or run

npx @tessl/cli init
Log in

Version

Tile

Overview

Evals

Files

Files

docs

attribute-management.mdcore-api.mddata-models.mdevent-management.mdindex.mdobject-generators.mdobject-management.mdsearch-query.mdserver-sync.mdtag-taxonomy.mduser-org-management.md

object-management.mddocs/

0
# Object Management
1


2
Comprehensive MISP object handling for structured threat intelligence data including file objects, network objects, and custom object types with templates and relationships.
3


4
## Capabilities
5


6
### Object Retrieval
7


8
Retrieve MISP objects with their attributes, references, and relationships.
9


10
```python { .api }
11
def get_object(
12
    self,
13
    object_id: Union[int, str],
14
    includeReferences: bool = False
15
) -> dict:
16
    """
17
    Get MISP object by ID.
18
    
19
    Parameters:
20
    - object_id: Object ID or UUID
21
    - includeReferences: Include object references
22
    
23
    Returns:
24
    Object dictionary with attributes and metadata
25
    """
26


27
def objects(
28
    self,
29
    limit: int = None,
30
    page: int = None,
31
    **kwargs
32
) -> list:
33
    """List objects with filtering options."""
34


35
def object_exists(self, object_id: Union[int, str]) -> bool:
36
    """Check if object exists by ID."""
37
```
38


39
### Object Creation & Updates
40


41
Create and modify MISP objects with structured attributes and relationships.
42


43
```python { .api }
44
def add_object(
45
    self,
46
    event_id: Union[int, str],
47
    misp_object: Union['MISPObject', dict],
48
    **kwargs
49
) -> dict:
50
    """
51
    Add object to event.
52
    
53
    Parameters:
54
    - event_id: Target event ID
55
    - misp_object: MISPObject instance or object dictionary
56
    
57
    Returns:
58
    Created object data with ID
59
    """
60


61
def update_object(
62
    self,
63
    misp_object: Union['MISPObject', dict],
64
    object_id: Union[int, str] = None,
65
    **kwargs
66
) -> dict:
67
    """
68
    Update existing object.
69
    
70
    Parameters:
71
    - misp_object: Updated object data
72
    - object_id: Object ID (optional if in object data)
73
    
74
    Returns:
75
    Updated object data
76
    """
77


78
def fast_update_object(
79
    self,
80
    misp_object: Union['MISPObject', dict],
81
    object_id: Union[int, str] = None
82
) -> dict:
83
    """Fast object update without full validation."""
84
```
85


86
### Object Deletion & Management
87


88
Delete objects and manage object lifecycle with cascade handling.
89


90
```python { .api }
91
def delete_object(self, object_id: Union[int, str]) -> dict:
92
    """
93
    Delete object permanently.
94
    
95
    Parameters:
96
    - object_id: Object ID to delete
97
    
98
    Returns:
99
    Deletion confirmation
100
    """
101


102
def restore_object(self, object_id: Union[int, str]) -> dict:
103
    """Restore soft-deleted object."""
104


105
def set_object_distribution(
106
    self,
107
    object_id: Union[int, str],
108
    distribution: int
109
) -> dict:
110
    """Set object distribution level."""
111


112
def set_object_sharing_group(
113
    self,
114
    object_id: Union[int, str],
115
    sharing_group_id: int
116
) -> dict:
117
    """Set object sharing group."""
118
```
119


120
### Object Templates
121


122
Manage object templates that define structured object schemas.
123


124
```python { .api }
125
def object_templates(self, **kwargs) -> list:
126
    """
127
    Get available object templates.
128
    
129
    Returns:
130
    List of object template definitions
131
    """
132


133
def get_object_template(
134
    self,
135
    template_id: Union[int, str]
136
) -> dict:
137
    """
138
    Get specific object template.
139
    
140
    Parameters:
141
    - template_id: Template ID or UUID
142
    
143
    Returns:
144
    Object template definition with attributes
145
    """
146


147
def update_object_templates(self) -> dict:
148
    """Update object templates from MISP objects repository."""
149


150
def add_object_template(self, template: dict) -> dict:
151
    """Add custom object template."""
152
```
153


154
### Object References & Relationships
155


156
Manage relationships and references between objects and other MISP entities.
157


158
```python { .api }
159
def add_object_reference(
160
    self,
161
    object_reference: Union['MISPObjectReference', dict]
162
) -> dict:
163
    """
164
    Add reference between objects.
165
    
166
    Parameters:
167
    - object_reference: Reference definition
168
    
169
    Returns:
170
    Created reference data
171
    """
172


173
def delete_object_reference(
174
    self,
175
    reference_id: Union[int, str]
176
) -> dict:
177
    """Delete object reference."""
178


179
def get_object_references(
180
    self,
181
    object_id: Union[int, str]
182
) -> list:
183
    """Get all references for object."""
184


185
def update_object_reference(
186
    self,
187
    reference_id: Union[int, str],
188
    relationship_type: str
189
) -> dict:
190
    """Update object reference relationship type."""
191
```
192


