) 32jsonable() (pymispMISPUser method) 33jsonable() (pymisptoolsFileObject method) 38jsonable() (pymisptoolsVTReportObject method)
39
Kkeys() (pymispMISPAttribute method) 27keys() (pymispMISPEvent method) 25keys() (pymispMISPObject method) 29keys() (pymispMISPObjectAttribute method) 30keys() (pymispMISPObjectReference method) 31keys() (pymispMISPOrganisation method) 34
Index 47
PyMISP Documentation Release main
keys() (pymispMISPTag method) 32keys() (pymispMISPUser method) 33keys() (pymisptoolsFileObject method) 38keys() (pymisptoolsVTReportObject method) 39known_types() (pymispMISPAttribute property) 27known_types() (pymispMISPObjectAttribute prop-
erty) 30
Lload() (pymispMISPEvent method) 25load_default_feeds() (pymispPyMISP method)
14load_file() (pymispMISPEvent method) 25load_openioc() (pymisptools method) 40load_openioc_file() (pymisptools method) 40load_stix() (in module pymisptoolsstix) 40
Mmake_stix_package() (in module
pymisptoolsstix) 40malware_binary() (pymispMISPAttribute prop-
erty) 27malware_binary() (pymispMISPObjectAttribute
property) 30misp_instance_version() (pymispPyMISP
property) 14misp_instance_version_master()
(pymispPyMISP property) 14MISPAttribute (class in pymisp) 26MISPEncode (class in pymisp) 24MISPEvent (class in pymisp) 24MISPObject (class in pymisp) 28MISPObjectAttribute (class in pymisp) 29MISPObjectReference (class in pymisp) 31MISPOrganisation (class in pymisp) 34MISPTag (class in pymisp) 32MISPUser (class in pymisp) 33module
pymisp 7pymisptools 37pymisptoolsstix 40
Nnoticelists() (pymispPyMISP method) 14
Oobject_templates() (pymispPyMISP method) 14organisation_blacklists() (pymispPyMISP
method) 14organisations() (pymispPyMISP method) 14
Ppop() (pymispMISPAttribute method) 27
pop() (pymispMISPEvent method) 25pop() (pymispMISPObject method) 29pop() (pymispMISPObjectAttribute method) 30pop() (pymispMISPObjectReference method) 31pop() (pymispMISPOrganisation method) 34pop() (pymispMISPTag method) 32pop() (pymispMISPUser method) 33pop() (pymisptoolsFileObject method) 38pop() (pymisptoolsVTReportObject method) 39popitem() (pymispMISPAttribute method) 27popitem() (pymispMISPEvent method) 25popitem() (pymispMISPObject method) 29popitem() (pymispMISPObjectAttribute method) 30popitem() (pymispMISPObjectReference method) 31popitem() (pymispMISPOrganisation method) 34popitem() (pymispMISPTag method) 32popitem() (pymispMISPUser method) 33popitem() (pymisptoolsFileObject method) 38popitem() (pymisptoolsVTReportObject method) 39publish() (pymispMISPEvent method) 25publish() (pymispPyMISP method) 14push_event_to_ZMQ() (pymispPyMISP method)
14pymisp
module 7PyMISP (class in pymisp) 7pymisptools
module 37pymisptoolsstix
module 40pymisp_version_main() (pymispPyMISP prop-
erty) 15
Rrecommended_pymisp_version()
(pymispPyMISP property) 15remote_acl() (pymispPyMISP method) 15remove_org_from_sharing_group()
(pymispPyMISP method) 15remove_server_from_sharing_group()
(pymispPyMISP method) 15roles() (pymispPyMISP method) 15
Ssearch() (pymispPyMISP method) 15search_feeds() (pymispPyMISP method) 17search_index() (pymispPyMISP method) 18search_logs() (pymispPyMISP method) 18search_sightings() (pymispPyMISP method) 19server_pull() (pymispPyMISP method) 20server_push() (pymispPyMISP method) 20servers() (pymispPyMISP method) 20set_date() (pymispMISPEvent method) 25
48 Index
PyMISP Documentation Release main
set_not_jsonable() (pymispAbstractMISPmethod) 23
set_not_jsonable() (pymispMISPAttributemethod) 27
set_not_jsonable() (pymispMISPEvent method)25
set_not_jsonable() (pymispMISPObjectmethod) 29
set_not_jsonable() (pymispMISPObjectAttributemethod) 30
set_not_jsonable()(pymispMISPObjectReference method)31
set_not_jsonable() (pymispMISPOrganisationmethod) 35
set_not_jsonable() (pymispMISPTag method)32
set_not_jsonable() (pymispMISPUser method)33
set_not_jsonable() (pymisptoolsFileObjectmethod) 38
set_not_jsonable()(pymisptoolsVTReportObject method)39
set_user_setting() (pymispPyMISP method) 20setdefault() (pymispMISPAttribute method) 27setdefault() (pymispMISPEvent method) 25setdefault() (pymispMISPObject method) 29setdefault() (pymispMISPObjectAttribute
method) 30setdefault() (pymispMISPObjectReference
method) 31setdefault() (pymispMISPOrganisation method)
35setdefault() (pymispMISPTag method) 33setdefault() (pymispMISPUser method) 34setdefault() (pymisptoolsFileObject method) 38setdefault() (pymisptoolsVTReportObject
method) 40sharing_groups() (pymispPyMISP method) 20sightings() (pymispPyMISP method) 20
Ttag() (pymispPyMISP method) 20tags() (pymispMISPAttribute property) 27tags() (pymispMISPEvent property) 26tags() (pymispMISPObjectAttribute property) 30tags() (pymispPyMISP method) 20tags_statistics() (pymispPyMISP method) 20taxonomies() (pymispPyMISP method) 20to_dict() (pymispAbstractMISP method) 23to_dict() (pymispMISPAttribute method) 27to_dict() (pymispMISPEvent method) 26to_dict() (pymispMISPObject method) 29
to_dict() (pymispMISPObjectAttribute method) 30to_dict() (pymispMISPObjectReference method) 32to_dict() (pymispMISPOrganisation method) 35to_dict() (pymispMISPTag method) 33to_dict() (pymispMISPUser method) 34to_dict() (pymisptoolsFileObject method) 38to_dict() (pymisptoolsVTReportObject method) 40to_feed() (pymispMISPEvent method) 26to_json() (pymispAbstractMISP method) 23to_json() (pymispMISPAttribute method) 27to_json() (pymispMISPEvent method) 26to_json() (pymispMISPObject method) 29to_json() (pymispMISPObjectAttribute method) 31to_json() (pymispMISPObjectReference method) 32to_json() (pymispMISPOrganisation method) 35to_json() (pymispMISPTag method) 33to_json() (pymispMISPUser method) 34to_json() (pymisptoolsFileObject method) 38to_json() (pymisptoolsVTReportObject method) 40toggle_warninglist() (pymispPyMISP method)
20
Uunpublish() (pymispMISPEvent method) 26untag() (pymispPyMISP method) 21update() (pymispMISPAttribute method) 28update() (pymispMISPEvent method) 26update() (pymispMISPObject method) 29update() (pymispMISPObjectAttribute method) 31update() (pymispMISPObjectReference method) 32update() (pymispMISPOrganisation method) 35update() (pymispMISPTag method) 33update() (pymispMISPUser method) 34update() (pymisptoolsFileObject method) 38update() (pymisptoolsVTReportObject method) 40update_attribute() (pymispPyMISP method) 21update_attribute_proposal()
(pymispPyMISP method) 21update_event() (pymispPyMISP method) 21update_event_blacklist() (pymispPyMISP
method) 21update_feed() (pymispPyMISP method) 21update_galaxies() (pymispPyMISP method) 21update_not_jsonable() (pymispAbstractMISP
method) 23update_not_jsonable() (pymispMISPAttribute
method) 28update_not_jsonable() (pymispMISPEvent
method) 26update_not_jsonable() (pymispMISPObject
method) 29update_not_jsonable()
(pymispMISPObjectAttribute method) 31
Index 49
PyMISP Documentation Release main
update_not_jsonable()(pymispMISPObjectReference method)32
update_not_jsonable()(pymispMISPOrganisation method) 35
update_not_jsonable() (pymispMISPTagmethod) 33
update_not_jsonable() (pymispMISPUsermethod) 34
update_not_jsonable() (pymisptoolsFileObjectmethod) 38
update_not_jsonable()(pymisptoolsVTReportObject method)40
update_noticelists() (pymispPyMISP method)21
update_object() (pymispPyMISP method) 21update_object_templates() (pymispPyMISP
method) 21update_organisation() (pymispPyMISP
method) 21update_organisation_blacklist()
(pymispPyMISP method) 21update_server() (pymispPyMISP method) 22update_tag() (pymispPyMISP method) 22update_taxonomies() (pymispPyMISP method)
22update_user() (pymispPyMISP method) 22update_warninglists() (pymispPyMISP
method) 22upload_stix() (pymispPyMISP method) 22user_registrations() (pymispPyMISP method)
22user_settings() (pymispPyMISP method) 22users() (pymispPyMISP method) 22users_statistics() (pymispPyMISP method) 22
Vvalues() (pymispMISPAttribute method) 28values() (pymispMISPEvent method) 26values() (pymispMISPObject method) 29values() (pymispMISPObjectAttribute method) 31values() (pymispMISPObjectReference method) 32values() (pymispMISPOrganisation method) 35values() (pymispMISPTag method) 33values() (pymispMISPUser method) 34values() (pymisptoolsFileObject method) 38values() (pymisptoolsVTReportObject method) 40values_in_warninglist() (pymispPyMISP
method) 22version() (pymispPyMISP property) 22VTReportObject (class in pymisptools) 38
Wwarninglists() (pymispPyMISP method) 22
50 Index
- README
- pymisp
- PyMISP
- PyMISPExpanded (Python 36+ only)
- MISPAbstract
- MISPEncode
- MISPEvent
- MISPAttribute
- MISPObject
- MISPObjectAttribute
- MISPObjectReference
- MISPTag
- MISPUser
- MISPOrganisation
- pymisp - Tools
- File Object
- ELF Object
- PE Object
- Mach-O Object
- VT Report Object
- STIX
- OpenIOC
- Indices and tables
- Python Module Index
- Index
PyMISP Documentation Release main
bull created (Union[date int str float None]) ndash Creation timestamp
bull model (Optional[str]) ndash Model name that generated the log entry
bull action (Optional[str]) ndash The thing that was done
bull user_id (Optional[int]) ndash ID of the user doing the action
bull change (Optional[str]) ndash Change that occured
bull email (Optional[str]) ndash Email of the user
bull org (Optional[str]) ndash Organisation of the User doing the action
bull description (Optional[str]) ndash Description of the action
bull ip (Optional[str]) ndash Origination IP of the User doing the action
bull pythonify (Optional[bool]) ndash Returns a list of PyMISP Objects instead or the plainjson output Warning it might use a lot of RAM
Return type Union[Dict List[MISPLog]]
search_sightings(context=None context_id=None type_sighting=None date_from=Nonedate_to=None publish_timestamp=None last=None org=None source=Noneinclude_attribute=None include_event_meta=None pythonify=False)
Search sightings
Parameters
bull context (Optional[str]) ndash The context of the search Can be either ldquoattributerdquoldquoeventrdquo or nothing (will then match on events and attributes)
bull context_id (Optional[~SearchType]) ndash Only relevant if context is either ldquoattributerdquoor ldquoeventrdquo Then it is the relevant ID
bull type_sighting (Optional[str]) ndash Type of sighting
bull date_from (Union[date int str float None]) ndash Events with the date set to adate after the one specified This filter will use the date of the event
bull date_to (Union[date int str float None]) ndash Events with the date set to a datebefore the one specified This filter will use the date of the event
bull publish_timestamp (Union[date int str float NoneTuple[Union[date int str float None] Union[date int str floatNone]]]) ndash Restrict the results by the last publish timestamp (newer than)
bull org (Optional[~SearchType]) ndash Search by the creator organisation by supplying theorganisation identifier
bull source (Optional[str]) ndash Source of the sighting
bull include_attribute (Optional[bool]) ndash Include the attribute
bull include_event_meta (Optional[bool]) ndash Include the meta information of theevent
Deprecated
Parameters last (Union[date int str float None Tuple[Union[date intstr float None] Union[date int str float None]]]) ndash synonym for pub-lish_timestamp
Example
21 PyMISP 19
PyMISP Documentation Release main
gtgtgt mispsearch_sightings(publish_timestamp=30d) search sightings for therarr˓last 30 days on the instance[ ]gtgtgt mispsearch_sightings(context=attribute context_id=6 include_rarr˓attribute=True) return list of sighting for attribute 6 along with therarr˓attribute itself[ ]gtgtgt mispsearch_sightings(context=event context_id=17 include_event_rarr˓meta=True org=2) return list of sighting for event 17 filtered with orgrarr˓id 2
Return type Union[Dict List[Dict[str Union[MISPEvent MISPAttributeMISPSighting]]]]
server_pull(server event=None)Initialize a pull from a sync server
Return type Dict
server_push(server event=None)Initialize a push to a sync server
Return type Dict
servers(pythonify=False)Get the existing servers the MISP instance can synchronise with
Return type Union[Dict List[MISPServer]]
set_user_setting(user_setting value user=None pythonify=False)Get an user setting
Return type Union[Dict MISPUserSetting]
sharing_groups(pythonify=False)Get the existing sharing groups
Return type Union[Dict List[MISPSharingGroup]]
sightings(misp_entity=None org=None pythonify=False)Get the list of sighting related to a MISPEvent or a MISPAttribute (depending on type of misp_entity)
Return type Union[Dict List[MISPSighting]]
tag(misp_entity tag local=False)Tag an event or an attribute misp_entity can be a MISPEvent a MISP Attribute or a UUID
Return type Dict
tags(pythonify=False)Get the list of existing tags
Return type Union[Dict List[MISPTag]]
tags_statistics(percentage=False name_sort=False)Get tags statistics from the MISP instance
Return type Dict
taxonomies(pythonify=False)Get all the taxonomies
Return type Union[Dict List[MISPTaxonomy]]
20 Chapter 2 pymisp
PyMISP Documentation Release main
toggle_warninglist(warninglist_id=None warninglist_name=None force_enable=False)Toggle (enabledisable) the status of a warninglist by ID type warninglist_id Union[str intList[int] None] param warninglist_id ID of the WarningList type force_enable bool paramforce_enable Force the warning list in the enabled state (does nothing is already enabled)
Return type Dict
untag(misp_entity tag)Untag an event or an attribute misp_entity can be a UUID
Return type Dict
update_attribute(attribute attribute_id=None pythonify=False)Update an attribute on a MISP instance
Return type Union[Dict MISPAttribute MISPShadowAttribute]
update_attribute_proposal(initial_attribute attribute pythonify=False)Propose a change for an attribute
Return type Union[Dict MISPShadowAttribute]
update_event(event event_id=None pythonify=False)Update an event on a MISP instance
Return type Union[Dict MISPEvent]
update_event_blacklist(event_blacklist event_blacklist_id=None pythonify=False)Update an event in the blacklist
Return type Union[Dict MISPEventBlacklist]
update_feed(feed feed_id=None pythonify=False)Update a feed on a MISP instance
Return type Union[Dict MISPFeed]
update_galaxies()Update all the galaxies
Return type Dict
update_noticelists()Update all the noticelists
Return type Dict
update_object(misp_object object_id=None pythonify=False)Update an object on a MISP instance
Return type Union[Dict MISPObject]
update_object_templates()Trigger an update of the object templates
Return type Dict
update_organisation(organisation organisation_id=None pythonify=False)Update an organisation
Return type Union[Dict MISPOrganisation]
update_organisation_blacklist(organisation_blacklist organisation_blacklist_id=Nonepythonify=False)
Update an organisation in the blacklist
Return type Union[Dict MISPOrganisationBlacklist]
21 PyMISP 21
PyMISP Documentation Release main
update_server(server server_id=None pythonify=False)Update a server to synchronise with
Return type Union[Dict MISPServer]
update_tag(tag tag_id=None pythonify=False)Edit only the provided parameters of a tag
Return type Union[Dict MISPTag]
update_taxonomies()Update all the taxonomies
Return type Dict
update_user(user user_id=None pythonify=False)Update an event on a MISP instance
Return type Union[Dict MISPUser]
update_warninglists()Update all the warninglists
Return type Dict
upload_stix(path version=2)Upload a STIX file to MISP param path Path to the STIX on the disk (can be a path-like object or apseudofile) type version str param version Can be 1 or 2
user_registrations(pythonify=False)Get all the user registrations
Return type Union[Dict List[MISPInbox]]
user_settings(pythonify=False)Get all the user settings
Return type Union[Dict List[MISPUserSetting]]
users(pythonify=False)Get all the users
Return type Union[Dict List[MISPUser]]
users_statistics(context=data)Get users statistics from the MISP instance
Return type Dict
values_in_warninglist(value)Check if IOC values are in warninglist
Return type Dict
property versionReturns the version of PyMISP yoursquore curently using
Return type Dict
warninglists(pythonify=False)Get all the warninglists
Return type Union[Dict List[MISPWarninglist]]
22 Chapter 2 pymisp
PyMISP Documentation Release main
22 PyMISPExpanded (Python 36+ only)
pymispExpandedPyMISPalias of pymispapiPyMISP
23 MISPAbstract
class pymispAbstractMISP(kwargs)
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
Return type None
from_json(json_string)Load a JSON string
Return type None
jsonable()This method is used by the JSON encoder
Return type Dict
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
22 PyMISPExpanded (Python 36+ only) 23
PyMISP Documentation Release main
24 MISPEncode
class pymispMISPEncode(args kwargs)
default(obj)Implement this method in a subclass such that it returns a serializable object for o or calls the baseimplementation (to raise a TypeError)
For example to support arbitrary iterators you could implement default like this
def default(self o)try
iterable = iter(o)except TypeError
passelse
return list(iterable) Let the base class default method raise the TypeErrorreturn JSONEncoderdefault(self o)
25 MISPEvent
class pymispMISPEvent(describe_types=None strict_validation=False kwargs)
add_attribute(type value kwargs)Add an attribute type and value are required but you can pass all other parameters supported by MISPAt-tribute
Return type Union[MISPAttribute List[MISPAttribute]]
add_attribute_tag(tag attribute_identifier)Add a tag to an existing attribute raise an Exception if the attribute doesnrsquot exists tag Tag name as astring MISPTag instance or dictionary attribute_identifier can be an ID UUID or the value
Return type List[MISPAttribute]
add_object(obj=None kwargs)Add an object to the Event either by passing a MISPObject or a dictionary
Return type MISPObject
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a tag to the attribute (by name or a MISPTag object)
Return type MISPShadowAttribute
clear()rarr None Remove all items from D
delete_attribute(attribute_id)Delete an attribute you can search by ID or UUID
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
24 Chapter 2 pymisp
PyMISP Documentation Release main
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attribute_tag(attribute_identifier)Return the tags associated to an attribute or an object attribute attribute_identifier can be an ID UUIDor the value
Return type List[MISPTag]
get_object_by_id(object_id)Get an object by ID (the ID is the one set by the server when creating the new object)
Return type MISPObject
get_object_by_uuid(object_uuid)Get an object by UUID (UUID is set by the server when creating the new object)
Return type MISPObject
get_objects_by_name(object_name)Get an object by UUID (UUID is set by the server when creating the new object)
Return type List[MISPObject]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
load(json_event validate=False metadata_only=False)Load a JSON dump from a pseudo file or a JSON string
load_file(event_path validate=False metadata_only=False)Load a JSON dump from a file on the disk
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
publish()Mark the attribute as published
set_date(d=None ignore_invalid=False)Set a date for the event (string datetime or date object)
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
25 MISPEvent 25
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Event
Return type List[MISPTag]
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_feed(valid_distributions=[0 1 2 3 4 5] with_meta=False)Generate a json output for MISP Feed Notes
bull valid_distributions only makes sense if the distribution key is set (ie the event is exported from aMISP instance)
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
unpublish()Mark the attribute as un-published (set publish flag to false)
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
26 MISPAttribute
class pymispMISPAttribute(describe_types=None strict=False)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
26 Chapter 2 pymisp
PyMISP Documentation Release main
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
26 MISPAttribute 27
PyMISP Documentation Release main
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
27 MISPObject
class pymispMISPObject(name strict=False standalone=True default_attributes_parameters=kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
28 Chapter 2 pymisp
PyMISP Documentation Release main
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
28 MISPObjectAttribute
class pymispMISPObjectAttribute(definition)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
28 MISPObjectAttribute 29
PyMISP Documentation Release main
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(object_relation value kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
30 Chapter 2 pymisp
PyMISP Documentation Release main
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
29 MISPObjectReference
class pymispMISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
29 MISPObjectReference 31
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
210 MISPTag
class pymispMISPTag(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
32 Chapter 2 pymisp
PyMISP Documentation Release main
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
211 MISPUser
class pymispMISPUser(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
211 MISPUser 33
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation
class pymispMISPOrganisation
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
34 Chapter 2 pymisp
PyMISP Documentation Release main
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation 35
PyMISP Documentation Release main
36 Chapter 2 pymisp
CHAPTER
THREE
PYMISP - TOOLS
31 File Object
class pymisptoolsFileObject(filepath=None pseudofile=None filename=None kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Contains the logic where all the values of the object are gathered
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
37
PyMISP Documentation Release main
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
32 ELF Object
33 PE Object
34 Mach-O Object
35 VT Report Object
class pymisptoolsVTReportObject(apikey indicator vt_proxies=None kwargs)VirusTotal Report
Apikey VirusTotal API key (private works but only public features are supported right now)
38 Chapter 3 pymisp - Tools
PyMISP Documentation Release main
Indicator IOC to search VirusTotal for
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Parse the VirusTotal report for relevant attributes
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
35 VT Report Object 39
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
36 STIX
pymisptoolsstixload_stix(stix distribution=3 threat_level_id=2 analysis=0)Returns a MISPEvent object from a STIX package
pymisptoolsstixmake_stix_package(misp_event to_json=False to_xml=False)Returns a STIXPackage from a MISPEvent
Optionally can return the package in json or xml
37 OpenIOC
toolsload_openioc()
toolsload_openioc_file()
40 Chapter 3 pymisp - Tools
CHAPTER
FOUR
INDICES AND TABLES
bull genindex
bull modindex
bull search
41
PyMISP Documentation Release main
42 Chapter 4 Indices and tables
PYTHON MODULE INDEX
ppymisp 7pymisptools 37pymisptoolsstix 40
43
PyMISP Documentation Release main
44 Python Module Index
INDEX
AAbstractMISP (class in pymisp) 23accept_attribute_proposal()
(pymispPyMISP method) 7add_attribute() (pymispMISPEvent method) 24add_attribute() (pymispMISPObject method) 28add_attribute() (pymispPyMISP method) 7add_attribute() (pymisptoolsFileObject method)
37add_attribute() (pymisptoolsVTReportObject
method) 39add_attribute_proposal() (pymispPyMISP
method) 7add_attribute_tag() (pymispMISPEvent
method) 24add_attributes() (pymispMISPObject method)
28add_attributes() (pymisptoolsFileObject
method) 37add_attributes() (pymisptoolsVTReportObject
method) 39add_event() (pymispPyMISP method) 7add_event_blacklist() (pymispPyMISP
method) 8add_feed() (pymispPyMISP method) 8add_object() (pymispMISPEvent method) 24add_object() (pymispPyMISP method) 8add_object_reference() (pymispPyMISP
method) 8add_org_to_sharing_group() (pymispPyMISP
method) 8add_organisation() (pymispPyMISP method) 8add_organisation_blacklist()
(pymispPyMISP method) 8add_proposal() (pymispMISPAttribute method) 26add_proposal() (pymispMISPEvent method) 24add_proposal() (pymispMISPObjectAttribute
method) 29add_reference() (pymispMISPObject method) 28add_reference() (pymisptoolsFileObject method)
37add_reference() (pymisptoolsVTReportObject
method) 39add_server() (pymispPyMISP method) 8add_server_to_sharing_group()
(pymispPyMISP method) 8add_shadow_attribute() (pymispMISPAttribute
method) 26add_shadow_attribute() (pymispMISPEvent
method) 24add_shadow_attribute()
(pymispMISPObjectAttribute method) 29add_sharing_group() (pymispPyMISP method) 8add_sighting() (pymispMISPAttribute method) 26add_sighting() (pymispMISPObjectAttribute
method) 29add_sighting() (pymispPyMISP method) 8add_tag() (pymispPyMISP method) 8add_user() (pymispPyMISP method) 9attributes_statistics() (pymispPyMISP
method) 9
Bbuild_complex_query() (pymispPyMISP
method) 9
Ccache_all_feeds() (pymispPyMISP method) 9cache_feed() (pymispPyMISP method) 9cache_freetext_feeds() (pymispPyMISP
method) 9cache_misp_feeds() (pymispPyMISP method) 9change_sharing_group_on_entity()
(pymispPyMISP method) 9change_user_password() (pymispPyMISP
method) 9clear() (pymispMISPAttribute method) 26clear() (pymispMISPEvent method) 24clear() (pymispMISPObject method) 28clear() (pymispMISPObjectAttribute method) 29clear() (pymispMISPObjectReference method) 31clear() (pymispMISPOrganisation method) 34clear() (pymispMISPTag method) 32clear() (pymispMISPUser method) 33
45
PyMISP Documentation Release main
clear() (pymisptoolsFileObject method) 37clear() (pymisptoolsVTReportObject method) 39communities() (pymispPyMISP method) 9compare_feeds() (pymispPyMISP method) 9contact_event_reporter() (pymispPyMISP
method) 9
Ddefault() (pymispMISPEncode method) 24delegate_event() (pymispPyMISP method) 10delete() (pymispMISPAttribute method) 26delete() (pymispMISPObjectAttribute method) 30delete_attribute() (pymispMISPEvent method)
24delete_attribute() (pymispPyMISP method) 10delete_attribute_proposal()
(pymispPyMISP method) 10delete_event() (pymispPyMISP method) 10delete_event_blacklist() (pymispPyMISP
method) 10delete_feed() (pymispPyMISP method) 10delete_object() (pymispPyMISP method) 10delete_object_reference() (pymispPyMISP
method) 10delete_organisation() (pymispPyMISP
method) 10delete_organisation_blacklist()
(pymispPyMISP method) 10delete_server() (pymispPyMISP method) 10delete_sharing_group() (pymispPyMISP
method) 10delete_sighting() (pymispPyMISP method) 10delete_tag() (pymispPyMISP method) 11delete_user() (pymispPyMISP method) 11delete_user_setting() (pymispPyMISP
method) 11describe_types_local() (pymispPyMISP prop-
erty) 11describe_types_remote() (pymispPyMISP
property) 11direct_call() (pymispPyMISP method) 11disable_feed() (pymispPyMISP method) 11disable_feed_cache() (pymispPyMISP method)
11disable_noticelist() (pymispPyMISP method)
11disable_tag() (pymispPyMISP method) 11disable_taxonomy() (pymispPyMISP method) 11disable_taxonomy_tags() (pymispPyMISP
method) 11disable_warninglist() (pymispPyMISP
method) 11discard_attribute_proposal()
(pymispPyMISP method) 12
Eedited() (pymispAbstractMISP property) 23edited() (pymispMISPAttribute property) 26edited() (pymispMISPEvent property) 24edited() (pymispMISPObject property) 28edited() (pymispMISPObjectAttribute property) 30edited() (pymispMISPObjectReference property) 31edited() (pymispMISPOrganisation property) 34edited() (pymispMISPTag property) 32edited() (pymispMISPUser property) 33edited() (pymisptoolsFileObject property) 37edited() (pymisptoolsVTReportObject property) 39enable_feed() (pymispPyMISP method) 12enable_feed_cache() (pymispPyMISP method)
12enable_noticelist() (pymispPyMISP method)
12enable_tag() (pymispPyMISP method) 12enable_taxonomy() (pymispPyMISP method) 12enable_taxonomy_tags() (pymispPyMISP
method) 12enable_warninglist() (pymispPyMISP method)
12event_blacklists() (pymispPyMISP method) 12event_delegations() (pymispPyMISP method)
12ExpandedPyMISP (in module pymisp) 23
Ffeeds() (pymispPyMISP method) 12fetch_feed() (pymispPyMISP method) 12FileObject (class in pymisptools) 37freetext() (pymispPyMISP method) 12from_dict() (pymispAbstractMISP method) 23from_dict() (pymispMISPAttribute method) 27from_dict() (pymispMISPEvent method) 25from_dict() (pymispMISPObject method) 28from_dict() (pymispMISPObjectAttribute method)
30from_dict() (pymispMISPObjectReference method)
31from_dict() (pymispMISPOrganisation method) 34from_dict() (pymispMISPTag method) 32from_dict() (pymispMISPUser method) 33from_dict() (pymisptoolsFileObject method) 37from_dict() (pymisptoolsVTReportObject method)
39from_json() (pymispAbstractMISP method) 23from_json() (pymispMISPAttribute method) 27from_json() (pymispMISPEvent method) 25from_json() (pymispMISPObject method) 28from_json() (pymispMISPObjectAttribute method)
30
46 Index
PyMISP Documentation Release main
from_json() (pymispMISPObjectReference method)31
from_json() (pymispMISPOrganisation method) 34from_json() (pymispMISPTag method) 32from_json() (pymispMISPUser method) 33from_json() (pymisptoolsFileObject method) 37from_json() (pymisptoolsVTReportObject method)
39
Ggalaxies() (pymispPyMISP method) 12generate_attributes() (pymisptoolsFileObject
method) 37generate_attributes()
(pymisptoolsVTReportObject method)39
get() (pymispMISPAttribute method) 27get() (pymispMISPEvent method) 25get() (pymispMISPObject method) 28get() (pymispMISPObjectAttribute method) 30get() (pymispMISPObjectReference method) 31get() (pymispMISPOrganisation method) 34get() (pymispMISPTag method) 32get() (pymispMISPUser method) 33get() (pymisptoolsFileObject method) 37get() (pymisptoolsVTReportObject method) 39get_all_functions() (pymispPyMISP method)
13get_attribute() (pymispPyMISP method) 13get_attribute_tag() (pymispMISPEvent
method) 25get_attributes_by_relation()
(pymispMISPObject method) 28get_attributes_by_relation()
(pymisptoolsFileObject method) 37get_attributes_by_relation()
(pymisptoolsVTReportObject method)39
get_community() (pymispPyMISP method) 13get_event() (pymispPyMISP method) 13get_feed() (pymispPyMISP method) 13get_galaxy() (pymispPyMISP method) 13get_noticelist() (pymispPyMISP method) 13get_object() (pymispPyMISP method) 13get_object_by_id() (pymispMISPEvent method)
25get_object_by_uuid() (pymispMISPEvent
method) 25get_object_template() (pymispPyMISP
method) 13get_objects_by_name() (pymispMISPEvent
method) 25get_organisation() (pymispPyMISP method) 13get_sync_config() (pymispPyMISP method) 13
get_tag() (pymispPyMISP method) 13get_taxonomy() (pymispPyMISP method) 13get_user() (pymispPyMISP method) 13get_user_setting() (pymispPyMISP method) 14get_warninglist() (pymispPyMISP method) 14
Hhas_attributes_by_relation()
(pymispMISPObject method) 28has_attributes_by_relation()
(pymisptoolsFileObject method) 37has_attributes_by_relation()
(pymisptoolsVTReportObject method)39
hash_values() (pymispMISPAttribute method) 27hash_values() (pymispMISPObjectAttribute
method) 30
Iimport_server() (pymispPyMISP method) 14items() (pymispMISPAttribute method) 27items() (pymispMISPEvent method) 25items() (pymispMISPObject method) 29items() (pymispMISPObjectAttribute method) 30items() (pymispMISPObjectReference method) 31items() (pymispMISPOrganisation method) 34items() (pymispMISPTag method) 32items() (pymispMISPUser method) 33items() (pymisptoolsFileObject method) 38items() (pymisptoolsVTReportObject method) 39
Jjsonable() (pymispAbstractMISP method) 23jsonable() (pymispMISPAttribute method) 27jsonable() (pymispMISPEvent method) 25jsonable() (pymispMISPObject method) 29jsonable() (pymispMISPObjectAttribute method)
30jsonable() (pymispMISPObjectReference method)
31jsonable() (pymispMISPOrganisation method) 34jsonable() (pymispMISPTag method) 32jsonable() (pymispMISPUser method) 33jsonable() (pymisptoolsFileObject method) 38jsonable() (pymisptoolsVTReportObject method)
39
Kkeys() (pymispMISPAttribute method) 27keys() (pymispMISPEvent method) 25keys() (pymispMISPObject method) 29keys() (pymispMISPObjectAttribute method) 30keys() (pymispMISPObjectReference method) 31keys() (pymispMISPOrganisation method) 34
Index 47
PyMISP Documentation Release main
keys() (pymispMISPTag method) 32keys() (pymispMISPUser method) 33keys() (pymisptoolsFileObject method) 38keys() (pymisptoolsVTReportObject method) 39known_types() (pymispMISPAttribute property) 27known_types() (pymispMISPObjectAttribute prop-
erty) 30
Lload() (pymispMISPEvent method) 25load_default_feeds() (pymispPyMISP method)
14load_file() (pymispMISPEvent method) 25load_openioc() (pymisptools method) 40load_openioc_file() (pymisptools method) 40load_stix() (in module pymisptoolsstix) 40
Mmake_stix_package() (in module
pymisptoolsstix) 40malware_binary() (pymispMISPAttribute prop-
erty) 27malware_binary() (pymispMISPObjectAttribute
property) 30misp_instance_version() (pymispPyMISP
property) 14misp_instance_version_master()
(pymispPyMISP property) 14MISPAttribute (class in pymisp) 26MISPEncode (class in pymisp) 24MISPEvent (class in pymisp) 24MISPObject (class in pymisp) 28MISPObjectAttribute (class in pymisp) 29MISPObjectReference (class in pymisp) 31MISPOrganisation (class in pymisp) 34MISPTag (class in pymisp) 32MISPUser (class in pymisp) 33module
pymisp 7pymisptools 37pymisptoolsstix 40
Nnoticelists() (pymispPyMISP method) 14
Oobject_templates() (pymispPyMISP method) 14organisation_blacklists() (pymispPyMISP
method) 14organisations() (pymispPyMISP method) 14
Ppop() (pymispMISPAttribute method) 27
pop() (pymispMISPEvent method) 25pop() (pymispMISPObject method) 29pop() (pymispMISPObjectAttribute method) 30pop() (pymispMISPObjectReference method) 31pop() (pymispMISPOrganisation method) 34pop() (pymispMISPTag method) 32pop() (pymispMISPUser method) 33pop() (pymisptoolsFileObject method) 38pop() (pymisptoolsVTReportObject method) 39popitem() (pymispMISPAttribute method) 27popitem() (pymispMISPEvent method) 25popitem() (pymispMISPObject method) 29popitem() (pymispMISPObjectAttribute method) 30popitem() (pymispMISPObjectReference method) 31popitem() (pymispMISPOrganisation method) 34popitem() (pymispMISPTag method) 32popitem() (pymispMISPUser method) 33popitem() (pymisptoolsFileObject method) 38popitem() (pymisptoolsVTReportObject method) 39publish() (pymispMISPEvent method) 25publish() (pymispPyMISP method) 14push_event_to_ZMQ() (pymispPyMISP method)
14pymisp
module 7PyMISP (class in pymisp) 7pymisptools
module 37pymisptoolsstix
module 40pymisp_version_main() (pymispPyMISP prop-
erty) 15
Rrecommended_pymisp_version()
(pymispPyMISP property) 15remote_acl() (pymispPyMISP method) 15remove_org_from_sharing_group()
(pymispPyMISP method) 15remove_server_from_sharing_group()
(pymispPyMISP method) 15roles() (pymispPyMISP method) 15
Ssearch() (pymispPyMISP method) 15search_feeds() (pymispPyMISP method) 17search_index() (pymispPyMISP method) 18search_logs() (pymispPyMISP method) 18search_sightings() (pymispPyMISP method) 19server_pull() (pymispPyMISP method) 20server_push() (pymispPyMISP method) 20servers() (pymispPyMISP method) 20set_date() (pymispMISPEvent method) 25
48 Index
PyMISP Documentation Release main
set_not_jsonable() (pymispAbstractMISPmethod) 23
set_not_jsonable() (pymispMISPAttributemethod) 27
set_not_jsonable() (pymispMISPEvent method)25
set_not_jsonable() (pymispMISPObjectmethod) 29
set_not_jsonable() (pymispMISPObjectAttributemethod) 30
set_not_jsonable()(pymispMISPObjectReference method)31
set_not_jsonable() (pymispMISPOrganisationmethod) 35
set_not_jsonable() (pymispMISPTag method)32
set_not_jsonable() (pymispMISPUser method)33
set_not_jsonable() (pymisptoolsFileObjectmethod) 38
set_not_jsonable()(pymisptoolsVTReportObject method)39
set_user_setting() (pymispPyMISP method) 20setdefault() (pymispMISPAttribute method) 27setdefault() (pymispMISPEvent method) 25setdefault() (pymispMISPObject method) 29setdefault() (pymispMISPObjectAttribute
method) 30setdefault() (pymispMISPObjectReference
method) 31setdefault() (pymispMISPOrganisation method)
35setdefault() (pymispMISPTag method) 33setdefault() (pymispMISPUser method) 34setdefault() (pymisptoolsFileObject method) 38setdefault() (pymisptoolsVTReportObject
method) 40sharing_groups() (pymispPyMISP method) 20sightings() (pymispPyMISP method) 20
Ttag() (pymispPyMISP method) 20tags() (pymispMISPAttribute property) 27tags() (pymispMISPEvent property) 26tags() (pymispMISPObjectAttribute property) 30tags() (pymispPyMISP method) 20tags_statistics() (pymispPyMISP method) 20taxonomies() (pymispPyMISP method) 20to_dict() (pymispAbstractMISP method) 23to_dict() (pymispMISPAttribute method) 27to_dict() (pymispMISPEvent method) 26to_dict() (pymispMISPObject method) 29
to_dict() (pymispMISPObjectAttribute method) 30to_dict() (pymispMISPObjectReference method) 32to_dict() (pymispMISPOrganisation method) 35to_dict() (pymispMISPTag method) 33to_dict() (pymispMISPUser method) 34to_dict() (pymisptoolsFileObject method) 38to_dict() (pymisptoolsVTReportObject method) 40to_feed() (pymispMISPEvent method) 26to_json() (pymispAbstractMISP method) 23to_json() (pymispMISPAttribute method) 27to_json() (pymispMISPEvent method) 26to_json() (pymispMISPObject method) 29to_json() (pymispMISPObjectAttribute method) 31to_json() (pymispMISPObjectReference method) 32to_json() (pymispMISPOrganisation method) 35to_json() (pymispMISPTag method) 33to_json() (pymispMISPUser method) 34to_json() (pymisptoolsFileObject method) 38to_json() (pymisptoolsVTReportObject method) 40toggle_warninglist() (pymispPyMISP method)
20
Uunpublish() (pymispMISPEvent method) 26untag() (pymispPyMISP method) 21update() (pymispMISPAttribute method) 28update() (pymispMISPEvent method) 26update() (pymispMISPObject method) 29update() (pymispMISPObjectAttribute method) 31update() (pymispMISPObjectReference method) 32update() (pymispMISPOrganisation method) 35update() (pymispMISPTag method) 33update() (pymispMISPUser method) 34update() (pymisptoolsFileObject method) 38update() (pymisptoolsVTReportObject method) 40update_attribute() (pymispPyMISP method) 21update_attribute_proposal()
(pymispPyMISP method) 21update_event() (pymispPyMISP method) 21update_event_blacklist() (pymispPyMISP
method) 21update_feed() (pymispPyMISP method) 21update_galaxies() (pymispPyMISP method) 21update_not_jsonable() (pymispAbstractMISP
method) 23update_not_jsonable() (pymispMISPAttribute
method) 28update_not_jsonable() (pymispMISPEvent
method) 26update_not_jsonable() (pymispMISPObject
method) 29update_not_jsonable()
(pymispMISPObjectAttribute method) 31
Index 49
PyMISP Documentation Release main
update_not_jsonable()(pymispMISPObjectReference method)32
update_not_jsonable()(pymispMISPOrganisation method) 35
update_not_jsonable() (pymispMISPTagmethod) 33
update_not_jsonable() (pymispMISPUsermethod) 34
update_not_jsonable() (pymisptoolsFileObjectmethod) 38
update_not_jsonable()(pymisptoolsVTReportObject method)40
update_noticelists() (pymispPyMISP method)21
update_object() (pymispPyMISP method) 21update_object_templates() (pymispPyMISP
method) 21update_organisation() (pymispPyMISP
method) 21update_organisation_blacklist()
(pymispPyMISP method) 21update_server() (pymispPyMISP method) 22update_tag() (pymispPyMISP method) 22update_taxonomies() (pymispPyMISP method)
22update_user() (pymispPyMISP method) 22update_warninglists() (pymispPyMISP
method) 22upload_stix() (pymispPyMISP method) 22user_registrations() (pymispPyMISP method)
22user_settings() (pymispPyMISP method) 22users() (pymispPyMISP method) 22users_statistics() (pymispPyMISP method) 22
Vvalues() (pymispMISPAttribute method) 28values() (pymispMISPEvent method) 26values() (pymispMISPObject method) 29values() (pymispMISPObjectAttribute method) 31values() (pymispMISPObjectReference method) 32values() (pymispMISPOrganisation method) 35values() (pymispMISPTag method) 33values() (pymispMISPUser method) 34values() (pymisptoolsFileObject method) 38values() (pymisptoolsVTReportObject method) 40values_in_warninglist() (pymispPyMISP
method) 22version() (pymispPyMISP property) 22VTReportObject (class in pymisptools) 38
Wwarninglists() (pymispPyMISP method) 22
50 Index
- README
- pymisp
- PyMISP
- PyMISPExpanded (Python 36+ only)
- MISPAbstract
- MISPEncode
- MISPEvent
- MISPAttribute
- MISPObject
- MISPObjectAttribute
- MISPObjectReference
- MISPTag
- MISPUser
- MISPOrganisation
- pymisp - Tools
- File Object
- ELF Object
- PE Object
- Mach-O Object
- VT Report Object
- STIX
- OpenIOC
- Indices and tables
- Python Module Index
- Index
PyMISP Documentation Release main
gtgtgt mispsearch_sightings(publish_timestamp=30d) search sightings for therarr˓last 30 days on the instance[ ]gtgtgt mispsearch_sightings(context=attribute context_id=6 include_rarr˓attribute=True) return list of sighting for attribute 6 along with therarr˓attribute itself[ ]gtgtgt mispsearch_sightings(context=event context_id=17 include_event_rarr˓meta=True org=2) return list of sighting for event 17 filtered with orgrarr˓id 2
Return type Union[Dict List[Dict[str Union[MISPEvent MISPAttributeMISPSighting]]]]
server_pull(server event=None)Initialize a pull from a sync server
Return type Dict
server_push(server event=None)Initialize a push to a sync server
Return type Dict
servers(pythonify=False)Get the existing servers the MISP instance can synchronise with
Return type Union[Dict List[MISPServer]]
set_user_setting(user_setting value user=None pythonify=False)Get an user setting
Return type Union[Dict MISPUserSetting]
sharing_groups(pythonify=False)Get the existing sharing groups
Return type Union[Dict List[MISPSharingGroup]]
sightings(misp_entity=None org=None pythonify=False)Get the list of sighting related to a MISPEvent or a MISPAttribute (depending on type of misp_entity)
Return type Union[Dict List[MISPSighting]]
tag(misp_entity tag local=False)Tag an event or an attribute misp_entity can be a MISPEvent a MISP Attribute or a UUID
Return type Dict
tags(pythonify=False)Get the list of existing tags
Return type Union[Dict List[MISPTag]]
tags_statistics(percentage=False name_sort=False)Get tags statistics from the MISP instance
Return type Dict
taxonomies(pythonify=False)Get all the taxonomies
Return type Union[Dict List[MISPTaxonomy]]
20 Chapter 2 pymisp
PyMISP Documentation Release main
toggle_warninglist(warninglist_id=None warninglist_name=None force_enable=False)Toggle (enabledisable) the status of a warninglist by ID type warninglist_id Union[str intList[int] None] param warninglist_id ID of the WarningList type force_enable bool paramforce_enable Force the warning list in the enabled state (does nothing is already enabled)
Return type Dict
untag(misp_entity tag)Untag an event or an attribute misp_entity can be a UUID
Return type Dict
update_attribute(attribute attribute_id=None pythonify=False)Update an attribute on a MISP instance
Return type Union[Dict MISPAttribute MISPShadowAttribute]
update_attribute_proposal(initial_attribute attribute pythonify=False)Propose a change for an attribute
Return type Union[Dict MISPShadowAttribute]
update_event(event event_id=None pythonify=False)Update an event on a MISP instance
Return type Union[Dict MISPEvent]
update_event_blacklist(event_blacklist event_blacklist_id=None pythonify=False)Update an event in the blacklist
Return type Union[Dict MISPEventBlacklist]
update_feed(feed feed_id=None pythonify=False)Update a feed on a MISP instance
Return type Union[Dict MISPFeed]
update_galaxies()Update all the galaxies
Return type Dict
update_noticelists()Update all the noticelists
Return type Dict
update_object(misp_object object_id=None pythonify=False)Update an object on a MISP instance
Return type Union[Dict MISPObject]
update_object_templates()Trigger an update of the object templates
Return type Dict
update_organisation(organisation organisation_id=None pythonify=False)Update an organisation
Return type Union[Dict MISPOrganisation]
update_organisation_blacklist(organisation_blacklist organisation_blacklist_id=Nonepythonify=False)
Update an organisation in the blacklist
Return type Union[Dict MISPOrganisationBlacklist]
21 PyMISP 21
PyMISP Documentation Release main
update_server(server server_id=None pythonify=False)Update a server to synchronise with
Return type Union[Dict MISPServer]
update_tag(tag tag_id=None pythonify=False)Edit only the provided parameters of a tag
Return type Union[Dict MISPTag]
update_taxonomies()Update all the taxonomies
Return type Dict
update_user(user user_id=None pythonify=False)Update an event on a MISP instance
Return type Union[Dict MISPUser]
update_warninglists()Update all the warninglists
Return type Dict
upload_stix(path version=2)Upload a STIX file to MISP param path Path to the STIX on the disk (can be a path-like object or apseudofile) type version str param version Can be 1 or 2
user_registrations(pythonify=False)Get all the user registrations
Return type Union[Dict List[MISPInbox]]
user_settings(pythonify=False)Get all the user settings
Return type Union[Dict List[MISPUserSetting]]
users(pythonify=False)Get all the users
Return type Union[Dict List[MISPUser]]
users_statistics(context=data)Get users statistics from the MISP instance
Return type Dict
values_in_warninglist(value)Check if IOC values are in warninglist
Return type Dict
property versionReturns the version of PyMISP yoursquore curently using
Return type Dict
warninglists(pythonify=False)Get all the warninglists
Return type Union[Dict List[MISPWarninglist]]
22 Chapter 2 pymisp
PyMISP Documentation Release main
22 PyMISPExpanded (Python 36+ only)
pymispExpandedPyMISPalias of pymispapiPyMISP
23 MISPAbstract
class pymispAbstractMISP(kwargs)
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
Return type None
from_json(json_string)Load a JSON string
Return type None
jsonable()This method is used by the JSON encoder
Return type Dict
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
22 PyMISPExpanded (Python 36+ only) 23
PyMISP Documentation Release main
24 MISPEncode
class pymispMISPEncode(args kwargs)
default(obj)Implement this method in a subclass such that it returns a serializable object for o or calls the baseimplementation (to raise a TypeError)
For example to support arbitrary iterators you could implement default like this
def default(self o)try
iterable = iter(o)except TypeError
passelse
return list(iterable) Let the base class default method raise the TypeErrorreturn JSONEncoderdefault(self o)
25 MISPEvent
class pymispMISPEvent(describe_types=None strict_validation=False kwargs)
add_attribute(type value kwargs)Add an attribute type and value are required but you can pass all other parameters supported by MISPAt-tribute
Return type Union[MISPAttribute List[MISPAttribute]]
add_attribute_tag(tag attribute_identifier)Add a tag to an existing attribute raise an Exception if the attribute doesnrsquot exists tag Tag name as astring MISPTag instance or dictionary attribute_identifier can be an ID UUID or the value
Return type List[MISPAttribute]
add_object(obj=None kwargs)Add an object to the Event either by passing a MISPObject or a dictionary
Return type MISPObject
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a tag to the attribute (by name or a MISPTag object)
Return type MISPShadowAttribute
clear()rarr None Remove all items from D
delete_attribute(attribute_id)Delete an attribute you can search by ID or UUID
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
24 Chapter 2 pymisp
PyMISP Documentation Release main
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attribute_tag(attribute_identifier)Return the tags associated to an attribute or an object attribute attribute_identifier can be an ID UUIDor the value
Return type List[MISPTag]
get_object_by_id(object_id)Get an object by ID (the ID is the one set by the server when creating the new object)
Return type MISPObject
get_object_by_uuid(object_uuid)Get an object by UUID (UUID is set by the server when creating the new object)
Return type MISPObject
get_objects_by_name(object_name)Get an object by UUID (UUID is set by the server when creating the new object)
Return type List[MISPObject]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
load(json_event validate=False metadata_only=False)Load a JSON dump from a pseudo file or a JSON string
load_file(event_path validate=False metadata_only=False)Load a JSON dump from a file on the disk
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
publish()Mark the attribute as published
set_date(d=None ignore_invalid=False)Set a date for the event (string datetime or date object)
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
25 MISPEvent 25
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Event
Return type List[MISPTag]
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_feed(valid_distributions=[0 1 2 3 4 5] with_meta=False)Generate a json output for MISP Feed Notes
bull valid_distributions only makes sense if the distribution key is set (ie the event is exported from aMISP instance)
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
unpublish()Mark the attribute as un-published (set publish flag to false)
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
26 MISPAttribute
class pymispMISPAttribute(describe_types=None strict=False)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
26 Chapter 2 pymisp
PyMISP Documentation Release main
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
26 MISPAttribute 27
PyMISP Documentation Release main
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
27 MISPObject
class pymispMISPObject(name strict=False standalone=True default_attributes_parameters=kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
28 Chapter 2 pymisp
PyMISP Documentation Release main
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
28 MISPObjectAttribute
class pymispMISPObjectAttribute(definition)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
28 MISPObjectAttribute 29
PyMISP Documentation Release main
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(object_relation value kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
30 Chapter 2 pymisp
PyMISP Documentation Release main
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
29 MISPObjectReference
class pymispMISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
29 MISPObjectReference 31
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
210 MISPTag
class pymispMISPTag(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
32 Chapter 2 pymisp
PyMISP Documentation Release main
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
211 MISPUser
class pymispMISPUser(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
211 MISPUser 33
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation
class pymispMISPOrganisation
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
34 Chapter 2 pymisp
PyMISP Documentation Release main
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation 35
PyMISP Documentation Release main
36 Chapter 2 pymisp
CHAPTER
THREE
PYMISP - TOOLS
31 File Object
class pymisptoolsFileObject(filepath=None pseudofile=None filename=None kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Contains the logic where all the values of the object are gathered
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
37
PyMISP Documentation Release main
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
32 ELF Object
33 PE Object
34 Mach-O Object
35 VT Report Object
class pymisptoolsVTReportObject(apikey indicator vt_proxies=None kwargs)VirusTotal Report
Apikey VirusTotal API key (private works but only public features are supported right now)
38 Chapter 3 pymisp - Tools
PyMISP Documentation Release main
Indicator IOC to search VirusTotal for
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Parse the VirusTotal report for relevant attributes
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
35 VT Report Object 39
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
36 STIX
pymisptoolsstixload_stix(stix distribution=3 threat_level_id=2 analysis=0)Returns a MISPEvent object from a STIX package
pymisptoolsstixmake_stix_package(misp_event to_json=False to_xml=False)Returns a STIXPackage from a MISPEvent
Optionally can return the package in json or xml
37 OpenIOC
toolsload_openioc()
toolsload_openioc_file()
40 Chapter 3 pymisp - Tools
CHAPTER
FOUR
INDICES AND TABLES
bull genindex
bull modindex
bull search
41
PyMISP Documentation Release main
42 Chapter 4 Indices and tables
PYTHON MODULE INDEX
ppymisp 7pymisptools 37pymisptoolsstix 40
43
PyMISP Documentation Release main
44 Python Module Index
INDEX
AAbstractMISP (class in pymisp) 23accept_attribute_proposal()
(pymispPyMISP method) 7add_attribute() (pymispMISPEvent method) 24add_attribute() (pymispMISPObject method) 28add_attribute() (pymispPyMISP method) 7add_attribute() (pymisptoolsFileObject method)
37add_attribute() (pymisptoolsVTReportObject
method) 39add_attribute_proposal() (pymispPyMISP
method) 7add_attribute_tag() (pymispMISPEvent
method) 24add_attributes() (pymispMISPObject method)
28add_attributes() (pymisptoolsFileObject
method) 37add_attributes() (pymisptoolsVTReportObject
method) 39add_event() (pymispPyMISP method) 7add_event_blacklist() (pymispPyMISP
method) 8add_feed() (pymispPyMISP method) 8add_object() (pymispMISPEvent method) 24add_object() (pymispPyMISP method) 8add_object_reference() (pymispPyMISP
method) 8add_org_to_sharing_group() (pymispPyMISP
method) 8add_organisation() (pymispPyMISP method) 8add_organisation_blacklist()
(pymispPyMISP method) 8add_proposal() (pymispMISPAttribute method) 26add_proposal() (pymispMISPEvent method) 24add_proposal() (pymispMISPObjectAttribute
method) 29add_reference() (pymispMISPObject method) 28add_reference() (pymisptoolsFileObject method)
37add_reference() (pymisptoolsVTReportObject
method) 39add_server() (pymispPyMISP method) 8add_server_to_sharing_group()
(pymispPyMISP method) 8add_shadow_attribute() (pymispMISPAttribute
method) 26add_shadow_attribute() (pymispMISPEvent
method) 24add_shadow_attribute()
(pymispMISPObjectAttribute method) 29add_sharing_group() (pymispPyMISP method) 8add_sighting() (pymispMISPAttribute method) 26add_sighting() (pymispMISPObjectAttribute
method) 29add_sighting() (pymispPyMISP method) 8add_tag() (pymispPyMISP method) 8add_user() (pymispPyMISP method) 9attributes_statistics() (pymispPyMISP
method) 9
Bbuild_complex_query() (pymispPyMISP
method) 9
Ccache_all_feeds() (pymispPyMISP method) 9cache_feed() (pymispPyMISP method) 9cache_freetext_feeds() (pymispPyMISP
method) 9cache_misp_feeds() (pymispPyMISP method) 9change_sharing_group_on_entity()
(pymispPyMISP method) 9change_user_password() (pymispPyMISP
method) 9clear() (pymispMISPAttribute method) 26clear() (pymispMISPEvent method) 24clear() (pymispMISPObject method) 28clear() (pymispMISPObjectAttribute method) 29clear() (pymispMISPObjectReference method) 31clear() (pymispMISPOrganisation method) 34clear() (pymispMISPTag method) 32clear() (pymispMISPUser method) 33
45
PyMISP Documentation Release main
clear() (pymisptoolsFileObject method) 37clear() (pymisptoolsVTReportObject method) 39communities() (pymispPyMISP method) 9compare_feeds() (pymispPyMISP method) 9contact_event_reporter() (pymispPyMISP
method) 9
Ddefault() (pymispMISPEncode method) 24delegate_event() (pymispPyMISP method) 10delete() (pymispMISPAttribute method) 26delete() (pymispMISPObjectAttribute method) 30delete_attribute() (pymispMISPEvent method)
24delete_attribute() (pymispPyMISP method) 10delete_attribute_proposal()
(pymispPyMISP method) 10delete_event() (pymispPyMISP method) 10delete_event_blacklist() (pymispPyMISP
method) 10delete_feed() (pymispPyMISP method) 10delete_object() (pymispPyMISP method) 10delete_object_reference() (pymispPyMISP
method) 10delete_organisation() (pymispPyMISP
method) 10delete_organisation_blacklist()
(pymispPyMISP method) 10delete_server() (pymispPyMISP method) 10delete_sharing_group() (pymispPyMISP
method) 10delete_sighting() (pymispPyMISP method) 10delete_tag() (pymispPyMISP method) 11delete_user() (pymispPyMISP method) 11delete_user_setting() (pymispPyMISP
method) 11describe_types_local() (pymispPyMISP prop-
erty) 11describe_types_remote() (pymispPyMISP
property) 11direct_call() (pymispPyMISP method) 11disable_feed() (pymispPyMISP method) 11disable_feed_cache() (pymispPyMISP method)
11disable_noticelist() (pymispPyMISP method)
11disable_tag() (pymispPyMISP method) 11disable_taxonomy() (pymispPyMISP method) 11disable_taxonomy_tags() (pymispPyMISP
method) 11disable_warninglist() (pymispPyMISP
method) 11discard_attribute_proposal()
(pymispPyMISP method) 12
Eedited() (pymispAbstractMISP property) 23edited() (pymispMISPAttribute property) 26edited() (pymispMISPEvent property) 24edited() (pymispMISPObject property) 28edited() (pymispMISPObjectAttribute property) 30edited() (pymispMISPObjectReference property) 31edited() (pymispMISPOrganisation property) 34edited() (pymispMISPTag property) 32edited() (pymispMISPUser property) 33edited() (pymisptoolsFileObject property) 37edited() (pymisptoolsVTReportObject property) 39enable_feed() (pymispPyMISP method) 12enable_feed_cache() (pymispPyMISP method)
12enable_noticelist() (pymispPyMISP method)
12enable_tag() (pymispPyMISP method) 12enable_taxonomy() (pymispPyMISP method) 12enable_taxonomy_tags() (pymispPyMISP
method) 12enable_warninglist() (pymispPyMISP method)
12event_blacklists() (pymispPyMISP method) 12event_delegations() (pymispPyMISP method)
12ExpandedPyMISP (in module pymisp) 23
Ffeeds() (pymispPyMISP method) 12fetch_feed() (pymispPyMISP method) 12FileObject (class in pymisptools) 37freetext() (pymispPyMISP method) 12from_dict() (pymispAbstractMISP method) 23from_dict() (pymispMISPAttribute method) 27from_dict() (pymispMISPEvent method) 25from_dict() (pymispMISPObject method) 28from_dict() (pymispMISPObjectAttribute method)
30from_dict() (pymispMISPObjectReference method)
31from_dict() (pymispMISPOrganisation method) 34from_dict() (pymispMISPTag method) 32from_dict() (pymispMISPUser method) 33from_dict() (pymisptoolsFileObject method) 37from_dict() (pymisptoolsVTReportObject method)
39from_json() (pymispAbstractMISP method) 23from_json() (pymispMISPAttribute method) 27from_json() (pymispMISPEvent method) 25from_json() (pymispMISPObject method) 28from_json() (pymispMISPObjectAttribute method)
30
46 Index
PyMISP Documentation Release main
from_json() (pymispMISPObjectReference method)31
from_json() (pymispMISPOrganisation method) 34from_json() (pymispMISPTag method) 32from_json() (pymispMISPUser method) 33from_json() (pymisptoolsFileObject method) 37from_json() (pymisptoolsVTReportObject method)
39
Ggalaxies() (pymispPyMISP method) 12generate_attributes() (pymisptoolsFileObject
method) 37generate_attributes()
(pymisptoolsVTReportObject method)39
get() (pymispMISPAttribute method) 27get() (pymispMISPEvent method) 25get() (pymispMISPObject method) 28get() (pymispMISPObjectAttribute method) 30get() (pymispMISPObjectReference method) 31get() (pymispMISPOrganisation method) 34get() (pymispMISPTag method) 32get() (pymispMISPUser method) 33get() (pymisptoolsFileObject method) 37get() (pymisptoolsVTReportObject method) 39get_all_functions() (pymispPyMISP method)
13get_attribute() (pymispPyMISP method) 13get_attribute_tag() (pymispMISPEvent
method) 25get_attributes_by_relation()
(pymispMISPObject method) 28get_attributes_by_relation()
(pymisptoolsFileObject method) 37get_attributes_by_relation()
(pymisptoolsVTReportObject method)39
get_community() (pymispPyMISP method) 13get_event() (pymispPyMISP method) 13get_feed() (pymispPyMISP method) 13get_galaxy() (pymispPyMISP method) 13get_noticelist() (pymispPyMISP method) 13get_object() (pymispPyMISP method) 13get_object_by_id() (pymispMISPEvent method)
25get_object_by_uuid() (pymispMISPEvent
method) 25get_object_template() (pymispPyMISP
method) 13get_objects_by_name() (pymispMISPEvent
method) 25get_organisation() (pymispPyMISP method) 13get_sync_config() (pymispPyMISP method) 13
get_tag() (pymispPyMISP method) 13get_taxonomy() (pymispPyMISP method) 13get_user() (pymispPyMISP method) 13get_user_setting() (pymispPyMISP method) 14get_warninglist() (pymispPyMISP method) 14
Hhas_attributes_by_relation()
(pymispMISPObject method) 28has_attributes_by_relation()
(pymisptoolsFileObject method) 37has_attributes_by_relation()
(pymisptoolsVTReportObject method)39
hash_values() (pymispMISPAttribute method) 27hash_values() (pymispMISPObjectAttribute
method) 30
Iimport_server() (pymispPyMISP method) 14items() (pymispMISPAttribute method) 27items() (pymispMISPEvent method) 25items() (pymispMISPObject method) 29items() (pymispMISPObjectAttribute method) 30items() (pymispMISPObjectReference method) 31items() (pymispMISPOrganisation method) 34items() (pymispMISPTag method) 32items() (pymispMISPUser method) 33items() (pymisptoolsFileObject method) 38items() (pymisptoolsVTReportObject method) 39
Jjsonable() (pymispAbstractMISP method) 23jsonable() (pymispMISPAttribute method) 27jsonable() (pymispMISPEvent method) 25jsonable() (pymispMISPObject method) 29jsonable() (pymispMISPObjectAttribute method)
30jsonable() (pymispMISPObjectReference method)
31jsonable() (pymispMISPOrganisation method) 34jsonable() (pymispMISPTag method) 32jsonable() (pymispMISPUser method) 33jsonable() (pymisptoolsFileObject method) 38jsonable() (pymisptoolsVTReportObject method)
39
Kkeys() (pymispMISPAttribute method) 27keys() (pymispMISPEvent method) 25keys() (pymispMISPObject method) 29keys() (pymispMISPObjectAttribute method) 30keys() (pymispMISPObjectReference method) 31keys() (pymispMISPOrganisation method) 34
Index 47
PyMISP Documentation Release main
keys() (pymispMISPTag method) 32keys() (pymispMISPUser method) 33keys() (pymisptoolsFileObject method) 38keys() (pymisptoolsVTReportObject method) 39known_types() (pymispMISPAttribute property) 27known_types() (pymispMISPObjectAttribute prop-
erty) 30
Lload() (pymispMISPEvent method) 25load_default_feeds() (pymispPyMISP method)
14load_file() (pymispMISPEvent method) 25load_openioc() (pymisptools method) 40load_openioc_file() (pymisptools method) 40load_stix() (in module pymisptoolsstix) 40
Mmake_stix_package() (in module
pymisptoolsstix) 40malware_binary() (pymispMISPAttribute prop-
erty) 27malware_binary() (pymispMISPObjectAttribute
property) 30misp_instance_version() (pymispPyMISP
property) 14misp_instance_version_master()
(pymispPyMISP property) 14MISPAttribute (class in pymisp) 26MISPEncode (class in pymisp) 24MISPEvent (class in pymisp) 24MISPObject (class in pymisp) 28MISPObjectAttribute (class in pymisp) 29MISPObjectReference (class in pymisp) 31MISPOrganisation (class in pymisp) 34MISPTag (class in pymisp) 32MISPUser (class in pymisp) 33module
pymisp 7pymisptools 37pymisptoolsstix 40
Nnoticelists() (pymispPyMISP method) 14
Oobject_templates() (pymispPyMISP method) 14organisation_blacklists() (pymispPyMISP
method) 14organisations() (pymispPyMISP method) 14
Ppop() (pymispMISPAttribute method) 27
pop() (pymispMISPEvent method) 25pop() (pymispMISPObject method) 29pop() (pymispMISPObjectAttribute method) 30pop() (pymispMISPObjectReference method) 31pop() (pymispMISPOrganisation method) 34pop() (pymispMISPTag method) 32pop() (pymispMISPUser method) 33pop() (pymisptoolsFileObject method) 38pop() (pymisptoolsVTReportObject method) 39popitem() (pymispMISPAttribute method) 27popitem() (pymispMISPEvent method) 25popitem() (pymispMISPObject method) 29popitem() (pymispMISPObjectAttribute method) 30popitem() (pymispMISPObjectReference method) 31popitem() (pymispMISPOrganisation method) 34popitem() (pymispMISPTag method) 32popitem() (pymispMISPUser method) 33popitem() (pymisptoolsFileObject method) 38popitem() (pymisptoolsVTReportObject method) 39publish() (pymispMISPEvent method) 25publish() (pymispPyMISP method) 14push_event_to_ZMQ() (pymispPyMISP method)
14pymisp
module 7PyMISP (class in pymisp) 7pymisptools
module 37pymisptoolsstix
module 40pymisp_version_main() (pymispPyMISP prop-
erty) 15
Rrecommended_pymisp_version()
(pymispPyMISP property) 15remote_acl() (pymispPyMISP method) 15remove_org_from_sharing_group()
(pymispPyMISP method) 15remove_server_from_sharing_group()
(pymispPyMISP method) 15roles() (pymispPyMISP method) 15
Ssearch() (pymispPyMISP method) 15search_feeds() (pymispPyMISP method) 17search_index() (pymispPyMISP method) 18search_logs() (pymispPyMISP method) 18search_sightings() (pymispPyMISP method) 19server_pull() (pymispPyMISP method) 20server_push() (pymispPyMISP method) 20servers() (pymispPyMISP method) 20set_date() (pymispMISPEvent method) 25
48 Index
PyMISP Documentation Release main
set_not_jsonable() (pymispAbstractMISPmethod) 23
set_not_jsonable() (pymispMISPAttributemethod) 27
set_not_jsonable() (pymispMISPEvent method)25
set_not_jsonable() (pymispMISPObjectmethod) 29
set_not_jsonable() (pymispMISPObjectAttributemethod) 30
set_not_jsonable()(pymispMISPObjectReference method)31
set_not_jsonable() (pymispMISPOrganisationmethod) 35
set_not_jsonable() (pymispMISPTag method)32
set_not_jsonable() (pymispMISPUser method)33
set_not_jsonable() (pymisptoolsFileObjectmethod) 38
set_not_jsonable()(pymisptoolsVTReportObject method)39
set_user_setting() (pymispPyMISP method) 20setdefault() (pymispMISPAttribute method) 27setdefault() (pymispMISPEvent method) 25setdefault() (pymispMISPObject method) 29setdefault() (pymispMISPObjectAttribute
method) 30setdefault() (pymispMISPObjectReference
method) 31setdefault() (pymispMISPOrganisation method)
35setdefault() (pymispMISPTag method) 33setdefault() (pymispMISPUser method) 34setdefault() (pymisptoolsFileObject method) 38setdefault() (pymisptoolsVTReportObject
method) 40sharing_groups() (pymispPyMISP method) 20sightings() (pymispPyMISP method) 20
Ttag() (pymispPyMISP method) 20tags() (pymispMISPAttribute property) 27tags() (pymispMISPEvent property) 26tags() (pymispMISPObjectAttribute property) 30tags() (pymispPyMISP method) 20tags_statistics() (pymispPyMISP method) 20taxonomies() (pymispPyMISP method) 20to_dict() (pymispAbstractMISP method) 23to_dict() (pymispMISPAttribute method) 27to_dict() (pymispMISPEvent method) 26to_dict() (pymispMISPObject method) 29
to_dict() (pymispMISPObjectAttribute method) 30to_dict() (pymispMISPObjectReference method) 32to_dict() (pymispMISPOrganisation method) 35to_dict() (pymispMISPTag method) 33to_dict() (pymispMISPUser method) 34to_dict() (pymisptoolsFileObject method) 38to_dict() (pymisptoolsVTReportObject method) 40to_feed() (pymispMISPEvent method) 26to_json() (pymispAbstractMISP method) 23to_json() (pymispMISPAttribute method) 27to_json() (pymispMISPEvent method) 26to_json() (pymispMISPObject method) 29to_json() (pymispMISPObjectAttribute method) 31to_json() (pymispMISPObjectReference method) 32to_json() (pymispMISPOrganisation method) 35to_json() (pymispMISPTag method) 33to_json() (pymispMISPUser method) 34to_json() (pymisptoolsFileObject method) 38to_json() (pymisptoolsVTReportObject method) 40toggle_warninglist() (pymispPyMISP method)
20
Uunpublish() (pymispMISPEvent method) 26untag() (pymispPyMISP method) 21update() (pymispMISPAttribute method) 28update() (pymispMISPEvent method) 26update() (pymispMISPObject method) 29update() (pymispMISPObjectAttribute method) 31update() (pymispMISPObjectReference method) 32update() (pymispMISPOrganisation method) 35update() (pymispMISPTag method) 33update() (pymispMISPUser method) 34update() (pymisptoolsFileObject method) 38update() (pymisptoolsVTReportObject method) 40update_attribute() (pymispPyMISP method) 21update_attribute_proposal()
(pymispPyMISP method) 21update_event() (pymispPyMISP method) 21update_event_blacklist() (pymispPyMISP
method) 21update_feed() (pymispPyMISP method) 21update_galaxies() (pymispPyMISP method) 21update_not_jsonable() (pymispAbstractMISP
method) 23update_not_jsonable() (pymispMISPAttribute
method) 28update_not_jsonable() (pymispMISPEvent
method) 26update_not_jsonable() (pymispMISPObject
method) 29update_not_jsonable()
(pymispMISPObjectAttribute method) 31
Index 49
PyMISP Documentation Release main
update_not_jsonable()(pymispMISPObjectReference method)32
update_not_jsonable()(pymispMISPOrganisation method) 35
update_not_jsonable() (pymispMISPTagmethod) 33
update_not_jsonable() (pymispMISPUsermethod) 34
update_not_jsonable() (pymisptoolsFileObjectmethod) 38
update_not_jsonable()(pymisptoolsVTReportObject method)40
update_noticelists() (pymispPyMISP method)21
update_object() (pymispPyMISP method) 21update_object_templates() (pymispPyMISP
method) 21update_organisation() (pymispPyMISP
method) 21update_organisation_blacklist()
(pymispPyMISP method) 21update_server() (pymispPyMISP method) 22update_tag() (pymispPyMISP method) 22update_taxonomies() (pymispPyMISP method)
22update_user() (pymispPyMISP method) 22update_warninglists() (pymispPyMISP
method) 22upload_stix() (pymispPyMISP method) 22user_registrations() (pymispPyMISP method)
22user_settings() (pymispPyMISP method) 22users() (pymispPyMISP method) 22users_statistics() (pymispPyMISP method) 22
Vvalues() (pymispMISPAttribute method) 28values() (pymispMISPEvent method) 26values() (pymispMISPObject method) 29values() (pymispMISPObjectAttribute method) 31values() (pymispMISPObjectReference method) 32values() (pymispMISPOrganisation method) 35values() (pymispMISPTag method) 33values() (pymispMISPUser method) 34values() (pymisptoolsFileObject method) 38values() (pymisptoolsVTReportObject method) 40values_in_warninglist() (pymispPyMISP
method) 22version() (pymispPyMISP property) 22VTReportObject (class in pymisptools) 38
Wwarninglists() (pymispPyMISP method) 22
50 Index
- README
- pymisp
- PyMISP
- PyMISPExpanded (Python 36+ only)
- MISPAbstract
- MISPEncode
- MISPEvent
- MISPAttribute
- MISPObject
- MISPObjectAttribute
- MISPObjectReference
- MISPTag
- MISPUser
- MISPOrganisation
- pymisp - Tools
- File Object
- ELF Object
- PE Object
- Mach-O Object
- VT Report Object
- STIX
- OpenIOC
- Indices and tables
- Python Module Index
- Index
PyMISP Documentation Release main
toggle_warninglist(warninglist_id=None warninglist_name=None force_enable=False)Toggle (enabledisable) the status of a warninglist by ID type warninglist_id Union[str intList[int] None] param warninglist_id ID of the WarningList type force_enable bool paramforce_enable Force the warning list in the enabled state (does nothing is already enabled)
Return type Dict
untag(misp_entity tag)Untag an event or an attribute misp_entity can be a UUID
Return type Dict
update_attribute(attribute attribute_id=None pythonify=False)Update an attribute on a MISP instance
Return type Union[Dict MISPAttribute MISPShadowAttribute]
update_attribute_proposal(initial_attribute attribute pythonify=False)Propose a change for an attribute
Return type Union[Dict MISPShadowAttribute]
update_event(event event_id=None pythonify=False)Update an event on a MISP instance
Return type Union[Dict MISPEvent]
update_event_blacklist(event_blacklist event_blacklist_id=None pythonify=False)Update an event in the blacklist
Return type Union[Dict MISPEventBlacklist]
update_feed(feed feed_id=None pythonify=False)Update a feed on a MISP instance
Return type Union[Dict MISPFeed]
update_galaxies()Update all the galaxies
Return type Dict
update_noticelists()Update all the noticelists
Return type Dict
update_object(misp_object object_id=None pythonify=False)Update an object on a MISP instance
Return type Union[Dict MISPObject]
update_object_templates()Trigger an update of the object templates
Return type Dict
update_organisation(organisation organisation_id=None pythonify=False)Update an organisation
Return type Union[Dict MISPOrganisation]
update_organisation_blacklist(organisation_blacklist organisation_blacklist_id=Nonepythonify=False)
Update an organisation in the blacklist
Return type Union[Dict MISPOrganisationBlacklist]
21 PyMISP 21
PyMISP Documentation Release main
update_server(server server_id=None pythonify=False)Update a server to synchronise with
Return type Union[Dict MISPServer]
update_tag(tag tag_id=None pythonify=False)Edit only the provided parameters of a tag
Return type Union[Dict MISPTag]
update_taxonomies()Update all the taxonomies
Return type Dict
update_user(user user_id=None pythonify=False)Update an event on a MISP instance
Return type Union[Dict MISPUser]
update_warninglists()Update all the warninglists
Return type Dict
upload_stix(path version=2)Upload a STIX file to MISP param path Path to the STIX on the disk (can be a path-like object or apseudofile) type version str param version Can be 1 or 2
user_registrations(pythonify=False)Get all the user registrations
Return type Union[Dict List[MISPInbox]]
user_settings(pythonify=False)Get all the user settings
Return type Union[Dict List[MISPUserSetting]]
users(pythonify=False)Get all the users
Return type Union[Dict List[MISPUser]]
users_statistics(context=data)Get users statistics from the MISP instance
Return type Dict
values_in_warninglist(value)Check if IOC values are in warninglist
Return type Dict
property versionReturns the version of PyMISP yoursquore curently using
Return type Dict
warninglists(pythonify=False)Get all the warninglists
Return type Union[Dict List[MISPWarninglist]]
22 Chapter 2 pymisp
PyMISP Documentation Release main
22 PyMISPExpanded (Python 36+ only)
pymispExpandedPyMISPalias of pymispapiPyMISP
23 MISPAbstract
class pymispAbstractMISP(kwargs)
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
Return type None
from_json(json_string)Load a JSON string
Return type None
jsonable()This method is used by the JSON encoder
Return type Dict
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
22 PyMISPExpanded (Python 36+ only) 23
PyMISP Documentation Release main
24 MISPEncode
class pymispMISPEncode(args kwargs)
default(obj)Implement this method in a subclass such that it returns a serializable object for o or calls the baseimplementation (to raise a TypeError)
For example to support arbitrary iterators you could implement default like this
def default(self o)try
iterable = iter(o)except TypeError
passelse
return list(iterable) Let the base class default method raise the TypeErrorreturn JSONEncoderdefault(self o)
25 MISPEvent
class pymispMISPEvent(describe_types=None strict_validation=False kwargs)
add_attribute(type value kwargs)Add an attribute type and value are required but you can pass all other parameters supported by MISPAt-tribute
Return type Union[MISPAttribute List[MISPAttribute]]
add_attribute_tag(tag attribute_identifier)Add a tag to an existing attribute raise an Exception if the attribute doesnrsquot exists tag Tag name as astring MISPTag instance or dictionary attribute_identifier can be an ID UUID or the value
Return type List[MISPAttribute]
add_object(obj=None kwargs)Add an object to the Event either by passing a MISPObject or a dictionary
Return type MISPObject
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a tag to the attribute (by name or a MISPTag object)
Return type MISPShadowAttribute
clear()rarr None Remove all items from D
delete_attribute(attribute_id)Delete an attribute you can search by ID or UUID
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
24 Chapter 2 pymisp
PyMISP Documentation Release main
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attribute_tag(attribute_identifier)Return the tags associated to an attribute or an object attribute attribute_identifier can be an ID UUIDor the value
Return type List[MISPTag]
get_object_by_id(object_id)Get an object by ID (the ID is the one set by the server when creating the new object)
Return type MISPObject
get_object_by_uuid(object_uuid)Get an object by UUID (UUID is set by the server when creating the new object)
Return type MISPObject
get_objects_by_name(object_name)Get an object by UUID (UUID is set by the server when creating the new object)
Return type List[MISPObject]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
load(json_event validate=False metadata_only=False)Load a JSON dump from a pseudo file or a JSON string
load_file(event_path validate=False metadata_only=False)Load a JSON dump from a file on the disk
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
publish()Mark the attribute as published
set_date(d=None ignore_invalid=False)Set a date for the event (string datetime or date object)
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
25 MISPEvent 25
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Event
Return type List[MISPTag]
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_feed(valid_distributions=[0 1 2 3 4 5] with_meta=False)Generate a json output for MISP Feed Notes
bull valid_distributions only makes sense if the distribution key is set (ie the event is exported from aMISP instance)
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
unpublish()Mark the attribute as un-published (set publish flag to false)
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
26 MISPAttribute
class pymispMISPAttribute(describe_types=None strict=False)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
26 Chapter 2 pymisp
PyMISP Documentation Release main
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
26 MISPAttribute 27
PyMISP Documentation Release main
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
27 MISPObject
class pymispMISPObject(name strict=False standalone=True default_attributes_parameters=kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
28 Chapter 2 pymisp
PyMISP Documentation Release main
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
28 MISPObjectAttribute
class pymispMISPObjectAttribute(definition)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
28 MISPObjectAttribute 29
