tessl/pypi-pymisp
Python API for MISP threat intelligence platform enabling programmatic access to MISP instances.
- Workspace
- tessl
- Visibility
- Public
- Created
- Last updated
- Describes
'%3e%3cpath%20d='M3.389%209.069c0-.009.043-.033.029-.044L.029%207.77l3.287-1.197L6.574%207.77l.106.083.005%204-3.297%201.185V9.068ZM13.582%209.32V2.74l3.405%201.238v4.104L13.583%209.32ZM10.253%2014.66l-3.476%201.268v-4.027l3.476-1.313v4.072ZM10.253%2010.558l-3.476%201.239V7.784l3.476-1.268v4.042ZM10.253%2014.719v3.968L6.777%2020v-3.998l3.476-1.283ZM17%208.139v4.042l-3.418%201.239V9.378L17%208.138ZM3.3%2017.168%200%2015.943v-4.027l3.3%201.224v4.028ZM6.69%2011.916v4.027l-3.302%201.225v-4.072l3.301-1.18ZM6.69%203.743v4.012l-3.33-1.21V2.564l3.33%201.18Z'/%3e%3cpath%20d='M3.3%2013.066%200%2011.842V7.844l3.3%201.224v3.998ZM13.524%209.334l-.175.088.175-.014v4.027l-3.152%201.183-.06-.032v-3.983l1.986-.767-.111.006-1.876.657V6.531l3.213-1.224v4.027Zm-.263.133c-.065.008-.198.023-.233.088.065-.008.198-.023.233-.088Zm-.321.118c-.065.008-.198.023-.233.088.065-.009.198-.023.233-.088Zm-.321.118c-.066.008-.199.023-.234.088.065-.008.199-.023.234-.088ZM13.524%201.266v3.968l-3.213%201.195V2.46l3.213-1.194ZM10.253%202.475v3.968L6.777%207.726V3.743l3.476-1.268ZM8.2%204.458c-.304.064-.627.5-.708.79-.27.963.636%201.081%201.091.364.277-.437.354-1.308-.383-1.154ZM13.524%2013.51v3.983l-3.17%201.177c-.011%200-.043-.067-.043-.07v-3.895l3.213-1.195Zm-.884%201.63c-.495.085-1.068%201.015-.676%201.435.483.517%201.502-.636%201.147-1.246-.098-.169-.286-.221-.47-.19ZM10.165%202.387l-.037.065-3.395%201.249-3.345-1.212L6.88%201.21l3.285%201.178ZM13.437%201.177l-.088.073-3.057%201.127-3.034-1.082-.277-.133L10.151%200l3.286%201.177Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h17v20H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
To install, run
npx @tessl/cli install tessl/pypi-pymisp@2.5.00
# PyMISP
1
2
A comprehensive Python library for programmatic access to MISP (Malware Information Sharing Platform) instances via their REST API. PyMISP enables cybersecurity professionals to automate threat intelligence sharing, manage events and attributes, perform complex searches, and integrate MISP functionality into security workflows.
3
4
## Package Information
5
6
- **Package Name**: pymisp
7
- **Language**: Python
8
- **Installation**: `pip install pymisp`
9
- **Optional Dependencies**: `pip install pymisp[fileobjects,virustotal,email,pdfexport]`
10
11
## Core Imports
12
13
```python
14
from pymisp import PyMISP
15
```
16
17
For specific components:
18
19
```python
20
from pymisp import (
21
PyMISP, MISPEvent, MISPAttribute, MISPObject,
22
MISPUser, MISPOrganisation, MISPTag
23
)
24
```
25
26
## Basic Usage
27
28
```python
29
from pymisp import PyMISP, MISPEvent, MISPAttribute
30
31
# Initialize PyMISP client
32
misp = PyMISP('https://your-misp-instance.com', 'your-api-key', ssl=True)
33
34
# Get recent events
35
events = misp.search(timestamp='5d', limit=10)
36
37
# Create a new event
38
event = MISPEvent()
39
event.info = "Suspicious Activity Detected"
40
event.distribution = 1 # Community only
41
event.threat_level_id = 2 # Medium
42
43
# Add event to MISP
44
response = misp.add_event(event)
45
46
# Add an attribute
47
attribute = MISPAttribute()
48
attribute.type = 'ip-dst'
49
attribute.value = '192.168.1.100'
50
attribute.comment = 'Malicious IP address'
51
52
misp.add_attribute(event_id, attribute)
53
54
# Search for specific indicators
55
results = misp.search(value='192.168.1.100', type_attribute='ip-dst')
56
```
57
58
## Architecture
59
60
PyMISP provides a multi-layered architecture for MISP interaction:
61
62
- **PyMISP Client**: Main API interface handling authentication and HTTP communication
63
- **Data Model Objects**: Rich Python objects representing MISP entities (events, attributes, objects, users)
64
- **Object Generators**: Specialized tools for creating structured threat intelligence objects
65
- **Search & Filter System**: Comprehensive querying capabilities across all MISP data types
66
- **Synchronization Tools**: Multi-server data sharing and federation support
67
68
This design enables both simple one-off queries and complex automated threat intelligence workflows.
69
70
## Capabilities
71
72
### Core API Client
73
74
The main PyMISP class providing comprehensive REST API access to MISP instances, including event management, searching, user administration, and server synchronization.