193
### Object Tags & Classification
194


195
Manage object-level tags and classifications.
196


197
```python { .api }
198
def tag_object(
199
    self,
200
    object_id: Union[int, str],
201
    tag: Union[str, 'MISPTag'],
202
    local: bool = False
203
) -> dict:
204
    """Add tag to object."""
205


206
def untag_object(
207
    self,
208
    object_id: Union[int, str],
209
    tag: Union[str, 'MISPTag']
210
) -> dict:
211
    """Remove tag from object."""
212
```
213


214
## Usage Examples
215


216
### Basic Object Operations
217


218
```python
219
from pymisp import PyMISP, MISPObject
220


221
misp = PyMISP('https://misp.example.com', 'your-api-key')
222


223
# Create a file object
224
file_obj = MISPObject('file')
225
file_obj.add_attribute('filename', 'malware.exe')
226
file_obj.add_attribute('md5', 'd41d8cd98f00b204e9800998ecf8427e')
227
file_obj.add_attribute('sha1', 'da39a3ee5e6b4b0d3255bfef95601890afd80709')
228
file_obj.add_attribute('size-in-bytes', 1024)
229


230
# Add object to event
231
response = misp.add_object(event_id, file_obj)
232
object_id = response['Object']['id']
233
```
234


235
### Working with Object Templates
236


237
```python
238
# Get available templates
239
templates = misp.object_templates()
240
print(f"Available templates: {len(templates)}")
241


242
# Get specific template
243
file_template = misp.get_object_template('file')
244
print(f"Template attributes: {file_template['ObjectTemplate']['requirements']}")
245


246
# Create object from template
247
network_conn = MISPObject('network-connection')
248
network_conn.add_attribute('src-port', 8080)
249
network_conn.add_attribute('dst-port', 443)
250
network_conn.add_attribute('protocol', 'tcp')
251
network_conn.add_attribute('src-ip', '192.168.1.100')
252
network_conn.add_attribute('dst-ip', '203.0.113.10')
253


254
misp.add_object(event_id, network_conn)
255
```
256


257
### Object References & Relationships
258


259
```python
260
from pymisp import MISPObjectReference
261


262
# Create objects
263
domain_obj = MISPObject('domain-ip')
264
domain_obj.add_attribute('domain', 'malware.example.com')
265
domain_obj.add_attribute('ip', '203.0.113.10')
266


267
url_obj = MISPObject('url')
268
url_obj.add_attribute('url', 'http://malware.example.com/payload')
269


270
# Add objects
271
domain_response = misp.add_object(event_id, domain_obj)
272
url_response = misp.add_object(event_id, url_obj)
273


274
# Create reference between objects
275
reference = MISPObjectReference()
276
reference.referenced_uuid = domain_response['Object']['uuid']
277
reference.relationship_type = 'hosted-on'
278
reference.object_uuid = url_response['Object']['uuid']
279


280
misp.add_object_reference(reference)
281
```
282


283
### Complex Object Creation
284


285
```python
286
# Create email object with attachments
287
email_obj = MISPObject('email')
288
email_obj.add_attribute('from', 'attacker@evil.com')
289
email_obj.add_attribute('to', 'victim@company.com')
290
email_obj.add_attribute('subject', 'Important Document')
291
email_obj.add_attribute('message-id', '<12345@evil.com>')
292


293
# Add attachment as separate file object
294
attachment_obj = MISPObject('file')
295
attachment_obj.add_attribute('filename', 'document.pdf')
296
attachment_obj.add_attribute('md5', 'abc123def456')
297


298
# Add both objects
299
email_response = misp.add_object(event_id, email_obj)
300
file_response = misp.add_object(event_id, attachment_obj)
301


302
# Link attachment to email
303
attachment_ref = MISPObjectReference()
304
attachment_ref.referenced_uuid = file_response['Object']['uuid']
305
attachment_ref.relationship_type = 'attachment'
306
attachment_ref.object_uuid = email_response['Object']['uuid']
307


308
misp.add_object_reference(attachment_ref)
309
```
310


311
### Object Searching & Filtering
312


313
```python
314
# Search objects by template
315
file_objects = misp.objects(template='file', limit=100)
316


317
# Search objects with specific attributes
318
domain_objects = misp.objects(
319
    template='domain-ip',
320
    attribute_value='%.example.com'
321
)
322


323
# Get objects from specific event
324
event_objects = misp.objects(event_id=123)
325


326
# Search by object attribute type
327
hash_objects = misp.objects(attribute_type='md5')
328
```
329


330
### Object Updates & Management
331


332
```python
333
# Update object distribution
334
misp.set_object_distribution(object_id, 1)  # Community only
335


336
# Add tags to object
337
misp.tag_object(object_id, 'malware')
338
misp.tag_object(object_id, 'apt-campaign')
339


340
# Update object attributes
341
updated_obj = misp.get_object(object_id)
342
# Modify object attributes as needed
343
misp.update_object(updated_obj, object_id)
344
```
345


346
## Types
347


348
```python { .api }
349
from typing import Union, List, Dict, Optional
350


351
ObjectID = Union[int, str]
352
TemplateID = Union[int, str]
353
ObjectTemplate = Dict[str, Union[str, int, Dict, List]]
354
ObjectReference = Dict[str, Union[str, int]]
355
RelationshipType = str  # 'hosted-on', 'attachment', 'connects-to', etc.
356
```