PyMISP Documentation Release main
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(object_relation value kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
30 Chapter 2 pymisp
PyMISP Documentation Release main
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
29 MISPObjectReference
class pymispMISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
29 MISPObjectReference 31
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
210 MISPTag
class pymispMISPTag(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
32 Chapter 2 pymisp
PyMISP Documentation Release main
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
211 MISPUser
class pymispMISPUser(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
211 MISPUser 33
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation
class pymispMISPOrganisation
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
34 Chapter 2 pymisp
PyMISP Documentation Release main
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation 35
PyMISP Documentation Release main
36 Chapter 2 pymisp
CHAPTER
THREE
PYMISP - TOOLS
31 File Object
class pymisptoolsFileObject(filepath=None pseudofile=None filename=None kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Contains the logic where all the values of the object are gathered
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
37
PyMISP Documentation Release main
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
32 ELF Object
33 PE Object
34 Mach-O Object
35 VT Report Object
class pymisptoolsVTReportObject(apikey indicator vt_proxies=None kwargs)VirusTotal Report
Apikey VirusTotal API key (private works but only public features are supported right now)
38 Chapter 3 pymisp - Tools
PyMISP Documentation Release main
Indicator IOC to search VirusTotal for
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Parse the VirusTotal report for relevant attributes
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
35 VT Report Object 39
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
36 STIX
pymisptoolsstixload_stix(stix distribution=3 threat_level_id=2 analysis=0)Returns a MISPEvent object from a STIX package
pymisptoolsstixmake_stix_package(misp_event to_json=False to_xml=False)Returns a STIXPackage from a MISPEvent
Optionally can return the package in json or xml
37 OpenIOC
toolsload_openioc()
toolsload_openioc_file()
40 Chapter 3 pymisp - Tools
CHAPTER
FOUR
INDICES AND TABLES
bull genindex
bull modindex
bull search
41
PyMISP Documentation Release main
42 Chapter 4 Indices and tables
PYTHON MODULE INDEX
ppymisp 7pymisptools 37pymisptoolsstix 40
43
PyMISP Documentation Release main
44 Python Module Index
INDEX
AAbstractMISP (class in pymisp) 23accept_attribute_proposal()
(pymispPyMISP method) 7add_attribute() (pymispMISPEvent method) 24add_attribute() (pymispMISPObject method) 28add_attribute() (pymispPyMISP method) 7add_attribute() (pymisptoolsFileObject method)
37add_attribute() (pymisptoolsVTReportObject
method) 39add_attribute_proposal() (pymispPyMISP
method) 7add_attribute_tag() (pymispMISPEvent
method) 24add_attributes() (pymispMISPObject method)
28add_attributes() (pymisptoolsFileObject
method) 37add_attributes() (pymisptoolsVTReportObject
method) 39add_event() (pymispPyMISP method) 7add_event_blacklist() (pymispPyMISP
method) 8add_feed() (pymispPyMISP method) 8add_object() (pymispMISPEvent method) 24add_object() (pymispPyMISP method) 8add_object_reference() (pymispPyMISP
method) 8add_org_to_sharing_group() (pymispPyMISP
method) 8add_organisation() (pymispPyMISP method) 8add_organisation_blacklist()
(pymispPyMISP method) 8add_proposal() (pymispMISPAttribute method) 26add_proposal() (pymispMISPEvent method) 24add_proposal() (pymispMISPObjectAttribute
method) 29add_reference() (pymispMISPObject method) 28add_reference() (pymisptoolsFileObject method)
37add_reference() (pymisptoolsVTReportObject
method) 39add_server() (pymispPyMISP method) 8add_server_to_sharing_group()
(pymispPyMISP method) 8add_shadow_attribute() (pymispMISPAttribute
method) 26add_shadow_attribute() (pymispMISPEvent
method) 24add_shadow_attribute()
(pymispMISPObjectAttribute method) 29add_sharing_group() (pymispPyMISP method) 8add_sighting() (pymispMISPAttribute method) 26add_sighting() (pymispMISPObjectAttribute
method) 29add_sighting() (pymispPyMISP method) 8add_tag() (pymispPyMISP method) 8add_user() (pymispPyMISP method) 9attributes_statistics() (pymispPyMISP
method) 9
Bbuild_complex_query() (pymispPyMISP
method) 9
Ccache_all_feeds() (pymispPyMISP method) 9cache_feed() (pymispPyMISP method) 9cache_freetext_feeds() (pymispPyMISP
method) 9cache_misp_feeds() (pymispPyMISP method) 9change_sharing_group_on_entity()
(pymispPyMISP method) 9change_user_password() (pymispPyMISP
method) 9clear() (pymispMISPAttribute method) 26clear() (pymispMISPEvent method) 24clear() (pymispMISPObject method) 28clear() (pymispMISPObjectAttribute method) 29clear() (pymispMISPObjectReference method) 31clear() (pymispMISPOrganisation method) 34clear() (pymispMISPTag method) 32clear() (pymispMISPUser method) 33
45
PyMISP Documentation Release main
clear() (pymisptoolsFileObject method) 37clear() (pymisptoolsVTReportObject method) 39communities() (pymispPyMISP method) 9compare_feeds() (pymispPyMISP method) 9contact_event_reporter() (pymispPyMISP
method) 9
Ddefault() (pymispMISPEncode method) 24delegate_event() (pymispPyMISP method) 10delete() (pymispMISPAttribute method) 26delete() (pymispMISPObjectAttribute method) 30delete_attribute() (pymispMISPEvent method)
24delete_attribute() (pymispPyMISP method) 10delete_attribute_proposal()
(pymispPyMISP method) 10delete_event() (pymispPyMISP method) 10delete_event_blacklist() (pymispPyMISP
method) 10delete_feed() (pymispPyMISP method) 10delete_object() (pymispPyMISP method) 10delete_object_reference() (pymispPyMISP
method) 10delete_organisation() (pymispPyMISP
method) 10delete_organisation_blacklist()
(pymispPyMISP method) 10delete_server() (pymispPyMISP method) 10delete_sharing_group() (pymispPyMISP
method) 10delete_sighting() (pymispPyMISP method) 10delete_tag() (pymispPyMISP method) 11delete_user() (pymispPyMISP method) 11delete_user_setting() (pymispPyMISP
method) 11describe_types_local() (pymispPyMISP prop-
erty) 11describe_types_remote() (pymispPyMISP
property) 11direct_call() (pymispPyMISP method) 11disable_feed() (pymispPyMISP method) 11disable_feed_cache() (pymispPyMISP method)
11disable_noticelist() (pymispPyMISP method)
11disable_tag() (pymispPyMISP method) 11disable_taxonomy() (pymispPyMISP method) 11disable_taxonomy_tags() (pymispPyMISP
method) 11disable_warninglist() (pymispPyMISP
method) 11discard_attribute_proposal()
(pymispPyMISP method) 12
Eedited() (pymispAbstractMISP property) 23edited() (pymispMISPAttribute property) 26edited() (pymispMISPEvent property) 24edited() (pymispMISPObject property) 28edited() (pymispMISPObjectAttribute property) 30edited() (pymispMISPObjectReference property) 31edited() (pymispMISPOrganisation property) 34edited() (pymispMISPTag property) 32edited() (pymispMISPUser property) 33edited() (pymisptoolsFileObject property) 37edited() (pymisptoolsVTReportObject property) 39enable_feed() (pymispPyMISP method) 12enable_feed_cache() (pymispPyMISP method)
12enable_noticelist() (pymispPyMISP method)
12enable_tag() (pymispPyMISP method) 12enable_taxonomy() (pymispPyMISP method) 12enable_taxonomy_tags() (pymispPyMISP
method) 12enable_warninglist() (pymispPyMISP method)
12event_blacklists() (pymispPyMISP method) 12event_delegations() (pymispPyMISP method)
12ExpandedPyMISP (in module pymisp) 23
Ffeeds() (pymispPyMISP method) 12fetch_feed() (pymispPyMISP method) 12FileObject (class in pymisptools) 37freetext() (pymispPyMISP method) 12from_dict() (pymispAbstractMISP method) 23from_dict() (pymispMISPAttribute method) 27from_dict() (pymispMISPEvent method) 25from_dict() (pymispMISPObject method) 28from_dict() (pymispMISPObjectAttribute method)
30from_dict() (pymispMISPObjectReference method)
31from_dict() (pymispMISPOrganisation method) 34from_dict() (pymispMISPTag method) 32from_dict() (pymispMISPUser method) 33from_dict() (pymisptoolsFileObject method) 37from_dict() (pymisptoolsVTReportObject method)
39from_json() (pymispAbstractMISP method) 23from_json() (pymispMISPAttribute method) 27from_json() (pymispMISPEvent method) 25from_json() (pymispMISPObject method) 28from_json() (pymispMISPObjectAttribute method)
30
46 Index
PyMISP Documentation Release main
from_json() (pymispMISPObjectReference method)31
from_json() (pymispMISPOrganisation method) 34from_json() (pymispMISPTag method) 32from_json() (pymispMISPUser method) 33from_json() (pymisptoolsFileObject method) 37from_json() (pymisptoolsVTReportObject method)
39
Ggalaxies() (pymispPyMISP method) 12generate_attributes() (pymisptoolsFileObject
method) 37generate_attributes()
(pymisptoolsVTReportObject method)39
get() (pymispMISPAttribute method) 27get() (pymispMISPEvent method) 25get() (pymispMISPObject method) 28get() (pymispMISPObjectAttribute method) 30get() (pymispMISPObjectReference method) 31get() (pymispMISPOrganisation method) 34get() (pymispMISPTag method) 32get() (pymispMISPUser method) 33get() (pymisptoolsFileObject method) 37get() (pymisptoolsVTReportObject method) 39get_all_functions() (pymispPyMISP method)
13get_attribute() (pymispPyMISP method) 13get_attribute_tag() (pymispMISPEvent
method) 25get_attributes_by_relation()
(pymispMISPObject method) 28get_attributes_by_relation()
(pymisptoolsFileObject method) 37get_attributes_by_relation()
(pymisptoolsVTReportObject method)39
get_community() (pymispPyMISP method) 13get_event() (pymispPyMISP method) 13get_feed() (pymispPyMISP method) 13get_galaxy() (pymispPyMISP method) 13get_noticelist() (pymispPyMISP method) 13get_object() (pymispPyMISP method) 13get_object_by_id() (pymispMISPEvent method)
25get_object_by_uuid() (pymispMISPEvent
method) 25get_object_template() (pymispPyMISP
method) 13get_objects_by_name() (pymispMISPEvent
method) 25get_organisation() (pymispPyMISP method) 13get_sync_config() (pymispPyMISP method) 13
get_tag() (pymispPyMISP method) 13get_taxonomy() (pymispPyMISP method) 13get_user() (pymispPyMISP method) 13get_user_setting() (pymispPyMISP method) 14get_warninglist() (pymispPyMISP method) 14
Hhas_attributes_by_relation()
(pymispMISPObject method) 28has_attributes_by_relation()
(pymisptoolsFileObject method) 37has_attributes_by_relation()
(pymisptoolsVTReportObject method)39
hash_values() (pymispMISPAttribute method) 27hash_values() (pymispMISPObjectAttribute
method) 30
Iimport_server() (pymispPyMISP method) 14items() (pymispMISPAttribute method) 27items() (pymispMISPEvent method) 25items() (pymispMISPObject method) 29items() (pymispMISPObjectAttribute method) 30items() (pymispMISPObjectReference method) 31items() (pymispMISPOrganisation method) 34items() (pymispMISPTag method) 32items() (pymispMISPUser method) 33items() (pymisptoolsFileObject method) 38items() (pymisptoolsVTReportObject method) 39
Jjsonable() (pymispAbstractMISP method) 23jsonable() (pymispMISPAttribute method) 27jsonable() (pymispMISPEvent method) 25jsonable() (pymispMISPObject method) 29jsonable() (pymispMISPObjectAttribute method)
30jsonable() (pymispMISPObjectReference method)
31jsonable() (pymispMISPOrganisation method) 34jsonable() (pymispMISPTag method) 32jsonable() (pymispMISPUser method) 33jsonable() (pymisptoolsFileObject method) 38jsonable() (pymisptoolsVTReportObject method)
39
Kkeys() (pymispMISPAttribute method) 27keys() (pymispMISPEvent method) 25keys() (pymispMISPObject method) 29keys() (pymispMISPObjectAttribute method) 30keys() (pymispMISPObjectReference method) 31keys() (pymispMISPOrganisation method) 34
Index 47
PyMISP Documentation Release main
keys() (pymispMISPTag method) 32keys() (pymispMISPUser method) 33keys() (pymisptoolsFileObject method) 38keys() (pymisptoolsVTReportObject method) 39known_types() (pymispMISPAttribute property) 27known_types() (pymispMISPObjectAttribute prop-
erty) 30
Lload() (pymispMISPEvent method) 25load_default_feeds() (pymispPyMISP method)
14load_file() (pymispMISPEvent method) 25load_openioc() (pymisptools method) 40load_openioc_file() (pymisptools method) 40load_stix() (in module pymisptoolsstix) 40
Mmake_stix_package() (in module
pymisptoolsstix) 40malware_binary() (pymispMISPAttribute prop-
erty) 27malware_binary() (pymispMISPObjectAttribute
property) 30misp_instance_version() (pymispPyMISP
property) 14misp_instance_version_master()
(pymispPyMISP property) 14MISPAttribute (class in pymisp) 26MISPEncode (class in pymisp) 24MISPEvent (class in pymisp) 24MISPObject (class in pymisp) 28MISPObjectAttribute (class in pymisp) 29MISPObjectReference (class in pymisp) 31MISPOrganisation (class in pymisp) 34MISPTag (class in pymisp) 32MISPUser (class in pymisp) 33module
pymisp 7pymisptools 37pymisptoolsstix 40
Nnoticelists() (pymispPyMISP method) 14
Oobject_templates() (pymispPyMISP method) 14organisation_blacklists() (pymispPyMISP
method) 14organisations() (pymispPyMISP method) 14
Ppop() (pymispMISPAttribute method) 27
pop() (pymispMISPEvent method) 25pop() (pymispMISPObject method) 29pop() (pymispMISPObjectAttribute method) 30pop() (pymispMISPObjectReference method) 31pop() (pymispMISPOrganisation method) 34pop() (pymispMISPTag method) 32pop() (pymispMISPUser method) 33pop() (pymisptoolsFileObject method) 38pop() (pymisptoolsVTReportObject method) 39popitem() (pymispMISPAttribute method) 27popitem() (pymispMISPEvent method) 25popitem() (pymispMISPObject method) 29popitem() (pymispMISPObjectAttribute method) 30popitem() (pymispMISPObjectReference method) 31popitem() (pymispMISPOrganisation method) 34popitem() (pymispMISPTag method) 32popitem() (pymispMISPUser method) 33popitem() (pymisptoolsFileObject method) 38popitem() (pymisptoolsVTReportObject method) 39publish() (pymispMISPEvent method) 25publish() (pymispPyMISP method) 14push_event_to_ZMQ() (pymispPyMISP method)
14pymisp
module 7PyMISP (class in pymisp) 7pymisptools
module 37pymisptoolsstix
module 40pymisp_version_main() (pymispPyMISP prop-
erty) 15
Rrecommended_pymisp_version()
(pymispPyMISP property) 15remote_acl() (pymispPyMISP method) 15remove_org_from_sharing_group()
(pymispPyMISP method) 15remove_server_from_sharing_group()
(pymispPyMISP method) 15roles() (pymispPyMISP method) 15
Ssearch() (pymispPyMISP method) 15search_feeds() (pymispPyMISP method) 17search_index() (pymispPyMISP method) 18search_logs() (pymispPyMISP method) 18search_sightings() (pymispPyMISP method) 19server_pull() (pymispPyMISP method) 20server_push() (pymispPyMISP method) 20servers() (pymispPyMISP method) 20set_date() (pymispMISPEvent method) 25
48 Index
PyMISP Documentation Release main
set_not_jsonable() (pymispAbstractMISPmethod) 23
set_not_jsonable() (pymispMISPAttributemethod) 27
set_not_jsonable() (pymispMISPEvent method)25
set_not_jsonable() (pymispMISPObjectmethod) 29
set_not_jsonable() (pymispMISPObjectAttributemethod) 30
set_not_jsonable()(pymispMISPObjectReference method)31
set_not_jsonable() (pymispMISPOrganisationmethod) 35
set_not_jsonable() (pymispMISPTag method)32
set_not_jsonable() (pymispMISPUser method)33
set_not_jsonable() (pymisptoolsFileObjectmethod) 38
set_not_jsonable()(pymisptoolsVTReportObject method)39
set_user_setting() (pymispPyMISP method) 20setdefault() (pymispMISPAttribute method) 27setdefault() (pymispMISPEvent method) 25setdefault() (pymispMISPObject method) 29setdefault() (pymispMISPObjectAttribute
method) 30setdefault() (pymispMISPObjectReference
method) 31setdefault() (pymispMISPOrganisation method)
35setdefault() (pymispMISPTag method) 33setdefault() (pymispMISPUser method) 34setdefault() (pymisptoolsFileObject method) 38setdefault() (pymisptoolsVTReportObject
method) 40sharing_groups() (pymispPyMISP method) 20sightings() (pymispPyMISP method) 20
Ttag() (pymispPyMISP method) 20tags() (pymispMISPAttribute property) 27tags() (pymispMISPEvent property) 26tags() (pymispMISPObjectAttribute property) 30tags() (pymispPyMISP method) 20tags_statistics() (pymispPyMISP method) 20taxonomies() (pymispPyMISP method) 20to_dict() (pymispAbstractMISP method) 23to_dict() (pymispMISPAttribute method) 27to_dict() (pymispMISPEvent method) 26to_dict() (pymispMISPObject method) 29
to_dict() (pymispMISPObjectAttribute method) 30to_dict() (pymispMISPObjectReference method) 32to_dict() (pymispMISPOrganisation method) 35to_dict() (pymispMISPTag method) 33to_dict() (pymispMISPUser method) 34to_dict() (pymisptoolsFileObject method) 38to_dict() (pymisptoolsVTReportObject method) 40to_feed() (pymispMISPEvent method) 26to_json() (pymispAbstractMISP method) 23to_json() (pymispMISPAttribute method) 27to_json() (pymispMISPEvent method) 26to_json() (pymispMISPObject method) 29to_json() (pymispMISPObjectAttribute method) 31to_json() (pymispMISPObjectReference method) 32to_json() (pymispMISPOrganisation method) 35to_json() (pymispMISPTag method) 33to_json() (pymispMISPUser method) 34to_json() (pymisptoolsFileObject method) 38to_json() (pymisptoolsVTReportObject method) 40toggle_warninglist() (pymispPyMISP method)
20
Uunpublish() (pymispMISPEvent method) 26untag() (pymispPyMISP method) 21update() (pymispMISPAttribute method) 28update() (pymispMISPEvent method) 26update() (pymispMISPObject method) 29update() (pymispMISPObjectAttribute method) 31update() (pymispMISPObjectReference method) 32update() (pymispMISPOrganisation method) 35update() (pymispMISPTag method) 33update() (pymispMISPUser method) 34update() (pymisptoolsFileObject method) 38update() (pymisptoolsVTReportObject method) 40update_attribute() (pymispPyMISP method) 21update_attribute_proposal()
(pymispPyMISP method) 21update_event() (pymispPyMISP method) 21update_event_blacklist() (pymispPyMISP
method) 21update_feed() (pymispPyMISP method) 21update_galaxies() (pymispPyMISP method) 21update_not_jsonable() (pymispAbstractMISP
method) 23update_not_jsonable() (pymispMISPAttribute
method) 28update_not_jsonable() (pymispMISPEvent
method) 26update_not_jsonable() (pymispMISPObject
method) 29update_not_jsonable()
(pymispMISPObjectAttribute method) 31
Index 49
PyMISP Documentation Release main
update_not_jsonable()(pymispMISPObjectReference method)32
update_not_jsonable()(pymispMISPOrganisation method) 35
update_not_jsonable() (pymispMISPTagmethod) 33
update_not_jsonable() (pymispMISPUsermethod) 34
update_not_jsonable() (pymisptoolsFileObjectmethod) 38
update_not_jsonable()(pymisptoolsVTReportObject method)40
update_noticelists() (pymispPyMISP method)21
update_object() (pymispPyMISP method) 21update_object_templates() (pymispPyMISP
method) 21update_organisation() (pymispPyMISP
method) 21update_organisation_blacklist()
(pymispPyMISP method) 21update_server() (pymispPyMISP method) 22update_tag() (pymispPyMISP method) 22update_taxonomies() (pymispPyMISP method)
22update_user() (pymispPyMISP method) 22update_warninglists() (pymispPyMISP
method) 22upload_stix() (pymispPyMISP method) 22user_registrations() (pymispPyMISP method)
22user_settings() (pymispPyMISP method) 22users() (pymispPyMISP method) 22users_statistics() (pymispPyMISP method) 22
Vvalues() (pymispMISPAttribute method) 28values() (pymispMISPEvent method) 26values() (pymispMISPObject method) 29values() (pymispMISPObjectAttribute method) 31values() (pymispMISPObjectReference method) 32values() (pymispMISPOrganisation method) 35values() (pymispMISPTag method) 33values() (pymispMISPUser method) 34values() (pymisptoolsFileObject method) 38values() (pymisptoolsVTReportObject method) 40values_in_warninglist() (pymispPyMISP
method) 22version() (pymispPyMISP property) 22VTReportObject (class in pymisptools) 38
Wwarninglists() (pymispPyMISP method) 22
50 Index
- README
- pymisp
- PyMISP
- PyMISPExpanded (Python 36+ only)
- MISPAbstract
- MISPEncode
- MISPEvent
- MISPAttribute
- MISPObject
- MISPObjectAttribute
- MISPObjectReference
- MISPTag
- MISPUser
- MISPOrganisation
- pymisp - Tools
- File Object
- ELF Object
- PE Object
- Mach-O Object
- VT Report Object
- STIX
- OpenIOC
- Indices and tables
- Python Module Index
- Index
PyMISP Documentation Release main
update_server(server server_id=None pythonify=False)Update a server to synchronise with
Return type Union[Dict MISPServer]
update_tag(tag tag_id=None pythonify=False)Edit only the provided parameters of a tag
Return type Union[Dict MISPTag]
update_taxonomies()Update all the taxonomies
Return type Dict
update_user(user user_id=None pythonify=False)Update an event on a MISP instance
Return type Union[Dict MISPUser]
update_warninglists()Update all the warninglists
Return type Dict
upload_stix(path version=2)Upload a STIX file to MISP param path Path to the STIX on the disk (can be a path-like object or apseudofile) type version str param version Can be 1 or 2
user_registrations(pythonify=False)Get all the user registrations
Return type Union[Dict List[MISPInbox]]
user_settings(pythonify=False)Get all the user settings
Return type Union[Dict List[MISPUserSetting]]
users(pythonify=False)Get all the users
Return type Union[Dict List[MISPUser]]
users_statistics(context=data)Get users statistics from the MISP instance
Return type Dict
values_in_warninglist(value)Check if IOC values are in warninglist
Return type Dict
property versionReturns the version of PyMISP yoursquore curently using
Return type Dict
warninglists(pythonify=False)Get all the warninglists
Return type Union[Dict List[MISPWarninglist]]
22 Chapter 2 pymisp
PyMISP Documentation Release main
22 PyMISPExpanded (Python 36+ only)
pymispExpandedPyMISPalias of pymispapiPyMISP
23 MISPAbstract
class pymispAbstractMISP(kwargs)
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
Return type None
from_json(json_string)Load a JSON string
Return type None
jsonable()This method is used by the JSON encoder
Return type Dict
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
22 PyMISPExpanded (Python 36+ only) 23
PyMISP Documentation Release main
24 MISPEncode
class pymispMISPEncode(args kwargs)
default(obj)Implement this method in a subclass such that it returns a serializable object for o or calls the baseimplementation (to raise a TypeError)
For example to support arbitrary iterators you could implement default like this
def default(self o)try
iterable = iter(o)except TypeError
passelse
return list(iterable) Let the base class default method raise the TypeErrorreturn JSONEncoderdefault(self o)
25 MISPEvent
class pymispMISPEvent(describe_types=None strict_validation=False kwargs)
add_attribute(type value kwargs)Add an attribute type and value are required but you can pass all other parameters supported by MISPAt-tribute
Return type Union[MISPAttribute List[MISPAttribute]]
add_attribute_tag(tag attribute_identifier)Add a tag to an existing attribute raise an Exception if the attribute doesnrsquot exists tag Tag name as astring MISPTag instance or dictionary attribute_identifier can be an ID UUID or the value
Return type List[MISPAttribute]
add_object(obj=None kwargs)Add an object to the Event either by passing a MISPObject or a dictionary
Return type MISPObject
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a tag to the attribute (by name or a MISPTag object)
Return type MISPShadowAttribute
clear()rarr None Remove all items from D
delete_attribute(attribute_id)Delete an attribute you can search by ID or UUID
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
24 Chapter 2 pymisp
PyMISP Documentation Release main
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attribute_tag(attribute_identifier)Return the tags associated to an attribute or an object attribute attribute_identifier can be an ID UUIDor the value
Return type List[MISPTag]
get_object_by_id(object_id)Get an object by ID (the ID is the one set by the server when creating the new object)
Return type MISPObject
get_object_by_uuid(object_uuid)Get an object by UUID (UUID is set by the server when creating the new object)
Return type MISPObject
get_objects_by_name(object_name)Get an object by UUID (UUID is set by the server when creating the new object)
Return type List[MISPObject]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
load(json_event validate=False metadata_only=False)Load a JSON dump from a pseudo file or a JSON string
load_file(event_path validate=False metadata_only=False)Load a JSON dump from a file on the disk
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
publish()Mark the attribute as published
set_date(d=None ignore_invalid=False)Set a date for the event (string datetime or date object)
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
25 MISPEvent 25
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Event
Return type List[MISPTag]
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_feed(valid_distributions=[0 1 2 3 4 5] with_meta=False)Generate a json output for MISP Feed Notes
bull valid_distributions only makes sense if the distribution key is set (ie the event is exported from aMISP instance)
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
unpublish()Mark the attribute as un-published (set publish flag to false)
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
26 MISPAttribute
class pymispMISPAttribute(describe_types=None strict=False)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
26 Chapter 2 pymisp
PyMISP Documentation Release main
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
26 MISPAttribute 27
PyMISP Documentation Release main
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
27 MISPObject
class pymispMISPObject(name strict=False standalone=True default_attributes_parameters=kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
28 Chapter 2 pymisp
PyMISP Documentation Release main
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
28 MISPObjectAttribute
class pymispMISPObjectAttribute(definition)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
28 MISPObjectAttribute 29
PyMISP Documentation Release main
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(object_relation value kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
30 Chapter 2 pymisp
PyMISP Documentation Release main
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
29 MISPObjectReference
class pymispMISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
29 MISPObjectReference 31
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
210 MISPTag
class pymispMISPTag(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
32 Chapter 2 pymisp
PyMISP Documentation Release main
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
211 MISPUser
class pymispMISPUser(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
211 MISPUser 33
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation
class pymispMISPOrganisation
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
34 Chapter 2 pymisp
PyMISP Documentation Release main
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation 35
PyMISP Documentation Release main
36 Chapter 2 pymisp
CHAPTER
THREE
PYMISP - TOOLS
31 File Object
class pymisptoolsFileObject(filepath=None pseudofile=None filename=None kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Contains the logic where all the values of the object are gathered
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
37
PyMISP Documentation Release main
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
32 ELF Object
33 PE Object
34 Mach-O Object
35 VT Report Object
class pymisptoolsVTReportObject(apikey indicator vt_proxies=None kwargs)VirusTotal Report
Apikey VirusTotal API key (private works but only public features are supported right now)
38 Chapter 3 pymisp - Tools
PyMISP Documentation Release main
Indicator IOC to search VirusTotal for
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Parse the VirusTotal report for relevant attributes
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
35 VT Report Object 39
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
36 STIX
pymisptoolsstixload_stix(stix distribution=3 threat_level_id=2 analysis=0)Returns a MISPEvent object from a STIX package
pymisptoolsstixmake_stix_package(misp_event to_json=False to_xml=False)Returns a STIXPackage from a MISPEvent
Optionally can return the package in json or xml
37 OpenIOC
toolsload_openioc()
toolsload_openioc_file()
40 Chapter 3 pymisp - Tools
CHAPTER
FOUR
INDICES AND TABLES
bull genindex
bull modindex
bull search
41
PyMISP Documentation Release main
42 Chapter 4 Indices and tables
PYTHON MODULE INDEX
ppymisp 7pymisptools 37pymisptoolsstix 40
43
PyMISP Documentation Release main
44 Python Module Index
INDEX
AAbstractMISP (class in pymisp) 23accept_attribute_proposal()
(pymispPyMISP method) 7add_attribute() (pymispMISPEvent method) 24add_attribute() (pymispMISPObject method) 28add_attribute() (pymispPyMISP method) 7add_attribute() (pymisptoolsFileObject method)
37add_attribute() (pymisptoolsVTReportObject
method) 39add_attribute_proposal() (pymispPyMISP
method) 7add_attribute_tag() (pymispMISPEvent
method) 24add_attributes() (pymispMISPObject method)
28add_attributes() (pymisptoolsFileObject
method) 37add_attributes() (pymisptoolsVTReportObject
method) 39add_event() (pymispPyMISP method) 7add_event_blacklist() (pymispPyMISP
method) 8add_feed() (pymispPyMISP method) 8add_object() (pymispMISPEvent method) 24add_object() (pymispPyMISP method) 8add_object_reference() (pymispPyMISP
method) 8add_org_to_sharing_group() (pymispPyMISP
method) 8add_organisation() (pymispPyMISP method) 8add_organisation_blacklist()
(pymispPyMISP method) 8add_proposal() (pymispMISPAttribute method) 26add_proposal() (pymispMISPEvent method) 24add_proposal() (pymispMISPObjectAttribute
method) 29add_reference() (pymispMISPObject method) 28add_reference() (pymisptoolsFileObject method)
37add_reference() (pymisptoolsVTReportObject
method) 39add_server() (pymispPyMISP method) 8add_server_to_sharing_group()
(pymispPyMISP method) 8add_shadow_attribute() (pymispMISPAttribute
method) 26add_shadow_attribute() (pymispMISPEvent
method) 24add_shadow_attribute()
(pymispMISPObjectAttribute method) 29add_sharing_group() (pymispPyMISP method) 8add_sighting() (pymispMISPAttribute method) 26add_sighting() (pymispMISPObjectAttribute
method) 29add_sighting() (pymispPyMISP method) 8add_tag() (pymispPyMISP method) 8add_user() (pymispPyMISP method) 9attributes_statistics() (pymispPyMISP
method) 9
Bbuild_complex_query() (pymispPyMISP
method) 9
Ccache_all_feeds() (pymispPyMISP method) 9cache_feed() (pymispPyMISP method) 9cache_freetext_feeds() (pymispPyMISP
method) 9cache_misp_feeds() (pymispPyMISP method) 9change_sharing_group_on_entity()
(pymispPyMISP method) 9change_user_password() (pymispPyMISP
method) 9clear() (pymispMISPAttribute method) 26clear() (pymispMISPEvent method) 24clear() (pymispMISPObject method) 28clear() (pymispMISPObjectAttribute method) 29clear() (pymispMISPObjectReference method) 31clear() (pymispMISPOrganisation method) 34clear() (pymispMISPTag method) 32clear() (pymispMISPUser method) 33
45
PyMISP Documentation Release main
clear() (pymisptoolsFileObject method) 37clear() (pymisptoolsVTReportObject method) 39communities() (pymispPyMISP method) 9compare_feeds() (pymispPyMISP method) 9contact_event_reporter() (pymispPyMISP
method) 9
Ddefault() (pymispMISPEncode method) 24delegate_event() (pymispPyMISP method) 10delete() (pymispMISPAttribute method) 26delete() (pymispMISPObjectAttribute method) 30delete_attribute() (pymispMISPEvent method)
24delete_attribute() (pymispPyMISP method) 10delete_attribute_proposal()
(pymispPyMISP method) 10delete_event() (pymispPyMISP method) 10delete_event_blacklist() (pymispPyMISP
method) 10delete_feed() (pymispPyMISP method) 10delete_object() (pymispPyMISP method) 10delete_object_reference() (pymispPyMISP
method) 10delete_organisation() (pymispPyMISP
method) 10delete_organisation_blacklist()
(pymispPyMISP method) 10delete_server() (pymispPyMISP method) 10delete_sharing_group() (pymispPyMISP
method) 10delete_sighting() (pymispPyMISP method) 10delete_tag() (pymispPyMISP method) 11delete_user() (pymispPyMISP method) 11delete_user_setting() (pymispPyMISP
method) 11describe_types_local() (pymispPyMISP prop-
erty) 11describe_types_remote() (pymispPyMISP
property) 11direct_call() (pymispPyMISP method) 11disable_feed() (pymispPyMISP method) 11disable_feed_cache() (pymispPyMISP method)
11disable_noticelist() (pymispPyMISP method)
11disable_tag() (pymispPyMISP method) 11disable_taxonomy() (pymispPyMISP method) 11disable_taxonomy_tags() (pymispPyMISP
method) 11disable_warninglist() (pymispPyMISP
method) 11discard_attribute_proposal()
(pymispPyMISP method) 12
Eedited() (pymispAbstractMISP property) 23edited() (pymispMISPAttribute property) 26edited() (pymispMISPEvent property) 24edited() (pymispMISPObject property) 28edited() (pymispMISPObjectAttribute property) 30edited() (pymispMISPObjectReference property) 31edited() (pymispMISPOrganisation property) 34edited() (pymispMISPTag property) 32edited() (pymispMISPUser property) 33edited() (pymisptoolsFileObject property) 37edited() (pymisptoolsVTReportObject property) 39enable_feed() (pymispPyMISP method) 12enable_feed_cache() (pymispPyMISP method)
12enable_noticelist() (pymispPyMISP method)
12enable_tag() (pymispPyMISP method) 12enable_taxonomy() (pymispPyMISP method) 12enable_taxonomy_tags() (pymispPyMISP
method) 12enable_warninglist() (pymispPyMISP method)
12event_blacklists() (pymispPyMISP method) 12event_delegations() (pymispPyMISP method)
12ExpandedPyMISP (in module pymisp) 23
Ffeeds() (pymispPyMISP method) 12fetch_feed() (pymispPyMISP method) 12FileObject (class in pymisptools) 37freetext() (pymispPyMISP method) 12from_dict() (pymispAbstractMISP method) 23from_dict() (pymispMISPAttribute method) 27from_dict() (pymispMISPEvent method) 25from_dict() (pymispMISPObject method) 28from_dict() (pymispMISPObjectAttribute method)
30from_dict() (pymispMISPObjectReference method)
31from_dict() (pymispMISPOrganisation method) 34from_dict() (pymispMISPTag method) 32from_dict() (pymispMISPUser method) 33from_dict() (pymisptoolsFileObject method) 37from_dict() (pymisptoolsVTReportObject method)
39from_json() (pymispAbstractMISP method) 23from_json() (pymispMISPAttribute method) 27from_json() (pymispMISPEvent method) 25from_json() (pymispMISPObject method) 28from_json() (pymispMISPObjectAttribute method)
30
46 Index
PyMISP Documentation Release main
from_json() (pymispMISPObjectReference method)31
from_json() (pymispMISPOrganisation method) 34from_json() (pymispMISPTag method) 32from_json() (pymispMISPUser method) 33from_json() (pymisptoolsFileObject method) 37from_json() (pymisptoolsVTReportObject method)
39
Ggalaxies() (pymispPyMISP method) 12generate_attributes() (pymisptoolsFileObject
method) 37generate_attributes()
(pymisptoolsVTReportObject method)39
get() (pymispMISPAttribute method) 27get() (pymispMISPEvent method) 25get() (pymispMISPObject method) 28get() (pymispMISPObjectAttribute method) 30get() (pymispMISPObjectReference method) 31get() (pymispMISPOrganisation method) 34get() (pymispMISPTag method) 32get() (pymispMISPUser method) 33get() (pymisptoolsFileObject method) 37get() (pymisptoolsVTReportObject method) 39get_all_functions() (pymispPyMISP method)
13get_attribute() (pymispPyMISP method) 13get_attribute_tag() (pymispMISPEvent
method) 25get_attributes_by_relation()
(pymispMISPObject method) 28get_attributes_by_relation()
(pymisptoolsFileObject method) 37get_attributes_by_relation()
(pymisptoolsVTReportObject method)39
get_community() (pymispPyMISP method) 13get_event() (pymispPyMISP method) 13get_feed() (pymispPyMISP method) 13get_galaxy() (pymispPyMISP method) 13get_noticelist() (pymispPyMISP method) 13get_object() (pymispPyMISP method) 13get_object_by_id() (pymispMISPEvent method)
25get_object_by_uuid() (pymispMISPEvent
method) 25get_object_template() (pymispPyMISP
method) 13get_objects_by_name() (pymispMISPEvent
method) 25get_organisation() (pymispPyMISP method) 13get_sync_config() (pymispPyMISP method) 13
get_tag() (pymispPyMISP method) 13get_taxonomy() (pymispPyMISP method) 13get_user() (pymispPyMISP method) 13get_user_setting() (pymispPyMISP method) 14get_warninglist() (pymispPyMISP method) 14
Hhas_attributes_by_relation()
(pymispMISPObject method) 28has_attributes_by_relation()
(pymisptoolsFileObject method) 37has_attributes_by_relation()
(pymisptoolsVTReportObject method)39
hash_values() (pymispMISPAttribute method) 27hash_values() (pymispMISPObjectAttribute
method) 30
Iimport_server() (pymispPyMISP method) 14items() (pymispMISPAttribute method) 27items() (pymispMISPEvent method) 25items() (pymispMISPObject method) 29items() (pymispMISPObjectAttribute method) 30items() (pymispMISPObjectReference method) 31items() (pymispMISPOrganisation method) 34items() (pymispMISPTag method) 32items() (pymispMISPUser method) 33items() (pymisptoolsFileObject method) 38items() (pymisptoolsVTReportObject method) 39
Jjsonable() (pymispAbstractMISP method) 23jsonable() (pymispMISPAttribute method) 27jsonable() (pymispMISPEvent method) 25jsonable() (pymispMISPObject method) 29jsonable() (pymispMISPObjectAttribute method)
30jsonable() (pymispMISPObjectReference method)
31jsonable() (pymispMISPOrganisation method) 34jsonable() (pymispMISPTag method) 32jsonable() (pymispMISPUser method) 33jsonable() (pymisptoolsFileObject method) 38jsonable() (pymisptoolsVTReportObject method)
39
Kkeys() (pymispMISPAttribute method) 27keys() (pymispMISPEvent method) 25keys() (pymispMISPObject method) 29keys() (pymispMISPObjectAttribute method) 30keys() (pymispMISPObjectReference method) 31keys() (pymispMISPOrganisation method) 34
Index 47
PyMISP Documentation Release main
keys() (pymispMISPTag method) 32keys() (pymispMISPUser method) 33keys() (pymisptoolsFileObject method) 38keys() (pymisptoolsVTReportObject method) 39known_types() (pymispMISPAttribute property) 27known_types() (pymispMISPObjectAttribute prop-
erty) 30
Lload() (pymispMISPEvent method) 25load_default_feeds() (pymispPyMISP method)
14load_file() (pymispMISPEvent method) 25load_openioc() (pymisptools method) 40load_openioc_file() (pymisptools method) 40load_stix() (in module pymisptoolsstix) 40
Mmake_stix_package() (in module
pymisptoolsstix) 40malware_binary() (pymispMISPAttribute prop-
erty) 27malware_binary() (pymispMISPObjectAttribute
property) 30misp_instance_version() (pymispPyMISP
property) 14misp_instance_version_master()
(pymispPyMISP property) 14MISPAttribute (class in pymisp) 26MISPEncode (class in pymisp) 24MISPEvent (class in pymisp) 24MISPObject (class in pymisp) 28MISPObjectAttribute (class in pymisp) 29MISPObjectReference (class in pymisp) 31MISPOrganisation (class in pymisp) 34MISPTag (class in pymisp) 32MISPUser (class in pymisp) 33module
pymisp 7pymisptools 37pymisptoolsstix 40
Nnoticelists() (pymispPyMISP method) 14
Oobject_templates() (pymispPyMISP method) 14organisation_blacklists() (pymispPyMISP
method) 14organisations() (pymispPyMISP method) 14
Ppop() (pymispMISPAttribute method) 27
pop() (pymispMISPEvent method) 25pop() (pymispMISPObject method) 29pop() (pymispMISPObjectAttribute method) 30pop() (pymispMISPObjectReference method) 31pop() (pymispMISPOrganisation method) 34pop() (pymispMISPTag method) 32pop() (pymispMISPUser method) 33pop() (pymisptoolsFileObject method) 38pop() (pymisptoolsVTReportObject method) 39popitem() (pymispMISPAttribute method) 27popitem() (pymispMISPEvent method) 25popitem() (pymispMISPObject method) 29popitem() (pymispMISPObjectAttribute method) 30popitem() (pymispMISPObjectReference method) 31popitem() (pymispMISPOrganisation method) 34popitem() (pymispMISPTag method) 32popitem() (pymispMISPUser method) 33popitem() (pymisptoolsFileObject method) 38popitem() (pymisptoolsVTReportObject method) 39publish() (pymispMISPEvent method) 25publish() (pymispPyMISP method) 14push_event_to_ZMQ() (pymispPyMISP method)
14pymisp
module 7PyMISP (class in pymisp) 7pymisptools
module 37pymisptoolsstix
module 40pymisp_version_main() (pymispPyMISP prop-
erty) 15
Rrecommended_pymisp_version()
(pymispPyMISP property) 15remote_acl() (pymispPyMISP method) 15remove_org_from_sharing_group()
(pymispPyMISP method) 15remove_server_from_sharing_group()
(pymispPyMISP method) 15roles() (pymispPyMISP method) 15
Ssearch() (pymispPyMISP method) 15search_feeds() (pymispPyMISP method) 17search_index() (pymispPyMISP method) 18search_logs() (pymispPyMISP method) 18search_sightings() (pymispPyMISP method) 19server_pull() (pymispPyMISP method) 20server_push() (pymispPyMISP method) 20servers() (pymispPyMISP method) 20set_date() (pymispMISPEvent method) 25
48 Index
PyMISP Documentation Release main
set_not_jsonable() (pymispAbstractMISPmethod) 23
set_not_jsonable() (pymispMISPAttributemethod) 27
set_not_jsonable() (pymispMISPEvent method)25
set_not_jsonable() (pymispMISPObjectmethod) 29
set_not_jsonable() (pymispMISPObjectAttributemethod) 30
set_not_jsonable()(pymispMISPObjectReference method)31
set_not_jsonable() (pymispMISPOrganisationmethod) 35
set_not_jsonable() (pymispMISPTag method)32
set_not_jsonable() (pymispMISPUser method)33
set_not_jsonable() (pymisptoolsFileObjectmethod) 38
set_not_jsonable()(pymisptoolsVTReportObject method)39
set_user_setting() (pymispPyMISP method) 20setdefault() (pymispMISPAttribute method) 27setdefault() (pymispMISPEvent method) 25setdefault() (pymispMISPObject method) 29setdefault() (pymispMISPObjectAttribute
method) 30setdefault() (pymispMISPObjectReference
method) 31setdefault() (pymispMISPOrganisation method)
35setdefault() (pymispMISPTag method) 33setdefault() (pymispMISPUser method) 34setdefault() (pymisptoolsFileObject method) 38setdefault() (pymisptoolsVTReportObject
method) 40sharing_groups() (pymispPyMISP method) 20sightings() (pymispPyMISP method) 20
Ttag() (pymispPyMISP method) 20tags() (pymispMISPAttribute property) 27tags() (pymispMISPEvent property) 26tags() (pymispMISPObjectAttribute property) 30tags() (pymispPyMISP method) 20tags_statistics() (pymispPyMISP method) 20taxonomies() (pymispPyMISP method) 20to_dict() (pymispAbstractMISP method) 23to_dict() (pymispMISPAttribute method) 27to_dict() (pymispMISPEvent method) 26to_dict() (pymispMISPObject method) 29
to_dict() (pymispMISPObjectAttribute method) 30to_dict() (pymispMISPObjectReference method) 32to_dict() (pymispMISPOrganisation method) 35to_dict() (pymispMISPTag method) 33to_dict() (pymispMISPUser method) 34to_dict() (pymisptoolsFileObject method) 38to_dict() (pymisptoolsVTReportObject method) 40to_feed() (pymispMISPEvent method) 26to_json() (pymispAbstractMISP method) 23to_json() (pymispMISPAttribute method) 27to_json() (pymispMISPEvent method) 26to_json() (pymispMISPObject method) 29to_json() (pymispMISPObjectAttribute method) 31to_json() (pymispMISPObjectReference method) 32to_json() (pymispMISPOrganisation method) 35to_json() (pymispMISPTag method) 33to_json() (pymispMISPUser method) 34to_json() (pymisptoolsFileObject method) 38to_json() (pymisptoolsVTReportObject method) 40toggle_warninglist() (pymispPyMISP method)
20
Uunpublish() (pymispMISPEvent method) 26untag() (pymispPyMISP method) 21update() (pymispMISPAttribute method) 28update() (pymispMISPEvent method) 26update() (pymispMISPObject method) 29update() (pymispMISPObjectAttribute method) 31update() (pymispMISPObjectReference method) 32update() (pymispMISPOrganisation method) 35update() (pymispMISPTag method) 33update() (pymispMISPUser method) 34update() (pymisptoolsFileObject method) 38update() (pymisptoolsVTReportObject method) 40update_attribute() (pymispPyMISP method) 21update_attribute_proposal()
(pymispPyMISP method) 21update_event() (pymispPyMISP method) 21update_event_blacklist() (pymispPyMISP
method) 21update_feed() (pymispPyMISP method) 21update_galaxies() (pymispPyMISP method) 21update_not_jsonable() (pymispAbstractMISP
method) 23update_not_jsonable() (pymispMISPAttribute
method) 28update_not_jsonable() (pymispMISPEvent
method) 26update_not_jsonable() (pymispMISPObject
method) 29update_not_jsonable()
(pymispMISPObjectAttribute method) 31
Index 49
PyMISP Documentation Release main
update_not_jsonable()(pymispMISPObjectReference method)32
update_not_jsonable()(pymispMISPOrganisation method) 35
update_not_jsonable() (pymispMISPTagmethod) 33
update_not_jsonable() (pymispMISPUsermethod) 34
update_not_jsonable() (pymisptoolsFileObjectmethod) 38
update_not_jsonable()(pymisptoolsVTReportObject method)40
update_noticelists() (pymispPyMISP method)21
update_object() (pymispPyMISP method) 21update_object_templates() (pymispPyMISP
method) 21update_organisation() (pymispPyMISP
method) 21update_organisation_blacklist()
(pymispPyMISP method) 21update_server() (pymispPyMISP method) 22update_tag() (pymispPyMISP method) 22update_taxonomies() (pymispPyMISP method)
22update_user() (pymispPyMISP method) 22update_warninglists() (pymispPyMISP
method) 22upload_stix() (pymispPyMISP method) 22user_registrations() (pymispPyMISP method)
22user_settings() (pymispPyMISP method) 22users() (pymispPyMISP method) 22users_statistics() (pymispPyMISP method) 22
Vvalues() (pymispMISPAttribute method) 28values() (pymispMISPEvent method) 26values() (pymispMISPObject method) 29values() (pymispMISPObjectAttribute method) 31values() (pymispMISPObjectReference method) 32values() (pymispMISPOrganisation method) 35values() (pymispMISPTag method) 33values() (pymispMISPUser method) 34values() (pymisptoolsFileObject method) 38values() (pymisptoolsVTReportObject method) 40values_in_warninglist() (pymispPyMISP
method) 22version() (pymispPyMISP property) 22VTReportObject (class in pymisptools) 38
Wwarninglists() (pymispPyMISP method) 22
50 Index
- README
- pymisp
- PyMISP
- PyMISPExpanded (Python 36+ only)
- MISPAbstract
- MISPEncode
- MISPEvent
- MISPAttribute
- MISPObject
- MISPObjectAttribute
- MISPObjectReference
- MISPTag
- MISPUser
- MISPOrganisation
- pymisp - Tools
- File Object
- ELF Object
- PE Object
- Mach-O Object
- VT Report Object
- STIX
- OpenIOC
- Indices and tables
- Python Module Index
- Index
PyMISP Documentation Release main
22 PyMISPExpanded (Python 36+ only)
pymispExpandedPyMISPalias of pymispapiPyMISP
23 MISPAbstract
class pymispAbstractMISP(kwargs)
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
Return type None
from_json(json_string)Load a JSON string
Return type None
jsonable()This method is used by the JSON encoder
Return type Dict
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
22 PyMISPExpanded (Python 36+ only) 23
PyMISP Documentation Release main
24 MISPEncode
class pymispMISPEncode(args kwargs)
default(obj)Implement this method in a subclass such that it returns a serializable object for o or calls the baseimplementation (to raise a TypeError)
For example to support arbitrary iterators you could implement default like this
def default(self o)try
iterable = iter(o)except TypeError
passelse
return list(iterable) Let the base class default method raise the TypeErrorreturn JSONEncoderdefault(self o)
25 MISPEvent
class pymispMISPEvent(describe_types=None strict_validation=False kwargs)
add_attribute(type value kwargs)Add an attribute type and value are required but you can pass all other parameters supported by MISPAt-tribute
Return type Union[MISPAttribute List[MISPAttribute]]
add_attribute_tag(tag attribute_identifier)Add a tag to an existing attribute raise an Exception if the attribute doesnrsquot exists tag Tag name as astring MISPTag instance or dictionary attribute_identifier can be an ID UUID or the value
Return type List[MISPAttribute]
add_object(obj=None kwargs)Add an object to the Event either by passing a MISPObject or a dictionary
Return type MISPObject
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a tag to the attribute (by name or a MISPTag object)
Return type MISPShadowAttribute
clear()rarr None Remove all items from D
delete_attribute(attribute_id)Delete an attribute you can search by ID or UUID
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
24 Chapter 2 pymisp
PyMISP Documentation Release main
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attribute_tag(attribute_identifier)Return the tags associated to an attribute or an object attribute attribute_identifier can be an ID UUIDor the value
Return type List[MISPTag]
get_object_by_id(object_id)Get an object by ID (the ID is the one set by the server when creating the new object)
Return type MISPObject
get_object_by_uuid(object_uuid)Get an object by UUID (UUID is set by the server when creating the new object)
Return type MISPObject
get_objects_by_name(object_name)Get an object by UUID (UUID is set by the server when creating the new object)
Return type List[MISPObject]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
load(json_event validate=False metadata_only=False)Load a JSON dump from a pseudo file or a JSON string
load_file(event_path validate=False metadata_only=False)Load a JSON dump from a file on the disk
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
publish()Mark the attribute as published
set_date(d=None ignore_invalid=False)Set a date for the event (string datetime or date object)
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
25 MISPEvent 25
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Event
Return type List[MISPTag]
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_feed(valid_distributions=[0 1 2 3 4 5] with_meta=False)Generate a json output for MISP Feed Notes
bull valid_distributions only makes sense if the distribution key is set (ie the event is exported from aMISP instance)
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
unpublish()Mark the attribute as un-published (set publish flag to false)
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
26 MISPAttribute
class pymispMISPAttribute(describe_types=None strict=False)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
26 Chapter 2 pymisp
PyMISP Documentation Release main
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
26 MISPAttribute 27
PyMISP Documentation Release main
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
27 MISPObject
class pymispMISPObject(name strict=False standalone=True default_attributes_parameters=kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
28 Chapter 2 pymisp
PyMISP Documentation Release main
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
28 MISPObjectAttribute
class pymispMISPObjectAttribute(definition)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
28 MISPObjectAttribute 29
PyMISP Documentation Release main
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(object_relation value kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
30 Chapter 2 pymisp
PyMISP Documentation Release main
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
29 MISPObjectReference
class pymispMISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
29 MISPObjectReference 31
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
210 MISPTag
class pymispMISPTag(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
32 Chapter 2 pymisp
PyMISP Documentation Release main
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
211 MISPUser
class pymispMISPUser(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
211 MISPUser 33
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation
class pymispMISPOrganisation
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
34 Chapter 2 pymisp
PyMISP Documentation Release main
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation 35
PyMISP Documentation Release main
36 Chapter 2 pymisp
CHAPTER
THREE
PYMISP - TOOLS
31 File Object
class pymisptoolsFileObject(filepath=None pseudofile=None filename=None kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Contains the logic where all the values of the object are gathered
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
37
PyMISP Documentation Release main
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
32 ELF Object
33 PE Object
34 Mach-O Object
35 VT Report Object
class pymisptoolsVTReportObject(apikey indicator vt_proxies=None kwargs)VirusTotal Report
Apikey VirusTotal API key (private works but only public features are supported right now)
38 Chapter 3 pymisp - Tools
PyMISP Documentation Release main
Indicator IOC to search VirusTotal for
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Parse the VirusTotal report for relevant attributes
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
35 VT Report Object 39
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
36 STIX
pymisptoolsstixload_stix(stix distribution=3 threat_level_id=2 analysis=0)Returns a MISPEvent object from a STIX package
pymisptoolsstixmake_stix_package(misp_event to_json=False to_xml=False)Returns a STIXPackage from a MISPEvent
Optionally can return the package in json or xml
37 OpenIOC
toolsload_openioc()
toolsload_openioc_file()
40 Chapter 3 pymisp - Tools
CHAPTER
FOUR
INDICES AND TABLES
bull genindex
bull modindex
bull search
41
PyMISP Documentation Release main
42 Chapter 4 Indices and tables
PYTHON MODULE INDEX
ppymisp 7pymisptools 37pymisptoolsstix 40
43
PyMISP Documentation Release main
44 Python Module Index
INDEX
AAbstractMISP (class in pymisp) 23accept_attribute_proposal()
(pymispPyMISP method) 7add_attribute() (pymispMISPEvent method) 24add_attribute() (pymispMISPObject method) 28add_attribute() (pymispPyMISP method) 7add_attribute() (pymisptoolsFileObject method)
37add_attribute() (pymisptoolsVTReportObject
method) 39add_attribute_proposal() (pymispPyMISP
method) 7add_attribute_tag() (pymispMISPEvent
method) 24add_attributes() (pymispMISPObject method)
28add_attributes() (pymisptoolsFileObject
method) 37add_attributes() (pymisptoolsVTReportObject
method) 39add_event() (pymispPyMISP method) 7add_event_blacklist() (pymispPyMISP
method) 8add_feed() (pymispPyMISP method) 8add_object() (pymispMISPEvent method) 24add_object() (pymispPyMISP method) 8add_object_reference() (pymispPyMISP
method) 8add_org_to_sharing_group() (pymispPyMISP
method) 8add_organisation() (pymispPyMISP method) 8add_organisation_blacklist()
(pymispPyMISP method) 8add_proposal() (pymispMISPAttribute method) 26add_proposal() (pymispMISPEvent method) 24add_proposal() (pymispMISPObjectAttribute
method) 29add_reference() (pymispMISPObject method) 28add_reference() (pymisptoolsFileObject method)
37add_reference() (pymisptoolsVTReportObject
method) 39add_server() (pymispPyMISP method) 8add_server_to_sharing_group()
(pymispPyMISP method) 8add_shadow_attribute() (pymispMISPAttribute
method) 26add_shadow_attribute() (pymispMISPEvent
method) 24add_shadow_attribute()
(pymispMISPObjectAttribute method) 29add_sharing_group() (pymispPyMISP method) 8add_sighting() (pymispMISPAttribute method) 26add_sighting() (pymispMISPObjectAttribute
method) 29add_sighting() (pymispPyMISP method) 8add_tag() (pymispPyMISP method) 8add_user() (pymispPyMISP method) 9attributes_statistics() (pymispPyMISP
method) 9
Bbuild_complex_query() (pymispPyMISP
method) 9
Ccache_all_feeds() (pymispPyMISP method) 9cache_feed() (pymispPyMISP method) 9cache_freetext_feeds() (pymispPyMISP
method) 9cache_misp_feeds() (pymispPyMISP method) 9change_sharing_group_on_entity()
(pymispPyMISP method) 9change_user_password() (pymispPyMISP
method) 9clear() (pymispMISPAttribute method) 26clear() (pymispMISPEvent method) 24clear() (pymispMISPObject method) 28clear() (pymispMISPObjectAttribute method) 29clear() (pymispMISPObjectReference method) 31clear() (pymispMISPOrganisation method) 34clear() (pymispMISPTag method) 32clear() (pymispMISPUser method) 33
45
PyMISP Documentation Release main
clear() (pymisptoolsFileObject method) 37clear() (pymisptoolsVTReportObject method) 39communities() (pymispPyMISP method) 9compare_feeds() (pymispPyMISP method) 9contact_event_reporter() (pymispPyMISP
method) 9
Ddefault() (pymispMISPEncode method) 24delegate_event() (pymispPyMISP method) 10delete() (pymispMISPAttribute method) 26delete() (pymispMISPObjectAttribute method) 30delete_attribute() (pymispMISPEvent method)
24delete_attribute() (pymispPyMISP method) 10delete_attribute_proposal()
(pymispPyMISP method) 10delete_event() (pymispPyMISP method) 10delete_event_blacklist() (pymispPyMISP
method) 10delete_feed() (pymispPyMISP method) 10delete_object() (pymispPyMISP method) 10delete_object_reference() (pymispPyMISP
method) 10delete_organisation() (pymispPyMISP
method) 10delete_organisation_blacklist()
(pymispPyMISP method) 10delete_server() (pymispPyMISP method) 10delete_sharing_group() (pymispPyMISP
method) 10delete_sighting() (pymispPyMISP method) 10delete_tag() (pymispPyMISP method) 11delete_user() (pymispPyMISP method) 11delete_user_setting() (pymispPyMISP
method) 11describe_types_local() (pymispPyMISP prop-
erty) 11describe_types_remote() (pymispPyMISP
property) 11direct_call() (pymispPyMISP method) 11disable_feed() (pymispPyMISP method) 11disable_feed_cache() (pymispPyMISP method)
11disable_noticelist() (pymispPyMISP method)
11disable_tag() (pymispPyMISP method) 11disable_taxonomy() (pymispPyMISP method) 11disable_taxonomy_tags() (pymispPyMISP
method) 11disable_warninglist() (pymispPyMISP
method) 11discard_attribute_proposal()
(pymispPyMISP method) 12
Eedited() (pymispAbstractMISP property) 23edited() (pymispMISPAttribute property) 26edited() (pymispMISPEvent property) 24edited() (pymispMISPObject property) 28edited() (pymispMISPObjectAttribute property) 30edited() (pymispMISPObjectReference property) 31edited() (pymispMISPOrganisation property) 34edited() (pymispMISPTag property) 32edited() (pymispMISPUser property) 33edited() (pymisptoolsFileObject property) 37edited() (pymisptoolsVTReportObject property) 39enable_feed() (pymispPyMISP method) 12enable_feed_cache() (pymispPyMISP method)
12enable_noticelist() (pymispPyMISP method)
12enable_tag() (pymispPyMISP method) 12enable_taxonomy() (pymispPyMISP method) 12enable_taxonomy_tags() (pymispPyMISP
method) 12enable_warninglist() (pymispPyMISP method)
12event_blacklists() (pymispPyMISP method) 12event_delegations() (pymispPyMISP method)
12ExpandedPyMISP (in module pymisp) 23
Ffeeds() (pymispPyMISP method) 12fetch_feed() (pymispPyMISP method) 12FileObject (class in pymisptools) 37freetext() (pymispPyMISP method) 12from_dict() (pymispAbstractMISP method) 23from_dict() (pymispMISPAttribute method) 27from_dict() (pymispMISPEvent method) 25from_dict() (pymispMISPObject method) 28from_dict() (pymispMISPObjectAttribute method)
30from_dict() (pymispMISPObjectReference method)
31from_dict() (pymispMISPOrganisation method) 34from_dict() (pymispMISPTag method) 32from_dict() (pymispMISPUser method) 33from_dict() (pymisptoolsFileObject method) 37from_dict() (pymisptoolsVTReportObject method)
39from_json() (pymispAbstractMISP method) 23from_json() (pymispMISPAttribute method) 27from_json() (pymispMISPEvent method) 25from_json() (pymispMISPObject method) 28from_json() (pymispMISPObjectAttribute method)
30
46 Index
PyMISP Documentation Release main
from_json() (pymispMISPObjectReference method)31
from_json() (pymispMISPOrganisation method) 34from_json() (pymispMISPTag method) 32from_json() (pymispMISPUser method) 33from_json() (pymisptoolsFileObject method) 37from_json() (pymisptoolsVTReportObject method)
39
Ggalaxies() (pymispPyMISP method) 12generate_attributes() (pymisptoolsFileObject
method) 37generate_attributes()
(pymisptoolsVTReportObject method)39
get() (pymispMISPAttribute method) 27get() (pymispMISPEvent method) 25get() (pymispMISPObject method) 28get() (pymispMISPObjectAttribute method) 30get() (pymispMISPObjectReference method) 31get() (pymispMISPOrganisation method) 34get() (pymispMISPTag method) 32get() (pymispMISPUser method) 33get() (pymisptoolsFileObject method) 37get() (pymisptoolsVTReportObject method) 39get_all_functions() (pymispPyMISP method)
13get_attribute() (pymispPyMISP method) 13get_attribute_tag() (pymispMISPEvent
method) 25get_attributes_by_relation()
(pymispMISPObject method) 28get_attributes_by_relation()
(pymisptoolsFileObject method) 37get_attributes_by_relation()
(pymisptoolsVTReportObject method)39
get_community() (pymispPyMISP method) 13get_event() (pymispPyMISP method) 13get_feed() (pymispPyMISP method) 13get_galaxy() (pymispPyMISP method) 13get_noticelist() (pymispPyMISP method) 13get_object() (pymispPyMISP method) 13get_object_by_id() (pymispMISPEvent method)
25get_object_by_uuid() (pymispMISPEvent
method) 25get_object_template() (pymispPyMISP
method) 13get_objects_by_name() (pymispMISPEvent
method) 25get_organisation() (pymispPyMISP method) 13get_sync_config() (pymispPyMISP method) 13
get_tag() (pymispPyMISP method) 13get_taxonomy() (pymispPyMISP method) 13get_user() (pymispPyMISP method) 13get_user_setting() (pymispPyMISP method) 14get_warninglist() (pymispPyMISP method) 14
Hhas_attributes_by_relation()
(pymispMISPObject method) 28has_attributes_by_relation()
(pymisptoolsFileObject method) 37has_attributes_by_relation()
(pymisptoolsVTReportObject method)39
hash_values() (pymispMISPAttribute method) 27hash_values() (pymispMISPObjectAttribute
method) 30
Iimport_server() (pymispPyMISP method) 14items() (pymispMISPAttribute method) 27items() (pymispMISPEvent method) 25items() (pymispMISPObject method) 29items() (pymispMISPObjectAttribute method) 30items() (pymispMISPObjectReference method) 31items() (pymispMISPOrganisation method) 34items() (pymispMISPTag method) 32items() (pymispMISPUser method) 33items() (pymisptoolsFileObject method) 38items() (pymisptoolsVTReportObject method) 39
Jjsonable() (pymispAbstractMISP method) 23jsonable() (pymispMISPAttribute method) 27jsonable() (pymispMISPEvent method) 25jsonable() (pymispMISPObject method) 29jsonable() (pymispMISPObjectAttribute method)
30jsonable() (pymispMISPObjectReference method)
31jsonable() (pymispMISPOrganisation method) 34jsonable() (pymispMISPTag method) 32jsonable() (pymispMISPUser method) 33jsonable() (pymisptoolsFileObject method) 38jsonable() (pymisptoolsVTReportObject method)
39
Kkeys() (pymispMISPAttribute method) 27keys() (pymispMISPEvent method) 25keys() (pymispMISPObject method) 29keys() (pymispMISPObjectAttribute method) 30keys() (pymispMISPObjectReference method) 31keys() (pymispMISPOrganisation method) 34
Index 47
PyMISP Documentation Release main
keys() (pymispMISPTag method) 32keys() (pymispMISPUser method) 33keys() (pymisptoolsFileObject method) 38keys() (pymisptoolsVTReportObject method) 39known_types() (pymispMISPAttribute property) 27known_types() (pymispMISPObjectAttribute prop-
erty) 30
Lload() (pymispMISPEvent method) 25load_default_feeds() (pymispPyMISP method)
14load_file() (pymispMISPEvent method) 25load_openioc() (pymisptools method) 40load_openioc_file() (pymisptools method) 40load_stix() (in module pymisptoolsstix) 40
Mmake_stix_package() (in module
pymisptoolsstix) 40malware_binary() (pymispMISPAttribute prop-
erty) 27malware_binary() (pymispMISPObjectAttribute
property) 30misp_instance_version() (pymispPyMISP
property) 14misp_instance_version_master()
(pymispPyMISP property) 14MISPAttribute (class in pymisp) 26MISPEncode (class in pymisp) 24MISPEvent (class in pymisp) 24MISPObject (class in pymisp) 28MISPObjectAttribute (class in pymisp) 29MISPObjectReference (class in pymisp) 31MISPOrganisation (class in pymisp) 34MISPTag (class in pymisp) 32MISPUser (class in pymisp) 33module
pymisp 7pymisptools 37pymisptoolsstix 40
Nnoticelists() (pymispPyMISP method) 14
Oobject_templates() (pymispPyMISP method) 14organisation_blacklists() (pymispPyMISP
method) 14organisations() (pymispPyMISP method) 14
Ppop() (pymispMISPAttribute method) 27
pop() (pymispMISPEvent method) 25pop() (pymispMISPObject method) 29pop() (pymispMISPObjectAttribute method) 30pop() (pymispMISPObjectReference method) 31pop() (pymispMISPOrganisation method) 34pop() (pymispMISPTag method) 32pop() (pymispMISPUser method) 33pop() (pymisptoolsFileObject method) 38pop() (pymisptoolsVTReportObject method) 39popitem() (pymispMISPAttribute method) 27popitem() (pymispMISPEvent method) 25popitem() (pymispMISPObject method) 29popitem() (pymispMISPObjectAttribute method) 30popitem() (pymispMISPObjectReference method) 31popitem() (pymispMISPOrganisation method) 34popitem() (pymispMISPTag method) 32popitem() (pymispMISPUser method) 33popitem() (pymisptoolsFileObject method) 38popitem() (pymisptoolsVTReportObject method) 39publish() (pymispMISPEvent method) 25publish() (pymispPyMISP method) 14push_event_to_ZMQ() (pymispPyMISP method)
14pymisp
module 7PyMISP (class in pymisp) 7pymisptools
module 37pymisptoolsstix
module 40pymisp_version_main() (pymispPyMISP prop-
erty) 15
Rrecommended_pymisp_version()
(pymispPyMISP property) 15remote_acl() (pymispPyMISP method) 15remove_org_from_sharing_group()
(pymispPyMISP method) 15remove_server_from_sharing_group()
(pymispPyMISP method) 15roles() (pymispPyMISP method) 15
Ssearch() (pymispPyMISP method) 15search_feeds() (pymispPyMISP method) 17search_index() (pymispPyMISP method) 18search_logs() (pymispPyMISP method) 18search_sightings() (pymispPyMISP method) 19server_pull() (pymispPyMISP method) 20server_push() (pymispPyMISP method) 20servers() (pymispPyMISP method) 20set_date() (pymispMISPEvent method) 25
48 Index
PyMISP Documentation Release main
set_not_jsonable() (pymispAbstractMISPmethod) 23
set_not_jsonable() (pymispMISPAttributemethod) 27
set_not_jsonable() (pymispMISPEvent method)25
set_not_jsonable() (pymispMISPObjectmethod) 29
set_not_jsonable() (pymispMISPObjectAttributemethod) 30
set_not_jsonable()(pymispMISPObjectReference method)31
set_not_jsonable() (pymispMISPOrganisationmethod) 35
set_not_jsonable() (pymispMISPTag method)32
set_not_jsonable() (pymispMISPUser method)33
set_not_jsonable() (pymisptoolsFileObjectmethod) 38
set_not_jsonable()(pymisptoolsVTReportObject method)39
set_user_setting() (pymispPyMISP method) 20setdefault() (pymispMISPAttribute method) 27setdefault() (pymispMISPEvent method) 25setdefault() (pymispMISPObject method) 29setdefault() (pymispMISPObjectAttribute
method) 30setdefault() (pymispMISPObjectReference
method) 31setdefault() (pymispMISPOrganisation method)
35setdefault() (pymispMISPTag method) 33setdefault() (pymispMISPUser method) 34setdefault() (pymisptoolsFileObject method) 38setdefault() (pymisptoolsVTReportObject
method) 40sharing_groups() (pymispPyMISP method) 20sightings() (pymispPyMISP method) 20
Ttag() (pymispPyMISP method) 20tags() (pymispMISPAttribute property) 27tags() (pymispMISPEvent property) 26tags() (pymispMISPObjectAttribute property) 30tags() (pymispPyMISP method) 20tags_statistics() (pymispPyMISP method) 20taxonomies() (pymispPyMISP method) 20to_dict() (pymispAbstractMISP method) 23to_dict() (pymispMISPAttribute method) 27to_dict() (pymispMISPEvent method) 26to_dict() (pymispMISPObject method) 29
to_dict() (pymispMISPObjectAttribute method) 30to_dict() (pymispMISPObjectReference method) 32to_dict() (pymispMISPOrganisation method) 35to_dict() (pymispMISPTag method) 33to_dict() (pymispMISPUser method) 34to_dict() (pymisptoolsFileObject method) 38to_dict() (pymisptoolsVTReportObject method) 40to_feed() (pymispMISPEvent method) 26to_json() (pymispAbstractMISP method) 23to_json() (pymispMISPAttribute method) 27to_json() (pymispMISPEvent method) 26to_json() (pymispMISPObject method) 29to_json() (pymispMISPObjectAttribute method) 31to_json() (pymispMISPObjectReference method) 32to_json() (pymispMISPOrganisation method) 35to_json() (pymispMISPTag method) 33to_json() (pymispMISPUser method) 34to_json() (pymisptoolsFileObject method) 38to_json() (pymisptoolsVTReportObject method) 40toggle_warninglist() (pymispPyMISP method)
20
Uunpublish() (pymispMISPEvent method) 26untag() (pymispPyMISP method) 21update() (pymispMISPAttribute method) 28update() (pymispMISPEvent method) 26update() (pymispMISPObject method) 29update() (pymispMISPObjectAttribute method) 31update() (pymispMISPObjectReference method) 32update() (pymispMISPOrganisation method) 35update() (pymispMISPTag method) 33update() (pymispMISPUser method) 34update() (pymisptoolsFileObject method) 38update() (pymisptoolsVTReportObject method) 40update_attribute() (pymispPyMISP method) 21update_attribute_proposal()
(pymispPyMISP method) 21update_event() (pymispPyMISP method) 21update_event_blacklist() (pymispPyMISP
method) 21update_feed() (pymispPyMISP method) 21update_galaxies() (pymispPyMISP method) 21update_not_jsonable() (pymispAbstractMISP
method) 23update_not_jsonable() (pymispMISPAttribute
method) 28update_not_jsonable() (pymispMISPEvent
method) 26update_not_jsonable() (pymispMISPObject
method) 29update_not_jsonable()
(pymispMISPObjectAttribute method) 31
Index 49
PyMISP Documentation Release main
update_not_jsonable()(pymispMISPObjectReference method)32
update_not_jsonable()(pymispMISPOrganisation method) 35
update_not_jsonable() (pymispMISPTagmethod) 33
update_not_jsonable() (pymispMISPUsermethod) 34
update_not_jsonable() (pymisptoolsFileObjectmethod) 38
update_not_jsonable()(pymisptoolsVTReportObject method)40
update_noticelists() (pymispPyMISP method)21
update_object() (pymispPyMISP method) 21update_object_templates() (pymispPyMISP
method) 21update_organisation() (pymispPyMISP
method) 21update_organisation_blacklist()
(pymispPyMISP method) 21update_server() (pymispPyMISP method) 22update_tag() (pymispPyMISP method) 22update_taxonomies() (pymispPyMISP method)
22update_user() (pymispPyMISP method) 22update_warninglists() (pymispPyMISP
method) 22upload_stix() (pymispPyMISP method) 22user_registrations() (pymispPyMISP method)
22user_settings() (pymispPyMISP method) 22users() (pymispPyMISP method) 22users_statistics() (pymispPyMISP method) 22
Vvalues() (pymispMISPAttribute method) 28values() (pymispMISPEvent method) 26values() (pymispMISPObject method) 29values() (pymispMISPObjectAttribute method) 31values() (pymispMISPObjectReference method) 32values() (pymispMISPOrganisation method) 35values() (pymispMISPTag method) 33values() (pymispMISPUser method) 34values() (pymisptoolsFileObject method) 38values() (pymisptoolsVTReportObject method) 40values_in_warninglist() (pymispPyMISP
method) 22version() (pymispPyMISP property) 22VTReportObject (class in pymisptools) 38
Wwarninglists() (pymispPyMISP method) 22
50 Index
- README
- pymisp
- PyMISP
- PyMISPExpanded (Python 36+ only)
- MISPAbstract
- MISPEncode
- MISPEvent
- MISPAttribute
- MISPObject
- MISPObjectAttribute
- MISPObjectReference
- MISPTag
- MISPUser
- MISPOrganisation
- pymisp - Tools
- File Object
- ELF Object
- PE Object
- Mach-O Object
- VT Report Object
- STIX
- OpenIOC
- Indices and tables
- Python Module Index
- Index
PyMISP Documentation Release main
24 MISPEncode
class pymispMISPEncode(args kwargs)
default(obj)Implement this method in a subclass such that it returns a serializable object for o or calls the baseimplementation (to raise a TypeError)
For example to support arbitrary iterators you could implement default like this
def default(self o)try
iterable = iter(o)except TypeError
passelse
return list(iterable) Let the base class default method raise the TypeErrorreturn JSONEncoderdefault(self o)
25 MISPEvent
class pymispMISPEvent(describe_types=None strict_validation=False kwargs)
add_attribute(type value kwargs)Add an attribute type and value are required but you can pass all other parameters supported by MISPAt-tribute
Return type Union[MISPAttribute List[MISPAttribute]]
add_attribute_tag(tag attribute_identifier)Add a tag to an existing attribute raise an Exception if the attribute doesnrsquot exists tag Tag name as astring MISPTag instance or dictionary attribute_identifier can be an ID UUID or the value
Return type List[MISPAttribute]
add_object(obj=None kwargs)Add an object to the Event either by passing a MISPObject or a dictionary
Return type MISPObject
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a tag to the attribute (by name or a MISPTag object)
Return type MISPShadowAttribute
clear()rarr None Remove all items from D
delete_attribute(attribute_id)Delete an attribute you can search by ID or UUID
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
24 Chapter 2 pymisp
PyMISP Documentation Release main
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attribute_tag(attribute_identifier)Return the tags associated to an attribute or an object attribute attribute_identifier can be an ID UUIDor the value
Return type List[MISPTag]
get_object_by_id(object_id)Get an object by ID (the ID is the one set by the server when creating the new object)
Return type MISPObject
get_object_by_uuid(object_uuid)Get an object by UUID (UUID is set by the server when creating the new object)
Return type MISPObject
get_objects_by_name(object_name)Get an object by UUID (UUID is set by the server when creating the new object)
Return type List[MISPObject]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
load(json_event validate=False metadata_only=False)Load a JSON dump from a pseudo file or a JSON string
load_file(event_path validate=False metadata_only=False)Load a JSON dump from a file on the disk
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
publish()Mark the attribute as published
set_date(d=None ignore_invalid=False)Set a date for the event (string datetime or date object)
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
25 MISPEvent 25
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Event
Return type List[MISPTag]
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_feed(valid_distributions=[0 1 2 3 4 5] with_meta=False)Generate a json output for MISP Feed Notes
bull valid_distributions only makes sense if the distribution key is set (ie the event is exported from aMISP instance)
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
unpublish()Mark the attribute as un-published (set publish flag to false)
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
26 MISPAttribute
class pymispMISPAttribute(describe_types=None strict=False)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
26 Chapter 2 pymisp
PyMISP Documentation Release main
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
26 MISPAttribute 27
PyMISP Documentation Release main
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
27 MISPObject
class pymispMISPObject(name strict=False standalone=True default_attributes_parameters=kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
28 Chapter 2 pymisp
PyMISP Documentation Release main
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
28 MISPObjectAttribute
class pymispMISPObjectAttribute(definition)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
28 MISPObjectAttribute 29
PyMISP Documentation Release main
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(object_relation value kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
30 Chapter 2 pymisp
PyMISP Documentation Release main
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
29 MISPObjectReference
class pymispMISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
29 MISPObjectReference 31
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
210 MISPTag
class pymispMISPTag(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
32 Chapter 2 pymisp
PyMISP Documentation Release main
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
211 MISPUser
class pymispMISPUser(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
211 MISPUser 33
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation
class pymispMISPOrganisation
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
34 Chapter 2 pymisp
PyMISP Documentation Release main
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation 35
PyMISP Documentation Release main
36 Chapter 2 pymisp
CHAPTER
THREE
PYMISP - TOOLS
31 File Object
class pymisptoolsFileObject(filepath=None pseudofile=None filename=None kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Contains the logic where all the values of the object are gathered
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
37
PyMISP Documentation Release main
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
32 ELF Object
33 PE Object
34 Mach-O Object
35 VT Report Object
class pymisptoolsVTReportObject(apikey indicator vt_proxies=None kwargs)VirusTotal Report
Apikey VirusTotal API key (private works but only public features are supported right now)
38 Chapter 3 pymisp - Tools
PyMISP Documentation Release main
Indicator IOC to search VirusTotal for
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Parse the VirusTotal report for relevant attributes
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
35 VT Report Object 39
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
36 STIX
pymisptoolsstixload_stix(stix distribution=3 threat_level_id=2 analysis=0)Returns a MISPEvent object from a STIX package
pymisptoolsstixmake_stix_package(misp_event to_json=False to_xml=False)Returns a STIXPackage from a MISPEvent
Optionally can return the package in json or xml
37 OpenIOC
toolsload_openioc()
toolsload_openioc_file()
40 Chapter 3 pymisp - Tools
CHAPTER
FOUR
INDICES AND TABLES
bull genindex
bull modindex
bull search
41
PyMISP Documentation Release main
42 Chapter 4 Indices and tables
PYTHON MODULE INDEX
ppymisp 7pymisptools 37pymisptoolsstix 40
43
PyMISP Documentation Release main
44 Python Module Index
INDEX
AAbstractMISP (class in pymisp) 23accept_attribute_proposal()
(pymispPyMISP method) 7add_attribute() (pymispMISPEvent method) 24add_attribute() (pymispMISPObject method) 28add_attribute() (pymispPyMISP method) 7add_attribute() (pymisptoolsFileObject method)
37add_attribute() (pymisptoolsVTReportObject
method) 39add_attribute_proposal() (pymispPyMISP
method) 7add_attribute_tag() (pymispMISPEvent
method) 24add_attributes() (pymispMISPObject method)
28add_attributes() (pymisptoolsFileObject
method) 37add_attributes() (pymisptoolsVTReportObject
method) 39add_event() (pymispPyMISP method) 7add_event_blacklist() (pymispPyMISP
