Event Management

def events(self, pythonify: bool = False) -> dict[str, Any] | list[MISPEvent] | list[dict[str, Any]]:
    """
    Get all events from the MISP instance.
    
    Parameters:
    - pythonify: Return MISPEvent objects instead of raw JSON
    
    Returns:
    List of events or error dictionary
    """

def get_event(
    self,
    event: MISPEvent | int | str | UUID,
    deleted: bool | int | list[int] = False,
    extended: bool | int = False,
    pythonify: bool = False
) -> dict[str, Any] | MISPEvent:
    """
    Get an event from MISP instance with collections like attributes, objects, tags.
    
    Parameters:
    - event: Event ID, UUID, or MISPEvent object
    - deleted: Include soft-deleted attributes
    - extended: Include extended event information
    - pythonify: Return MISPEvent object instead of raw JSON
    
    Returns:
    Event data or MISPEvent object
    """

def event_exists(self, event: MISPEvent | int | str | UUID) -> bool:
    """
    Check if event exists in MISP.
    
    Parameters:
    - event: Event ID, UUID, or MISPEvent object to check
    
    Returns:
    True if event exists, False otherwise
    """

def add_event(self, event: MISPEvent, pythonify: bool = False, metadata: bool = False) -> dict[str, Any] | MISPEvent:
    """
    Create new event in MISP.
    
    Parameters:
    - event: MISPEvent object to create
    - pythonify: Return MISPEvent object instead of raw JSON
    - metadata: Include metadata in response
    
    Returns:
    Created event or error dictionary
    """

def update_event(
    self,
    event: MISPEvent,
    event_id: int | None = None,
    pythonify: bool = False,
    metadata: bool = False
) -> dict[str, Any] | MISPEvent:
    """
    Update existing event in MISP.
    
    Parameters:
    - event: MISPEvent object with updates
    - event_id: Specific event ID to update
    - pythonify: Return MISPEvent object instead of raw JSON
    - metadata: Include metadata in response
    
    Returns:
    Updated event or error dictionary
    """

def publish(self, event: MISPEvent | int | str | UUID, alert: bool = False) -> dict[str, Any] | list[dict[str, Any]]:
    """
    Publish event for distribution.
    
    Parameters:
    - event: Event ID, UUID, or MISPEvent object to publish
    - alert: Send email alerts to subscribers
    
    Returns:
    Publication result or error dictionary
    """

def unpublish(self, event: MISPEvent | int | str | UUID) -> dict[str, Any] | list[dict[str, Any]]:
    """
    Unpublish previously published event.
    
    Parameters:
    - event: Event ID, UUID, or MISPEvent object to unpublish
    
    Returns:
    Unpublication result or error dictionary
    """

def delete_event(self, event: MISPEvent | int | str | UUID) -> dict[str, Any] | list[dict[str, Any]]:
    """
    Delete event from MISP.
    
    Parameters:
    - event: Event ID, UUID, or MISPEvent object to delete
    
    Returns:
    Deletion result or error dictionary
    """

def contact_event_reporter(self, event: MISPEvent | int | str | UUID, message: str) -> dict[str, Any] | list[dict[str, Any]]:
    """
    Send message to event reporter/creator.
    
    Parameters:
    - event: Event ID, UUID, or MISPEvent object
    - message: Message content to send
    
    Returns:
    Message delivery result
    """

def enrich_event(self, event: MISPEvent | int | str | UUID, enrich_with: str | list[str]) -> dict[str, Any]:
    """
    Enrich event with data from enrichment modules.
    
    Parameters:
    - event: Event ID, UUID, or MISPEvent object to enrich
    - enrich_with: Module name(s) for enrichment
    
    Returns:
    Enrichment results
    """

def event_delegations(self, pythonify: bool = False) -> dict[str, Any] | list[MISPEventDelegation] | list[dict[str, Any]]:
    """
    Get all event delegations.
    
    Parameters:
    - pythonify: Return MISPEventDelegation objects instead of raw JSON
    
    Returns:
    List of event delegations
    """

def accept_event_delegation(self, delegation: MISPEventDelegation | int | str, pythonify: bool = False) -> dict[str, Any] | list[dict[str, Any]]:
    """
    Accept event delegation request.
    
    Parameters:
    - delegation: Delegation ID or MISPEventDelegation object
    - pythonify: Return objects instead of raw JSON
    
    Returns:
    Acceptance result
    """

def discard_event_delegation(self, delegation: MISPEventDelegation | int | str, pythonify: bool = False) -> dict[str, Any] | list[dict[str, Any]]:
    """
    Discard event delegation request.
    
