'%3e%3cpath%20d='M3.389%209.069c0-.009.043-.033.029-.044L.029%207.77l3.287-1.197L6.574%207.77l.106.083.005%204-3.297%201.185V9.068ZM13.582%209.32V2.74l3.405%201.238v4.104L13.583%209.32ZM10.253%2014.66l-3.476%201.268v-4.027l3.476-1.313v4.072ZM10.253%2010.558l-3.476%201.239V7.784l3.476-1.268v4.042ZM10.253%2014.719v3.968L6.777%2020v-3.998l3.476-1.283ZM17%208.139v4.042l-3.418%201.239V9.378L17%208.138ZM3.3%2017.168%200%2015.943v-4.027l3.3%201.224v4.028ZM6.69%2011.916v4.027l-3.302%201.225v-4.072l3.301-1.18ZM6.69%203.743v4.012l-3.33-1.21V2.564l3.33%201.18Z'/%3e%3cpath%20d='M3.3%2013.066%200%2011.842V7.844l3.3%201.224v3.998ZM13.524%209.334l-.175.088.175-.014v4.027l-3.152%201.183-.06-.032v-3.983l1.986-.767-.111.006-1.876.657V6.531l3.213-1.224v4.027Zm-.263.133c-.065.008-.198.023-.233.088.065-.008.198-.023.233-.088Zm-.321.118c-.065.008-.198.023-.233.088.065-.009.198-.023.233-.088Zm-.321.118c-.066.008-.199.023-.234.088.065-.008.199-.023.234-.088ZM13.524%201.266v3.968l-3.213%201.195V2.46l3.213-1.194ZM10.253%202.475v3.968L6.777%207.726V3.743l3.476-1.268ZM8.2%204.458c-.304.064-.627.5-.708.79-.27.963.636%201.081%201.091.364.277-.437.354-1.308-.383-1.154ZM13.524%2013.51v3.983l-3.17%201.177c-.011%200-.043-.067-.043-.07v-3.895l3.213-1.195Zm-.884%201.63c-.495.085-1.068%201.015-.676%201.435.483.517%201.502-.636%201.147-1.246-.098-.169-.286-.221-.47-.19ZM10.165%202.387l-.037.065-3.395%201.249-3.345-1.212L6.88%201.21l3.285%201.178ZM13.437%201.177l-.088.073-3.057%201.127-3.034-1.082-.277-.133L10.151%200l3.286%201.177Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h17v20H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
tessl/pypi-pymisp
tessl install tessl/pypi-pymisp@2.5.0Python API for MISP threat intelligence platform enabling programmatic access to MISP instances.
Agent Success
Agent success rate when using this tile
96%
Improvement
Agent success rate improvement when using this tile compared to baseline
1.25x
Baseline
Agent success rate without this tile
77%
task.mdevals/scenario-4/
Threat Intelligence Event Builder
A command-line tool for creating and managing threat intelligence events with indicators and structured threat objects.
Capabilities
Event Creation and Management
- Creates a new threat intelligence event with basic metadata (title, distribution level, threat level, analysis status) @test
- Adds multiple IP address indicators to an event with appropriate categorization @test
- Adds file hash indicators (MD5, SHA1, SHA256) to an event with proper typing @test
Structured Object Support
- Creates a file object containing multiple hash attributes with proper relationships @test
- Adds the file object to the event and ensures it's properly attached @test
Data Serialization
- Converts the complete event structure to JSON format for storage or transmission @test
- Reconstructs an event from JSON data preserving all attributes and objects @test
Implementation
@generates
API
class ThreatEventBuilder:
"""Builder for creating threat intelligence events with indicators and objects."""
def __init__(self):
"""Initialize a new threat event builder."""
pass
def create_event(self, title: str, distribution: int = 0, threat_level: int = 2, analysis: int = 0):
"""
Create a new threat intelligence event.
Args:
title: The event title/description
distribution: Distribution level (0=Your org only, 1=This community, 2=Connected communities, 3=All communities)
threat_level: Threat level (1=High, 2=Medium, 3=Low, 4=Undefined)
analysis: Analysis status (0=Initial, 1=Ongoing, 2=Complete)
Returns:
Self for method chaining
"""
pass
def add_ip_attribute(self, ip_address: str, category: str = "Network activity", comment: str = ""):
"""
Add an IP address indicator to the event.
Args:
ip_address: The IP address value
category: Attribute category (default: "Network activity")
comment: Optional comment about the indicator
Returns:
Self for method chaining
"""
pass
def add_hash_attribute(self, hash_value: str, hash_type: str, category: str = "Payload delivery", comment: str = ""):
"""
Add a file hash indicator to the event.
Args:
hash_value: The hash value
hash_type: Hash type ("md5", "sha1", "sha256")
category: Attribute category (default: "Payload delivery")
comment: Optional comment about the indicator
Returns:
Self for method chaining
"""
pass
def add_file_object(self, filename: str, md5: str = None, sha1: str = None, sha256: str = None, size: int = None):
"""
Add a structured file object to the event.
Args:
filename: The filename
md5: MD5 hash (optional)
sha1: SHA1 hash (optional)
sha256: SHA256 hash (optional)
size: File size in bytes (optional)
Returns:
Self for method chaining
"""
pass
def to_json(self) -> str:
"""
Serialize the event to JSON format.
Returns:
JSON string representation of the event
"""
pass
def from_json(self, json_str: str):
"""
Load an event from JSON format.
Args:
json_str: JSON string representation of an event
Returns:
Self for method chaining
"""
pass
def get_event(self):
"""
Get the underlying event object.
Returns:
The event object
"""
passDependencies { .dependencies }
pymisp { .dependency }
Provides data structures and models for MISP threat intelligence events, attributes, and objects.