method) 8add_feed() (pymispPyMISP method) 8add_object() (pymispMISPEvent method) 24add_object() (pymispPyMISP method) 8add_object_reference() (pymispPyMISP
method) 8add_org_to_sharing_group() (pymispPyMISP
method) 8add_organisation() (pymispPyMISP method) 8add_organisation_blacklist()
(pymispPyMISP method) 8add_proposal() (pymispMISPAttribute method) 26add_proposal() (pymispMISPEvent method) 24add_proposal() (pymispMISPObjectAttribute
method) 29add_reference() (pymispMISPObject method) 28add_reference() (pymisptoolsFileObject method)
37add_reference() (pymisptoolsVTReportObject
method) 39add_server() (pymispPyMISP method) 8add_server_to_sharing_group()
(pymispPyMISP method) 8add_shadow_attribute() (pymispMISPAttribute
method) 26add_shadow_attribute() (pymispMISPEvent
method) 24add_shadow_attribute()
(pymispMISPObjectAttribute method) 29add_sharing_group() (pymispPyMISP method) 8add_sighting() (pymispMISPAttribute method) 26add_sighting() (pymispMISPObjectAttribute
method) 29add_sighting() (pymispPyMISP method) 8add_tag() (pymispPyMISP method) 8add_user() (pymispPyMISP method) 9attributes_statistics() (pymispPyMISP
method) 9
Bbuild_complex_query() (pymispPyMISP
method) 9
Ccache_all_feeds() (pymispPyMISP method) 9cache_feed() (pymispPyMISP method) 9cache_freetext_feeds() (pymispPyMISP
method) 9cache_misp_feeds() (pymispPyMISP method) 9change_sharing_group_on_entity()
(pymispPyMISP method) 9change_user_password() (pymispPyMISP
method) 9clear() (pymispMISPAttribute method) 26clear() (pymispMISPEvent method) 24clear() (pymispMISPObject method) 28clear() (pymispMISPObjectAttribute method) 29clear() (pymispMISPObjectReference method) 31clear() (pymispMISPOrganisation method) 34clear() (pymispMISPTag method) 32clear() (pymispMISPUser method) 33
45
PyMISP Documentation Release main
clear() (pymisptoolsFileObject method) 37clear() (pymisptoolsVTReportObject method) 39communities() (pymispPyMISP method) 9compare_feeds() (pymispPyMISP method) 9contact_event_reporter() (pymispPyMISP
method) 9
Ddefault() (pymispMISPEncode method) 24delegate_event() (pymispPyMISP method) 10delete() (pymispMISPAttribute method) 26delete() (pymispMISPObjectAttribute method) 30delete_attribute() (pymispMISPEvent method)
24delete_attribute() (pymispPyMISP method) 10delete_attribute_proposal()
(pymispPyMISP method) 10delete_event() (pymispPyMISP method) 10delete_event_blacklist() (pymispPyMISP
method) 10delete_feed() (pymispPyMISP method) 10delete_object() (pymispPyMISP method) 10delete_object_reference() (pymispPyMISP
method) 10delete_organisation() (pymispPyMISP
method) 10delete_organisation_blacklist()
(pymispPyMISP method) 10delete_server() (pymispPyMISP method) 10delete_sharing_group() (pymispPyMISP
method) 10delete_sighting() (pymispPyMISP method) 10delete_tag() (pymispPyMISP method) 11delete_user() (pymispPyMISP method) 11delete_user_setting() (pymispPyMISP
method) 11describe_types_local() (pymispPyMISP prop-
erty) 11describe_types_remote() (pymispPyMISP
property) 11direct_call() (pymispPyMISP method) 11disable_feed() (pymispPyMISP method) 11disable_feed_cache() (pymispPyMISP method)
11disable_noticelist() (pymispPyMISP method)
11disable_tag() (pymispPyMISP method) 11disable_taxonomy() (pymispPyMISP method) 11disable_taxonomy_tags() (pymispPyMISP
method) 11disable_warninglist() (pymispPyMISP
method) 11discard_attribute_proposal()
(pymispPyMISP method) 12
Eedited() (pymispAbstractMISP property) 23edited() (pymispMISPAttribute property) 26edited() (pymispMISPEvent property) 24edited() (pymispMISPObject property) 28edited() (pymispMISPObjectAttribute property) 30edited() (pymispMISPObjectReference property) 31edited() (pymispMISPOrganisation property) 34edited() (pymispMISPTag property) 32edited() (pymispMISPUser property) 33edited() (pymisptoolsFileObject property) 37edited() (pymisptoolsVTReportObject property) 39enable_feed() (pymispPyMISP method) 12enable_feed_cache() (pymispPyMISP method)
12enable_noticelist() (pymispPyMISP method)
12enable_tag() (pymispPyMISP method) 12enable_taxonomy() (pymispPyMISP method) 12enable_taxonomy_tags() (pymispPyMISP
method) 12enable_warninglist() (pymispPyMISP method)
12event_blacklists() (pymispPyMISP method) 12event_delegations() (pymispPyMISP method)
12ExpandedPyMISP (in module pymisp) 23
Ffeeds() (pymispPyMISP method) 12fetch_feed() (pymispPyMISP method) 12FileObject (class in pymisptools) 37freetext() (pymispPyMISP method) 12from_dict() (pymispAbstractMISP method) 23from_dict() (pymispMISPAttribute method) 27from_dict() (pymispMISPEvent method) 25from_dict() (pymispMISPObject method) 28from_dict() (pymispMISPObjectAttribute method)
30from_dict() (pymispMISPObjectReference method)
31from_dict() (pymispMISPOrganisation method) 34from_dict() (pymispMISPTag method) 32from_dict() (pymispMISPUser method) 33from_dict() (pymisptoolsFileObject method) 37from_dict() (pymisptoolsVTReportObject method)
39from_json() (pymispAbstractMISP method) 23from_json() (pymispMISPAttribute method) 27from_json() (pymispMISPEvent method) 25from_json() (pymispMISPObject method) 28from_json() (pymispMISPObjectAttribute method)
30
46 Index
PyMISP Documentation Release main
from_json() (pymispMISPObjectReference method)31
from_json() (pymispMISPOrganisation method) 34from_json() (pymispMISPTag method) 32from_json() (pymispMISPUser method) 33from_json() (pymisptoolsFileObject method) 37from_json() (pymisptoolsVTReportObject method)
39
Ggalaxies() (pymispPyMISP method) 12generate_attributes() (pymisptoolsFileObject
method) 37generate_attributes()
(pymisptoolsVTReportObject method)39
get() (pymispMISPAttribute method) 27get() (pymispMISPEvent method) 25get() (pymispMISPObject method) 28get() (pymispMISPObjectAttribute method) 30get() (pymispMISPObjectReference method) 31get() (pymispMISPOrganisation method) 34get() (pymispMISPTag method) 32get() (pymispMISPUser method) 33get() (pymisptoolsFileObject method) 37get() (pymisptoolsVTReportObject method) 39get_all_functions() (pymispPyMISP method)
13get_attribute() (pymispPyMISP method) 13get_attribute_tag() (pymispMISPEvent
method) 25get_attributes_by_relation()
(pymispMISPObject method) 28get_attributes_by_relation()
(pymisptoolsFileObject method) 37get_attributes_by_relation()
(pymisptoolsVTReportObject method)39
get_community() (pymispPyMISP method) 13get_event() (pymispPyMISP method) 13get_feed() (pymispPyMISP method) 13get_galaxy() (pymispPyMISP method) 13get_noticelist() (pymispPyMISP method) 13get_object() (pymispPyMISP method) 13get_object_by_id() (pymispMISPEvent method)
25get_object_by_uuid() (pymispMISPEvent
method) 25get_object_template() (pymispPyMISP
method) 13get_objects_by_name() (pymispMISPEvent
method) 25get_organisation() (pymispPyMISP method) 13get_sync_config() (pymispPyMISP method) 13
get_tag() (pymispPyMISP method) 13get_taxonomy() (pymispPyMISP method) 13get_user() (pymispPyMISP method) 13get_user_setting() (pymispPyMISP method) 14get_warninglist() (pymispPyMISP method) 14
Hhas_attributes_by_relation()
(pymispMISPObject method) 28has_attributes_by_relation()
(pymisptoolsFileObject method) 37has_attributes_by_relation()
(pymisptoolsVTReportObject method)39
hash_values() (pymispMISPAttribute method) 27hash_values() (pymispMISPObjectAttribute
method) 30
Iimport_server() (pymispPyMISP method) 14items() (pymispMISPAttribute method) 27items() (pymispMISPEvent method) 25items() (pymispMISPObject method) 29items() (pymispMISPObjectAttribute method) 30items() (pymispMISPObjectReference method) 31items() (pymispMISPOrganisation method) 34items() (pymispMISPTag method) 32items() (pymispMISPUser method) 33items() (pymisptoolsFileObject method) 38items() (pymisptoolsVTReportObject method) 39
Jjsonable() (pymispAbstractMISP method) 23jsonable() (pymispMISPAttribute method) 27jsonable() (pymispMISPEvent method) 25jsonable() (pymispMISPObject method) 29jsonable() (pymispMISPObjectAttribute method)
30jsonable() (pymispMISPObjectReference method)
31jsonable() (pymispMISPOrganisation method) 34jsonable() (pymispMISPTag method) 32jsonable() (pymispMISPUser method) 33jsonable() (pymisptoolsFileObject method) 38jsonable() (pymisptoolsVTReportObject method)
39
Kkeys() (pymispMISPAttribute method) 27keys() (pymispMISPEvent method) 25keys() (pymispMISPObject method) 29keys() (pymispMISPObjectAttribute method) 30keys() (pymispMISPObjectReference method) 31keys() (pymispMISPOrganisation method) 34
Index 47
PyMISP Documentation Release main
keys() (pymispMISPTag method) 32keys() (pymispMISPUser method) 33keys() (pymisptoolsFileObject method) 38keys() (pymisptoolsVTReportObject method) 39known_types() (pymispMISPAttribute property) 27known_types() (pymispMISPObjectAttribute prop-
erty) 30
Lload() (pymispMISPEvent method) 25load_default_feeds() (pymispPyMISP method)
14load_file() (pymispMISPEvent method) 25load_openioc() (pymisptools method) 40load_openioc_file() (pymisptools method) 40load_stix() (in module pymisptoolsstix) 40
Mmake_stix_package() (in module
pymisptoolsstix) 40malware_binary() (pymispMISPAttribute prop-
erty) 27malware_binary() (pymispMISPObjectAttribute
property) 30misp_instance_version() (pymispPyMISP
property) 14misp_instance_version_master()
(pymispPyMISP property) 14MISPAttribute (class in pymisp) 26MISPEncode (class in pymisp) 24MISPEvent (class in pymisp) 24MISPObject (class in pymisp) 28MISPObjectAttribute (class in pymisp) 29MISPObjectReference (class in pymisp) 31MISPOrganisation (class in pymisp) 34MISPTag (class in pymisp) 32MISPUser (class in pymisp) 33module
pymisp 7pymisptools 37pymisptoolsstix 40
Nnoticelists() (pymispPyMISP method) 14
Oobject_templates() (pymispPyMISP method) 14organisation_blacklists() (pymispPyMISP
method) 14organisations() (pymispPyMISP method) 14
Ppop() (pymispMISPAttribute method) 27
pop() (pymispMISPEvent method) 25pop() (pymispMISPObject method) 29pop() (pymispMISPObjectAttribute method) 30pop() (pymispMISPObjectReference method) 31pop() (pymispMISPOrganisation method) 34pop() (pymispMISPTag method) 32pop() (pymispMISPUser method) 33pop() (pymisptoolsFileObject method) 38pop() (pymisptoolsVTReportObject method) 39popitem() (pymispMISPAttribute method) 27popitem() (pymispMISPEvent method) 25popitem() (pymispMISPObject method) 29popitem() (pymispMISPObjectAttribute method) 30popitem() (pymispMISPObjectReference method) 31popitem() (pymispMISPOrganisation method) 34popitem() (pymispMISPTag method) 32popitem() (pymispMISPUser method) 33popitem() (pymisptoolsFileObject method) 38popitem() (pymisptoolsVTReportObject method) 39publish() (pymispMISPEvent method) 25publish() (pymispPyMISP method) 14push_event_to_ZMQ() (pymispPyMISP method)
14pymisp
module 7PyMISP (class in pymisp) 7pymisptools
module 37pymisptoolsstix
module 40pymisp_version_main() (pymispPyMISP prop-
erty) 15
Rrecommended_pymisp_version()
(pymispPyMISP property) 15remote_acl() (pymispPyMISP method) 15remove_org_from_sharing_group()
(pymispPyMISP method) 15remove_server_from_sharing_group()
(pymispPyMISP method) 15roles() (pymispPyMISP method) 15
Ssearch() (pymispPyMISP method) 15search_feeds() (pymispPyMISP method) 17search_index() (pymispPyMISP method) 18search_logs() (pymispPyMISP method) 18search_sightings() (pymispPyMISP method) 19server_pull() (pymispPyMISP method) 20server_push() (pymispPyMISP method) 20servers() (pymispPyMISP method) 20set_date() (pymispMISPEvent method) 25
48 Index
PyMISP Documentation Release main
set_not_jsonable() (pymispAbstractMISPmethod) 23
set_not_jsonable() (pymispMISPAttributemethod) 27
set_not_jsonable() (pymispMISPEvent method)25
set_not_jsonable() (pymispMISPObjectmethod) 29
set_not_jsonable() (pymispMISPObjectAttributemethod) 30
set_not_jsonable()(pymispMISPObjectReference method)31
set_not_jsonable() (pymispMISPOrganisationmethod) 35
set_not_jsonable() (pymispMISPTag method)32
set_not_jsonable() (pymispMISPUser method)33
set_not_jsonable() (pymisptoolsFileObjectmethod) 38
set_not_jsonable()(pymisptoolsVTReportObject method)39
set_user_setting() (pymispPyMISP method) 20setdefault() (pymispMISPAttribute method) 27setdefault() (pymispMISPEvent method) 25setdefault() (pymispMISPObject method) 29setdefault() (pymispMISPObjectAttribute
method) 30setdefault() (pymispMISPObjectReference
method) 31setdefault() (pymispMISPOrganisation method)
35setdefault() (pymispMISPTag method) 33setdefault() (pymispMISPUser method) 34setdefault() (pymisptoolsFileObject method) 38setdefault() (pymisptoolsVTReportObject
method) 40sharing_groups() (pymispPyMISP method) 20sightings() (pymispPyMISP method) 20
Ttag() (pymispPyMISP method) 20tags() (pymispMISPAttribute property) 27tags() (pymispMISPEvent property) 26tags() (pymispMISPObjectAttribute property) 30tags() (pymispPyMISP method) 20tags_statistics() (pymispPyMISP method) 20taxonomies() (pymispPyMISP method) 20to_dict() (pymispAbstractMISP method) 23to_dict() (pymispMISPAttribute method) 27to_dict() (pymispMISPEvent method) 26to_dict() (pymispMISPObject method) 29
to_dict() (pymispMISPObjectAttribute method) 30to_dict() (pymispMISPObjectReference method) 32to_dict() (pymispMISPOrganisation method) 35to_dict() (pymispMISPTag method) 33to_dict() (pymispMISPUser method) 34to_dict() (pymisptoolsFileObject method) 38to_dict() (pymisptoolsVTReportObject method) 40to_feed() (pymispMISPEvent method) 26to_json() (pymispAbstractMISP method) 23to_json() (pymispMISPAttribute method) 27to_json() (pymispMISPEvent method) 26to_json() (pymispMISPObject method) 29to_json() (pymispMISPObjectAttribute method) 31to_json() (pymispMISPObjectReference method) 32to_json() (pymispMISPOrganisation method) 35to_json() (pymispMISPTag method) 33to_json() (pymispMISPUser method) 34to_json() (pymisptoolsFileObject method) 38to_json() (pymisptoolsVTReportObject method) 40toggle_warninglist() (pymispPyMISP method)
20
Uunpublish() (pymispMISPEvent method) 26untag() (pymispPyMISP method) 21update() (pymispMISPAttribute method) 28update() (pymispMISPEvent method) 26update() (pymispMISPObject method) 29update() (pymispMISPObjectAttribute method) 31update() (pymispMISPObjectReference method) 32update() (pymispMISPOrganisation method) 35update() (pymispMISPTag method) 33update() (pymispMISPUser method) 34update() (pymisptoolsFileObject method) 38update() (pymisptoolsVTReportObject method) 40update_attribute() (pymispPyMISP method) 21update_attribute_proposal()
(pymispPyMISP method) 21update_event() (pymispPyMISP method) 21update_event_blacklist() (pymispPyMISP
method) 21update_feed() (pymispPyMISP method) 21update_galaxies() (pymispPyMISP method) 21update_not_jsonable() (pymispAbstractMISP
method) 23update_not_jsonable() (pymispMISPAttribute
method) 28update_not_jsonable() (pymispMISPEvent
method) 26update_not_jsonable() (pymispMISPObject
method) 29update_not_jsonable()
(pymispMISPObjectAttribute method) 31
Index 49
PyMISP Documentation Release main
update_not_jsonable()(pymispMISPObjectReference method)32
update_not_jsonable()(pymispMISPOrganisation method) 35
update_not_jsonable() (pymispMISPTagmethod) 33
update_not_jsonable() (pymispMISPUsermethod) 34
update_not_jsonable() (pymisptoolsFileObjectmethod) 38
update_not_jsonable()(pymisptoolsVTReportObject method)40
update_noticelists() (pymispPyMISP method)21
update_object() (pymispPyMISP method) 21update_object_templates() (pymispPyMISP
method) 21update_organisation() (pymispPyMISP
method) 21update_organisation_blacklist()
(pymispPyMISP method) 21update_server() (pymispPyMISP method) 22update_tag() (pymispPyMISP method) 22update_taxonomies() (pymispPyMISP method)
22update_user() (pymispPyMISP method) 22update_warninglists() (pymispPyMISP
method) 22upload_stix() (pymispPyMISP method) 22user_registrations() (pymispPyMISP method)
22user_settings() (pymispPyMISP method) 22users() (pymispPyMISP method) 22users_statistics() (pymispPyMISP method) 22
Vvalues() (pymispMISPAttribute method) 28values() (pymispMISPEvent method) 26values() (pymispMISPObject method) 29values() (pymispMISPObjectAttribute method) 31values() (pymispMISPObjectReference method) 32values() (pymispMISPOrganisation method) 35values() (pymispMISPTag method) 33values() (pymispMISPUser method) 34values() (pymisptoolsFileObject method) 38values() (pymisptoolsVTReportObject method) 40values_in_warninglist() (pymispPyMISP
method) 22version() (pymispPyMISP property) 22VTReportObject (class in pymisptools) 38
Wwarninglists() (pymispPyMISP method) 22
50 Index
- README
- pymisp
- PyMISP
- PyMISPExpanded (Python 36+ only)
- MISPAbstract
- MISPEncode
- MISPEvent
- MISPAttribute
- MISPObject
- MISPObjectAttribute
- MISPObjectReference
- MISPTag
- MISPUser
- MISPOrganisation
- pymisp - Tools
- File Object
- ELF Object
- PE Object
- Mach-O Object
- VT Report Object
- STIX
- OpenIOC
- Indices and tables
- Python Module Index
- Index
PyMISP Documentation Release main
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attribute_tag(attribute_identifier)Return the tags associated to an attribute or an object attribute attribute_identifier can be an ID UUIDor the value
Return type List[MISPTag]
get_object_by_id(object_id)Get an object by ID (the ID is the one set by the server when creating the new object)
Return type MISPObject
get_object_by_uuid(object_uuid)Get an object by UUID (UUID is set by the server when creating the new object)
Return type MISPObject
get_objects_by_name(object_name)Get an object by UUID (UUID is set by the server when creating the new object)
Return type List[MISPObject]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
load(json_event validate=False metadata_only=False)Load a JSON dump from a pseudo file or a JSON string
load_file(event_path validate=False metadata_only=False)Load a JSON dump from a file on the disk
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
publish()Mark the attribute as published
set_date(d=None ignore_invalid=False)Set a date for the event (string datetime or date object)
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
25 MISPEvent 25
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Event
Return type List[MISPTag]
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_feed(valid_distributions=[0 1 2 3 4 5] with_meta=False)Generate a json output for MISP Feed Notes
bull valid_distributions only makes sense if the distribution key is set (ie the event is exported from aMISP instance)
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
unpublish()Mark the attribute as un-published (set publish flag to false)
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
26 MISPAttribute
class pymispMISPAttribute(describe_types=None strict=False)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
26 Chapter 2 pymisp
PyMISP Documentation Release main
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
26 MISPAttribute 27
PyMISP Documentation Release main
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
27 MISPObject
class pymispMISPObject(name strict=False standalone=True default_attributes_parameters=kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
28 Chapter 2 pymisp
PyMISP Documentation Release main
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
28 MISPObjectAttribute
class pymispMISPObjectAttribute(definition)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
28 MISPObjectAttribute 29
PyMISP Documentation Release main
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(object_relation value kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
30 Chapter 2 pymisp
PyMISP Documentation Release main
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
29 MISPObjectReference
class pymispMISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
29 MISPObjectReference 31
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
210 MISPTag
class pymispMISPTag(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
32 Chapter 2 pymisp
PyMISP Documentation Release main
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
211 MISPUser
class pymispMISPUser(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
211 MISPUser 33
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation
class pymispMISPOrganisation
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
34 Chapter 2 pymisp
PyMISP Documentation Release main
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation 35
PyMISP Documentation Release main
36 Chapter 2 pymisp
CHAPTER
THREE
PYMISP - TOOLS
31 File Object
class pymisptoolsFileObject(filepath=None pseudofile=None filename=None kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Contains the logic where all the values of the object are gathered
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
37
PyMISP Documentation Release main
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
32 ELF Object
33 PE Object
34 Mach-O Object
35 VT Report Object
class pymisptoolsVTReportObject(apikey indicator vt_proxies=None kwargs)VirusTotal Report
Apikey VirusTotal API key (private works but only public features are supported right now)
38 Chapter 3 pymisp - Tools
PyMISP Documentation Release main
Indicator IOC to search VirusTotal for
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Parse the VirusTotal report for relevant attributes
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
35 VT Report Object 39
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
36 STIX
pymisptoolsstixload_stix(stix distribution=3 threat_level_id=2 analysis=0)Returns a MISPEvent object from a STIX package
pymisptoolsstixmake_stix_package(misp_event to_json=False to_xml=False)Returns a STIXPackage from a MISPEvent
Optionally can return the package in json or xml
37 OpenIOC
toolsload_openioc()
toolsload_openioc_file()
40 Chapter 3 pymisp - Tools
CHAPTER
FOUR
INDICES AND TABLES
bull genindex
bull modindex
bull search
41
PyMISP Documentation Release main
42 Chapter 4 Indices and tables
PYTHON MODULE INDEX
ppymisp 7pymisptools 37pymisptoolsstix 40
43
PyMISP Documentation Release main
44 Python Module Index
INDEX
AAbstractMISP (class in pymisp) 23accept_attribute_proposal()
(pymispPyMISP method) 7add_attribute() (pymispMISPEvent method) 24add_attribute() (pymispMISPObject method) 28add_attribute() (pymispPyMISP method) 7add_attribute() (pymisptoolsFileObject method)
37add_attribute() (pymisptoolsVTReportObject
method) 39add_attribute_proposal() (pymispPyMISP
method) 7add_attribute_tag() (pymispMISPEvent
method) 24add_attributes() (pymispMISPObject method)
28add_attributes() (pymisptoolsFileObject
method) 37add_attributes() (pymisptoolsVTReportObject
method) 39add_event() (pymispPyMISP method) 7add_event_blacklist() (pymispPyMISP
method) 8add_feed() (pymispPyMISP method) 8add_object() (pymispMISPEvent method) 24add_object() (pymispPyMISP method) 8add_object_reference() (pymispPyMISP
method) 8add_org_to_sharing_group() (pymispPyMISP
method) 8add_organisation() (pymispPyMISP method) 8add_organisation_blacklist()
(pymispPyMISP method) 8add_proposal() (pymispMISPAttribute method) 26add_proposal() (pymispMISPEvent method) 24add_proposal() (pymispMISPObjectAttribute
method) 29add_reference() (pymispMISPObject method) 28add_reference() (pymisptoolsFileObject method)
37add_reference() (pymisptoolsVTReportObject
method) 39add_server() (pymispPyMISP method) 8add_server_to_sharing_group()
(pymispPyMISP method) 8add_shadow_attribute() (pymispMISPAttribute
method) 26add_shadow_attribute() (pymispMISPEvent
method) 24add_shadow_attribute()
(pymispMISPObjectAttribute method) 29add_sharing_group() (pymispPyMISP method) 8add_sighting() (pymispMISPAttribute method) 26add_sighting() (pymispMISPObjectAttribute
method) 29add_sighting() (pymispPyMISP method) 8add_tag() (pymispPyMISP method) 8add_user() (pymispPyMISP method) 9attributes_statistics() (pymispPyMISP
method) 9
Bbuild_complex_query() (pymispPyMISP
method) 9
Ccache_all_feeds() (pymispPyMISP method) 9cache_feed() (pymispPyMISP method) 9cache_freetext_feeds() (pymispPyMISP
method) 9cache_misp_feeds() (pymispPyMISP method) 9change_sharing_group_on_entity()
(pymispPyMISP method) 9change_user_password() (pymispPyMISP
method) 9clear() (pymispMISPAttribute method) 26clear() (pymispMISPEvent method) 24clear() (pymispMISPObject method) 28clear() (pymispMISPObjectAttribute method) 29clear() (pymispMISPObjectReference method) 31clear() (pymispMISPOrganisation method) 34clear() (pymispMISPTag method) 32clear() (pymispMISPUser method) 33
45
PyMISP Documentation Release main
clear() (pymisptoolsFileObject method) 37clear() (pymisptoolsVTReportObject method) 39communities() (pymispPyMISP method) 9compare_feeds() (pymispPyMISP method) 9contact_event_reporter() (pymispPyMISP
method) 9
Ddefault() (pymispMISPEncode method) 24delegate_event() (pymispPyMISP method) 10delete() (pymispMISPAttribute method) 26delete() (pymispMISPObjectAttribute method) 30delete_attribute() (pymispMISPEvent method)
24delete_attribute() (pymispPyMISP method) 10delete_attribute_proposal()
(pymispPyMISP method) 10delete_event() (pymispPyMISP method) 10delete_event_blacklist() (pymispPyMISP
method) 10delete_feed() (pymispPyMISP method) 10delete_object() (pymispPyMISP method) 10delete_object_reference() (pymispPyMISP
method) 10delete_organisation() (pymispPyMISP
method) 10delete_organisation_blacklist()
(pymispPyMISP method) 10delete_server() (pymispPyMISP method) 10delete_sharing_group() (pymispPyMISP
method) 10delete_sighting() (pymispPyMISP method) 10delete_tag() (pymispPyMISP method) 11delete_user() (pymispPyMISP method) 11delete_user_setting() (pymispPyMISP
method) 11describe_types_local() (pymispPyMISP prop-
erty) 11describe_types_remote() (pymispPyMISP
property) 11direct_call() (pymispPyMISP method) 11disable_feed() (pymispPyMISP method) 11disable_feed_cache() (pymispPyMISP method)
11disable_noticelist() (pymispPyMISP method)
11disable_tag() (pymispPyMISP method) 11disable_taxonomy() (pymispPyMISP method) 11disable_taxonomy_tags() (pymispPyMISP
method) 11disable_warninglist() (pymispPyMISP
method) 11discard_attribute_proposal()
(pymispPyMISP method) 12
Eedited() (pymispAbstractMISP property) 23edited() (pymispMISPAttribute property) 26edited() (pymispMISPEvent property) 24edited() (pymispMISPObject property) 28edited() (pymispMISPObjectAttribute property) 30edited() (pymispMISPObjectReference property) 31edited() (pymispMISPOrganisation property) 34edited() (pymispMISPTag property) 32edited() (pymispMISPUser property) 33edited() (pymisptoolsFileObject property) 37edited() (pymisptoolsVTReportObject property) 39enable_feed() (pymispPyMISP method) 12enable_feed_cache() (pymispPyMISP method)
12enable_noticelist() (pymispPyMISP method)
12enable_tag() (pymispPyMISP method) 12enable_taxonomy() (pymispPyMISP method) 12enable_taxonomy_tags() (pymispPyMISP
method) 12enable_warninglist() (pymispPyMISP method)
12event_blacklists() (pymispPyMISP method) 12event_delegations() (pymispPyMISP method)
12ExpandedPyMISP (in module pymisp) 23
Ffeeds() (pymispPyMISP method) 12fetch_feed() (pymispPyMISP method) 12FileObject (class in pymisptools) 37freetext() (pymispPyMISP method) 12from_dict() (pymispAbstractMISP method) 23from_dict() (pymispMISPAttribute method) 27from_dict() (pymispMISPEvent method) 25from_dict() (pymispMISPObject method) 28from_dict() (pymispMISPObjectAttribute method)
30from_dict() (pymispMISPObjectReference method)
31from_dict() (pymispMISPOrganisation method) 34from_dict() (pymispMISPTag method) 32from_dict() (pymispMISPUser method) 33from_dict() (pymisptoolsFileObject method) 37from_dict() (pymisptoolsVTReportObject method)
39from_json() (pymispAbstractMISP method) 23from_json() (pymispMISPAttribute method) 27from_json() (pymispMISPEvent method) 25from_json() (pymispMISPObject method) 28from_json() (pymispMISPObjectAttribute method)
30
46 Index
PyMISP Documentation Release main
from_json() (pymispMISPObjectReference method)31
from_json() (pymispMISPOrganisation method) 34from_json() (pymispMISPTag method) 32from_json() (pymispMISPUser method) 33from_json() (pymisptoolsFileObject method) 37from_json() (pymisptoolsVTReportObject method)
39
Ggalaxies() (pymispPyMISP method) 12generate_attributes() (pymisptoolsFileObject
method) 37generate_attributes()
(pymisptoolsVTReportObject method)39
get() (pymispMISPAttribute method) 27get() (pymispMISPEvent method) 25get() (pymispMISPObject method) 28get() (pymispMISPObjectAttribute method) 30get() (pymispMISPObjectReference method) 31get() (pymispMISPOrganisation method) 34get() (pymispMISPTag method) 32get() (pymispMISPUser method) 33get() (pymisptoolsFileObject method) 37get() (pymisptoolsVTReportObject method) 39get_all_functions() (pymispPyMISP method)
13get_attribute() (pymispPyMISP method) 13get_attribute_tag() (pymispMISPEvent
method) 25get_attributes_by_relation()
(pymispMISPObject method) 28get_attributes_by_relation()
(pymisptoolsFileObject method) 37get_attributes_by_relation()
(pymisptoolsVTReportObject method)39
get_community() (pymispPyMISP method) 13get_event() (pymispPyMISP method) 13get_feed() (pymispPyMISP method) 13get_galaxy() (pymispPyMISP method) 13get_noticelist() (pymispPyMISP method) 13get_object() (pymispPyMISP method) 13get_object_by_id() (pymispMISPEvent method)
25get_object_by_uuid() (pymispMISPEvent
method) 25get_object_template() (pymispPyMISP
method) 13get_objects_by_name() (pymispMISPEvent
method) 25get_organisation() (pymispPyMISP method) 13get_sync_config() (pymispPyMISP method) 13
get_tag() (pymispPyMISP method) 13get_taxonomy() (pymispPyMISP method) 13get_user() (pymispPyMISP method) 13get_user_setting() (pymispPyMISP method) 14get_warninglist() (pymispPyMISP method) 14
Hhas_attributes_by_relation()
(pymispMISPObject method) 28has_attributes_by_relation()
(pymisptoolsFileObject method) 37has_attributes_by_relation()
(pymisptoolsVTReportObject method)39
hash_values() (pymispMISPAttribute method) 27hash_values() (pymispMISPObjectAttribute
method) 30
Iimport_server() (pymispPyMISP method) 14items() (pymispMISPAttribute method) 27items() (pymispMISPEvent method) 25items() (pymispMISPObject method) 29items() (pymispMISPObjectAttribute method) 30items() (pymispMISPObjectReference method) 31items() (pymispMISPOrganisation method) 34items() (pymispMISPTag method) 32items() (pymispMISPUser method) 33items() (pymisptoolsFileObject method) 38items() (pymisptoolsVTReportObject method) 39
Jjsonable() (pymispAbstractMISP method) 23jsonable() (pymispMISPAttribute method) 27jsonable() (pymispMISPEvent method) 25jsonable() (pymispMISPObject method) 29jsonable() (pymispMISPObjectAttribute method)
30jsonable() (pymispMISPObjectReference method)
31jsonable() (pymispMISPOrganisation method) 34jsonable() (pymispMISPTag method) 32jsonable() (pymispMISPUser method) 33jsonable() (pymisptoolsFileObject method) 38jsonable() (pymisptoolsVTReportObject method)
39
Kkeys() (pymispMISPAttribute method) 27keys() (pymispMISPEvent method) 25keys() (pymispMISPObject method) 29keys() (pymispMISPObjectAttribute method) 30keys() (pymispMISPObjectReference method) 31keys() (pymispMISPOrganisation method) 34
Index 47
PyMISP Documentation Release main
keys() (pymispMISPTag method) 32keys() (pymispMISPUser method) 33keys() (pymisptoolsFileObject method) 38keys() (pymisptoolsVTReportObject method) 39known_types() (pymispMISPAttribute property) 27known_types() (pymispMISPObjectAttribute prop-
erty) 30
Lload() (pymispMISPEvent method) 25load_default_feeds() (pymispPyMISP method)
14load_file() (pymispMISPEvent method) 25load_openioc() (pymisptools method) 40load_openioc_file() (pymisptools method) 40load_stix() (in module pymisptoolsstix) 40
Mmake_stix_package() (in module
pymisptoolsstix) 40malware_binary() (pymispMISPAttribute prop-
erty) 27malware_binary() (pymispMISPObjectAttribute
property) 30misp_instance_version() (pymispPyMISP
property) 14misp_instance_version_master()
(pymispPyMISP property) 14MISPAttribute (class in pymisp) 26MISPEncode (class in pymisp) 24MISPEvent (class in pymisp) 24MISPObject (class in pymisp) 28MISPObjectAttribute (class in pymisp) 29MISPObjectReference (class in pymisp) 31MISPOrganisation (class in pymisp) 34MISPTag (class in pymisp) 32MISPUser (class in pymisp) 33module
pymisp 7pymisptools 37pymisptoolsstix 40
Nnoticelists() (pymispPyMISP method) 14
Oobject_templates() (pymispPyMISP method) 14organisation_blacklists() (pymispPyMISP
method) 14organisations() (pymispPyMISP method) 14
Ppop() (pymispMISPAttribute method) 27
pop() (pymispMISPEvent method) 25pop() (pymispMISPObject method) 29pop() (pymispMISPObjectAttribute method) 30pop() (pymispMISPObjectReference method) 31pop() (pymispMISPOrganisation method) 34pop() (pymispMISPTag method) 32pop() (pymispMISPUser method) 33pop() (pymisptoolsFileObject method) 38pop() (pymisptoolsVTReportObject method) 39popitem() (pymispMISPAttribute method) 27popitem() (pymispMISPEvent method) 25popitem() (pymispMISPObject method) 29popitem() (pymispMISPObjectAttribute method) 30popitem() (pymispMISPObjectReference method) 31popitem() (pymispMISPOrganisation method) 34popitem() (pymispMISPTag method) 32popitem() (pymispMISPUser method) 33popitem() (pymisptoolsFileObject method) 38popitem() (pymisptoolsVTReportObject method) 39publish() (pymispMISPEvent method) 25publish() (pymispPyMISP method) 14push_event_to_ZMQ() (pymispPyMISP method)
14pymisp
module 7PyMISP (class in pymisp) 7pymisptools
module 37pymisptoolsstix
module 40pymisp_version_main() (pymispPyMISP prop-
erty) 15
Rrecommended_pymisp_version()
(pymispPyMISP property) 15remote_acl() (pymispPyMISP method) 15remove_org_from_sharing_group()
(pymispPyMISP method) 15remove_server_from_sharing_group()
(pymispPyMISP method) 15roles() (pymispPyMISP method) 15
Ssearch() (pymispPyMISP method) 15search_feeds() (pymispPyMISP method) 17search_index() (pymispPyMISP method) 18search_logs() (pymispPyMISP method) 18search_sightings() (pymispPyMISP method) 19server_pull() (pymispPyMISP method) 20server_push() (pymispPyMISP method) 20servers() (pymispPyMISP method) 20set_date() (pymispMISPEvent method) 25
48 Index
PyMISP Documentation Release main
set_not_jsonable() (pymispAbstractMISPmethod) 23
set_not_jsonable() (pymispMISPAttributemethod) 27
set_not_jsonable() (pymispMISPEvent method)25
set_not_jsonable() (pymispMISPObjectmethod) 29
set_not_jsonable() (pymispMISPObjectAttributemethod) 30
set_not_jsonable()(pymispMISPObjectReference method)31
set_not_jsonable() (pymispMISPOrganisationmethod) 35
set_not_jsonable() (pymispMISPTag method)32
set_not_jsonable() (pymispMISPUser method)33
set_not_jsonable() (pymisptoolsFileObjectmethod) 38
set_not_jsonable()(pymisptoolsVTReportObject method)39
set_user_setting() (pymispPyMISP method) 20setdefault() (pymispMISPAttribute method) 27setdefault() (pymispMISPEvent method) 25setdefault() (pymispMISPObject method) 29setdefault() (pymispMISPObjectAttribute
method) 30setdefault() (pymispMISPObjectReference
method) 31setdefault() (pymispMISPOrganisation method)
35setdefault() (pymispMISPTag method) 33setdefault() (pymispMISPUser method) 34setdefault() (pymisptoolsFileObject method) 38setdefault() (pymisptoolsVTReportObject
method) 40sharing_groups() (pymispPyMISP method) 20sightings() (pymispPyMISP method) 20
Ttag() (pymispPyMISP method) 20tags() (pymispMISPAttribute property) 27tags() (pymispMISPEvent property) 26tags() (pymispMISPObjectAttribute property) 30tags() (pymispPyMISP method) 20tags_statistics() (pymispPyMISP method) 20taxonomies() (pymispPyMISP method) 20to_dict() (pymispAbstractMISP method) 23to_dict() (pymispMISPAttribute method) 27to_dict() (pymispMISPEvent method) 26to_dict() (pymispMISPObject method) 29
to_dict() (pymispMISPObjectAttribute method) 30to_dict() (pymispMISPObjectReference method) 32to_dict() (pymispMISPOrganisation method) 35to_dict() (pymispMISPTag method) 33to_dict() (pymispMISPUser method) 34to_dict() (pymisptoolsFileObject method) 38to_dict() (pymisptoolsVTReportObject method) 40to_feed() (pymispMISPEvent method) 26to_json() (pymispAbstractMISP method) 23to_json() (pymispMISPAttribute method) 27to_json() (pymispMISPEvent method) 26to_json() (pymispMISPObject method) 29to_json() (pymispMISPObjectAttribute method) 31to_json() (pymispMISPObjectReference method) 32to_json() (pymispMISPOrganisation method) 35to_json() (pymispMISPTag method) 33to_json() (pymispMISPUser method) 34to_json() (pymisptoolsFileObject method) 38to_json() (pymisptoolsVTReportObject method) 40toggle_warninglist() (pymispPyMISP method)
20
Uunpublish() (pymispMISPEvent method) 26untag() (pymispPyMISP method) 21update() (pymispMISPAttribute method) 28update() (pymispMISPEvent method) 26update() (pymispMISPObject method) 29update() (pymispMISPObjectAttribute method) 31update() (pymispMISPObjectReference method) 32update() (pymispMISPOrganisation method) 35update() (pymispMISPTag method) 33update() (pymispMISPUser method) 34update() (pymisptoolsFileObject method) 38update() (pymisptoolsVTReportObject method) 40update_attribute() (pymispPyMISP method) 21update_attribute_proposal()
(pymispPyMISP method) 21update_event() (pymispPyMISP method) 21update_event_blacklist() (pymispPyMISP
method) 21update_feed() (pymispPyMISP method) 21update_galaxies() (pymispPyMISP method) 21update_not_jsonable() (pymispAbstractMISP
method) 23update_not_jsonable() (pymispMISPAttribute
method) 28update_not_jsonable() (pymispMISPEvent
method) 26update_not_jsonable() (pymispMISPObject
method) 29update_not_jsonable()
(pymispMISPObjectAttribute method) 31
Index 49
PyMISP Documentation Release main
update_not_jsonable()(pymispMISPObjectReference method)32
update_not_jsonable()(pymispMISPOrganisation method) 35
update_not_jsonable() (pymispMISPTagmethod) 33
update_not_jsonable() (pymispMISPUsermethod) 34
update_not_jsonable() (pymisptoolsFileObjectmethod) 38
update_not_jsonable()(pymisptoolsVTReportObject method)40
update_noticelists() (pymispPyMISP method)21
update_object() (pymispPyMISP method) 21update_object_templates() (pymispPyMISP
method) 21update_organisation() (pymispPyMISP
method) 21update_organisation_blacklist()
(pymispPyMISP method) 21update_server() (pymispPyMISP method) 22update_tag() (pymispPyMISP method) 22update_taxonomies() (pymispPyMISP method)
22update_user() (pymispPyMISP method) 22update_warninglists() (pymispPyMISP
method) 22upload_stix() (pymispPyMISP method) 22user_registrations() (pymispPyMISP method)
22user_settings() (pymispPyMISP method) 22users() (pymispPyMISP method) 22users_statistics() (pymispPyMISP method) 22
Vvalues() (pymispMISPAttribute method) 28values() (pymispMISPEvent method) 26values() (pymispMISPObject method) 29values() (pymispMISPObjectAttribute method) 31values() (pymispMISPObjectReference method) 32values() (pymispMISPOrganisation method) 35values() (pymispMISPTag method) 33values() (pymispMISPUser method) 34values() (pymisptoolsFileObject method) 38values() (pymisptoolsVTReportObject method) 40values_in_warninglist() (pymispPyMISP
method) 22version() (pymispPyMISP property) 22VTReportObject (class in pymisptools) 38
Wwarninglists() (pymispPyMISP method) 22
50 Index
- README
- pymisp
- PyMISP
- PyMISPExpanded (Python 36+ only)
- MISPAbstract
- MISPEncode
- MISPEvent
- MISPAttribute
- MISPObject
- MISPObjectAttribute
- MISPObjectReference
- MISPTag
- MISPUser
- MISPOrganisation
- pymisp - Tools
- File Object
- ELF Object
- PE Object
- Mach-O Object
- VT Report Object
- STIX
- OpenIOC
- Indices and tables
- Python Module Index
- Index
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Event
Return type List[MISPTag]
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_feed(valid_distributions=[0 1 2 3 4 5] with_meta=False)Generate a json output for MISP Feed Notes
bull valid_distributions only makes sense if the distribution key is set (ie the event is exported from aMISP instance)
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
unpublish()Mark the attribute as un-published (set publish flag to false)
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
26 MISPAttribute
class pymispMISPAttribute(describe_types=None strict=False)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
26 Chapter 2 pymisp
PyMISP Documentation Release main
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
26 MISPAttribute 27
PyMISP Documentation Release main
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
27 MISPObject
class pymispMISPObject(name strict=False standalone=True default_attributes_parameters=kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
28 Chapter 2 pymisp
PyMISP Documentation Release main
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
28 MISPObjectAttribute
class pymispMISPObjectAttribute(definition)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
28 MISPObjectAttribute 29
PyMISP Documentation Release main
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(object_relation value kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
30 Chapter 2 pymisp
PyMISP Documentation Release main
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
29 MISPObjectReference
class pymispMISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
29 MISPObjectReference 31
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
210 MISPTag
class pymispMISPTag(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
32 Chapter 2 pymisp
PyMISP Documentation Release main
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
211 MISPUser
class pymispMISPUser(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
211 MISPUser 33
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation
class pymispMISPOrganisation
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
34 Chapter 2 pymisp
PyMISP Documentation Release main
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation 35
PyMISP Documentation Release main
36 Chapter 2 pymisp
CHAPTER
THREE
PYMISP - TOOLS
31 File Object
class pymisptoolsFileObject(filepath=None pseudofile=None filename=None kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Contains the logic where all the values of the object are gathered
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
37
PyMISP Documentation Release main
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
32 ELF Object
33 PE Object
34 Mach-O Object
35 VT Report Object
class pymisptoolsVTReportObject(apikey indicator vt_proxies=None kwargs)VirusTotal Report
Apikey VirusTotal API key (private works but only public features are supported right now)
38 Chapter 3 pymisp - Tools
PyMISP Documentation Release main
Indicator IOC to search VirusTotal for
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Parse the VirusTotal report for relevant attributes
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
35 VT Report Object 39
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
36 STIX
pymisptoolsstixload_stix(stix distribution=3 threat_level_id=2 analysis=0)Returns a MISPEvent object from a STIX package
pymisptoolsstixmake_stix_package(misp_event to_json=False to_xml=False)Returns a STIXPackage from a MISPEvent
Optionally can return the package in json or xml
37 OpenIOC
toolsload_openioc()
toolsload_openioc_file()
40 Chapter 3 pymisp - Tools
CHAPTER
FOUR
INDICES AND TABLES
bull genindex
bull modindex
bull search
41
PyMISP Documentation Release main
42 Chapter 4 Indices and tables
PYTHON MODULE INDEX
ppymisp 7pymisptools 37pymisptoolsstix 40
43
PyMISP Documentation Release main
44 Python Module Index
INDEX
AAbstractMISP (class in pymisp) 23accept_attribute_proposal()
(pymispPyMISP method) 7add_attribute() (pymispMISPEvent method) 24add_attribute() (pymispMISPObject method) 28add_attribute() (pymispPyMISP method) 7add_attribute() (pymisptoolsFileObject method)
37add_attribute() (pymisptoolsVTReportObject
method) 39add_attribute_proposal() (pymispPyMISP
method) 7add_attribute_tag() (pymispMISPEvent
method) 24add_attributes() (pymispMISPObject method)
28add_attributes() (pymisptoolsFileObject
method) 37add_attributes() (pymisptoolsVTReportObject
method) 39add_event() (pymispPyMISP method) 7add_event_blacklist() (pymispPyMISP
method) 8add_feed() (pymispPyMISP method) 8add_object() (pymispMISPEvent method) 24add_object() (pymispPyMISP method) 8add_object_reference() (pymispPyMISP
method) 8add_org_to_sharing_group() (pymispPyMISP
method) 8add_organisation() (pymispPyMISP method) 8add_organisation_blacklist()
(pymispPyMISP method) 8add_proposal() (pymispMISPAttribute method) 26add_proposal() (pymispMISPEvent method) 24add_proposal() (pymispMISPObjectAttribute
method) 29add_reference() (pymispMISPObject method) 28add_reference() (pymisptoolsFileObject method)
37add_reference() (pymisptoolsVTReportObject
method) 39add_server() (pymispPyMISP method) 8add_server_to_sharing_group()
(pymispPyMISP method) 8add_shadow_attribute() (pymispMISPAttribute
method) 26add_shadow_attribute() (pymispMISPEvent
method) 24add_shadow_attribute()
(pymispMISPObjectAttribute method) 29add_sharing_group() (pymispPyMISP method) 8add_sighting() (pymispMISPAttribute method) 26add_sighting() (pymispMISPObjectAttribute
method) 29add_sighting() (pymispPyMISP method) 8add_tag() (pymispPyMISP method) 8add_user() (pymispPyMISP method) 9attributes_statistics() (pymispPyMISP
method) 9
Bbuild_complex_query() (pymispPyMISP
method) 9
Ccache_all_feeds() (pymispPyMISP method) 9cache_feed() (pymispPyMISP method) 9cache_freetext_feeds() (pymispPyMISP
method) 9cache_misp_feeds() (pymispPyMISP method) 9change_sharing_group_on_entity()
(pymispPyMISP method) 9change_user_password() (pymispPyMISP
method) 9clear() (pymispMISPAttribute method) 26clear() (pymispMISPEvent method) 24clear() (pymispMISPObject method) 28clear() (pymispMISPObjectAttribute method) 29clear() (pymispMISPObjectReference method) 31clear() (pymispMISPOrganisation method) 34clear() (pymispMISPTag method) 32clear() (pymispMISPUser method) 33
45
PyMISP Documentation Release main
clear() (pymisptoolsFileObject method) 37clear() (pymisptoolsVTReportObject method) 39communities() (pymispPyMISP method) 9compare_feeds() (pymispPyMISP method) 9contact_event_reporter() (pymispPyMISP
method) 9
Ddefault() (pymispMISPEncode method) 24delegate_event() (pymispPyMISP method) 10delete() (pymispMISPAttribute method) 26delete() (pymispMISPObjectAttribute method) 30delete_attribute() (pymispMISPEvent method)
24delete_attribute() (pymispPyMISP method) 10delete_attribute_proposal()
(pymispPyMISP method) 10delete_event() (pymispPyMISP method) 10delete_event_blacklist() (pymispPyMISP
method) 10delete_feed() (pymispPyMISP method) 10delete_object() (pymispPyMISP method) 10delete_object_reference() (pymispPyMISP
method) 10delete_organisation() (pymispPyMISP
method) 10delete_organisation_blacklist()
(pymispPyMISP method) 10delete_server() (pymispPyMISP method) 10delete_sharing_group() (pymispPyMISP
method) 10delete_sighting() (pymispPyMISP method) 10delete_tag() (pymispPyMISP method) 11delete_user() (pymispPyMISP method) 11delete_user_setting() (pymispPyMISP
method) 11describe_types_local() (pymispPyMISP prop-
erty) 11describe_types_remote() (pymispPyMISP
property) 11direct_call() (pymispPyMISP method) 11disable_feed() (pymispPyMISP method) 11disable_feed_cache() (pymispPyMISP method)
11disable_noticelist() (pymispPyMISP method)
11disable_tag() (pymispPyMISP method) 11disable_taxonomy() (pymispPyMISP method) 11disable_taxonomy_tags() (pymispPyMISP
method) 11disable_warninglist() (pymispPyMISP
method) 11discard_attribute_proposal()
(pymispPyMISP method) 12
Eedited() (pymispAbstractMISP property) 23edited() (pymispMISPAttribute property) 26edited() (pymispMISPEvent property) 24edited() (pymispMISPObject property) 28edited() (pymispMISPObjectAttribute property) 30edited() (pymispMISPObjectReference property) 31edited() (pymispMISPOrganisation property) 34edited() (pymispMISPTag property) 32edited() (pymispMISPUser property) 33edited() (pymisptoolsFileObject property) 37edited() (pymisptoolsVTReportObject property) 39enable_feed() (pymispPyMISP method) 12enable_feed_cache() (pymispPyMISP method)
12enable_noticelist() (pymispPyMISP method)
12enable_tag() (pymispPyMISP method) 12enable_taxonomy() (pymispPyMISP method) 12enable_taxonomy_tags() (pymispPyMISP
method) 12enable_warninglist() (pymispPyMISP method)
12event_blacklists() (pymispPyMISP method) 12event_delegations() (pymispPyMISP method)
12ExpandedPyMISP (in module pymisp) 23
Ffeeds() (pymispPyMISP method) 12fetch_feed() (pymispPyMISP method) 12FileObject (class in pymisptools) 37freetext() (pymispPyMISP method) 12from_dict() (pymispAbstractMISP method) 23from_dict() (pymispMISPAttribute method) 27from_dict() (pymispMISPEvent method) 25from_dict() (pymispMISPObject method) 28from_dict() (pymispMISPObjectAttribute method)
30from_dict() (pymispMISPObjectReference method)
31from_dict() (pymispMISPOrganisation method) 34from_dict() (pymispMISPTag method) 32from_dict() (pymispMISPUser method) 33from_dict() (pymisptoolsFileObject method) 37from_dict() (pymisptoolsVTReportObject method)
39from_json() (pymispAbstractMISP method) 23from_json() (pymispMISPAttribute method) 27from_json() (pymispMISPEvent method) 25from_json() (pymispMISPObject method) 28from_json() (pymispMISPObjectAttribute method)
30
46 Index
PyMISP Documentation Release main
from_json() (pymispMISPObjectReference method)31
from_json() (pymispMISPOrganisation method) 34from_json() (pymispMISPTag method) 32from_json() (pymispMISPUser method) 33from_json() (pymisptoolsFileObject method) 37from_json() (pymisptoolsVTReportObject method)
39
Ggalaxies() (pymispPyMISP method) 12generate_attributes() (pymisptoolsFileObject
method) 37generate_attributes()
(pymisptoolsVTReportObject method)39
get() (pymispMISPAttribute method) 27get() (pymispMISPEvent method) 25get() (pymispMISPObject method) 28get() (pymispMISPObjectAttribute method) 30get() (pymispMISPObjectReference method) 31get() (pymispMISPOrganisation method) 34get() (pymispMISPTag method) 32get() (pymispMISPUser method) 33get() (pymisptoolsFileObject method) 37get() (pymisptoolsVTReportObject method) 39get_all_functions() (pymispPyMISP method)
13get_attribute() (pymispPyMISP method) 13get_attribute_tag() (pymispMISPEvent
method) 25get_attributes_by_relation()
(pymispMISPObject method) 28get_attributes_by_relation()
(pymisptoolsFileObject method) 37get_attributes_by_relation()
(pymisptoolsVTReportObject method)39
get_community() (pymispPyMISP method) 13get_event() (pymispPyMISP method) 13get_feed() (pymispPyMISP method) 13get_galaxy() (pymispPyMISP method) 13get_noticelist() (pymispPyMISP method) 13get_object() (pymispPyMISP method) 13get_object_by_id() (pymispMISPEvent method)
25get_object_by_uuid() (pymispMISPEvent
method) 25get_object_template() (pymispPyMISP
method) 13get_objects_by_name() (pymispMISPEvent
method) 25get_organisation() (pymispPyMISP method) 13get_sync_config() (pymispPyMISP method) 13
get_tag() (pymispPyMISP method) 13get_taxonomy() (pymispPyMISP method) 13get_user() (pymispPyMISP method) 13get_user_setting() (pymispPyMISP method) 14get_warninglist() (pymispPyMISP method) 14
Hhas_attributes_by_relation()
(pymispMISPObject method) 28has_attributes_by_relation()
(pymisptoolsFileObject method) 37has_attributes_by_relation()
(pymisptoolsVTReportObject method)39
hash_values() (pymispMISPAttribute method) 27hash_values() (pymispMISPObjectAttribute
method) 30
Iimport_server() (pymispPyMISP method) 14items() (pymispMISPAttribute method) 27items() (pymispMISPEvent method) 25items() (pymispMISPObject method) 29items() (pymispMISPObjectAttribute method) 30items() (pymispMISPObjectReference method) 31items() (pymispMISPOrganisation method) 34items() (pymispMISPTag method) 32items() (pymispMISPUser method) 33items() (pymisptoolsFileObject method) 38items() (pymisptoolsVTReportObject method) 39
Jjsonable() (pymispAbstractMISP method) 23jsonable() (pymispMISPAttribute method) 27jsonable() (pymispMISPEvent method) 25jsonable() (pymispMISPObject method) 29jsonable() (pymispMISPObjectAttribute method)
30jsonable() (pymispMISPObjectReference method)
31jsonable() (pymispMISPOrganisation method) 34jsonable() (pymispMISPTag method) 32jsonable() (pymispMISPUser method) 33jsonable() (pymisptoolsFileObject method) 38jsonable() (pymisptoolsVTReportObject method)
39
Kkeys() (pymispMISPAttribute method) 27keys() (pymispMISPEvent method) 25keys() (pymispMISPObject method) 29keys() (pymispMISPObjectAttribute method) 30keys() (pymispMISPObjectReference method) 31keys() (pymispMISPOrganisation method) 34
Index 47
PyMISP Documentation Release main
keys() (pymispMISPTag method) 32keys() (pymispMISPUser method) 33keys() (pymisptoolsFileObject method) 38keys() (pymisptoolsVTReportObject method) 39known_types() (pymispMISPAttribute property) 27known_types() (pymispMISPObjectAttribute prop-
erty) 30
Lload() (pymispMISPEvent method) 25load_default_feeds() (pymispPyMISP method)
14load_file() (pymispMISPEvent method) 25load_openioc() (pymisptools method) 40load_openioc_file() (pymisptools method) 40load_stix() (in module pymisptoolsstix) 40
Mmake_stix_package() (in module
pymisptoolsstix) 40malware_binary() (pymispMISPAttribute prop-
erty) 27malware_binary() (pymispMISPObjectAttribute
property) 30misp_instance_version() (pymispPyMISP
property) 14misp_instance_version_master()
(pymispPyMISP property) 14MISPAttribute (class in pymisp) 26MISPEncode (class in pymisp) 24MISPEvent (class in pymisp) 24MISPObject (class in pymisp) 28MISPObjectAttribute (class in pymisp) 29MISPObjectReference (class in pymisp) 31MISPOrganisation (class in pymisp) 34MISPTag (class in pymisp) 32MISPUser (class in pymisp) 33module
pymisp 7pymisptools 37pymisptoolsstix 40
Nnoticelists() (pymispPyMISP method) 14
Oobject_templates() (pymispPyMISP method) 14organisation_blacklists() (pymispPyMISP
method) 14organisations() (pymispPyMISP method) 14
Ppop() (pymispMISPAttribute method) 27
pop() (pymispMISPEvent method) 25pop() (pymispMISPObject method) 29pop() (pymispMISPObjectAttribute method) 30pop() (pymispMISPObjectReference method) 31pop() (pymispMISPOrganisation method) 34pop() (pymispMISPTag method) 32pop() (pymispMISPUser method) 33pop() (pymisptoolsFileObject method) 38pop() (pymisptoolsVTReportObject method) 39popitem() (pymispMISPAttribute method) 27popitem() (pymispMISPEvent method) 25popitem() (pymispMISPObject method) 29popitem() (pymispMISPObjectAttribute method) 30popitem() (pymispMISPObjectReference method) 31popitem() (pymispMISPOrganisation method) 34popitem() (pymispMISPTag method) 32popitem() (pymispMISPUser method) 33popitem() (pymisptoolsFileObject method) 38popitem() (pymisptoolsVTReportObject method) 39publish() (pymispMISPEvent method) 25publish() (pymispPyMISP method) 14push_event_to_ZMQ() (pymispPyMISP method)
14pymisp
module 7PyMISP (class in pymisp) 7pymisptools
module 37pymisptoolsstix
module 40pymisp_version_main() (pymispPyMISP prop-
erty) 15
Rrecommended_pymisp_version()
(pymispPyMISP property) 15remote_acl() (pymispPyMISP method) 15remove_org_from_sharing_group()
(pymispPyMISP method) 15remove_server_from_sharing_group()
(pymispPyMISP method) 15roles() (pymispPyMISP method) 15
Ssearch() (pymispPyMISP method) 15search_feeds() (pymispPyMISP method) 17search_index() (pymispPyMISP method) 18search_logs() (pymispPyMISP method) 18search_sightings() (pymispPyMISP method) 19server_pull() (pymispPyMISP method) 20server_push() (pymispPyMISP method) 20servers() (pymispPyMISP method) 20set_date() (pymispMISPEvent method) 25
48 Index
PyMISP Documentation Release main
set_not_jsonable() (pymispAbstractMISPmethod) 23
set_not_jsonable() (pymispMISPAttributemethod) 27
set_not_jsonable() (pymispMISPEvent method)25
set_not_jsonable() (pymispMISPObjectmethod) 29
set_not_jsonable() (pymispMISPObjectAttributemethod) 30
set_not_jsonable()(pymispMISPObjectReference method)31
set_not_jsonable() (pymispMISPOrganisationmethod) 35
set_not_jsonable() (pymispMISPTag method)32
set_not_jsonable() (pymispMISPUser method)33
set_not_jsonable() (pymisptoolsFileObjectmethod) 38
set_not_jsonable()(pymisptoolsVTReportObject method)39
set_user_setting() (pymispPyMISP method) 20setdefault() (pymispMISPAttribute method) 27setdefault() (pymispMISPEvent method) 25setdefault() (pymispMISPObject method) 29setdefault() (pymispMISPObjectAttribute
method) 30setdefault() (pymispMISPObjectReference
method) 31setdefault() (pymispMISPOrganisation method)
35setdefault() (pymispMISPTag method) 33setdefault() (pymispMISPUser method) 34setdefault() (pymisptoolsFileObject method) 38setdefault() (pymisptoolsVTReportObject
method) 40sharing_groups() (pymispPyMISP method) 20sightings() (pymispPyMISP method) 20
Ttag() (pymispPyMISP method) 20tags() (pymispMISPAttribute property) 27tags() (pymispMISPEvent property) 26tags() (pymispMISPObjectAttribute property) 30tags() (pymispPyMISP method) 20tags_statistics() (pymispPyMISP method) 20taxonomies() (pymispPyMISP method) 20to_dict() (pymispAbstractMISP method) 23to_dict() (pymispMISPAttribute method) 27to_dict() (pymispMISPEvent method) 26to_dict() (pymispMISPObject method) 29
to_dict() (pymispMISPObjectAttribute method) 30to_dict() (pymispMISPObjectReference method) 32to_dict() (pymispMISPOrganisation method) 35to_dict() (pymispMISPTag method) 33to_dict() (pymispMISPUser method) 34to_dict() (pymisptoolsFileObject method) 38to_dict() (pymisptoolsVTReportObject method) 40to_feed() (pymispMISPEvent method) 26to_json() (pymispAbstractMISP method) 23to_json() (pymispMISPAttribute method) 27to_json() (pymispMISPEvent method) 26to_json() (pymispMISPObject method) 29to_json() (pymispMISPObjectAttribute method) 31to_json() (pymispMISPObjectReference method) 32to_json() (pymispMISPOrganisation method) 35to_json() (pymispMISPTag method) 33to_json() (pymispMISPUser method) 34to_json() (pymisptoolsFileObject method) 38to_json() (pymisptoolsVTReportObject method) 40toggle_warninglist() (pymispPyMISP method)
20
Uunpublish() (pymispMISPEvent method) 26untag() (pymispPyMISP method) 21update() (pymispMISPAttribute method) 28update() (pymispMISPEvent method) 26update() (pymispMISPObject method) 29update() (pymispMISPObjectAttribute method) 31update() (pymispMISPObjectReference method) 32update() (pymispMISPOrganisation method) 35update() (pymispMISPTag method) 33update() (pymispMISPUser method) 34update() (pymisptoolsFileObject method) 38update() (pymisptoolsVTReportObject method) 40update_attribute() (pymispPyMISP method) 21update_attribute_proposal()
(pymispPyMISP method) 21update_event() (pymispPyMISP method) 21update_event_blacklist() (pymispPyMISP
method) 21update_feed() (pymispPyMISP method) 21update_galaxies() (pymispPyMISP method) 21update_not_jsonable() (pymispAbstractMISP
method) 23update_not_jsonable() (pymispMISPAttribute
method) 28update_not_jsonable() (pymispMISPEvent
method) 26update_not_jsonable() (pymispMISPObject
method) 29update_not_jsonable()
(pymispMISPObjectAttribute method) 31
Index 49
PyMISP Documentation Release main
update_not_jsonable()(pymispMISPObjectReference method)32
update_not_jsonable()(pymispMISPOrganisation method) 35
update_not_jsonable() (pymispMISPTagmethod) 33
update_not_jsonable() (pymispMISPUsermethod) 34
update_not_jsonable() (pymisptoolsFileObjectmethod) 38
update_not_jsonable()(pymisptoolsVTReportObject method)40
update_noticelists() (pymispPyMISP method)21
update_object() (pymispPyMISP method) 21update_object_templates() (pymispPyMISP
method) 21update_organisation() (pymispPyMISP
method) 21update_organisation_blacklist()
(pymispPyMISP method) 21update_server() (pymispPyMISP method) 22update_tag() (pymispPyMISP method) 22update_taxonomies() (pymispPyMISP method)
22update_user() (pymispPyMISP method) 22update_warninglists() (pymispPyMISP
method) 22upload_stix() (pymispPyMISP method) 22user_registrations() (pymispPyMISP method)
22user_settings() (pymispPyMISP method) 22users() (pymispPyMISP method) 22users_statistics() (pymispPyMISP method) 22
Vvalues() (pymispMISPAttribute method) 28values() (pymispMISPEvent method) 26values() (pymispMISPObject method) 29values() (pymispMISPObjectAttribute method) 31values() (pymispMISPObjectReference method) 32values() (pymispMISPOrganisation method) 35values() (pymispMISPTag method) 33values() (pymispMISPUser method) 34values() (pymisptoolsFileObject method) 38values() (pymisptoolsVTReportObject method) 40values_in_warninglist() (pymispPyMISP
method) 22version() (pymispPyMISP property) 22VTReportObject (class in pymisptools) 38
Wwarninglists() (pymispPyMISP method) 22
50 Index
- README
- pymisp
- PyMISP
- PyMISPExpanded (Python 36+ only)
- MISPAbstract
- MISPEncode
- MISPEvent
- MISPAttribute
- MISPObject
- MISPObjectAttribute
- MISPObjectReference
- MISPTag
- MISPUser
- MISPOrganisation
- pymisp - Tools
- File Object
- ELF Object
- PE Object
- Mach-O Object
- VT Report Object
- STIX
- OpenIOC
- Indices and tables
- Python Module Index
- Index
PyMISP Documentation Release main
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
26 MISPAttribute 27
PyMISP Documentation Release main
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
27 MISPObject
class pymispMISPObject(name strict=False standalone=True default_attributes_parameters=kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
28 Chapter 2 pymisp
PyMISP Documentation Release main
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
28 MISPObjectAttribute
class pymispMISPObjectAttribute(definition)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
28 MISPObjectAttribute 29
PyMISP Documentation Release main
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(object_relation value kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
30 Chapter 2 pymisp
PyMISP Documentation Release main
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
29 MISPObjectReference
class pymispMISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
29 MISPObjectReference 31
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
210 MISPTag
class pymispMISPTag(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
32 Chapter 2 pymisp
PyMISP Documentation Release main
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
211 MISPUser
class pymispMISPUser(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
211 MISPUser 33
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation
class pymispMISPOrganisation
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
34 Chapter 2 pymisp
PyMISP Documentation Release main
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation 35
PyMISP Documentation Release main
36 Chapter 2 pymisp
CHAPTER
THREE
PYMISP - TOOLS
31 File Object
class pymisptoolsFileObject(filepath=None pseudofile=None filename=None kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Contains the logic where all the values of the object are gathered
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
37
PyMISP Documentation Release main
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
32 ELF Object
33 PE Object
34 Mach-O Object
35 VT Report Object
class pymisptoolsVTReportObject(apikey indicator vt_proxies=None kwargs)VirusTotal Report
Apikey VirusTotal API key (private works but only public features are supported right now)
38 Chapter 3 pymisp - Tools
PyMISP Documentation Release main
Indicator IOC to search VirusTotal for
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Parse the VirusTotal report for relevant attributes
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
35 VT Report Object 39
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
36 STIX
pymisptoolsstixload_stix(stix distribution=3 threat_level_id=2 analysis=0)Returns a MISPEvent object from a STIX package
pymisptoolsstixmake_stix_package(misp_event to_json=False to_xml=False)Returns a STIXPackage from a MISPEvent
Optionally can return the package in json or xml
37 OpenIOC
toolsload_openioc()
toolsload_openioc_file()
40 Chapter 3 pymisp - Tools
CHAPTER
FOUR
INDICES AND TABLES
bull genindex
bull modindex
bull search
41
PyMISP Documentation Release main
42 Chapter 4 Indices and tables
PYTHON MODULE INDEX
ppymisp 7pymisptools 37pymisptoolsstix 40
43
PyMISP Documentation Release main
44 Python Module Index
INDEX
AAbstractMISP (class in pymisp) 23accept_attribute_proposal()
(pymispPyMISP method) 7add_attribute() (pymispMISPEvent method) 24add_attribute() (pymispMISPObject method) 28add_attribute() (pymispPyMISP method) 7add_attribute() (pymisptoolsFileObject method)
37add_attribute() (pymisptoolsVTReportObject
method) 39add_attribute_proposal() (pymispPyMISP
method) 7add_attribute_tag() (pymispMISPEvent
method) 24add_attributes() (pymispMISPObject method)
28add_attributes() (pymisptoolsFileObject
method) 37add_attributes() (pymisptoolsVTReportObject
method) 39add_event() (pymispPyMISP method) 7add_event_blacklist() (pymispPyMISP
method) 8add_feed() (pymispPyMISP method) 8add_object() (pymispMISPEvent method) 24add_object() (pymispPyMISP method) 8add_object_reference() (pymispPyMISP
method) 8add_org_to_sharing_group() (pymispPyMISP
method) 8add_organisation() (pymispPyMISP method) 8add_organisation_blacklist()
(pymispPyMISP method) 8add_proposal() (pymispMISPAttribute method) 26add_proposal() (pymispMISPEvent method) 24add_proposal() (pymispMISPObjectAttribute
method) 29add_reference() (pymispMISPObject method) 28add_reference() (pymisptoolsFileObject method)
37add_reference() (pymisptoolsVTReportObject
method) 39add_server() (pymispPyMISP method) 8add_server_to_sharing_group()
(pymispPyMISP method) 8add_shadow_attribute() (pymispMISPAttribute
method) 26add_shadow_attribute() (pymispMISPEvent
method) 24add_shadow_attribute()
(pymispMISPObjectAttribute method) 29add_sharing_group() (pymispPyMISP method) 8add_sighting() (pymispMISPAttribute method) 26add_sighting() (pymispMISPObjectAttribute
method) 29add_sighting() (pymispPyMISP method) 8add_tag() (pymispPyMISP method) 8add_user() (pymispPyMISP method) 9attributes_statistics() (pymispPyMISP
method) 9
Bbuild_complex_query() (pymispPyMISP
method) 9
Ccache_all_feeds() (pymispPyMISP method) 9cache_feed() (pymispPyMISP method) 9cache_freetext_feeds() (pymispPyMISP
method) 9cache_misp_feeds() (pymispPyMISP method) 9change_sharing_group_on_entity()
(pymispPyMISP method) 9change_user_password() (pymispPyMISP
method) 9clear() (pymispMISPAttribute method) 26clear() (pymispMISPEvent method) 24clear() (pymispMISPObject method) 28clear() (pymispMISPObjectAttribute method) 29clear() (pymispMISPObjectReference method) 31clear() (pymispMISPOrganisation method) 34clear() (pymispMISPTag method) 32clear() (pymispMISPUser method) 33
45
PyMISP Documentation Release main
clear() (pymisptoolsFileObject method) 37clear() (pymisptoolsVTReportObject method) 39communities() (pymispPyMISP method) 9compare_feeds() (pymispPyMISP method) 9contact_event_reporter() (pymispPyMISP
method) 9
Ddefault() (pymispMISPEncode method) 24delegate_event() (pymispPyMISP method) 10delete() (pymispMISPAttribute method) 26delete() (pymispMISPObjectAttribute method) 30delete_attribute() (pymispMISPEvent method)
24delete_attribute() (pymispPyMISP method) 10delete_attribute_proposal()
(pymispPyMISP method) 10delete_event() (pymispPyMISP method) 10delete_event_blacklist() (pymispPyMISP
method) 10delete_feed() (pymispPyMISP method) 10delete_object() (pymispPyMISP method) 10delete_object_reference() (pymispPyMISP
method) 10delete_organisation() (pymispPyMISP
method) 10delete_organisation_blacklist()
(pymispPyMISP method) 10delete_server() (pymispPyMISP method) 10delete_sharing_group() (pymispPyMISP
method) 10delete_sighting() (pymispPyMISP method) 10delete_tag() (pymispPyMISP method) 11delete_user() (pymispPyMISP method) 11delete_user_setting() (pymispPyMISP
method) 11describe_types_local() (pymispPyMISP prop-
erty) 11describe_types_remote() (pymispPyMISP
property) 11direct_call() (pymispPyMISP method) 11disable_feed() (pymispPyMISP method) 11disable_feed_cache() (pymispPyMISP method)
11disable_noticelist() (pymispPyMISP method)
11disable_tag() (pymispPyMISP method) 11disable_taxonomy() (pymispPyMISP method) 11disable_taxonomy_tags() (pymispPyMISP
method) 11disable_warninglist() (pymispPyMISP
method) 11discard_attribute_proposal()
(pymispPyMISP method) 12
Eedited() (pymispAbstractMISP property) 23edited() (pymispMISPAttribute property) 26edited() (pymispMISPEvent property) 24edited() (pymispMISPObject property) 28edited() (pymispMISPObjectAttribute property) 30edited() (pymispMISPObjectReference property) 31edited() (pymispMISPOrganisation property) 34edited() (pymispMISPTag property) 32edited() (pymispMISPUser property) 33edited() (pymisptoolsFileObject property) 37edited() (pymisptoolsVTReportObject property) 39enable_feed() (pymispPyMISP method) 12enable_feed_cache() (pymispPyMISP method)
12enable_noticelist() (pymispPyMISP method)
12enable_tag() (pymispPyMISP method) 12enable_taxonomy() (pymispPyMISP method) 12enable_taxonomy_tags() (pymispPyMISP
method) 12enable_warninglist() (pymispPyMISP method)
12event_blacklists() (pymispPyMISP method) 12event_delegations() (pymispPyMISP method)
12ExpandedPyMISP (in module pymisp) 23
Ffeeds() (pymispPyMISP method) 12fetch_feed() (pymispPyMISP method) 12FileObject (class in pymisptools) 37freetext() (pymispPyMISP method) 12from_dict() (pymispAbstractMISP method) 23from_dict() (pymispMISPAttribute method) 27from_dict() (pymispMISPEvent method) 25from_dict() (pymispMISPObject method) 28from_dict() (pymispMISPObjectAttribute method)
30from_dict() (pymispMISPObjectReference method)
31from_dict() (pymispMISPOrganisation method) 34from_dict() (pymispMISPTag method) 32from_dict() (pymispMISPUser method) 33from_dict() (pymisptoolsFileObject method) 37from_dict() (pymisptoolsVTReportObject method)
39from_json() (pymispAbstractMISP method) 23from_json() (pymispMISPAttribute method) 27from_json() (pymispMISPEvent method) 25from_json() (pymispMISPObject method) 28from_json() (pymispMISPObjectAttribute method)
30
46 Index
PyMISP Documentation Release main
from_json() (pymispMISPObjectReference method)31
from_json() (pymispMISPOrganisation method) 34from_json() (pymispMISPTag method) 32from_json() (pymispMISPUser method) 33from_json() (pymisptoolsFileObject method) 37from_json() (pymisptoolsVTReportObject method)
39
Ggalaxies() (pymispPyMISP method) 12generate_attributes() (pymisptoolsFileObject
method) 37generate_attributes()
(pymisptoolsVTReportObject method)39
get() (pymispMISPAttribute method) 27get() (pymispMISPEvent method) 25get() (pymispMISPObject method) 28get() (pymispMISPObjectAttribute method) 30get() (pymispMISPObjectReference method) 31get() (pymispMISPOrganisation method) 34get() (pymispMISPTag method) 32get() (pymispMISPUser method) 33get() (pymisptoolsFileObject method) 37get() (pymisptoolsVTReportObject method) 39get_all_functions() (pymispPyMISP method)
13get_attribute() (pymispPyMISP method) 13get_attribute_tag() (pymispMISPEvent
method) 25get_attributes_by_relation()
(pymispMISPObject method) 28get_attributes_by_relation()
(pymisptoolsFileObject method) 37get_attributes_by_relation()
(pymisptoolsVTReportObject method)39
get_community() (pymispPyMISP method) 13get_event() (pymispPyMISP method) 13get_feed() (pymispPyMISP method) 13get_galaxy() (pymispPyMISP method) 13get_noticelist() (pymispPyMISP method) 13get_object() (pymispPyMISP method) 13get_object_by_id() (pymispMISPEvent method)
25get_object_by_uuid() (pymispMISPEvent
method) 25get_object_template() (pymispPyMISP
method) 13get_objects_by_name() (pymispMISPEvent
method) 25get_organisation() (pymispPyMISP method) 13get_sync_config() (pymispPyMISP method) 13
get_tag() (pymispPyMISP method) 13get_taxonomy() (pymispPyMISP method) 13get_user() (pymispPyMISP method) 13get_user_setting() (pymispPyMISP method) 14get_warninglist() (pymispPyMISP method) 14
Hhas_attributes_by_relation()
(pymispMISPObject method) 28has_attributes_by_relation()
(pymisptoolsFileObject method) 37has_attributes_by_relation()
(pymisptoolsVTReportObject method)39
hash_values() (pymispMISPAttribute method) 27hash_values() (pymispMISPObjectAttribute
method) 30
Iimport_server() (pymispPyMISP method) 14items() (pymispMISPAttribute method) 27items() (pymispMISPEvent method) 25items() (pymispMISPObject method) 29items() (pymispMISPObjectAttribute method) 30items() (pymispMISPObjectReference method) 31items() (pymispMISPOrganisation method) 34items() (pymispMISPTag method) 32items() (pymispMISPUser method) 33items() (pymisptoolsFileObject method) 38items() (pymisptoolsVTReportObject method) 39
Jjsonable() (pymispAbstractMISP method) 23jsonable() (pymispMISPAttribute method) 27jsonable() (pymispMISPEvent method) 25jsonable() (pymispMISPObject method) 29jsonable() (pymispMISPObjectAttribute method)
30jsonable() (pymispMISPObjectReference method)
31jsonable() (pymispMISPOrganisation method) 34jsonable() (pymispMISPTag method) 32jsonable() (pymispMISPUser method) 33jsonable() (pymisptoolsFileObject method) 38jsonable() (pymisptoolsVTReportObject method)
39
Kkeys() (pymispMISPAttribute method) 27keys() (pymispMISPEvent method) 25keys() (pymispMISPObject method) 29keys() (pymispMISPObjectAttribute method) 30keys() (pymispMISPObjectReference method) 31keys() (pymispMISPOrganisation method) 34
Index 47
PyMISP Documentation Release main
keys() (pymispMISPTag method) 32keys() (pymispMISPUser method) 33keys() (pymisptoolsFileObject method) 38keys() (pymisptoolsVTReportObject method) 39known_types() (pymispMISPAttribute property) 27known_types() (pymispMISPObjectAttribute prop-
erty) 30
Lload() (pymispMISPEvent method) 25load_default_feeds() (pymispPyMISP method)
14load_file() (pymispMISPEvent method) 25load_openioc() (pymisptools method) 40load_openioc_file() (pymisptools method) 40load_stix() (in module pymisptoolsstix) 40
Mmake_stix_package() (in module
pymisptoolsstix) 40malware_binary() (pymispMISPAttribute prop-
erty) 27malware_binary() (pymispMISPObjectAttribute
property) 30misp_instance_version() (pymispPyMISP
property) 14misp_instance_version_master()
(pymispPyMISP property) 14MISPAttribute (class in pymisp) 26MISPEncode (class in pymisp) 24MISPEvent (class in pymisp) 24MISPObject (class in pymisp) 28MISPObjectAttribute (class in pymisp) 29MISPObjectReference (class in pymisp) 31MISPOrganisation (class in pymisp) 34MISPTag (class in pymisp) 32MISPUser (class in pymisp) 33module
pymisp 7pymisptools 37pymisptoolsstix 40
Nnoticelists() (pymispPyMISP method) 14
Oobject_templates() (pymispPyMISP method) 14organisation_blacklists() (pymispPyMISP
method) 14organisations() (pymispPyMISP method) 14
Ppop() (pymispMISPAttribute method) 27
pop() (pymispMISPEvent method) 25pop() (pymispMISPObject method) 29pop() (pymispMISPObjectAttribute method) 30pop() (pymispMISPObjectReference method) 31pop() (pymispMISPOrganisation method) 34pop() (pymispMISPTag method) 32pop() (pymispMISPUser method) 33pop() (pymisptoolsFileObject method) 38pop() (pymisptoolsVTReportObject method) 39popitem() (pymispMISPAttribute method) 27popitem() (pymispMISPEvent method) 25popitem() (pymispMISPObject method) 29popitem() (pymispMISPObjectAttribute method) 30popitem() (pymispMISPObjectReference method) 31popitem() (pymispMISPOrganisation method) 34popitem() (pymispMISPTag method) 32popitem() (pymispMISPUser method) 33popitem() (pymisptoolsFileObject method) 38popitem() (pymisptoolsVTReportObject method) 39publish() (pymispMISPEvent method) 25publish() (pymispPyMISP method) 14push_event_to_ZMQ() (pymispPyMISP method)
14pymisp
module 7PyMISP (class in pymisp) 7pymisptools
module 37pymisptoolsstix
module 40pymisp_version_main() (pymispPyMISP prop-
erty) 15
Rrecommended_pymisp_version()
(pymispPyMISP property) 15remote_acl() (pymispPyMISP method) 15remove_org_from_sharing_group()
(pymispPyMISP method) 15remove_server_from_sharing_group()
(pymispPyMISP method) 15roles() (pymispPyMISP method) 15
Ssearch() (pymispPyMISP method) 15search_feeds() (pymispPyMISP method) 17search_index() (pymispPyMISP method) 18search_logs() (pymispPyMISP method) 18search_sightings() (pymispPyMISP method) 19server_pull() (pymispPyMISP method) 20server_push() (pymispPyMISP method) 20servers() (pymispPyMISP method) 20set_date() (pymispMISPEvent method) 25
48 Index
PyMISP Documentation Release main
set_not_jsonable() (pymispAbstractMISPmethod) 23
set_not_jsonable() (pymispMISPAttributemethod) 27
set_not_jsonable() (pymispMISPEvent method)25
set_not_jsonable() (pymispMISPObjectmethod) 29
set_not_jsonable() (pymispMISPObjectAttributemethod) 30
set_not_jsonable()(pymispMISPObjectReference method)31
set_not_jsonable() (pymispMISPOrganisationmethod) 35
set_not_jsonable() (pymispMISPTag method)32
set_not_jsonable() (pymispMISPUser method)33
set_not_jsonable() (pymisptoolsFileObjectmethod) 38
set_not_jsonable()(pymisptoolsVTReportObject method)39
set_user_setting() (pymispPyMISP method) 20setdefault() (pymispMISPAttribute method) 27setdefault() (pymispMISPEvent method) 25setdefault() (pymispMISPObject method) 29setdefault() (pymispMISPObjectAttribute
method) 30setdefault() (pymispMISPObjectReference
method) 31setdefault() (pymispMISPOrganisation method)
35setdefault() (pymispMISPTag method) 33setdefault() (pymispMISPUser method) 34setdefault() (pymisptoolsFileObject method) 38setdefault() (pymisptoolsVTReportObject
method) 40sharing_groups() (pymispPyMISP method) 20sightings() (pymispPyMISP method) 20
Ttag() (pymispPyMISP method) 20tags() (pymispMISPAttribute property) 27tags() (pymispMISPEvent property) 26tags() (pymispMISPObjectAttribute property) 30tags() (pymispPyMISP method) 20tags_statistics() (pymispPyMISP method) 20taxonomies() (pymispPyMISP method) 20to_dict() (pymispAbstractMISP method) 23to_dict() (pymispMISPAttribute method) 27to_dict() (pymispMISPEvent method) 26to_dict() (pymispMISPObject method) 29