    Parameters:
    - delegation: Delegation ID or MISPEventDelegation object
    - pythonify: Return objects instead of raw JSON
    
    Returns:
    Discard result
    """

def delegate_event(
    self,
    event: MISPEvent | int | str | UUID | None = None,
    organisation: MISPOrganisation | int | str | UUID | None = None,
    sharing_group: MISPSharingGroup | int | str | UUID | None = None,
    message: str | None = None,
    pythonify: bool = False
) -> dict[str, Any] | list[dict[str, Any]]:
    """
    Delegate event to another organization.
    
    Parameters:
    - event: Event to delegate
    - organisation: Target organization
    - sharing_group: Target sharing group
    - message: Delegation message
    - pythonify: Return objects instead of raw JSON
    
    Returns:
    Delegation result
    """

def get_event_report(
    self,
    event_report: MISPEventReport | int | str | UUID,
    pythonify: bool = False
) -> dict[str, Any] | MISPEventReport:
    """
    Get specific event report.
    
    Parameters:
    - event_report: Report ID or MISPEventReport object
    - pythonify: Return MISPEventReport object instead of raw JSON
    
    Returns:
    Event report data
    """

def get_event_reports(
    self,
    event_id: int | str,
    pythonify: bool = False
) -> dict[str, Any] | list[MISPEventReport] | list[dict[str, Any]]:
    """
    Get all reports for an event.
    
    Parameters:
    - event_id: Event ID to get reports for
    - pythonify: Return MISPEventReport objects instead of raw JSON
    
    Returns:
    List of event reports
    """

def add_event_report(
    self,
    event: MISPEvent | int | str | UUID,
    event_report: MISPEventReport,
    pythonify: bool = False
) -> dict[str, Any] | MISPEventReport:
    """
    Add report to event.
    
    Parameters:
    - event: Target event
    - event_report: MISPEventReport object to add
    - pythonify: Return MISPEventReport object instead of raw JSON
    
    Returns:
    Added event report
    """

def update_event_report(
    self,
    event_report: MISPEventReport,
    event_report_id: int | None = None,
    pythonify: bool = False
) -> dict[str, Any] | MISPEventReport:
    """
    Update existing event report.
    
    Parameters:
    - event_report: MISPEventReport object with updates
    - event_report_id: Specific report ID to update
    - pythonify: Return MISPEventReport object instead of raw JSON
    
    Returns:
    Updated event report
    """

def delete_event_report(
    self,
    event_report: MISPEventReport | int | str | UUID,
    hard: bool = False
) -> dict[str, Any] | list[dict[str, Any]]:
    """
    Delete event report.
    
    Parameters:
    - event_report: Report ID or MISPEventReport object to delete
    - hard: Hard delete (permanent) vs soft delete
    
    Returns:
    Deletion result
    """

from pymisp import PyMISP, MISPEvent, MISPAttribute

# Initialize client
misp = PyMISP('https://misp.example.com', 'your-api-key')

# Get all events
events = misp.events()
print(f"Total events: {len(events)}")

# Get specific event with full details
event = misp.get_event('event-uuid-here', extended=True, pythonify=True)
print(f"Event: {event.info}")

# Check if event exists
if misp.event_exists('event-id-here'):
    print("Event exists")

# Create new event
event = MISPEvent()
event.info = "Suspicious Activity Detected"
event.distribution = 1  # Community only
event.threat_level_id = 2  # Medium

# Add event to MISP
response = misp.add_event(event, pythonify=True)
event_id = response.id

# Publish event for sharing
misp.publish(event_id, alert=True)
print(f"Event {event_id} published")

# Update event
event.analysis = 2  # Complete
misp.update_event(event, pythonify=True)

# Enrich event with external data
enrichment = misp.enrich_event(event_id, ['virustotal', 'shodan'])
print(f"Enrichment results: {enrichment}")

# Contact event reporter
message = "Need additional context about this threat"
misp.contact_event_reporter(event_id, message)

# Delegate event to another organization
misp.delegate_event(
    event=event_id,
    organisation='target-org-id',
    message="Please review and provide analysis"
)

from pymisp import MISPEventReport

# Create event report
report = MISPEventReport()
report.name = "Technical Analysis Report"
report.content = "Detailed technical analysis of the incident..."

# Add report to event
misp.add_event_report(event_id, report)

# Get all reports for event
reports = misp.get_event_reports(event_id, pythonify=True)
for report in reports:
    print(f"Report: {report.name}")

from pymisp import MISPEvent, MISPEventReport, MISPEventDelegation
from typing import Any, Union
from uuid import UUID

# Type aliases
EventIdentifier = Union[MISPEvent, int, str, UUID]
ResponseType = Union[dict[str, Any], list[dict[str, Any]]]