75
76
```python { .api }
77
class PyMISP:
78
def __init__(self, url: str, key: str, ssl: bool = True, debug: bool = False) -> None: ...
79
80
# Properties
81
@property
82
def version(self) -> str: ...
83
@property
84
def misp_instance_version(self) -> dict: ...
85
```
86
87
[Core API Client](./core-api.md)
88
89
### Event Management
90
91
Comprehensive event lifecycle management including creation, modification, publishing, and deletion of MISP events with full attribute and object support.
92
93
```python { .api }
94
def events(self, **kwargs) -> list: ...
95
def get_event(self, event_id: int | str, **kwargs) -> dict: ...
96
def add_event(self, event: MISPEvent | dict, **kwargs) -> dict: ...
97
def update_event(self, event: MISPEvent | dict, **kwargs) -> dict: ...
98
def delete_event(self, event_id: int | str) -> dict: ...
99
def publish(self, event_id: int | str) -> dict: ...
100
```
101
102
[Event Management](./event-management.md)
103
104
### Attribute Management
105
106
Detailed attribute handling for managing indicators and observables within events, including attribute creation, updates, and validation.
107
108
```python { .api }
109
def attributes(self, **kwargs) -> list: ...
110
def get_attribute(self, attribute_id: int | str) -> dict: ...
111
def add_attribute(self, event_id: int | str, attribute: MISPAttribute | dict, **kwargs) -> dict: ...
112
def update_attribute(self, attribute: MISPAttribute | dict, **kwargs) -> dict: ...
113
def delete_attribute(self, attribute_id: int | str) -> dict: ...
114
```
115
116
[Attribute Management](./attribute-management.md)
117
118
### Object Management
119
120
MISP object handling for structured threat intelligence data including file objects, network objects, and custom object types.
121
122
```python { .api }
123
def get_object(self, object_id: int | str) -> dict: ...
124
def add_object(self, event_id: int | str, misp_object: MISPObject | dict, **kwargs) -> dict: ...
125
def update_object(self, misp_object: MISPObject | dict, **kwargs) -> dict: ...
126
def delete_object(self, object_id: int | str) -> dict: ...
127
def object_templates(self) -> list: ...
128
```
129
130
[Object Management](./object-management.md)
131
132
### Search & Query
133
134
Powerful search capabilities across events, attributes, sightings, and other MISP data with complex filtering and correlation support.
135
136
```python { .api }
137
def search(self, **kwargs) -> list: ...
138
def search_index(self, **kwargs) -> list: ...
139
def search_sightings(self, **kwargs) -> list: ...
140
def search_logs(self, **kwargs) -> list: ...
141
def search_tags(self, **kwargs) -> list: ...
142
```
143
144
[Search & Query](./search-query.md)
145
146
### Data Model Classes
147
148
Rich Python objects representing all MISP entities with validation, serialization, and relationship management capabilities.
149
150
```python { .api }
151
class MISPEvent(AbstractMISP): ...
152
class MISPAttribute(AbstractMISP): ...
153
class MISPObject(AbstractMISP): ...
154
class MISPUser(AbstractMISP): ...
155
class MISPOrganisation(AbstractMISP): ...
156
```
157
158
[Data Model Classes](./data-models.md)
159
160
### User & Organization Management
161
162
Complete user account and organization administration including roles, permissions, and settings management.
163
164
```python { .api }
165
def users(self, **kwargs) -> list: ...
166
def get_user(self, user_id: int | str) -> dict: ...
167
def add_user(self, user: MISPUser | dict, **kwargs) -> dict: ...
168
def organisations(self, **kwargs) -> list: ...
169
def get_organisation(self, org_id: int | str) -> dict: ...
170
```
171
172
[User & Organization Management](./user-org-management.md)
173
174
### Object Generators & Tools
175
176
Specialized object creation tools for generating structured threat intelligence objects from various data sources.
177
178
```python { .api }
179
class FileObject(AbstractMISPObjectGenerator): ...
180
class URLObject(AbstractMISPObjectGenerator): ...
181
class EmailObject(AbstractMISPObjectGenerator): ...
182
class VTReportObject(AbstractMISPObjectGenerator): ...
183
```
184
185
[Object Generators & Tools](./object-generators.md)
186
187
### Server & Synchronization
188
189
Multi-server synchronization and federation capabilities for sharing threat intelligence across MISP instances.
190
191
```python { .api }
192
def servers(self, **kwargs) -> list: ...
193
def add_server(self, server: MISPServer | dict) -> dict: ...
194
def server_pull(self, server_id: int | str, **kwargs) -> dict: ...
195
def server_push(self, server_id: int | str, **kwargs) -> dict: ...
196
```
197
198
[Server & Synchronization](./server-sync.md)
199
200
### Tag & Taxonomy Management
201
202
Comprehensive tagging and classification system management including taxonomies, warning lists, and custom tags.
203
204
```python { .api }
205
def tags(self, **kwargs) -> list: ...
206
def add_tag(self, tag: MISPTag | dict, **kwargs) -> dict: ...
207
def taxonomies(self, **kwargs) -> list: ...
208
def warninglists(self, **kwargs) -> list: ...
209
```
210
211
[Tag & Taxonomy Management](./tag-taxonomy.md)