to_dict() (pymispMISPObjectAttribute method) 30to_dict() (pymispMISPObjectReference method) 32to_dict() (pymispMISPOrganisation method) 35to_dict() (pymispMISPTag method) 33to_dict() (pymispMISPUser method) 34to_dict() (pymisptoolsFileObject method) 38to_dict() (pymisptoolsVTReportObject method) 40to_feed() (pymispMISPEvent method) 26to_json() (pymispAbstractMISP method) 23to_json() (pymispMISPAttribute method) 27to_json() (pymispMISPEvent method) 26to_json() (pymispMISPObject method) 29to_json() (pymispMISPObjectAttribute method) 31to_json() (pymispMISPObjectReference method) 32to_json() (pymispMISPOrganisation method) 35to_json() (pymispMISPTag method) 33to_json() (pymispMISPUser method) 34to_json() (pymisptoolsFileObject method) 38to_json() (pymisptoolsVTReportObject method) 40toggle_warninglist() (pymispPyMISP method)
20
Uunpublish() (pymispMISPEvent method) 26untag() (pymispPyMISP method) 21update() (pymispMISPAttribute method) 28update() (pymispMISPEvent method) 26update() (pymispMISPObject method) 29update() (pymispMISPObjectAttribute method) 31update() (pymispMISPObjectReference method) 32update() (pymispMISPOrganisation method) 35update() (pymispMISPTag method) 33update() (pymispMISPUser method) 34update() (pymisptoolsFileObject method) 38update() (pymisptoolsVTReportObject method) 40update_attribute() (pymispPyMISP method) 21update_attribute_proposal()
(pymispPyMISP method) 21update_event() (pymispPyMISP method) 21update_event_blacklist() (pymispPyMISP
method) 21update_feed() (pymispPyMISP method) 21update_galaxies() (pymispPyMISP method) 21update_not_jsonable() (pymispAbstractMISP
method) 23update_not_jsonable() (pymispMISPAttribute
method) 28update_not_jsonable() (pymispMISPEvent
method) 26update_not_jsonable() (pymispMISPObject
method) 29update_not_jsonable()
(pymispMISPObjectAttribute method) 31
Index 49
PyMISP Documentation Release main
update_not_jsonable()(pymispMISPObjectReference method)32
update_not_jsonable()(pymispMISPOrganisation method) 35
update_not_jsonable() (pymispMISPTagmethod) 33
update_not_jsonable() (pymispMISPUsermethod) 34
update_not_jsonable() (pymisptoolsFileObjectmethod) 38
update_not_jsonable()(pymisptoolsVTReportObject method)40
update_noticelists() (pymispPyMISP method)21
update_object() (pymispPyMISP method) 21update_object_templates() (pymispPyMISP
method) 21update_organisation() (pymispPyMISP
method) 21update_organisation_blacklist()
(pymispPyMISP method) 21update_server() (pymispPyMISP method) 22update_tag() (pymispPyMISP method) 22update_taxonomies() (pymispPyMISP method)
22update_user() (pymispPyMISP method) 22update_warninglists() (pymispPyMISP
method) 22upload_stix() (pymispPyMISP method) 22user_registrations() (pymispPyMISP method)
22user_settings() (pymispPyMISP method) 22users() (pymispPyMISP method) 22users_statistics() (pymispPyMISP method) 22
Vvalues() (pymispMISPAttribute method) 28values() (pymispMISPEvent method) 26values() (pymispMISPObject method) 29values() (pymispMISPObjectAttribute method) 31values() (pymispMISPObjectReference method) 32values() (pymispMISPOrganisation method) 35values() (pymispMISPTag method) 33values() (pymispMISPUser method) 34values() (pymisptoolsFileObject method) 38values() (pymisptoolsVTReportObject method) 40values_in_warninglist() (pymispPyMISP
method) 22version() (pymispPyMISP property) 22VTReportObject (class in pymisptools) 38
Wwarninglists() (pymispPyMISP method) 22
50 Index
- README
- pymisp
- PyMISP
- PyMISPExpanded (Python 36+ only)
- MISPAbstract
- MISPEncode
- MISPEvent
- MISPAttribute
- MISPObject
- MISPObjectAttribute
- MISPObjectReference
- MISPTag
- MISPUser
- MISPOrganisation
- pymisp - Tools
- File Object
- ELF Object
- PE Object
- Mach-O Object
- VT Report Object
- STIX
- OpenIOC
- Indices and tables
- Python Module Index
- Index
PyMISP Documentation Release main
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
27 MISPObject
class pymispMISPObject(name strict=False standalone=True default_attributes_parameters=kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
28 Chapter 2 pymisp
PyMISP Documentation Release main
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
28 MISPObjectAttribute
class pymispMISPObjectAttribute(definition)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
28 MISPObjectAttribute 29
PyMISP Documentation Release main
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(object_relation value kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
30 Chapter 2 pymisp
PyMISP Documentation Release main
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
29 MISPObjectReference
class pymispMISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
29 MISPObjectReference 31
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
210 MISPTag
class pymispMISPTag(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
32 Chapter 2 pymisp
PyMISP Documentation Release main
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
211 MISPUser
class pymispMISPUser(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
211 MISPUser 33
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation
class pymispMISPOrganisation
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
34 Chapter 2 pymisp
PyMISP Documentation Release main
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation 35
PyMISP Documentation Release main
36 Chapter 2 pymisp
CHAPTER
THREE
PYMISP - TOOLS
31 File Object
class pymisptoolsFileObject(filepath=None pseudofile=None filename=None kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Contains the logic where all the values of the object are gathered
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
37
PyMISP Documentation Release main
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
32 ELF Object
33 PE Object
34 Mach-O Object
35 VT Report Object
class pymisptoolsVTReportObject(apikey indicator vt_proxies=None kwargs)VirusTotal Report
Apikey VirusTotal API key (private works but only public features are supported right now)
38 Chapter 3 pymisp - Tools
PyMISP Documentation Release main
Indicator IOC to search VirusTotal for
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Parse the VirusTotal report for relevant attributes
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
35 VT Report Object 39
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
36 STIX
pymisptoolsstixload_stix(stix distribution=3 threat_level_id=2 analysis=0)Returns a MISPEvent object from a STIX package
pymisptoolsstixmake_stix_package(misp_event to_json=False to_xml=False)Returns a STIXPackage from a MISPEvent
Optionally can return the package in json or xml
37 OpenIOC
toolsload_openioc()
toolsload_openioc_file()
40 Chapter 3 pymisp - Tools
CHAPTER
FOUR
INDICES AND TABLES
bull genindex
bull modindex
bull search
41
PyMISP Documentation Release main
42 Chapter 4 Indices and tables
PYTHON MODULE INDEX
ppymisp 7pymisptools 37pymisptoolsstix 40
43
PyMISP Documentation Release main
44 Python Module Index
INDEX
AAbstractMISP (class in pymisp) 23accept_attribute_proposal()
(pymispPyMISP method) 7add_attribute() (pymispMISPEvent method) 24add_attribute() (pymispMISPObject method) 28add_attribute() (pymispPyMISP method) 7add_attribute() (pymisptoolsFileObject method)
37add_attribute() (pymisptoolsVTReportObject
method) 39add_attribute_proposal() (pymispPyMISP
method) 7add_attribute_tag() (pymispMISPEvent
method) 24add_attributes() (pymispMISPObject method)
28add_attributes() (pymisptoolsFileObject
method) 37add_attributes() (pymisptoolsVTReportObject
method) 39add_event() (pymispPyMISP method) 7add_event_blacklist() (pymispPyMISP
method) 8add_feed() (pymispPyMISP method) 8add_object() (pymispMISPEvent method) 24add_object() (pymispPyMISP method) 8add_object_reference() (pymispPyMISP
method) 8add_org_to_sharing_group() (pymispPyMISP
method) 8add_organisation() (pymispPyMISP method) 8add_organisation_blacklist()
(pymispPyMISP method) 8add_proposal() (pymispMISPAttribute method) 26add_proposal() (pymispMISPEvent method) 24add_proposal() (pymispMISPObjectAttribute
method) 29add_reference() (pymispMISPObject method) 28add_reference() (pymisptoolsFileObject method)
37add_reference() (pymisptoolsVTReportObject
method) 39add_server() (pymispPyMISP method) 8add_server_to_sharing_group()
(pymispPyMISP method) 8add_shadow_attribute() (pymispMISPAttribute
method) 26add_shadow_attribute() (pymispMISPEvent
method) 24add_shadow_attribute()
(pymispMISPObjectAttribute method) 29add_sharing_group() (pymispPyMISP method) 8add_sighting() (pymispMISPAttribute method) 26add_sighting() (pymispMISPObjectAttribute
method) 29add_sighting() (pymispPyMISP method) 8add_tag() (pymispPyMISP method) 8add_user() (pymispPyMISP method) 9attributes_statistics() (pymispPyMISP
method) 9
Bbuild_complex_query() (pymispPyMISP
method) 9
Ccache_all_feeds() (pymispPyMISP method) 9cache_feed() (pymispPyMISP method) 9cache_freetext_feeds() (pymispPyMISP
method) 9cache_misp_feeds() (pymispPyMISP method) 9change_sharing_group_on_entity()
(pymispPyMISP method) 9change_user_password() (pymispPyMISP
method) 9clear() (pymispMISPAttribute method) 26clear() (pymispMISPEvent method) 24clear() (pymispMISPObject method) 28clear() (pymispMISPObjectAttribute method) 29clear() (pymispMISPObjectReference method) 31clear() (pymispMISPOrganisation method) 34clear() (pymispMISPTag method) 32clear() (pymispMISPUser method) 33
45
PyMISP Documentation Release main
clear() (pymisptoolsFileObject method) 37clear() (pymisptoolsVTReportObject method) 39communities() (pymispPyMISP method) 9compare_feeds() (pymispPyMISP method) 9contact_event_reporter() (pymispPyMISP
method) 9
Ddefault() (pymispMISPEncode method) 24delegate_event() (pymispPyMISP method) 10delete() (pymispMISPAttribute method) 26delete() (pymispMISPObjectAttribute method) 30delete_attribute() (pymispMISPEvent method)
24delete_attribute() (pymispPyMISP method) 10delete_attribute_proposal()
(pymispPyMISP method) 10delete_event() (pymispPyMISP method) 10delete_event_blacklist() (pymispPyMISP
method) 10delete_feed() (pymispPyMISP method) 10delete_object() (pymispPyMISP method) 10delete_object_reference() (pymispPyMISP
method) 10delete_organisation() (pymispPyMISP
method) 10delete_organisation_blacklist()
(pymispPyMISP method) 10delete_server() (pymispPyMISP method) 10delete_sharing_group() (pymispPyMISP
method) 10delete_sighting() (pymispPyMISP method) 10delete_tag() (pymispPyMISP method) 11delete_user() (pymispPyMISP method) 11delete_user_setting() (pymispPyMISP
method) 11describe_types_local() (pymispPyMISP prop-
erty) 11describe_types_remote() (pymispPyMISP
property) 11direct_call() (pymispPyMISP method) 11disable_feed() (pymispPyMISP method) 11disable_feed_cache() (pymispPyMISP method)
11disable_noticelist() (pymispPyMISP method)
11disable_tag() (pymispPyMISP method) 11disable_taxonomy() (pymispPyMISP method) 11disable_taxonomy_tags() (pymispPyMISP
method) 11disable_warninglist() (pymispPyMISP
method) 11discard_attribute_proposal()
(pymispPyMISP method) 12
Eedited() (pymispAbstractMISP property) 23edited() (pymispMISPAttribute property) 26edited() (pymispMISPEvent property) 24edited() (pymispMISPObject property) 28edited() (pymispMISPObjectAttribute property) 30edited() (pymispMISPObjectReference property) 31edited() (pymispMISPOrganisation property) 34edited() (pymispMISPTag property) 32edited() (pymispMISPUser property) 33edited() (pymisptoolsFileObject property) 37edited() (pymisptoolsVTReportObject property) 39enable_feed() (pymispPyMISP method) 12enable_feed_cache() (pymispPyMISP method)
12enable_noticelist() (pymispPyMISP method)
12enable_tag() (pymispPyMISP method) 12enable_taxonomy() (pymispPyMISP method) 12enable_taxonomy_tags() (pymispPyMISP
method) 12enable_warninglist() (pymispPyMISP method)
12event_blacklists() (pymispPyMISP method) 12event_delegations() (pymispPyMISP method)
12ExpandedPyMISP (in module pymisp) 23
Ffeeds() (pymispPyMISP method) 12fetch_feed() (pymispPyMISP method) 12FileObject (class in pymisptools) 37freetext() (pymispPyMISP method) 12from_dict() (pymispAbstractMISP method) 23from_dict() (pymispMISPAttribute method) 27from_dict() (pymispMISPEvent method) 25from_dict() (pymispMISPObject method) 28from_dict() (pymispMISPObjectAttribute method)
30from_dict() (pymispMISPObjectReference method)
31from_dict() (pymispMISPOrganisation method) 34from_dict() (pymispMISPTag method) 32from_dict() (pymispMISPUser method) 33from_dict() (pymisptoolsFileObject method) 37from_dict() (pymisptoolsVTReportObject method)
39from_json() (pymispAbstractMISP method) 23from_json() (pymispMISPAttribute method) 27from_json() (pymispMISPEvent method) 25from_json() (pymispMISPObject method) 28from_json() (pymispMISPObjectAttribute method)
30
46 Index
PyMISP Documentation Release main
from_json() (pymispMISPObjectReference method)31
from_json() (pymispMISPOrganisation method) 34from_json() (pymispMISPTag method) 32from_json() (pymispMISPUser method) 33from_json() (pymisptoolsFileObject method) 37from_json() (pymisptoolsVTReportObject method)
39
Ggalaxies() (pymispPyMISP method) 12generate_attributes() (pymisptoolsFileObject
method) 37generate_attributes()
(pymisptoolsVTReportObject method)39
get() (pymispMISPAttribute method) 27get() (pymispMISPEvent method) 25get() (pymispMISPObject method) 28get() (pymispMISPObjectAttribute method) 30get() (pymispMISPObjectReference method) 31get() (pymispMISPOrganisation method) 34get() (pymispMISPTag method) 32get() (pymispMISPUser method) 33get() (pymisptoolsFileObject method) 37get() (pymisptoolsVTReportObject method) 39get_all_functions() (pymispPyMISP method)
13get_attribute() (pymispPyMISP method) 13get_attribute_tag() (pymispMISPEvent
method) 25get_attributes_by_relation()
(pymispMISPObject method) 28get_attributes_by_relation()
(pymisptoolsFileObject method) 37get_attributes_by_relation()
(pymisptoolsVTReportObject method)39
get_community() (pymispPyMISP method) 13get_event() (pymispPyMISP method) 13get_feed() (pymispPyMISP method) 13get_galaxy() (pymispPyMISP method) 13get_noticelist() (pymispPyMISP method) 13get_object() (pymispPyMISP method) 13get_object_by_id() (pymispMISPEvent method)
25get_object_by_uuid() (pymispMISPEvent
method) 25get_object_template() (pymispPyMISP
method) 13get_objects_by_name() (pymispMISPEvent
method) 25get_organisation() (pymispPyMISP method) 13get_sync_config() (pymispPyMISP method) 13
get_tag() (pymispPyMISP method) 13get_taxonomy() (pymispPyMISP method) 13get_user() (pymispPyMISP method) 13get_user_setting() (pymispPyMISP method) 14get_warninglist() (pymispPyMISP method) 14
Hhas_attributes_by_relation()
(pymispMISPObject method) 28has_attributes_by_relation()
(pymisptoolsFileObject method) 37has_attributes_by_relation()
(pymisptoolsVTReportObject method)39
hash_values() (pymispMISPAttribute method) 27hash_values() (pymispMISPObjectAttribute
method) 30
Iimport_server() (pymispPyMISP method) 14items() (pymispMISPAttribute method) 27items() (pymispMISPEvent method) 25items() (pymispMISPObject method) 29items() (pymispMISPObjectAttribute method) 30items() (pymispMISPObjectReference method) 31items() (pymispMISPOrganisation method) 34items() (pymispMISPTag method) 32items() (pymispMISPUser method) 33items() (pymisptoolsFileObject method) 38items() (pymisptoolsVTReportObject method) 39
Jjsonable() (pymispAbstractMISP method) 23jsonable() (pymispMISPAttribute method) 27jsonable() (pymispMISPEvent method) 25jsonable() (pymispMISPObject method) 29jsonable() (pymispMISPObjectAttribute method)
30jsonable() (pymispMISPObjectReference method)
31jsonable() (pymispMISPOrganisation method) 34jsonable() (pymispMISPTag method) 32jsonable() (pymispMISPUser method) 33jsonable() (pymisptoolsFileObject method) 38jsonable() (pymisptoolsVTReportObject method)
39
Kkeys() (pymispMISPAttribute method) 27keys() (pymispMISPEvent method) 25keys() (pymispMISPObject method) 29keys() (pymispMISPObjectAttribute method) 30keys() (pymispMISPObjectReference method) 31keys() (pymispMISPOrganisation method) 34
Index 47
PyMISP Documentation Release main
keys() (pymispMISPTag method) 32keys() (pymispMISPUser method) 33keys() (pymisptoolsFileObject method) 38keys() (pymisptoolsVTReportObject method) 39known_types() (pymispMISPAttribute property) 27known_types() (pymispMISPObjectAttribute prop-
erty) 30
Lload() (pymispMISPEvent method) 25load_default_feeds() (pymispPyMISP method)
14load_file() (pymispMISPEvent method) 25load_openioc() (pymisptools method) 40load_openioc_file() (pymisptools method) 40load_stix() (in module pymisptoolsstix) 40
Mmake_stix_package() (in module
pymisptoolsstix) 40malware_binary() (pymispMISPAttribute prop-
erty) 27malware_binary() (pymispMISPObjectAttribute
property) 30misp_instance_version() (pymispPyMISP
property) 14misp_instance_version_master()
(pymispPyMISP property) 14MISPAttribute (class in pymisp) 26MISPEncode (class in pymisp) 24MISPEvent (class in pymisp) 24MISPObject (class in pymisp) 28MISPObjectAttribute (class in pymisp) 29MISPObjectReference (class in pymisp) 31MISPOrganisation (class in pymisp) 34MISPTag (class in pymisp) 32MISPUser (class in pymisp) 33module
pymisp 7pymisptools 37pymisptoolsstix 40
Nnoticelists() (pymispPyMISP method) 14
Oobject_templates() (pymispPyMISP method) 14organisation_blacklists() (pymispPyMISP
method) 14organisations() (pymispPyMISP method) 14
Ppop() (pymispMISPAttribute method) 27
pop() (pymispMISPEvent method) 25pop() (pymispMISPObject method) 29pop() (pymispMISPObjectAttribute method) 30pop() (pymispMISPObjectReference method) 31pop() (pymispMISPOrganisation method) 34pop() (pymispMISPTag method) 32pop() (pymispMISPUser method) 33pop() (pymisptoolsFileObject method) 38pop() (pymisptoolsVTReportObject method) 39popitem() (pymispMISPAttribute method) 27popitem() (pymispMISPEvent method) 25popitem() (pymispMISPObject method) 29popitem() (pymispMISPObjectAttribute method) 30popitem() (pymispMISPObjectReference method) 31popitem() (pymispMISPOrganisation method) 34popitem() (pymispMISPTag method) 32popitem() (pymispMISPUser method) 33popitem() (pymisptoolsFileObject method) 38popitem() (pymisptoolsVTReportObject method) 39publish() (pymispMISPEvent method) 25publish() (pymispPyMISP method) 14push_event_to_ZMQ() (pymispPyMISP method)
14pymisp
module 7PyMISP (class in pymisp) 7pymisptools
module 37pymisptoolsstix
module 40pymisp_version_main() (pymispPyMISP prop-
erty) 15
Rrecommended_pymisp_version()
(pymispPyMISP property) 15remote_acl() (pymispPyMISP method) 15remove_org_from_sharing_group()
(pymispPyMISP method) 15remove_server_from_sharing_group()
(pymispPyMISP method) 15roles() (pymispPyMISP method) 15
Ssearch() (pymispPyMISP method) 15search_feeds() (pymispPyMISP method) 17search_index() (pymispPyMISP method) 18search_logs() (pymispPyMISP method) 18search_sightings() (pymispPyMISP method) 19server_pull() (pymispPyMISP method) 20server_push() (pymispPyMISP method) 20servers() (pymispPyMISP method) 20set_date() (pymispMISPEvent method) 25
48 Index
PyMISP Documentation Release main
set_not_jsonable() (pymispAbstractMISPmethod) 23
set_not_jsonable() (pymispMISPAttributemethod) 27
set_not_jsonable() (pymispMISPEvent method)25
set_not_jsonable() (pymispMISPObjectmethod) 29
set_not_jsonable() (pymispMISPObjectAttributemethod) 30
set_not_jsonable()(pymispMISPObjectReference method)31
set_not_jsonable() (pymispMISPOrganisationmethod) 35
set_not_jsonable() (pymispMISPTag method)32
set_not_jsonable() (pymispMISPUser method)33
set_not_jsonable() (pymisptoolsFileObjectmethod) 38
set_not_jsonable()(pymisptoolsVTReportObject method)39
set_user_setting() (pymispPyMISP method) 20setdefault() (pymispMISPAttribute method) 27setdefault() (pymispMISPEvent method) 25setdefault() (pymispMISPObject method) 29setdefault() (pymispMISPObjectAttribute
method) 30setdefault() (pymispMISPObjectReference
method) 31setdefault() (pymispMISPOrganisation method)
35setdefault() (pymispMISPTag method) 33setdefault() (pymispMISPUser method) 34setdefault() (pymisptoolsFileObject method) 38setdefault() (pymisptoolsVTReportObject
method) 40sharing_groups() (pymispPyMISP method) 20sightings() (pymispPyMISP method) 20
Ttag() (pymispPyMISP method) 20tags() (pymispMISPAttribute property) 27tags() (pymispMISPEvent property) 26tags() (pymispMISPObjectAttribute property) 30tags() (pymispPyMISP method) 20tags_statistics() (pymispPyMISP method) 20taxonomies() (pymispPyMISP method) 20to_dict() (pymispAbstractMISP method) 23to_dict() (pymispMISPAttribute method) 27to_dict() (pymispMISPEvent method) 26to_dict() (pymispMISPObject method) 29
to_dict() (pymispMISPObjectAttribute method) 30to_dict() (pymispMISPObjectReference method) 32to_dict() (pymispMISPOrganisation method) 35to_dict() (pymispMISPTag method) 33to_dict() (pymispMISPUser method) 34to_dict() (pymisptoolsFileObject method) 38to_dict() (pymisptoolsVTReportObject method) 40to_feed() (pymispMISPEvent method) 26to_json() (pymispAbstractMISP method) 23to_json() (pymispMISPAttribute method) 27to_json() (pymispMISPEvent method) 26to_json() (pymispMISPObject method) 29to_json() (pymispMISPObjectAttribute method) 31to_json() (pymispMISPObjectReference method) 32to_json() (pymispMISPOrganisation method) 35to_json() (pymispMISPTag method) 33to_json() (pymispMISPUser method) 34to_json() (pymisptoolsFileObject method) 38to_json() (pymisptoolsVTReportObject method) 40toggle_warninglist() (pymispPyMISP method)
20
Uunpublish() (pymispMISPEvent method) 26untag() (pymispPyMISP method) 21update() (pymispMISPAttribute method) 28update() (pymispMISPEvent method) 26update() (pymispMISPObject method) 29update() (pymispMISPObjectAttribute method) 31update() (pymispMISPObjectReference method) 32update() (pymispMISPOrganisation method) 35update() (pymispMISPTag method) 33update() (pymispMISPUser method) 34update() (pymisptoolsFileObject method) 38update() (pymisptoolsVTReportObject method) 40update_attribute() (pymispPyMISP method) 21update_attribute_proposal()
(pymispPyMISP method) 21update_event() (pymispPyMISP method) 21update_event_blacklist() (pymispPyMISP
method) 21update_feed() (pymispPyMISP method) 21update_galaxies() (pymispPyMISP method) 21update_not_jsonable() (pymispAbstractMISP
method) 23update_not_jsonable() (pymispMISPAttribute
method) 28update_not_jsonable() (pymispMISPEvent
method) 26update_not_jsonable() (pymispMISPObject
method) 29update_not_jsonable()
(pymispMISPObjectAttribute method) 31
Index 49
PyMISP Documentation Release main
update_not_jsonable()(pymispMISPObjectReference method)32
update_not_jsonable()(pymispMISPOrganisation method) 35
update_not_jsonable() (pymispMISPTagmethod) 33
update_not_jsonable() (pymispMISPUsermethod) 34
update_not_jsonable() (pymisptoolsFileObjectmethod) 38
update_not_jsonable()(pymisptoolsVTReportObject method)40
update_noticelists() (pymispPyMISP method)21
update_object() (pymispPyMISP method) 21update_object_templates() (pymispPyMISP
method) 21update_organisation() (pymispPyMISP
method) 21update_organisation_blacklist()
(pymispPyMISP method) 21update_server() (pymispPyMISP method) 22update_tag() (pymispPyMISP method) 22update_taxonomies() (pymispPyMISP method)
22update_user() (pymispPyMISP method) 22update_warninglists() (pymispPyMISP
method) 22upload_stix() (pymispPyMISP method) 22user_registrations() (pymispPyMISP method)
22user_settings() (pymispPyMISP method) 22users() (pymispPyMISP method) 22users_statistics() (pymispPyMISP method) 22
Vvalues() (pymispMISPAttribute method) 28values() (pymispMISPEvent method) 26values() (pymispMISPObject method) 29values() (pymispMISPObjectAttribute method) 31values() (pymispMISPObjectReference method) 32values() (pymispMISPOrganisation method) 35values() (pymispMISPTag method) 33values() (pymispMISPUser method) 34values() (pymisptoolsFileObject method) 38values() (pymisptoolsVTReportObject method) 40values_in_warninglist() (pymispPyMISP
method) 22version() (pymispPyMISP property) 22VTReportObject (class in pymisptools) 38
Wwarninglists() (pymispPyMISP method) 22
50 Index
- README
- pymisp
- PyMISP
- PyMISPExpanded (Python 36+ only)
- MISPAbstract
- MISPEncode
- MISPEvent
- MISPAttribute
- MISPObject
- MISPObjectAttribute
- MISPObjectReference
- MISPTag
- MISPUser
- MISPOrganisation
- pymisp - Tools
- File Object
- ELF Object
- PE Object
- Mach-O Object
- VT Report Object
- STIX
- OpenIOC
- Indices and tables
- Python Module Index
- Index
PyMISP Documentation Release main
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
28 MISPObjectAttribute
class pymispMISPObjectAttribute(definition)
add_proposal(shadow_attribute=None kwargs)Alias for add_shadow_attribute
Return type MISPShadowAttribute
add_shadow_attribute(shadow_attribute=None kwargs)Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
Return type MISPShadowAttribute
add_sighting(sighting=None kwargs)Add a sighting to the attribute (by name or a MISPSighting object)
Return type MISPSighting
28 MISPObjectAttribute 29
PyMISP Documentation Release main
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(object_relation value kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
30 Chapter 2 pymisp
PyMISP Documentation Release main
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
29 MISPObjectReference
class pymispMISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
29 MISPObjectReference 31
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
210 MISPTag
class pymispMISPTag(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
32 Chapter 2 pymisp
PyMISP Documentation Release main
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
211 MISPUser
class pymispMISPUser(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
211 MISPUser 33
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation
class pymispMISPOrganisation
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
34 Chapter 2 pymisp
PyMISP Documentation Release main
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation 35
PyMISP Documentation Release main
36 Chapter 2 pymisp
CHAPTER
THREE
PYMISP - TOOLS
31 File Object
class pymisptoolsFileObject(filepath=None pseudofile=None filename=None kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Contains the logic where all the values of the object are gathered
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
37
PyMISP Documentation Release main
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
32 ELF Object
33 PE Object
34 Mach-O Object
35 VT Report Object
class pymisptoolsVTReportObject(apikey indicator vt_proxies=None kwargs)VirusTotal Report
Apikey VirusTotal API key (private works but only public features are supported right now)
38 Chapter 3 pymisp - Tools
PyMISP Documentation Release main
Indicator IOC to search VirusTotal for
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Parse the VirusTotal report for relevant attributes
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
35 VT Report Object 39
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
36 STIX
pymisptoolsstixload_stix(stix distribution=3 threat_level_id=2 analysis=0)Returns a MISPEvent object from a STIX package
pymisptoolsstixmake_stix_package(misp_event to_json=False to_xml=False)Returns a STIXPackage from a MISPEvent
Optionally can return the package in json or xml
37 OpenIOC
toolsload_openioc()
toolsload_openioc_file()
40 Chapter 3 pymisp - Tools
CHAPTER
FOUR
INDICES AND TABLES
bull genindex
bull modindex
bull search
41
PyMISP Documentation Release main
42 Chapter 4 Indices and tables
PYTHON MODULE INDEX
ppymisp 7pymisptools 37pymisptoolsstix 40
43
PyMISP Documentation Release main
44 Python Module Index
INDEX
AAbstractMISP (class in pymisp) 23accept_attribute_proposal()
(pymispPyMISP method) 7add_attribute() (pymispMISPEvent method) 24add_attribute() (pymispMISPObject method) 28add_attribute() (pymispPyMISP method) 7add_attribute() (pymisptoolsFileObject method)
37add_attribute() (pymisptoolsVTReportObject
method) 39add_attribute_proposal() (pymispPyMISP
method) 7add_attribute_tag() (pymispMISPEvent
method) 24add_attributes() (pymispMISPObject method)
28add_attributes() (pymisptoolsFileObject
method) 37add_attributes() (pymisptoolsVTReportObject
method) 39add_event() (pymispPyMISP method) 7add_event_blacklist() (pymispPyMISP
method) 8add_feed() (pymispPyMISP method) 8add_object() (pymispMISPEvent method) 24add_object() (pymispPyMISP method) 8add_object_reference() (pymispPyMISP
method) 8add_org_to_sharing_group() (pymispPyMISP
method) 8add_organisation() (pymispPyMISP method) 8add_organisation_blacklist()
(pymispPyMISP method) 8add_proposal() (pymispMISPAttribute method) 26add_proposal() (pymispMISPEvent method) 24add_proposal() (pymispMISPObjectAttribute
method) 29add_reference() (pymispMISPObject method) 28add_reference() (pymisptoolsFileObject method)
37add_reference() (pymisptoolsVTReportObject
method) 39add_server() (pymispPyMISP method) 8add_server_to_sharing_group()
(pymispPyMISP method) 8add_shadow_attribute() (pymispMISPAttribute
method) 26add_shadow_attribute() (pymispMISPEvent
method) 24add_shadow_attribute()
(pymispMISPObjectAttribute method) 29add_sharing_group() (pymispPyMISP method) 8add_sighting() (pymispMISPAttribute method) 26add_sighting() (pymispMISPObjectAttribute
method) 29add_sighting() (pymispPyMISP method) 8add_tag() (pymispPyMISP method) 8add_user() (pymispPyMISP method) 9attributes_statistics() (pymispPyMISP
method) 9
Bbuild_complex_query() (pymispPyMISP
method) 9
Ccache_all_feeds() (pymispPyMISP method) 9cache_feed() (pymispPyMISP method) 9cache_freetext_feeds() (pymispPyMISP
method) 9cache_misp_feeds() (pymispPyMISP method) 9change_sharing_group_on_entity()
(pymispPyMISP method) 9change_user_password() (pymispPyMISP
method) 9clear() (pymispMISPAttribute method) 26clear() (pymispMISPEvent method) 24clear() (pymispMISPObject method) 28clear() (pymispMISPObjectAttribute method) 29clear() (pymispMISPObjectReference method) 31clear() (pymispMISPOrganisation method) 34clear() (pymispMISPTag method) 32clear() (pymispMISPUser method) 33
45
PyMISP Documentation Release main
clear() (pymisptoolsFileObject method) 37clear() (pymisptoolsVTReportObject method) 39communities() (pymispPyMISP method) 9compare_feeds() (pymispPyMISP method) 9contact_event_reporter() (pymispPyMISP
method) 9
Ddefault() (pymispMISPEncode method) 24delegate_event() (pymispPyMISP method) 10delete() (pymispMISPAttribute method) 26delete() (pymispMISPObjectAttribute method) 30delete_attribute() (pymispMISPEvent method)
24delete_attribute() (pymispPyMISP method) 10delete_attribute_proposal()
(pymispPyMISP method) 10delete_event() (pymispPyMISP method) 10delete_event_blacklist() (pymispPyMISP
method) 10delete_feed() (pymispPyMISP method) 10delete_object() (pymispPyMISP method) 10delete_object_reference() (pymispPyMISP
method) 10delete_organisation() (pymispPyMISP
method) 10delete_organisation_blacklist()
(pymispPyMISP method) 10delete_server() (pymispPyMISP method) 10delete_sharing_group() (pymispPyMISP
method) 10delete_sighting() (pymispPyMISP method) 10delete_tag() (pymispPyMISP method) 11delete_user() (pymispPyMISP method) 11delete_user_setting() (pymispPyMISP
method) 11describe_types_local() (pymispPyMISP prop-
erty) 11describe_types_remote() (pymispPyMISP
property) 11direct_call() (pymispPyMISP method) 11disable_feed() (pymispPyMISP method) 11disable_feed_cache() (pymispPyMISP method)
11disable_noticelist() (pymispPyMISP method)
11disable_tag() (pymispPyMISP method) 11disable_taxonomy() (pymispPyMISP method) 11disable_taxonomy_tags() (pymispPyMISP
method) 11disable_warninglist() (pymispPyMISP
method) 11discard_attribute_proposal()
(pymispPyMISP method) 12
Eedited() (pymispAbstractMISP property) 23edited() (pymispMISPAttribute property) 26edited() (pymispMISPEvent property) 24edited() (pymispMISPObject property) 28edited() (pymispMISPObjectAttribute property) 30edited() (pymispMISPObjectReference property) 31edited() (pymispMISPOrganisation property) 34edited() (pymispMISPTag property) 32edited() (pymispMISPUser property) 33edited() (pymisptoolsFileObject property) 37edited() (pymisptoolsVTReportObject property) 39enable_feed() (pymispPyMISP method) 12enable_feed_cache() (pymispPyMISP method)
12enable_noticelist() (pymispPyMISP method)
12enable_tag() (pymispPyMISP method) 12enable_taxonomy() (pymispPyMISP method) 12enable_taxonomy_tags() (pymispPyMISP
method) 12enable_warninglist() (pymispPyMISP method)
12event_blacklists() (pymispPyMISP method) 12event_delegations() (pymispPyMISP method)
12ExpandedPyMISP (in module pymisp) 23
Ffeeds() (pymispPyMISP method) 12fetch_feed() (pymispPyMISP method) 12FileObject (class in pymisptools) 37freetext() (pymispPyMISP method) 12from_dict() (pymispAbstractMISP method) 23from_dict() (pymispMISPAttribute method) 27from_dict() (pymispMISPEvent method) 25from_dict() (pymispMISPObject method) 28from_dict() (pymispMISPObjectAttribute method)
30from_dict() (pymispMISPObjectReference method)
31from_dict() (pymispMISPOrganisation method) 34from_dict() (pymispMISPTag method) 32from_dict() (pymispMISPUser method) 33from_dict() (pymisptoolsFileObject method) 37from_dict() (pymisptoolsVTReportObject method)
39from_json() (pymispAbstractMISP method) 23from_json() (pymispMISPAttribute method) 27from_json() (pymispMISPEvent method) 25from_json() (pymispMISPObject method) 28from_json() (pymispMISPObjectAttribute method)
30
46 Index
PyMISP Documentation Release main
from_json() (pymispMISPObjectReference method)31
from_json() (pymispMISPOrganisation method) 34from_json() (pymispMISPTag method) 32from_json() (pymispMISPUser method) 33from_json() (pymisptoolsFileObject method) 37from_json() (pymisptoolsVTReportObject method)
39
Ggalaxies() (pymispPyMISP method) 12generate_attributes() (pymisptoolsFileObject
method) 37generate_attributes()
(pymisptoolsVTReportObject method)39
get() (pymispMISPAttribute method) 27get() (pymispMISPEvent method) 25get() (pymispMISPObject method) 28get() (pymispMISPObjectAttribute method) 30get() (pymispMISPObjectReference method) 31get() (pymispMISPOrganisation method) 34get() (pymispMISPTag method) 32get() (pymispMISPUser method) 33get() (pymisptoolsFileObject method) 37get() (pymisptoolsVTReportObject method) 39get_all_functions() (pymispPyMISP method)
13get_attribute() (pymispPyMISP method) 13get_attribute_tag() (pymispMISPEvent
method) 25get_attributes_by_relation()
(pymispMISPObject method) 28get_attributes_by_relation()
(pymisptoolsFileObject method) 37get_attributes_by_relation()
(pymisptoolsVTReportObject method)39
get_community() (pymispPyMISP method) 13get_event() (pymispPyMISP method) 13get_feed() (pymispPyMISP method) 13get_galaxy() (pymispPyMISP method) 13get_noticelist() (pymispPyMISP method) 13get_object() (pymispPyMISP method) 13get_object_by_id() (pymispMISPEvent method)
25get_object_by_uuid() (pymispMISPEvent
method) 25get_object_template() (pymispPyMISP
method) 13get_objects_by_name() (pymispMISPEvent
method) 25get_organisation() (pymispPyMISP method) 13get_sync_config() (pymispPyMISP method) 13
get_tag() (pymispPyMISP method) 13get_taxonomy() (pymispPyMISP method) 13get_user() (pymispPyMISP method) 13get_user_setting() (pymispPyMISP method) 14get_warninglist() (pymispPyMISP method) 14
Hhas_attributes_by_relation()
(pymispMISPObject method) 28has_attributes_by_relation()
(pymisptoolsFileObject method) 37has_attributes_by_relation()
(pymisptoolsVTReportObject method)39
hash_values() (pymispMISPAttribute method) 27hash_values() (pymispMISPObjectAttribute
method) 30
Iimport_server() (pymispPyMISP method) 14items() (pymispMISPAttribute method) 27items() (pymispMISPEvent method) 25items() (pymispMISPObject method) 29items() (pymispMISPObjectAttribute method) 30items() (pymispMISPObjectReference method) 31items() (pymispMISPOrganisation method) 34items() (pymispMISPTag method) 32items() (pymispMISPUser method) 33items() (pymisptoolsFileObject method) 38items() (pymisptoolsVTReportObject method) 39
Jjsonable() (pymispAbstractMISP method) 23jsonable() (pymispMISPAttribute method) 27jsonable() (pymispMISPEvent method) 25jsonable() (pymispMISPObject method) 29jsonable() (pymispMISPObjectAttribute method)
30jsonable() (pymispMISPObjectReference method)
31jsonable() (pymispMISPOrganisation method) 34jsonable() (pymispMISPTag method) 32jsonable() (pymispMISPUser method) 33jsonable() (pymisptoolsFileObject method) 38jsonable() (pymisptoolsVTReportObject method)
39
Kkeys() (pymispMISPAttribute method) 27keys() (pymispMISPEvent method) 25keys() (pymispMISPObject method) 29keys() (pymispMISPObjectAttribute method) 30keys() (pymispMISPObjectReference method) 31keys() (pymispMISPOrganisation method) 34
Index 47
PyMISP Documentation Release main
keys() (pymispMISPTag method) 32keys() (pymispMISPUser method) 33keys() (pymisptoolsFileObject method) 38keys() (pymisptoolsVTReportObject method) 39known_types() (pymispMISPAttribute property) 27known_types() (pymispMISPObjectAttribute prop-
erty) 30
Lload() (pymispMISPEvent method) 25load_default_feeds() (pymispPyMISP method)
14load_file() (pymispMISPEvent method) 25load_openioc() (pymisptools method) 40load_openioc_file() (pymisptools method) 40load_stix() (in module pymisptoolsstix) 40
Mmake_stix_package() (in module
pymisptoolsstix) 40malware_binary() (pymispMISPAttribute prop-
erty) 27malware_binary() (pymispMISPObjectAttribute
property) 30misp_instance_version() (pymispPyMISP
property) 14misp_instance_version_master()
(pymispPyMISP property) 14MISPAttribute (class in pymisp) 26MISPEncode (class in pymisp) 24MISPEvent (class in pymisp) 24MISPObject (class in pymisp) 28MISPObjectAttribute (class in pymisp) 29MISPObjectReference (class in pymisp) 31MISPOrganisation (class in pymisp) 34MISPTag (class in pymisp) 32MISPUser (class in pymisp) 33module
pymisp 7pymisptools 37pymisptoolsstix 40
Nnoticelists() (pymispPyMISP method) 14
Oobject_templates() (pymispPyMISP method) 14organisation_blacklists() (pymispPyMISP
method) 14organisations() (pymispPyMISP method) 14
Ppop() (pymispMISPAttribute method) 27
pop() (pymispMISPEvent method) 25pop() (pymispMISPObject method) 29pop() (pymispMISPObjectAttribute method) 30pop() (pymispMISPObjectReference method) 31pop() (pymispMISPOrganisation method) 34pop() (pymispMISPTag method) 32pop() (pymispMISPUser method) 33pop() (pymisptoolsFileObject method) 38pop() (pymisptoolsVTReportObject method) 39popitem() (pymispMISPAttribute method) 27popitem() (pymispMISPEvent method) 25popitem() (pymispMISPObject method) 29popitem() (pymispMISPObjectAttribute method) 30popitem() (pymispMISPObjectReference method) 31popitem() (pymispMISPOrganisation method) 34popitem() (pymispMISPTag method) 32popitem() (pymispMISPUser method) 33popitem() (pymisptoolsFileObject method) 38popitem() (pymisptoolsVTReportObject method) 39publish() (pymispMISPEvent method) 25publish() (pymispPyMISP method) 14push_event_to_ZMQ() (pymispPyMISP method)
14pymisp
module 7PyMISP (class in pymisp) 7pymisptools
module 37pymisptoolsstix
module 40pymisp_version_main() (pymispPyMISP prop-
erty) 15
Rrecommended_pymisp_version()
(pymispPyMISP property) 15remote_acl() (pymispPyMISP method) 15remove_org_from_sharing_group()
(pymispPyMISP method) 15remove_server_from_sharing_group()
(pymispPyMISP method) 15roles() (pymispPyMISP method) 15
Ssearch() (pymispPyMISP method) 15search_feeds() (pymispPyMISP method) 17search_index() (pymispPyMISP method) 18search_logs() (pymispPyMISP method) 18search_sightings() (pymispPyMISP method) 19server_pull() (pymispPyMISP method) 20server_push() (pymispPyMISP method) 20servers() (pymispPyMISP method) 20set_date() (pymispMISPEvent method) 25
48 Index
PyMISP Documentation Release main
set_not_jsonable() (pymispAbstractMISPmethod) 23
set_not_jsonable() (pymispMISPAttributemethod) 27
set_not_jsonable() (pymispMISPEvent method)25
set_not_jsonable() (pymispMISPObjectmethod) 29
set_not_jsonable() (pymispMISPObjectAttributemethod) 30
set_not_jsonable()(pymispMISPObjectReference method)31
set_not_jsonable() (pymispMISPOrganisationmethod) 35
set_not_jsonable() (pymispMISPTag method)32
set_not_jsonable() (pymispMISPUser method)33
set_not_jsonable() (pymisptoolsFileObjectmethod) 38
set_not_jsonable()(pymisptoolsVTReportObject method)39
set_user_setting() (pymispPyMISP method) 20setdefault() (pymispMISPAttribute method) 27setdefault() (pymispMISPEvent method) 25setdefault() (pymispMISPObject method) 29setdefault() (pymispMISPObjectAttribute
method) 30setdefault() (pymispMISPObjectReference
method) 31setdefault() (pymispMISPOrganisation method)
35setdefault() (pymispMISPTag method) 33setdefault() (pymispMISPUser method) 34setdefault() (pymisptoolsFileObject method) 38setdefault() (pymisptoolsVTReportObject
method) 40sharing_groups() (pymispPyMISP method) 20sightings() (pymispPyMISP method) 20
Ttag() (pymispPyMISP method) 20tags() (pymispMISPAttribute property) 27tags() (pymispMISPEvent property) 26tags() (pymispMISPObjectAttribute property) 30tags() (pymispPyMISP method) 20tags_statistics() (pymispPyMISP method) 20taxonomies() (pymispPyMISP method) 20to_dict() (pymispAbstractMISP method) 23to_dict() (pymispMISPAttribute method) 27to_dict() (pymispMISPEvent method) 26to_dict() (pymispMISPObject method) 29
to_dict() (pymispMISPObjectAttribute method) 30to_dict() (pymispMISPObjectReference method) 32to_dict() (pymispMISPOrganisation method) 35to_dict() (pymispMISPTag method) 33to_dict() (pymispMISPUser method) 34to_dict() (pymisptoolsFileObject method) 38to_dict() (pymisptoolsVTReportObject method) 40to_feed() (pymispMISPEvent method) 26to_json() (pymispAbstractMISP method) 23to_json() (pymispMISPAttribute method) 27to_json() (pymispMISPEvent method) 26to_json() (pymispMISPObject method) 29to_json() (pymispMISPObjectAttribute method) 31to_json() (pymispMISPObjectReference method) 32to_json() (pymispMISPOrganisation method) 35to_json() (pymispMISPTag method) 33to_json() (pymispMISPUser method) 34to_json() (pymisptoolsFileObject method) 38to_json() (pymisptoolsVTReportObject method) 40toggle_warninglist() (pymispPyMISP method)
20
Uunpublish() (pymispMISPEvent method) 26untag() (pymispPyMISP method) 21update() (pymispMISPAttribute method) 28update() (pymispMISPEvent method) 26update() (pymispMISPObject method) 29update() (pymispMISPObjectAttribute method) 31update() (pymispMISPObjectReference method) 32update() (pymispMISPOrganisation method) 35update() (pymispMISPTag method) 33update() (pymispMISPUser method) 34update() (pymisptoolsFileObject method) 38update() (pymisptoolsVTReportObject method) 40update_attribute() (pymispPyMISP method) 21update_attribute_proposal()
(pymispPyMISP method) 21update_event() (pymispPyMISP method) 21update_event_blacklist() (pymispPyMISP
method) 21update_feed() (pymispPyMISP method) 21update_galaxies() (pymispPyMISP method) 21update_not_jsonable() (pymispAbstractMISP
method) 23update_not_jsonable() (pymispMISPAttribute
method) 28update_not_jsonable() (pymispMISPEvent
method) 26update_not_jsonable() (pymispMISPObject
method) 29update_not_jsonable()
(pymispMISPObjectAttribute method) 31
Index 49
PyMISP Documentation Release main
update_not_jsonable()(pymispMISPObjectReference method)32
update_not_jsonable()(pymispMISPOrganisation method) 35
update_not_jsonable() (pymispMISPTagmethod) 33
update_not_jsonable() (pymispMISPUsermethod) 34
update_not_jsonable() (pymisptoolsFileObjectmethod) 38
update_not_jsonable()(pymisptoolsVTReportObject method)40
update_noticelists() (pymispPyMISP method)21
update_object() (pymispPyMISP method) 21update_object_templates() (pymispPyMISP
method) 21update_organisation() (pymispPyMISP
method) 21update_organisation_blacklist()
(pymispPyMISP method) 21update_server() (pymispPyMISP method) 22update_tag() (pymispPyMISP method) 22update_taxonomies() (pymispPyMISP method)
22update_user() (pymispPyMISP method) 22update_warninglists() (pymispPyMISP
method) 22upload_stix() (pymispPyMISP method) 22user_registrations() (pymispPyMISP method)
22user_settings() (pymispPyMISP method) 22users() (pymispPyMISP method) 22users_statistics() (pymispPyMISP method) 22
Vvalues() (pymispMISPAttribute method) 28values() (pymispMISPEvent method) 26values() (pymispMISPObject method) 29values() (pymispMISPObjectAttribute method) 31values() (pymispMISPObjectReference method) 32values() (pymispMISPOrganisation method) 35values() (pymispMISPTag method) 33values() (pymispMISPUser method) 34values() (pymisptoolsFileObject method) 38values() (pymisptoolsVTReportObject method) 40values_in_warninglist() (pymispPyMISP
method) 22version() (pymispPyMISP property) 22VTReportObject (class in pymisptools) 38
Wwarninglists() (pymispPyMISP method) 22
50 Index
- README
- pymisp
- PyMISP
- PyMISPExpanded (Python 36+ only)
- MISPAbstract
- MISPEncode
- MISPEvent
- MISPAttribute
- MISPObject
- MISPObjectAttribute
- MISPObjectReference
- MISPTag
- MISPUser
- MISPOrganisation
- pymisp - Tools
- File Object
- ELF Object
- PE Object
- Mach-O Object
- VT Report Object
- STIX
- OpenIOC
- Indices and tables
- Python Module Index
- Index
PyMISP Documentation Release main
clear()rarr None Remove all items from D
delete()Mark the attribute as deleted (soft delete)
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(object_relation value kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
hash_values(algorithm=sha512)Compute the hash of every values for fast lookups
Return type List[str]
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
property known_typesReturns a list of all the known MISP attributes types
Return type List[str]
property malware_binaryReturns a BytesIO of the malware (if the attribute has one obvs)
Return type Optional[BytesIO]
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
property tagsReturns a lost of tags associated to this Attribute
Return type List[MISPTag]
30 Chapter 2 pymisp
PyMISP Documentation Release main
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
29 MISPObjectReference
class pymispMISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
29 MISPObjectReference 31
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
210 MISPTag
class pymispMISPTag(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
32 Chapter 2 pymisp
PyMISP Documentation Release main
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
211 MISPUser
class pymispMISPUser(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
211 MISPUser 33
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation
class pymispMISPOrganisation
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
34 Chapter 2 pymisp
PyMISP Documentation Release main
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation 35
PyMISP Documentation Release main
36 Chapter 2 pymisp
CHAPTER
THREE
PYMISP - TOOLS
31 File Object
class pymisptoolsFileObject(filepath=None pseudofile=None filename=None kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Contains the logic where all the values of the object are gathered
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
37
PyMISP Documentation Release main
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
32 ELF Object
33 PE Object
34 Mach-O Object
35 VT Report Object
class pymisptoolsVTReportObject(apikey indicator vt_proxies=None kwargs)VirusTotal Report
Apikey VirusTotal API key (private works but only public features are supported right now)
38 Chapter 3 pymisp - Tools
PyMISP Documentation Release main
Indicator IOC to search VirusTotal for
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Parse the VirusTotal report for relevant attributes
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
35 VT Report Object 39
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
36 STIX
pymisptoolsstixload_stix(stix distribution=3 threat_level_id=2 analysis=0)Returns a MISPEvent object from a STIX package
pymisptoolsstixmake_stix_package(misp_event to_json=False to_xml=False)Returns a STIXPackage from a MISPEvent
Optionally can return the package in json or xml
37 OpenIOC
toolsload_openioc()
toolsload_openioc_file()
40 Chapter 3 pymisp - Tools
CHAPTER
FOUR
INDICES AND TABLES
bull genindex
bull modindex
bull search
41
PyMISP Documentation Release main
42 Chapter 4 Indices and tables
PYTHON MODULE INDEX
ppymisp 7pymisptools 37pymisptoolsstix 40
43
PyMISP Documentation Release main
44 Python Module Index
INDEX
AAbstractMISP (class in pymisp) 23accept_attribute_proposal()
(pymispPyMISP method) 7add_attribute() (pymispMISPEvent method) 24add_attribute() (pymispMISPObject method) 28add_attribute() (pymispPyMISP method) 7add_attribute() (pymisptoolsFileObject method)
37add_attribute() (pymisptoolsVTReportObject
method) 39add_attribute_proposal() (pymispPyMISP
method) 7add_attribute_tag() (pymispMISPEvent
method) 24add_attributes() (pymispMISPObject method)
28add_attributes() (pymisptoolsFileObject
method) 37add_attributes() (pymisptoolsVTReportObject
method) 39add_event() (pymispPyMISP method) 7add_event_blacklist() (pymispPyMISP
method) 8add_feed() (pymispPyMISP method) 8add_object() (pymispMISPEvent method) 24add_object() (pymispPyMISP method) 8add_object_reference() (pymispPyMISP
method) 8add_org_to_sharing_group() (pymispPyMISP
method) 8add_organisation() (pymispPyMISP method) 8add_organisation_blacklist()
(pymispPyMISP method) 8add_proposal() (pymispMISPAttribute method) 26add_proposal() (pymispMISPEvent method) 24add_proposal() (pymispMISPObjectAttribute
method) 29add_reference() (pymispMISPObject method) 28add_reference() (pymisptoolsFileObject method)
37add_reference() (pymisptoolsVTReportObject
method) 39add_server() (pymispPyMISP method) 8add_server_to_sharing_group()
(pymispPyMISP method) 8add_shadow_attribute() (pymispMISPAttribute
method) 26add_shadow_attribute() (pymispMISPEvent
method) 24add_shadow_attribute()
(pymispMISPObjectAttribute method) 29add_sharing_group() (pymispPyMISP method) 8add_sighting() (pymispMISPAttribute method) 26add_sighting() (pymispMISPObjectAttribute
method) 29add_sighting() (pymispPyMISP method) 8add_tag() (pymispPyMISP method) 8add_user() (pymispPyMISP method) 9attributes_statistics() (pymispPyMISP
method) 9
Bbuild_complex_query() (pymispPyMISP
method) 9
Ccache_all_feeds() (pymispPyMISP method) 9cache_feed() (pymispPyMISP method) 9cache_freetext_feeds() (pymispPyMISP
method) 9cache_misp_feeds() (pymispPyMISP method) 9change_sharing_group_on_entity()
(pymispPyMISP method) 9change_user_password() (pymispPyMISP
method) 9clear() (pymispMISPAttribute method) 26clear() (pymispMISPEvent method) 24clear() (pymispMISPObject method) 28clear() (pymispMISPObjectAttribute method) 29clear() (pymispMISPObjectReference method) 31clear() (pymispMISPOrganisation method) 34clear() (pymispMISPTag method) 32clear() (pymispMISPUser method) 33
45
PyMISP Documentation Release main
clear() (pymisptoolsFileObject method) 37clear() (pymisptoolsVTReportObject method) 39communities() (pymispPyMISP method) 9compare_feeds() (pymispPyMISP method) 9contact_event_reporter() (pymispPyMISP
method) 9
Ddefault() (pymispMISPEncode method) 24delegate_event() (pymispPyMISP method) 10delete() (pymispMISPAttribute method) 26delete() (pymispMISPObjectAttribute method) 30delete_attribute() (pymispMISPEvent method)
24delete_attribute() (pymispPyMISP method) 10delete_attribute_proposal()
(pymispPyMISP method) 10delete_event() (pymispPyMISP method) 10delete_event_blacklist() (pymispPyMISP
method) 10delete_feed() (pymispPyMISP method) 10delete_object() (pymispPyMISP method) 10delete_object_reference() (pymispPyMISP
method) 10delete_organisation() (pymispPyMISP
method) 10delete_organisation_blacklist()
(pymispPyMISP method) 10delete_server() (pymispPyMISP method) 10delete_sharing_group() (pymispPyMISP
method) 10delete_sighting() (pymispPyMISP method) 10delete_tag() (pymispPyMISP method) 11delete_user() (pymispPyMISP method) 11delete_user_setting() (pymispPyMISP
method) 11describe_types_local() (pymispPyMISP prop-
erty) 11describe_types_remote() (pymispPyMISP
property) 11direct_call() (pymispPyMISP method) 11disable_feed() (pymispPyMISP method) 11disable_feed_cache() (pymispPyMISP method)
11disable_noticelist() (pymispPyMISP method)
11disable_tag() (pymispPyMISP method) 11disable_taxonomy() (pymispPyMISP method) 11disable_taxonomy_tags() (pymispPyMISP
method) 11disable_warninglist() (pymispPyMISP
method) 11discard_attribute_proposal()
(pymispPyMISP method) 12
Eedited() (pymispAbstractMISP property) 23edited() (pymispMISPAttribute property) 26edited() (pymispMISPEvent property) 24edited() (pymispMISPObject property) 28edited() (pymispMISPObjectAttribute property) 30edited() (pymispMISPObjectReference property) 31edited() (pymispMISPOrganisation property) 34edited() (pymispMISPTag property) 32edited() (pymispMISPUser property) 33edited() (pymisptoolsFileObject property) 37edited() (pymisptoolsVTReportObject property) 39enable_feed() (pymispPyMISP method) 12enable_feed_cache() (pymispPyMISP method)
12enable_noticelist() (pymispPyMISP method)
12enable_tag() (pymispPyMISP method) 12enable_taxonomy() (pymispPyMISP method) 12enable_taxonomy_tags() (pymispPyMISP
method) 12enable_warninglist() (pymispPyMISP method)
12event_blacklists() (pymispPyMISP method) 12event_delegations() (pymispPyMISP method)
12ExpandedPyMISP (in module pymisp) 23
Ffeeds() (pymispPyMISP method) 12fetch_feed() (pymispPyMISP method) 12FileObject (class in pymisptools) 37freetext() (pymispPyMISP method) 12from_dict() (pymispAbstractMISP method) 23from_dict() (pymispMISPAttribute method) 27from_dict() (pymispMISPEvent method) 25from_dict() (pymispMISPObject method) 28from_dict() (pymispMISPObjectAttribute method)
30from_dict() (pymispMISPObjectReference method)
31from_dict() (pymispMISPOrganisation method) 34from_dict() (pymispMISPTag method) 32from_dict() (pymispMISPUser method) 33from_dict() (pymisptoolsFileObject method) 37from_dict() (pymisptoolsVTReportObject method)
39from_json() (pymispAbstractMISP method) 23from_json() (pymispMISPAttribute method) 27from_json() (pymispMISPEvent method) 25from_json() (pymispMISPObject method) 28from_json() (pymispMISPObjectAttribute method)
30
46 Index
PyMISP Documentation Release main
from_json() (pymispMISPObjectReference method)31
from_json() (pymispMISPOrganisation method) 34from_json() (pymispMISPTag method) 32from_json() (pymispMISPUser method) 33from_json() (pymisptoolsFileObject method) 37from_json() (pymisptoolsVTReportObject method)
39
Ggalaxies() (pymispPyMISP method) 12generate_attributes() (pymisptoolsFileObject
method) 37generate_attributes()
(pymisptoolsVTReportObject method)39
get() (pymispMISPAttribute method) 27get() (pymispMISPEvent method) 25get() (pymispMISPObject method) 28get() (pymispMISPObjectAttribute method) 30get() (pymispMISPObjectReference method) 31get() (pymispMISPOrganisation method) 34get() (pymispMISPTag method) 32get() (pymispMISPUser method) 33get() (pymisptoolsFileObject method) 37get() (pymisptoolsVTReportObject method) 39get_all_functions() (pymispPyMISP method)
13get_attribute() (pymispPyMISP method) 13get_attribute_tag() (pymispMISPEvent
method) 25get_attributes_by_relation()
(pymispMISPObject method) 28get_attributes_by_relation()
(pymisptoolsFileObject method) 37get_attributes_by_relation()
(pymisptoolsVTReportObject method)39
get_community() (pymispPyMISP method) 13get_event() (pymispPyMISP method) 13get_feed() (pymispPyMISP method) 13get_galaxy() (pymispPyMISP method) 13get_noticelist() (pymispPyMISP method) 13get_object() (pymispPyMISP method) 13get_object_by_id() (pymispMISPEvent method)
25get_object_by_uuid() (pymispMISPEvent
method) 25get_object_template() (pymispPyMISP
method) 13get_objects_by_name() (pymispMISPEvent
method) 25get_organisation() (pymispPyMISP method) 13get_sync_config() (pymispPyMISP method) 13
get_tag() (pymispPyMISP method) 13get_taxonomy() (pymispPyMISP method) 13get_user() (pymispPyMISP method) 13get_user_setting() (pymispPyMISP method) 14get_warninglist() (pymispPyMISP method) 14
Hhas_attributes_by_relation()
(pymispMISPObject method) 28has_attributes_by_relation()
(pymisptoolsFileObject method) 37has_attributes_by_relation()
(pymisptoolsVTReportObject method)39
hash_values() (pymispMISPAttribute method) 27hash_values() (pymispMISPObjectAttribute
method) 30
Iimport_server() (pymispPyMISP method) 14items() (pymispMISPAttribute method) 27items() (pymispMISPEvent method) 25items() (pymispMISPObject method) 29items() (pymispMISPObjectAttribute method) 30items() (pymispMISPObjectReference method) 31items() (pymispMISPOrganisation method) 34items() (pymispMISPTag method) 32items() (pymispMISPUser method) 33items() (pymisptoolsFileObject method) 38items() (pymisptoolsVTReportObject method) 39
Jjsonable() (pymispAbstractMISP method) 23jsonable() (pymispMISPAttribute method) 27jsonable() (pymispMISPEvent method) 25jsonable() (pymispMISPObject method) 29jsonable() (pymispMISPObjectAttribute method)
30jsonable() (pymispMISPObjectReference method)
31jsonable() (pymispMISPOrganisation method) 34jsonable() (pymispMISPTag method) 32jsonable() (pymispMISPUser method) 33jsonable() (pymisptoolsFileObject method) 38jsonable() (pymisptoolsVTReportObject method)
39
Kkeys() (pymispMISPAttribute method) 27keys() (pymispMISPEvent method) 25keys() (pymispMISPObject method) 29keys() (pymispMISPObjectAttribute method) 30keys() (pymispMISPObjectReference method) 31keys() (pymispMISPOrganisation method) 34
Index 47
PyMISP Documentation Release main
keys() (pymispMISPTag method) 32keys() (pymispMISPUser method) 33keys() (pymisptoolsFileObject method) 38keys() (pymisptoolsVTReportObject method) 39known_types() (pymispMISPAttribute property) 27known_types() (pymispMISPObjectAttribute prop-
erty) 30
Lload() (pymispMISPEvent method) 25load_default_feeds() (pymispPyMISP method)
14load_file() (pymispMISPEvent method) 25load_openioc() (pymisptools method) 40load_openioc_file() (pymisptools method) 40load_stix() (in module pymisptoolsstix) 40
Mmake_stix_package() (in module
pymisptoolsstix) 40malware_binary() (pymispMISPAttribute prop-
erty) 27malware_binary() (pymispMISPObjectAttribute
property) 30misp_instance_version() (pymispPyMISP
property) 14misp_instance_version_master()
(pymispPyMISP property) 14MISPAttribute (class in pymisp) 26MISPEncode (class in pymisp) 24MISPEvent (class in pymisp) 24MISPObject (class in pymisp) 28MISPObjectAttribute (class in pymisp) 29MISPObjectReference (class in pymisp) 31MISPOrganisation (class in pymisp) 34MISPTag (class in pymisp) 32MISPUser (class in pymisp) 33module
pymisp 7pymisptools 37pymisptoolsstix 40
Nnoticelists() (pymispPyMISP method) 14
Oobject_templates() (pymispPyMISP method) 14organisation_blacklists() (pymispPyMISP
method) 14organisations() (pymispPyMISP method) 14
Ppop() (pymispMISPAttribute method) 27
pop() (pymispMISPEvent method) 25pop() (pymispMISPObject method) 29pop() (pymispMISPObjectAttribute method) 30pop() (pymispMISPObjectReference method) 31pop() (pymispMISPOrganisation method) 34pop() (pymispMISPTag method) 32pop() (pymispMISPUser method) 33pop() (pymisptoolsFileObject method) 38pop() (pymisptoolsVTReportObject method) 39popitem() (pymispMISPAttribute method) 27popitem() (pymispMISPEvent method) 25popitem() (pymispMISPObject method) 29popitem() (pymispMISPObjectAttribute method) 30popitem() (pymispMISPObjectReference method) 31popitem() (pymispMISPOrganisation method) 34popitem() (pymispMISPTag method) 32popitem() (pymispMISPUser method) 33popitem() (pymisptoolsFileObject method) 38popitem() (pymisptoolsVTReportObject method) 39publish() (pymispMISPEvent method) 25publish() (pymispPyMISP method) 14push_event_to_ZMQ() (pymispPyMISP method)
14pymisp
module 7PyMISP (class in pymisp) 7pymisptools
module 37pymisptoolsstix
module 40pymisp_version_main() (pymispPyMISP prop-
erty) 15
Rrecommended_pymisp_version()
(pymispPyMISP property) 15remote_acl() (pymispPyMISP method) 15remove_org_from_sharing_group()
(pymispPyMISP method) 15remove_server_from_sharing_group()
(pymispPyMISP method) 15roles() (pymispPyMISP method) 15
Ssearch() (pymispPyMISP method) 15search_feeds() (pymispPyMISP method) 17search_index() (pymispPyMISP method) 18search_logs() (pymispPyMISP method) 18search_sightings() (pymispPyMISP method) 19server_pull() (pymispPyMISP method) 20server_push() (pymispPyMISP method) 20servers() (pymispPyMISP method) 20set_date() (pymispMISPEvent method) 25
48 Index
PyMISP Documentation Release main
set_not_jsonable() (pymispAbstractMISPmethod) 23
set_not_jsonable() (pymispMISPAttributemethod) 27
set_not_jsonable() (pymispMISPEvent method)25
set_not_jsonable() (pymispMISPObjectmethod) 29
set_not_jsonable() (pymispMISPObjectAttributemethod) 30
set_not_jsonable()(pymispMISPObjectReference method)31
set_not_jsonable() (pymispMISPOrganisationmethod) 35
set_not_jsonable() (pymispMISPTag method)32
set_not_jsonable() (pymispMISPUser method)33
set_not_jsonable() (pymisptoolsFileObjectmethod) 38
set_not_jsonable()(pymisptoolsVTReportObject method)39
set_user_setting() (pymispPyMISP method) 20setdefault() (pymispMISPAttribute method) 27setdefault() (pymispMISPEvent method) 25setdefault() (pymispMISPObject method) 29setdefault() (pymispMISPObjectAttribute
method) 30setdefault() (pymispMISPObjectReference
method) 31setdefault() (pymispMISPOrganisation method)
35setdefault() (pymispMISPTag method) 33setdefault() (pymispMISPUser method) 34setdefault() (pymisptoolsFileObject method) 38setdefault() (pymisptoolsVTReportObject
method) 40sharing_groups() (pymispPyMISP method) 20sightings() (pymispPyMISP method) 20
Ttag() (pymispPyMISP method) 20tags() (pymispMISPAttribute property) 27tags() (pymispMISPEvent property) 26tags() (pymispMISPObjectAttribute property) 30tags() (pymispPyMISP method) 20tags_statistics() (pymispPyMISP method) 20taxonomies() (pymispPyMISP method) 20to_dict() (pymispAbstractMISP method) 23to_dict() (pymispMISPAttribute method) 27to_dict() (pymispMISPEvent method) 26to_dict() (pymispMISPObject method) 29
to_dict() (pymispMISPObjectAttribute method) 30to_dict() (pymispMISPObjectReference method) 32to_dict() (pymispMISPOrganisation method) 35to_dict() (pymispMISPTag method) 33to_dict() (pymispMISPUser method) 34to_dict() (pymisptoolsFileObject method) 38to_dict() (pymisptoolsVTReportObject method) 40to_feed() (pymispMISPEvent method) 26to_json() (pymispAbstractMISP method) 23to_json() (pymispMISPAttribute method) 27to_json() (pymispMISPEvent method) 26to_json() (pymispMISPObject method) 29to_json() (pymispMISPObjectAttribute method) 31to_json() (pymispMISPObjectReference method) 32to_json() (pymispMISPOrganisation method) 35to_json() (pymispMISPTag method) 33to_json() (pymispMISPUser method) 34to_json() (pymisptoolsFileObject method) 38to_json() (pymisptoolsVTReportObject method) 40toggle_warninglist() (pymispPyMISP method)
20
Uunpublish() (pymispMISPEvent method) 26untag() (pymispPyMISP method) 21update() (pymispMISPAttribute method) 28update() (pymispMISPEvent method) 26update() (pymispMISPObject method) 29update() (pymispMISPObjectAttribute method) 31update() (pymispMISPObjectReference method) 32update() (pymispMISPOrganisation method) 35update() (pymispMISPTag method) 33update() (pymispMISPUser method) 34update() (pymisptoolsFileObject method) 38update() (pymisptoolsVTReportObject method) 40update_attribute() (pymispPyMISP method) 21update_attribute_proposal()
(pymispPyMISP method) 21update_event() (pymispPyMISP method) 21update_event_blacklist() (pymispPyMISP
method) 21update_feed() (pymispPyMISP method) 21update_galaxies() (pymispPyMISP method) 21update_not_jsonable() (pymispAbstractMISP
method) 23update_not_jsonable() (pymispMISPAttribute
method) 28update_not_jsonable() (pymispMISPEvent
method) 26update_not_jsonable() (pymispMISPObject
method) 29update_not_jsonable()
(pymispMISPObjectAttribute method) 31
Index 49
PyMISP Documentation Release main
update_not_jsonable()(pymispMISPObjectReference method)32
update_not_jsonable()(pymispMISPOrganisation method) 35
update_not_jsonable() (pymispMISPTagmethod) 33
update_not_jsonable() (pymispMISPUsermethod) 34
update_not_jsonable() (pymisptoolsFileObjectmethod) 38
update_not_jsonable()(pymisptoolsVTReportObject method)40
update_noticelists() (pymispPyMISP method)21
update_object() (pymispPyMISP method) 21update_object_templates() (pymispPyMISP
method) 21update_organisation() (pymispPyMISP
method) 21update_organisation_blacklist()
(pymispPyMISP method) 21update_server() (pymispPyMISP method) 22update_tag() (pymispPyMISP method) 22update_taxonomies() (pymispPyMISP method)
22update_user() (pymispPyMISP method) 22update_warninglists() (pymispPyMISP
method) 22upload_stix() (pymispPyMISP method) 22user_registrations() (pymispPyMISP method)
22user_settings() (pymispPyMISP method) 22users() (pymispPyMISP method) 22users_statistics() (pymispPyMISP method) 22
Vvalues() (pymispMISPAttribute method) 28values() (pymispMISPEvent method) 26values() (pymispMISPObject method) 29values() (pymispMISPObjectAttribute method) 31values() (pymispMISPObjectReference method) 32values() (pymispMISPOrganisation method) 35values() (pymispMISPTag method) 33values() (pymispMISPUser method) 34values() (pymisptoolsFileObject method) 38values() (pymisptoolsVTReportObject method) 40values_in_warninglist() (pymispPyMISP
method) 22version() (pymispPyMISP property) 22VTReportObject (class in pymisptools) 38
Wwarninglists() (pymispPyMISP method) 22
50 Index
- README
- pymisp
- PyMISP
- PyMISPExpanded (Python 36+ only)
- MISPAbstract
- MISPEncode
- MISPEvent
- MISPAttribute
- MISPObject
- MISPObjectAttribute
- MISPObjectReference
- MISPTag
- MISPUser
- MISPOrganisation
- pymisp - Tools
- File Object
- ELF Object
- PE Object
- Mach-O Object
- VT Report Object
- STIX
- OpenIOC
- Indices and tables
- Python Module Index
- Index
PyMISP Documentation Release main
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
29 MISPObjectReference
class pymispMISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
29 MISPObjectReference 31
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
210 MISPTag
class pymispMISPTag(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
32 Chapter 2 pymisp
PyMISP Documentation Release main
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
211 MISPUser
class pymispMISPUser(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
211 MISPUser 33
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation
class pymispMISPOrganisation
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
34 Chapter 2 pymisp
PyMISP Documentation Release main
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation 35
PyMISP Documentation Release main
36 Chapter 2 pymisp
CHAPTER
THREE
PYMISP - TOOLS
31 File Object
class pymisptoolsFileObject(filepath=None pseudofile=None filename=None kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Contains the logic where all the values of the object are gathered
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
37
PyMISP Documentation Release main
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
32 ELF Object
33 PE Object
34 Mach-O Object
35 VT Report Object
class pymisptoolsVTReportObject(apikey indicator vt_proxies=None kwargs)VirusTotal Report
Apikey VirusTotal API key (private works but only public features are supported right now)
38 Chapter 3 pymisp - Tools
PyMISP Documentation Release main
Indicator IOC to search VirusTotal for
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Parse the VirusTotal report for relevant attributes
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
35 VT Report Object 39
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
36 STIX
pymisptoolsstixload_stix(stix distribution=3 threat_level_id=2 analysis=0)Returns a MISPEvent object from a STIX package
pymisptoolsstixmake_stix_package(misp_event to_json=False to_xml=False)Returns a STIXPackage from a MISPEvent
Optionally can return the package in json or xml
37 OpenIOC
toolsload_openioc()
toolsload_openioc_file()
40 Chapter 3 pymisp - Tools
CHAPTER
FOUR
INDICES AND TABLES
bull genindex
bull modindex
bull search
41
PyMISP Documentation Release main
42 Chapter 4 Indices and tables
PYTHON MODULE INDEX
ppymisp 7pymisptools 37pymisptoolsstix 40
43
PyMISP Documentation Release main
44 Python Module Index
INDEX
AAbstractMISP (class in pymisp) 23accept_attribute_proposal()
(pymispPyMISP method) 7add_attribute() (pymispMISPEvent method) 24add_attribute() (pymispMISPObject method) 28add_attribute() (pymispPyMISP method) 7add_attribute() (pymisptoolsFileObject method)
37add_attribute() (pymisptoolsVTReportObject
method) 39add_attribute_proposal() (pymispPyMISP
method) 7add_attribute_tag() (pymispMISPEvent
method) 24add_attributes() (pymispMISPObject method)
28add_attributes() (pymisptoolsFileObject
method) 37add_attributes() (pymisptoolsVTReportObject
method) 39add_event() (pymispPyMISP method) 7add_event_blacklist() (pymispPyMISP
method) 8add_feed() (pymispPyMISP method) 8add_object() (pymispMISPEvent method) 24add_object() (pymispPyMISP method) 8add_object_reference() (pymispPyMISP
method) 8add_org_to_sharing_group() (pymispPyMISP
method) 8add_organisation() (pymispPyMISP method) 8add_organisation_blacklist()
(pymispPyMISP method) 8add_proposal() (pymispMISPAttribute method) 26add_proposal() (pymispMISPEvent method) 24add_proposal() (pymispMISPObjectAttribute
method) 29add_reference() (pymispMISPObject method) 28add_reference() (pymisptoolsFileObject method)
37add_reference() (pymisptoolsVTReportObject
method) 39add_server() (pymispPyMISP method) 8add_server_to_sharing_group()
(pymispPyMISP method) 8add_shadow_attribute() (pymispMISPAttribute
method) 26add_shadow_attribute() (pymispMISPEvent
method) 24add_shadow_attribute()
(pymispMISPObjectAttribute method) 29add_sharing_group() (pymispPyMISP method) 8add_sighting() (pymispMISPAttribute method) 26add_sighting() (pymispMISPObjectAttribute
method) 29add_sighting() (pymispPyMISP method) 8add_tag() (pymispPyMISP method) 8add_user() (pymispPyMISP method) 9attributes_statistics() (pymispPyMISP
method) 9
Bbuild_complex_query() (pymispPyMISP
method) 9
Ccache_all_feeds() (pymispPyMISP method) 9cache_feed() (pymispPyMISP method) 9cache_freetext_feeds() (pymispPyMISP
method) 9cache_misp_feeds() (pymispPyMISP method) 9change_sharing_group_on_entity()
(pymispPyMISP method) 9change_user_password() (pymispPyMISP
method) 9clear() (pymispMISPAttribute method) 26clear() (pymispMISPEvent method) 24clear() (pymispMISPObject method) 28clear() (pymispMISPObjectAttribute method) 29clear() (pymispMISPObjectReference method) 31clear() (pymispMISPOrganisation method) 34clear() (pymispMISPTag method) 32clear() (pymispMISPUser method) 33
45
PyMISP Documentation Release main
clear() (pymisptoolsFileObject method) 37clear() (pymisptoolsVTReportObject method) 39communities() (pymispPyMISP method) 9compare_feeds() (pymispPyMISP method) 9contact_event_reporter() (pymispPyMISP
method) 9
Ddefault() (pymispMISPEncode method) 24delegate_event() (pymispPyMISP method) 10delete() (pymispMISPAttribute method) 26delete() (pymispMISPObjectAttribute method) 30delete_attribute() (pymispMISPEvent method)
24delete_attribute() (pymispPyMISP method) 10delete_attribute_proposal()
(pymispPyMISP method) 10delete_event() (pymispPyMISP method) 10delete_event_blacklist() (pymispPyMISP
method) 10delete_feed() (pymispPyMISP method) 10delete_object() (pymispPyMISP method) 10delete_object_reference() (pymispPyMISP
method) 10delete_organisation() (pymispPyMISP
method) 10delete_organisation_blacklist()
(pymispPyMISP method) 10delete_server() (pymispPyMISP method) 10delete_sharing_group() (pymispPyMISP
method) 10delete_sighting() (pymispPyMISP method) 10delete_tag() (pymispPyMISP method) 11delete_user() (pymispPyMISP method) 11delete_user_setting() (pymispPyMISP
method) 11describe_types_local() (pymispPyMISP prop-
erty) 11describe_types_remote() (pymispPyMISP
property) 11direct_call() (pymispPyMISP method) 11disable_feed() (pymispPyMISP method) 11disable_feed_cache() (pymispPyMISP method)
11disable_noticelist() (pymispPyMISP method)
11disable_tag() (pymispPyMISP method) 11disable_taxonomy() (pymispPyMISP method) 11disable_taxonomy_tags() (pymispPyMISP
method) 11disable_warninglist() (pymispPyMISP
method) 11discard_attribute_proposal()
(pymispPyMISP method) 12
Eedited() (pymispAbstractMISP property) 23edited() (pymispMISPAttribute property) 26edited() (pymispMISPEvent property) 24edited() (pymispMISPObject property) 28edited() (pymispMISPObjectAttribute property) 30edited() (pymispMISPObjectReference property) 31edited() (pymispMISPOrganisation property) 34edited() (pymispMISPTag property) 32edited() (pymispMISPUser property) 33edited() (pymisptoolsFileObject property) 37edited() (pymisptoolsVTReportObject property) 39enable_feed() (pymispPyMISP method) 12enable_feed_cache() (pymispPyMISP method)
12enable_noticelist() (pymispPyMISP method)
12enable_tag() (pymispPyMISP method) 12enable_taxonomy() (pymispPyMISP method) 12enable_taxonomy_tags() (pymispPyMISP
method) 12enable_warninglist() (pymispPyMISP method)
12event_blacklists() (pymispPyMISP method) 12event_delegations() (pymispPyMISP method)
12ExpandedPyMISP (in module pymisp) 23
Ffeeds() (pymispPyMISP method) 12fetch_feed() (pymispPyMISP method) 12FileObject (class in pymisptools) 37freetext() (pymispPyMISP method) 12from_dict() (pymispAbstractMISP method) 23from_dict() (pymispMISPAttribute method) 27from_dict() (pymispMISPEvent method) 25from_dict() (pymispMISPObject method) 28from_dict() (pymispMISPObjectAttribute method)
30from_dict() (pymispMISPObjectReference method)
31from_dict() (pymispMISPOrganisation method) 34from_dict() (pymispMISPTag method) 32from_dict() (pymispMISPUser method) 33from_dict() (pymisptoolsFileObject method) 37from_dict() (pymisptoolsVTReportObject method)
39from_json() (pymispAbstractMISP method) 23from_json() (pymispMISPAttribute method) 27from_json() (pymispMISPEvent method) 25from_json() (pymispMISPObject method) 28from_json() (pymispMISPObjectAttribute method)
30
46 Index
PyMISP Documentation Release main
from_json() (pymispMISPObjectReference method)31
from_json() (pymispMISPOrganisation method) 34from_json() (pymispMISPTag method) 32from_json() (pymispMISPUser method) 33from_json() (pymisptoolsFileObject method) 37from_json() (pymisptoolsVTReportObject method)
39
Ggalaxies() (pymispPyMISP method) 12generate_attributes() (pymisptoolsFileObject
method) 37generate_attributes()
(pymisptoolsVTReportObject method)39
get() (pymispMISPAttribute method) 27get() (pymispMISPEvent method) 25get() (pymispMISPObject method) 28get() (pymispMISPObjectAttribute method) 30get() (pymispMISPObjectReference method) 31get() (pymispMISPOrganisation method) 34get() (pymispMISPTag method) 32get() (pymispMISPUser method) 33get() (pymisptoolsFileObject method) 37get() (pymisptoolsVTReportObject method) 39get_all_functions() (pymispPyMISP method)
13get_attribute() (pymispPyMISP method) 13get_attribute_tag() (pymispMISPEvent
method) 25get_attributes_by_relation()
(pymispMISPObject method) 28get_attributes_by_relation()
(pymisptoolsFileObject method) 37get_attributes_by_relation()
(pymisptoolsVTReportObject method)39
get_community() (pymispPyMISP method) 13get_event() (pymispPyMISP method) 13get_feed() (pymispPyMISP method) 13get_galaxy() (pymispPyMISP method) 13get_noticelist() (pymispPyMISP method) 13get_object() (pymispPyMISP method) 13get_object_by_id() (pymispMISPEvent method)
25get_object_by_uuid() (pymispMISPEvent
method) 25get_object_template() (pymispPyMISP
method) 13get_objects_by_name() (pymispMISPEvent
method) 25get_organisation() (pymispPyMISP method) 13get_sync_config() (pymispPyMISP method) 13
get_tag() (pymispPyMISP method) 13get_taxonomy() (pymispPyMISP method) 13get_user() (pymispPyMISP method) 13get_user_setting() (pymispPyMISP method) 14get_warninglist() (pymispPyMISP method) 14
Hhas_attributes_by_relation()
(pymispMISPObject method) 28has_attributes_by_relation()
(pymisptoolsFileObject method) 37has_attributes_by_relation()
(pymisptoolsVTReportObject method)39
hash_values() (pymispMISPAttribute method) 27hash_values() (pymispMISPObjectAttribute
method) 30
Iimport_server() (pymispPyMISP method) 14items() (pymispMISPAttribute method) 27items() (pymispMISPEvent method) 25items() (pymispMISPObject method) 29items() (pymispMISPObjectAttribute method) 30items() (pymispMISPObjectReference method) 31items() (pymispMISPOrganisation method) 34items() (pymispMISPTag method) 32items() (pymispMISPUser method) 33items() (pymisptoolsFileObject method) 38items() (pymisptoolsVTReportObject method) 39
Jjsonable() (pymispAbstractMISP method) 23jsonable() (pymispMISPAttribute method) 27jsonable() (pymispMISPEvent method) 25jsonable() (pymispMISPObject method) 29jsonable() (pymispMISPObjectAttribute method)
30jsonable() (pymispMISPObjectReference method)
31jsonable() (pymispMISPOrganisation method) 34jsonable() (pymispMISPTag method) 32jsonable() (pymispMISPUser method) 33jsonable() (pymisptoolsFileObject method) 38jsonable() (pymisptoolsVTReportObject method)
39
Kkeys() (pymispMISPAttribute method) 27keys() (pymispMISPEvent method) 25keys() (pymispMISPObject method) 29keys() (pymispMISPObjectAttribute method) 30keys() (pymispMISPObjectReference method) 31keys() (pymispMISPOrganisation method) 34
Index 47
PyMISP Documentation Release main
keys() (pymispMISPTag method) 32keys() (pymispMISPUser method) 33keys() (pymisptoolsFileObject method) 38keys() (pymisptoolsVTReportObject method) 39known_types() (pymispMISPAttribute property) 27known_types() (pymispMISPObjectAttribute prop-
erty) 30
Lload() (pymispMISPEvent method) 25load_default_feeds() (pymispPyMISP method)
14load_file() (pymispMISPEvent method) 25load_openioc() (pymisptools method) 40load_openioc_file() (pymisptools method) 40load_stix() (in module pymisptoolsstix) 40
Mmake_stix_package() (in module
pymisptoolsstix) 40malware_binary() (pymispMISPAttribute prop-
erty) 27malware_binary() (pymispMISPObjectAttribute
property) 30misp_instance_version() (pymispPyMISP
property) 14misp_instance_version_master()
