'%3e%3cpath%20d='M3.389%209.069c0-.009.043-.033.029-.044L.029%207.77l3.287-1.197L6.574%207.77l.106.083.005%204-3.297%201.185V9.068ZM13.582%209.32V2.74l3.405%201.238v4.104L13.583%209.32ZM10.253%2014.66l-3.476%201.268v-4.027l3.476-1.313v4.072ZM10.253%2010.558l-3.476%201.239V7.784l3.476-1.268v4.042ZM10.253%2014.719v3.968L6.777%2020v-3.998l3.476-1.283ZM17%208.139v4.042l-3.418%201.239V9.378L17%208.138ZM3.3%2017.168%200%2015.943v-4.027l3.3%201.224v4.028ZM6.69%2011.916v4.027l-3.302%201.225v-4.072l3.301-1.18ZM6.69%203.743v4.012l-3.33-1.21V2.564l3.33%201.18Z'/%3e%3cpath%20d='M3.3%2013.066%200%2011.842V7.844l3.3%201.224v3.998ZM13.524%209.334l-.175.088.175-.014v4.027l-3.152%201.183-.06-.032v-3.983l1.986-.767-.111.006-1.876.657V6.531l3.213-1.224v4.027Zm-.263.133c-.065.008-.198.023-.233.088.065-.008.198-.023.233-.088Zm-.321.118c-.065.008-.198.023-.233.088.065-.009.198-.023.233-.088Zm-.321.118c-.066.008-.199.023-.234.088.065-.008.199-.023.234-.088ZM13.524%201.266v3.968l-3.213%201.195V2.46l3.213-1.194ZM10.253%202.475v3.968L6.777%207.726V3.743l3.476-1.268ZM8.2%204.458c-.304.064-.627.5-.708.79-.27.963.636%201.081%201.091.364.277-.437.354-1.308-.383-1.154ZM13.524%2013.51v3.983l-3.17%201.177c-.011%200-.043-.067-.043-.07v-3.895l3.213-1.195Zm-.884%201.63c-.495.085-1.068%201.015-.676%201.435.483.517%201.502-.636%201.147-1.246-.098-.169-.286-.221-.47-.19ZM10.165%202.387l-.037.065-3.395%201.249-3.345-1.212L6.88%201.21l3.285%201.178ZM13.437%201.177l-.088.073-3.057%201.127-3.034-1.082-.277-.133L10.151%200l3.286%201.177Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h17v20H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
tessl/pypi-pymisp
tessl install tessl/pypi-pymisp@2.5.0Python API for MISP threat intelligence platform enabling programmatic access to MISP instances.
Agent Success
Agent success rate when using this tile
96%
Improvement
Agent success rate improvement when using this tile compared to baseline
1.25x
Baseline
Agent success rate without this tile
77%
task.mdevals/scenario-10/
Threat Intelligence Object Manager
Build a threat intelligence object management system that creates, links, and manages structured security artifacts for a threat intelligence platform.
Overview
Your system should help analysts document phishing campaigns by creating structured objects that represent emails, files, and domain infrastructure, then establish relationships between these objects to map the attack flow.
Capabilities
Object Creation
Create structured objects for different security artifacts:
- Create an email object with sender, recipient, and subject fields @test
- Create a file object with filename and hash values @test
- Create a domain-ip object linking a domain to its IP address @test
Object Relationships
Establish connections between related security artifacts:
- Link a file object to an email object with an "attachment" relationship @test
- Link a domain object to an email object with a "sender-infrastructure" relationship @test
Template Discovery
Query available object templates to understand supported object types:
- List all available object templates @test
- Retrieve details of the "email" template including its required and optional attributes @test
Object Retrieval
Fetch created objects with their relationships:
- Retrieve an object by its ID including its references to other objects @test
Implementation
@generates
API
class ThreatIntelligenceObjectManager:
"""Manages threat intelligence objects and their relationships."""
def __init__(self, misp_url: str, api_key: str):
"""
Initialize the object manager.
Parameters:
- misp_url: URL of the MISP instance
- api_key: API key for authentication
"""
pass
def create_email_object(self, event_id: int, sender: str, recipient: str, subject: str) -> dict:
"""
Create an email object within an event.
Parameters:
- event_id: ID of the event to add the object to
- sender: Email sender address
- recipient: Email recipient address
- subject: Email subject line
Returns:
Dictionary containing the created object with its ID and UUID
"""
pass
def create_file_object(self, event_id: int, filename: str, md5: str, sha1: str) -> dict:
"""
Create a file object within an event.
Parameters:
- event_id: ID of the event to add the object to
- filename: Name of the file
- md5: MD5 hash of the file
- sha1: SHA1 hash of the file
Returns:
Dictionary containing the created object with its ID and UUID
"""
pass
def create_domain_ip_object(self, event_id: int, domain: str, ip: str) -> dict:
"""
Create a domain-ip object within an event.
Parameters:
- event_id: ID of the event to add the object to
- domain: Domain name
- ip: IP address associated with the domain
Returns:
Dictionary containing the created object with its ID and UUID
"""
pass
def link_objects(self, source_uuid: str, target_uuid: str, relationship: str) -> dict:
"""
Create a reference between two objects.
Parameters:
- source_uuid: UUID of the source object
- target_uuid: UUID of the target object (the object being referenced)
- relationship: Type of relationship (e.g., "attachment", "sender-infrastructure")
Returns:
Dictionary containing the created reference
"""
pass
def list_templates(self) -> list:
"""
Get all available object templates.
Returns:
List of object template definitions
"""
pass
def get_template_details(self, template_name: str) -> dict:
"""
Get detailed information about a specific object template.
Parameters:
- template_name: Name of the template (e.g., "email", "file")
Returns:
Dictionary containing template details including attributes and requirements
"""
pass
def get_object_with_references(self, object_id: int) -> dict:
"""
Retrieve an object including its references to other objects.
Parameters:
- object_id: ID of the object to retrieve
Returns:
Dictionary containing the object data with references included
"""
passDependencies { .dependencies }
pymisp { .dependency }
Python library for interacting with MISP (Malware Information Sharing Platform) threat intelligence platform.