(pymispPyMISP property) 14MISPAttribute (class in pymisp) 26MISPEncode (class in pymisp) 24MISPEvent (class in pymisp) 24MISPObject (class in pymisp) 28MISPObjectAttribute (class in pymisp) 29MISPObjectReference (class in pymisp) 31MISPOrganisation (class in pymisp) 34MISPTag (class in pymisp) 32MISPUser (class in pymisp) 33module
pymisp 7pymisptools 37pymisptoolsstix 40
Nnoticelists() (pymispPyMISP method) 14
Oobject_templates() (pymispPyMISP method) 14organisation_blacklists() (pymispPyMISP
method) 14organisations() (pymispPyMISP method) 14
Ppop() (pymispMISPAttribute method) 27
pop() (pymispMISPEvent method) 25pop() (pymispMISPObject method) 29pop() (pymispMISPObjectAttribute method) 30pop() (pymispMISPObjectReference method) 31pop() (pymispMISPOrganisation method) 34pop() (pymispMISPTag method) 32pop() (pymispMISPUser method) 33pop() (pymisptoolsFileObject method) 38pop() (pymisptoolsVTReportObject method) 39popitem() (pymispMISPAttribute method) 27popitem() (pymispMISPEvent method) 25popitem() (pymispMISPObject method) 29popitem() (pymispMISPObjectAttribute method) 30popitem() (pymispMISPObjectReference method) 31popitem() (pymispMISPOrganisation method) 34popitem() (pymispMISPTag method) 32popitem() (pymispMISPUser method) 33popitem() (pymisptoolsFileObject method) 38popitem() (pymisptoolsVTReportObject method) 39publish() (pymispMISPEvent method) 25publish() (pymispPyMISP method) 14push_event_to_ZMQ() (pymispPyMISP method)
14pymisp
module 7PyMISP (class in pymisp) 7pymisptools
module 37pymisptoolsstix
module 40pymisp_version_main() (pymispPyMISP prop-
erty) 15
Rrecommended_pymisp_version()
(pymispPyMISP property) 15remote_acl() (pymispPyMISP method) 15remove_org_from_sharing_group()
(pymispPyMISP method) 15remove_server_from_sharing_group()
(pymispPyMISP method) 15roles() (pymispPyMISP method) 15
Ssearch() (pymispPyMISP method) 15search_feeds() (pymispPyMISP method) 17search_index() (pymispPyMISP method) 18search_logs() (pymispPyMISP method) 18search_sightings() (pymispPyMISP method) 19server_pull() (pymispPyMISP method) 20server_push() (pymispPyMISP method) 20servers() (pymispPyMISP method) 20set_date() (pymispMISPEvent method) 25
48 Index
PyMISP Documentation Release main
set_not_jsonable() (pymispAbstractMISPmethod) 23
set_not_jsonable() (pymispMISPAttributemethod) 27
set_not_jsonable() (pymispMISPEvent method)25
set_not_jsonable() (pymispMISPObjectmethod) 29
set_not_jsonable() (pymispMISPObjectAttributemethod) 30
set_not_jsonable()(pymispMISPObjectReference method)31
set_not_jsonable() (pymispMISPOrganisationmethod) 35
set_not_jsonable() (pymispMISPTag method)32
set_not_jsonable() (pymispMISPUser method)33
set_not_jsonable() (pymisptoolsFileObjectmethod) 38
set_not_jsonable()(pymisptoolsVTReportObject method)39
set_user_setting() (pymispPyMISP method) 20setdefault() (pymispMISPAttribute method) 27setdefault() (pymispMISPEvent method) 25setdefault() (pymispMISPObject method) 29setdefault() (pymispMISPObjectAttribute
method) 30setdefault() (pymispMISPObjectReference
method) 31setdefault() (pymispMISPOrganisation method)
35setdefault() (pymispMISPTag method) 33setdefault() (pymispMISPUser method) 34setdefault() (pymisptoolsFileObject method) 38setdefault() (pymisptoolsVTReportObject
method) 40sharing_groups() (pymispPyMISP method) 20sightings() (pymispPyMISP method) 20
Ttag() (pymispPyMISP method) 20tags() (pymispMISPAttribute property) 27tags() (pymispMISPEvent property) 26tags() (pymispMISPObjectAttribute property) 30tags() (pymispPyMISP method) 20tags_statistics() (pymispPyMISP method) 20taxonomies() (pymispPyMISP method) 20to_dict() (pymispAbstractMISP method) 23to_dict() (pymispMISPAttribute method) 27to_dict() (pymispMISPEvent method) 26to_dict() (pymispMISPObject method) 29
to_dict() (pymispMISPObjectAttribute method) 30to_dict() (pymispMISPObjectReference method) 32to_dict() (pymispMISPOrganisation method) 35to_dict() (pymispMISPTag method) 33to_dict() (pymispMISPUser method) 34to_dict() (pymisptoolsFileObject method) 38to_dict() (pymisptoolsVTReportObject method) 40to_feed() (pymispMISPEvent method) 26to_json() (pymispAbstractMISP method) 23to_json() (pymispMISPAttribute method) 27to_json() (pymispMISPEvent method) 26to_json() (pymispMISPObject method) 29to_json() (pymispMISPObjectAttribute method) 31to_json() (pymispMISPObjectReference method) 32to_json() (pymispMISPOrganisation method) 35to_json() (pymispMISPTag method) 33to_json() (pymispMISPUser method) 34to_json() (pymisptoolsFileObject method) 38to_json() (pymisptoolsVTReportObject method) 40toggle_warninglist() (pymispPyMISP method)
20
Uunpublish() (pymispMISPEvent method) 26untag() (pymispPyMISP method) 21update() (pymispMISPAttribute method) 28update() (pymispMISPEvent method) 26update() (pymispMISPObject method) 29update() (pymispMISPObjectAttribute method) 31update() (pymispMISPObjectReference method) 32update() (pymispMISPOrganisation method) 35update() (pymispMISPTag method) 33update() (pymispMISPUser method) 34update() (pymisptoolsFileObject method) 38update() (pymisptoolsVTReportObject method) 40update_attribute() (pymispPyMISP method) 21update_attribute_proposal()
(pymispPyMISP method) 21update_event() (pymispPyMISP method) 21update_event_blacklist() (pymispPyMISP
method) 21update_feed() (pymispPyMISP method) 21update_galaxies() (pymispPyMISP method) 21update_not_jsonable() (pymispAbstractMISP
method) 23update_not_jsonable() (pymispMISPAttribute
method) 28update_not_jsonable() (pymispMISPEvent
method) 26update_not_jsonable() (pymispMISPObject
method) 29update_not_jsonable()
(pymispMISPObjectAttribute method) 31
Index 49
PyMISP Documentation Release main
update_not_jsonable()(pymispMISPObjectReference method)32
update_not_jsonable()(pymispMISPOrganisation method) 35
update_not_jsonable() (pymispMISPTagmethod) 33
update_not_jsonable() (pymispMISPUsermethod) 34
update_not_jsonable() (pymisptoolsFileObjectmethod) 38
update_not_jsonable()(pymisptoolsVTReportObject method)40
update_noticelists() (pymispPyMISP method)21
update_object() (pymispPyMISP method) 21update_object_templates() (pymispPyMISP
method) 21update_organisation() (pymispPyMISP
method) 21update_organisation_blacklist()
(pymispPyMISP method) 21update_server() (pymispPyMISP method) 22update_tag() (pymispPyMISP method) 22update_taxonomies() (pymispPyMISP method)
22update_user() (pymispPyMISP method) 22update_warninglists() (pymispPyMISP
method) 22upload_stix() (pymispPyMISP method) 22user_registrations() (pymispPyMISP method)
22user_settings() (pymispPyMISP method) 22users() (pymispPyMISP method) 22users_statistics() (pymispPyMISP method) 22
Vvalues() (pymispMISPAttribute method) 28values() (pymispMISPEvent method) 26values() (pymispMISPObject method) 29values() (pymispMISPObjectAttribute method) 31values() (pymispMISPObjectReference method) 32values() (pymispMISPOrganisation method) 35values() (pymispMISPTag method) 33values() (pymispMISPUser method) 34values() (pymisptoolsFileObject method) 38values() (pymisptoolsVTReportObject method) 40values_in_warninglist() (pymispPyMISP
method) 22version() (pymispPyMISP property) 22VTReportObject (class in pymisptools) 38
Wwarninglists() (pymispPyMISP method) 22
50 Index
- README
- pymisp
- PyMISP
- PyMISPExpanded (Python 36+ only)
- MISPAbstract
- MISPEncode
- MISPEvent
- MISPAttribute
- MISPObject
- MISPObjectAttribute
- MISPObjectReference
- MISPTag
- MISPUser
- MISPOrganisation
- pymisp - Tools
- File Object
- ELF Object
- PE Object
- Mach-O Object
- VT Report Object
- STIX
- OpenIOC
- Indices and tables
- Python Module Index
- Index
PyMISP Documentation Release main
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
210 MISPTag
class pymispMISPTag(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
32 Chapter 2 pymisp
PyMISP Documentation Release main
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
211 MISPUser
class pymispMISPUser(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
211 MISPUser 33
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation
class pymispMISPOrganisation
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
34 Chapter 2 pymisp
PyMISP Documentation Release main
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation 35
PyMISP Documentation Release main
36 Chapter 2 pymisp
CHAPTER
THREE
PYMISP - TOOLS
31 File Object
class pymisptoolsFileObject(filepath=None pseudofile=None filename=None kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Contains the logic where all the values of the object are gathered
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
37
PyMISP Documentation Release main
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
32 ELF Object
33 PE Object
34 Mach-O Object
35 VT Report Object
class pymisptoolsVTReportObject(apikey indicator vt_proxies=None kwargs)VirusTotal Report
Apikey VirusTotal API key (private works but only public features are supported right now)
38 Chapter 3 pymisp - Tools
PyMISP Documentation Release main
Indicator IOC to search VirusTotal for
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Parse the VirusTotal report for relevant attributes
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
35 VT Report Object 39
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
36 STIX
pymisptoolsstixload_stix(stix distribution=3 threat_level_id=2 analysis=0)Returns a MISPEvent object from a STIX package
pymisptoolsstixmake_stix_package(misp_event to_json=False to_xml=False)Returns a STIXPackage from a MISPEvent
Optionally can return the package in json or xml
37 OpenIOC
toolsload_openioc()
toolsload_openioc_file()
40 Chapter 3 pymisp - Tools
CHAPTER
FOUR
INDICES AND TABLES
bull genindex
bull modindex
bull search
41
PyMISP Documentation Release main
42 Chapter 4 Indices and tables
PYTHON MODULE INDEX
ppymisp 7pymisptools 37pymisptoolsstix 40
43
PyMISP Documentation Release main
44 Python Module Index
INDEX
AAbstractMISP (class in pymisp) 23accept_attribute_proposal()
(pymispPyMISP method) 7add_attribute() (pymispMISPEvent method) 24add_attribute() (pymispMISPObject method) 28add_attribute() (pymispPyMISP method) 7add_attribute() (pymisptoolsFileObject method)
37add_attribute() (pymisptoolsVTReportObject
method) 39add_attribute_proposal() (pymispPyMISP
method) 7add_attribute_tag() (pymispMISPEvent
method) 24add_attributes() (pymispMISPObject method)
28add_attributes() (pymisptoolsFileObject
method) 37add_attributes() (pymisptoolsVTReportObject
method) 39add_event() (pymispPyMISP method) 7add_event_blacklist() (pymispPyMISP
method) 8add_feed() (pymispPyMISP method) 8add_object() (pymispMISPEvent method) 24add_object() (pymispPyMISP method) 8add_object_reference() (pymispPyMISP
method) 8add_org_to_sharing_group() (pymispPyMISP
method) 8add_organisation() (pymispPyMISP method) 8add_organisation_blacklist()
(pymispPyMISP method) 8add_proposal() (pymispMISPAttribute method) 26add_proposal() (pymispMISPEvent method) 24add_proposal() (pymispMISPObjectAttribute
method) 29add_reference() (pymispMISPObject method) 28add_reference() (pymisptoolsFileObject method)
37add_reference() (pymisptoolsVTReportObject
method) 39add_server() (pymispPyMISP method) 8add_server_to_sharing_group()
(pymispPyMISP method) 8add_shadow_attribute() (pymispMISPAttribute
method) 26add_shadow_attribute() (pymispMISPEvent
method) 24add_shadow_attribute()
(pymispMISPObjectAttribute method) 29add_sharing_group() (pymispPyMISP method) 8add_sighting() (pymispMISPAttribute method) 26add_sighting() (pymispMISPObjectAttribute
method) 29add_sighting() (pymispPyMISP method) 8add_tag() (pymispPyMISP method) 8add_user() (pymispPyMISP method) 9attributes_statistics() (pymispPyMISP
method) 9
Bbuild_complex_query() (pymispPyMISP
method) 9
Ccache_all_feeds() (pymispPyMISP method) 9cache_feed() (pymispPyMISP method) 9cache_freetext_feeds() (pymispPyMISP
method) 9cache_misp_feeds() (pymispPyMISP method) 9change_sharing_group_on_entity()
(pymispPyMISP method) 9change_user_password() (pymispPyMISP
method) 9clear() (pymispMISPAttribute method) 26clear() (pymispMISPEvent method) 24clear() (pymispMISPObject method) 28clear() (pymispMISPObjectAttribute method) 29clear() (pymispMISPObjectReference method) 31clear() (pymispMISPOrganisation method) 34clear() (pymispMISPTag method) 32clear() (pymispMISPUser method) 33
45
PyMISP Documentation Release main
clear() (pymisptoolsFileObject method) 37clear() (pymisptoolsVTReportObject method) 39communities() (pymispPyMISP method) 9compare_feeds() (pymispPyMISP method) 9contact_event_reporter() (pymispPyMISP
method) 9
Ddefault() (pymispMISPEncode method) 24delegate_event() (pymispPyMISP method) 10delete() (pymispMISPAttribute method) 26delete() (pymispMISPObjectAttribute method) 30delete_attribute() (pymispMISPEvent method)
24delete_attribute() (pymispPyMISP method) 10delete_attribute_proposal()
(pymispPyMISP method) 10delete_event() (pymispPyMISP method) 10delete_event_blacklist() (pymispPyMISP
method) 10delete_feed() (pymispPyMISP method) 10delete_object() (pymispPyMISP method) 10delete_object_reference() (pymispPyMISP
method) 10delete_organisation() (pymispPyMISP
method) 10delete_organisation_blacklist()
(pymispPyMISP method) 10delete_server() (pymispPyMISP method) 10delete_sharing_group() (pymispPyMISP
method) 10delete_sighting() (pymispPyMISP method) 10delete_tag() (pymispPyMISP method) 11delete_user() (pymispPyMISP method) 11delete_user_setting() (pymispPyMISP
method) 11describe_types_local() (pymispPyMISP prop-
erty) 11describe_types_remote() (pymispPyMISP
property) 11direct_call() (pymispPyMISP method) 11disable_feed() (pymispPyMISP method) 11disable_feed_cache() (pymispPyMISP method)
11disable_noticelist() (pymispPyMISP method)
11disable_tag() (pymispPyMISP method) 11disable_taxonomy() (pymispPyMISP method) 11disable_taxonomy_tags() (pymispPyMISP
method) 11disable_warninglist() (pymispPyMISP
method) 11discard_attribute_proposal()
(pymispPyMISP method) 12
Eedited() (pymispAbstractMISP property) 23edited() (pymispMISPAttribute property) 26edited() (pymispMISPEvent property) 24edited() (pymispMISPObject property) 28edited() (pymispMISPObjectAttribute property) 30edited() (pymispMISPObjectReference property) 31edited() (pymispMISPOrganisation property) 34edited() (pymispMISPTag property) 32edited() (pymispMISPUser property) 33edited() (pymisptoolsFileObject property) 37edited() (pymisptoolsVTReportObject property) 39enable_feed() (pymispPyMISP method) 12enable_feed_cache() (pymispPyMISP method)
12enable_noticelist() (pymispPyMISP method)
12enable_tag() (pymispPyMISP method) 12enable_taxonomy() (pymispPyMISP method) 12enable_taxonomy_tags() (pymispPyMISP
method) 12enable_warninglist() (pymispPyMISP method)
12event_blacklists() (pymispPyMISP method) 12event_delegations() (pymispPyMISP method)
12ExpandedPyMISP (in module pymisp) 23
Ffeeds() (pymispPyMISP method) 12fetch_feed() (pymispPyMISP method) 12FileObject (class in pymisptools) 37freetext() (pymispPyMISP method) 12from_dict() (pymispAbstractMISP method) 23from_dict() (pymispMISPAttribute method) 27from_dict() (pymispMISPEvent method) 25from_dict() (pymispMISPObject method) 28from_dict() (pymispMISPObjectAttribute method)
30from_dict() (pymispMISPObjectReference method)
31from_dict() (pymispMISPOrganisation method) 34from_dict() (pymispMISPTag method) 32from_dict() (pymispMISPUser method) 33from_dict() (pymisptoolsFileObject method) 37from_dict() (pymisptoolsVTReportObject method)
39from_json() (pymispAbstractMISP method) 23from_json() (pymispMISPAttribute method) 27from_json() (pymispMISPEvent method) 25from_json() (pymispMISPObject method) 28from_json() (pymispMISPObjectAttribute method)
30
46 Index
PyMISP Documentation Release main
from_json() (pymispMISPObjectReference method)31
from_json() (pymispMISPOrganisation method) 34from_json() (pymispMISPTag method) 32from_json() (pymispMISPUser method) 33from_json() (pymisptoolsFileObject method) 37from_json() (pymisptoolsVTReportObject method)
39
Ggalaxies() (pymispPyMISP method) 12generate_attributes() (pymisptoolsFileObject
method) 37generate_attributes()
(pymisptoolsVTReportObject method)39
get() (pymispMISPAttribute method) 27get() (pymispMISPEvent method) 25get() (pymispMISPObject method) 28get() (pymispMISPObjectAttribute method) 30get() (pymispMISPObjectReference method) 31get() (pymispMISPOrganisation method) 34get() (pymispMISPTag method) 32get() (pymispMISPUser method) 33get() (pymisptoolsFileObject method) 37get() (pymisptoolsVTReportObject method) 39get_all_functions() (pymispPyMISP method)
13get_attribute() (pymispPyMISP method) 13get_attribute_tag() (pymispMISPEvent
method) 25get_attributes_by_relation()
(pymispMISPObject method) 28get_attributes_by_relation()
(pymisptoolsFileObject method) 37get_attributes_by_relation()
(pymisptoolsVTReportObject method)39
get_community() (pymispPyMISP method) 13get_event() (pymispPyMISP method) 13get_feed() (pymispPyMISP method) 13get_galaxy() (pymispPyMISP method) 13get_noticelist() (pymispPyMISP method) 13get_object() (pymispPyMISP method) 13get_object_by_id() (pymispMISPEvent method)
25get_object_by_uuid() (pymispMISPEvent
method) 25get_object_template() (pymispPyMISP
method) 13get_objects_by_name() (pymispMISPEvent
method) 25get_organisation() (pymispPyMISP method) 13get_sync_config() (pymispPyMISP method) 13
get_tag() (pymispPyMISP method) 13get_taxonomy() (pymispPyMISP method) 13get_user() (pymispPyMISP method) 13get_user_setting() (pymispPyMISP method) 14get_warninglist() (pymispPyMISP method) 14
Hhas_attributes_by_relation()
(pymispMISPObject method) 28has_attributes_by_relation()
(pymisptoolsFileObject method) 37has_attributes_by_relation()
(pymisptoolsVTReportObject method)39
hash_values() (pymispMISPAttribute method) 27hash_values() (pymispMISPObjectAttribute
method) 30
Iimport_server() (pymispPyMISP method) 14items() (pymispMISPAttribute method) 27items() (pymispMISPEvent method) 25items() (pymispMISPObject method) 29items() (pymispMISPObjectAttribute method) 30items() (pymispMISPObjectReference method) 31items() (pymispMISPOrganisation method) 34items() (pymispMISPTag method) 32items() (pymispMISPUser method) 33items() (pymisptoolsFileObject method) 38items() (pymisptoolsVTReportObject method) 39
Jjsonable() (pymispAbstractMISP method) 23jsonable() (pymispMISPAttribute method) 27jsonable() (pymispMISPEvent method) 25jsonable() (pymispMISPObject method) 29jsonable() (pymispMISPObjectAttribute method)
30jsonable() (pymispMISPObjectReference method)
31jsonable() (pymispMISPOrganisation method) 34jsonable() (pymispMISPTag method) 32jsonable() (pymispMISPUser method) 33jsonable() (pymisptoolsFileObject method) 38jsonable() (pymisptoolsVTReportObject method)
39
Kkeys() (pymispMISPAttribute method) 27keys() (pymispMISPEvent method) 25keys() (pymispMISPObject method) 29keys() (pymispMISPObjectAttribute method) 30keys() (pymispMISPObjectReference method) 31keys() (pymispMISPOrganisation method) 34
Index 47
PyMISP Documentation Release main
keys() (pymispMISPTag method) 32keys() (pymispMISPUser method) 33keys() (pymisptoolsFileObject method) 38keys() (pymisptoolsVTReportObject method) 39known_types() (pymispMISPAttribute property) 27known_types() (pymispMISPObjectAttribute prop-
erty) 30
Lload() (pymispMISPEvent method) 25load_default_feeds() (pymispPyMISP method)
14load_file() (pymispMISPEvent method) 25load_openioc() (pymisptools method) 40load_openioc_file() (pymisptools method) 40load_stix() (in module pymisptoolsstix) 40
Mmake_stix_package() (in module
pymisptoolsstix) 40malware_binary() (pymispMISPAttribute prop-
erty) 27malware_binary() (pymispMISPObjectAttribute
property) 30misp_instance_version() (pymispPyMISP
property) 14misp_instance_version_master()
(pymispPyMISP property) 14MISPAttribute (class in pymisp) 26MISPEncode (class in pymisp) 24MISPEvent (class in pymisp) 24MISPObject (class in pymisp) 28MISPObjectAttribute (class in pymisp) 29MISPObjectReference (class in pymisp) 31MISPOrganisation (class in pymisp) 34MISPTag (class in pymisp) 32MISPUser (class in pymisp) 33module
pymisp 7pymisptools 37pymisptoolsstix 40
Nnoticelists() (pymispPyMISP method) 14
Oobject_templates() (pymispPyMISP method) 14organisation_blacklists() (pymispPyMISP
method) 14organisations() (pymispPyMISP method) 14
Ppop() (pymispMISPAttribute method) 27
pop() (pymispMISPEvent method) 25pop() (pymispMISPObject method) 29pop() (pymispMISPObjectAttribute method) 30pop() (pymispMISPObjectReference method) 31pop() (pymispMISPOrganisation method) 34pop() (pymispMISPTag method) 32pop() (pymispMISPUser method) 33pop() (pymisptoolsFileObject method) 38pop() (pymisptoolsVTReportObject method) 39popitem() (pymispMISPAttribute method) 27popitem() (pymispMISPEvent method) 25popitem() (pymispMISPObject method) 29popitem() (pymispMISPObjectAttribute method) 30popitem() (pymispMISPObjectReference method) 31popitem() (pymispMISPOrganisation method) 34popitem() (pymispMISPTag method) 32popitem() (pymispMISPUser method) 33popitem() (pymisptoolsFileObject method) 38popitem() (pymisptoolsVTReportObject method) 39publish() (pymispMISPEvent method) 25publish() (pymispPyMISP method) 14push_event_to_ZMQ() (pymispPyMISP method)
14pymisp
module 7PyMISP (class in pymisp) 7pymisptools
module 37pymisptoolsstix
module 40pymisp_version_main() (pymispPyMISP prop-
erty) 15
Rrecommended_pymisp_version()
(pymispPyMISP property) 15remote_acl() (pymispPyMISP method) 15remove_org_from_sharing_group()
(pymispPyMISP method) 15remove_server_from_sharing_group()
(pymispPyMISP method) 15roles() (pymispPyMISP method) 15
Ssearch() (pymispPyMISP method) 15search_feeds() (pymispPyMISP method) 17search_index() (pymispPyMISP method) 18search_logs() (pymispPyMISP method) 18search_sightings() (pymispPyMISP method) 19server_pull() (pymispPyMISP method) 20server_push() (pymispPyMISP method) 20servers() (pymispPyMISP method) 20set_date() (pymispMISPEvent method) 25
48 Index
PyMISP Documentation Release main
set_not_jsonable() (pymispAbstractMISPmethod) 23
set_not_jsonable() (pymispMISPAttributemethod) 27
set_not_jsonable() (pymispMISPEvent method)25
set_not_jsonable() (pymispMISPObjectmethod) 29
set_not_jsonable() (pymispMISPObjectAttributemethod) 30
set_not_jsonable()(pymispMISPObjectReference method)31
set_not_jsonable() (pymispMISPOrganisationmethod) 35
set_not_jsonable() (pymispMISPTag method)32
set_not_jsonable() (pymispMISPUser method)33
set_not_jsonable() (pymisptoolsFileObjectmethod) 38
set_not_jsonable()(pymisptoolsVTReportObject method)39
set_user_setting() (pymispPyMISP method) 20setdefault() (pymispMISPAttribute method) 27setdefault() (pymispMISPEvent method) 25setdefault() (pymispMISPObject method) 29setdefault() (pymispMISPObjectAttribute
method) 30setdefault() (pymispMISPObjectReference
method) 31setdefault() (pymispMISPOrganisation method)
35setdefault() (pymispMISPTag method) 33setdefault() (pymispMISPUser method) 34setdefault() (pymisptoolsFileObject method) 38setdefault() (pymisptoolsVTReportObject
method) 40sharing_groups() (pymispPyMISP method) 20sightings() (pymispPyMISP method) 20
Ttag() (pymispPyMISP method) 20tags() (pymispMISPAttribute property) 27tags() (pymispMISPEvent property) 26tags() (pymispMISPObjectAttribute property) 30tags() (pymispPyMISP method) 20tags_statistics() (pymispPyMISP method) 20taxonomies() (pymispPyMISP method) 20to_dict() (pymispAbstractMISP method) 23to_dict() (pymispMISPAttribute method) 27to_dict() (pymispMISPEvent method) 26to_dict() (pymispMISPObject method) 29
to_dict() (pymispMISPObjectAttribute method) 30to_dict() (pymispMISPObjectReference method) 32to_dict() (pymispMISPOrganisation method) 35to_dict() (pymispMISPTag method) 33to_dict() (pymispMISPUser method) 34to_dict() (pymisptoolsFileObject method) 38to_dict() (pymisptoolsVTReportObject method) 40to_feed() (pymispMISPEvent method) 26to_json() (pymispAbstractMISP method) 23to_json() (pymispMISPAttribute method) 27to_json() (pymispMISPEvent method) 26to_json() (pymispMISPObject method) 29to_json() (pymispMISPObjectAttribute method) 31to_json() (pymispMISPObjectReference method) 32to_json() (pymispMISPOrganisation method) 35to_json() (pymispMISPTag method) 33to_json() (pymispMISPUser method) 34to_json() (pymisptoolsFileObject method) 38to_json() (pymisptoolsVTReportObject method) 40toggle_warninglist() (pymispPyMISP method)
20
Uunpublish() (pymispMISPEvent method) 26untag() (pymispPyMISP method) 21update() (pymispMISPAttribute method) 28update() (pymispMISPEvent method) 26update() (pymispMISPObject method) 29update() (pymispMISPObjectAttribute method) 31update() (pymispMISPObjectReference method) 32update() (pymispMISPOrganisation method) 35update() (pymispMISPTag method) 33update() (pymispMISPUser method) 34update() (pymisptoolsFileObject method) 38update() (pymisptoolsVTReportObject method) 40update_attribute() (pymispPyMISP method) 21update_attribute_proposal()
(pymispPyMISP method) 21update_event() (pymispPyMISP method) 21update_event_blacklist() (pymispPyMISP
method) 21update_feed() (pymispPyMISP method) 21update_galaxies() (pymispPyMISP method) 21update_not_jsonable() (pymispAbstractMISP
method) 23update_not_jsonable() (pymispMISPAttribute
method) 28update_not_jsonable() (pymispMISPEvent
method) 26update_not_jsonable() (pymispMISPObject
method) 29update_not_jsonable()
(pymispMISPObjectAttribute method) 31
Index 49
PyMISP Documentation Release main
update_not_jsonable()(pymispMISPObjectReference method)32
update_not_jsonable()(pymispMISPOrganisation method) 35
update_not_jsonable() (pymispMISPTagmethod) 33
update_not_jsonable() (pymispMISPUsermethod) 34
update_not_jsonable() (pymisptoolsFileObjectmethod) 38
update_not_jsonable()(pymisptoolsVTReportObject method)40
update_noticelists() (pymispPyMISP method)21
update_object() (pymispPyMISP method) 21update_object_templates() (pymispPyMISP
method) 21update_organisation() (pymispPyMISP
method) 21update_organisation_blacklist()
(pymispPyMISP method) 21update_server() (pymispPyMISP method) 22update_tag() (pymispPyMISP method) 22update_taxonomies() (pymispPyMISP method)
22update_user() (pymispPyMISP method) 22update_warninglists() (pymispPyMISP
method) 22upload_stix() (pymispPyMISP method) 22user_registrations() (pymispPyMISP method)
22user_settings() (pymispPyMISP method) 22users() (pymispPyMISP method) 22users_statistics() (pymispPyMISP method) 22
Vvalues() (pymispMISPAttribute method) 28values() (pymispMISPEvent method) 26values() (pymispMISPObject method) 29values() (pymispMISPObjectAttribute method) 31values() (pymispMISPObjectReference method) 32values() (pymispMISPOrganisation method) 35values() (pymispMISPTag method) 33values() (pymispMISPUser method) 34values() (pymisptoolsFileObject method) 38values() (pymisptoolsVTReportObject method) 40values_in_warninglist() (pymispPyMISP
method) 22version() (pymispPyMISP property) 22VTReportObject (class in pymisptools) 38
Wwarninglists() (pymispPyMISP method) 22
50 Index
- README
- pymisp
- PyMISP
- PyMISPExpanded (Python 36+ only)
- MISPAbstract
- MISPEncode
- MISPEvent
- MISPAttribute
- MISPObject
- MISPObjectAttribute
- MISPObjectReference
- MISPTag
- MISPUser
- MISPOrganisation
- pymisp - Tools
- File Object
- ELF Object
- PE Object
- Mach-O Object
- VT Report Object
- STIX
- OpenIOC
- Indices and tables
- Python Module Index
- Index
PyMISP Documentation Release main
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
211 MISPUser
class pymispMISPUser(kwargs)
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
211 MISPUser 33
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation
class pymispMISPOrganisation
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
34 Chapter 2 pymisp
PyMISP Documentation Release main
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation 35
PyMISP Documentation Release main
36 Chapter 2 pymisp
CHAPTER
THREE
PYMISP - TOOLS
31 File Object
class pymisptoolsFileObject(filepath=None pseudofile=None filename=None kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Contains the logic where all the values of the object are gathered
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
37
PyMISP Documentation Release main
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
32 ELF Object
33 PE Object
34 Mach-O Object
35 VT Report Object
class pymisptoolsVTReportObject(apikey indicator vt_proxies=None kwargs)VirusTotal Report
Apikey VirusTotal API key (private works but only public features are supported right now)
38 Chapter 3 pymisp - Tools
PyMISP Documentation Release main
Indicator IOC to search VirusTotal for
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Parse the VirusTotal report for relevant attributes
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
35 VT Report Object 39
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
36 STIX
pymisptoolsstixload_stix(stix distribution=3 threat_level_id=2 analysis=0)Returns a MISPEvent object from a STIX package
pymisptoolsstixmake_stix_package(misp_event to_json=False to_xml=False)Returns a STIXPackage from a MISPEvent
Optionally can return the package in json or xml
37 OpenIOC
toolsload_openioc()
toolsload_openioc_file()
40 Chapter 3 pymisp - Tools
CHAPTER
FOUR
INDICES AND TABLES
bull genindex
bull modindex
bull search
41
PyMISP Documentation Release main
42 Chapter 4 Indices and tables
PYTHON MODULE INDEX
ppymisp 7pymisptools 37pymisptoolsstix 40
43
PyMISP Documentation Release main
44 Python Module Index
INDEX
AAbstractMISP (class in pymisp) 23accept_attribute_proposal()
(pymispPyMISP method) 7add_attribute() (pymispMISPEvent method) 24add_attribute() (pymispMISPObject method) 28add_attribute() (pymispPyMISP method) 7add_attribute() (pymisptoolsFileObject method)
37add_attribute() (pymisptoolsVTReportObject
method) 39add_attribute_proposal() (pymispPyMISP
method) 7add_attribute_tag() (pymispMISPEvent
method) 24add_attributes() (pymispMISPObject method)
28add_attributes() (pymisptoolsFileObject
method) 37add_attributes() (pymisptoolsVTReportObject
method) 39add_event() (pymispPyMISP method) 7add_event_blacklist() (pymispPyMISP
method) 8add_feed() (pymispPyMISP method) 8add_object() (pymispMISPEvent method) 24add_object() (pymispPyMISP method) 8add_object_reference() (pymispPyMISP
method) 8add_org_to_sharing_group() (pymispPyMISP
method) 8add_organisation() (pymispPyMISP method) 8add_organisation_blacklist()
(pymispPyMISP method) 8add_proposal() (pymispMISPAttribute method) 26add_proposal() (pymispMISPEvent method) 24add_proposal() (pymispMISPObjectAttribute
method) 29add_reference() (pymispMISPObject method) 28add_reference() (pymisptoolsFileObject method)
37add_reference() (pymisptoolsVTReportObject
method) 39add_server() (pymispPyMISP method) 8add_server_to_sharing_group()
(pymispPyMISP method) 8add_shadow_attribute() (pymispMISPAttribute
method) 26add_shadow_attribute() (pymispMISPEvent
method) 24add_shadow_attribute()
(pymispMISPObjectAttribute method) 29add_sharing_group() (pymispPyMISP method) 8add_sighting() (pymispMISPAttribute method) 26add_sighting() (pymispMISPObjectAttribute
method) 29add_sighting() (pymispPyMISP method) 8add_tag() (pymispPyMISP method) 8add_user() (pymispPyMISP method) 9attributes_statistics() (pymispPyMISP
method) 9
Bbuild_complex_query() (pymispPyMISP
method) 9
Ccache_all_feeds() (pymispPyMISP method) 9cache_feed() (pymispPyMISP method) 9cache_freetext_feeds() (pymispPyMISP
method) 9cache_misp_feeds() (pymispPyMISP method) 9change_sharing_group_on_entity()
(pymispPyMISP method) 9change_user_password() (pymispPyMISP
method) 9clear() (pymispMISPAttribute method) 26clear() (pymispMISPEvent method) 24clear() (pymispMISPObject method) 28clear() (pymispMISPObjectAttribute method) 29clear() (pymispMISPObjectReference method) 31clear() (pymispMISPOrganisation method) 34clear() (pymispMISPTag method) 32clear() (pymispMISPUser method) 33
45
PyMISP Documentation Release main
clear() (pymisptoolsFileObject method) 37clear() (pymisptoolsVTReportObject method) 39communities() (pymispPyMISP method) 9compare_feeds() (pymispPyMISP method) 9contact_event_reporter() (pymispPyMISP
method) 9
Ddefault() (pymispMISPEncode method) 24delegate_event() (pymispPyMISP method) 10delete() (pymispMISPAttribute method) 26delete() (pymispMISPObjectAttribute method) 30delete_attribute() (pymispMISPEvent method)
24delete_attribute() (pymispPyMISP method) 10delete_attribute_proposal()
(pymispPyMISP method) 10delete_event() (pymispPyMISP method) 10delete_event_blacklist() (pymispPyMISP
method) 10delete_feed() (pymispPyMISP method) 10delete_object() (pymispPyMISP method) 10delete_object_reference() (pymispPyMISP
method) 10delete_organisation() (pymispPyMISP
method) 10delete_organisation_blacklist()
(pymispPyMISP method) 10delete_server() (pymispPyMISP method) 10delete_sharing_group() (pymispPyMISP
method) 10delete_sighting() (pymispPyMISP method) 10delete_tag() (pymispPyMISP method) 11delete_user() (pymispPyMISP method) 11delete_user_setting() (pymispPyMISP
method) 11describe_types_local() (pymispPyMISP prop-
erty) 11describe_types_remote() (pymispPyMISP
property) 11direct_call() (pymispPyMISP method) 11disable_feed() (pymispPyMISP method) 11disable_feed_cache() (pymispPyMISP method)
11disable_noticelist() (pymispPyMISP method)
11disable_tag() (pymispPyMISP method) 11disable_taxonomy() (pymispPyMISP method) 11disable_taxonomy_tags() (pymispPyMISP
method) 11disable_warninglist() (pymispPyMISP
method) 11discard_attribute_proposal()
(pymispPyMISP method) 12
Eedited() (pymispAbstractMISP property) 23edited() (pymispMISPAttribute property) 26edited() (pymispMISPEvent property) 24edited() (pymispMISPObject property) 28edited() (pymispMISPObjectAttribute property) 30edited() (pymispMISPObjectReference property) 31edited() (pymispMISPOrganisation property) 34edited() (pymispMISPTag property) 32edited() (pymispMISPUser property) 33edited() (pymisptoolsFileObject property) 37edited() (pymisptoolsVTReportObject property) 39enable_feed() (pymispPyMISP method) 12enable_feed_cache() (pymispPyMISP method)
12enable_noticelist() (pymispPyMISP method)
12enable_tag() (pymispPyMISP method) 12enable_taxonomy() (pymispPyMISP method) 12enable_taxonomy_tags() (pymispPyMISP
method) 12enable_warninglist() (pymispPyMISP method)
12event_blacklists() (pymispPyMISP method) 12event_delegations() (pymispPyMISP method)
12ExpandedPyMISP (in module pymisp) 23
Ffeeds() (pymispPyMISP method) 12fetch_feed() (pymispPyMISP method) 12FileObject (class in pymisptools) 37freetext() (pymispPyMISP method) 12from_dict() (pymispAbstractMISP method) 23from_dict() (pymispMISPAttribute method) 27from_dict() (pymispMISPEvent method) 25from_dict() (pymispMISPObject method) 28from_dict() (pymispMISPObjectAttribute method)
30from_dict() (pymispMISPObjectReference method)
31from_dict() (pymispMISPOrganisation method) 34from_dict() (pymispMISPTag method) 32from_dict() (pymispMISPUser method) 33from_dict() (pymisptoolsFileObject method) 37from_dict() (pymisptoolsVTReportObject method)
39from_json() (pymispAbstractMISP method) 23from_json() (pymispMISPAttribute method) 27from_json() (pymispMISPEvent method) 25from_json() (pymispMISPObject method) 28from_json() (pymispMISPObjectAttribute method)
30
46 Index
PyMISP Documentation Release main
from_json() (pymispMISPObjectReference method)31
from_json() (pymispMISPOrganisation method) 34from_json() (pymispMISPTag method) 32from_json() (pymispMISPUser method) 33from_json() (pymisptoolsFileObject method) 37from_json() (pymisptoolsVTReportObject method)
39
Ggalaxies() (pymispPyMISP method) 12generate_attributes() (pymisptoolsFileObject
method) 37generate_attributes()
(pymisptoolsVTReportObject method)39
get() (pymispMISPAttribute method) 27get() (pymispMISPEvent method) 25get() (pymispMISPObject method) 28get() (pymispMISPObjectAttribute method) 30get() (pymispMISPObjectReference method) 31get() (pymispMISPOrganisation method) 34get() (pymispMISPTag method) 32get() (pymispMISPUser method) 33get() (pymisptoolsFileObject method) 37get() (pymisptoolsVTReportObject method) 39get_all_functions() (pymispPyMISP method)
13get_attribute() (pymispPyMISP method) 13get_attribute_tag() (pymispMISPEvent
method) 25get_attributes_by_relation()
(pymispMISPObject method) 28get_attributes_by_relation()
(pymisptoolsFileObject method) 37get_attributes_by_relation()
(pymisptoolsVTReportObject method)39
get_community() (pymispPyMISP method) 13get_event() (pymispPyMISP method) 13get_feed() (pymispPyMISP method) 13get_galaxy() (pymispPyMISP method) 13get_noticelist() (pymispPyMISP method) 13get_object() (pymispPyMISP method) 13get_object_by_id() (pymispMISPEvent method)
25get_object_by_uuid() (pymispMISPEvent
method) 25get_object_template() (pymispPyMISP
method) 13get_objects_by_name() (pymispMISPEvent
method) 25get_organisation() (pymispPyMISP method) 13get_sync_config() (pymispPyMISP method) 13
get_tag() (pymispPyMISP method) 13get_taxonomy() (pymispPyMISP method) 13get_user() (pymispPyMISP method) 13get_user_setting() (pymispPyMISP method) 14get_warninglist() (pymispPyMISP method) 14
Hhas_attributes_by_relation()
(pymispMISPObject method) 28has_attributes_by_relation()
(pymisptoolsFileObject method) 37has_attributes_by_relation()
(pymisptoolsVTReportObject method)39
hash_values() (pymispMISPAttribute method) 27hash_values() (pymispMISPObjectAttribute
method) 30
Iimport_server() (pymispPyMISP method) 14items() (pymispMISPAttribute method) 27items() (pymispMISPEvent method) 25items() (pymispMISPObject method) 29items() (pymispMISPObjectAttribute method) 30items() (pymispMISPObjectReference method) 31items() (pymispMISPOrganisation method) 34items() (pymispMISPTag method) 32items() (pymispMISPUser method) 33items() (pymisptoolsFileObject method) 38items() (pymisptoolsVTReportObject method) 39
Jjsonable() (pymispAbstractMISP method) 23jsonable() (pymispMISPAttribute method) 27jsonable() (pymispMISPEvent method) 25jsonable() (pymispMISPObject method) 29jsonable() (pymispMISPObjectAttribute method)
30jsonable() (pymispMISPObjectReference method)
31jsonable() (pymispMISPOrganisation method) 34jsonable() (pymispMISPTag method) 32jsonable() (pymispMISPUser method) 33jsonable() (pymisptoolsFileObject method) 38jsonable() (pymisptoolsVTReportObject method)
39
Kkeys() (pymispMISPAttribute method) 27keys() (pymispMISPEvent method) 25keys() (pymispMISPObject method) 29keys() (pymispMISPObjectAttribute method) 30keys() (pymispMISPObjectReference method) 31keys() (pymispMISPOrganisation method) 34
Index 47
PyMISP Documentation Release main
keys() (pymispMISPTag method) 32keys() (pymispMISPUser method) 33keys() (pymisptoolsFileObject method) 38keys() (pymisptoolsVTReportObject method) 39known_types() (pymispMISPAttribute property) 27known_types() (pymispMISPObjectAttribute prop-
erty) 30
Lload() (pymispMISPEvent method) 25load_default_feeds() (pymispPyMISP method)
14load_file() (pymispMISPEvent method) 25load_openioc() (pymisptools method) 40load_openioc_file() (pymisptools method) 40load_stix() (in module pymisptoolsstix) 40
Mmake_stix_package() (in module
pymisptoolsstix) 40malware_binary() (pymispMISPAttribute prop-
erty) 27malware_binary() (pymispMISPObjectAttribute
property) 30misp_instance_version() (pymispPyMISP
property) 14misp_instance_version_master()
(pymispPyMISP property) 14MISPAttribute (class in pymisp) 26MISPEncode (class in pymisp) 24MISPEvent (class in pymisp) 24MISPObject (class in pymisp) 28MISPObjectAttribute (class in pymisp) 29MISPObjectReference (class in pymisp) 31MISPOrganisation (class in pymisp) 34MISPTag (class in pymisp) 32MISPUser (class in pymisp) 33module
pymisp 7pymisptools 37pymisptoolsstix 40
Nnoticelists() (pymispPyMISP method) 14
Oobject_templates() (pymispPyMISP method) 14organisation_blacklists() (pymispPyMISP
method) 14organisations() (pymispPyMISP method) 14
Ppop() (pymispMISPAttribute method) 27
pop() (pymispMISPEvent method) 25pop() (pymispMISPObject method) 29pop() (pymispMISPObjectAttribute method) 30pop() (pymispMISPObjectReference method) 31pop() (pymispMISPOrganisation method) 34pop() (pymispMISPTag method) 32pop() (pymispMISPUser method) 33pop() (pymisptoolsFileObject method) 38pop() (pymisptoolsVTReportObject method) 39popitem() (pymispMISPAttribute method) 27popitem() (pymispMISPEvent method) 25popitem() (pymispMISPObject method) 29popitem() (pymispMISPObjectAttribute method) 30popitem() (pymispMISPObjectReference method) 31popitem() (pymispMISPOrganisation method) 34popitem() (pymispMISPTag method) 32popitem() (pymispMISPUser method) 33popitem() (pymisptoolsFileObject method) 38popitem() (pymisptoolsVTReportObject method) 39publish() (pymispMISPEvent method) 25publish() (pymispPyMISP method) 14push_event_to_ZMQ() (pymispPyMISP method)
14pymisp
module 7PyMISP (class in pymisp) 7pymisptools
module 37pymisptoolsstix
module 40pymisp_version_main() (pymispPyMISP prop-
erty) 15
Rrecommended_pymisp_version()
(pymispPyMISP property) 15remote_acl() (pymispPyMISP method) 15remove_org_from_sharing_group()
(pymispPyMISP method) 15remove_server_from_sharing_group()
(pymispPyMISP method) 15roles() (pymispPyMISP method) 15
Ssearch() (pymispPyMISP method) 15search_feeds() (pymispPyMISP method) 17search_index() (pymispPyMISP method) 18search_logs() (pymispPyMISP method) 18search_sightings() (pymispPyMISP method) 19server_pull() (pymispPyMISP method) 20server_push() (pymispPyMISP method) 20servers() (pymispPyMISP method) 20set_date() (pymispMISPEvent method) 25
48 Index
PyMISP Documentation Release main
set_not_jsonable() (pymispAbstractMISPmethod) 23
set_not_jsonable() (pymispMISPAttributemethod) 27
set_not_jsonable() (pymispMISPEvent method)25
set_not_jsonable() (pymispMISPObjectmethod) 29
set_not_jsonable() (pymispMISPObjectAttributemethod) 30
set_not_jsonable()(pymispMISPObjectReference method)31
set_not_jsonable() (pymispMISPOrganisationmethod) 35
set_not_jsonable() (pymispMISPTag method)32
set_not_jsonable() (pymispMISPUser method)33
set_not_jsonable() (pymisptoolsFileObjectmethod) 38
set_not_jsonable()(pymisptoolsVTReportObject method)39
set_user_setting() (pymispPyMISP method) 20setdefault() (pymispMISPAttribute method) 27setdefault() (pymispMISPEvent method) 25setdefault() (pymispMISPObject method) 29setdefault() (pymispMISPObjectAttribute
method) 30setdefault() (pymispMISPObjectReference
method) 31setdefault() (pymispMISPOrganisation method)
35setdefault() (pymispMISPTag method) 33setdefault() (pymispMISPUser method) 34setdefault() (pymisptoolsFileObject method) 38setdefault() (pymisptoolsVTReportObject
method) 40sharing_groups() (pymispPyMISP method) 20sightings() (pymispPyMISP method) 20
Ttag() (pymispPyMISP method) 20tags() (pymispMISPAttribute property) 27tags() (pymispMISPEvent property) 26tags() (pymispMISPObjectAttribute property) 30tags() (pymispPyMISP method) 20tags_statistics() (pymispPyMISP method) 20taxonomies() (pymispPyMISP method) 20to_dict() (pymispAbstractMISP method) 23to_dict() (pymispMISPAttribute method) 27to_dict() (pymispMISPEvent method) 26to_dict() (pymispMISPObject method) 29
to_dict() (pymispMISPObjectAttribute method) 30to_dict() (pymispMISPObjectReference method) 32to_dict() (pymispMISPOrganisation method) 35to_dict() (pymispMISPTag method) 33to_dict() (pymispMISPUser method) 34to_dict() (pymisptoolsFileObject method) 38to_dict() (pymisptoolsVTReportObject method) 40to_feed() (pymispMISPEvent method) 26to_json() (pymispAbstractMISP method) 23to_json() (pymispMISPAttribute method) 27to_json() (pymispMISPEvent method) 26to_json() (pymispMISPObject method) 29to_json() (pymispMISPObjectAttribute method) 31to_json() (pymispMISPObjectReference method) 32to_json() (pymispMISPOrganisation method) 35to_json() (pymispMISPTag method) 33to_json() (pymispMISPUser method) 34to_json() (pymisptoolsFileObject method) 38to_json() (pymisptoolsVTReportObject method) 40toggle_warninglist() (pymispPyMISP method)
20
Uunpublish() (pymispMISPEvent method) 26untag() (pymispPyMISP method) 21update() (pymispMISPAttribute method) 28update() (pymispMISPEvent method) 26update() (pymispMISPObject method) 29update() (pymispMISPObjectAttribute method) 31update() (pymispMISPObjectReference method) 32update() (pymispMISPOrganisation method) 35update() (pymispMISPTag method) 33update() (pymispMISPUser method) 34update() (pymisptoolsFileObject method) 38update() (pymisptoolsVTReportObject method) 40update_attribute() (pymispPyMISP method) 21update_attribute_proposal()
(pymispPyMISP method) 21update_event() (pymispPyMISP method) 21update_event_blacklist() (pymispPyMISP
method) 21update_feed() (pymispPyMISP method) 21update_galaxies() (pymispPyMISP method) 21update_not_jsonable() (pymispAbstractMISP
method) 23update_not_jsonable() (pymispMISPAttribute
method) 28update_not_jsonable() (pymispMISPEvent
method) 26update_not_jsonable() (pymispMISPObject
method) 29update_not_jsonable()
(pymispMISPObjectAttribute method) 31
Index 49
PyMISP Documentation Release main
update_not_jsonable()(pymispMISPObjectReference method)32
update_not_jsonable()(pymispMISPOrganisation method) 35
update_not_jsonable() (pymispMISPTagmethod) 33
update_not_jsonable() (pymispMISPUsermethod) 34
update_not_jsonable() (pymisptoolsFileObjectmethod) 38
update_not_jsonable()(pymisptoolsVTReportObject method)40
update_noticelists() (pymispPyMISP method)21
update_object() (pymispPyMISP method) 21update_object_templates() (pymispPyMISP
method) 21update_organisation() (pymispPyMISP
method) 21update_organisation_blacklist()
(pymispPyMISP method) 21update_server() (pymispPyMISP method) 22update_tag() (pymispPyMISP method) 22update_taxonomies() (pymispPyMISP method)
22update_user() (pymispPyMISP method) 22update_warninglists() (pymispPyMISP
method) 22upload_stix() (pymispPyMISP method) 22user_registrations() (pymispPyMISP method)
22user_settings() (pymispPyMISP method) 22users() (pymispPyMISP method) 22users_statistics() (pymispPyMISP method) 22
Vvalues() (pymispMISPAttribute method) 28values() (pymispMISPEvent method) 26values() (pymispMISPObject method) 29values() (pymispMISPObjectAttribute method) 31values() (pymispMISPObjectReference method) 32values() (pymispMISPOrganisation method) 35values() (pymispMISPTag method) 33values() (pymispMISPUser method) 34values() (pymisptoolsFileObject method) 38values() (pymisptoolsVTReportObject method) 40values_in_warninglist() (pymispPyMISP
method) 22version() (pymispPyMISP property) 22VTReportObject (class in pymisptools) 38
Wwarninglists() (pymispPyMISP method) 22
50 Index
- README
- pymisp
- PyMISP
- PyMISPExpanded (Python 36+ only)
- MISPAbstract
- MISPEncode
- MISPEvent
- MISPAttribute
- MISPObject
- MISPObjectAttribute
- MISPObjectReference
- MISPTag
- MISPUser
- MISPOrganisation
- pymisp - Tools
- File Object
- ELF Object
- PE Object
- Mach-O Object
- VT Report Object
- STIX
- OpenIOC
- Indices and tables
- Python Module Index
- Index
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation
class pymispMISPOrganisation
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
get(k[ d ])rarr D[k] if k in D else d d defaults to None
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
34 Chapter 2 pymisp
PyMISP Documentation Release main
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation 35
PyMISP Documentation Release main
36 Chapter 2 pymisp
CHAPTER
THREE
PYMISP - TOOLS
31 File Object
class pymisptoolsFileObject(filepath=None pseudofile=None filename=None kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Contains the logic where all the values of the object are gathered
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
37
PyMISP Documentation Release main
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
32 ELF Object
33 PE Object
34 Mach-O Object
35 VT Report Object
class pymisptoolsVTReportObject(apikey indicator vt_proxies=None kwargs)VirusTotal Report
Apikey VirusTotal API key (private works but only public features are supported right now)
38 Chapter 3 pymisp - Tools
PyMISP Documentation Release main
Indicator IOC to search VirusTotal for
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Parse the VirusTotal report for relevant attributes
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
35 VT Report Object 39
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
36 STIX
pymisptoolsstixload_stix(stix distribution=3 threat_level_id=2 analysis=0)Returns a MISPEvent object from a STIX package
pymisptoolsstixmake_stix_package(misp_event to_json=False to_xml=False)Returns a STIXPackage from a MISPEvent
Optionally can return the package in json or xml
37 OpenIOC
toolsload_openioc()
toolsload_openioc_file()
40 Chapter 3 pymisp - Tools
CHAPTER
FOUR
INDICES AND TABLES
bull genindex
bull modindex
bull search
41
PyMISP Documentation Release main
42 Chapter 4 Indices and tables
PYTHON MODULE INDEX
ppymisp 7pymisptools 37pymisptoolsstix 40
43
PyMISP Documentation Release main
44 Python Module Index
INDEX
AAbstractMISP (class in pymisp) 23accept_attribute_proposal()
(pymispPyMISP method) 7add_attribute() (pymispMISPEvent method) 24add_attribute() (pymispMISPObject method) 28add_attribute() (pymispPyMISP method) 7add_attribute() (pymisptoolsFileObject method)
37add_attribute() (pymisptoolsVTReportObject
method) 39add_attribute_proposal() (pymispPyMISP
method) 7add_attribute_tag() (pymispMISPEvent
method) 24add_attributes() (pymispMISPObject method)
28add_attributes() (pymisptoolsFileObject
method) 37add_attributes() (pymisptoolsVTReportObject
method) 39add_event() (pymispPyMISP method) 7add_event_blacklist() (pymispPyMISP
method) 8add_feed() (pymispPyMISP method) 8add_object() (pymispMISPEvent method) 24add_object() (pymispPyMISP method) 8add_object_reference() (pymispPyMISP
method) 8add_org_to_sharing_group() (pymispPyMISP
method) 8add_organisation() (pymispPyMISP method) 8add_organisation_blacklist()
(pymispPyMISP method) 8add_proposal() (pymispMISPAttribute method) 26add_proposal() (pymispMISPEvent method) 24add_proposal() (pymispMISPObjectAttribute
method) 29add_reference() (pymispMISPObject method) 28add_reference() (pymisptoolsFileObject method)
37add_reference() (pymisptoolsVTReportObject
method) 39add_server() (pymispPyMISP method) 8add_server_to_sharing_group()
(pymispPyMISP method) 8add_shadow_attribute() (pymispMISPAttribute
method) 26add_shadow_attribute() (pymispMISPEvent
method) 24add_shadow_attribute()
(pymispMISPObjectAttribute method) 29add_sharing_group() (pymispPyMISP method) 8add_sighting() (pymispMISPAttribute method) 26add_sighting() (pymispMISPObjectAttribute
method) 29add_sighting() (pymispPyMISP method) 8add_tag() (pymispPyMISP method) 8add_user() (pymispPyMISP method) 9attributes_statistics() (pymispPyMISP
method) 9
Bbuild_complex_query() (pymispPyMISP
method) 9
Ccache_all_feeds() (pymispPyMISP method) 9cache_feed() (pymispPyMISP method) 9cache_freetext_feeds() (pymispPyMISP
method) 9cache_misp_feeds() (pymispPyMISP method) 9change_sharing_group_on_entity()
(pymispPyMISP method) 9change_user_password() (pymispPyMISP
method) 9clear() (pymispMISPAttribute method) 26clear() (pymispMISPEvent method) 24clear() (pymispMISPObject method) 28clear() (pymispMISPObjectAttribute method) 29clear() (pymispMISPObjectReference method) 31clear() (pymispMISPOrganisation method) 34clear() (pymispMISPTag method) 32clear() (pymispMISPUser method) 33
45
PyMISP Documentation Release main
clear() (pymisptoolsFileObject method) 37clear() (pymisptoolsVTReportObject method) 39communities() (pymispPyMISP method) 9compare_feeds() (pymispPyMISP method) 9contact_event_reporter() (pymispPyMISP
method) 9
Ddefault() (pymispMISPEncode method) 24delegate_event() (pymispPyMISP method) 10delete() (pymispMISPAttribute method) 26delete() (pymispMISPObjectAttribute method) 30delete_attribute() (pymispMISPEvent method)
24delete_attribute() (pymispPyMISP method) 10delete_attribute_proposal()
(pymispPyMISP method) 10delete_event() (pymispPyMISP method) 10delete_event_blacklist() (pymispPyMISP
method) 10delete_feed() (pymispPyMISP method) 10delete_object() (pymispPyMISP method) 10delete_object_reference() (pymispPyMISP
method) 10delete_organisation() (pymispPyMISP
method) 10delete_organisation_blacklist()
(pymispPyMISP method) 10delete_server() (pymispPyMISP method) 10delete_sharing_group() (pymispPyMISP
method) 10delete_sighting() (pymispPyMISP method) 10delete_tag() (pymispPyMISP method) 11delete_user() (pymispPyMISP method) 11delete_user_setting() (pymispPyMISP
method) 11describe_types_local() (pymispPyMISP prop-
erty) 11describe_types_remote() (pymispPyMISP
property) 11direct_call() (pymispPyMISP method) 11disable_feed() (pymispPyMISP method) 11disable_feed_cache() (pymispPyMISP method)
11disable_noticelist() (pymispPyMISP method)
11disable_tag() (pymispPyMISP method) 11disable_taxonomy() (pymispPyMISP method) 11disable_taxonomy_tags() (pymispPyMISP
method) 11disable_warninglist() (pymispPyMISP
method) 11discard_attribute_proposal()
(pymispPyMISP method) 12
Eedited() (pymispAbstractMISP property) 23edited() (pymispMISPAttribute property) 26edited() (pymispMISPEvent property) 24edited() (pymispMISPObject property) 28edited() (pymispMISPObjectAttribute property) 30edited() (pymispMISPObjectReference property) 31edited() (pymispMISPOrganisation property) 34edited() (pymispMISPTag property) 32edited() (pymispMISPUser property) 33edited() (pymisptoolsFileObject property) 37edited() (pymisptoolsVTReportObject property) 39enable_feed() (pymispPyMISP method) 12enable_feed_cache() (pymispPyMISP method)
12enable_noticelist() (pymispPyMISP method)
12enable_tag() (pymispPyMISP method) 12enable_taxonomy() (pymispPyMISP method) 12enable_taxonomy_tags() (pymispPyMISP
method) 12enable_warninglist() (pymispPyMISP method)
12event_blacklists() (pymispPyMISP method) 12event_delegations() (pymispPyMISP method)
12ExpandedPyMISP (in module pymisp) 23
Ffeeds() (pymispPyMISP method) 12fetch_feed() (pymispPyMISP method) 12FileObject (class in pymisptools) 37freetext() (pymispPyMISP method) 12from_dict() (pymispAbstractMISP method) 23from_dict() (pymispMISPAttribute method) 27from_dict() (pymispMISPEvent method) 25from_dict() (pymispMISPObject method) 28from_dict() (pymispMISPObjectAttribute method)
30from_dict() (pymispMISPObjectReference method)
31from_dict() (pymispMISPOrganisation method) 34from_dict() (pymispMISPTag method) 32from_dict() (pymispMISPUser method) 33from_dict() (pymisptoolsFileObject method) 37from_dict() (pymisptoolsVTReportObject method)
39from_json() (pymispAbstractMISP method) 23from_json() (pymispMISPAttribute method) 27from_json() (pymispMISPEvent method) 25from_json() (pymispMISPObject method) 28from_json() (pymispMISPObjectAttribute method)
30
46 Index
PyMISP Documentation Release main
from_json() (pymispMISPObjectReference method)31
from_json() (pymispMISPOrganisation method) 34from_json() (pymispMISPTag method) 32from_json() (pymispMISPUser method) 33from_json() (pymisptoolsFileObject method) 37from_json() (pymisptoolsVTReportObject method)
39
Ggalaxies() (pymispPyMISP method) 12generate_attributes() (pymisptoolsFileObject
method) 37generate_attributes()
(pymisptoolsVTReportObject method)39
get() (pymispMISPAttribute method) 27get() (pymispMISPEvent method) 25get() (pymispMISPObject method) 28get() (pymispMISPObjectAttribute method) 30get() (pymispMISPObjectReference method) 31get() (pymispMISPOrganisation method) 34get() (pymispMISPTag method) 32get() (pymispMISPUser method) 33get() (pymisptoolsFileObject method) 37get() (pymisptoolsVTReportObject method) 39get_all_functions() (pymispPyMISP method)
13get_attribute() (pymispPyMISP method) 13get_attribute_tag() (pymispMISPEvent
method) 25get_attributes_by_relation()
(pymispMISPObject method) 28get_attributes_by_relation()
(pymisptoolsFileObject method) 37get_attributes_by_relation()
(pymisptoolsVTReportObject method)39
get_community() (pymispPyMISP method) 13get_event() (pymispPyMISP method) 13get_feed() (pymispPyMISP method) 13get_galaxy() (pymispPyMISP method) 13get_noticelist() (pymispPyMISP method) 13get_object() (pymispPyMISP method) 13get_object_by_id() (pymispMISPEvent method)
25get_object_by_uuid() (pymispMISPEvent
method) 25get_object_template() (pymispPyMISP
method) 13get_objects_by_name() (pymispMISPEvent
method) 25get_organisation() (pymispPyMISP method) 13get_sync_config() (pymispPyMISP method) 13
get_tag() (pymispPyMISP method) 13get_taxonomy() (pymispPyMISP method) 13get_user() (pymispPyMISP method) 13get_user_setting() (pymispPyMISP method) 14get_warninglist() (pymispPyMISP method) 14
Hhas_attributes_by_relation()
(pymispMISPObject method) 28has_attributes_by_relation()
(pymisptoolsFileObject method) 37has_attributes_by_relation()
(pymisptoolsVTReportObject method)39
hash_values() (pymispMISPAttribute method) 27hash_values() (pymispMISPObjectAttribute
method) 30
Iimport_server() (pymispPyMISP method) 14items() (pymispMISPAttribute method) 27items() (pymispMISPEvent method) 25items() (pymispMISPObject method) 29items() (pymispMISPObjectAttribute method) 30items() (pymispMISPObjectReference method) 31items() (pymispMISPOrganisation method) 34items() (pymispMISPTag method) 32items() (pymispMISPUser method) 33items() (pymisptoolsFileObject method) 38items() (pymisptoolsVTReportObject method) 39
Jjsonable() (pymispAbstractMISP method) 23jsonable() (pymispMISPAttribute method) 27jsonable() (pymispMISPEvent method) 25jsonable() (pymispMISPObject method) 29jsonable() (pymispMISPObjectAttribute method)
30jsonable() (pymispMISPObjectReference method)
31jsonable() (pymispMISPOrganisation method) 34jsonable() (pymispMISPTag method) 32jsonable() (pymispMISPUser method) 33jsonable() (pymisptoolsFileObject method) 38jsonable() (pymisptoolsVTReportObject method)
39
Kkeys() (pymispMISPAttribute method) 27keys() (pymispMISPEvent method) 25keys() (pymispMISPObject method) 29keys() (pymispMISPObjectAttribute method) 30keys() (pymispMISPObjectReference method) 31keys() (pymispMISPOrganisation method) 34
Index 47
PyMISP Documentation Release main
keys() (pymispMISPTag method) 32keys() (pymispMISPUser method) 33keys() (pymisptoolsFileObject method) 38keys() (pymisptoolsVTReportObject method) 39known_types() (pymispMISPAttribute property) 27known_types() (pymispMISPObjectAttribute prop-
erty) 30
Lload() (pymispMISPEvent method) 25load_default_feeds() (pymispPyMISP method)
14load_file() (pymispMISPEvent method) 25load_openioc() (pymisptools method) 40load_openioc_file() (pymisptools method) 40load_stix() (in module pymisptoolsstix) 40
Mmake_stix_package() (in module
pymisptoolsstix) 40malware_binary() (pymispMISPAttribute prop-
erty) 27malware_binary() (pymispMISPObjectAttribute
property) 30misp_instance_version() (pymispPyMISP
property) 14misp_instance_version_master()
(pymispPyMISP property) 14MISPAttribute (class in pymisp) 26MISPEncode (class in pymisp) 24MISPEvent (class in pymisp) 24MISPObject (class in pymisp) 28MISPObjectAttribute (class in pymisp) 29MISPObjectReference (class in pymisp) 31MISPOrganisation (class in pymisp) 34MISPTag (class in pymisp) 32MISPUser (class in pymisp) 33module
pymisp 7pymisptools 37pymisptoolsstix 40
Nnoticelists() (pymispPyMISP method) 14
Oobject_templates() (pymispPyMISP method) 14organisation_blacklists() (pymispPyMISP
method) 14organisations() (pymispPyMISP method) 14
Ppop() (pymispMISPAttribute method) 27
pop() (pymispMISPEvent method) 25pop() (pymispMISPObject method) 29pop() (pymispMISPObjectAttribute method) 30pop() (pymispMISPObjectReference method) 31pop() (pymispMISPOrganisation method) 34pop() (pymispMISPTag method) 32pop() (pymispMISPUser method) 33pop() (pymisptoolsFileObject method) 38pop() (pymisptoolsVTReportObject method) 39popitem() (pymispMISPAttribute method) 27popitem() (pymispMISPEvent method) 25popitem() (pymispMISPObject method) 29popitem() (pymispMISPObjectAttribute method) 30popitem() (pymispMISPObjectReference method) 31popitem() (pymispMISPOrganisation method) 34popitem() (pymispMISPTag method) 32popitem() (pymispMISPUser method) 33popitem() (pymisptoolsFileObject method) 38popitem() (pymisptoolsVTReportObject method) 39publish() (pymispMISPEvent method) 25publish() (pymispPyMISP method) 14push_event_to_ZMQ() (pymispPyMISP method)
14pymisp
module 7PyMISP (class in pymisp) 7pymisptools
module 37pymisptoolsstix
module 40pymisp_version_main() (pymispPyMISP prop-
erty) 15
Rrecommended_pymisp_version()
(pymispPyMISP property) 15remote_acl() (pymispPyMISP method) 15remove_org_from_sharing_group()
(pymispPyMISP method) 15remove_server_from_sharing_group()
(pymispPyMISP method) 15roles() (pymispPyMISP method) 15
Ssearch() (pymispPyMISP method) 15search_feeds() (pymispPyMISP method) 17search_index() (pymispPyMISP method) 18search_logs() (pymispPyMISP method) 18search_sightings() (pymispPyMISP method) 19server_pull() (pymispPyMISP method) 20server_push() (pymispPyMISP method) 20servers() (pymispPyMISP method) 20set_date() (pymispMISPEvent method) 25
48 Index
PyMISP Documentation Release main
set_not_jsonable() (pymispAbstractMISPmethod) 23
set_not_jsonable() (pymispMISPAttributemethod) 27
set_not_jsonable() (pymispMISPEvent method)25
set_not_jsonable() (pymispMISPObjectmethod) 29
set_not_jsonable() (pymispMISPObjectAttributemethod) 30
set_not_jsonable()(pymispMISPObjectReference method)31
set_not_jsonable() (pymispMISPOrganisationmethod) 35
set_not_jsonable() (pymispMISPTag method)32
set_not_jsonable() (pymispMISPUser method)33
set_not_jsonable() (pymisptoolsFileObjectmethod) 38
set_not_jsonable()(pymisptoolsVTReportObject method)39
set_user_setting() (pymispPyMISP method) 20setdefault() (pymispMISPAttribute method) 27setdefault() (pymispMISPEvent method) 25setdefault() (pymispMISPObject method) 29setdefault() (pymispMISPObjectAttribute
method) 30setdefault() (pymispMISPObjectReference
method) 31setdefault() (pymispMISPOrganisation method)
35setdefault() (pymispMISPTag method) 33setdefault() (pymispMISPUser method) 34setdefault() (pymisptoolsFileObject method) 38setdefault() (pymisptoolsVTReportObject
method) 40sharing_groups() (pymispPyMISP method) 20sightings() (pymispPyMISP method) 20
Ttag() (pymispPyMISP method) 20tags() (pymispMISPAttribute property) 27tags() (pymispMISPEvent property) 26tags() (pymispMISPObjectAttribute property) 30tags() (pymispPyMISP method) 20tags_statistics() (pymispPyMISP method) 20taxonomies() (pymispPyMISP method) 20to_dict() (pymispAbstractMISP method) 23to_dict() (pymispMISPAttribute method) 27to_dict() (pymispMISPEvent method) 26to_dict() (pymispMISPObject method) 29
to_dict() (pymispMISPObjectAttribute method) 30to_dict() (pymispMISPObjectReference method) 32to_dict() (pymispMISPOrganisation method) 35to_dict() (pymispMISPTag method) 33to_dict() (pymispMISPUser method) 34to_dict() (pymisptoolsFileObject method) 38to_dict() (pymisptoolsVTReportObject method) 40to_feed() (pymispMISPEvent method) 26to_json() (pymispAbstractMISP method) 23to_json() (pymispMISPAttribute method) 27to_json() (pymispMISPEvent method) 26to_json() (pymispMISPObject method) 29to_json() (pymispMISPObjectAttribute method) 31to_json() (pymispMISPObjectReference method) 32to_json() (pymispMISPOrganisation method) 35to_json() (pymispMISPTag method) 33to_json() (pymispMISPUser method) 34to_json() (pymisptoolsFileObject method) 38to_json() (pymisptoolsVTReportObject method) 40toggle_warninglist() (pymispPyMISP method)
20
Uunpublish() (pymispMISPEvent method) 26untag() (pymispPyMISP method) 21update() (pymispMISPAttribute method) 28update() (pymispMISPEvent method) 26update() (pymispMISPObject method) 29update() (pymispMISPObjectAttribute method) 31update() (pymispMISPObjectReference method) 32update() (pymispMISPOrganisation method) 35update() (pymispMISPTag method) 33update() (pymispMISPUser method) 34update() (pymisptoolsFileObject method) 38update() (pymisptoolsVTReportObject method) 40update_attribute() (pymispPyMISP method) 21update_attribute_proposal()
(pymispPyMISP method) 21update_event() (pymispPyMISP method) 21update_event_blacklist() (pymispPyMISP
method) 21update_feed() (pymispPyMISP method) 21update_galaxies() (pymispPyMISP method) 21update_not_jsonable() (pymispAbstractMISP
method) 23update_not_jsonable() (pymispMISPAttribute
method) 28update_not_jsonable() (pymispMISPEvent
method) 26update_not_jsonable() (pymispMISPObject
method) 29update_not_jsonable()
(pymispMISPObjectAttribute method) 31
Index 49
PyMISP Documentation Release main
update_not_jsonable()(pymispMISPObjectReference method)32
update_not_jsonable()(pymispMISPOrganisation method) 35
update_not_jsonable() (pymispMISPTagmethod) 33
update_not_jsonable() (pymispMISPUsermethod) 34
update_not_jsonable() (pymisptoolsFileObjectmethod) 38
update_not_jsonable()(pymisptoolsVTReportObject method)40
update_noticelists() (pymispPyMISP method)21
update_object() (pymispPyMISP method) 21update_object_templates() (pymispPyMISP
method) 21update_organisation() (pymispPyMISP
method) 21update_organisation_blacklist()
(pymispPyMISP method) 21update_server() (pymispPyMISP method) 22update_tag() (pymispPyMISP method) 22update_taxonomies() (pymispPyMISP method)
22update_user() (pymispPyMISP method) 22update_warninglists() (pymispPyMISP
method) 22upload_stix() (pymispPyMISP method) 22user_registrations() (pymispPyMISP method)
22user_settings() (pymispPyMISP method) 22users() (pymispPyMISP method) 22users_statistics() (pymispPyMISP method) 22
Vvalues() (pymispMISPAttribute method) 28values() (pymispMISPEvent method) 26values() (pymispMISPObject method) 29values() (pymispMISPObjectAttribute method) 31values() (pymispMISPObjectReference method) 32values() (pymispMISPOrganisation method) 35values() (pymispMISPTag method) 33values() (pymispMISPUser method) 34values() (pymisptoolsFileObject method) 38values() (pymisptoolsVTReportObject method) 40values_in_warninglist() (pymispPyMISP
method) 22version() (pymispPyMISP property) 22VTReportObject (class in pymisptools) 38
Wwarninglists() (pymispPyMISP method) 22
50 Index
- README
- pymisp
- PyMISP
- PyMISPExpanded (Python 36+ only)
- MISPAbstract
- MISPEncode
- MISPEvent
- MISPAttribute
- MISPObject
- MISPObjectAttribute
- MISPObjectReference
- MISPTag
- MISPUser
- MISPOrganisation
- pymisp - Tools
- File Object
- ELF Object
- PE Object
- Mach-O Object
- VT Report Object
- STIX
- OpenIOC
- Indices and tables
- Python Module Index
- Index
PyMISP Documentation Release main
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict()Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
212 MISPOrganisation 35
PyMISP Documentation Release main
36 Chapter 2 pymisp
CHAPTER
THREE
PYMISP - TOOLS
31 File Object
class pymisptoolsFileObject(filepath=None pseudofile=None filename=None kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Contains the logic where all the values of the object are gathered
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
37
PyMISP Documentation Release main
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
32 ELF Object
33 PE Object
34 Mach-O Object
35 VT Report Object
class pymisptoolsVTReportObject(apikey indicator vt_proxies=None kwargs)VirusTotal Report
Apikey VirusTotal API key (private works but only public features are supported right now)
38 Chapter 3 pymisp - Tools
PyMISP Documentation Release main
Indicator IOC to search VirusTotal for
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Parse the VirusTotal report for relevant attributes
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
35 VT Report Object 39
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
36 STIX
pymisptoolsstixload_stix(stix distribution=3 threat_level_id=2 analysis=0)Returns a MISPEvent object from a STIX package
pymisptoolsstixmake_stix_package(misp_event to_json=False to_xml=False)Returns a STIXPackage from a MISPEvent
Optionally can return the package in json or xml
37 OpenIOC
toolsload_openioc()
toolsload_openioc_file()
40 Chapter 3 pymisp - Tools
CHAPTER
FOUR
INDICES AND TABLES
bull genindex
bull modindex
bull search
41
PyMISP Documentation Release main
42 Chapter 4 Indices and tables
PYTHON MODULE INDEX
ppymisp 7pymisptools 37pymisptoolsstix 40
43
PyMISP Documentation Release main
44 Python Module Index
INDEX
AAbstractMISP (class in pymisp) 23accept_attribute_proposal()
(pymispPyMISP method) 7add_attribute() (pymispMISPEvent method) 24add_attribute() (pymispMISPObject method) 28add_attribute() (pymispPyMISP method) 7add_attribute() (pymisptoolsFileObject method)
37add_attribute() (pymisptoolsVTReportObject
method) 39add_attribute_proposal() (pymispPyMISP
method) 7add_attribute_tag() (pymispMISPEvent
method) 24add_attributes() (pymispMISPObject method)
28add_attributes() (pymisptoolsFileObject
method) 37add_attributes() (pymisptoolsVTReportObject
method) 39add_event() (pymispPyMISP method) 7add_event_blacklist() (pymispPyMISP
method) 8add_feed() (pymispPyMISP method) 8add_object() (pymispMISPEvent method) 24add_object() (pymispPyMISP method) 8add_object_reference() (pymispPyMISP
method) 8add_org_to_sharing_group() (pymispPyMISP
method) 8add_organisation() (pymispPyMISP method) 8add_organisation_blacklist()
(pymispPyMISP method) 8add_proposal() (pymispMISPAttribute method) 26add_proposal() (pymispMISPEvent method) 24add_proposal() (pymispMISPObjectAttribute
method) 29add_reference() (pymispMISPObject method) 28add_reference() (pymisptoolsFileObject method)
37add_reference() (pymisptoolsVTReportObject
method) 39add_server() (pymispPyMISP method) 8add_server_to_sharing_group()
(pymispPyMISP method) 8add_shadow_attribute() (pymispMISPAttribute
method) 26add_shadow_attribute() (pymispMISPEvent
method) 24add_shadow_attribute()
(pymispMISPObjectAttribute method) 29add_sharing_group() (pymispPyMISP method) 8add_sighting() (pymispMISPAttribute method) 26add_sighting() (pymispMISPObjectAttribute
method) 29add_sighting() (pymispPyMISP method) 8add_tag() (pymispPyMISP method) 8add_user() (pymispPyMISP method) 9attributes_statistics() (pymispPyMISP
method) 9
Bbuild_complex_query() (pymispPyMISP
method) 9
Ccache_all_feeds() (pymispPyMISP method) 9cache_feed() (pymispPyMISP method) 9cache_freetext_feeds() (pymispPyMISP
method) 9cache_misp_feeds() (pymispPyMISP method) 9change_sharing_group_on_entity()
(pymispPyMISP method) 9change_user_password() (pymispPyMISP
method) 9clear() (pymispMISPAttribute method) 26clear() (pymispMISPEvent method) 24clear() (pymispMISPObject method) 28clear() (pymispMISPObjectAttribute method) 29clear() (pymispMISPObjectReference method) 31clear() (pymispMISPOrganisation method) 34clear() (pymispMISPTag method) 32clear() (pymispMISPUser method) 33
45
PyMISP Documentation Release main
clear() (pymisptoolsFileObject method) 37clear() (pymisptoolsVTReportObject method) 39communities() (pymispPyMISP method) 9compare_feeds() (pymispPyMISP method) 9contact_event_reporter() (pymispPyMISP
method) 9
Ddefault() (pymispMISPEncode method) 24delegate_event() (pymispPyMISP method) 10delete() (pymispMISPAttribute method) 26delete() (pymispMISPObjectAttribute method) 30delete_attribute() (pymispMISPEvent method)
24delete_attribute() (pymispPyMISP method) 10delete_attribute_proposal()
(pymispPyMISP method) 10delete_event() (pymispPyMISP method) 10delete_event_blacklist() (pymispPyMISP
method) 10delete_feed() (pymispPyMISP method) 10delete_object() (pymispPyMISP method) 10delete_object_reference() (pymispPyMISP
method) 10delete_organisation() (pymispPyMISP
method) 10delete_organisation_blacklist()
(pymispPyMISP method) 10delete_server() (pymispPyMISP method) 10delete_sharing_group() (pymispPyMISP
method) 10delete_sighting() (pymispPyMISP method) 10delete_tag() (pymispPyMISP method) 11delete_user() (pymispPyMISP method) 11delete_user_setting() (pymispPyMISP
method) 11describe_types_local() (pymispPyMISP prop-
erty) 11describe_types_remote() (pymispPyMISP
property) 11direct_call() (pymispPyMISP method) 11disable_feed() (pymispPyMISP method) 11disable_feed_cache() (pymispPyMISP method)
11disable_noticelist() (pymispPyMISP method)
11disable_tag() (pymispPyMISP method) 11disable_taxonomy() (pymispPyMISP method) 11disable_taxonomy_tags() (pymispPyMISP
method) 11disable_warninglist() (pymispPyMISP
method) 11discard_attribute_proposal()
(pymispPyMISP method) 12
Eedited() (pymispAbstractMISP property) 23edited() (pymispMISPAttribute property) 26edited() (pymispMISPEvent property) 24edited() (pymispMISPObject property) 28edited() (pymispMISPObjectAttribute property) 30edited() (pymispMISPObjectReference property) 31edited() (pymispMISPOrganisation property) 34edited() (pymispMISPTag property) 32edited() (pymispMISPUser property) 33edited() (pymisptoolsFileObject property) 37edited() (pymisptoolsVTReportObject property) 39enable_feed() (pymispPyMISP method) 12enable_feed_cache() (pymispPyMISP method)
12enable_noticelist() (pymispPyMISP method)
12enable_tag() (pymispPyMISP method) 12enable_taxonomy() (pymispPyMISP method) 12enable_taxonomy_tags() (pymispPyMISP
method) 12enable_warninglist() (pymispPyMISP method)
12event_blacklists() (pymispPyMISP method) 12event_delegations() (pymispPyMISP method)
12ExpandedPyMISP (in module pymisp) 23
Ffeeds() (pymispPyMISP method) 12fetch_feed() (pymispPyMISP method) 12FileObject (class in pymisptools) 37freetext() (pymispPyMISP method) 12from_dict() (pymispAbstractMISP method) 23from_dict() (pymispMISPAttribute method) 27from_dict() (pymispMISPEvent method) 25from_dict() (pymispMISPObject method) 28from_dict() (pymispMISPObjectAttribute method)
30from_dict() (pymispMISPObjectReference method)
31from_dict() (pymispMISPOrganisation method) 34from_dict() (pymispMISPTag method) 32from_dict() (pymispMISPUser method) 33from_dict() (pymisptoolsFileObject method) 37from_dict() (pymisptoolsVTReportObject method)
39from_json() (pymispAbstractMISP method) 23from_json() (pymispMISPAttribute method) 27from_json() (pymispMISPEvent method) 25from_json() (pymispMISPObject method) 28from_json() (pymispMISPObjectAttribute method)
30
46 Index
PyMISP Documentation Release main
from_json() (pymispMISPObjectReference method)31
from_json() (pymispMISPOrganisation method) 34from_json() (pymispMISPTag method) 32from_json() (pymispMISPUser method) 33from_json() (pymisptoolsFileObject method) 37from_json() (pymisptoolsVTReportObject method)
39
Ggalaxies() (pymispPyMISP method) 12generate_attributes() (pymisptoolsFileObject
method) 37generate_attributes()
(pymisptoolsVTReportObject method)39
get() (pymispMISPAttribute method) 27get() (pymispMISPEvent method) 25get() (pymispMISPObject method) 28get() (pymispMISPObjectAttribute method) 30get() (pymispMISPObjectReference method) 31get() (pymispMISPOrganisation method) 34get() (pymispMISPTag method) 32get() (pymispMISPUser method) 33get() (pymisptoolsFileObject method) 37get() (pymisptoolsVTReportObject method) 39get_all_functions() (pymispPyMISP method)
13get_attribute() (pymispPyMISP method) 13get_attribute_tag() (pymispMISPEvent
method) 25get_attributes_by_relation()
(pymispMISPObject method) 28get_attributes_by_relation()
(pymisptoolsFileObject method) 37get_attributes_by_relation()
(pymisptoolsVTReportObject method)39
get_community() (pymispPyMISP method) 13get_event() (pymispPyMISP method) 13get_feed() (pymispPyMISP method) 13get_galaxy() (pymispPyMISP method) 13get_noticelist() (pymispPyMISP method) 13get_object() (pymispPyMISP method) 13get_object_by_id() (pymispMISPEvent method)
25get_object_by_uuid() (pymispMISPEvent
method) 25get_object_template() (pymispPyMISP
method) 13get_objects_by_name() (pymispMISPEvent
method) 25get_organisation() (pymispPyMISP method) 13get_sync_config() (pymispPyMISP method) 13
get_tag() (pymispPyMISP method) 13get_taxonomy() (pymispPyMISP method) 13get_user() (pymispPyMISP method) 13get_user_setting() (pymispPyMISP method) 14get_warninglist() (pymispPyMISP method) 14
Hhas_attributes_by_relation()
(pymispMISPObject method) 28has_attributes_by_relation()
(pymisptoolsFileObject method) 37has_attributes_by_relation()
(pymisptoolsVTReportObject method)39
hash_values() (pymispMISPAttribute method) 27hash_values() (pymispMISPObjectAttribute
method) 30
Iimport_server() (pymispPyMISP method) 14items() (pymispMISPAttribute method) 27items() (pymispMISPEvent method) 25items() (pymispMISPObject method) 29items() (pymispMISPObjectAttribute method) 30items() (pymispMISPObjectReference method) 31items() (pymispMISPOrganisation method) 34items() (pymispMISPTag method) 32items() (pymispMISPUser method) 33items() (pymisptoolsFileObject method) 38items() (pymisptoolsVTReportObject method) 39
Jjsonable() (pymispAbstractMISP method) 23jsonable() (pymispMISPAttribute method) 27jsonable() (pymispMISPEvent method) 25jsonable() (pymispMISPObject method) 29jsonable() (pymispMISPObjectAttribute method)
30jsonable() (pymispMISPObjectReference method)
31jsonable() (pymispMISPOrganisation method) 34jsonable() (pymispMISPTag method) 32jsonable() (pymispMISPUser method) 33jsonable() (pymisptoolsFileObject method) 38jsonable() (pymisptoolsVTReportObject method)
39
Kkeys() (pymispMISPAttribute method) 27keys() (pymispMISPEvent method) 25keys() (pymispMISPObject method) 29keys() (pymispMISPObjectAttribute method) 30keys() (pymispMISPObjectReference method) 31keys() (pymispMISPOrganisation method) 34
Index 47
PyMISP Documentation Release main
keys() (pymispMISPTag method) 32keys() (pymispMISPUser method) 33keys() (pymisptoolsFileObject method) 38keys() (pymisptoolsVTReportObject method) 39known_types() (pymispMISPAttribute property) 27known_types() (pymispMISPObjectAttribute prop-
erty) 30
Lload() (pymispMISPEvent method) 25load_default_feeds() (pymispPyMISP method)
14load_file() (pymispMISPEvent method) 25load_openioc() (pymisptools method) 40load_openioc_file() (pymisptools method) 40load_stix() (in module pymisptoolsstix) 40
Mmake_stix_package() (in module
pymisptoolsstix) 40malware_binary() (pymispMISPAttribute prop-
erty) 27malware_binary() (pymispMISPObjectAttribute
property) 30misp_instance_version() (pymispPyMISP
property) 14misp_instance_version_master()
(pymispPyMISP property) 14MISPAttribute (class in pymisp) 26MISPEncode (class in pymisp) 24MISPEvent (class in pymisp) 24MISPObject (class in pymisp) 28MISPObjectAttribute (class in pymisp) 29MISPObjectReference (class in pymisp) 31MISPOrganisation (class in pymisp) 34MISPTag (class in pymisp) 32MISPUser (class in pymisp) 33module
pymisp 7pymisptools 37pymisptoolsstix 40
Nnoticelists() (pymispPyMISP method) 14
Oobject_templates() (pymispPyMISP method) 14organisation_blacklists() (pymispPyMISP
method) 14organisations() (pymispPyMISP method) 14
Ppop() (pymispMISPAttribute method) 27
pop() (pymispMISPEvent method) 25pop() (pymispMISPObject method) 29pop() (pymispMISPObjectAttribute method) 30pop() (pymispMISPObjectReference method) 31pop() (pymispMISPOrganisation method) 34pop() (pymispMISPTag method) 32pop() (pymispMISPUser method) 33pop() (pymisptoolsFileObject method) 38pop() (pymisptoolsVTReportObject method) 39popitem() (pymispMISPAttribute method) 27popitem() (pymispMISPEvent method) 25popitem() (pymispMISPObject method) 29popitem() (pymispMISPObjectAttribute method) 30popitem() (pymispMISPObjectReference method) 31popitem() (pymispMISPOrganisation method) 34popitem() (pymispMISPTag method) 32popitem() (pymispMISPUser method) 33popitem() (pymisptoolsFileObject method) 38popitem() (pymisptoolsVTReportObject method) 39publish() (pymispMISPEvent method) 25publish() (pymispPyMISP method) 14push_event_to_ZMQ() (pymispPyMISP method)
14pymisp
module 7PyMISP (class in pymisp) 7pymisptools
module 37pymisptoolsstix
module 40pymisp_version_main() (pymispPyMISP prop-
erty) 15
Rrecommended_pymisp_version()
(pymispPyMISP property) 15remote_acl() (pymispPyMISP method) 15remove_org_from_sharing_group()
(pymispPyMISP method) 15remove_server_from_sharing_group()
(pymispPyMISP method) 15roles() (pymispPyMISP method) 15
Ssearch() (pymispPyMISP method) 15search_feeds() (pymispPyMISP method) 17search_index() (pymispPyMISP method) 18search_logs() (pymispPyMISP method) 18search_sightings() (pymispPyMISP method) 19server_pull() (pymispPyMISP method) 20server_push() (pymispPyMISP method) 20servers() (pymispPyMISP method) 20set_date() (pymispMISPEvent method) 25
48 Index
PyMISP Documentation Release main
set_not_jsonable() (pymispAbstractMISPmethod) 23
set_not_jsonable() (pymispMISPAttributemethod) 27
set_not_jsonable() (pymispMISPEvent method)25
set_not_jsonable() (pymispMISPObjectmethod) 29
set_not_jsonable() (pymispMISPObjectAttributemethod) 30
set_not_jsonable()(pymispMISPObjectReference method)31
set_not_jsonable() (pymispMISPOrganisationmethod) 35
set_not_jsonable() (pymispMISPTag method)32
set_not_jsonable() (pymispMISPUser method)33
set_not_jsonable() (pymisptoolsFileObjectmethod) 38
set_not_jsonable()(pymisptoolsVTReportObject method)39
set_user_setting() (pymispPyMISP method) 20setdefault() (pymispMISPAttribute method) 27setdefault() (pymispMISPEvent method) 25setdefault() (pymispMISPObject method) 29setdefault() (pymispMISPObjectAttribute
method) 30setdefault() (pymispMISPObjectReference
method) 31setdefault() (pymispMISPOrganisation method)
35setdefault() (pymispMISPTag method) 33setdefault() (pymispMISPUser method) 34setdefault() (pymisptoolsFileObject method) 38setdefault() (pymisptoolsVTReportObject
method) 40sharing_groups() (pymispPyMISP method) 20sightings() (pymispPyMISP method) 20
Ttag() (pymispPyMISP method) 20tags() (pymispMISPAttribute property) 27tags() (pymispMISPEvent property) 26tags() (pymispMISPObjectAttribute property) 30tags() (pymispPyMISP method) 20tags_statistics() (pymispPyMISP method) 20taxonomies() (pymispPyMISP method) 20to_dict() (pymispAbstractMISP method) 23to_dict() (pymispMISPAttribute method) 27to_dict() (pymispMISPEvent method) 26to_dict() (pymispMISPObject method) 29
to_dict() (pymispMISPObjectAttribute method) 30to_dict() (pymispMISPObjectReference method) 32to_dict() (pymispMISPOrganisation method) 35to_dict() (pymispMISPTag method) 33to_dict() (pymispMISPUser method) 34to_dict() (pymisptoolsFileObject method) 38to_dict() (pymisptoolsVTReportObject method) 40to_feed() (pymispMISPEvent method) 26to_json() (pymispAbstractMISP method) 23to_json() (pymispMISPAttribute method) 27to_json() (pymispMISPEvent method) 26to_json() (pymispMISPObject method) 29to_json() (pymispMISPObjectAttribute method) 31to_json() (pymispMISPObjectReference method) 32to_json() (pymispMISPOrganisation method) 35to_json() (pymispMISPTag method) 33to_json() (pymispMISPUser method) 34to_json() (pymisptoolsFileObject method) 38to_json() (pymisptoolsVTReportObject method) 40toggle_warninglist() (pymispPyMISP method)
20
Uunpublish() (pymispMISPEvent method) 26untag() (pymispPyMISP method) 21update() (pymispMISPAttribute method) 28update() (pymispMISPEvent method) 26update() (pymispMISPObject method) 29update() (pymispMISPObjectAttribute method) 31update() (pymispMISPObjectReference method) 32update() (pymispMISPOrganisation method) 35update() (pymispMISPTag method) 33update() (pymispMISPUser method) 34update() (pymisptoolsFileObject method) 38update() (pymisptoolsVTReportObject method) 40update_attribute() (pymispPyMISP method) 21update_attribute_proposal()
(pymispPyMISP method) 21update_event() (pymispPyMISP method) 21update_event_blacklist() (pymispPyMISP
method) 21update_feed() (pymispPyMISP method) 21update_galaxies() (pymispPyMISP method) 21update_not_jsonable() (pymispAbstractMISP
method) 23update_not_jsonable() (pymispMISPAttribute
method) 28update_not_jsonable() (pymispMISPEvent
method) 26update_not_jsonable() (pymispMISPObject
method) 29update_not_jsonable()
(pymispMISPObjectAttribute method) 31
Index 49
PyMISP Documentation Release main
update_not_jsonable()(pymispMISPObjectReference method)32
update_not_jsonable()(pymispMISPOrganisation method) 35
update_not_jsonable() (pymispMISPTagmethod) 33
update_not_jsonable() (pymispMISPUsermethod) 34
update_not_jsonable() (pymisptoolsFileObjectmethod) 38
update_not_jsonable()(pymisptoolsVTReportObject method)40
update_noticelists() (pymispPyMISP method)21
update_object() (pymispPyMISP method) 21update_object_templates() (pymispPyMISP
method) 21update_organisation() (pymispPyMISP
method) 21update_organisation_blacklist()
(pymispPyMISP method) 21update_server() (pymispPyMISP method) 22update_tag() (pymispPyMISP method) 22update_taxonomies() (pymispPyMISP method)
22update_user() (pymispPyMISP method) 22update_warninglists() (pymispPyMISP
method) 22upload_stix() (pymispPyMISP method) 22user_registrations() (pymispPyMISP method)
22user_settings() (pymispPyMISP method) 22users() (pymispPyMISP method) 22users_statistics() (pymispPyMISP method) 22
Vvalues() (pymispMISPAttribute method) 28values() (pymispMISPEvent method) 26values() (pymispMISPObject method) 29values() (pymispMISPObjectAttribute method) 31values() (pymispMISPObjectReference method) 32values() (pymispMISPOrganisation method) 35values() (pymispMISPTag method) 33values() (pymispMISPUser method) 34values() (pymisptoolsFileObject method) 38values() (pymisptoolsVTReportObject method) 40values_in_warninglist() (pymispPyMISP
method) 22version() (pymispPyMISP property) 22VTReportObject (class in pymisptools) 38
Wwarninglists() (pymispPyMISP method) 22
50 Index
- README
- pymisp
- PyMISP
- PyMISPExpanded (Python 36+ only)
- MISPAbstract
- MISPEncode
- MISPEvent
- MISPAttribute
- MISPObject
- MISPObjectAttribute
- MISPObjectReference
- MISPTag
- MISPUser
- MISPOrganisation
- pymisp - Tools
- File Object
- ELF Object
- PE Object
- Mach-O Object
- VT Report Object
- STIX
- OpenIOC
- Indices and tables
- Python Module Index
- Index
PyMISP Documentation Release main
36 Chapter 2 pymisp
CHAPTER
THREE
PYMISP - TOOLS
31 File Object
class pymisptoolsFileObject(filepath=None pseudofile=None filename=None kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Contains the logic where all the values of the object are gathered
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
37
PyMISP Documentation Release main
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
32 ELF Object
33 PE Object
34 Mach-O Object
35 VT Report Object
class pymisptoolsVTReportObject(apikey indicator vt_proxies=None kwargs)VirusTotal Report
Apikey VirusTotal API key (private works but only public features are supported right now)
38 Chapter 3 pymisp - Tools
PyMISP Documentation Release main
Indicator IOC to search VirusTotal for
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Parse the VirusTotal report for relevant attributes
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
35 VT Report Object 39
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
36 STIX
pymisptoolsstixload_stix(stix distribution=3 threat_level_id=2 analysis=0)Returns a MISPEvent object from a STIX package
pymisptoolsstixmake_stix_package(misp_event to_json=False to_xml=False)Returns a STIXPackage from a MISPEvent
Optionally can return the package in json or xml
37 OpenIOC
toolsload_openioc()
toolsload_openioc_file()
40 Chapter 3 pymisp - Tools
CHAPTER
FOUR
INDICES AND TABLES
bull genindex
bull modindex
bull search
41
PyMISP Documentation Release main
42 Chapter 4 Indices and tables
PYTHON MODULE INDEX
ppymisp 7pymisptools 37pymisptoolsstix 40
43
PyMISP Documentation Release main
44 Python Module Index
INDEX
AAbstractMISP (class in pymisp) 23accept_attribute_proposal()
(pymispPyMISP method) 7add_attribute() (pymispMISPEvent method) 24add_attribute() (pymispMISPObject method) 28add_attribute() (pymispPyMISP method) 7add_attribute() (pymisptoolsFileObject method)
37add_attribute() (pymisptoolsVTReportObject
method) 39add_attribute_proposal() (pymispPyMISP
method) 7add_attribute_tag() (pymispMISPEvent
method) 24add_attributes() (pymispMISPObject method)
28add_attributes() (pymisptoolsFileObject
method) 37add_attributes() (pymisptoolsVTReportObject
method) 39add_event() (pymispPyMISP method) 7add_event_blacklist() (pymispPyMISP
method) 8add_feed() (pymispPyMISP method) 8add_object() (pymispMISPEvent method) 24add_object() (pymispPyMISP method) 8add_object_reference() (pymispPyMISP
method) 8add_org_to_sharing_group() (pymispPyMISP
method) 8add_organisation() (pymispPyMISP method) 8add_organisation_blacklist()
(pymispPyMISP method) 8add_proposal() (pymispMISPAttribute method) 26add_proposal() (pymispMISPEvent method) 24add_proposal() (pymispMISPObjectAttribute
method) 29add_reference() (pymispMISPObject method) 28add_reference() (pymisptoolsFileObject method)
37add_reference() (pymisptoolsVTReportObject
method) 39add_server() (pymispPyMISP method) 8add_server_to_sharing_group()
(pymispPyMISP method) 8add_shadow_attribute() (pymispMISPAttribute
method) 26add_shadow_attribute() (pymispMISPEvent
method) 24add_shadow_attribute()
(pymispMISPObjectAttribute method) 29add_sharing_group() (pymispPyMISP method) 8add_sighting() (pymispMISPAttribute method) 26add_sighting() (pymispMISPObjectAttribute
method) 29add_sighting() (pymispPyMISP method) 8add_tag() (pymispPyMISP method) 8add_user() (pymispPyMISP method) 9attributes_statistics() (pymispPyMISP
method) 9
Bbuild_complex_query() (pymispPyMISP
method) 9
Ccache_all_feeds() (pymispPyMISP method) 9cache_feed() (pymispPyMISP method) 9cache_freetext_feeds() (pymispPyMISP
method) 9cache_misp_feeds() (pymispPyMISP method) 9change_sharing_group_on_entity()
(pymispPyMISP method) 9change_user_password() (pymispPyMISP
method) 9clear() (pymispMISPAttribute method) 26clear() (pymispMISPEvent method) 24clear() (pymispMISPObject method) 28clear() (pymispMISPObjectAttribute method) 29clear() (pymispMISPObjectReference method) 31clear() (pymispMISPOrganisation method) 34clear() (pymispMISPTag method) 32clear() (pymispMISPUser method) 33
45
PyMISP Documentation Release main
clear() (pymisptoolsFileObject method) 37clear() (pymisptoolsVTReportObject method) 39communities() (pymispPyMISP method) 9compare_feeds() (pymispPyMISP method) 9contact_event_reporter() (pymispPyMISP
method) 9
Ddefault() (pymispMISPEncode method) 24delegate_event() (pymispPyMISP method) 10delete() (pymispMISPAttribute method) 26delete() (pymispMISPObjectAttribute method) 30delete_attribute() (pymispMISPEvent method)
24delete_attribute() (pymispPyMISP method) 10delete_attribute_proposal()
(pymispPyMISP method) 10delete_event() (pymispPyMISP method) 10delete_event_blacklist() (pymispPyMISP
method) 10delete_feed() (pymispPyMISP method) 10delete_object() (pymispPyMISP method) 10delete_object_reference() (pymispPyMISP
method) 10delete_organisation() (pymispPyMISP
method) 10delete_organisation_blacklist()
(pymispPyMISP method) 10delete_server() (pymispPyMISP method) 10delete_sharing_group() (pymispPyMISP
method) 10delete_sighting() (pymispPyMISP method) 10delete_tag() (pymispPyMISP method) 11delete_user() (pymispPyMISP method) 11delete_user_setting() (pymispPyMISP
method) 11describe_types_local() (pymispPyMISP prop-
erty) 11describe_types_remote() (pymispPyMISP
property) 11direct_call() (pymispPyMISP method) 11disable_feed() (pymispPyMISP method) 11disable_feed_cache() (pymispPyMISP method)
11disable_noticelist() (pymispPyMISP method)
11disable_tag() (pymispPyMISP method) 11disable_taxonomy() (pymispPyMISP method) 11disable_taxonomy_tags() (pymispPyMISP
method) 11disable_warninglist() (pymispPyMISP
method) 11discard_attribute_proposal()
(pymispPyMISP method) 12
Eedited() (pymispAbstractMISP property) 23edited() (pymispMISPAttribute property) 26edited() (pymispMISPEvent property) 24edited() (pymispMISPObject property) 28edited() (pymispMISPObjectAttribute property) 30edited() (pymispMISPObjectReference property) 31edited() (pymispMISPOrganisation property) 34edited() (pymispMISPTag property) 32edited() (pymispMISPUser property) 33edited() (pymisptoolsFileObject property) 37edited() (pymisptoolsVTReportObject property) 39enable_feed() (pymispPyMISP method) 12enable_feed_cache() (pymispPyMISP method)
12enable_noticelist() (pymispPyMISP method)
12enable_tag() (pymispPyMISP method) 12enable_taxonomy() (pymispPyMISP method) 12enable_taxonomy_tags() (pymispPyMISP
method) 12enable_warninglist() (pymispPyMISP method)
12event_blacklists() (pymispPyMISP method) 12event_delegations() (pymispPyMISP method)
12ExpandedPyMISP (in module pymisp) 23
Ffeeds() (pymispPyMISP method) 12fetch_feed() (pymispPyMISP method) 12FileObject (class in pymisptools) 37freetext() (pymispPyMISP method) 12from_dict() (pymispAbstractMISP method) 23from_dict() (pymispMISPAttribute method) 27from_dict() (pymispMISPEvent method) 25from_dict() (pymispMISPObject method) 28from_dict() (pymispMISPObjectAttribute method)
30from_dict() (pymispMISPObjectReference method)
31from_dict() (pymispMISPOrganisation method) 34from_dict() (pymispMISPTag method) 32from_dict() (pymispMISPUser method) 33from_dict() (pymisptoolsFileObject method) 37from_dict() (pymisptoolsVTReportObject method)
39from_json() (pymispAbstractMISP method) 23from_json() (pymispMISPAttribute method) 27from_json() (pymispMISPEvent method) 25from_json() (pymispMISPObject method) 28from_json() (pymispMISPObjectAttribute method)
30
46 Index
PyMISP Documentation Release main
from_json() (pymispMISPObjectReference method)31
from_json() (pymispMISPOrganisation method) 34from_json() (pymispMISPTag method) 32from_json() (pymispMISPUser method) 33from_json() (pymisptoolsFileObject method) 37from_json() (pymisptoolsVTReportObject method)
39
Ggalaxies() (pymispPyMISP method) 12generate_attributes() (pymisptoolsFileObject
method) 37generate_attributes()
(pymisptoolsVTReportObject method)39
get() (pymispMISPAttribute method) 27get() (pymispMISPEvent method) 25get() (pymispMISPObject method) 28get() (pymispMISPObjectAttribute method) 30get() (pymispMISPObjectReference method) 31get() (pymispMISPOrganisation method) 34get() (pymispMISPTag method) 32get() (pymispMISPUser method) 33get() (pymisptoolsFileObject method) 37get() (pymisptoolsVTReportObject method) 39get_all_functions() (pymispPyMISP method)
13get_attribute() (pymispPyMISP method) 13get_attribute_tag() (pymispMISPEvent
method) 25get_attributes_by_relation()
(pymispMISPObject method) 28get_attributes_by_relation()
(pymisptoolsFileObject method) 37get_attributes_by_relation()
(pymisptoolsVTReportObject method)39
get_community() (pymispPyMISP method) 13get_event() (pymispPyMISP method) 13get_feed() (pymispPyMISP method) 13get_galaxy() (pymispPyMISP method) 13get_noticelist() (pymispPyMISP method) 13get_object() (pymispPyMISP method) 13get_object_by_id() (pymispMISPEvent method)
25get_object_by_uuid() (pymispMISPEvent
method) 25get_object_template() (pymispPyMISP
method) 13get_objects_by_name() (pymispMISPEvent
method) 25get_organisation() (pymispPyMISP method) 13get_sync_config() (pymispPyMISP method) 13
get_tag() (pymispPyMISP method) 13get_taxonomy() (pymispPyMISP method) 13get_user() (pymispPyMISP method) 13get_user_setting() (pymispPyMISP method) 14get_warninglist() (pymispPyMISP method) 14
Hhas_attributes_by_relation()
(pymispMISPObject method) 28has_attributes_by_relation()
(pymisptoolsFileObject method) 37has_attributes_by_relation()
(pymisptoolsVTReportObject method)39
hash_values() (pymispMISPAttribute method) 27hash_values() (pymispMISPObjectAttribute
method) 30
Iimport_server() (pymispPyMISP method) 14items() (pymispMISPAttribute method) 27items() (pymispMISPEvent method) 25items() (pymispMISPObject method) 29items() (pymispMISPObjectAttribute method) 30items() (pymispMISPObjectReference method) 31items() (pymispMISPOrganisation method) 34items() (pymispMISPTag method) 32items() (pymispMISPUser method) 33items() (pymisptoolsFileObject method) 38items() (pymisptoolsVTReportObject method) 39
Jjsonable() (pymispAbstractMISP method) 23jsonable() (pymispMISPAttribute method) 27jsonable() (pymispMISPEvent method) 25jsonable() (pymispMISPObject method) 29jsonable() (pymispMISPObjectAttribute method)
30jsonable() (pymispMISPObjectReference method)
31jsonable() (pymispMISPOrganisation method) 34jsonable() (pymispMISPTag method) 32jsonable() (pymispMISPUser method) 33jsonable() (pymisptoolsFileObject method) 38jsonable() (pymisptoolsVTReportObject method)
39
Kkeys() (pymispMISPAttribute method) 27keys() (pymispMISPEvent method) 25keys() (pymispMISPObject method) 29keys() (pymispMISPObjectAttribute method) 30keys() (pymispMISPObjectReference method) 31keys() (pymispMISPOrganisation method) 34
Index 47
PyMISP Documentation Release main
keys() (pymispMISPTag method) 32keys() (pymispMISPUser method) 33keys() (pymisptoolsFileObject method) 38keys() (pymisptoolsVTReportObject method) 39known_types() (pymispMISPAttribute property) 27known_types() (pymispMISPObjectAttribute prop-
erty) 30
Lload() (pymispMISPEvent method) 25load_default_feeds() (pymispPyMISP method)
14load_file() (pymispMISPEvent method) 25load_openioc() (pymisptools method) 40load_openioc_file() (pymisptools method) 40load_stix() (in module pymisptoolsstix) 40
Mmake_stix_package() (in module
pymisptoolsstix) 40malware_binary() (pymispMISPAttribute prop-
erty) 27malware_binary() (pymispMISPObjectAttribute
property) 30misp_instance_version() (pymispPyMISP
property) 14misp_instance_version_master()
(pymispPyMISP property) 14MISPAttribute (class in pymisp) 26MISPEncode (class in pymisp) 24MISPEvent (class in pymisp) 24MISPObject (class in pymisp) 28MISPObjectAttribute (class in pymisp) 29MISPObjectReference (class in pymisp) 31MISPOrganisation (class in pymisp) 34MISPTag (class in pymisp) 32MISPUser (class in pymisp) 33module
pymisp 7pymisptools 37pymisptoolsstix 40
Nnoticelists() (pymispPyMISP method) 14
Oobject_templates() (pymispPyMISP method) 14organisation_blacklists() (pymispPyMISP
method) 14organisations() (pymispPyMISP method) 14
Ppop() (pymispMISPAttribute method) 27
pop() (pymispMISPEvent method) 25pop() (pymispMISPObject method) 29pop() (pymispMISPObjectAttribute method) 30pop() (pymispMISPObjectReference method) 31pop() (pymispMISPOrganisation method) 34pop() (pymispMISPTag method) 32pop() (pymispMISPUser method) 33pop() (pymisptoolsFileObject method) 38pop() (pymisptoolsVTReportObject method) 39popitem() (pymispMISPAttribute method) 27popitem() (pymispMISPEvent method) 25popitem() (pymispMISPObject method) 29popitem() (pymispMISPObjectAttribute method) 30popitem() (pymispMISPObjectReference method) 31popitem() (pymispMISPOrganisation method) 34popitem() (pymispMISPTag method) 32popitem() (pymispMISPUser method) 33popitem() (pymisptoolsFileObject method) 38popitem() (pymisptoolsVTReportObject method) 39publish() (pymispMISPEvent method) 25publish() (pymispPyMISP method) 14push_event_to_ZMQ() (pymispPyMISP method)
14pymisp
module 7PyMISP (class in pymisp) 7pymisptools
module 37pymisptoolsstix
module 40pymisp_version_main() (pymispPyMISP prop-
erty) 15
Rrecommended_pymisp_version()
(pymispPyMISP property) 15remote_acl() (pymispPyMISP method) 15remove_org_from_sharing_group()
(pymispPyMISP method) 15remove_server_from_sharing_group()
(pymispPyMISP method) 15roles() (pymispPyMISP method) 15
Ssearch() (pymispPyMISP method) 15search_feeds() (pymispPyMISP method) 17search_index() (pymispPyMISP method) 18search_logs() (pymispPyMISP method) 18search_sightings() (pymispPyMISP method) 19server_pull() (pymispPyMISP method) 20server_push() (pymispPyMISP method) 20servers() (pymispPyMISP method) 20set_date() (pymispMISPEvent method) 25
48 Index
PyMISP Documentation Release main
set_not_jsonable() (pymispAbstractMISPmethod) 23
set_not_jsonable() (pymispMISPAttributemethod) 27
set_not_jsonable() (pymispMISPEvent method)25
set_not_jsonable() (pymispMISPObjectmethod) 29
set_not_jsonable() (pymispMISPObjectAttributemethod) 30
set_not_jsonable()(pymispMISPObjectReference method)31
set_not_jsonable() (pymispMISPOrganisationmethod) 35
set_not_jsonable() (pymispMISPTag method)32
set_not_jsonable() (pymispMISPUser method)33
set_not_jsonable() (pymisptoolsFileObjectmethod) 38
set_not_jsonable()(pymisptoolsVTReportObject method)39
set_user_setting() (pymispPyMISP method) 20setdefault() (pymispMISPAttribute method) 27setdefault() (pymispMISPEvent method) 25setdefault() (pymispMISPObject method) 29setdefault() (pymispMISPObjectAttribute
method) 30setdefault() (pymispMISPObjectReference
method) 31setdefault() (pymispMISPOrganisation method)
35setdefault() (pymispMISPTag method) 33setdefault() (pymispMISPUser method) 34setdefault() (pymisptoolsFileObject method) 38setdefault() (pymisptoolsVTReportObject
method) 40sharing_groups() (pymispPyMISP method) 20sightings() (pymispPyMISP method) 20
Ttag() (pymispPyMISP method) 20tags() (pymispMISPAttribute property) 27tags() (pymispMISPEvent property) 26tags() (pymispMISPObjectAttribute property) 30tags() (pymispPyMISP method) 20tags_statistics() (pymispPyMISP method) 20taxonomies() (pymispPyMISP method) 20to_dict() (pymispAbstractMISP method) 23to_dict() (pymispMISPAttribute method) 27to_dict() (pymispMISPEvent method) 26to_dict() (pymispMISPObject method) 29
to_dict() (pymispMISPObjectAttribute method) 30to_dict() (pymispMISPObjectReference method) 32to_dict() (pymispMISPOrganisation method) 35to_dict() (pymispMISPTag method) 33to_dict() (pymispMISPUser method) 34to_dict() (pymisptoolsFileObject method) 38to_dict() (pymisptoolsVTReportObject method) 40to_feed() (pymispMISPEvent method) 26to_json() (pymispAbstractMISP method) 23to_json() (pymispMISPAttribute method) 27to_json() (pymispMISPEvent method) 26to_json() (pymispMISPObject method) 29to_json() (pymispMISPObjectAttribute method) 31to_json() (pymispMISPObjectReference method) 32to_json() (pymispMISPOrganisation method) 35to_json() (pymispMISPTag method) 33to_json() (pymispMISPUser method) 34to_json() (pymisptoolsFileObject method) 38to_json() (pymisptoolsVTReportObject method) 40toggle_warninglist() (pymispPyMISP method)
20
Uunpublish() (pymispMISPEvent method) 26untag() (pymispPyMISP method) 21update() (pymispMISPAttribute method) 28update() (pymispMISPEvent method) 26update() (pymispMISPObject method) 29update() (pymispMISPObjectAttribute method) 31update() (pymispMISPObjectReference method) 32update() (pymispMISPOrganisation method) 35update() (pymispMISPTag method) 33update() (pymispMISPUser method) 34update() (pymisptoolsFileObject method) 38update() (pymisptoolsVTReportObject method) 40update_attribute() (pymispPyMISP method) 21update_attribute_proposal()
(pymispPyMISP method) 21update_event() (pymispPyMISP method) 21update_event_blacklist() (pymispPyMISP
method) 21update_feed() (pymispPyMISP method) 21update_galaxies() (pymispPyMISP method) 21update_not_jsonable() (pymispAbstractMISP
method) 23update_not_jsonable() (pymispMISPAttribute
method) 28update_not_jsonable() (pymispMISPEvent
method) 26update_not_jsonable() (pymispMISPObject
method) 29update_not_jsonable()
(pymispMISPObjectAttribute method) 31
Index 49
PyMISP Documentation Release main
update_not_jsonable()(pymispMISPObjectReference method)32
update_not_jsonable()(pymispMISPOrganisation method) 35
update_not_jsonable() (pymispMISPTagmethod) 33
update_not_jsonable() (pymispMISPUsermethod) 34
update_not_jsonable() (pymisptoolsFileObjectmethod) 38
update_not_jsonable()(pymisptoolsVTReportObject method)40
update_noticelists() (pymispPyMISP method)21
update_object() (pymispPyMISP method) 21update_object_templates() (pymispPyMISP
method) 21update_organisation() (pymispPyMISP
method) 21update_organisation_blacklist()
(pymispPyMISP method) 21update_server() (pymispPyMISP method) 22update_tag() (pymispPyMISP method) 22update_taxonomies() (pymispPyMISP method)
22update_user() (pymispPyMISP method) 22update_warninglists() (pymispPyMISP
method) 22upload_stix() (pymispPyMISP method) 22user_registrations() (pymispPyMISP method)
22user_settings() (pymispPyMISP method) 22users() (pymispPyMISP method) 22users_statistics() (pymispPyMISP method) 22
Vvalues() (pymispMISPAttribute method) 28values() (pymispMISPEvent method) 26values() (pymispMISPObject method) 29values() (pymispMISPObjectAttribute method) 31values() (pymispMISPObjectReference method) 32values() (pymispMISPOrganisation method) 35values() (pymispMISPTag method) 33values() (pymispMISPUser method) 34values() (pymisptoolsFileObject method) 38values() (pymisptoolsVTReportObject method) 40values_in_warninglist() (pymispPyMISP
method) 22version() (pymispPyMISP property) 22VTReportObject (class in pymisptools) 38
Wwarninglists() (pymispPyMISP method) 22
50 Index
- README
- pymisp
- PyMISP
- PyMISPExpanded (Python 36+ only)
- MISPAbstract
- MISPEncode
- MISPEvent
- MISPAttribute
- MISPObject
- MISPObjectAttribute
- MISPObjectReference
- MISPTag
- MISPUser
- MISPOrganisation
- pymisp - Tools
- File Object
- ELF Object
- PE Object
- Mach-O Object
- VT Report Object
- STIX
- OpenIOC
- Indices and tables
- Python Module Index
- Index
CHAPTER
THREE
PYMISP - TOOLS
31 File Object
class pymisptoolsFileObject(filepath=None pseudofile=None filename=None kwargs)
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Contains the logic where all the values of the object are gathered
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
37
PyMISP Documentation Release main
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
32 ELF Object
33 PE Object
34 Mach-O Object
35 VT Report Object
class pymisptoolsVTReportObject(apikey indicator vt_proxies=None kwargs)VirusTotal Report
Apikey VirusTotal API key (private works but only public features are supported right now)
38 Chapter 3 pymisp - Tools
PyMISP Documentation Release main
Indicator IOC to search VirusTotal for
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Parse the VirusTotal report for relevant attributes
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
35 VT Report Object 39
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
36 STIX
pymisptoolsstixload_stix(stix distribution=3 threat_level_id=2 analysis=0)Returns a MISPEvent object from a STIX package
pymisptoolsstixmake_stix_package(misp_event to_json=False to_xml=False)Returns a STIXPackage from a MISPEvent
Optionally can return the package in json or xml
37 OpenIOC
toolsload_openioc()
toolsload_openioc_file()
40 Chapter 3 pymisp - Tools
CHAPTER
FOUR
INDICES AND TABLES
bull genindex
bull modindex
bull search
41
PyMISP Documentation Release main
42 Chapter 4 Indices and tables
PYTHON MODULE INDEX
ppymisp 7pymisptools 37pymisptoolsstix 40
43
PyMISP Documentation Release main
44 Python Module Index
INDEX
AAbstractMISP (class in pymisp) 23accept_attribute_proposal()
(pymispPyMISP method) 7add_attribute() (pymispMISPEvent method) 24add_attribute() (pymispMISPObject method) 28add_attribute() (pymispPyMISP method) 7add_attribute() (pymisptoolsFileObject method)
37add_attribute() (pymisptoolsVTReportObject
method) 39add_attribute_proposal() (pymispPyMISP
method) 7add_attribute_tag() (pymispMISPEvent
method) 24add_attributes() (pymispMISPObject method)
28add_attributes() (pymisptoolsFileObject
method) 37add_attributes() (pymisptoolsVTReportObject
method) 39add_event() (pymispPyMISP method) 7add_event_blacklist() (pymispPyMISP
method) 8add_feed() (pymispPyMISP method) 8add_object() (pymispMISPEvent method) 24add_object() (pymispPyMISP method) 8add_object_reference() (pymispPyMISP
method) 8add_org_to_sharing_group() (pymispPyMISP
method) 8add_organisation() (pymispPyMISP method) 8add_organisation_blacklist()
(pymispPyMISP method) 8add_proposal() (pymispMISPAttribute method) 26add_proposal() (pymispMISPEvent method) 24add_proposal() (pymispMISPObjectAttribute
method) 29add_reference() (pymispMISPObject method) 28add_reference() (pymisptoolsFileObject method)
37add_reference() (pymisptoolsVTReportObject
method) 39add_server() (pymispPyMISP method) 8add_server_to_sharing_group()
(pymispPyMISP method) 8add_shadow_attribute() (pymispMISPAttribute
method) 26add_shadow_attribute() (pymispMISPEvent
method) 24add_shadow_attribute()
(pymispMISPObjectAttribute method) 29add_sharing_group() (pymispPyMISP method) 8add_sighting() (pymispMISPAttribute method) 26add_sighting() (pymispMISPObjectAttribute
method) 29add_sighting() (pymispPyMISP method) 8add_tag() (pymispPyMISP method) 8add_user() (pymispPyMISP method) 9attributes_statistics() (pymispPyMISP
method) 9
Bbuild_complex_query() (pymispPyMISP
method) 9
Ccache_all_feeds() (pymispPyMISP method) 9cache_feed() (pymispPyMISP method) 9cache_freetext_feeds() (pymispPyMISP
method) 9cache_misp_feeds() (pymispPyMISP method) 9change_sharing_group_on_entity()
(pymispPyMISP method) 9change_user_password() (pymispPyMISP
method) 9clear() (pymispMISPAttribute method) 26clear() (pymispMISPEvent method) 24clear() (pymispMISPObject method) 28clear() (pymispMISPObjectAttribute method) 29clear() (pymispMISPObjectReference method) 31clear() (pymispMISPOrganisation method) 34clear() (pymispMISPTag method) 32clear() (pymispMISPUser method) 33
45
PyMISP Documentation Release main
clear() (pymisptoolsFileObject method) 37clear() (pymisptoolsVTReportObject method) 39communities() (pymispPyMISP method) 9compare_feeds() (pymispPyMISP method) 9contact_event_reporter() (pymispPyMISP
method) 9
Ddefault() (pymispMISPEncode method) 24delegate_event() (pymispPyMISP method) 10delete() (pymispMISPAttribute method) 26delete() (pymispMISPObjectAttribute method) 30delete_attribute() (pymispMISPEvent method)
24delete_attribute() (pymispPyMISP method) 10delete_attribute_proposal()
(pymispPyMISP method) 10delete_event() (pymispPyMISP method) 10delete_event_blacklist() (pymispPyMISP
method) 10delete_feed() (pymispPyMISP method) 10delete_object() (pymispPyMISP method) 10delete_object_reference() (pymispPyMISP
method) 10delete_organisation() (pymispPyMISP
method) 10delete_organisation_blacklist()
(pymispPyMISP method) 10delete_server() (pymispPyMISP method) 10delete_sharing_group() (pymispPyMISP
method) 10delete_sighting() (pymispPyMISP method) 10delete_tag() (pymispPyMISP method) 11delete_user() (pymispPyMISP method) 11delete_user_setting() (pymispPyMISP
method) 11describe_types_local() (pymispPyMISP prop-
erty) 11describe_types_remote() (pymispPyMISP
property) 11direct_call() (pymispPyMISP method) 11disable_feed() (pymispPyMISP method) 11disable_feed_cache() (pymispPyMISP method)
11disable_noticelist() (pymispPyMISP method)
11disable_tag() (pymispPyMISP method) 11disable_taxonomy() (pymispPyMISP method) 11disable_taxonomy_tags() (pymispPyMISP
method) 11disable_warninglist() (pymispPyMISP
method) 11discard_attribute_proposal()
(pymispPyMISP method) 12
Eedited() (pymispAbstractMISP property) 23edited() (pymispMISPAttribute property) 26edited() (pymispMISPEvent property) 24edited() (pymispMISPObject property) 28edited() (pymispMISPObjectAttribute property) 30edited() (pymispMISPObjectReference property) 31edited() (pymispMISPOrganisation property) 34edited() (pymispMISPTag property) 32edited() (pymispMISPUser property) 33edited() (pymisptoolsFileObject property) 37edited() (pymisptoolsVTReportObject property) 39enable_feed() (pymispPyMISP method) 12enable_feed_cache() (pymispPyMISP method)
12enable_noticelist() (pymispPyMISP method)
12enable_tag() (pymispPyMISP method) 12enable_taxonomy() (pymispPyMISP method) 12enable_taxonomy_tags() (pymispPyMISP
method) 12enable_warninglist() (pymispPyMISP method)
12event_blacklists() (pymispPyMISP method) 12event_delegations() (pymispPyMISP method)
12ExpandedPyMISP (in module pymisp) 23
Ffeeds() (pymispPyMISP method) 12fetch_feed() (pymispPyMISP method) 12FileObject (class in pymisptools) 37freetext() (pymispPyMISP method) 12from_dict() (pymispAbstractMISP method) 23from_dict() (pymispMISPAttribute method) 27from_dict() (pymispMISPEvent method) 25from_dict() (pymispMISPObject method) 28from_dict() (pymispMISPObjectAttribute method)
30from_dict() (pymispMISPObjectReference method)
31from_dict() (pymispMISPOrganisation method) 34from_dict() (pymispMISPTag method) 32from_dict() (pymispMISPUser method) 33from_dict() (pymisptoolsFileObject method) 37from_dict() (pymisptoolsVTReportObject method)
39from_json() (pymispAbstractMISP method) 23from_json() (pymispMISPAttribute method) 27from_json() (pymispMISPEvent method) 25from_json() (pymispMISPObject method) 28from_json() (pymispMISPObjectAttribute method)
30
46 Index
PyMISP Documentation Release main
from_json() (pymispMISPObjectReference method)31
from_json() (pymispMISPOrganisation method) 34from_json() (pymispMISPTag method) 32from_json() (pymispMISPUser method) 33from_json() (pymisptoolsFileObject method) 37from_json() (pymisptoolsVTReportObject method)
39
Ggalaxies() (pymispPyMISP method) 12generate_attributes() (pymisptoolsFileObject
method) 37generate_attributes()
(pymisptoolsVTReportObject method)39
get() (pymispMISPAttribute method) 27get() (pymispMISPEvent method) 25get() (pymispMISPObject method) 28get() (pymispMISPObjectAttribute method) 30get() (pymispMISPObjectReference method) 31get() (pymispMISPOrganisation method) 34get() (pymispMISPTag method) 32get() (pymispMISPUser method) 33get() (pymisptoolsFileObject method) 37get() (pymisptoolsVTReportObject method) 39get_all_functions() (pymispPyMISP method)
13get_attribute() (pymispPyMISP method) 13get_attribute_tag() (pymispMISPEvent
method) 25get_attributes_by_relation()
(pymispMISPObject method) 28get_attributes_by_relation()
(pymisptoolsFileObject method) 37get_attributes_by_relation()
(pymisptoolsVTReportObject method)39
get_community() (pymispPyMISP method) 13get_event() (pymispPyMISP method) 13get_feed() (pymispPyMISP method) 13get_galaxy() (pymispPyMISP method) 13get_noticelist() (pymispPyMISP method) 13get_object() (pymispPyMISP method) 13get_object_by_id() (pymispMISPEvent method)
25get_object_by_uuid() (pymispMISPEvent
method) 25get_object_template() (pymispPyMISP
method) 13get_objects_by_name() (pymispMISPEvent
method) 25get_organisation() (pymispPyMISP method) 13get_sync_config() (pymispPyMISP method) 13
get_tag() (pymispPyMISP method) 13get_taxonomy() (pymispPyMISP method) 13get_user() (pymispPyMISP method) 13get_user_setting() (pymispPyMISP method) 14get_warninglist() (pymispPyMISP method) 14
Hhas_attributes_by_relation()
(pymispMISPObject method) 28has_attributes_by_relation()
(pymisptoolsFileObject method) 37has_attributes_by_relation()
(pymisptoolsVTReportObject method)39
hash_values() (pymispMISPAttribute method) 27hash_values() (pymispMISPObjectAttribute
method) 30
Iimport_server() (pymispPyMISP method) 14items() (pymispMISPAttribute method) 27items() (pymispMISPEvent method) 25items() (pymispMISPObject method) 29items() (pymispMISPObjectAttribute method) 30items() (pymispMISPObjectReference method) 31items() (pymispMISPOrganisation method) 34items() (pymispMISPTag method) 32items() (pymispMISPUser method) 33items() (pymisptoolsFileObject method) 38items() (pymisptoolsVTReportObject method) 39
Jjsonable() (pymispAbstractMISP method) 23jsonable() (pymispMISPAttribute method) 27jsonable() (pymispMISPEvent method) 25jsonable() (pymispMISPObject method) 29jsonable() (pymispMISPObjectAttribute method)
30jsonable() (pymispMISPObjectReference method)
31jsonable() (pymispMISPOrganisation method) 34jsonable() (pymispMISPTag method) 32jsonable() (pymispMISPUser method) 33jsonable() (pymisptoolsFileObject method) 38jsonable() (pymisptoolsVTReportObject method)
39
Kkeys() (pymispMISPAttribute method) 27keys() (pymispMISPEvent method) 25keys() (pymispMISPObject method) 29keys() (pymispMISPObjectAttribute method) 30keys() (pymispMISPObjectReference method) 31keys() (pymispMISPOrganisation method) 34
Index 47
PyMISP Documentation Release main
keys() (pymispMISPTag method) 32keys() (pymispMISPUser method) 33keys() (pymisptoolsFileObject method) 38keys() (pymisptoolsVTReportObject method) 39known_types() (pymispMISPAttribute property) 27known_types() (pymispMISPObjectAttribute prop-
erty) 30
Lload() (pymispMISPEvent method) 25load_default_feeds() (pymispPyMISP method)
14load_file() (pymispMISPEvent method) 25load_openioc() (pymisptools method) 40load_openioc_file() (pymisptools method) 40load_stix() (in module pymisptoolsstix) 40
Mmake_stix_package() (in module
pymisptoolsstix) 40malware_binary() (pymispMISPAttribute prop-
erty) 27malware_binary() (pymispMISPObjectAttribute
property) 30misp_instance_version() (pymispPyMISP
property) 14misp_instance_version_master()
(pymispPyMISP property) 14MISPAttribute (class in pymisp) 26MISPEncode (class in pymisp) 24MISPEvent (class in pymisp) 24MISPObject (class in pymisp) 28MISPObjectAttribute (class in pymisp) 29MISPObjectReference (class in pymisp) 31MISPOrganisation (class in pymisp) 34MISPTag (class in pymisp) 32MISPUser (class in pymisp) 33module
pymisp 7pymisptools 37pymisptoolsstix 40
Nnoticelists() (pymispPyMISP method) 14
Oobject_templates() (pymispPyMISP method) 14organisation_blacklists() (pymispPyMISP
method) 14organisations() (pymispPyMISP method) 14
Ppop() (pymispMISPAttribute method) 27
pop() (pymispMISPEvent method) 25pop() (pymispMISPObject method) 29pop() (pymispMISPObjectAttribute method) 30pop() (pymispMISPObjectReference method) 31pop() (pymispMISPOrganisation method) 34pop() (pymispMISPTag method) 32pop() (pymispMISPUser method) 33pop() (pymisptoolsFileObject method) 38pop() (pymisptoolsVTReportObject method) 39popitem() (pymispMISPAttribute method) 27popitem() (pymispMISPEvent method) 25popitem() (pymispMISPObject method) 29popitem() (pymispMISPObjectAttribute method) 30popitem() (pymispMISPObjectReference method) 31popitem() (pymispMISPOrganisation method) 34popitem() (pymispMISPTag method) 32popitem() (pymispMISPUser method) 33popitem() (pymisptoolsFileObject method) 38popitem() (pymisptoolsVTReportObject method) 39publish() (pymispMISPEvent method) 25publish() (pymispPyMISP method) 14push_event_to_ZMQ() (pymispPyMISP method)
14pymisp
module 7PyMISP (class in pymisp) 7pymisptools
module 37pymisptoolsstix
module 40pymisp_version_main() (pymispPyMISP prop-
erty) 15
Rrecommended_pymisp_version()
(pymispPyMISP property) 15remote_acl() (pymispPyMISP method) 15remove_org_from_sharing_group()
(pymispPyMISP method) 15remove_server_from_sharing_group()
(pymispPyMISP method) 15roles() (pymispPyMISP method) 15
Ssearch() (pymispPyMISP method) 15search_feeds() (pymispPyMISP method) 17search_index() (pymispPyMISP method) 18search_logs() (pymispPyMISP method) 18search_sightings() (pymispPyMISP method) 19server_pull() (pymispPyMISP method) 20server_push() (pymispPyMISP method) 20servers() (pymispPyMISP method) 20set_date() (pymispMISPEvent method) 25
48 Index
PyMISP Documentation Release main
set_not_jsonable() (pymispAbstractMISPmethod) 23
set_not_jsonable() (pymispMISPAttributemethod) 27
set_not_jsonable() (pymispMISPEvent method)25
set_not_jsonable() (pymispMISPObjectmethod) 29
set_not_jsonable() (pymispMISPObjectAttributemethod) 30
set_not_jsonable()(pymispMISPObjectReference method)31
set_not_jsonable() (pymispMISPOrganisationmethod) 35
set_not_jsonable() (pymispMISPTag method)32
set_not_jsonable() (pymispMISPUser method)33
set_not_jsonable() (pymisptoolsFileObjectmethod) 38
set_not_jsonable()(pymisptoolsVTReportObject method)39
set_user_setting() (pymispPyMISP method) 20setdefault() (pymispMISPAttribute method) 27setdefault() (pymispMISPEvent method) 25setdefault() (pymispMISPObject method) 29setdefault() (pymispMISPObjectAttribute
method) 30setdefault() (pymispMISPObjectReference
method) 31setdefault() (pymispMISPOrganisation method)
35setdefault() (pymispMISPTag method) 33setdefault() (pymispMISPUser method) 34setdefault() (pymisptoolsFileObject method) 38setdefault() (pymisptoolsVTReportObject
method) 40sharing_groups() (pymispPyMISP method) 20sightings() (pymispPyMISP method) 20
Ttag() (pymispPyMISP method) 20tags() (pymispMISPAttribute property) 27tags() (pymispMISPEvent property) 26tags() (pymispMISPObjectAttribute property) 30tags() (pymispPyMISP method) 20tags_statistics() (pymispPyMISP method) 20taxonomies() (pymispPyMISP method) 20to_dict() (pymispAbstractMISP method) 23to_dict() (pymispMISPAttribute method) 27to_dict() (pymispMISPEvent method) 26to_dict() (pymispMISPObject method) 29
to_dict() (pymispMISPObjectAttribute method) 30to_dict() (pymispMISPObjectReference method) 32to_dict() (pymispMISPOrganisation method) 35to_dict() (pymispMISPTag method) 33to_dict() (pymispMISPUser method) 34to_dict() (pymisptoolsFileObject method) 38to_dict() (pymisptoolsVTReportObject method) 40to_feed() (pymispMISPEvent method) 26to_json() (pymispAbstractMISP method) 23to_json() (pymispMISPAttribute method) 27to_json() (pymispMISPEvent method) 26to_json() (pymispMISPObject method) 29to_json() (pymispMISPObjectAttribute method) 31to_json() (pymispMISPObjectReference method) 32to_json() (pymispMISPOrganisation method) 35to_json() (pymispMISPTag method) 33to_json() (pymispMISPUser method) 34to_json() (pymisptoolsFileObject method) 38to_json() (pymisptoolsVTReportObject method) 40toggle_warninglist() (pymispPyMISP method)
20
Uunpublish() (pymispMISPEvent method) 26untag() (pymispPyMISP method) 21update() (pymispMISPAttribute method) 28update() (pymispMISPEvent method) 26update() (pymispMISPObject method) 29update() (pymispMISPObjectAttribute method) 31update() (pymispMISPObjectReference method) 32update() (pymispMISPOrganisation method) 35update() (pymispMISPTag method) 33update() (pymispMISPUser method) 34update() (pymisptoolsFileObject method) 38update() (pymisptoolsVTReportObject method) 40update_attribute() (pymispPyMISP method) 21update_attribute_proposal()
(pymispPyMISP method) 21update_event() (pymispPyMISP method) 21update_event_blacklist() (pymispPyMISP
method) 21update_feed() (pymispPyMISP method) 21update_galaxies() (pymispPyMISP method) 21update_not_jsonable() (pymispAbstractMISP
method) 23update_not_jsonable() (pymispMISPAttribute
method) 28update_not_jsonable() (pymispMISPEvent
method) 26update_not_jsonable() (pymispMISPObject
method) 29update_not_jsonable()
(pymispMISPObjectAttribute method) 31
Index 49
PyMISP Documentation Release main
update_not_jsonable()(pymispMISPObjectReference method)32
update_not_jsonable()(pymispMISPOrganisation method) 35
update_not_jsonable() (pymispMISPTagmethod) 33
update_not_jsonable() (pymispMISPUsermethod) 34
update_not_jsonable() (pymisptoolsFileObjectmethod) 38
update_not_jsonable()(pymisptoolsVTReportObject method)40
update_noticelists() (pymispPyMISP method)21
update_object() (pymispPyMISP method) 21update_object_templates() (pymispPyMISP
method) 21update_organisation() (pymispPyMISP
method) 21update_organisation_blacklist()
(pymispPyMISP method) 21update_server() (pymispPyMISP method) 22update_tag() (pymispPyMISP method) 22update_taxonomies() (pymispPyMISP method)
22update_user() (pymispPyMISP method) 22update_warninglists() (pymispPyMISP
method) 22upload_stix() (pymispPyMISP method) 22user_registrations() (pymispPyMISP method)
22user_settings() (pymispPyMISP method) 22users() (pymispPyMISP method) 22users_statistics() (pymispPyMISP method) 22
Vvalues() (pymispMISPAttribute method) 28values() (pymispMISPEvent method) 26values() (pymispMISPObject method) 29values() (pymispMISPObjectAttribute method) 31values() (pymispMISPObjectReference method) 32values() (pymispMISPOrganisation method) 35values() (pymispMISPTag method) 33values() (pymispMISPUser method) 34values() (pymisptoolsFileObject method) 38values() (pymisptoolsVTReportObject method) 40values_in_warninglist() (pymispPyMISP
method) 22version() (pymispPyMISP property) 22VTReportObject (class in pymisptools) 38
Wwarninglists() (pymispPyMISP method) 22
50 Index
- README
- pymisp
- PyMISP
- PyMISPExpanded (Python 36+ only)
- MISPAbstract
- MISPEncode
- MISPEvent
- MISPAttribute
- MISPObject
- MISPObjectAttribute
- MISPObjectReference
- MISPTag
- MISPUser
- MISPOrganisation
- pymisp - Tools
- File Object
- ELF Object
- PE Object
- Mach-O Object
- VT Report Object
- STIX
- OpenIOC
- Indices and tables
- Python Module Index
- Index
PyMISP Documentation Release main
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
32 ELF Object
33 PE Object
34 Mach-O Object
35 VT Report Object
class pymisptoolsVTReportObject(apikey indicator vt_proxies=None kwargs)VirusTotal Report
Apikey VirusTotal API key (private works but only public features are supported right now)
38 Chapter 3 pymisp - Tools
PyMISP Documentation Release main
Indicator IOC to search VirusTotal for
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Parse the VirusTotal report for relevant attributes
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
35 VT Report Object 39
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
36 STIX
pymisptoolsstixload_stix(stix distribution=3 threat_level_id=2 analysis=0)Returns a MISPEvent object from a STIX package
pymisptoolsstixmake_stix_package(misp_event to_json=False to_xml=False)Returns a STIXPackage from a MISPEvent
Optionally can return the package in json or xml
37 OpenIOC
toolsload_openioc()
toolsload_openioc_file()
40 Chapter 3 pymisp - Tools
CHAPTER
FOUR
INDICES AND TABLES
bull genindex
bull modindex
bull search
41
PyMISP Documentation Release main
42 Chapter 4 Indices and tables
PYTHON MODULE INDEX
ppymisp 7pymisptools 37pymisptoolsstix 40
43
PyMISP Documentation Release main
44 Python Module Index
INDEX
AAbstractMISP (class in pymisp) 23accept_attribute_proposal()
(pymispPyMISP method) 7add_attribute() (pymispMISPEvent method) 24add_attribute() (pymispMISPObject method) 28add_attribute() (pymispPyMISP method) 7add_attribute() (pymisptoolsFileObject method)
37add_attribute() (pymisptoolsVTReportObject
method) 39add_attribute_proposal() (pymispPyMISP
method) 7add_attribute_tag() (pymispMISPEvent
method) 24add_attributes() (pymispMISPObject method)
28add_attributes() (pymisptoolsFileObject
method) 37add_attributes() (pymisptoolsVTReportObject
method) 39add_event() (pymispPyMISP method) 7add_event_blacklist() (pymispPyMISP
method) 8add_feed() (pymispPyMISP method) 8add_object() (pymispMISPEvent method) 24add_object() (pymispPyMISP method) 8add_object_reference() (pymispPyMISP
method) 8add_org_to_sharing_group() (pymispPyMISP
method) 8add_organisation() (pymispPyMISP method) 8add_organisation_blacklist()
(pymispPyMISP method) 8add_proposal() (pymispMISPAttribute method) 26add_proposal() (pymispMISPEvent method) 24add_proposal() (pymispMISPObjectAttribute
method) 29add_reference() (pymispMISPObject method) 28add_reference() (pymisptoolsFileObject method)
37add_reference() (pymisptoolsVTReportObject
method) 39add_server() (pymispPyMISP method) 8add_server_to_sharing_group()
(pymispPyMISP method) 8add_shadow_attribute() (pymispMISPAttribute
method) 26add_shadow_attribute() (pymispMISPEvent
method) 24add_shadow_attribute()
(pymispMISPObjectAttribute method) 29add_sharing_group() (pymispPyMISP method) 8add_sighting() (pymispMISPAttribute method) 26add_sighting() (pymispMISPObjectAttribute
method) 29add_sighting() (pymispPyMISP method) 8add_tag() (pymispPyMISP method) 8add_user() (pymispPyMISP method) 9attributes_statistics() (pymispPyMISP
method) 9
Bbuild_complex_query() (pymispPyMISP
method) 9
Ccache_all_feeds() (pymispPyMISP method) 9cache_feed() (pymispPyMISP method) 9cache_freetext_feeds() (pymispPyMISP
method) 9cache_misp_feeds() (pymispPyMISP method) 9change_sharing_group_on_entity()
(pymispPyMISP method) 9change_user_password() (pymispPyMISP
method) 9clear() (pymispMISPAttribute method) 26clear() (pymispMISPEvent method) 24clear() (pymispMISPObject method) 28clear() (pymispMISPObjectAttribute method) 29clear() (pymispMISPObjectReference method) 31clear() (pymispMISPOrganisation method) 34clear() (pymispMISPTag method) 32clear() (pymispMISPUser method) 33
45
PyMISP Documentation Release main
clear() (pymisptoolsFileObject method) 37clear() (pymisptoolsVTReportObject method) 39communities() (pymispPyMISP method) 9compare_feeds() (pymispPyMISP method) 9contact_event_reporter() (pymispPyMISP
method) 9
Ddefault() (pymispMISPEncode method) 24delegate_event() (pymispPyMISP method) 10delete() (pymispMISPAttribute method) 26delete() (pymispMISPObjectAttribute method) 30delete_attribute() (pymispMISPEvent method)
24delete_attribute() (pymispPyMISP method) 10delete_attribute_proposal()
(pymispPyMISP method) 10delete_event() (pymispPyMISP method) 10delete_event_blacklist() (pymispPyMISP
method) 10delete_feed() (pymispPyMISP method) 10delete_object() (pymispPyMISP method) 10delete_object_reference() (pymispPyMISP
method) 10delete_organisation() (pymispPyMISP
method) 10delete_organisation_blacklist()
(pymispPyMISP method) 10delete_server() (pymispPyMISP method) 10delete_sharing_group() (pymispPyMISP
method) 10delete_sighting() (pymispPyMISP method) 10delete_tag() (pymispPyMISP method) 11delete_user() (pymispPyMISP method) 11delete_user_setting() (pymispPyMISP
method) 11describe_types_local() (pymispPyMISP prop-
erty) 11describe_types_remote() (pymispPyMISP
property) 11direct_call() (pymispPyMISP method) 11disable_feed() (pymispPyMISP method) 11disable_feed_cache() (pymispPyMISP method)
11disable_noticelist() (pymispPyMISP method)
11disable_tag() (pymispPyMISP method) 11disable_taxonomy() (pymispPyMISP method) 11disable_taxonomy_tags() (pymispPyMISP
method) 11disable_warninglist() (pymispPyMISP
method) 11discard_attribute_proposal()
(pymispPyMISP method) 12
Eedited() (pymispAbstractMISP property) 23edited() (pymispMISPAttribute property) 26edited() (pymispMISPEvent property) 24edited() (pymispMISPObject property) 28edited() (pymispMISPObjectAttribute property) 30edited() (pymispMISPObjectReference property) 31edited() (pymispMISPOrganisation property) 34edited() (pymispMISPTag property) 32edited() (pymispMISPUser property) 33edited() (pymisptoolsFileObject property) 37edited() (pymisptoolsVTReportObject property) 39enable_feed() (pymispPyMISP method) 12enable_feed_cache() (pymispPyMISP method)
12enable_noticelist() (pymispPyMISP method)
12enable_tag() (pymispPyMISP method) 12enable_taxonomy() (pymispPyMISP method) 12enable_taxonomy_tags() (pymispPyMISP
method) 12enable_warninglist() (pymispPyMISP method)
12event_blacklists() (pymispPyMISP method) 12event_delegations() (pymispPyMISP method)
12ExpandedPyMISP (in module pymisp) 23
Ffeeds() (pymispPyMISP method) 12fetch_feed() (pymispPyMISP method) 12FileObject (class in pymisptools) 37freetext() (pymispPyMISP method) 12from_dict() (pymispAbstractMISP method) 23from_dict() (pymispMISPAttribute method) 27from_dict() (pymispMISPEvent method) 25from_dict() (pymispMISPObject method) 28from_dict() (pymispMISPObjectAttribute method)
30from_dict() (pymispMISPObjectReference method)
31from_dict() (pymispMISPOrganisation method) 34from_dict() (pymispMISPTag method) 32from_dict() (pymispMISPUser method) 33from_dict() (pymisptoolsFileObject method) 37from_dict() (pymisptoolsVTReportObject method)
39from_json() (pymispAbstractMISP method) 23from_json() (pymispMISPAttribute method) 27from_json() (pymispMISPEvent method) 25from_json() (pymispMISPObject method) 28from_json() (pymispMISPObjectAttribute method)
30
46 Index
PyMISP Documentation Release main
from_json() (pymispMISPObjectReference method)31
from_json() (pymispMISPOrganisation method) 34from_json() (pymispMISPTag method) 32from_json() (pymispMISPUser method) 33from_json() (pymisptoolsFileObject method) 37from_json() (pymisptoolsVTReportObject method)
39
Ggalaxies() (pymispPyMISP method) 12generate_attributes() (pymisptoolsFileObject
method) 37generate_attributes()
(pymisptoolsVTReportObject method)39
get() (pymispMISPAttribute method) 27get() (pymispMISPEvent method) 25get() (pymispMISPObject method) 28get() (pymispMISPObjectAttribute method) 30get() (pymispMISPObjectReference method) 31get() (pymispMISPOrganisation method) 34get() (pymispMISPTag method) 32get() (pymispMISPUser method) 33get() (pymisptoolsFileObject method) 37get() (pymisptoolsVTReportObject method) 39get_all_functions() (pymispPyMISP method)
13get_attribute() (pymispPyMISP method) 13get_attribute_tag() (pymispMISPEvent
method) 25get_attributes_by_relation()
(pymispMISPObject method) 28get_attributes_by_relation()
(pymisptoolsFileObject method) 37get_attributes_by_relation()
(pymisptoolsVTReportObject method)39
get_community() (pymispPyMISP method) 13get_event() (pymispPyMISP method) 13get_feed() (pymispPyMISP method) 13get_galaxy() (pymispPyMISP method) 13get_noticelist() (pymispPyMISP method) 13get_object() (pymispPyMISP method) 13get_object_by_id() (pymispMISPEvent method)
25get_object_by_uuid() (pymispMISPEvent
method) 25get_object_template() (pymispPyMISP
method) 13get_objects_by_name() (pymispMISPEvent
method) 25get_organisation() (pymispPyMISP method) 13get_sync_config() (pymispPyMISP method) 13
get_tag() (pymispPyMISP method) 13get_taxonomy() (pymispPyMISP method) 13get_user() (pymispPyMISP method) 13get_user_setting() (pymispPyMISP method) 14get_warninglist() (pymispPyMISP method) 14
Hhas_attributes_by_relation()
(pymispMISPObject method) 28has_attributes_by_relation()
(pymisptoolsFileObject method) 37has_attributes_by_relation()
(pymisptoolsVTReportObject method)39
hash_values() (pymispMISPAttribute method) 27hash_values() (pymispMISPObjectAttribute
method) 30
Iimport_server() (pymispPyMISP method) 14items() (pymispMISPAttribute method) 27items() (pymispMISPEvent method) 25items() (pymispMISPObject method) 29items() (pymispMISPObjectAttribute method) 30items() (pymispMISPObjectReference method) 31items() (pymispMISPOrganisation method) 34items() (pymispMISPTag method) 32items() (pymispMISPUser method) 33items() (pymisptoolsFileObject method) 38items() (pymisptoolsVTReportObject method) 39
Jjsonable() (pymispAbstractMISP method) 23jsonable() (pymispMISPAttribute method) 27jsonable() (pymispMISPEvent method) 25jsonable() (pymispMISPObject method) 29jsonable() (pymispMISPObjectAttribute method)
30jsonable() (pymispMISPObjectReference method)
31jsonable() (pymispMISPOrganisation method) 34jsonable() (pymispMISPTag method) 32jsonable() (pymispMISPUser method) 33jsonable() (pymisptoolsFileObject method) 38jsonable() (pymisptoolsVTReportObject method)
39
Kkeys() (pymispMISPAttribute method) 27keys() (pymispMISPEvent method) 25keys() (pymispMISPObject method) 29keys() (pymispMISPObjectAttribute method) 30keys() (pymispMISPObjectReference method) 31keys() (pymispMISPOrganisation method) 34
Index 47
PyMISP Documentation Release main
keys() (pymispMISPTag method) 32keys() (pymispMISPUser method) 33keys() (pymisptoolsFileObject method) 38keys() (pymisptoolsVTReportObject method) 39known_types() (pymispMISPAttribute property) 27known_types() (pymispMISPObjectAttribute prop-
erty) 30
Lload() (pymispMISPEvent method) 25load_default_feeds() (pymispPyMISP method)
14load_file() (pymispMISPEvent method) 25load_openioc() (pymisptools method) 40load_openioc_file() (pymisptools method) 40load_stix() (in module pymisptoolsstix) 40
Mmake_stix_package() (in module
pymisptoolsstix) 40malware_binary() (pymispMISPAttribute prop-
erty) 27malware_binary() (pymispMISPObjectAttribute
property) 30misp_instance_version() (pymispPyMISP
property) 14misp_instance_version_master()
(pymispPyMISP property) 14MISPAttribute (class in pymisp) 26MISPEncode (class in pymisp) 24MISPEvent (class in pymisp) 24MISPObject (class in pymisp) 28MISPObjectAttribute (class in pymisp) 29MISPObjectReference (class in pymisp) 31MISPOrganisation (class in pymisp) 34MISPTag (class in pymisp) 32MISPUser (class in pymisp) 33module
pymisp 7pymisptools 37pymisptoolsstix 40
Nnoticelists() (pymispPyMISP method) 14
Oobject_templates() (pymispPyMISP method) 14organisation_blacklists() (pymispPyMISP
method) 14organisations() (pymispPyMISP method) 14
Ppop() (pymispMISPAttribute method) 27
pop() (pymispMISPEvent method) 25pop() (pymispMISPObject method) 29pop() (pymispMISPObjectAttribute method) 30pop() (pymispMISPObjectReference method) 31pop() (pymispMISPOrganisation method) 34pop() (pymispMISPTag method) 32pop() (pymispMISPUser method) 33pop() (pymisptoolsFileObject method) 38pop() (pymisptoolsVTReportObject method) 39popitem() (pymispMISPAttribute method) 27popitem() (pymispMISPEvent method) 25popitem() (pymispMISPObject method) 29popitem() (pymispMISPObjectAttribute method) 30popitem() (pymispMISPObjectReference method) 31popitem() (pymispMISPOrganisation method) 34popitem() (pymispMISPTag method) 32popitem() (pymispMISPUser method) 33popitem() (pymisptoolsFileObject method) 38popitem() (pymisptoolsVTReportObject method) 39publish() (pymispMISPEvent method) 25publish() (pymispPyMISP method) 14push_event_to_ZMQ() (pymispPyMISP method)
14pymisp
module 7PyMISP (class in pymisp) 7pymisptools
module 37pymisptoolsstix
module 40pymisp_version_main() (pymispPyMISP prop-
erty) 15
Rrecommended_pymisp_version()
(pymispPyMISP property) 15remote_acl() (pymispPyMISP method) 15remove_org_from_sharing_group()
(pymispPyMISP method) 15remove_server_from_sharing_group()
(pymispPyMISP method) 15roles() (pymispPyMISP method) 15
Ssearch() (pymispPyMISP method) 15search_feeds() (pymispPyMISP method) 17search_index() (pymispPyMISP method) 18search_logs() (pymispPyMISP method) 18search_sightings() (pymispPyMISP method) 19server_pull() (pymispPyMISP method) 20server_push() (pymispPyMISP method) 20servers() (pymispPyMISP method) 20set_date() (pymispMISPEvent method) 25
48 Index
PyMISP Documentation Release main
set_not_jsonable() (pymispAbstractMISPmethod) 23
set_not_jsonable() (pymispMISPAttributemethod) 27
set_not_jsonable() (pymispMISPEvent method)25
set_not_jsonable() (pymispMISPObjectmethod) 29
set_not_jsonable() (pymispMISPObjectAttributemethod) 30
set_not_jsonable()(pymispMISPObjectReference method)31
set_not_jsonable() (pymispMISPOrganisationmethod) 35
set_not_jsonable() (pymispMISPTag method)32
set_not_jsonable() (pymispMISPUser method)33
set_not_jsonable() (pymisptoolsFileObjectmethod) 38
set_not_jsonable()(pymisptoolsVTReportObject method)39
set_user_setting() (pymispPyMISP method) 20setdefault() (pymispMISPAttribute method) 27setdefault() (pymispMISPEvent method) 25setdefault() (pymispMISPObject method) 29setdefault() (pymispMISPObjectAttribute
method) 30setdefault() (pymispMISPObjectReference
method) 31setdefault() (pymispMISPOrganisation method)
35setdefault() (pymispMISPTag method) 33setdefault() (pymispMISPUser method) 34setdefault() (pymisptoolsFileObject method) 38setdefault() (pymisptoolsVTReportObject
method) 40sharing_groups() (pymispPyMISP method) 20sightings() (pymispPyMISP method) 20
Ttag() (pymispPyMISP method) 20tags() (pymispMISPAttribute property) 27tags() (pymispMISPEvent property) 26tags() (pymispMISPObjectAttribute property) 30tags() (pymispPyMISP method) 20tags_statistics() (pymispPyMISP method) 20taxonomies() (pymispPyMISP method) 20to_dict() (pymispAbstractMISP method) 23to_dict() (pymispMISPAttribute method) 27to_dict() (pymispMISPEvent method) 26to_dict() (pymispMISPObject method) 29
to_dict() (pymispMISPObjectAttribute method) 30to_dict() (pymispMISPObjectReference method) 32to_dict() (pymispMISPOrganisation method) 35to_dict() (pymispMISPTag method) 33to_dict() (pymispMISPUser method) 34to_dict() (pymisptoolsFileObject method) 38to_dict() (pymisptoolsVTReportObject method) 40to_feed() (pymispMISPEvent method) 26to_json() (pymispAbstractMISP method) 23to_json() (pymispMISPAttribute method) 27to_json() (pymispMISPEvent method) 26to_json() (pymispMISPObject method) 29to_json() (pymispMISPObjectAttribute method) 31to_json() (pymispMISPObjectReference method) 32to_json() (pymispMISPOrganisation method) 35to_json() (pymispMISPTag method) 33to_json() (pymispMISPUser method) 34to_json() (pymisptoolsFileObject method) 38to_json() (pymisptoolsVTReportObject method) 40toggle_warninglist() (pymispPyMISP method)
20
Uunpublish() (pymispMISPEvent method) 26untag() (pymispPyMISP method) 21update() (pymispMISPAttribute method) 28update() (pymispMISPEvent method) 26update() (pymispMISPObject method) 29update() (pymispMISPObjectAttribute method) 31update() (pymispMISPObjectReference method) 32update() (pymispMISPOrganisation method) 35update() (pymispMISPTag method) 33update() (pymispMISPUser method) 34update() (pymisptoolsFileObject method) 38update() (pymisptoolsVTReportObject method) 40update_attribute() (pymispPyMISP method) 21update_attribute_proposal()
(pymispPyMISP method) 21update_event() (pymispPyMISP method) 21update_event_blacklist() (pymispPyMISP
method) 21update_feed() (pymispPyMISP method) 21update_galaxies() (pymispPyMISP method) 21update_not_jsonable() (pymispAbstractMISP
method) 23update_not_jsonable() (pymispMISPAttribute
method) 28update_not_jsonable() (pymispMISPEvent
method) 26update_not_jsonable() (pymispMISPObject
method) 29update_not_jsonable()
(pymispMISPObjectAttribute method) 31
Index 49
PyMISP Documentation Release main
update_not_jsonable()(pymispMISPObjectReference method)32
update_not_jsonable()(pymispMISPOrganisation method) 35
update_not_jsonable() (pymispMISPTagmethod) 33
update_not_jsonable() (pymispMISPUsermethod) 34
update_not_jsonable() (pymisptoolsFileObjectmethod) 38
update_not_jsonable()(pymisptoolsVTReportObject method)40
update_noticelists() (pymispPyMISP method)21
update_object() (pymispPyMISP method) 21update_object_templates() (pymispPyMISP
method) 21update_organisation() (pymispPyMISP
method) 21update_organisation_blacklist()
(pymispPyMISP method) 21update_server() (pymispPyMISP method) 22update_tag() (pymispPyMISP method) 22update_taxonomies() (pymispPyMISP method)
22update_user() (pymispPyMISP method) 22update_warninglists() (pymispPyMISP
method) 22upload_stix() (pymispPyMISP method) 22user_registrations() (pymispPyMISP method)
22user_settings() (pymispPyMISP method) 22users() (pymispPyMISP method) 22users_statistics() (pymispPyMISP method) 22
Vvalues() (pymispMISPAttribute method) 28values() (pymispMISPEvent method) 26values() (pymispMISPObject method) 29values() (pymispMISPObjectAttribute method) 31values() (pymispMISPObjectReference method) 32values() (pymispMISPOrganisation method) 35values() (pymispMISPTag method) 33values() (pymispMISPUser method) 34values() (pymisptoolsFileObject method) 38values() (pymisptoolsVTReportObject method) 40values_in_warninglist() (pymispPyMISP
method) 22version() (pymispPyMISP property) 22VTReportObject (class in pymisptools) 38
Wwarninglists() (pymispPyMISP method) 22
50 Index
- README
- pymisp
- PyMISP
- PyMISPExpanded (Python 36+ only)
- MISPAbstract
- MISPEncode
- MISPEvent
- MISPAttribute
- MISPObject
- MISPObjectAttribute
- MISPObjectReference
- MISPTag
- MISPUser
- MISPOrganisation
- pymisp - Tools
- File Object
- ELF Object
- PE Object
- Mach-O Object
- VT Report Object
- STIX
- OpenIOC
- Indices and tables
- Python Module Index
- Index
PyMISP Documentation Release main
Indicator IOC to search VirusTotal for
add_attribute(object_relation simple_value=None value)Add an attribute object_relation is required and the value key is a dictionary with all the keys supportedby MISPAttribute
Return type Optional[MISPAttribute]
add_attributes(object_relation attributes)Add multiple attributes with the same object_relation Helper for object_relation when multiple is True inthe template It is the same as calling multiple times add_attribute with the same object_relation
Return type List[Optional[MISPAttribute]]
add_reference(referenced_uuid relationship_type comment=None kwargs)Add a link (uuid) to an other object
Return type MISPObjectReference
clear()rarr None Remove all items from D
property editedRecursively check if an object has been edited and update the flag accordingly to the parent objects
Return type bool
from_dict(kwargs)Loading all the parameters as class properties if they arenrsquot None This method aims to be called when allthe properties requiring a special treatment are processed Note This method is used when you initializean object with existing data so by default the class is flaged as not edited
from_json(json_string)Load a JSON string
Return type None
generate_attributes()Parse the VirusTotal report for relevant attributes
get(k[ d ])rarr D[k] if k in D else d d defaults to None
get_attributes_by_relation(object_relation)Returns the list of attributes with the given object relation in the object
Return type List[MISPAttribute]
has_attributes_by_relation(list_of_relations)True if all the relations in the list are defined in the object
Return type bool
items()rarr a set-like object providing a view on Drsquos items
jsonable()This method is used by the JSON encoder
Return type Dict
keys()rarr a set-like object providing a view on Drsquos keys
pop(k[ d ])rarr v remove specified key and return the corresponding valueIf key is not found d is returned if given otherwise KeyError is raised
popitem()rarr (k v) remove and return some (key value) pairas a 2-tuple but raise KeyError if D is empty
35 VT Report Object 39
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
36 STIX
pymisptoolsstixload_stix(stix distribution=3 threat_level_id=2 analysis=0)Returns a MISPEvent object from a STIX package
pymisptoolsstixmake_stix_package(misp_event to_json=False to_xml=False)Returns a STIXPackage from a MISPEvent
Optionally can return the package in json or xml
37 OpenIOC
toolsload_openioc()
toolsload_openioc_file()
40 Chapter 3 pymisp - Tools
CHAPTER
FOUR
INDICES AND TABLES
bull genindex
bull modindex
bull search
41
PyMISP Documentation Release main
42 Chapter 4 Indices and tables
PYTHON MODULE INDEX
ppymisp 7pymisptools 37pymisptoolsstix 40
43
PyMISP Documentation Release main
44 Python Module Index
INDEX
AAbstractMISP (class in pymisp) 23accept_attribute_proposal()
(pymispPyMISP method) 7add_attribute() (pymispMISPEvent method) 24add_attribute() (pymispMISPObject method) 28add_attribute() (pymispPyMISP method) 7add_attribute() (pymisptoolsFileObject method)
37add_attribute() (pymisptoolsVTReportObject
method) 39add_attribute_proposal() (pymispPyMISP
method) 7add_attribute_tag() (pymispMISPEvent
method) 24add_attributes() (pymispMISPObject method)
28add_attributes() (pymisptoolsFileObject
method) 37add_attributes() (pymisptoolsVTReportObject
method) 39add_event() (pymispPyMISP method) 7add_event_blacklist() (pymispPyMISP
method) 8add_feed() (pymispPyMISP method) 8add_object() (pymispMISPEvent method) 24add_object() (pymispPyMISP method) 8add_object_reference() (pymispPyMISP
method) 8add_org_to_sharing_group() (pymispPyMISP
method) 8add_organisation() (pymispPyMISP method) 8add_organisation_blacklist()
(pymispPyMISP method) 8add_proposal() (pymispMISPAttribute method) 26add_proposal() (pymispMISPEvent method) 24add_proposal() (pymispMISPObjectAttribute
method) 29add_reference() (pymispMISPObject method) 28add_reference() (pymisptoolsFileObject method)
37add_reference() (pymisptoolsVTReportObject
method) 39add_server() (pymispPyMISP method) 8add_server_to_sharing_group()
(pymispPyMISP method) 8add_shadow_attribute() (pymispMISPAttribute
method) 26add_shadow_attribute() (pymispMISPEvent
method) 24add_shadow_attribute()
(pymispMISPObjectAttribute method) 29add_sharing_group() (pymispPyMISP method) 8add_sighting() (pymispMISPAttribute method) 26add_sighting() (pymispMISPObjectAttribute
method) 29add_sighting() (pymispPyMISP method) 8add_tag() (pymispPyMISP method) 8add_user() (pymispPyMISP method) 9attributes_statistics() (pymispPyMISP
method) 9
Bbuild_complex_query() (pymispPyMISP
method) 9
Ccache_all_feeds() (pymispPyMISP method) 9cache_feed() (pymispPyMISP method) 9cache_freetext_feeds() (pymispPyMISP
method) 9cache_misp_feeds() (pymispPyMISP method) 9change_sharing_group_on_entity()
(pymispPyMISP method) 9change_user_password() (pymispPyMISP
method) 9clear() (pymispMISPAttribute method) 26clear() (pymispMISPEvent method) 24clear() (pymispMISPObject method) 28clear() (pymispMISPObjectAttribute method) 29clear() (pymispMISPObjectReference method) 31clear() (pymispMISPOrganisation method) 34clear() (pymispMISPTag method) 32clear() (pymispMISPUser method) 33
45
PyMISP Documentation Release main
clear() (pymisptoolsFileObject method) 37clear() (pymisptoolsVTReportObject method) 39communities() (pymispPyMISP method) 9compare_feeds() (pymispPyMISP method) 9contact_event_reporter() (pymispPyMISP
method) 9
Ddefault() (pymispMISPEncode method) 24delegate_event() (pymispPyMISP method) 10delete() (pymispMISPAttribute method) 26delete() (pymispMISPObjectAttribute method) 30delete_attribute() (pymispMISPEvent method)
24delete_attribute() (pymispPyMISP method) 10delete_attribute_proposal()
(pymispPyMISP method) 10delete_event() (pymispPyMISP method) 10delete_event_blacklist() (pymispPyMISP
method) 10delete_feed() (pymispPyMISP method) 10delete_object() (pymispPyMISP method) 10delete_object_reference() (pymispPyMISP
method) 10delete_organisation() (pymispPyMISP
method) 10delete_organisation_blacklist()
(pymispPyMISP method) 10delete_server() (pymispPyMISP method) 10delete_sharing_group() (pymispPyMISP
method) 10delete_sighting() (pymispPyMISP method) 10delete_tag() (pymispPyMISP method) 11delete_user() (pymispPyMISP method) 11delete_user_setting() (pymispPyMISP
method) 11describe_types_local() (pymispPyMISP prop-
erty) 11describe_types_remote() (pymispPyMISP
property) 11direct_call() (pymispPyMISP method) 11disable_feed() (pymispPyMISP method) 11disable_feed_cache() (pymispPyMISP method)
11disable_noticelist() (pymispPyMISP method)
11disable_tag() (pymispPyMISP method) 11disable_taxonomy() (pymispPyMISP method) 11disable_taxonomy_tags() (pymispPyMISP
method) 11disable_warninglist() (pymispPyMISP
method) 11discard_attribute_proposal()
(pymispPyMISP method) 12
Eedited() (pymispAbstractMISP property) 23edited() (pymispMISPAttribute property) 26edited() (pymispMISPEvent property) 24edited() (pymispMISPObject property) 28edited() (pymispMISPObjectAttribute property) 30edited() (pymispMISPObjectReference property) 31edited() (pymispMISPOrganisation property) 34edited() (pymispMISPTag property) 32edited() (pymispMISPUser property) 33edited() (pymisptoolsFileObject property) 37edited() (pymisptoolsVTReportObject property) 39enable_feed() (pymispPyMISP method) 12enable_feed_cache() (pymispPyMISP method)
12enable_noticelist() (pymispPyMISP method)
12enable_tag() (pymispPyMISP method) 12enable_taxonomy() (pymispPyMISP method) 12enable_taxonomy_tags() (pymispPyMISP
method) 12enable_warninglist() (pymispPyMISP method)
12event_blacklists() (pymispPyMISP method) 12event_delegations() (pymispPyMISP method)
12ExpandedPyMISP (in module pymisp) 23
Ffeeds() (pymispPyMISP method) 12fetch_feed() (pymispPyMISP method) 12FileObject (class in pymisptools) 37freetext() (pymispPyMISP method) 12from_dict() (pymispAbstractMISP method) 23from_dict() (pymispMISPAttribute method) 27from_dict() (pymispMISPEvent method) 25from_dict() (pymispMISPObject method) 28from_dict() (pymispMISPObjectAttribute method)
30from_dict() (pymispMISPObjectReference method)
31from_dict() (pymispMISPOrganisation method) 34from_dict() (pymispMISPTag method) 32from_dict() (pymispMISPUser method) 33from_dict() (pymisptoolsFileObject method) 37from_dict() (pymisptoolsVTReportObject method)
39from_json() (pymispAbstractMISP method) 23from_json() (pymispMISPAttribute method) 27from_json() (pymispMISPEvent method) 25from_json() (pymispMISPObject method) 28from_json() (pymispMISPObjectAttribute method)
30
46 Index
PyMISP Documentation Release main
from_json() (pymispMISPObjectReference method)31
from_json() (pymispMISPOrganisation method) 34from_json() (pymispMISPTag method) 32from_json() (pymispMISPUser method) 33from_json() (pymisptoolsFileObject method) 37from_json() (pymisptoolsVTReportObject method)
39
Ggalaxies() (pymispPyMISP method) 12generate_attributes() (pymisptoolsFileObject
method) 37generate_attributes()
(pymisptoolsVTReportObject method)39
get() (pymispMISPAttribute method) 27get() (pymispMISPEvent method) 25get() (pymispMISPObject method) 28get() (pymispMISPObjectAttribute method) 30get() (pymispMISPObjectReference method) 31get() (pymispMISPOrganisation method) 34get() (pymispMISPTag method) 32get() (pymispMISPUser method) 33get() (pymisptoolsFileObject method) 37get() (pymisptoolsVTReportObject method) 39get_all_functions() (pymispPyMISP method)
13get_attribute() (pymispPyMISP method) 13get_attribute_tag() (pymispMISPEvent
method) 25get_attributes_by_relation()
(pymispMISPObject method) 28get_attributes_by_relation()
(pymisptoolsFileObject method) 37get_attributes_by_relation()
(pymisptoolsVTReportObject method)39
get_community() (pymispPyMISP method) 13get_event() (pymispPyMISP method) 13get_feed() (pymispPyMISP method) 13get_galaxy() (pymispPyMISP method) 13get_noticelist() (pymispPyMISP method) 13get_object() (pymispPyMISP method) 13get_object_by_id() (pymispMISPEvent method)
25get_object_by_uuid() (pymispMISPEvent
method) 25get_object_template() (pymispPyMISP
method) 13get_objects_by_name() (pymispMISPEvent
method) 25get_organisation() (pymispPyMISP method) 13get_sync_config() (pymispPyMISP method) 13
get_tag() (pymispPyMISP method) 13get_taxonomy() (pymispPyMISP method) 13get_user() (pymispPyMISP method) 13get_user_setting() (pymispPyMISP method) 14get_warninglist() (pymispPyMISP method) 14
Hhas_attributes_by_relation()
(pymispMISPObject method) 28has_attributes_by_relation()
(pymisptoolsFileObject method) 37has_attributes_by_relation()
(pymisptoolsVTReportObject method)39
hash_values() (pymispMISPAttribute method) 27hash_values() (pymispMISPObjectAttribute
method) 30
Iimport_server() (pymispPyMISP method) 14items() (pymispMISPAttribute method) 27items() (pymispMISPEvent method) 25items() (pymispMISPObject method) 29items() (pymispMISPObjectAttribute method) 30items() (pymispMISPObjectReference method) 31items() (pymispMISPOrganisation method) 34items() (pymispMISPTag method) 32items() (pymispMISPUser method) 33items() (pymisptoolsFileObject method) 38items() (pymisptoolsVTReportObject method) 39
Jjsonable() (pymispAbstractMISP method) 23jsonable() (pymispMISPAttribute method) 27jsonable() (pymispMISPEvent method) 25jsonable() (pymispMISPObject method) 29jsonable() (pymispMISPObjectAttribute method)
30jsonable() (pymispMISPObjectReference method)
31jsonable() (pymispMISPOrganisation method) 34jsonable() (pymispMISPTag method) 32jsonable() (pymispMISPUser method) 33jsonable() (pymisptoolsFileObject method) 38jsonable() (pymisptoolsVTReportObject method)
39
Kkeys() (pymispMISPAttribute method) 27keys() (pymispMISPEvent method) 25keys() (pymispMISPObject method) 29keys() (pymispMISPObjectAttribute method) 30keys() (pymispMISPObjectReference method) 31keys() (pymispMISPOrganisation method) 34
Index 47
PyMISP Documentation Release main
keys() (pymispMISPTag method) 32keys() (pymispMISPUser method) 33keys() (pymisptoolsFileObject method) 38keys() (pymisptoolsVTReportObject method) 39known_types() (pymispMISPAttribute property) 27known_types() (pymispMISPObjectAttribute prop-
erty) 30
Lload() (pymispMISPEvent method) 25load_default_feeds() (pymispPyMISP method)
14load_file() (pymispMISPEvent method) 25load_openioc() (pymisptools method) 40load_openioc_file() (pymisptools method) 40load_stix() (in module pymisptoolsstix) 40
Mmake_stix_package() (in module
pymisptoolsstix) 40malware_binary() (pymispMISPAttribute prop-
erty) 27malware_binary() (pymispMISPObjectAttribute
property) 30misp_instance_version() (pymispPyMISP
property) 14misp_instance_version_master()
(pymispPyMISP property) 14MISPAttribute (class in pymisp) 26MISPEncode (class in pymisp) 24MISPEvent (class in pymisp) 24MISPObject (class in pymisp) 28MISPObjectAttribute (class in pymisp) 29MISPObjectReference (class in pymisp) 31MISPOrganisation (class in pymisp) 34MISPTag (class in pymisp) 32MISPUser (class in pymisp) 33module
pymisp 7pymisptools 37pymisptoolsstix 40
Nnoticelists() (pymispPyMISP method) 14
Oobject_templates() (pymispPyMISP method) 14organisation_blacklists() (pymispPyMISP
method) 14organisations() (pymispPyMISP method) 14
Ppop() (pymispMISPAttribute method) 27
pop() (pymispMISPEvent method) 25pop() (pymispMISPObject method) 29pop() (pymispMISPObjectAttribute method) 30pop() (pymispMISPObjectReference method) 31pop() (pymispMISPOrganisation method) 34pop() (pymispMISPTag method) 32pop() (pymispMISPUser method) 33pop() (pymisptoolsFileObject method) 38pop() (pymisptoolsVTReportObject method) 39popitem() (pymispMISPAttribute method) 27popitem() (pymispMISPEvent method) 25popitem() (pymispMISPObject method) 29popitem() (pymispMISPObjectAttribute method) 30popitem() (pymispMISPObjectReference method) 31popitem() (pymispMISPOrganisation method) 34popitem() (pymispMISPTag method) 32popitem() (pymispMISPUser method) 33popitem() (pymisptoolsFileObject method) 38popitem() (pymisptoolsVTReportObject method) 39publish() (pymispMISPEvent method) 25publish() (pymispPyMISP method) 14push_event_to_ZMQ() (pymispPyMISP method)
14pymisp
module 7PyMISP (class in pymisp) 7pymisptools
module 37pymisptoolsstix
module 40pymisp_version_main() (pymispPyMISP prop-
erty) 15
Rrecommended_pymisp_version()
(pymispPyMISP property) 15remote_acl() (pymispPyMISP method) 15remove_org_from_sharing_group()
(pymispPyMISP method) 15remove_server_from_sharing_group()
(pymispPyMISP method) 15roles() (pymispPyMISP method) 15
Ssearch() (pymispPyMISP method) 15search_feeds() (pymispPyMISP method) 17search_index() (pymispPyMISP method) 18search_logs() (pymispPyMISP method) 18search_sightings() (pymispPyMISP method) 19server_pull() (pymispPyMISP method) 20server_push() (pymispPyMISP method) 20servers() (pymispPyMISP method) 20set_date() (pymispMISPEvent method) 25
48 Index
PyMISP Documentation Release main
set_not_jsonable() (pymispAbstractMISPmethod) 23
set_not_jsonable() (pymispMISPAttributemethod) 27
set_not_jsonable() (pymispMISPEvent method)25
set_not_jsonable() (pymispMISPObjectmethod) 29
set_not_jsonable() (pymispMISPObjectAttributemethod) 30
set_not_jsonable()(pymispMISPObjectReference method)31
set_not_jsonable() (pymispMISPOrganisationmethod) 35
set_not_jsonable() (pymispMISPTag method)32
set_not_jsonable() (pymispMISPUser method)33
set_not_jsonable() (pymisptoolsFileObjectmethod) 38
set_not_jsonable()(pymisptoolsVTReportObject method)39
set_user_setting() (pymispPyMISP method) 20setdefault() (pymispMISPAttribute method) 27setdefault() (pymispMISPEvent method) 25setdefault() (pymispMISPObject method) 29setdefault() (pymispMISPObjectAttribute
method) 30setdefault() (pymispMISPObjectReference
method) 31setdefault() (pymispMISPOrganisation method)
35setdefault() (pymispMISPTag method) 33setdefault() (pymispMISPUser method) 34setdefault() (pymisptoolsFileObject method) 38setdefault() (pymisptoolsVTReportObject
method) 40sharing_groups() (pymispPyMISP method) 20sightings() (pymispPyMISP method) 20
Ttag() (pymispPyMISP method) 20tags() (pymispMISPAttribute property) 27tags() (pymispMISPEvent property) 26tags() (pymispMISPObjectAttribute property) 30tags() (pymispPyMISP method) 20tags_statistics() (pymispPyMISP method) 20taxonomies() (pymispPyMISP method) 20to_dict() (pymispAbstractMISP method) 23to_dict() (pymispMISPAttribute method) 27to_dict() (pymispMISPEvent method) 26to_dict() (pymispMISPObject method) 29
to_dict() (pymispMISPObjectAttribute method) 30to_dict() (pymispMISPObjectReference method) 32to_dict() (pymispMISPOrganisation method) 35to_dict() (pymispMISPTag method) 33to_dict() (pymispMISPUser method) 34to_dict() (pymisptoolsFileObject method) 38to_dict() (pymisptoolsVTReportObject method) 40to_feed() (pymispMISPEvent method) 26to_json() (pymispAbstractMISP method) 23to_json() (pymispMISPAttribute method) 27to_json() (pymispMISPEvent method) 26to_json() (pymispMISPObject method) 29to_json() (pymispMISPObjectAttribute method) 31to_json() (pymispMISPObjectReference method) 32to_json() (pymispMISPOrganisation method) 35to_json() (pymispMISPTag method) 33to_json() (pymispMISPUser method) 34to_json() (pymisptoolsFileObject method) 38to_json() (pymisptoolsVTReportObject method) 40toggle_warninglist() (pymispPyMISP method)
20
Uunpublish() (pymispMISPEvent method) 26untag() (pymispPyMISP method) 21update() (pymispMISPAttribute method) 28update() (pymispMISPEvent method) 26update() (pymispMISPObject method) 29update() (pymispMISPObjectAttribute method) 31update() (pymispMISPObjectReference method) 32update() (pymispMISPOrganisation method) 35update() (pymispMISPTag method) 33update() (pymispMISPUser method) 34update() (pymisptoolsFileObject method) 38update() (pymisptoolsVTReportObject method) 40update_attribute() (pymispPyMISP method) 21update_attribute_proposal()
(pymispPyMISP method) 21update_event() (pymispPyMISP method) 21update_event_blacklist() (pymispPyMISP
method) 21update_feed() (pymispPyMISP method) 21update_galaxies() (pymispPyMISP method) 21update_not_jsonable() (pymispAbstractMISP
method) 23update_not_jsonable() (pymispMISPAttribute
method) 28update_not_jsonable() (pymispMISPEvent
method) 26update_not_jsonable() (pymispMISPObject
method) 29update_not_jsonable()
(pymispMISPObjectAttribute method) 31
Index 49
PyMISP Documentation Release main
update_not_jsonable()(pymispMISPObjectReference method)32
update_not_jsonable()(pymispMISPOrganisation method) 35
update_not_jsonable() (pymispMISPTagmethod) 33
update_not_jsonable() (pymispMISPUsermethod) 34
update_not_jsonable() (pymisptoolsFileObjectmethod) 38
update_not_jsonable()(pymisptoolsVTReportObject method)40
update_noticelists() (pymispPyMISP method)21
update_object() (pymispPyMISP method) 21update_object_templates() (pymispPyMISP
method) 21update_organisation() (pymispPyMISP
method) 21update_organisation_blacklist()
(pymispPyMISP method) 21update_server() (pymispPyMISP method) 22update_tag() (pymispPyMISP method) 22update_taxonomies() (pymispPyMISP method)
22update_user() (pymispPyMISP method) 22update_warninglists() (pymispPyMISP
method) 22upload_stix() (pymispPyMISP method) 22user_registrations() (pymispPyMISP method)
22user_settings() (pymispPyMISP method) 22users() (pymispPyMISP method) 22users_statistics() (pymispPyMISP method) 22
Vvalues() (pymispMISPAttribute method) 28values() (pymispMISPEvent method) 26values() (pymispMISPObject method) 29values() (pymispMISPObjectAttribute method) 31values() (pymispMISPObjectReference method) 32values() (pymispMISPOrganisation method) 35values() (pymispMISPTag method) 33values() (pymispMISPUser method) 34values() (pymisptoolsFileObject method) 38values() (pymisptoolsVTReportObject method) 40values_in_warninglist() (pymispPyMISP
method) 22version() (pymispPyMISP property) 22VTReportObject (class in pymisptools) 38
Wwarninglists() (pymispPyMISP method) 22
50 Index
- README
- pymisp
- PyMISP
- PyMISPExpanded (Python 36+ only)
- MISPAbstract
- MISPEncode
- MISPEvent
- MISPAttribute
- MISPObject
- MISPObjectAttribute
- MISPObjectReference
- MISPTag
- MISPUser
- MISPOrganisation
- pymisp - Tools
- File Object
- ELF Object
- PE Object
- Mach-O Object
- VT Report Object
- STIX
- OpenIOC
- Indices and tables
- Python Module Index
- Index
PyMISP Documentation Release main
set_not_jsonable(args)Set __not_jsonable to a new list
Return type None
setdefault(k[ d ])rarr Dget(kd) also set D[k]=d if k not in D
to_dict(strict=False)Dump the class to a dictionary This method automatically removes the timestamp recursively in everyobject that has been edited is order to let MISP update the event accordingly
Return type Dict
to_json(sort_keys=False indent=None strict=False)Dump recursively any class of type MISPAbstract to a json string
update([E ] F)rarr None Update D from mappingiterable E and FIf E present and has a keys() method does for k in E D[k] = E[k] If E present and lacks keys() methoddoes for (k v) in E D[k] = v In either case this is followed by for k v in Fitems() D[k] = v
update_not_jsonable(args)Add entries to the __not_jsonable list
Return type None
values()rarr an object providing a view on Drsquos values
36 STIX
pymisptoolsstixload_stix(stix distribution=3 threat_level_id=2 analysis=0)Returns a MISPEvent object from a STIX package
pymisptoolsstixmake_stix_package(misp_event to_json=False to_xml=False)Returns a STIXPackage from a MISPEvent
Optionally can return the package in json or xml
37 OpenIOC
toolsload_openioc()
toolsload_openioc_file()
40 Chapter 3 pymisp - Tools
CHAPTER
FOUR
INDICES AND TABLES
bull genindex
bull modindex
bull search
41
PyMISP Documentation Release main
42 Chapter 4 Indices and tables
PYTHON MODULE INDEX
ppymisp 7pymisptools 37pymisptoolsstix 40
43
PyMISP Documentation Release main
44 Python Module Index
INDEX
AAbstractMISP (class in pymisp) 23accept_attribute_proposal()
(pymispPyMISP method) 7add_attribute() (pymispMISPEvent method) 24add_attribute() (pymispMISPObject method) 28add_attribute() (pymispPyMISP method) 7add_attribute() (pymisptoolsFileObject method)
37add_attribute() (pymisptoolsVTReportObject
method) 39add_attribute_proposal() (pymispPyMISP
method) 7add_attribute_tag() (pymispMISPEvent
method) 24add_attributes() (pymispMISPObject method)
28add_attributes() (pymisptoolsFileObject
method) 37add_attributes() (pymisptoolsVTReportObject
method) 39add_event() (pymispPyMISP method) 7add_event_blacklist() (pymispPyMISP
method) 8add_feed() (pymispPyMISP method) 8add_object() (pymispMISPEvent method) 24add_object() (pymispPyMISP method) 8add_object_reference() (pymispPyMISP
method) 8add_org_to_sharing_group() (pymispPyMISP
method) 8add_organisation() (pymispPyMISP method) 8add_organisation_blacklist()
(pymispPyMISP method) 8add_proposal() (pymispMISPAttribute method) 26add_proposal() (pymispMISPEvent method) 24add_proposal() (pymispMISPObjectAttribute
method) 29add_reference() (pymispMISPObject method) 28add_reference() (pymisptoolsFileObject method)
37add_reference() (pymisptoolsVTReportObject
method) 39add_server() (pymispPyMISP method) 8add_server_to_sharing_group()
(pymispPyMISP method) 8add_shadow_attribute() (pymispMISPAttribute
method) 26add_shadow_attribute() (pymispMISPEvent
method) 24add_shadow_attribute()
(pymispMISPObjectAttribute method) 29add_sharing_group() (pymispPyMISP method) 8add_sighting() (pymispMISPAttribute method) 26add_sighting() (pymispMISPObjectAttribute
method) 29add_sighting() (pymispPyMISP method) 8add_tag() (pymispPyMISP method) 8add_user() (pymispPyMISP method) 9attributes_statistics() (pymispPyMISP
method) 9
Bbuild_complex_query() (pymispPyMISP
method) 9
Ccache_all_feeds() (pymispPyMISP method) 9cache_feed() (pymispPyMISP method) 9cache_freetext_feeds() (pymispPyMISP
method) 9cache_misp_feeds() (pymispPyMISP method) 9change_sharing_group_on_entity()
(pymispPyMISP method) 9change_user_password() (pymispPyMISP
method) 9clear() (pymispMISPAttribute method) 26clear() (pymispMISPEvent method) 24clear() (pymispMISPObject method) 28clear() (pymispMISPObjectAttribute method) 29clear() (pymispMISPObjectReference method) 31clear() (pymispMISPOrganisation method) 34clear() (pymispMISPTag method) 32clear() (pymispMISPUser method) 33
45
PyMISP Documentation Release main
clear() (pymisptoolsFileObject method) 37clear() (pymisptoolsVTReportObject method) 39communities() (pymispPyMISP method) 9compare_feeds() (pymispPyMISP method) 9contact_event_reporter() (pymispPyMISP
method) 9
Ddefault() (pymispMISPEncode method) 24delegate_event() (pymispPyMISP method) 10delete() (pymispMISPAttribute method) 26delete() (pymispMISPObjectAttribute method) 30delete_attribute() (pymispMISPEvent method)
24delete_attribute() (pymispPyMISP method) 10delete_attribute_proposal()
(pymispPyMISP method) 10delete_event() (pymispPyMISP method) 10delete_event_blacklist() (pymispPyMISP
method) 10delete_feed() (pymispPyMISP method) 10delete_object() (pymispPyMISP method) 10delete_object_reference() (pymispPyMISP
method) 10delete_organisation() (pymispPyMISP
method) 10delete_organisation_blacklist()
(pymispPyMISP method) 10delete_server() (pymispPyMISP method) 10delete_sharing_group() (pymispPyMISP
method) 10delete_sighting() (pymispPyMISP method) 10delete_tag() (pymispPyMISP method) 11delete_user() (pymispPyMISP method) 11delete_user_setting() (pymispPyMISP
method) 11describe_types_local() (pymispPyMISP prop-
erty) 11describe_types_remote() (pymispPyMISP
property) 11direct_call() (pymispPyMISP method) 11disable_feed() (pymispPyMISP method) 11disable_feed_cache() (pymispPyMISP method)
11disable_noticelist() (pymispPyMISP method)
11disable_tag() (pymispPyMISP method) 11disable_taxonomy() (pymispPyMISP method) 11disable_taxonomy_tags() (pymispPyMISP
method) 11disable_warninglist() (pymispPyMISP
method) 11discard_attribute_proposal()
(pymispPyMISP method) 12
Eedited() (pymispAbstractMISP property) 23edited() (pymispMISPAttribute property) 26edited() (pymispMISPEvent property) 24edited() (pymispMISPObject property) 28edited() (pymispMISPObjectAttribute property) 30edited() (pymispMISPObjectReference property) 31edited() (pymispMISPOrganisation property) 34edited() (pymispMISPTag property) 32edited() (pymispMISPUser property) 33edited() (pymisptoolsFileObject property) 37edited() (pymisptoolsVTReportObject property) 39enable_feed() (pymispPyMISP method) 12enable_feed_cache() (pymispPyMISP method)
12enable_noticelist() (pymispPyMISP method)
12enable_tag() (pymispPyMISP method) 12enable_taxonomy() (pymispPyMISP method) 12enable_taxonomy_tags() (pymispPyMISP
method) 12enable_warninglist() (pymispPyMISP method)
12event_blacklists() (pymispPyMISP method) 12event_delegations() (pymispPyMISP method)
12ExpandedPyMISP (in module pymisp) 23
Ffeeds() (pymispPyMISP method) 12fetch_feed() (pymispPyMISP method) 12FileObject (class in pymisptools) 37freetext() (pymispPyMISP method) 12from_dict() (pymispAbstractMISP method) 23from_dict() (pymispMISPAttribute method) 27from_dict() (pymispMISPEvent method) 25from_dict() (pymispMISPObject method) 28from_dict() (pymispMISPObjectAttribute method)
30from_dict() (pymispMISPObjectReference method)
31from_dict() (pymispMISPOrganisation method) 34from_dict() (pymispMISPTag method) 32from_dict() (pymispMISPUser method) 33from_dict() (pymisptoolsFileObject method) 37from_dict() (pymisptoolsVTReportObject method)
39from_json() (pymispAbstractMISP method) 23from_json() (pymispMISPAttribute method) 27from_json() (pymispMISPEvent method) 25from_json() (pymispMISPObject method) 28from_json() (pymispMISPObjectAttribute method)
30
46 Index
PyMISP Documentation Release main
from_json() (pymispMISPObjectReference method)31
from_json() (pymispMISPOrganisation method) 34from_json() (pymispMISPTag method) 32from_json() (pymispMISPUser method) 33from_json() (pymisptoolsFileObject method) 37from_json() (pymisptoolsVTReportObject method)
39
Ggalaxies() (pymispPyMISP method) 12generate_attributes() (pymisptoolsFileObject
method) 37generate_attributes()
(pymisptoolsVTReportObject method)39
get() (pymispMISPAttribute method) 27get() (pymispMISPEvent method) 25get() (pymispMISPObject method) 28get() (pymispMISPObjectAttribute method) 30get() (pymispMISPObjectReference method) 31get() (pymispMISPOrganisation method) 34get() (pymispMISPTag method) 32get() (pymispMISPUser method) 33get() (pymisptoolsFileObject method) 37get() (pymisptoolsVTReportObject method) 39get_all_functions() (pymispPyMISP method)
13get_attribute() (pymispPyMISP method) 13get_attribute_tag() (pymispMISPEvent
method) 25get_attributes_by_relation()
(pymispMISPObject method) 28get_attributes_by_relation()
(pymisptoolsFileObject method) 37get_attributes_by_relation()
(pymisptoolsVTReportObject method)39
get_community() (pymispPyMISP method) 13get_event() (pymispPyMISP method) 13get_feed() (pymispPyMISP method) 13get_galaxy() (pymispPyMISP method) 13get_noticelist() (pymispPyMISP method) 13get_object() (pymispPyMISP method) 13get_object_by_id() (pymispMISPEvent method)
25get_object_by_uuid() (pymispMISPEvent
method) 25get_object_template() (pymispPyMISP
method) 13get_objects_by_name() (pymispMISPEvent
method) 25get_organisation() (pymispPyMISP method) 13get_sync_config() (pymispPyMISP method) 13
get_tag() (pymispPyMISP method) 13get_taxonomy() (pymispPyMISP method) 13get_user() (pymispPyMISP method) 13get_user_setting() (pymispPyMISP method) 14get_warninglist() (pymispPyMISP method) 14
Hhas_attributes_by_relation()
(pymispMISPObject method) 28has_attributes_by_relation()
(pymisptoolsFileObject method) 37has_attributes_by_relation()
(pymisptoolsVTReportObject method)39
hash_values() (pymispMISPAttribute method) 27hash_values() (pymispMISPObjectAttribute
method) 30
Iimport_server() (pymispPyMISP method) 14items() (pymispMISPAttribute method) 27items() (pymispMISPEvent method) 25items() (pymispMISPObject method) 29items() (pymispMISPObjectAttribute method) 30items() (pymispMISPObjectReference method) 31items() (pymispMISPOrganisation method) 34items() (pymispMISPTag method) 32items() (pymispMISPUser method) 33items() (pymisptoolsFileObject method) 38items() (pymisptoolsVTReportObject method) 39
Jjsonable() (pymispAbstractMISP method) 23jsonable() (pymispMISPAttribute method) 27jsonable() (pymispMISPEvent method) 25jsonable() (pymispMISPObject method) 29jsonable() (pymispMISPObjectAttribute method)
30jsonable() (pymispMISPObjectReference method)
31jsonable() (pymispMISPOrganisation method) 34jsonable() (pymispMISPTag method) 32jsonable() (pymispMISPUser method) 33jsonable() (pymisptoolsFileObject method) 38jsonable() (pymisptoolsVTReportObject method)
39
Kkeys() (pymispMISPAttribute method) 27keys() (pymispMISPEvent method) 25keys() (pymispMISPObject method) 29keys() (pymispMISPObjectAttribute method) 30keys() (pymispMISPObjectReference method) 31keys() (pymispMISPOrganisation method) 34
Index 47
PyMISP Documentation Release main
keys() (pymispMISPTag method) 32keys() (pymispMISPUser method) 33keys() (pymisptoolsFileObject method) 38keys() (pymisptoolsVTReportObject method) 39known_types() (pymispMISPAttribute property) 27known_types() (pymispMISPObjectAttribute prop-
erty) 30
Lload() (pymispMISPEvent method) 25load_default_feeds() (pymispPyMISP method)
14load_file() (pymispMISPEvent method) 25load_openioc() (pymisptools method) 40load_openioc_file() (pymisptools method) 40load_stix() (in module pymisptoolsstix) 40
Mmake_stix_package() (in module
pymisptoolsstix) 40malware_binary() (pymispMISPAttribute prop-
erty) 27malware_binary() (pymispMISPObjectAttribute
property) 30misp_instance_version() (pymispPyMISP
property) 14misp_instance_version_master()
(pymispPyMISP property) 14MISPAttribute (class in pymisp) 26MISPEncode (class in pymisp) 24MISPEvent (class in pymisp) 24MISPObject (class in pymisp) 28MISPObjectAttribute (class in pymisp) 29MISPObjectReference (class in pymisp) 31MISPOrganisation (class in pymisp) 34MISPTag (class in pymisp) 32MISPUser (class in pymisp) 33module
pymisp 7pymisptools 37pymisptoolsstix 40
Nnoticelists() (pymispPyMISP method) 14
Oobject_templates() (pymispPyMISP method) 14organisation_blacklists() (pymispPyMISP
method) 14organisations() (pymispPyMISP method) 14
Ppop() (pymispMISPAttribute method) 27
pop() (pymispMISPEvent method) 25pop() (pymispMISPObject method) 29pop() (pymispMISPObjectAttribute method) 30pop() (pymispMISPObjectReference method) 31pop() (pymispMISPOrganisation method) 34pop() (pymispMISPTag method) 32pop() (pymispMISPUser method) 33pop() (pymisptoolsFileObject method) 38pop() (pymisptoolsVTReportObject method) 39popitem() (pymispMISPAttribute method) 27popitem() (pymispMISPEvent method) 25popitem() (pymispMISPObject method) 29popitem() (pymispMISPObjectAttribute method) 30popitem() (pymispMISPObjectReference method) 31popitem() (pymispMISPOrganisation method) 34popitem() (pymispMISPTag method) 32popitem() (pymispMISPUser method) 33popitem() (pymisptoolsFileObject method) 38popitem() (pymisptoolsVTReportObject method) 39publish() (pymispMISPEvent method) 25publish() (pymispPyMISP method) 14push_event_to_ZMQ() (pymispPyMISP method)
14pymisp
module 7PyMISP (class in pymisp) 7pymisptools
module 37pymisptoolsstix
module 40pymisp_version_main() (pymispPyMISP prop-
erty) 15
Rrecommended_pymisp_version()
(pymispPyMISP property) 15remote_acl() (pymispPyMISP method) 15remove_org_from_sharing_group()
(pymispPyMISP method) 15remove_server_from_sharing_group()
(pymispPyMISP method) 15roles() (pymispPyMISP method) 15
Ssearch() (pymispPyMISP method) 15search_feeds() (pymispPyMISP method) 17search_index() (pymispPyMISP method) 18search_logs() (pymispPyMISP method) 18search_sightings() (pymispPyMISP method) 19server_pull() (pymispPyMISP method) 20server_push() (pymispPyMISP method) 20servers() (pymispPyMISP method) 20set_date() (pymispMISPEvent method) 25
48 Index
PyMISP Documentation Release main
set_not_jsonable() (pymispAbstractMISPmethod) 23
set_not_jsonable() (pymispMISPAttributemethod) 27
set_not_jsonable() (pymispMISPEvent method)25
set_not_jsonable() (pymispMISPObjectmethod) 29
set_not_jsonable() (pymispMISPObjectAttributemethod) 30
set_not_jsonable()(pymispMISPObjectReference method)31
set_not_jsonable() (pymispMISPOrganisationmethod) 35
set_not_jsonable() (pymispMISPTag method)32
set_not_jsonable() (pymispMISPUser method)33
set_not_jsonable() (pymisptoolsFileObjectmethod) 38
set_not_jsonable()(pymisptoolsVTReportObject method)39
set_user_setting() (pymispPyMISP method) 20setdefault() (pymispMISPAttribute method) 27setdefault() (pymispMISPEvent method) 25setdefault() (pymispMISPObject method) 29setdefault() (pymispMISPObjectAttribute
method) 30setdefault() (pymispMISPObjectReference
method) 31setdefault() (pymispMISPOrganisation method)
35setdefault() (pymispMISPTag method) 33setdefault() (pymispMISPUser method) 34setdefault() (pymisptoolsFileObject method) 38setdefault() (pymisptoolsVTReportObject
method) 40sharing_groups() (pymispPyMISP method) 20sightings() (pymispPyMISP method) 20
Ttag() (pymispPyMISP method) 20tags() (pymispMISPAttribute property) 27tags() (pymispMISPEvent property) 26tags() (pymispMISPObjectAttribute property) 30tags() (pymispPyMISP method) 20tags_statistics() (pymispPyMISP method) 20taxonomies() (pymispPyMISP method) 20to_dict() (pymispAbstractMISP method) 23to_dict() (pymispMISPAttribute method) 27to_dict() (pymispMISPEvent method) 26to_dict() (pymispMISPObject method) 29
to_dict() (pymispMISPObjectAttribute method) 30to_dict() (pymispMISPObjectReference method) 32to_dict() (pymispMISPOrganisation method) 35to_dict() (pymispMISPTag method) 33to_dict() (pymispMISPUser method) 34to_dict() (pymisptoolsFileObject method) 38to_dict() (pymisptoolsVTReportObject method) 40to_feed() (pymispMISPEvent method) 26to_json() (pymispAbstractMISP method) 23to_json() (pymispMISPAttribute method) 27to_json() (pymispMISPEvent method) 26to_json() (pymispMISPObject method) 29to_json() (pymispMISPObjectAttribute method) 31to_json() (pymispMISPObjectReference method) 32to_json() (pymispMISPOrganisation method) 35to_json() (pymispMISPTag method) 33to_json() (pymispMISPUser method) 34to_json() (pymisptoolsFileObject method) 38to_json() (pymisptoolsVTReportObject method) 40toggle_warninglist() (pymispPyMISP method)
20
Uunpublish() (pymispMISPEvent method) 26untag() (pymispPyMISP method) 21update() (pymispMISPAttribute method) 28update() (pymispMISPEvent method) 26update() (pymispMISPObject method) 29update() (pymispMISPObjectAttribute method) 31update() (pymispMISPObjectReference method) 32update() (pymispMISPOrganisation method) 35update() (pymispMISPTag method) 33update() (pymispMISPUser method) 34update() (pymisptoolsFileObject method) 38update() (pymisptoolsVTReportObject method) 40update_attribute() (pymispPyMISP method) 21update_attribute_proposal()
(pymispPyMISP method) 21update_event() (pymispPyMISP method) 21update_event_blacklist() (pymispPyMISP
method) 21update_feed() (pymispPyMISP method) 21update_galaxies() (pymispPyMISP method) 21update_not_jsonable() (pymispAbstractMISP
method) 23update_not_jsonable() (pymispMISPAttribute
method) 28update_not_jsonable() (pymispMISPEvent
method) 26update_not_jsonable() (pymispMISPObject
method) 29update_not_jsonable()
(pymispMISPObjectAttribute method) 31
Index 49
PyMISP Documentation Release main
update_not_jsonable()(pymispMISPObjectReference method)32
update_not_jsonable()(pymispMISPOrganisation method) 35
update_not_jsonable() (pymispMISPTagmethod) 33
update_not_jsonable() (pymispMISPUsermethod) 34
update_not_jsonable() (pymisptoolsFileObjectmethod) 38
update_not_jsonable()(pymisptoolsVTReportObject method)40
update_noticelists() (pymispPyMISP method)21
update_object() (pymispPyMISP method) 21update_object_templates() (pymispPyMISP
method) 21update_organisation() (pymispPyMISP
method) 21update_organisation_blacklist()
(pymispPyMISP method) 21update_server() (pymispPyMISP method) 22update_tag() (pymispPyMISP method) 22update_taxonomies() (pymispPyMISP method)
22update_user() (pymispPyMISP method) 22update_warninglists() (pymispPyMISP
method) 22upload_stix() (pymispPyMISP method) 22user_registrations() (pymispPyMISP method)
22user_settings() (pymispPyMISP method) 22users() (pymispPyMISP method) 22users_statistics() (pymispPyMISP method) 22
Vvalues() (pymispMISPAttribute method) 28values() (pymispMISPEvent method) 26values() (pymispMISPObject method) 29values() (pymispMISPObjectAttribute method) 31values() (pymispMISPObjectReference method) 32values() (pymispMISPOrganisation method) 35values() (pymispMISPTag method) 33values() (pymispMISPUser method) 34values() (pymisptoolsFileObject method) 38values() (pymisptoolsVTReportObject method) 40values_in_warninglist() (pymispPyMISP
method) 22version() (pymispPyMISP property) 22VTReportObject (class in pymisptools) 38
Wwarninglists() (pymispPyMISP method) 22
50 Index
- README
- pymisp
- PyMISP
- PyMISPExpanded (Python 36+ only)
- MISPAbstract
- MISPEncode
- MISPEvent
- MISPAttribute
- MISPObject
- MISPObjectAttribute
- MISPObjectReference
- MISPTag
- MISPUser
- MISPOrganisation
- pymisp - Tools
- File Object
- ELF Object
- PE Object
- Mach-O Object
- VT Report Object
- STIX
- OpenIOC
- Indices and tables
- Python Module Index
- Index
CHAPTER
FOUR
INDICES AND TABLES
bull genindex
bull modindex
bull search
41
PyMISP Documentation Release main
42 Chapter 4 Indices and tables
PYTHON MODULE INDEX
ppymisp 7pymisptools 37pymisptoolsstix 40
43
PyMISP Documentation Release main
44 Python Module Index
INDEX
AAbstractMISP (class in pymisp) 23accept_attribute_proposal()
(pymispPyMISP method) 7add_attribute() (pymispMISPEvent method) 24add_attribute() (pymispMISPObject method) 28add_attribute() (pymispPyMISP method) 7add_attribute() (pymisptoolsFileObject method)
37add_attribute() (pymisptoolsVTReportObject
method) 39add_attribute_proposal() (pymispPyMISP
method) 7add_attribute_tag() (pymispMISPEvent
method) 24add_attributes() (pymispMISPObject method)
28add_attributes() (pymisptoolsFileObject
method) 37add_attributes() (pymisptoolsVTReportObject
method) 39add_event() (pymispPyMISP method) 7add_event_blacklist() (pymispPyMISP
method) 8add_feed() (pymispPyMISP method) 8add_object() (pymispMISPEvent method) 24add_object() (pymispPyMISP method) 8add_object_reference() (pymispPyMISP
method) 8add_org_to_sharing_group() (pymispPyMISP
method) 8add_organisation() (pymispPyMISP method) 8add_organisation_blacklist()
(pymispPyMISP method) 8add_proposal() (pymispMISPAttribute method) 26add_proposal() (pymispMISPEvent method) 24add_proposal() (pymispMISPObjectAttribute
method) 29add_reference() (pymispMISPObject method) 28add_reference() (pymisptoolsFileObject method)
37add_reference() (pymisptoolsVTReportObject
method) 39add_server() (pymispPyMISP method) 8add_server_to_sharing_group()
(pymispPyMISP method) 8add_shadow_attribute() (pymispMISPAttribute
method) 26add_shadow_attribute() (pymispMISPEvent
method) 24add_shadow_attribute()
(pymispMISPObjectAttribute method) 29add_sharing_group() (pymispPyMISP method) 8add_sighting() (pymispMISPAttribute method) 26add_sighting() (pymispMISPObjectAttribute
method) 29add_sighting() (pymispPyMISP method) 8add_tag() (pymispPyMISP method) 8add_user() (pymispPyMISP method) 9attributes_statistics() (pymispPyMISP
method) 9
Bbuild_complex_query() (pymispPyMISP
method) 9
Ccache_all_feeds() (pymispPyMISP method) 9cache_feed() (pymispPyMISP method) 9cache_freetext_feeds() (pymispPyMISP
method) 9cache_misp_feeds() (pymispPyMISP method) 9change_sharing_group_on_entity()
(pymispPyMISP method) 9change_user_password() (pymispPyMISP
method) 9clear() (pymispMISPAttribute method) 26clear() (pymispMISPEvent method) 24clear() (pymispMISPObject method) 28clear() (pymispMISPObjectAttribute method) 29clear() (pymispMISPObjectReference method) 31clear() (pymispMISPOrganisation method) 34clear() (pymispMISPTag method) 32clear() (pymispMISPUser method) 33
45
PyMISP Documentation Release main
clear() (pymisptoolsFileObject method) 37clear() (pymisptoolsVTReportObject method) 39communities() (pymispPyMISP method) 9compare_feeds() (pymispPyMISP method) 9contact_event_reporter() (pymispPyMISP
method) 9
Ddefault() (pymispMISPEncode method) 24delegate_event() (pymispPyMISP method) 10delete() (pymispMISPAttribute method) 26delete() (pymispMISPObjectAttribute method) 30delete_attribute() (pymispMISPEvent method)
24delete_attribute() (pymispPyMISP method) 10delete_attribute_proposal()
(pymispPyMISP method) 10delete_event() (pymispPyMISP method) 10delete_event_blacklist() (pymispPyMISP
method) 10delete_feed() (pymispPyMISP method) 10delete_object() (pymispPyMISP method) 10delete_object_reference() (pymispPyMISP
method) 10delete_organisation() (pymispPyMISP
method) 10delete_organisation_blacklist()
(pymispPyMISP method) 10delete_server() (pymispPyMISP method) 10delete_sharing_group() (pymispPyMISP
method) 10delete_sighting() (pymispPyMISP method) 10delete_tag() (pymispPyMISP method) 11delete_user() (pymispPyMISP method) 11delete_user_setting() (pymispPyMISP
method) 11describe_types_local() (pymispPyMISP prop-
erty) 11describe_types_remote() (pymispPyMISP
property) 11direct_call() (pymispPyMISP method) 11disable_feed() (pymispPyMISP method) 11disable_feed_cache() (pymispPyMISP method)
11disable_noticelist() (pymispPyMISP method)
11disable_tag() (pymispPyMISP method) 11disable_taxonomy() (pymispPyMISP method) 11disable_taxonomy_tags() (pymispPyMISP
method) 11disable_warninglist() (pymispPyMISP
method) 11discard_attribute_proposal()
(pymispPyMISP method) 12
Eedited() (pymispAbstractMISP property) 23edited() (pymispMISPAttribute property) 26edited() (pymispMISPEvent property) 24edited() (pymispMISPObject property) 28edited() (pymispMISPObjectAttribute property) 30edited() (pymispMISPObjectReference property) 31edited() (pymispMISPOrganisation property) 34edited() (pymispMISPTag property) 32edited() (pymispMISPUser property) 33edited() (pymisptoolsFileObject property) 37edited() (pymisptoolsVTReportObject property) 39enable_feed() (pymispPyMISP method) 12enable_feed_cache() (pymispPyMISP method)
12enable_noticelist() (pymispPyMISP method)
12enable_tag() (pymispPyMISP method) 12enable_taxonomy() (pymispPyMISP method) 12enable_taxonomy_tags() (pymispPyMISP
method) 12enable_warninglist() (pymispPyMISP method)
12event_blacklists() (pymispPyMISP method) 12event_delegations() (pymispPyMISP method)
12ExpandedPyMISP (in module pymisp) 23
Ffeeds() (pymispPyMISP method) 12fetch_feed() (pymispPyMISP method) 12FileObject (class in pymisptools) 37freetext() (pymispPyMISP method) 12from_dict() (pymispAbstractMISP method) 23from_dict() (pymispMISPAttribute method) 27from_dict() (pymispMISPEvent method) 25from_dict() (pymispMISPObject method) 28from_dict() (pymispMISPObjectAttribute method)
30from_dict() (pymispMISPObjectReference method)
31from_dict() (pymispMISPOrganisation method) 34from_dict() (pymispMISPTag method) 32from_dict() (pymispMISPUser method) 33from_dict() (pymisptoolsFileObject method) 37from_dict() (pymisptoolsVTReportObject method)
39from_json() (pymispAbstractMISP method) 23from_json() (pymispMISPAttribute method) 27from_json() (pymispMISPEvent method) 25from_json() (pymispMISPObject method) 28from_json() (pymispMISPObjectAttribute method)
30
46 Index
PyMISP Documentation Release main
from_json() (pymispMISPObjectReference method)31
from_json() (pymispMISPOrganisation method) 34from_json() (pymispMISPTag method) 32from_json() (pymispMISPUser method) 33from_json() (pymisptoolsFileObject method) 37from_json() (pymisptoolsVTReportObject method)
39
Ggalaxies() (pymispPyMISP method) 12generate_attributes() (pymisptoolsFileObject
method) 37generate_attributes()
(pymisptoolsVTReportObject method)39
get() (pymispMISPAttribute method) 27get() (pymispMISPEvent method) 25get() (pymispMISPObject method) 28get() (pymispMISPObjectAttribute method) 30get() (pymispMISPObjectReference method) 31get() (pymispMISPOrganisation method) 34get() (pymispMISPTag method) 32get() (pymispMISPUser method) 33get() (pymisptoolsFileObject method) 37get() (pymisptoolsVTReportObject method) 39get_all_functions() (pymispPyMISP method)
13get_attribute() (pymispPyMISP method) 13get_attribute_tag() (pymispMISPEvent
method) 25get_attributes_by_relation()
(pymispMISPObject method) 28get_attributes_by_relation()
(pymisptoolsFileObject method) 37get_attributes_by_relation()
(pymisptoolsVTReportObject method)39
get_community() (pymispPyMISP method) 13get_event() (pymispPyMISP method) 13get_feed() (pymispPyMISP method) 13get_galaxy() (pymispPyMISP method) 13get_noticelist() (pymispPyMISP method) 13get_object() (pymispPyMISP method) 13get_object_by_id() (pymispMISPEvent method)
25get_object_by_uuid() (pymispMISPEvent
method) 25get_object_template() (pymispPyMISP
method) 13get_objects_by_name() (pymispMISPEvent
method) 25get_organisation() (pymispPyMISP method) 13get_sync_config() (pymispPyMISP method) 13
get_tag() (pymispPyMISP method) 13get_taxonomy() (pymispPyMISP method) 13get_user() (pymispPyMISP method) 13get_user_setting() (pymispPyMISP method) 14get_warninglist() (pymispPyMISP method) 14
Hhas_attributes_by_relation()
(pymispMISPObject method) 28has_attributes_by_relation()
(pymisptoolsFileObject method) 37has_attributes_by_relation()
(pymisptoolsVTReportObject method)39
hash_values() (pymispMISPAttribute method) 27hash_values() (pymispMISPObjectAttribute
method) 30
Iimport_server() (pymispPyMISP method) 14items() (pymispMISPAttribute method) 27items() (pymispMISPEvent method) 25items() (pymispMISPObject method) 29items() (pymispMISPObjectAttribute method) 30items() (pymispMISPObjectReference method) 31items() (pymispMISPOrganisation method) 34items() (pymispMISPTag method) 32items() (pymispMISPUser method) 33items() (pymisptoolsFileObject method) 38items() (pymisptoolsVTReportObject method) 39
Jjsonable() (pymispAbstractMISP method) 23jsonable() (pymispMISPAttribute method) 27jsonable() (pymispMISPEvent method) 25jsonable() (pymispMISPObject method) 29jsonable() (pymispMISPObjectAttribute method)
30jsonable() (pymispMISPObjectReference method)
31jsonable() (pymispMISPOrganisation method) 34jsonable() (pymispMISPTag method) 32jsonable() (pymispMISPUser method) 33jsonable() (pymisptoolsFileObject method) 38jsonable() (pymisptoolsVTReportObject method)
39
Kkeys() (pymispMISPAttribute method) 27keys() (pymispMISPEvent method) 25keys() (pymispMISPObject method) 29keys() (pymispMISPObjectAttribute method) 30keys() (pymispMISPObjectReference method) 31keys() (pymispMISPOrganisation method) 34
Index 47
PyMISP Documentation Release main
keys() (pymispMISPTag method) 32keys() (pymispMISPUser method) 33keys() (pymisptoolsFileObject method) 38keys() (pymisptoolsVTReportObject method) 39known_types() (pymispMISPAttribute property) 27known_types() (pymispMISPObjectAttribute prop-
erty) 30
Lload() (pymispMISPEvent method) 25load_default_feeds() (pymispPyMISP method)
14load_file() (pymispMISPEvent method) 25load_openioc() (pymisptools method) 40load_openioc_file() (pymisptools method) 40load_stix() (in module pymisptoolsstix) 40
Mmake_stix_package() (in module
pymisptoolsstix) 40malware_binary() (pymispMISPAttribute prop-
erty) 27malware_binary() (pymispMISPObjectAttribute
property) 30misp_instance_version() (pymispPyMISP
property) 14misp_instance_version_master()
(pymispPyMISP property) 14MISPAttribute (class in pymisp) 26MISPEncode (class in pymisp) 24MISPEvent (class in pymisp) 24MISPObject (class in pymisp) 28MISPObjectAttribute (class in pymisp) 29MISPObjectReference (class in pymisp) 31MISPOrganisation (class in pymisp) 34MISPTag (class in pymisp) 32MISPUser (class in pymisp) 33module
pymisp 7pymisptools 37pymisptoolsstix 40
Nnoticelists() (pymispPyMISP method) 14
Oobject_templates() (pymispPyMISP method) 14organisation_blacklists() (pymispPyMISP
method) 14organisations() (pymispPyMISP method) 14
Ppop() (pymispMISPAttribute method) 27
pop() (pymispMISPEvent method) 25pop() (pymispMISPObject method) 29pop() (pymispMISPObjectAttribute method) 30pop() (pymispMISPObjectReference method) 31pop() (pymispMISPOrganisation method) 34pop() (pymispMISPTag method) 32pop() (pymispMISPUser method) 33pop() (pymisptoolsFileObject method) 38pop() (pymisptoolsVTReportObject method) 39popitem() (pymispMISPAttribute method) 27popitem() (pymispMISPEvent method) 25popitem() (pymispMISPObject method) 29popitem() (pymispMISPObjectAttribute method) 30popitem() (pymispMISPObjectReference method) 31popitem() (pymispMISPOrganisation method) 34popitem() (pymispMISPTag method) 32popitem() (pymispMISPUser method) 33popitem() (pymisptoolsFileObject method) 38popitem() (pymisptoolsVTReportObject method) 39publish() (pymispMISPEvent method) 25publish() (pymispPyMISP method) 14push_event_to_ZMQ() (pymispPyMISP method)
14pymisp
module 7PyMISP (class in pymisp) 7pymisptools
module 37pymisptoolsstix
module 40pymisp_version_main() (pymispPyMISP prop-
erty) 15
Rrecommended_pymisp_version()
(pymispPyMISP property) 15remote_acl() (pymispPyMISP method) 15remove_org_from_sharing_group()
(pymispPyMISP method) 15remove_server_from_sharing_group()
(pymispPyMISP method) 15roles() (pymispPyMISP method) 15
Ssearch() (pymispPyMISP method) 15search_feeds() (pymispPyMISP method) 17search_index() (pymispPyMISP method) 18search_logs() (pymispPyMISP method) 18search_sightings() (pymispPyMISP method) 19server_pull() (pymispPyMISP method) 20server_push() (pymispPyMISP method) 20servers() (pymispPyMISP method) 20set_date() (pymispMISPEvent method) 25
48 Index
PyMISP Documentation Release main
set_not_jsonable() (pymispAbstractMISPmethod) 23
set_not_jsonable() (pymispMISPAttributemethod) 27
set_not_jsonable() (pymispMISPEvent method)25
set_not_jsonable() (pymispMISPObjectmethod) 29
set_not_jsonable() (pymispMISPObjectAttributemethod) 30
set_not_jsonable()(pymispMISPObjectReference method)31
set_not_jsonable() (pymispMISPOrganisationmethod) 35
set_not_jsonable() (pymispMISPTag method)32
set_not_jsonable() (pymispMISPUser method)33
set_not_jsonable() (pymisptoolsFileObjectmethod) 38
set_not_jsonable()(pymisptoolsVTReportObject method)39
set_user_setting() (pymispPyMISP method) 20setdefault() (pymispMISPAttribute method) 27setdefault() (pymispMISPEvent method) 25setdefault() (pymispMISPObject method) 29setdefault() (pymispMISPObjectAttribute
method) 30setdefault() (pymispMISPObjectReference
method) 31setdefault() (pymispMISPOrganisation method)
35setdefault() (pymispMISPTag method) 33setdefault() (pymispMISPUser method) 34setdefault() (pymisptoolsFileObject method) 38setdefault() (pymisptoolsVTReportObject
method) 40sharing_groups() (pymispPyMISP method) 20sightings() (pymispPyMISP method) 20
Ttag() (pymispPyMISP method) 20tags() (pymispMISPAttribute property) 27tags() (pymispMISPEvent property) 26tags() (pymispMISPObjectAttribute property) 30tags() (pymispPyMISP method) 20tags_statistics() (pymispPyMISP method) 20taxonomies() (pymispPyMISP method) 20to_dict() (pymispAbstractMISP method) 23to_dict() (pymispMISPAttribute method) 27to_dict() (pymispMISPEvent method) 26to_dict() (pymispMISPObject method) 29
to_dict() (pymispMISPObjectAttribute method) 30to_dict() (pymispMISPObjectReference method) 32to_dict() (pymispMISPOrganisation method) 35to_dict() (pymispMISPTag method) 33to_dict() (pymispMISPUser method) 34to_dict() (pymisptoolsFileObject method) 38to_dict() (pymisptoolsVTReportObject method) 40to_feed() (pymispMISPEvent method) 26to_json() (pymispAbstractMISP method) 23to_json() (pymispMISPAttribute method) 27to_json() (pymispMISPEvent method) 26to_json() (pymispMISPObject method) 29to_json() (pymispMISPObjectAttribute method) 31to_json() (pymispMISPObjectReference method) 32to_json() (pymispMISPOrganisation method) 35to_json() (pymispMISPTag method) 33to_json() (pymispMISPUser method) 34to_json() (pymisptoolsFileObject method) 38to_json() (pymisptoolsVTReportObject method) 40toggle_warninglist() (pymispPyMISP method)
20
Uunpublish() (pymispMISPEvent method) 26untag() (pymispPyMISP method) 21update() (pymispMISPAttribute method) 28update() (pymispMISPEvent method) 26update() (pymispMISPObject method) 29update() (pymispMISPObjectAttribute method) 31update() (pymispMISPObjectReference method) 32update() (pymispMISPOrganisation method) 35update() (pymispMISPTag method) 33update() (pymispMISPUser method) 34update() (pymisptoolsFileObject method) 38update() (pymisptoolsVTReportObject method) 40update_attribute() (pymispPyMISP method) 21update_attribute_proposal()
(pymispPyMISP method) 21update_event() (pymispPyMISP method) 21update_event_blacklist() (pymispPyMISP
method) 21update_feed() (pymispPyMISP method) 21update_galaxies() (pymispPyMISP method) 21update_not_jsonable() (pymispAbstractMISP
method) 23update_not_jsonable() (pymispMISPAttribute
method) 28update_not_jsonable() (pymispMISPEvent
method) 26update_not_jsonable() (pymispMISPObject
method) 29update_not_jsonable()
(pymispMISPObjectAttribute method) 31
Index 49
PyMISP Documentation Release main
update_not_jsonable()(pymispMISPObjectReference method)32
update_not_jsonable()(pymispMISPOrganisation method) 35
update_not_jsonable() (pymispMISPTagmethod) 33
update_not_jsonable() (pymispMISPUsermethod) 34
update_not_jsonable() (pymisptoolsFileObjectmethod) 38
update_not_jsonable()(pymisptoolsVTReportObject method)40
update_noticelists() (pymispPyMISP method)21
update_object() (pymispPyMISP method) 21update_object_templates() (pymispPyMISP
method) 21update_organisation() (pymispPyMISP
method) 21update_organisation_blacklist()
(pymispPyMISP method) 21update_server() (pymispPyMISP method) 22update_tag() (pymispPyMISP method) 22update_taxonomies() (pymispPyMISP method)
22update_user() (pymispPyMISP method) 22update_warninglists() (pymispPyMISP
method) 22upload_stix() (pymispPyMISP method) 22user_registrations() (pymispPyMISP method)
22user_settings() (pymispPyMISP method) 22users() (pymispPyMISP method) 22users_statistics() (pymispPyMISP method) 22
Vvalues() (pymispMISPAttribute method) 28values() (pymispMISPEvent method) 26values() (pymispMISPObject method) 29values() (pymispMISPObjectAttribute method) 31values() (pymispMISPObjectReference method) 32values() (pymispMISPOrganisation method) 35values() (pymispMISPTag method) 33values() (pymispMISPUser method) 34values() (pymisptoolsFileObject method) 38values() (pymisptoolsVTReportObject method) 40values_in_warninglist() (pymispPyMISP
method) 22version() (pymispPyMISP property) 22VTReportObject (class in pymisptools) 38
Wwarninglists() (pymispPyMISP method) 22
50 Index
- README
- pymisp
- PyMISP
- PyMISPExpanded (Python 36+ only)
- MISPAbstract
- MISPEncode
- MISPEvent
- MISPAttribute
- MISPObject
- MISPObjectAttribute
- MISPObjectReference
- MISPTag
- MISPUser
- MISPOrganisation
- pymisp - Tools
- File Object
- ELF Object
- PE Object
- Mach-O Object
- VT Report Object
- STIX
- OpenIOC
- Indices and tables
- Python Module Index
- Index
PyMISP Documentation Release main
42 Chapter 4 Indices and tables
PYTHON MODULE INDEX
ppymisp 7pymisptools 37pymisptoolsstix 40
43
PyMISP Documentation Release main
44 Python Module Index
INDEX
AAbstractMISP (class in pymisp) 23accept_attribute_proposal()
(pymispPyMISP method) 7add_attribute() (pymispMISPEvent method) 24add_attribute() (pymispMISPObject method) 28add_attribute() (pymispPyMISP method) 7add_attribute() (pymisptoolsFileObject method)
37add_attribute() (pymisptoolsVTReportObject
method) 39add_attribute_proposal() (pymispPyMISP
method) 7add_attribute_tag() (pymispMISPEvent
method) 24add_attributes() (pymispMISPObject method)
28add_attributes() (pymisptoolsFileObject
method) 37add_attributes() (pymisptoolsVTReportObject
method) 39add_event() (pymispPyMISP method) 7add_event_blacklist() (pymispPyMISP
method) 8add_feed() (pymispPyMISP method) 8add_object() (pymispMISPEvent method) 24add_object() (pymispPyMISP method) 8add_object_reference() (pymispPyMISP
method) 8add_org_to_sharing_group() (pymispPyMISP
method) 8add_organisation() (pymispPyMISP method) 8add_organisation_blacklist()
(pymispPyMISP method) 8add_proposal() (pymispMISPAttribute method) 26add_proposal() (pymispMISPEvent method) 24add_proposal() (pymispMISPObjectAttribute
method) 29add_reference() (pymispMISPObject method) 28add_reference() (pymisptoolsFileObject method)
37add_reference() (pymisptoolsVTReportObject
method) 39add_server() (pymispPyMISP method) 8add_server_to_sharing_group()
(pymispPyMISP method) 8add_shadow_attribute() (pymispMISPAttribute
method) 26add_shadow_attribute() (pymispMISPEvent
method) 24add_shadow_attribute()
(pymispMISPObjectAttribute method) 29add_sharing_group() (pymispPyMISP method) 8add_sighting() (pymispMISPAttribute method) 26add_sighting() (pymispMISPObjectAttribute
method) 29add_sighting() (pymispPyMISP method) 8add_tag() (pymispPyMISP method) 8add_user() (pymispPyMISP method) 9attributes_statistics() (pymispPyMISP
method) 9
Bbuild_complex_query() (pymispPyMISP
method) 9
Ccache_all_feeds() (pymispPyMISP method) 9cache_feed() (pymispPyMISP method) 9cache_freetext_feeds() (pymispPyMISP
method) 9cache_misp_feeds() (pymispPyMISP method) 9change_sharing_group_on_entity()
(pymispPyMISP method) 9change_user_password() (pymispPyMISP
method) 9clear() (pymispMISPAttribute method) 26clear() (pymispMISPEvent method) 24clear() (pymispMISPObject method) 28clear() (pymispMISPObjectAttribute method) 29clear() (pymispMISPObjectReference method) 31clear() (pymispMISPOrganisation method) 34clear() (pymispMISPTag method) 32clear() (pymispMISPUser method) 33
45
PyMISP Documentation Release main
clear() (pymisptoolsFileObject method) 37clear() (pymisptoolsVTReportObject method) 39communities() (pymispPyMISP method) 9compare_feeds() (pymispPyMISP method) 9contact_event_reporter() (pymispPyMISP
method) 9
Ddefault() (pymispMISPEncode method) 24delegate_event() (pymispPyMISP method) 10delete() (pymispMISPAttribute method) 26delete() (pymispMISPObjectAttribute method) 30delete_attribute() (pymispMISPEvent method)
24delete_attribute() (pymispPyMISP method) 10delete_attribute_proposal()
(pymispPyMISP method) 10delete_event() (pymispPyMISP method) 10delete_event_blacklist() (pymispPyMISP
method) 10delete_feed() (pymispPyMISP method) 10delete_object() (pymispPyMISP method) 10delete_object_reference() (pymispPyMISP
method) 10delete_organisation() (pymispPyMISP
method) 10delete_organisation_blacklist()
(pymispPyMISP method) 10delete_server() (pymispPyMISP method) 10delete_sharing_group() (pymispPyMISP
method) 10delete_sighting() (pymispPyMISP method) 10delete_tag() (pymispPyMISP method) 11delete_user() (pymispPyMISP method) 11delete_user_setting() (pymispPyMISP
method) 11describe_types_local() (pymispPyMISP prop-
erty) 11describe_types_remote() (pymispPyMISP
property) 11direct_call() (pymispPyMISP method) 11disable_feed() (pymispPyMISP method) 11disable_feed_cache() (pymispPyMISP method)
11disable_noticelist() (pymispPyMISP method)
11disable_tag() (pymispPyMISP method) 11disable_taxonomy() (pymispPyMISP method) 11disable_taxonomy_tags() (pymispPyMISP
method) 11disable_warninglist() (pymispPyMISP
method) 11discard_attribute_proposal()
(pymispPyMISP method) 12
Eedited() (pymispAbstractMISP property) 23edited() (pymispMISPAttribute property) 26edited() (pymispMISPEvent property) 24edited() (pymispMISPObject property) 28edited() (pymispMISPObjectAttribute property) 30edited() (pymispMISPObjectReference property) 31edited() (pymispMISPOrganisation property) 34edited() (pymispMISPTag property) 32edited() (pymispMISPUser property) 33edited() (pymisptoolsFileObject property) 37edited() (pymisptoolsVTReportObject property) 39enable_feed() (pymispPyMISP method) 12enable_feed_cache() (pymispPyMISP method)
12enable_noticelist() (pymispPyMISP method)
12enable_tag() (pymispPyMISP method) 12enable_taxonomy() (pymispPyMISP method) 12enable_taxonomy_tags() (pymispPyMISP
method) 12enable_warninglist() (pymispPyMISP method)
12event_blacklists() (pymispPyMISP method) 12event_delegations() (pymispPyMISP method)
12ExpandedPyMISP (in module pymisp) 23
Ffeeds() (pymispPyMISP method) 12fetch_feed() (pymispPyMISP method) 12FileObject (class in pymisptools) 37freetext() (pymispPyMISP method) 12from_dict() (pymispAbstractMISP method) 23from_dict() (pymispMISPAttribute method) 27from_dict() (pymispMISPEvent method) 25from_dict() (pymispMISPObject method) 28from_dict() (pymispMISPObjectAttribute method)
30from_dict() (pymispMISPObjectReference method)
31from_dict() (pymispMISPOrganisation method) 34from_dict() (pymispMISPTag method) 32from_dict() (pymispMISPUser method) 33from_dict() (pymisptoolsFileObject method) 37from_dict() (pymisptoolsVTReportObject method)
39from_json() (pymispAbstractMISP method) 23from_json() (pymispMISPAttribute method) 27from_json() (pymispMISPEvent method) 25from_json() (pymispMISPObject method) 28from_json() (pymispMISPObjectAttribute method)
30
46 Index
PyMISP Documentation Release main
from_json() (pymispMISPObjectReference method)31
from_json() (pymispMISPOrganisation method) 34from_json() (pymispMISPTag method) 32from_json() (pymispMISPUser method) 33from_json() (pymisptoolsFileObject method) 37from_json() (pymisptoolsVTReportObject method)
39
Ggalaxies() (pymispPyMISP method) 12generate_attributes() (pymisptoolsFileObject
method) 37generate_attributes()
(pymisptoolsVTReportObject method)39
get() (pymispMISPAttribute method) 27get() (pymispMISPEvent method) 25get() (pymispMISPObject method) 28get() (pymispMISPObjectAttribute method) 30get() (pymispMISPObjectReference method) 31get() (pymispMISPOrganisation method) 34get() (pymispMISPTag method) 32get() (pymispMISPUser method) 33get() (pymisptoolsFileObject method) 37get() (pymisptoolsVTReportObject method) 39get_all_functions() (pymispPyMISP method)
13get_attribute() (pymispPyMISP method) 13get_attribute_tag() (pymispMISPEvent
method) 25get_attributes_by_relation()
(pymispMISPObject method) 28get_attributes_by_relation()
(pymisptoolsFileObject method) 37get_attributes_by_relation()
(pymisptoolsVTReportObject method)39
get_community() (pymispPyMISP method) 13get_event() (pymispPyMISP method) 13get_feed() (pymispPyMISP method) 13get_galaxy() (pymispPyMISP method) 13get_noticelist() (pymispPyMISP method) 13get_object() (pymispPyMISP method) 13get_object_by_id() (pymispMISPEvent method)
25get_object_by_uuid() (pymispMISPEvent
method) 25get_object_template() (pymispPyMISP
method) 13get_objects_by_name() (pymispMISPEvent
method) 25get_organisation() (pymispPyMISP method) 13get_sync_config() (pymispPyMISP method) 13
get_tag() (pymispPyMISP method) 13get_taxonomy() (pymispPyMISP method) 13get_user() (pymispPyMISP method) 13get_user_setting() (pymispPyMISP method) 14get_warninglist() (pymispPyMISP method) 14
Hhas_attributes_by_relation()
(pymispMISPObject method) 28has_attributes_by_relation()
(pymisptoolsFileObject method) 37has_attributes_by_relation()
(pymisptoolsVTReportObject method)39
hash_values() (pymispMISPAttribute method) 27hash_values() (pymispMISPObjectAttribute
method) 30
Iimport_server() (pymispPyMISP method) 14items() (pymispMISPAttribute method) 27items() (pymispMISPEvent method) 25items() (pymispMISPObject method) 29items() (pymispMISPObjectAttribute method) 30items() (pymispMISPObjectReference method) 31items() (pymispMISPOrganisation method) 34items() (pymispMISPTag method) 32items() (pymispMISPUser method) 33items() (pymisptoolsFileObject method) 38items() (pymisptoolsVTReportObject method) 39
Jjsonable() (pymispAbstractMISP method) 23jsonable() (pymispMISPAttribute method) 27jsonable() (pymispMISPEvent method) 25jsonable() (pymispMISPObject method) 29jsonable() (pymispMISPObjectAttribute method)
30jsonable() (pymispMISPObjectReference method)
31jsonable() (pymispMISPOrganisation method) 34jsonable() (pymispMISPTag method) 32jsonable() (pymispMISPUser method) 33jsonable() (pymisptoolsFileObject method) 38jsonable() (pymisptoolsVTReportObject method)
39
Kkeys() (pymispMISPAttribute method) 27keys() (pymispMISPEvent method) 25keys() (pymispMISPObject method) 29keys() (pymispMISPObjectAttribute method) 30keys() (pymispMISPObjectReference method) 31keys() (pymispMISPOrganisation method) 34
Index 47
PyMISP Documentation Release main
keys() (pymispMISPTag method) 32keys() (pymispMISPUser method) 33keys() (pymisptoolsFileObject method) 38keys() (pymisptoolsVTReportObject method) 39known_types() (pymispMISPAttribute property) 27known_types() (pymispMISPObjectAttribute prop-
erty) 30
Lload() (pymispMISPEvent method) 25load_default_feeds() (pymispPyMISP method)
14load_file() (pymispMISPEvent method) 25load_openioc() (pymisptools method) 40load_openioc_file() (pymisptools method) 40load_stix() (in module pymisptoolsstix) 40
Mmake_stix_package() (in module
pymisptoolsstix) 40malware_binary() (pymispMISPAttribute prop-
erty) 27malware_binary() (pymispMISPObjectAttribute
property) 30misp_instance_version() (pymispPyMISP
property) 14misp_instance_version_master()
(pymispPyMISP property) 14MISPAttribute (class in pymisp) 26MISPEncode (class in pymisp) 24MISPEvent (class in pymisp) 24MISPObject (class in pymisp) 28MISPObjectAttribute (class in pymisp) 29MISPObjectReference (class in pymisp) 31MISPOrganisation (class in pymisp) 34MISPTag (class in pymisp) 32MISPUser (class in pymisp) 33module
pymisp 7pymisptools 37pymisptoolsstix 40
Nnoticelists() (pymispPyMISP method) 14
Oobject_templates() (pymispPyMISP method) 14organisation_blacklists() (pymispPyMISP
method) 14organisations() (pymispPyMISP method) 14
Ppop() (pymispMISPAttribute method) 27
pop() (pymispMISPEvent method) 25pop() (pymispMISPObject method) 29pop() (pymispMISPObjectAttribute method) 30pop() (pymispMISPObjectReference method) 31pop() (pymispMISPOrganisation method) 34pop() (pymispMISPTag method) 32pop() (pymispMISPUser method) 33pop() (pymisptoolsFileObject method) 38pop() (pymisptoolsVTReportObject method) 39popitem() (pymispMISPAttribute method) 27popitem() (pymispMISPEvent method) 25popitem() (pymispMISPObject method) 29popitem() (pymispMISPObjectAttribute method) 30popitem() (pymispMISPObjectReference method) 31popitem() (pymispMISPOrganisation method) 34popitem() (pymispMISPTag method) 32popitem() (pymispMISPUser method) 33popitem() (pymisptoolsFileObject method) 38popitem() (pymisptoolsVTReportObject method) 39publish() (pymispMISPEvent method) 25publish() (pymispPyMISP method) 14push_event_to_ZMQ() (pymispPyMISP method)
14pymisp
module 7PyMISP (class in pymisp) 7pymisptools
module 37pymisptoolsstix
module 40pymisp_version_main() (pymispPyMISP prop-
erty) 15
Rrecommended_pymisp_version()
(pymispPyMISP property) 15remote_acl() (pymispPyMISP method) 15remove_org_from_sharing_group()
(pymispPyMISP method) 15remove_server_from_sharing_group()
(pymispPyMISP method) 15roles() (pymispPyMISP method) 15
Ssearch() (pymispPyMISP method) 15search_feeds() (pymispPyMISP method) 17search_index() (pymispPyMISP method) 18search_logs() (pymispPyMISP method) 18search_sightings() (pymispPyMISP method) 19server_pull() (pymispPyMISP method) 20server_push() (pymispPyMISP method) 20servers() (pymispPyMISP method) 20set_date() (pymispMISPEvent method) 25
48 Index
PyMISP Documentation Release main
set_not_jsonable() (pymispAbstractMISPmethod) 23
set_not_jsonable() (pymispMISPAttributemethod) 27
set_not_jsonable() (pymispMISPEvent method)25
set_not_jsonable() (pymispMISPObjectmethod) 29
set_not_jsonable() (pymispMISPObjectAttributemethod) 30
set_not_jsonable()(pymispMISPObjectReference method)31
set_not_jsonable() (pymispMISPOrganisationmethod) 35
set_not_jsonable() (pymispMISPTag method)32
set_not_jsonable() (pymispMISPUser method)33
set_not_jsonable() (pymisptoolsFileObjectmethod) 38
set_not_jsonable()(pymisptoolsVTReportObject method)39
set_user_setting() (pymispPyMISP method) 20setdefault() (pymispMISPAttribute method) 27setdefault() (pymispMISPEvent method) 25setdefault() (pymispMISPObject method) 29setdefault() (pymispMISPObjectAttribute
method) 30setdefault() (pymispMISPObjectReference
method) 31setdefault() (pymispMISPOrganisation method)
35setdefault() (pymispMISPTag method) 33setdefault() (pymispMISPUser method) 34setdefault() (pymisptoolsFileObject method) 38setdefault() (pymisptoolsVTReportObject
method) 40sharing_groups() (pymispPyMISP method) 20sightings() (pymispPyMISP method) 20
Ttag() (pymispPyMISP method) 20tags() (pymispMISPAttribute property) 27tags() (pymispMISPEvent property) 26tags() (pymispMISPObjectAttribute property) 30tags() (pymispPyMISP method) 20tags_statistics() (pymispPyMISP method) 20taxonomies() (pymispPyMISP method) 20to_dict() (pymispAbstractMISP method) 23to_dict() (pymispMISPAttribute method) 27to_dict() (pymispMISPEvent method) 26to_dict() (pymispMISPObject method) 29
to_dict() (pymispMISPObjectAttribute method) 30to_dict() (pymispMISPObjectReference method) 32to_dict() (pymispMISPOrganisation method) 35to_dict() (pymispMISPTag method) 33to_dict() (pymispMISPUser method) 34to_dict() (pymisptoolsFileObject method) 38to_dict() (pymisptoolsVTReportObject method) 40to_feed() (pymispMISPEvent method) 26to_json() (pymispAbstractMISP method) 23to_json() (pymispMISPAttribute method) 27to_json() (pymispMISPEvent method) 26to_json() (pymispMISPObject method) 29to_json() (pymispMISPObjectAttribute method) 31to_json() (pymispMISPObjectReference method) 32to_json() (pymispMISPOrganisation method) 35to_json() (pymispMISPTag method) 33to_json() (pymispMISPUser method) 34to_json() (pymisptoolsFileObject method) 38to_json() (pymisptoolsVTReportObject method) 40toggle_warninglist() (pymispPyMISP method)
20
Uunpublish() (pymispMISPEvent method) 26untag() (pymispPyMISP method) 21update() (pymispMISPAttribute method) 28update() (pymispMISPEvent method) 26update() (pymispMISPObject method) 29update() (pymispMISPObjectAttribute method) 31update() (pymispMISPObjectReference method) 32update() (pymispMISPOrganisation method) 35update() (pymispMISPTag method) 33update() (pymispMISPUser method) 34update() (pymisptoolsFileObject method) 38update() (pymisptoolsVTReportObject method) 40update_attribute() (pymispPyMISP method) 21update_attribute_proposal()
(pymispPyMISP method) 21update_event() (pymispPyMISP method) 21update_event_blacklist() (pymispPyMISP
method) 21update_feed() (pymispPyMISP method) 21update_galaxies() (pymispPyMISP method) 21update_not_jsonable() (pymispAbstractMISP
method) 23update_not_jsonable() (pymispMISPAttribute
method) 28update_not_jsonable() (pymispMISPEvent
method) 26update_not_jsonable() (pymispMISPObject
method) 29update_not_jsonable()
(pymispMISPObjectAttribute method) 31
Index 49
PyMISP Documentation Release main
update_not_jsonable()(pymispMISPObjectReference method)32
update_not_jsonable()(pymispMISPOrganisation method) 35
update_not_jsonable() (pymispMISPTagmethod) 33
update_not_jsonable() (pymispMISPUsermethod) 34
update_not_jsonable() (pymisptoolsFileObjectmethod) 38
update_not_jsonable()(pymisptoolsVTReportObject method)40
update_noticelists() (pymispPyMISP method)21
update_object() (pymispPyMISP method) 21update_object_templates() (pymispPyMISP
method) 21update_organisation() (pymispPyMISP
method) 21update_organisation_blacklist()
(pymispPyMISP method) 21update_server() (pymispPyMISP method) 22update_tag() (pymispPyMISP method) 22update_taxonomies() (pymispPyMISP method)
22update_user() (pymispPyMISP method) 22update_warninglists() (pymispPyMISP
method) 22upload_stix() (pymispPyMISP method) 22user_registrations() (pymispPyMISP method)
22user_settings() (pymispPyMISP method) 22users() (pymispPyMISP method) 22users_statistics() (pymispPyMISP method) 22
Vvalues() (pymispMISPAttribute method) 28values() (pymispMISPEvent method) 26values() (pymispMISPObject method) 29values() (pymispMISPObjectAttribute method) 31values() (pymispMISPObjectReference method) 32values() (pymispMISPOrganisation method) 35values() (pymispMISPTag method) 33values() (pymispMISPUser method) 34values() (pymisptoolsFileObject method) 38values() (pymisptoolsVTReportObject method) 40values_in_warninglist() (pymispPyMISP
method) 22version() (pymispPyMISP property) 22VTReportObject (class in pymisptools) 38
Wwarninglists() (pymispPyMISP method) 22
50 Index
- README
- pymisp
- PyMISP
- PyMISPExpanded (Python 36+ only)
- MISPAbstract
- MISPEncode
- MISPEvent
- MISPAttribute
- MISPObject
- MISPObjectAttribute
- MISPObjectReference
- MISPTag
- MISPUser
- MISPOrganisation
- pymisp - Tools
- File Object
- ELF Object
- PE Object
- Mach-O Object
- VT Report Object
- STIX
- OpenIOC
- Indices and tables
- Python Module Index
- Index
PYTHON MODULE INDEX
ppymisp 7pymisptools 37pymisptoolsstix 40
43
PyMISP Documentation Release main
44 Python Module Index
INDEX
AAbstractMISP (class in pymisp) 23accept_attribute_proposal()
(pymispPyMISP method) 7add_attribute() (pymispMISPEvent method) 24add_attribute() (pymispMISPObject method) 28add_attribute() (pymispPyMISP method) 7add_attribute() (pymisptoolsFileObject method)
37add_attribute() (pymisptoolsVTReportObject
method) 39add_attribute_proposal() (pymispPyMISP
method) 7add_attribute_tag() (pymispMISPEvent
method) 24add_attributes() (pymispMISPObject method)
28add_attributes() (pymisptoolsFileObject
method) 37add_attributes() (pymisptoolsVTReportObject
method) 39add_event() (pymispPyMISP method) 7add_event_blacklist() (pymispPyMISP
method) 8add_feed() (pymispPyMISP method) 8add_object() (pymispMISPEvent method) 24add_object() (pymispPyMISP method) 8add_object_reference() (pymispPyMISP
method) 8add_org_to_sharing_group() (pymispPyMISP
method) 8add_organisation() (pymispPyMISP method) 8add_organisation_blacklist()
(pymispPyMISP method) 8add_proposal() (pymispMISPAttribute method) 26add_proposal() (pymispMISPEvent method) 24add_proposal() (pymispMISPObjectAttribute
method) 29add_reference() (pymispMISPObject method) 28add_reference() (pymisptoolsFileObject method)
37add_reference() (pymisptoolsVTReportObject
method) 39add_server() (pymispPyMISP method) 8add_server_to_sharing_group()
(pymispPyMISP method) 8add_shadow_attribute() (pymispMISPAttribute
method) 26add_shadow_attribute() (pymispMISPEvent
method) 24add_shadow_attribute()
(pymispMISPObjectAttribute method) 29add_sharing_group() (pymispPyMISP method) 8add_sighting() (pymispMISPAttribute method) 26add_sighting() (pymispMISPObjectAttribute
method) 29add_sighting() (pymispPyMISP method) 8add_tag() (pymispPyMISP method) 8add_user() (pymispPyMISP method) 9attributes_statistics() (pymispPyMISP
method) 9
Bbuild_complex_query() (pymispPyMISP
method) 9
Ccache_all_feeds() (pymispPyMISP method) 9cache_feed() (pymispPyMISP method) 9cache_freetext_feeds() (pymispPyMISP
method) 9cache_misp_feeds() (pymispPyMISP method) 9change_sharing_group_on_entity()
(pymispPyMISP method) 9change_user_password() (pymispPyMISP
method) 9clear() (pymispMISPAttribute method) 26clear() (pymispMISPEvent method) 24clear() (pymispMISPObject method) 28clear() (pymispMISPObjectAttribute method) 29clear() (pymispMISPObjectReference method) 31clear() (pymispMISPOrganisation method) 34clear() (pymispMISPTag method) 32clear() (pymispMISPUser method) 33
45
PyMISP Documentation Release main
clear() (pymisptoolsFileObject method) 37clear() (pymisptoolsVTReportObject method) 39communities() (pymispPyMISP method) 9compare_feeds() (pymispPyMISP method) 9contact_event_reporter() (pymispPyMISP
method) 9
Ddefault() (pymispMISPEncode method) 24delegate_event() (pymispPyMISP method) 10delete() (pymispMISPAttribute method) 26delete() (pymispMISPObjectAttribute method) 30delete_attribute() (pymispMISPEvent method)
24delete_attribute() (pymispPyMISP method) 10delete_attribute_proposal()
(pymispPyMISP method) 10delete_event() (pymispPyMISP method) 10delete_event_blacklist() (pymispPyMISP
method) 10delete_feed() (pymispPyMISP method) 10delete_object() (pymispPyMISP method) 10delete_object_reference() (pymispPyMISP
method) 10delete_organisation() (pymispPyMISP
method) 10delete_organisation_blacklist()
(pymispPyMISP method) 10delete_server() (pymispPyMISP method) 10delete_sharing_group() (pymispPyMISP
method) 10delete_sighting() (pymispPyMISP method) 10delete_tag() (pymispPyMISP method) 11delete_user() (pymispPyMISP method) 11delete_user_setting() (pymispPyMISP
method) 11describe_types_local() (pymispPyMISP prop-
erty) 11describe_types_remote() (pymispPyMISP
property) 11direct_call() (pymispPyMISP method) 11disable_feed() (pymispPyMISP method) 11disable_feed_cache() (pymispPyMISP method)
11disable_noticelist() (pymispPyMISP method)
11disable_tag() (pymispPyMISP method) 11disable_taxonomy() (pymispPyMISP method) 11disable_taxonomy_tags() (pymispPyMISP
method) 11disable_warninglist() (pymispPyMISP
method) 11discard_attribute_proposal()
(pymispPyMISP method) 12
Eedited() (pymispAbstractMISP property) 23edited() (pymispMISPAttribute property) 26edited() (pymispMISPEvent property) 24edited() (pymispMISPObject property) 28edited() (pymispMISPObjectAttribute property) 30edited() (pymispMISPObjectReference property) 31edited() (pymispMISPOrganisation property) 34edited() (pymispMISPTag property) 32edited() (pymispMISPUser property) 33edited() (pymisptoolsFileObject property) 37edited() (pymisptoolsVTReportObject property) 39enable_feed() (pymispPyMISP method) 12enable_feed_cache() (pymispPyMISP method)
12enable_noticelist() (pymispPyMISP method)
12enable_tag() (pymispPyMISP method) 12enable_taxonomy() (pymispPyMISP method) 12enable_taxonomy_tags() (pymispPyMISP
method) 12enable_warninglist() (pymispPyMISP method)
12event_blacklists() (pymispPyMISP method) 12event_delegations() (pymispPyMISP method)
12ExpandedPyMISP (in module pymisp) 23
Ffeeds() (pymispPyMISP method) 12fetch_feed() (pymispPyMISP method) 12FileObject (class in pymisptools) 37freetext() (pymispPyMISP method) 12from_dict() (pymispAbstractMISP method) 23from_dict() (pymispMISPAttribute method) 27from_dict() (pymispMISPEvent method) 25from_dict() (pymispMISPObject method) 28from_dict() (pymispMISPObjectAttribute method)
30from_dict() (pymispMISPObjectReference method)
31from_dict() (pymispMISPOrganisation method) 34from_dict() (pymispMISPTag method) 32from_dict() (pymispMISPUser method) 33from_dict() (pymisptoolsFileObject method) 37from_dict() (pymisptoolsVTReportObject method)
39from_json() (pymispAbstractMISP method) 23from_json() (pymispMISPAttribute method) 27from_json() (pymispMISPEvent method) 25from_json() (pymispMISPObject method) 28from_json() (pymispMISPObjectAttribute method)
30
46 Index
PyMISP Documentation Release main
from_json() (pymispMISPObjectReference method)31
from_json() (pymispMISPOrganisation method) 34from_json() (pymispMISPTag method) 32from_json() (pymispMISPUser method) 33from_json() (pymisptoolsFileObject method) 37from_json() (pymisptoolsVTReportObject method)
39
Ggalaxies() (pymispPyMISP method) 12generate_attributes() (pymisptoolsFileObject
method) 37generate_attributes()
(pymisptoolsVTReportObject method)39
get() (pymispMISPAttribute method) 27get() (pymispMISPEvent method) 25get() (pymispMISPObject method) 28get() (pymispMISPObjectAttribute method) 30get() (pymispMISPObjectReference method) 31get() (pymispMISPOrganisation method) 34get() (pymispMISPTag method) 32get() (pymispMISPUser method) 33get() (pymisptoolsFileObject method) 37get() (pymisptoolsVTReportObject method) 39get_all_functions() (pymispPyMISP method)
13get_attribute() (pymispPyMISP method) 13get_attribute_tag() (pymispMISPEvent
method) 25get_attributes_by_relation()
(pymispMISPObject method) 28get_attributes_by_relation()
(pymisptoolsFileObject method) 37get_attributes_by_relation()
(pymisptoolsVTReportObject method)39
get_community() (pymispPyMISP method) 13get_event() (pymispPyMISP method) 13get_feed() (pymispPyMISP method) 13get_galaxy() (pymispPyMISP method) 13get_noticelist() (pymispPyMISP method) 13get_object() (pymispPyMISP method) 13get_object_by_id() (pymispMISPEvent method)
25get_object_by_uuid() (pymispMISPEvent
method) 25get_object_template() (pymispPyMISP
method) 13get_objects_by_name() (pymispMISPEvent
method) 25get_organisation() (pymispPyMISP method) 13get_sync_config() (pymispPyMISP method) 13
get_tag() (pymispPyMISP method) 13get_taxonomy() (pymispPyMISP method) 13get_user() (pymispPyMISP method) 13get_user_setting() (pymispPyMISP method) 14get_warninglist() (pymispPyMISP method) 14
Hhas_attributes_by_relation()
(pymispMISPObject method) 28has_attributes_by_relation()
(pymisptoolsFileObject method) 37has_attributes_by_relation()
(pymisptoolsVTReportObject method)39
hash_values() (pymispMISPAttribute method) 27hash_values() (pymispMISPObjectAttribute
method) 30
Iimport_server() (pymispPyMISP method) 14items() (pymispMISPAttribute method) 27items() (pymispMISPEvent method) 25items() (pymispMISPObject method) 29items() (pymispMISPObjectAttribute method) 30items() (pymispMISPObjectReference method) 31items() (pymispMISPOrganisation method) 34items() (pymispMISPTag method) 32items() (pymispMISPUser method) 33items() (pymisptoolsFileObject method) 38items() (pymisptoolsVTReportObject method) 39
Jjsonable() (pymispAbstractMISP method) 23jsonable() (pymispMISPAttribute method) 27jsonable() (pymispMISPEvent method) 25jsonable() (pymispMISPObject method) 29jsonable() (pymispMISPObjectAttribute method)
30jsonable() (pymispMISPObjectReference method)
31jsonable() (pymispMISPOrganisation method) 34jsonable() (pymispMISPTag method) 32jsonable() (pymispMISPUser method) 33jsonable() (pymisptoolsFileObject method) 38jsonable() (pymisptoolsVTReportObject method)
39
Kkeys() (pymispMISPAttribute method) 27keys() (pymispMISPEvent method) 25keys() (pymispMISPObject method) 29keys() (pymispMISPObjectAttribute method) 30keys() (pymispMISPObjectReference method) 31keys() (pymispMISPOrganisation method) 34
Index 47
PyMISP Documentation Release main
keys() (pymispMISPTag method) 32keys() (pymispMISPUser method) 33keys() (pymisptoolsFileObject method) 38keys() (pymisptoolsVTReportObject method) 39known_types() (pymispMISPAttribute property) 27known_types() (pymispMISPObjectAttribute prop-
erty) 30
Lload() (pymispMISPEvent method) 25load_default_feeds() (pymispPyMISP method)
14load_file() (pymispMISPEvent method) 25load_openioc() (pymisptools method) 40load_openioc_file() (pymisptools method) 40load_stix() (in module pymisptoolsstix) 40
Mmake_stix_package() (in module
pymisptoolsstix) 40malware_binary() (pymispMISPAttribute prop-
erty) 27malware_binary() (pymispMISPObjectAttribute
property) 30misp_instance_version() (pymispPyMISP
property) 14misp_instance_version_master()
(pymispPyMISP property) 14MISPAttribute (class in pymisp) 26MISPEncode (class in pymisp) 24MISPEvent (class in pymisp) 24MISPObject (class in pymisp) 28MISPObjectAttribute (class in pymisp) 29MISPObjectReference (class in pymisp) 31MISPOrganisation (class in pymisp) 34MISPTag (class in pymisp) 32MISPUser (class in pymisp) 33module
pymisp 7pymisptools 37pymisptoolsstix 40
Nnoticelists() (pymispPyMISP method) 14
Oobject_templates() (pymispPyMISP method) 14organisation_blacklists() (pymispPyMISP
method) 14organisations() (pymispPyMISP method) 14
Ppop() (pymispMISPAttribute method) 27
pop() (pymispMISPEvent method) 25pop() (pymispMISPObject method) 29pop() (pymispMISPObjectAttribute method) 30pop() (pymispMISPObjectReference method) 31pop() (pymispMISPOrganisation method) 34pop() (pymispMISPTag method) 32pop() (pymispMISPUser method) 33pop() (pymisptoolsFileObject method) 38pop() (pymisptoolsVTReportObject method) 39popitem() (pymispMISPAttribute method) 27popitem() (pymispMISPEvent method) 25popitem() (pymispMISPObject method) 29popitem() (pymispMISPObjectAttribute method) 30popitem() (pymispMISPObjectReference method) 31popitem() (pymispMISPOrganisation method) 34popitem() (pymispMISPTag method) 32popitem() (pymispMISPUser method) 33popitem() (pymisptoolsFileObject method) 38popitem() (pymisptoolsVTReportObject method) 39publish() (pymispMISPEvent method) 25publish() (pymispPyMISP method) 14push_event_to_ZMQ() (pymispPyMISP method)
14pymisp
module 7PyMISP (class in pymisp) 7pymisptools
module 37pymisptoolsstix
module 40pymisp_version_main() (pymispPyMISP prop-
erty) 15
Rrecommended_pymisp_version()
(pymispPyMISP property) 15remote_acl() (pymispPyMISP method) 15remove_org_from_sharing_group()
(pymispPyMISP method) 15remove_server_from_sharing_group()
(pymispPyMISP method) 15roles() (pymispPyMISP method) 15
Ssearch() (pymispPyMISP method) 15search_feeds() (pymispPyMISP method) 17search_index() (pymispPyMISP method) 18search_logs() (pymispPyMISP method) 18search_sightings() (pymispPyMISP method) 19server_pull() (pymispPyMISP method) 20server_push() (pymispPyMISP method) 20servers() (pymispPyMISP method) 20set_date() (pymispMISPEvent method) 25
48 Index
PyMISP Documentation Release main
set_not_jsonable() (pymispAbstractMISPmethod) 23
set_not_jsonable() (pymispMISPAttributemethod) 27
set_not_jsonable() (pymispMISPEvent method)25
set_not_jsonable() (pymispMISPObjectmethod) 29
set_not_jsonable() (pymispMISPObjectAttributemethod) 30
set_not_jsonable()(pymispMISPObjectReference method)31
set_not_jsonable() (pymispMISPOrganisationmethod) 35
set_not_jsonable() (pymispMISPTag method)32
set_not_jsonable() (pymispMISPUser method)33
set_not_jsonable() (pymisptoolsFileObjectmethod) 38
set_not_jsonable()(pymisptoolsVTReportObject method)39
set_user_setting() (pymispPyMISP method) 20setdefault() (pymispMISPAttribute method) 27setdefault() (pymispMISPEvent method) 25setdefault() (pymispMISPObject method) 29setdefault() (pymispMISPObjectAttribute
method) 30setdefault() (pymispMISPObjectReference
method) 31setdefault() (pymispMISPOrganisation method)
35setdefault() (pymispMISPTag method) 33setdefault() (pymispMISPUser method) 34setdefault() (pymisptoolsFileObject method) 38setdefault() (pymisptoolsVTReportObject
method) 40sharing_groups() (pymispPyMISP method) 20sightings() (pymispPyMISP method) 20
Ttag() (pymispPyMISP method) 20tags() (pymispMISPAttribute property) 27tags() (pymispMISPEvent property) 26tags() (pymispMISPObjectAttribute property) 30tags() (pymispPyMISP method) 20tags_statistics() (pymispPyMISP method) 20taxonomies() (pymispPyMISP method) 20to_dict() (pymispAbstractMISP method) 23to_dict() (pymispMISPAttribute method) 27to_dict() (pymispMISPEvent method) 26to_dict() (pymispMISPObject method) 29
to_dict() (pymispMISPObjectAttribute method) 30to_dict() (pymispMISPObjectReference method) 32to_dict() (pymispMISPOrganisation method) 35to_dict() (pymispMISPTag method) 33to_dict() (pymispMISPUser method) 34to_dict() (pymisptoolsFileObject method) 38to_dict() (pymisptoolsVTReportObject method) 40to_feed() (pymispMISPEvent method) 26to_json() (pymispAbstractMISP method) 23to_json() (pymispMISPAttribute method) 27to_json() (pymispMISPEvent method) 26to_json() (pymispMISPObject method) 29to_json() (pymispMISPObjectAttribute method) 31to_json() (pymispMISPObjectReference method) 32to_json() (pymispMISPOrganisation method) 35to_json() (pymispMISPTag method) 33to_json() (pymispMISPUser method) 34to_json() (pymisptoolsFileObject method) 38to_json() (pymisptoolsVTReportObject method) 40toggle_warninglist() (pymispPyMISP method)
20
Uunpublish() (pymispMISPEvent method) 26untag() (pymispPyMISP method) 21update() (pymispMISPAttribute method) 28update() (pymispMISPEvent method) 26update() (pymispMISPObject method) 29update() (pymispMISPObjectAttribute method) 31update() (pymispMISPObjectReference method) 32update() (pymispMISPOrganisation method) 35update() (pymispMISPTag method) 33update() (pymispMISPUser method) 34update() (pymisptoolsFileObject method) 38update() (pymisptoolsVTReportObject method) 40update_attribute() (pymispPyMISP method) 21update_attribute_proposal()
(pymispPyMISP method) 21update_event() (pymispPyMISP method) 21update_event_blacklist() (pymispPyMISP
method) 21update_feed() (pymispPyMISP method) 21update_galaxies() (pymispPyMISP method) 21update_not_jsonable() (pymispAbstractMISP
method) 23update_not_jsonable() (pymispMISPAttribute
method) 28update_not_jsonable() (pymispMISPEvent
method) 26update_not_jsonable() (pymispMISPObject
method) 29update_not_jsonable()
(pymispMISPObjectAttribute method) 31
Index 49
PyMISP Documentation Release main
update_not_jsonable()(pymispMISPObjectReference method)32
update_not_jsonable()(pymispMISPOrganisation method) 35
update_not_jsonable() (pymispMISPTagmethod) 33
update_not_jsonable() (pymispMISPUsermethod) 34
update_not_jsonable() (pymisptoolsFileObjectmethod) 38
update_not_jsonable()(pymisptoolsVTReportObject method)40
update_noticelists() (pymispPyMISP method)21
update_object() (pymispPyMISP method) 21update_object_templates() (pymispPyMISP
method) 21update_organisation() (pymispPyMISP
method) 21update_organisation_blacklist()
(pymispPyMISP method) 21update_server() (pymispPyMISP method) 22update_tag() (pymispPyMISP method) 22update_taxonomies() (pymispPyMISP method)
22update_user() (pymispPyMISP method) 22update_warninglists() (pymispPyMISP
method) 22upload_stix() (pymispPyMISP method) 22user_registrations() (pymispPyMISP method)
22user_settings() (pymispPyMISP method) 22users() (pymispPyMISP method) 22users_statistics() (pymispPyMISP method) 22
Vvalues() (pymispMISPAttribute method) 28values() (pymispMISPEvent method) 26values() (pymispMISPObject method) 29values() (pymispMISPObjectAttribute method) 31values() (pymispMISPObjectReference method) 32values() (pymispMISPOrganisation method) 35values() (pymispMISPTag method) 33values() (pymispMISPUser method) 34values() (pymisptoolsFileObject method) 38values() (pymisptoolsVTReportObject method) 40values_in_warninglist() (pymispPyMISP
method) 22version() (pymispPyMISP property) 22VTReportObject (class in pymisptools) 38
Wwarninglists() (pymispPyMISP method) 22
50 Index
- README
- pymisp
- PyMISP
- PyMISPExpanded (Python 36+ only)
- MISPAbstract
- MISPEncode
- MISPEvent
- MISPAttribute
- MISPObject
- MISPObjectAttribute
- MISPObjectReference
- MISPTag
- MISPUser
- MISPOrganisation
- pymisp - Tools
- File Object
- ELF Object
- PE Object
- Mach-O Object
- VT Report Object
- STIX
- OpenIOC
- Indices and tables
- Python Module Index
- Index
PyMISP Documentation Release main
44 Python Module Index
INDEX
AAbstractMISP (class in pymisp) 23accept_attribute_proposal()
(pymispPyMISP method) 7add_attribute() (pymispMISPEvent method) 24add_attribute() (pymispMISPObject method) 28add_attribute() (pymispPyMISP method) 7add_attribute() (pymisptoolsFileObject method)
37add_attribute() (pymisptoolsVTReportObject
method) 39add_attribute_proposal() (pymispPyMISP
method) 7add_attribute_tag() (pymispMISPEvent
method) 24add_attributes() (pymispMISPObject method)
28add_attributes() (pymisptoolsFileObject
method) 37add_attributes() (pymisptoolsVTReportObject
method) 39add_event() (pymispPyMISP method) 7add_event_blacklist() (pymispPyMISP
method) 8add_feed() (pymispPyMISP method) 8add_object() (pymispMISPEvent method) 24add_object() (pymispPyMISP method) 8add_object_reference() (pymispPyMISP
method) 8add_org_to_sharing_group() (pymispPyMISP
method) 8add_organisation() (pymispPyMISP method) 8add_organisation_blacklist()
(pymispPyMISP method) 8add_proposal() (pymispMISPAttribute method) 26add_proposal() (pymispMISPEvent method) 24add_proposal() (pymispMISPObjectAttribute
method) 29add_reference() (pymispMISPObject method) 28add_reference() (pymisptoolsFileObject method)
37add_reference() (pymisptoolsVTReportObject
method) 39add_server() (pymispPyMISP method) 8add_server_to_sharing_group()
(pymispPyMISP method) 8add_shadow_attribute() (pymispMISPAttribute
method) 26add_shadow_attribute() (pymispMISPEvent
method) 24add_shadow_attribute()
(pymispMISPObjectAttribute method) 29add_sharing_group() (pymispPyMISP method) 8add_sighting() (pymispMISPAttribute method) 26add_sighting() (pymispMISPObjectAttribute
method) 29add_sighting() (pymispPyMISP method) 8add_tag() (pymispPyMISP method) 8add_user() (pymispPyMISP method) 9attributes_statistics() (pymispPyMISP
method) 9
Bbuild_complex_query() (pymispPyMISP
method) 9
Ccache_all_feeds() (pymispPyMISP method) 9cache_feed() (pymispPyMISP method) 9cache_freetext_feeds() (pymispPyMISP
method) 9cache_misp_feeds() (pymispPyMISP method) 9change_sharing_group_on_entity()
(pymispPyMISP method) 9change_user_password() (pymispPyMISP
method) 9clear() (pymispMISPAttribute method) 26clear() (pymispMISPEvent method) 24clear() (pymispMISPObject method) 28clear() (pymispMISPObjectAttribute method) 29clear() (pymispMISPObjectReference method) 31clear() (pymispMISPOrganisation method) 34clear() (pymispMISPTag method) 32clear() (pymispMISPUser method) 33
45
PyMISP Documentation Release main
clear() (pymisptoolsFileObject method) 37clear() (pymisptoolsVTReportObject method) 39communities() (pymispPyMISP method) 9compare_feeds() (pymispPyMISP method) 9contact_event_reporter() (pymispPyMISP
method) 9
Ddefault() (pymispMISPEncode method) 24delegate_event() (pymispPyMISP method) 10delete() (pymispMISPAttribute method) 26delete() (pymispMISPObjectAttribute method) 30delete_attribute() (pymispMISPEvent method)
24delete_attribute() (pymispPyMISP method) 10delete_attribute_proposal()
(pymispPyMISP method) 10delete_event() (pymispPyMISP method) 10delete_event_blacklist() (pymispPyMISP
method) 10delete_feed() (pymispPyMISP method) 10delete_object() (pymispPyMISP method) 10delete_object_reference() (pymispPyMISP
method) 10delete_organisation() (pymispPyMISP
method) 10delete_organisation_blacklist()
(pymispPyMISP method) 10delete_server() (pymispPyMISP method) 10delete_sharing_group() (pymispPyMISP
method) 10delete_sighting() (pymispPyMISP method) 10delete_tag() (pymispPyMISP method) 11delete_user() (pymispPyMISP method) 11delete_user_setting() (pymispPyMISP
method) 11describe_types_local() (pymispPyMISP prop-
erty) 11describe_types_remote() (pymispPyMISP
property) 11direct_call() (pymispPyMISP method) 11disable_feed() (pymispPyMISP method) 11disable_feed_cache() (pymispPyMISP method)
11disable_noticelist() (pymispPyMISP method)
11disable_tag() (pymispPyMISP method) 11disable_taxonomy() (pymispPyMISP method) 11disable_taxonomy_tags() (pymispPyMISP
method) 11disable_warninglist() (pymispPyMISP
method) 11discard_attribute_proposal()
(pymispPyMISP method) 12
Eedited() (pymispAbstractMISP property) 23edited() (pymispMISPAttribute property) 26edited() (pymispMISPEvent property) 24edited() (pymispMISPObject property) 28edited() (pymispMISPObjectAttribute property) 30edited() (pymispMISPObjectReference property) 31edited() (pymispMISPOrganisation property) 34edited() (pymispMISPTag property) 32edited() (pymispMISPUser property) 33edited() (pymisptoolsFileObject property) 37edited() (pymisptoolsVTReportObject property) 39enable_feed() (pymispPyMISP method) 12enable_feed_cache() (pymispPyMISP method)
12enable_noticelist() (pymispPyMISP method)
12enable_tag() (pymispPyMISP method) 12enable_taxonomy() (pymispPyMISP method) 12enable_taxonomy_tags() (pymispPyMISP
method) 12enable_warninglist() (pymispPyMISP method)
12event_blacklists() (pymispPyMISP method) 12event_delegations() (pymispPyMISP method)
12ExpandedPyMISP (in module pymisp) 23
Ffeeds() (pymispPyMISP method) 12fetch_feed() (pymispPyMISP method) 12FileObject (class in pymisptools) 37freetext() (pymispPyMISP method) 12from_dict() (pymispAbstractMISP method) 23from_dict() (pymispMISPAttribute method) 27from_dict() (pymispMISPEvent method) 25from_dict() (pymispMISPObject method) 28from_dict() (pymispMISPObjectAttribute method)
30from_dict() (pymispMISPObjectReference method)
31from_dict() (pymispMISPOrganisation method) 34from_dict() (pymispMISPTag method) 32from_dict() (pymispMISPUser method) 33from_dict() (pymisptoolsFileObject method) 37from_dict() (pymisptoolsVTReportObject method)
39from_json() (pymispAbstractMISP method) 23from_json() (pymispMISPAttribute method) 27from_json() (pymispMISPEvent method) 25from_json() (pymispMISPObject method) 28from_json() (pymispMISPObjectAttribute method)
30
46 Index
PyMISP Documentation Release main
from_json() (pymispMISPObjectReference method)31
from_json() (pymispMISPOrganisation method) 34from_json() (pymispMISPTag method) 32from_json() (pymispMISPUser method) 33from_json() (pymisptoolsFileObject method) 37from_json() (pymisptoolsVTReportObject method)
39
Ggalaxies() (pymispPyMISP method) 12generate_attributes() (pymisptoolsFileObject
method) 37generate_attributes()
(pymisptoolsVTReportObject method)39
get() (pymispMISPAttribute method) 27get() (pymispMISPEvent method) 25get() (pymispMISPObject method) 28get() (pymispMISPObjectAttribute method) 30get() (pymispMISPObjectReference method) 31get() (pymispMISPOrganisation method) 34get() (pymispMISPTag method) 32get() (pymispMISPUser method) 33get() (pymisptoolsFileObject method) 37get() (pymisptoolsVTReportObject method) 39get_all_functions() (pymispPyMISP method)
13get_attribute() (pymispPyMISP method) 13get_attribute_tag() (pymispMISPEvent
method) 25get_attributes_by_relation()
(pymispMISPObject method) 28get_attributes_by_relation()
(pymisptoolsFileObject method) 37get_attributes_by_relation()
(pymisptoolsVTReportObject method)39
get_community() (pymispPyMISP method) 13get_event() (pymispPyMISP method) 13get_feed() (pymispPyMISP method) 13get_galaxy() (pymispPyMISP method) 13get_noticelist() (pymispPyMISP method) 13get_object() (pymispPyMISP method) 13get_object_by_id() (pymispMISPEvent method)
25get_object_by_uuid() (pymispMISPEvent
method) 25get_object_template() (pymispPyMISP
method) 13get_objects_by_name() (pymispMISPEvent
method) 25get_organisation() (pymispPyMISP method) 13get_sync_config() (pymispPyMISP method) 13
get_tag() (pymispPyMISP method) 13get_taxonomy() (pymispPyMISP method) 13get_user() (pymispPyMISP method) 13get_user_setting() (pymispPyMISP method) 14get_warninglist() (pymispPyMISP method) 14
Hhas_attributes_by_relation()
(pymispMISPObject method) 28has_attributes_by_relation()
(pymisptoolsFileObject method) 37has_attributes_by_relation()
(pymisptoolsVTReportObject method)39
hash_values() (pymispMISPAttribute method) 27hash_values() (pymispMISPObjectAttribute
method) 30
Iimport_server() (pymispPyMISP method) 14items() (pymispMISPAttribute method) 27items() (pymispMISPEvent method) 25items() (pymispMISPObject method) 29items() (pymispMISPObjectAttribute method) 30items() (pymispMISPObjectReference method) 31items() (pymispMISPOrganisation method) 34items() (pymispMISPTag method) 32items() (pymispMISPUser method) 33items() (pymisptoolsFileObject method) 38items() (pymisptoolsVTReportObject method) 39
Jjsonable() (pymispAbstractMISP method) 23jsonable() (pymispMISPAttribute method) 27jsonable() (pymispMISPEvent method) 25jsonable() (pymispMISPObject method) 29jsonable() (pymispMISPObjectAttribute method)
30jsonable() (pymispMISPObjectReference method)
31jsonable() (pymispMISPOrganisation method) 34jsonable() (pymispMISPTag method) 32jsonable() (pymispMISPUser method) 33jsonable() (pymisptoolsFileObject method) 38jsonable() (pymisptoolsVTReportObject method)
39
Kkeys() (pymispMISPAttribute method) 27keys() (pymispMISPEvent method) 25keys() (pymispMISPObject method) 29keys() (pymispMISPObjectAttribute method) 30keys() (pymispMISPObjectReference method) 31keys() (pymispMISPOrganisation method) 34
Index 47
PyMISP Documentation Release main
keys() (pymispMISPTag method) 32keys() (pymispMISPUser method) 33keys() (pymisptoolsFileObject method) 38keys() (pymisptoolsVTReportObject method) 39known_types() (pymispMISPAttribute property) 27known_types() (pymispMISPObjectAttribute prop-
erty) 30
Lload() (pymispMISPEvent method) 25load_default_feeds() (pymispPyMISP method)
14load_file() (pymispMISPEvent method) 25load_openioc() (pymisptools method) 40load_openioc_file() (pymisptools method) 40load_stix() (in module pymisptoolsstix) 40
Mmake_stix_package() (in module
pymisptoolsstix) 40malware_binary() (pymispMISPAttribute prop-
erty) 27malware_binary() (pymispMISPObjectAttribute
property) 30misp_instance_version() (pymispPyMISP
property) 14misp_instance_version_master()
(pymispPyMISP property) 14MISPAttribute (class in pymisp) 26MISPEncode (class in pymisp) 24MISPEvent (class in pymisp) 24MISPObject (class in pymisp) 28MISPObjectAttribute (class in pymisp) 29MISPObjectReference (class in pymisp) 31MISPOrganisation (class in pymisp) 34MISPTag (class in pymisp) 32MISPUser (class in pymisp) 33module
pymisp 7pymisptools 37pymisptoolsstix 40
Nnoticelists() (pymispPyMISP method) 14
Oobject_templates() (pymispPyMISP method) 14organisation_blacklists() (pymispPyMISP
method) 14organisations() (pymispPyMISP method) 14
Ppop() (pymispMISPAttribute method) 27
pop() (pymispMISPEvent method) 25pop() (pymispMISPObject method) 29pop() (pymispMISPObjectAttribute method) 30pop() (pymispMISPObjectReference method) 31pop() (pymispMISPOrganisation method) 34pop() (pymispMISPTag method) 32pop() (pymispMISPUser method) 33pop() (pymisptoolsFileObject method) 38pop() (pymisptoolsVTReportObject method) 39popitem() (pymispMISPAttribute method) 27popitem() (pymispMISPEvent method) 25popitem() (pymispMISPObject method) 29popitem() (pymispMISPObjectAttribute method) 30popitem() (pymispMISPObjectReference method) 31popitem() (pymispMISPOrganisation method) 34popitem() (pymispMISPTag method) 32popitem() (pymispMISPUser method) 33popitem() (pymisptoolsFileObject method) 38popitem() (pymisptoolsVTReportObject method) 39publish() (pymispMISPEvent method) 25publish() (pymispPyMISP method) 14push_event_to_ZMQ() (pymispPyMISP method)
14pymisp
module 7PyMISP (class in pymisp) 7pymisptools
module 37pymisptoolsstix
module 40pymisp_version_main() (pymispPyMISP prop-
erty) 15
Rrecommended_pymisp_version()
(pymispPyMISP property) 15remote_acl() (pymispPyMISP method) 15remove_org_from_sharing_group()
(pymispPyMISP method) 15remove_server_from_sharing_group()
(pymispPyMISP method) 15roles() (pymispPyMISP method) 15
Ssearch() (pymispPyMISP method) 15search_feeds() (pymispPyMISP method) 17search_index() (pymispPyMISP method) 18search_logs() (pymispPyMISP method) 18search_sightings() (pymispPyMISP method) 19server_pull() (pymispPyMISP method) 20server_push() (pymispPyMISP method) 20servers() (pymispPyMISP method) 20set_date() (pymispMISPEvent method) 25
48 Index
PyMISP Documentation Release main
set_not_jsonable() (pymispAbstractMISPmethod) 23
set_not_jsonable() (pymispMISPAttributemethod) 27
set_not_jsonable() (pymispMISPEvent method)25
set_not_jsonable() (pymispMISPObjectmethod) 29
set_not_jsonable() (pymispMISPObjectAttributemethod) 30
set_not_jsonable()(pymispMISPObjectReference method)31
set_not_jsonable() (pymispMISPOrganisationmethod) 35
set_not_jsonable() (pymispMISPTag method)32
set_not_jsonable() (pymispMISPUser method)33
set_not_jsonable() (pymisptoolsFileObjectmethod) 38
set_not_jsonable()(pymisptoolsVTReportObject method)39
set_user_setting() (pymispPyMISP method) 20setdefault() (pymispMISPAttribute method) 27setdefault() (pymispMISPEvent method) 25setdefault() (pymispMISPObject method) 29setdefault() (pymispMISPObjectAttribute
method) 30setdefault() (pymispMISPObjectReference
method) 31setdefault() (pymispMISPOrganisation method)
35setdefault() (pymispMISPTag method) 33setdefault() (pymispMISPUser method) 34setdefault() (pymisptoolsFileObject method) 38setdefault() (pymisptoolsVTReportObject
method) 40sharing_groups() (pymispPyMISP method) 20sightings() (pymispPyMISP method) 20
Ttag() (pymispPyMISP method) 20tags() (pymispMISPAttribute property) 27tags() (pymispMISPEvent property) 26tags() (pymispMISPObjectAttribute property) 30tags() (pymispPyMISP method) 20tags_statistics() (pymispPyMISP method) 20taxonomies() (pymispPyMISP method) 20to_dict() (pymispAbstractMISP method) 23to_dict() (pymispMISPAttribute method) 27to_dict() (pymispMISPEvent method) 26to_dict() (pymispMISPObject method) 29
to_dict() (pymispMISPObjectAttribute method) 30to_dict() (pymispMISPObjectReference method) 32to_dict() (pymispMISPOrganisation method) 35to_dict() (pymispMISPTag method) 33to_dict() (pymispMISPUser method) 34to_dict() (pymisptoolsFileObject method) 38to_dict() (pymisptoolsVTReportObject method) 40to_feed() (pymispMISPEvent method) 26to_json() (pymispAbstractMISP method) 23to_json() (pymispMISPAttribute method) 27to_json() (pymispMISPEvent method) 26to_json() (pymispMISPObject method) 29to_json() (pymispMISPObjectAttribute method) 31to_json() (pymispMISPObjectReference method) 32to_json() (pymispMISPOrganisation method) 35to_json() (pymispMISPTag method) 33to_json() (pymispMISPUser method) 34to_json() (pymisptoolsFileObject method) 38to_json() (pymisptoolsVTReportObject method) 40toggle_warninglist() (pymispPyMISP method)
20
Uunpublish() (pymispMISPEvent method) 26untag() (pymispPyMISP method) 21update() (pymispMISPAttribute method) 28update() (pymispMISPEvent method) 26update() (pymispMISPObject method) 29update() (pymispMISPObjectAttribute method) 31update() (pymispMISPObjectReference method) 32update() (pymispMISPOrganisation method) 35update() (pymispMISPTag method) 33update() (pymispMISPUser method) 34update() (pymisptoolsFileObject method) 38update() (pymisptoolsVTReportObject method) 40update_attribute() (pymispPyMISP method) 21update_attribute_proposal()
(pymispPyMISP method) 21update_event() (pymispPyMISP method) 21update_event_blacklist() (pymispPyMISP
method) 21update_feed() (pymispPyMISP method) 21update_galaxies() (pymispPyMISP method) 21update_not_jsonable() (pymispAbstractMISP
method) 23update_not_jsonable() (pymispMISPAttribute
method) 28update_not_jsonable() (pymispMISPEvent
method) 26update_not_jsonable() (pymispMISPObject
method) 29update_not_jsonable()
(pymispMISPObjectAttribute method) 31
Index 49
PyMISP Documentation Release main
update_not_jsonable()(pymispMISPObjectReference method)32
update_not_jsonable()(pymispMISPOrganisation method) 35
update_not_jsonable() (pymispMISPTagmethod) 33
update_not_jsonable() (pymispMISPUsermethod) 34
update_not_jsonable() (pymisptoolsFileObjectmethod) 38
update_not_jsonable()(pymisptoolsVTReportObject method)40
update_noticelists() (pymispPyMISP method)21
update_object() (pymispPyMISP method) 21update_object_templates() (pymispPyMISP
method) 21update_organisation() (pymispPyMISP
method) 21update_organisation_blacklist()
(pymispPyMISP method) 21update_server() (pymispPyMISP method) 22update_tag() (pymispPyMISP method) 22update_taxonomies() (pymispPyMISP method)
22update_user() (pymispPyMISP method) 22update_warninglists() (pymispPyMISP
method) 22upload_stix() (pymispPyMISP method) 22user_registrations() (pymispPyMISP method)
22user_settings() (pymispPyMISP method) 22users() (pymispPyMISP method) 22users_statistics() (pymispPyMISP method) 22
Vvalues() (pymispMISPAttribute method) 28values() (pymispMISPEvent method) 26values() (pymispMISPObject method) 29values() (pymispMISPObjectAttribute method) 31values() (pymispMISPObjectReference method) 32values() (pymispMISPOrganisation method) 35values() (pymispMISPTag method) 33values() (pymispMISPUser method) 34values() (pymisptoolsFileObject method) 38values() (pymisptoolsVTReportObject method) 40values_in_warninglist() (pymispPyMISP
method) 22version() (pymispPyMISP property) 22VTReportObject (class in pymisptools) 38
Wwarninglists() (pymispPyMISP method) 22
50 Index
- README
- pymisp
- PyMISP
- PyMISPExpanded (Python 36+ only)
- MISPAbstract
- MISPEncode
- MISPEvent
- MISPAttribute
- MISPObject
- MISPObjectAttribute
- MISPObjectReference
- MISPTag
- MISPUser
- MISPOrganisation
- pymisp - Tools
- File Object
- ELF Object
- PE Object
- Mach-O Object
- VT Report Object
- STIX
- OpenIOC
- Indices and tables
- Python Module Index
- Index
INDEX
AAbstractMISP (class in pymisp) 23accept_attribute_proposal()
(pymispPyMISP method) 7add_attribute() (pymispMISPEvent method) 24add_attribute() (pymispMISPObject method) 28add_attribute() (pymispPyMISP method) 7add_attribute() (pymisptoolsFileObject method)
37add_attribute() (pymisptoolsVTReportObject
method) 39add_attribute_proposal() (pymispPyMISP
method) 7add_attribute_tag() (pymispMISPEvent
method) 24add_attributes() (pymispMISPObject method)
28add_attributes() (pymisptoolsFileObject
method) 37add_attributes() (pymisptoolsVTReportObject
method) 39add_event() (pymispPyMISP method) 7add_event_blacklist() (pymispPyMISP
method) 8add_feed() (pymispPyMISP method) 8add_object() (pymispMISPEvent method) 24add_object() (pymispPyMISP method) 8add_object_reference() (pymispPyMISP
method) 8add_org_to_sharing_group() (pymispPyMISP
method) 8add_organisation() (pymispPyMISP method) 8add_organisation_blacklist()
(pymispPyMISP method) 8add_proposal() (pymispMISPAttribute method) 26add_proposal() (pymispMISPEvent method) 24add_proposal() (pymispMISPObjectAttribute
method) 29add_reference() (pymispMISPObject method) 28add_reference() (pymisptoolsFileObject method)
37add_reference() (pymisptoolsVTReportObject
method) 39add_server() (pymispPyMISP method) 8add_server_to_sharing_group()
(pymispPyMISP method) 8add_shadow_attribute() (pymispMISPAttribute
method) 26add_shadow_attribute() (pymispMISPEvent
method) 24add_shadow_attribute()
(pymispMISPObjectAttribute method) 29add_sharing_group() (pymispPyMISP method) 8add_sighting() (pymispMISPAttribute method) 26add_sighting() (pymispMISPObjectAttribute
method) 29add_sighting() (pymispPyMISP method) 8add_tag() (pymispPyMISP method) 8add_user() (pymispPyMISP method) 9attributes_statistics() (pymispPyMISP
method) 9
Bbuild_complex_query() (pymispPyMISP
method) 9
Ccache_all_feeds() (pymispPyMISP method) 9cache_feed() (pymispPyMISP method) 9cache_freetext_feeds() (pymispPyMISP
method) 9cache_misp_feeds() (pymispPyMISP method) 9change_sharing_group_on_entity()
(pymispPyMISP method) 9change_user_password() (pymispPyMISP
method) 9clear() (pymispMISPAttribute method) 26clear() (pymispMISPEvent method) 24clear() (pymispMISPObject method) 28clear() (pymispMISPObjectAttribute method) 29clear() (pymispMISPObjectReference method) 31clear() (pymispMISPOrganisation method) 34clear() (pymispMISPTag method) 32clear() (pymispMISPUser method) 33
45
PyMISP Documentation Release main
clear() (pymisptoolsFileObject method) 37clear() (pymisptoolsVTReportObject method) 39communities() (pymispPyMISP method) 9compare_feeds() (pymispPyMISP method) 9contact_event_reporter() (pymispPyMISP
method) 9
Ddefault() (pymispMISPEncode method) 24delegate_event() (pymispPyMISP method) 10delete() (pymispMISPAttribute method) 26delete() (pymispMISPObjectAttribute method) 30delete_attribute() (pymispMISPEvent method)
24delete_attribute() (pymispPyMISP method) 10delete_attribute_proposal()
(pymispPyMISP method) 10delete_event() (pymispPyMISP method) 10delete_event_blacklist() (pymispPyMISP
method) 10delete_feed() (pymispPyMISP method) 10delete_object() (pymispPyMISP method) 10delete_object_reference() (pymispPyMISP
method) 10delete_organisation() (pymispPyMISP
method) 10delete_organisation_blacklist()
(pymispPyMISP method) 10delete_server() (pymispPyMISP method) 10delete_sharing_group() (pymispPyMISP
method) 10delete_sighting() (pymispPyMISP method) 10delete_tag() (pymispPyMISP method) 11delete_user() (pymispPyMISP method) 11delete_user_setting() (pymispPyMISP
method) 11describe_types_local() (pymispPyMISP prop-
erty) 11describe_types_remote() (pymispPyMISP
property) 11direct_call() (pymispPyMISP method) 11disable_feed() (pymispPyMISP method) 11disable_feed_cache() (pymispPyMISP method)
11disable_noticelist() (pymispPyMISP method)
11disable_tag() (pymispPyMISP method) 11disable_taxonomy() (pymispPyMISP method) 11disable_taxonomy_tags() (pymispPyMISP
method) 11disable_warninglist() (pymispPyMISP
method) 11discard_attribute_proposal()
(pymispPyMISP method) 12
Eedited() (pymispAbstractMISP property) 23edited() (pymispMISPAttribute property) 26edited() (pymispMISPEvent property) 24edited() (pymispMISPObject property) 28edited() (pymispMISPObjectAttribute property) 30edited() (pymispMISPObjectReference property) 31edited() (pymispMISPOrganisation property) 34edited() (pymispMISPTag property) 32edited() (pymispMISPUser property) 33edited() (pymisptoolsFileObject property) 37edited() (pymisptoolsVTReportObject property) 39enable_feed() (pymispPyMISP method) 12enable_feed_cache() (pymispPyMISP method)
12enable_noticelist() (pymispPyMISP method)
12enable_tag() (pymispPyMISP method) 12enable_taxonomy() (pymispPyMISP method) 12enable_taxonomy_tags() (pymispPyMISP
method) 12enable_warninglist() (pymispPyMISP method)
12event_blacklists() (pymispPyMISP method) 12event_delegations() (pymispPyMISP method)
12ExpandedPyMISP (in module pymisp) 23
Ffeeds() (pymispPyMISP method) 12fetch_feed() (pymispPyMISP method) 12FileObject (class in pymisptools) 37freetext() (pymispPyMISP method) 12from_dict() (pymispAbstractMISP method) 23from_dict() (pymispMISPAttribute method) 27from_dict() (pymispMISPEvent method) 25from_dict() (pymispMISPObject method) 28from_dict() (pymispMISPObjectAttribute method)
30from_dict() (pymispMISPObjectReference method)
31from_dict() (pymispMISPOrganisation method) 34from_dict() (pymispMISPTag method) 32from_dict() (pymispMISPUser method) 33from_dict() (pymisptoolsFileObject method) 37from_dict() (pymisptoolsVTReportObject method)
39from_json() (pymispAbstractMISP method) 23from_json() (pymispMISPAttribute method) 27from_json() (pymispMISPEvent method) 25from_json() (pymispMISPObject method) 28from_json() (pymispMISPObjectAttribute method)
30
46 Index
PyMISP Documentation Release main
from_json() (pymispMISPObjectReference method)31
from_json() (pymispMISPOrganisation method) 34from_json() (pymispMISPTag method) 32from_json() (pymispMISPUser method) 33from_json() (pymisptoolsFileObject method) 37from_json() (pymisptoolsVTReportObject method)
39
Ggalaxies() (pymispPyMISP method) 12generate_attributes() (pymisptoolsFileObject
method) 37generate_attributes()
(pymisptoolsVTReportObject method)39
get() (pymispMISPAttribute method) 27get() (pymispMISPEvent method) 25get() (pymispMISPObject method) 28get() (pymispMISPObjectAttribute method) 30get() (pymispMISPObjectReference method) 31get() (pymispMISPOrganisation method) 34get() (pymispMISPTag method) 32get() (pymispMISPUser method) 33get() (pymisptoolsFileObject method) 37get() (pymisptoolsVTReportObject method) 39get_all_functions() (pymispPyMISP method)
13get_attribute() (pymispPyMISP method) 13get_attribute_tag() (pymispMISPEvent
method) 25get_attributes_by_relation()
(pymispMISPObject method) 28get_attributes_by_relation()
(pymisptoolsFileObject method) 37get_attributes_by_relation()
(pymisptoolsVTReportObject method)39
get_community() (pymispPyMISP method) 13get_event() (pymispPyMISP method) 13get_feed() (pymispPyMISP method) 13get_galaxy() (pymispPyMISP method) 13get_noticelist() (pymispPyMISP method) 13get_object() (pymispPyMISP method) 13get_object_by_id() (pymispMISPEvent method)
25get_object_by_uuid() (pymispMISPEvent
method) 25get_object_template() (pymispPyMISP
method) 13get_objects_by_name() (pymispMISPEvent
method) 25get_organisation() (pymispPyMISP method) 13get_sync_config() (pymispPyMISP method) 13
get_tag() (pymispPyMISP method) 13get_taxonomy() (pymispPyMISP method) 13get_user() (pymispPyMISP method) 13get_user_setting() (pymispPyMISP method) 14get_warninglist() (pymispPyMISP method) 14
Hhas_attributes_by_relation()
(pymispMISPObject method) 28has_attributes_by_relation()
(pymisptoolsFileObject method) 37has_attributes_by_relation()
(pymisptoolsVTReportObject method)39
hash_values() (pymispMISPAttribute method) 27hash_values() (pymispMISPObjectAttribute
method) 30
Iimport_server() (pymispPyMISP method) 14items() (pymispMISPAttribute method) 27items() (pymispMISPEvent method) 25items() (pymispMISPObject method) 29items() (pymispMISPObjectAttribute method) 30items() (pymispMISPObjectReference method) 31items() (pymispMISPOrganisation method) 34items() (pymispMISPTag method) 32items() (pymispMISPUser method) 33items() (pymisptoolsFileObject method) 38items() (pymisptoolsVTReportObject method) 39
Jjsonable() (pymispAbstractMISP method) 23jsonable() (pymispMISPAttribute method) 27jsonable() (pymispMISPEvent method) 25jsonable() (pymispMISPObject method) 29jsonable() (pymispMISPObjectAttribute method)
30jsonable() (pymispMISPObjectReference method)
31jsonable() (pymispMISPOrganisation method) 34jsonable() (pymispMISPTag method) 32jsonable() (pymispMISPUser method) 33jsonable() (pymisptoolsFileObject method) 38jsonable() (pymisptoolsVTReportObject method)
39
Kkeys() (pymispMISPAttribute method) 27keys() (pymispMISPEvent method) 25keys() (pymispMISPObject method) 29keys() (pymispMISPObjectAttribute method) 30keys() (pymispMISPObjectReference method) 31keys() (pymispMISPOrganisation method) 34
Index 47
PyMISP Documentation Release main
keys() (pymispMISPTag method) 32keys() (pymispMISPUser method) 33keys() (pymisptoolsFileObject method) 38keys() (pymisptoolsVTReportObject method) 39known_types() (pymispMISPAttribute property) 27known_types() (pymispMISPObjectAttribute prop-
erty) 30
Lload() (pymispMISPEvent method) 25load_default_feeds() (pymispPyMISP method)
14load_file() (pymispMISPEvent method) 25load_openioc() (pymisptools method) 40load_openioc_file() (pymisptools method) 40load_stix() (in module pymisptoolsstix) 40
Mmake_stix_package() (in module
pymisptoolsstix) 40malware_binary() (pymispMISPAttribute prop-
erty) 27malware_binary() (pymispMISPObjectAttribute
property) 30misp_instance_version() (pymispPyMISP
property) 14misp_instance_version_master()
(pymispPyMISP property) 14MISPAttribute (class in pymisp) 26MISPEncode (class in pymisp) 24MISPEvent (class in pymisp) 24MISPObject (class in pymisp) 28MISPObjectAttribute (class in pymisp) 29MISPObjectReference (class in pymisp) 31MISPOrganisation (class in pymisp) 34MISPTag (class in pymisp) 32MISPUser (class in pymisp) 33module
pymisp 7pymisptools 37pymisptoolsstix 40
Nnoticelists() (pymispPyMISP method) 14
Oobject_templates() (pymispPyMISP method) 14organisation_blacklists() (pymispPyMISP
method) 14organisations() (pymispPyMISP method) 14
Ppop() (pymispMISPAttribute method) 27
pop() (pymispMISPEvent method) 25pop() (pymispMISPObject method) 29pop() (pymispMISPObjectAttribute method) 30pop() (pymispMISPObjectReference method) 31pop() (pymispMISPOrganisation method) 34pop() (pymispMISPTag method) 32pop() (pymispMISPUser method) 33pop() (pymisptoolsFileObject method) 38pop() (pymisptoolsVTReportObject method) 39popitem() (pymispMISPAttribute method) 27popitem() (pymispMISPEvent method) 25popitem() (pymispMISPObject method) 29popitem() (pymispMISPObjectAttribute method) 30popitem() (pymispMISPObjectReference method) 31popitem() (pymispMISPOrganisation method) 34popitem() (pymispMISPTag method) 32popitem() (pymispMISPUser method) 33popitem() (pymisptoolsFileObject method) 38popitem() (pymisptoolsVTReportObject method) 39publish() (pymispMISPEvent method) 25publish() (pymispPyMISP method) 14push_event_to_ZMQ() (pymispPyMISP method)
14pymisp
module 7PyMISP (class in pymisp) 7pymisptools
module 37pymisptoolsstix
module 40pymisp_version_main() (pymispPyMISP prop-
erty) 15
Rrecommended_pymisp_version()
(pymispPyMISP property) 15remote_acl() (pymispPyMISP method) 15remove_org_from_sharing_group()
(pymispPyMISP method) 15remove_server_from_sharing_group()
(pymispPyMISP method) 15roles() (pymispPyMISP method) 15
Ssearch() (pymispPyMISP method) 15search_feeds() (pymispPyMISP method) 17search_index() (pymispPyMISP method) 18search_logs() (pymispPyMISP method) 18search_sightings() (pymispPyMISP method) 19server_pull() (pymispPyMISP method) 20server_push() (pymispPyMISP method) 20servers() (pymispPyMISP method) 20set_date() (pymispMISPEvent method) 25
48 Index
PyMISP Documentation Release main
set_not_jsonable() (pymispAbstractMISPmethod) 23
set_not_jsonable() (pymispMISPAttributemethod) 27
set_not_jsonable() (pymispMISPEvent method)25
set_not_jsonable() (pymispMISPObjectmethod) 29
set_not_jsonable() (pymispMISPObjectAttributemethod) 30
set_not_jsonable()(pymispMISPObjectReference method)31
set_not_jsonable() (pymispMISPOrganisationmethod) 35
set_not_jsonable() (pymispMISPTag method)32
set_not_jsonable() (pymispMISPUser method)33
set_not_jsonable() (pymisptoolsFileObjectmethod) 38
set_not_jsonable()(pymisptoolsVTReportObject method)39
set_user_setting() (pymispPyMISP method) 20setdefault() (pymispMISPAttribute method) 27setdefault() (pymispMISPEvent method) 25setdefault() (pymispMISPObject method) 29setdefault() (pymispMISPObjectAttribute
method) 30setdefault() (pymispMISPObjectReference
method) 31setdefault() (pymispMISPOrganisation method)
35setdefault() (pymispMISPTag method) 33setdefault() (pymispMISPUser method) 34setdefault() (pymisptoolsFileObject method) 38setdefault() (pymisptoolsVTReportObject
method) 40sharing_groups() (pymispPyMISP method) 20sightings() (pymispPyMISP method) 20
Ttag() (pymispPyMISP method) 20tags() (pymispMISPAttribute property) 27tags() (pymispMISPEvent property) 26tags() (pymispMISPObjectAttribute property) 30tags() (pymispPyMISP method) 20tags_statistics() (pymispPyMISP method) 20taxonomies() (pymispPyMISP method) 20to_dict() (pymispAbstractMISP method) 23to_dict() (pymispMISPAttribute method) 27to_dict() (pymispMISPEvent method) 26to_dict() (pymispMISPObject method) 29
to_dict() (pymispMISPObjectAttribute method) 30to_dict() (pymispMISPObjectReference method) 32to_dict() (pymispMISPOrganisation method) 35to_dict() (pymispMISPTag method) 33to_dict() (pymispMISPUser method) 34to_dict() (pymisptoolsFileObject method) 38to_dict() (pymisptoolsVTReportObject method) 40to_feed() (pymispMISPEvent method) 26to_json() (pymispAbstractMISP method) 23to_json() (pymispMISPAttribute method) 27to_json() (pymispMISPEvent method) 26to_json() (pymispMISPObject method) 29to_json() (pymispMISPObjectAttribute method) 31to_json() (pymispMISPObjectReference method) 32to_json() (pymispMISPOrganisation method) 35to_json() (pymispMISPTag method) 33to_json() (pymispMISPUser method) 34to_json() (pymisptoolsFileObject method) 38to_json() (pymisptoolsVTReportObject method) 40toggle_warninglist() (pymispPyMISP method)
20
Uunpublish() (pymispMISPEvent method) 26untag() (pymispPyMISP method) 21update() (pymispMISPAttribute method) 28update() (pymispMISPEvent method) 26update() (pymispMISPObject method) 29update() (pymispMISPObjectAttribute method) 31update() (pymispMISPObjectReference method) 32update() (pymispMISPOrganisation method) 35update() (pymispMISPTag method) 33update() (pymispMISPUser method) 34update() (pymisptoolsFileObject method) 38update() (pymisptoolsVTReportObject method) 40update_attribute() (pymispPyMISP method) 21update_attribute_proposal()
(pymispPyMISP method) 21update_event() (pymispPyMISP method) 21update_event_blacklist() (pymispPyMISP
method) 21update_feed() (pymispPyMISP method) 21update_galaxies() (pymispPyMISP method) 21update_not_jsonable() (pymispAbstractMISP
method) 23update_not_jsonable() (pymispMISPAttribute
method) 28update_not_jsonable() (pymispMISPEvent
method) 26update_not_jsonable() (pymispMISPObject
method) 29update_not_jsonable()
(pymispMISPObjectAttribute method) 31
Index 49
PyMISP Documentation Release main
update_not_jsonable()(pymispMISPObjectReference method)32
update_not_jsonable()(pymispMISPOrganisation method) 35
update_not_jsonable() (pymispMISPTagmethod) 33
update_not_jsonable() (pymispMISPUsermethod) 34
update_not_jsonable() (pymisptoolsFileObjectmethod) 38
update_not_jsonable()(pymisptoolsVTReportObject method)40
update_noticelists() (pymispPyMISP method)21
update_object() (pymispPyMISP method) 21update_object_templates() (pymispPyMISP
method) 21update_organisation() (pymispPyMISP
method) 21update_organisation_blacklist()
(pymispPyMISP method) 21update_server() (pymispPyMISP method) 22update_tag() (pymispPyMISP method) 22update_taxonomies() (pymispPyMISP method)
22update_user() (pymispPyMISP method) 22update_warninglists() (pymispPyMISP
method) 22upload_stix() (pymispPyMISP method) 22user_registrations() (pymispPyMISP method)
22user_settings() (pymispPyMISP method) 22users() (pymispPyMISP method) 22users_statistics() (pymispPyMISP method) 22
Vvalues() (pymispMISPAttribute method) 28values() (pymispMISPEvent method) 26values() (pymispMISPObject method) 29values() (pymispMISPObjectAttribute method) 31values() (pymispMISPObjectReference method) 32values() (pymispMISPOrganisation method) 35values() (pymispMISPTag method) 33values() (pymispMISPUser method) 34values() (pymisptoolsFileObject method) 38values() (pymisptoolsVTReportObject method) 40values_in_warninglist() (pymispPyMISP
method) 22version() (pymispPyMISP property) 22VTReportObject (class in pymisptools) 38
Wwarninglists() (pymispPyMISP method) 22
50 Index
- README
- pymisp
- PyMISP
- PyMISPExpanded (Python 36+ only)
- MISPAbstract
- MISPEncode
- MISPEvent
- MISPAttribute
- MISPObject
- MISPObjectAttribute
- MISPObjectReference
- MISPTag
- MISPUser
- MISPOrganisation
- pymisp - Tools
- File Object
- ELF Object
- PE Object
- Mach-O Object
- VT Report Object
- STIX
- OpenIOC
- Indices and tables
- Python Module Index
- Index
PyMISP Documentation Release main
clear() (pymisptoolsFileObject method) 37clear() (pymisptoolsVTReportObject method) 39communities() (pymispPyMISP method) 9compare_feeds() (pymispPyMISP method) 9contact_event_reporter() (pymispPyMISP
method) 9
Ddefault() (pymispMISPEncode method) 24delegate_event() (pymispPyMISP method) 10delete() (pymispMISPAttribute method) 26delete() (pymispMISPObjectAttribute method) 30delete_attribute() (pymispMISPEvent method)
24delete_attribute() (pymispPyMISP method) 10delete_attribute_proposal()
(pymispPyMISP method) 10delete_event() (pymispPyMISP method) 10delete_event_blacklist() (pymispPyMISP
method) 10delete_feed() (pymispPyMISP method) 10delete_object() (pymispPyMISP method) 10delete_object_reference() (pymispPyMISP
method) 10delete_organisation() (pymispPyMISP
method) 10delete_organisation_blacklist()
(pymispPyMISP method) 10delete_server() (pymispPyMISP method) 10delete_sharing_group() (pymispPyMISP
method) 10delete_sighting() (pymispPyMISP method) 10delete_tag() (pymispPyMISP method) 11delete_user() (pymispPyMISP method) 11delete_user_setting() (pymispPyMISP
method) 11describe_types_local() (pymispPyMISP prop-
erty) 11describe_types_remote() (pymispPyMISP
property) 11direct_call() (pymispPyMISP method) 11disable_feed() (pymispPyMISP method) 11disable_feed_cache() (pymispPyMISP method)
11disable_noticelist() (pymispPyMISP method)
11disable_tag() (pymispPyMISP method) 11disable_taxonomy() (pymispPyMISP method) 11disable_taxonomy_tags() (pymispPyMISP
method) 11disable_warninglist() (pymispPyMISP
method) 11discard_attribute_proposal()
(pymispPyMISP method) 12
Eedited() (pymispAbstractMISP property) 23edited() (pymispMISPAttribute property) 26edited() (pymispMISPEvent property) 24edited() (pymispMISPObject property) 28edited() (pymispMISPObjectAttribute property) 30edited() (pymispMISPObjectReference property) 31edited() (pymispMISPOrganisation property) 34edited() (pymispMISPTag property) 32edited() (pymispMISPUser property) 33edited() (pymisptoolsFileObject property) 37edited() (pymisptoolsVTReportObject property) 39enable_feed() (pymispPyMISP method) 12enable_feed_cache() (pymispPyMISP method)
12enable_noticelist() (pymispPyMISP method)
12enable_tag() (pymispPyMISP method) 12enable_taxonomy() (pymispPyMISP method) 12enable_taxonomy_tags() (pymispPyMISP
method) 12enable_warninglist() (pymispPyMISP method)
12event_blacklists() (pymispPyMISP method) 12event_delegations() (pymispPyMISP method)
12ExpandedPyMISP (in module pymisp) 23
Ffeeds() (pymispPyMISP method) 12fetch_feed() (pymispPyMISP method) 12FileObject (class in pymisptools) 37freetext() (pymispPyMISP method) 12from_dict() (pymispAbstractMISP method) 23from_dict() (pymispMISPAttribute method) 27from_dict() (pymispMISPEvent method) 25from_dict() (pymispMISPObject method) 28from_dict() (pymispMISPObjectAttribute method)
30from_dict() (pymispMISPObjectReference method)
31from_dict() (pymispMISPOrganisation method) 34from_dict() (pymispMISPTag method) 32from_dict() (pymispMISPUser method) 33from_dict() (pymisptoolsFileObject method) 37from_dict() (pymisptoolsVTReportObject method)
39from_json() (pymispAbstractMISP method) 23from_json() (pymispMISPAttribute method) 27from_json() (pymispMISPEvent method) 25from_json() (pymispMISPObject method) 28from_json() (pymispMISPObjectAttribute method)
30
46 Index
PyMISP Documentation Release main
from_json() (pymispMISPObjectReference method)31
from_json() (pymispMISPOrganisation method) 34from_json() (pymispMISPTag method) 32from_json() (pymispMISPUser method) 33from_json() (pymisptoolsFileObject method) 37from_json() (pymisptoolsVTReportObject method)
39
Ggalaxies() (pymispPyMISP method) 12generate_attributes() (pymisptoolsFileObject
method) 37generate_attributes()
(pymisptoolsVTReportObject method)39
get() (pymispMISPAttribute method) 27get() (pymispMISPEvent method) 25get() (pymispMISPObject method) 28get() (pymispMISPObjectAttribute method) 30get() (pymispMISPObjectReference method) 31get() (pymispMISPOrganisation method) 34get() (pymispMISPTag method) 32get() (pymispMISPUser method) 33get() (pymisptoolsFileObject method) 37get() (pymisptoolsVTReportObject method) 39get_all_functions() (pymispPyMISP method)
13get_attribute() (pymispPyMISP method) 13get_attribute_tag() (pymispMISPEvent
method) 25get_attributes_by_relation()
(pymispMISPObject method) 28get_attributes_by_relation()
(pymisptoolsFileObject method) 37get_attributes_by_relation()
(pymisptoolsVTReportObject method)39
get_community() (pymispPyMISP method) 13get_event() (pymispPyMISP method) 13get_feed() (pymispPyMISP method) 13get_galaxy() (pymispPyMISP method) 13get_noticelist() (pymispPyMISP method) 13get_object() (pymispPyMISP method) 13get_object_by_id() (pymispMISPEvent method)
25get_object_by_uuid() (pymispMISPEvent
method) 25get_object_template() (pymispPyMISP
method) 13get_objects_by_name() (pymispMISPEvent
method) 25get_organisation() (pymispPyMISP method) 13get_sync_config() (pymispPyMISP method) 13
get_tag() (pymispPyMISP method) 13get_taxonomy() (pymispPyMISP method) 13get_user() (pymispPyMISP method) 13get_user_setting() (pymispPyMISP method) 14get_warninglist() (pymispPyMISP method) 14
Hhas_attributes_by_relation()
(pymispMISPObject method) 28has_attributes_by_relation()
(pymisptoolsFileObject method) 37has_attributes_by_relation()
(pymisptoolsVTReportObject method)39
hash_values() (pymispMISPAttribute method) 27hash_values() (pymispMISPObjectAttribute
method) 30
Iimport_server() (pymispPyMISP method) 14items() (pymispMISPAttribute method) 27items() (pymispMISPEvent method) 25items() (pymispMISPObject method) 29items() (pymispMISPObjectAttribute method) 30items() (pymispMISPObjectReference method) 31items() (pymispMISPOrganisation method) 34items() (pymispMISPTag method) 32items() (pymispMISPUser method) 33items() (pymisptoolsFileObject method) 38items() (pymisptoolsVTReportObject method) 39
Jjsonable() (pymispAbstractMISP method) 23jsonable() (pymispMISPAttribute method) 27jsonable() (pymispMISPEvent method) 25jsonable() (pymispMISPObject method) 29jsonable() (pymispMISPObjectAttribute method)
30jsonable() (pymispMISPObjectReference method)
31jsonable() (pymispMISPOrganisation method) 34jsonable() (pymispMISPTag method) 32jsonable() (pymispMISPUser method) 33jsonable() (pymisptoolsFileObject method) 38jsonable() (pymisptoolsVTReportObject method)
39
Kkeys() (pymispMISPAttribute method) 27keys() (pymispMISPEvent method) 25keys() (pymispMISPObject method) 29keys() (pymispMISPObjectAttribute method) 30keys() (pymispMISPObjectReference method) 31keys() (pymispMISPOrganisation method) 34
Index 47
PyMISP Documentation Release main
keys() (pymispMISPTag method) 32keys() (pymispMISPUser method) 33keys() (pymisptoolsFileObject method) 38keys() (pymisptoolsVTReportObject method) 39known_types() (pymispMISPAttribute property) 27known_types() (pymispMISPObjectAttribute prop-
erty) 30
Lload() (pymispMISPEvent method) 25load_default_feeds() (pymispPyMISP method)
14load_file() (pymispMISPEvent method) 25load_openioc() (pymisptools method) 40load_openioc_file() (pymisptools method) 40load_stix() (in module pymisptoolsstix) 40
Mmake_stix_package() (in module
pymisptoolsstix) 40malware_binary() (pymispMISPAttribute prop-
erty) 27malware_binary() (pymispMISPObjectAttribute
property) 30misp_instance_version() (pymispPyMISP
property) 14misp_instance_version_master()
(pymispPyMISP property) 14MISPAttribute (class in pymisp) 26MISPEncode (class in pymisp) 24MISPEvent (class in pymisp) 24MISPObject (class in pymisp) 28MISPObjectAttribute (class in pymisp) 29MISPObjectReference (class in pymisp) 31MISPOrganisation (class in pymisp) 34MISPTag (class in pymisp) 32MISPUser (class in pymisp) 33module
pymisp 7pymisptools 37pymisptoolsstix 40
Nnoticelists() (pymispPyMISP method) 14
Oobject_templates() (pymispPyMISP method) 14organisation_blacklists() (pymispPyMISP
method) 14organisations() (pymispPyMISP method) 14
Ppop() (pymispMISPAttribute method) 27
pop() (pymispMISPEvent method) 25pop() (pymispMISPObject method) 29pop() (pymispMISPObjectAttribute method) 30pop() (pymispMISPObjectReference method) 31pop() (pymispMISPOrganisation method) 34pop() (pymispMISPTag method) 32pop() (pymispMISPUser method) 33pop() (pymisptoolsFileObject method) 38pop() (pymisptoolsVTReportObject method) 39popitem() (pymispMISPAttribute method) 27popitem() (pymispMISPEvent method) 25popitem() (pymispMISPObject method) 29popitem() (pymispMISPObjectAttribute method) 30popitem() (pymispMISPObjectReference method) 31popitem() (pymispMISPOrganisation method) 34popitem() (pymispMISPTag method) 32popitem() (pymispMISPUser method) 33popitem() (pymisptoolsFileObject method) 38popitem() (pymisptoolsVTReportObject method) 39publish() (pymispMISPEvent method) 25publish() (pymispPyMISP method) 14push_event_to_ZMQ() (pymispPyMISP method)
14pymisp
module 7PyMISP (class in pymisp) 7pymisptools
module 37pymisptoolsstix
module 40pymisp_version_main() (pymispPyMISP prop-
erty) 15
Rrecommended_pymisp_version()
(pymispPyMISP property) 15remote_acl() (pymispPyMISP method) 15remove_org_from_sharing_group()
(pymispPyMISP method) 15remove_server_from_sharing_group()
(pymispPyMISP method) 15roles() (pymispPyMISP method) 15
Ssearch() (pymispPyMISP method) 15search_feeds() (pymispPyMISP method) 17search_index() (pymispPyMISP method) 18search_logs() (pymispPyMISP method) 18search_sightings() (pymispPyMISP method) 19server_pull() (pymispPyMISP method) 20server_push() (pymispPyMISP method) 20servers() (pymispPyMISP method) 20set_date() (pymispMISPEvent method) 25
48 Index
PyMISP Documentation Release main
set_not_jsonable() (pymispAbstractMISPmethod) 23
set_not_jsonable() (pymispMISPAttributemethod) 27
set_not_jsonable() (pymispMISPEvent method)25
set_not_jsonable() (pymispMISPObjectmethod) 29
set_not_jsonable() (pymispMISPObjectAttributemethod) 30
set_not_jsonable()(pymispMISPObjectReference method)31
set_not_jsonable() (pymispMISPOrganisationmethod) 35
set_not_jsonable() (pymispMISPTag method)32
set_not_jsonable() (pymispMISPUser method)33
set_not_jsonable() (pymisptoolsFileObjectmethod) 38
set_not_jsonable()(pymisptoolsVTReportObject method)39
set_user_setting() (pymispPyMISP method) 20setdefault() (pymispMISPAttribute method) 27setdefault() (pymispMISPEvent method) 25setdefault() (pymispMISPObject method) 29setdefault() (pymispMISPObjectAttribute
method) 30setdefault() (pymispMISPObjectReference
method) 31setdefault() (pymispMISPOrganisation method)
35setdefault() (pymispMISPTag method) 33setdefault() (pymispMISPUser method) 34setdefault() (pymisptoolsFileObject method) 38setdefault() (pymisptoolsVTReportObject
method) 40sharing_groups() (pymispPyMISP method) 20sightings() (pymispPyMISP method) 20
Ttag() (pymispPyMISP method) 20tags() (pymispMISPAttribute property) 27tags() (pymispMISPEvent property) 26tags() (pymispMISPObjectAttribute property) 30tags() (pymispPyMISP method) 20tags_statistics() (pymispPyMISP method) 20taxonomies() (pymispPyMISP method) 20to_dict() (pymispAbstractMISP method) 23to_dict() (pymispMISPAttribute method) 27to_dict() (pymispMISPEvent method) 26to_dict() (pymispMISPObject method) 29
to_dict() (pymispMISPObjectAttribute method) 30to_dict() (pymispMISPObjectReference method) 32to_dict() (pymispMISPOrganisation method) 35to_dict() (pymispMISPTag method) 33to_dict() (pymispMISPUser method) 34to_dict() (pymisptoolsFileObject method) 38to_dict() (pymisptoolsVTReportObject method) 40to_feed() (pymispMISPEvent method) 26to_json() (pymispAbstractMISP method) 23to_json() (pymispMISPAttribute method) 27to_json() (pymispMISPEvent method) 26to_json() (pymispMISPObject method) 29to_json() (pymispMISPObjectAttribute method) 31to_json() (pymispMISPObjectReference method) 32to_json() (pymispMISPOrganisation method) 35to_json() (pymispMISPTag method) 33to_json() (pymispMISPUser method) 34to_json() (pymisptoolsFileObject method) 38to_json() (pymisptoolsVTReportObject method) 40toggle_warninglist() (pymispPyMISP method)
20
Uunpublish() (pymispMISPEvent method) 26untag() (pymispPyMISP method) 21update() (pymispMISPAttribute method) 28update() (pymispMISPEvent method) 26update() (pymispMISPObject method) 29update() (pymispMISPObjectAttribute method) 31update() (pymispMISPObjectReference method) 32update() (pymispMISPOrganisation method) 35update() (pymispMISPTag method) 33update() (pymispMISPUser method) 34update() (pymisptoolsFileObject method) 38update() (pymisptoolsVTReportObject method) 40update_attribute() (pymispPyMISP method) 21update_attribute_proposal()
(pymispPyMISP method) 21update_event() (pymispPyMISP method) 21update_event_blacklist() (pymispPyMISP
method) 21update_feed() (pymispPyMISP method) 21update_galaxies() (pymispPyMISP method) 21update_not_jsonable() (pymispAbstractMISP
method) 23update_not_jsonable() (pymispMISPAttribute
method) 28update_not_jsonable() (pymispMISPEvent
method) 26update_not_jsonable() (pymispMISPObject
method) 29update_not_jsonable()
(pymispMISPObjectAttribute method) 31
Index 49
PyMISP Documentation Release main
update_not_jsonable()(pymispMISPObjectReference method)32
update_not_jsonable()(pymispMISPOrganisation method) 35
update_not_jsonable() (pymispMISPTagmethod) 33
update_not_jsonable() (pymispMISPUsermethod) 34
update_not_jsonable() (pymisptoolsFileObjectmethod) 38
update_not_jsonable()(pymisptoolsVTReportObject method)40
update_noticelists() (pymispPyMISP method)21
update_object() (pymispPyMISP method) 21update_object_templates() (pymispPyMISP
method) 21update_organisation() (pymispPyMISP
method) 21update_organisation_blacklist()
(pymispPyMISP method) 21update_server() (pymispPyMISP method) 22update_tag() (pymispPyMISP method) 22update_taxonomies() (pymispPyMISP method)
22update_user() (pymispPyMISP method) 22update_warninglists() (pymispPyMISP
method) 22upload_stix() (pymispPyMISP method) 22user_registrations() (pymispPyMISP method)
22user_settings() (pymispPyMISP method) 22users() (pymispPyMISP method) 22users_statistics() (pymispPyMISP method) 22
Vvalues() (pymispMISPAttribute method) 28values() (pymispMISPEvent method) 26values() (pymispMISPObject method) 29values() (pymispMISPObjectAttribute method) 31values() (pymispMISPObjectReference method) 32values() (pymispMISPOrganisation method) 35values() (pymispMISPTag method) 33values() (pymispMISPUser method) 34values() (pymisptoolsFileObject method) 38values() (pymisptoolsVTReportObject method) 40values_in_warninglist() (pymispPyMISP
method) 22version() (pymispPyMISP property) 22VTReportObject (class in pymisptools) 38
Wwarninglists() (pymispPyMISP method) 22
50 Index
- README
- pymisp
- PyMISP
- PyMISPExpanded (Python 36+ only)
- MISPAbstract
- MISPEncode
- MISPEvent
- MISPAttribute
- MISPObject
- MISPObjectAttribute
- MISPObjectReference
- MISPTag
- MISPUser
- MISPOrganisation
- pymisp - Tools
- File Object
- ELF Object
- PE Object
- Mach-O Object
- VT Report Object
- STIX
- OpenIOC
- Indices and tables
- Python Module Index
- Index
PyMISP Documentation Release main
from_json() (pymispMISPObjectReference method)31
from_json() (pymispMISPOrganisation method) 34from_json() (pymispMISPTag method) 32from_json() (pymispMISPUser method) 33from_json() (pymisptoolsFileObject method) 37from_json() (pymisptoolsVTReportObject method)
39
Ggalaxies() (pymispPyMISP method) 12generate_attributes() (pymisptoolsFileObject
method) 37generate_attributes()
(pymisptoolsVTReportObject method)39
get() (pymispMISPAttribute method) 27get() (pymispMISPEvent method) 25get() (pymispMISPObject method) 28get() (pymispMISPObjectAttribute method) 30get() (pymispMISPObjectReference method) 31get() (pymispMISPOrganisation method) 34get() (pymispMISPTag method) 32get() (pymispMISPUser method) 33get() (pymisptoolsFileObject method) 37get() (pymisptoolsVTReportObject method) 39get_all_functions() (pymispPyMISP method)
13get_attribute() (pymispPyMISP method) 13get_attribute_tag() (pymispMISPEvent
method) 25get_attributes_by_relation()
(pymispMISPObject method) 28get_attributes_by_relation()
(pymisptoolsFileObject method) 37get_attributes_by_relation()
(pymisptoolsVTReportObject method)39
get_community() (pymispPyMISP method) 13get_event() (pymispPyMISP method) 13get_feed() (pymispPyMISP method) 13get_galaxy() (pymispPyMISP method) 13get_noticelist() (pymispPyMISP method) 13get_object() (pymispPyMISP method) 13get_object_by_id() (pymispMISPEvent method)
25get_object_by_uuid() (pymispMISPEvent
method) 25get_object_template() (pymispPyMISP
method) 13get_objects_by_name() (pymispMISPEvent
method) 25get_organisation() (pymispPyMISP method) 13get_sync_config() (pymispPyMISP method) 13
get_tag() (pymispPyMISP method) 13get_taxonomy() (pymispPyMISP method) 13get_user() (pymispPyMISP method) 13get_user_setting() (pymispPyMISP method) 14get_warninglist() (pymispPyMISP method) 14
Hhas_attributes_by_relation()
(pymispMISPObject method) 28has_attributes_by_relation()
(pymisptoolsFileObject method) 37has_attributes_by_relation()
(pymisptoolsVTReportObject method)39
hash_values() (pymispMISPAttribute method) 27hash_values() (pymispMISPObjectAttribute
method) 30
Iimport_server() (pymispPyMISP method) 14items() (pymispMISPAttribute method) 27items() (pymispMISPEvent method) 25items() (pymispMISPObject method) 29items() (pymispMISPObjectAttribute method) 30items() (pymispMISPObjectReference method) 31items() (pymispMISPOrganisation method) 34items() (pymispMISPTag method) 32items() (pymispMISPUser method) 33items() (pymisptoolsFileObject method) 38items() (pymisptoolsVTReportObject method) 39
Jjsonable() (pymispAbstractMISP method) 23jsonable() (pymispMISPAttribute method) 27jsonable() (pymispMISPEvent method) 25jsonable() (pymispMISPObject method) 29jsonable() (pymispMISPObjectAttribute method)
30jsonable() (pymispMISPObjectReference method)
31jsonable() (pymispMISPOrganisation method) 34jsonable() (pymispMISPTag method) 32jsonable() (pymispMISPUser method) 33jsonable() (pymisptoolsFileObject method) 38jsonable() (pymisptoolsVTReportObject method)
39
Kkeys() (pymispMISPAttribute method) 27keys() (pymispMISPEvent method) 25keys() (pymispMISPObject method) 29keys() (pymispMISPObjectAttribute method) 30keys() (pymispMISPObjectReference method) 31keys() (pymispMISPOrganisation method) 34
Index 47
PyMISP Documentation Release main
keys() (pymispMISPTag method) 32keys() (pymispMISPUser method) 33keys() (pymisptoolsFileObject method) 38keys() (pymisptoolsVTReportObject method) 39known_types() (pymispMISPAttribute property) 27known_types() (pymispMISPObjectAttribute prop-
erty) 30
Lload() (pymispMISPEvent method) 25load_default_feeds() (pymispPyMISP method)
14load_file() (pymispMISPEvent method) 25load_openioc() (pymisptools method) 40load_openioc_file() (pymisptools method) 40load_stix() (in module pymisptoolsstix) 40
Mmake_stix_package() (in module
pymisptoolsstix) 40malware_binary() (pymispMISPAttribute prop-
erty) 27malware_binary() (pymispMISPObjectAttribute
property) 30misp_instance_version() (pymispPyMISP
property) 14misp_instance_version_master()
(pymispPyMISP property) 14MISPAttribute (class in pymisp) 26MISPEncode (class in pymisp) 24MISPEvent (class in pymisp) 24MISPObject (class in pymisp) 28MISPObjectAttribute (class in pymisp) 29MISPObjectReference (class in pymisp) 31MISPOrganisation (class in pymisp) 34MISPTag (class in pymisp) 32MISPUser (class in pymisp) 33module
pymisp 7pymisptools 37pymisptoolsstix 40
Nnoticelists() (pymispPyMISP method) 14
Oobject_templates() (pymispPyMISP method) 14organisation_blacklists() (pymispPyMISP
method) 14organisations() (pymispPyMISP method) 14
Ppop() (pymispMISPAttribute method) 27
pop() (pymispMISPEvent method) 25pop() (pymispMISPObject method) 29pop() (pymispMISPObjectAttribute method) 30pop() (pymispMISPObjectReference method) 31pop() (pymispMISPOrganisation method) 34pop() (pymispMISPTag method) 32pop() (pymispMISPUser method) 33pop() (pymisptoolsFileObject method) 38pop() (pymisptoolsVTReportObject method) 39popitem() (pymispMISPAttribute method) 27popitem() (pymispMISPEvent method) 25popitem() (pymispMISPObject method) 29popitem() (pymispMISPObjectAttribute method) 30popitem() (pymispMISPObjectReference method) 31popitem() (pymispMISPOrganisation method) 34popitem() (pymispMISPTag method) 32popitem() (pymispMISPUser method) 33popitem() (pymisptoolsFileObject method) 38popitem() (pymisptoolsVTReportObject method) 39publish() (pymispMISPEvent method) 25publish() (pymispPyMISP method) 14push_event_to_ZMQ() (pymispPyMISP method)
14pymisp
module 7PyMISP (class in pymisp) 7pymisptools
module 37pymisptoolsstix
module 40pymisp_version_main() (pymispPyMISP prop-
erty) 15
Rrecommended_pymisp_version()
(pymispPyMISP property) 15remote_acl() (pymispPyMISP method) 15remove_org_from_sharing_group()
(pymispPyMISP method) 15remove_server_from_sharing_group()
(pymispPyMISP method) 15roles() (pymispPyMISP method) 15
Ssearch() (pymispPyMISP method) 15search_feeds() (pymispPyMISP method) 17search_index() (pymispPyMISP method) 18search_logs() (pymispPyMISP method) 18search_sightings() (pymispPyMISP method) 19server_pull() (pymispPyMISP method) 20server_push() (pymispPyMISP method) 20servers() (pymispPyMISP method) 20set_date() (pymispMISPEvent method) 25
48 Index
PyMISP Documentation Release main
set_not_jsonable() (pymispAbstractMISPmethod) 23
set_not_jsonable() (pymispMISPAttributemethod) 27
set_not_jsonable() (pymispMISPEvent method)25
set_not_jsonable() (pymispMISPObjectmethod) 29
set_not_jsonable() (pymispMISPObjectAttributemethod) 30
set_not_jsonable()(pymispMISPObjectReference method)31
set_not_jsonable() (pymispMISPOrganisationmethod) 35
set_not_jsonable() (pymispMISPTag method)32
set_not_jsonable() (pymispMISPUser method)33
set_not_jsonable() (pymisptoolsFileObjectmethod) 38
set_not_jsonable()(pymisptoolsVTReportObject method)39
set_user_setting() (pymispPyMISP method) 20setdefault() (pymispMISPAttribute method) 27setdefault() (pymispMISPEvent method) 25setdefault() (pymispMISPObject method) 29setdefault() (pymispMISPObjectAttribute
method) 30setdefault() (pymispMISPObjectReference
method) 31setdefault() (pymispMISPOrganisation method)
35setdefault() (pymispMISPTag method) 33setdefault() (pymispMISPUser method) 34setdefault() (pymisptoolsFileObject method) 38setdefault() (pymisptoolsVTReportObject
method) 40sharing_groups() (pymispPyMISP method) 20sightings() (pymispPyMISP method) 20
Ttag() (pymispPyMISP method) 20tags() (pymispMISPAttribute property) 27tags() (pymispMISPEvent property) 26tags() (pymispMISPObjectAttribute property) 30tags() (pymispPyMISP method) 20tags_statistics() (pymispPyMISP method) 20taxonomies() (pymispPyMISP method) 20to_dict() (pymispAbstractMISP method) 23to_dict() (pymispMISPAttribute method) 27to_dict() (pymispMISPEvent method) 26to_dict() (pymispMISPObject method) 29
to_dict() (pymispMISPObjectAttribute method) 30to_dict() (pymispMISPObjectReference method) 32to_dict() (pymispMISPOrganisation method) 35to_dict() (pymispMISPTag method) 33to_dict() (pymispMISPUser method) 34to_dict() (pymisptoolsFileObject method) 38to_dict() (pymisptoolsVTReportObject method) 40to_feed() (pymispMISPEvent method) 26to_json() (pymispAbstractMISP method) 23to_json() (pymispMISPAttribute method) 27to_json() (pymispMISPEvent method) 26to_json() (pymispMISPObject method) 29to_json() (pymispMISPObjectAttribute method) 31to_json() (pymispMISPObjectReference method) 32to_json() (pymispMISPOrganisation method) 35to_json() (pymispMISPTag method) 33to_json() (pymispMISPUser method) 34to_json() (pymisptoolsFileObject method) 38to_json() (pymisptoolsVTReportObject method) 40toggle_warninglist() (pymispPyMISP method)
20
Uunpublish() (pymispMISPEvent method) 26untag() (pymispPyMISP method) 21update() (pymispMISPAttribute method) 28update() (pymispMISPEvent method) 26update() (pymispMISPObject method) 29update() (pymispMISPObjectAttribute method) 31update() (pymispMISPObjectReference method) 32update() (pymispMISPOrganisation method) 35update() (pymispMISPTag method) 33update() (pymispMISPUser method) 34update() (pymisptoolsFileObject method) 38update() (pymisptoolsVTReportObject method) 40update_attribute() (pymispPyMISP method) 21update_attribute_proposal()
(pymispPyMISP method) 21update_event() (pymispPyMISP method) 21update_event_blacklist() (pymispPyMISP
method) 21update_feed() (pymispPyMISP method) 21update_galaxies() (pymispPyMISP method) 21update_not_jsonable() (pymispAbstractMISP
method) 23update_not_jsonable() (pymispMISPAttribute
method) 28update_not_jsonable() (pymispMISPEvent
method) 26update_not_jsonable() (pymispMISPObject
method) 29update_not_jsonable()
(pymispMISPObjectAttribute method) 31
Index 49
PyMISP Documentation Release main
update_not_jsonable()(pymispMISPObjectReference method)32
update_not_jsonable()(pymispMISPOrganisation method) 35
update_not_jsonable() (pymispMISPTagmethod) 33
update_not_jsonable() (pymispMISPUsermethod) 34
update_not_jsonable() (pymisptoolsFileObjectmethod) 38
update_not_jsonable()(pymisptoolsVTReportObject method)40
update_noticelists() (pymispPyMISP method)21
update_object() (pymispPyMISP method) 21update_object_templates() (pymispPyMISP
method) 21update_organisation() (pymispPyMISP
method) 21update_organisation_blacklist()
(pymispPyMISP method) 21update_server() (pymispPyMISP method) 22update_tag() (pymispPyMISP method) 22update_taxonomies() (pymispPyMISP method)
22update_user() (pymispPyMISP method) 22update_warninglists() (pymispPyMISP
method) 22upload_stix() (pymispPyMISP method) 22user_registrations() (pymispPyMISP method)
22user_settings() (pymispPyMISP method) 22users() (pymispPyMISP method) 22users_statistics() (pymispPyMISP method) 22
Vvalues() (pymispMISPAttribute method) 28values() (pymispMISPEvent method) 26values() (pymispMISPObject method) 29values() (pymispMISPObjectAttribute method) 31values() (pymispMISPObjectReference method) 32values() (pymispMISPOrganisation method) 35values() (pymispMISPTag method) 33values() (pymispMISPUser method) 34values() (pymisptoolsFileObject method) 38values() (pymisptoolsVTReportObject method) 40values_in_warninglist() (pymispPyMISP
method) 22version() (pymispPyMISP property) 22VTReportObject (class in pymisptools) 38
Wwarninglists() (pymispPyMISP method) 22
50 Index
- README
- pymisp
- PyMISP
- PyMISPExpanded (Python 36+ only)
- MISPAbstract
- MISPEncode
- MISPEvent
- MISPAttribute
- MISPObject
- MISPObjectAttribute
- MISPObjectReference
- MISPTag
- MISPUser
- MISPOrganisation
- pymisp - Tools
- File Object
- ELF Object
- PE Object
- Mach-O Object
- VT Report Object
- STIX
- OpenIOC
- Indices and tables
- Python Module Index
- Index
PyMISP Documentation Release main
keys() (pymispMISPTag method) 32keys() (pymispMISPUser method) 33keys() (pymisptoolsFileObject method) 38keys() (pymisptoolsVTReportObject method) 39known_types() (pymispMISPAttribute property) 27known_types() (pymispMISPObjectAttribute prop-
erty) 30
Lload() (pymispMISPEvent method) 25load_default_feeds() (pymispPyMISP method)
14load_file() (pymispMISPEvent method) 25load_openioc() (pymisptools method) 40load_openioc_file() (pymisptools method) 40load_stix() (in module pymisptoolsstix) 40
Mmake_stix_package() (in module
pymisptoolsstix) 40malware_binary() (pymispMISPAttribute prop-
erty) 27malware_binary() (pymispMISPObjectAttribute
property) 30misp_instance_version() (pymispPyMISP
property) 14misp_instance_version_master()
(pymispPyMISP property) 14MISPAttribute (class in pymisp) 26MISPEncode (class in pymisp) 24MISPEvent (class in pymisp) 24MISPObject (class in pymisp) 28MISPObjectAttribute (class in pymisp) 29MISPObjectReference (class in pymisp) 31MISPOrganisation (class in pymisp) 34MISPTag (class in pymisp) 32MISPUser (class in pymisp) 33module
pymisp 7pymisptools 37pymisptoolsstix 40
Nnoticelists() (pymispPyMISP method) 14
Oobject_templates() (pymispPyMISP method) 14organisation_blacklists() (pymispPyMISP
method) 14organisations() (pymispPyMISP method) 14
Ppop() (pymispMISPAttribute method) 27
pop() (pymispMISPEvent method) 25pop() (pymispMISPObject method) 29pop() (pymispMISPObjectAttribute method) 30pop() (pymispMISPObjectReference method) 31pop() (pymispMISPOrganisation method) 34pop() (pymispMISPTag method) 32pop() (pymispMISPUser method) 33pop() (pymisptoolsFileObject method) 38pop() (pymisptoolsVTReportObject method) 39popitem() (pymispMISPAttribute method) 27popitem() (pymispMISPEvent method) 25popitem() (pymispMISPObject method) 29popitem() (pymispMISPObjectAttribute method) 30popitem() (pymispMISPObjectReference method) 31popitem() (pymispMISPOrganisation method) 34popitem() (pymispMISPTag method) 32popitem() (pymispMISPUser method) 33popitem() (pymisptoolsFileObject method) 38popitem() (pymisptoolsVTReportObject method) 39publish() (pymispMISPEvent method) 25publish() (pymispPyMISP method) 14push_event_to_ZMQ() (pymispPyMISP method)
14pymisp
module 7PyMISP (class in pymisp) 7pymisptools
module 37pymisptoolsstix
module 40pymisp_version_main() (pymispPyMISP prop-
erty) 15
Rrecommended_pymisp_version()
(pymispPyMISP property) 15remote_acl() (pymispPyMISP method) 15remove_org_from_sharing_group()
(pymispPyMISP method) 15remove_server_from_sharing_group()
(pymispPyMISP method) 15roles() (pymispPyMISP method) 15
Ssearch() (pymispPyMISP method) 15search_feeds() (pymispPyMISP method) 17search_index() (pymispPyMISP method) 18search_logs() (pymispPyMISP method) 18search_sightings() (pymispPyMISP method) 19server_pull() (pymispPyMISP method) 20server_push() (pymispPyMISP method) 20servers() (pymispPyMISP method) 20set_date() (pymispMISPEvent method) 25
48 Index
PyMISP Documentation Release main
set_not_jsonable() (pymispAbstractMISPmethod) 23
set_not_jsonable() (pymispMISPAttributemethod) 27
set_not_jsonable() (pymispMISPEvent method)25
set_not_jsonable() (pymispMISPObjectmethod) 29
set_not_jsonable() (pymispMISPObjectAttributemethod) 30
set_not_jsonable()(pymispMISPObjectReference method)31
set_not_jsonable() (pymispMISPOrganisationmethod) 35
set_not_jsonable() (pymispMISPTag method)32
set_not_jsonable() (pymispMISPUser method)33
set_not_jsonable() (pymisptoolsFileObjectmethod) 38
set_not_jsonable()(pymisptoolsVTReportObject method)39
set_user_setting() (pymispPyMISP method) 20setdefault() (pymispMISPAttribute method) 27setdefault() (pymispMISPEvent method) 25setdefault() (pymispMISPObject method) 29setdefault() (pymispMISPObjectAttribute
method) 30setdefault() (pymispMISPObjectReference
method) 31setdefault() (pymispMISPOrganisation method)
35setdefault() (pymispMISPTag method) 33setdefault() (pymispMISPUser method) 34setdefault() (pymisptoolsFileObject method) 38setdefault() (pymisptoolsVTReportObject
method) 40sharing_groups() (pymispPyMISP method) 20sightings() (pymispPyMISP method) 20
Ttag() (pymispPyMISP method) 20tags() (pymispMISPAttribute property) 27tags() (pymispMISPEvent property) 26tags() (pymispMISPObjectAttribute property) 30tags() (pymispPyMISP method) 20tags_statistics() (pymispPyMISP method) 20taxonomies() (pymispPyMISP method) 20to_dict() (pymispAbstractMISP method) 23to_dict() (pymispMISPAttribute method) 27to_dict() (pymispMISPEvent method) 26to_dict() (pymispMISPObject method) 29
to_dict() (pymispMISPObjectAttribute method) 30to_dict() (pymispMISPObjectReference method) 32to_dict() (pymispMISPOrganisation method) 35to_dict() (pymispMISPTag method) 33to_dict() (pymispMISPUser method) 34to_dict() (pymisptoolsFileObject method) 38to_dict() (pymisptoolsVTReportObject method) 40to_feed() (pymispMISPEvent method) 26to_json() (pymispAbstractMISP method) 23to_json() (pymispMISPAttribute method) 27to_json() (pymispMISPEvent method) 26to_json() (pymispMISPObject method) 29to_json() (pymispMISPObjectAttribute method) 31to_json() (pymispMISPObjectReference method) 32to_json() (pymispMISPOrganisation method) 35to_json() (pymispMISPTag method) 33to_json() (pymispMISPUser method) 34to_json() (pymisptoolsFileObject method) 38to_json() (pymisptoolsVTReportObject method) 40toggle_warninglist() (pymispPyMISP method)
20
Uunpublish() (pymispMISPEvent method) 26untag() (pymispPyMISP method) 21update() (pymispMISPAttribute method) 28update() (pymispMISPEvent method) 26update() (pymispMISPObject method) 29update() (pymispMISPObjectAttribute method) 31update() (pymispMISPObjectReference method) 32update() (pymispMISPOrganisation method) 35update() (pymispMISPTag method) 33update() (pymispMISPUser method) 34update() (pymisptoolsFileObject method) 38update() (pymisptoolsVTReportObject method) 40update_attribute() (pymispPyMISP method) 21update_attribute_proposal()
(pymispPyMISP method) 21update_event() (pymispPyMISP method) 21update_event_blacklist() (pymispPyMISP
method) 21update_feed() (pymispPyMISP method) 21update_galaxies() (pymispPyMISP method) 21update_not_jsonable() (pymispAbstractMISP
method) 23update_not_jsonable() (pymispMISPAttribute
method) 28update_not_jsonable() (pymispMISPEvent
method) 26update_not_jsonable() (pymispMISPObject
method) 29update_not_jsonable()
(pymispMISPObjectAttribute method) 31
Index 49
PyMISP Documentation Release main
update_not_jsonable()(pymispMISPObjectReference method)32
update_not_jsonable()(pymispMISPOrganisation method) 35
update_not_jsonable() (pymispMISPTagmethod) 33
update_not_jsonable() (pymispMISPUsermethod) 34
update_not_jsonable() (pymisptoolsFileObjectmethod) 38
update_not_jsonable()(pymisptoolsVTReportObject method)40
update_noticelists() (pymispPyMISP method)21
update_object() (pymispPyMISP method) 21update_object_templates() (pymispPyMISP
method) 21update_organisation() (pymispPyMISP
method) 21update_organisation_blacklist()
(pymispPyMISP method) 21update_server() (pymispPyMISP method) 22update_tag() (pymispPyMISP method) 22update_taxonomies() (pymispPyMISP method)
22update_user() (pymispPyMISP method) 22update_warninglists() (pymispPyMISP
method) 22upload_stix() (pymispPyMISP method) 22user_registrations() (pymispPyMISP method)
22user_settings() (pymispPyMISP method) 22users() (pymispPyMISP method) 22users_statistics() (pymispPyMISP method) 22
Vvalues() (pymispMISPAttribute method) 28values() (pymispMISPEvent method) 26values() (pymispMISPObject method) 29values() (pymispMISPObjectAttribute method) 31values() (pymispMISPObjectReference method) 32values() (pymispMISPOrganisation method) 35values() (pymispMISPTag method) 33values() (pymispMISPUser method) 34values() (pymisptoolsFileObject method) 38values() (pymisptoolsVTReportObject method) 40values_in_warninglist() (pymispPyMISP
method) 22version() (pymispPyMISP property) 22VTReportObject (class in pymisptools) 38
Wwarninglists() (pymispPyMISP method) 22
50 Index
- README
- pymisp
- PyMISP
- PyMISPExpanded (Python 36+ only)
- MISPAbstract
- MISPEncode
- MISPEvent
- MISPAttribute
- MISPObject
- MISPObjectAttribute
- MISPObjectReference
- MISPTag
- MISPUser
- MISPOrganisation
- pymisp - Tools
- File Object
- ELF Object
- PE Object
- Mach-O Object
- VT Report Object
- STIX
- OpenIOC
- Indices and tables
- Python Module Index
- Index
PyMISP Documentation Release main
set_not_jsonable() (pymispAbstractMISPmethod) 23
set_not_jsonable() (pymispMISPAttributemethod) 27
set_not_jsonable() (pymispMISPEvent method)25
set_not_jsonable() (pymispMISPObjectmethod) 29
set_not_jsonable() (pymispMISPObjectAttributemethod) 30
set_not_jsonable()(pymispMISPObjectReference method)31
set_not_jsonable() (pymispMISPOrganisationmethod) 35
set_not_jsonable() (pymispMISPTag method)32
set_not_jsonable() (pymispMISPUser method)33
set_not_jsonable() (pymisptoolsFileObjectmethod) 38
set_not_jsonable()(pymisptoolsVTReportObject method)39
set_user_setting() (pymispPyMISP method) 20setdefault() (pymispMISPAttribute method) 27setdefault() (pymispMISPEvent method) 25setdefault() (pymispMISPObject method) 29setdefault() (pymispMISPObjectAttribute
method) 30setdefault() (pymispMISPObjectReference
method) 31setdefault() (pymispMISPOrganisation method)
35setdefault() (pymispMISPTag method) 33setdefault() (pymispMISPUser method) 34setdefault() (pymisptoolsFileObject method) 38setdefault() (pymisptoolsVTReportObject
method) 40sharing_groups() (pymispPyMISP method) 20sightings() (pymispPyMISP method) 20
Ttag() (pymispPyMISP method) 20tags() (pymispMISPAttribute property) 27tags() (pymispMISPEvent property) 26tags() (pymispMISPObjectAttribute property) 30tags() (pymispPyMISP method) 20tags_statistics() (pymispPyMISP method) 20taxonomies() (pymispPyMISP method) 20to_dict() (pymispAbstractMISP method) 23to_dict() (pymispMISPAttribute method) 27to_dict() (pymispMISPEvent method) 26to_dict() (pymispMISPObject method) 29
to_dict() (pymispMISPObjectAttribute method) 30to_dict() (pymispMISPObjectReference method) 32to_dict() (pymispMISPOrganisation method) 35to_dict() (pymispMISPTag method) 33to_dict() (pymispMISPUser method) 34to_dict() (pymisptoolsFileObject method) 38to_dict() (pymisptoolsVTReportObject method) 40to_feed() (pymispMISPEvent method) 26to_json() (pymispAbstractMISP method) 23to_json() (pymispMISPAttribute method) 27to_json() (pymispMISPEvent method) 26to_json() (pymispMISPObject method) 29to_json() (pymispMISPObjectAttribute method) 31to_json() (pymispMISPObjectReference method) 32to_json() (pymispMISPOrganisation method) 35to_json() (pymispMISPTag method) 33to_json() (pymispMISPUser method) 34to_json() (pymisptoolsFileObject method) 38to_json() (pymisptoolsVTReportObject method) 40toggle_warninglist() (pymispPyMISP method)
20
Uunpublish() (pymispMISPEvent method) 26untag() (pymispPyMISP method) 21update() (pymispMISPAttribute method) 28update() (pymispMISPEvent method) 26update() (pymispMISPObject method) 29update() (pymispMISPObjectAttribute method) 31update() (pymispMISPObjectReference method) 32update() (pymispMISPOrganisation method) 35update() (pymispMISPTag method) 33update() (pymispMISPUser method) 34update() (pymisptoolsFileObject method) 38update() (pymisptoolsVTReportObject method) 40update_attribute() (pymispPyMISP method) 21update_attribute_proposal()
(pymispPyMISP method) 21update_event() (pymispPyMISP method) 21update_event_blacklist() (pymispPyMISP
method) 21update_feed() (pymispPyMISP method) 21update_galaxies() (pymispPyMISP method) 21update_not_jsonable() (pymispAbstractMISP
method) 23update_not_jsonable() (pymispMISPAttribute
method) 28update_not_jsonable() (pymispMISPEvent
method) 26update_not_jsonable() (pymispMISPObject
method) 29update_not_jsonable()
(pymispMISPObjectAttribute method) 31
Index 49
PyMISP Documentation Release main
update_not_jsonable()(pymispMISPObjectReference method)32
update_not_jsonable()(pymispMISPOrganisation method) 35
update_not_jsonable() (pymispMISPTagmethod) 33
update_not_jsonable() (pymispMISPUsermethod) 34
update_not_jsonable() (pymisptoolsFileObjectmethod) 38
update_not_jsonable()(pymisptoolsVTReportObject method)40
update_noticelists() (pymispPyMISP method)21
update_object() (pymispPyMISP method) 21update_object_templates() (pymispPyMISP
method) 21update_organisation() (pymispPyMISP
method) 21update_organisation_blacklist()
(pymispPyMISP method) 21update_server() (pymispPyMISP method) 22update_tag() (pymispPyMISP method) 22update_taxonomies() (pymispPyMISP method)
22update_user() (pymispPyMISP method) 22update_warninglists() (pymispPyMISP
method) 22upload_stix() (pymispPyMISP method) 22user_registrations() (pymispPyMISP method)
22user_settings() (pymispPyMISP method) 22users() (pymispPyMISP method) 22users_statistics() (pymispPyMISP method) 22
Vvalues() (pymispMISPAttribute method) 28values() (pymispMISPEvent method) 26values() (pymispMISPObject method) 29values() (pymispMISPObjectAttribute method) 31values() (pymispMISPObjectReference method) 32values() (pymispMISPOrganisation method) 35values() (pymispMISPTag method) 33values() (pymispMISPUser method) 34values() (pymisptoolsFileObject method) 38values() (pymisptoolsVTReportObject method) 40values_in_warninglist() (pymispPyMISP
method) 22version() (pymispPyMISP property) 22VTReportObject (class in pymisptools) 38
Wwarninglists() (pymispPyMISP method) 22
50 Index
- README
- pymisp
- PyMISP
- PyMISPExpanded (Python 36+ only)
- MISPAbstract
- MISPEncode
- MISPEvent
- MISPAttribute
- MISPObject
- MISPObjectAttribute
- MISPObjectReference
- MISPTag
- MISPUser
- MISPOrganisation
- pymisp - Tools
- File Object
- ELF Object
- PE Object
- Mach-O Object
- VT Report Object
- STIX
- OpenIOC
- Indices and tables
- Python Module Index
- Index
PyMISP Documentation Release main
update_not_jsonable()(pymispMISPObjectReference method)32
update_not_jsonable()(pymispMISPOrganisation method) 35
update_not_jsonable() (pymispMISPTagmethod) 33
update_not_jsonable() (pymispMISPUsermethod) 34
update_not_jsonable() (pymisptoolsFileObjectmethod) 38
update_not_jsonable()(pymisptoolsVTReportObject method)40
update_noticelists() (pymispPyMISP method)21
update_object() (pymispPyMISP method) 21update_object_templates() (pymispPyMISP
method) 21update_organisation() (pymispPyMISP
method) 21update_organisation_blacklist()
(pymispPyMISP method) 21update_server() (pymispPyMISP method) 22update_tag() (pymispPyMISP method) 22update_taxonomies() (pymispPyMISP method)
22update_user() (pymispPyMISP method) 22update_warninglists() (pymispPyMISP
method) 22upload_stix() (pymispPyMISP method) 22user_registrations() (pymispPyMISP method)
22user_settings() (pymispPyMISP method) 22users() (pymispPyMISP method) 22users_statistics() (pymispPyMISP method) 22
Vvalues() (pymispMISPAttribute method) 28values() (pymispMISPEvent method) 26values() (pymispMISPObject method) 29values() (pymispMISPObjectAttribute method) 31values() (pymispMISPObjectReference method) 32values() (pymispMISPOrganisation method) 35values() (pymispMISPTag method) 33values() (pymispMISPUser method) 34values() (pymisptoolsFileObject method) 38values() (pymisptoolsVTReportObject method) 40values_in_warninglist() (pymispPyMISP
method) 22version() (pymispPyMISP property) 22VTReportObject (class in pymisptools) 38
Wwarninglists() (pymispPyMISP method) 22
50 Index
- README
- pymisp
- PyMISP
- PyMISPExpanded (Python 36+ only)
- MISPAbstract
- MISPEncode
- MISPEvent
- MISPAttribute
- MISPObject
- MISPObjectAttribute
- MISPObjectReference
- MISPTag
- MISPUser
- MISPOrganisation
- pymisp - Tools
- File Object
- ELF Object
- PE Object
- Mach-O Object
- VT Report Object
- STIX
- OpenIOC
- Indices and tables
- Python Module Index
- Index
top related