tessl/pypi-pymisp
Python API for MISP threat intelligence platform enabling programmatic access to MISP instances.
Overall
score
96%
object-management.mddocs/
Object Management
Comprehensive MISP object handling for structured threat intelligence data including file objects, network objects, and custom object types with templates and relationships.
Capabilities
Object Retrieval
Retrieve MISP objects with their attributes, references, and relationships.
def get_object(
self,
object_id: Union[int, str],
includeReferences: bool = False
) -> dict:
"""
Get MISP object by ID.
Parameters:
- object_id: Object ID or UUID
- includeReferences: Include object references
Returns:
Object dictionary with attributes and metadata
"""
def objects(
self,
limit: int = None,
page: int = None,
**kwargs
) -> list:
"""List objects with filtering options."""
def object_exists(self, object_id: Union[int, str]) -> bool:
"""Check if object exists by ID."""Object Creation & Updates
Create and modify MISP objects with structured attributes and relationships.
def add_object(
self,
event_id: Union[int, str],
misp_object: Union['MISPObject', dict],
**kwargs
) -> dict:
"""
Add object to event.
Parameters:
- event_id: Target event ID
- misp_object: MISPObject instance or object dictionary
Returns:
Created object data with ID
"""
def update_object(
self,
misp_object: Union['MISPObject', dict],
object_id: Union[int, str] = None,
**kwargs
) -> dict:
"""
Update existing object.
Parameters:
- misp_object: Updated object data
- object_id: Object ID (optional if in object data)
Returns:
Updated object data
"""
def fast_update_object(
self,
misp_object: Union['MISPObject', dict],
object_id: Union[int, str] = None
) -> dict:
"""Fast object update without full validation."""Object Deletion & Management
Delete objects and manage object lifecycle with cascade handling.
def delete_object(self, object_id: Union[int, str]) -> dict:
"""
Delete object permanently.
Parameters:
- object_id: Object ID to delete
Returns:
Deletion confirmation
"""
def restore_object(self, object_id: Union[int, str]) -> dict:
"""Restore soft-deleted object."""
def set_object_distribution(
self,
object_id: Union[int, str],
distribution: int
) -> dict:
"""Set object distribution level."""
def set_object_sharing_group(
self,
object_id: Union[int, str],
sharing_group_id: int
) -> dict:
"""Set object sharing group."""Object Templates
Manage object templates that define structured object schemas.
def object_templates(self, **kwargs) -> list:
"""
Get available object templates.
Returns:
List of object template definitions
"""
def get_object_template(
self,
template_id: Union[int, str]
) -> dict:
"""
Get specific object template.
Parameters:
- template_id: Template ID or UUID
Returns:
Object template definition with attributes
"""
def update_object_templates(self) -> dict:
"""Update object templates from MISP objects repository."""
def add_object_template(self, template: dict) -> dict:
"""Add custom object template."""Object References & Relationships
Manage relationships and references between objects and other MISP entities.
def add_object_reference(
self,
object_reference: Union['MISPObjectReference', dict]
) -> dict:
"""
Add reference between objects.
Parameters:
- object_reference: Reference definition
Returns:
Created reference data
"""
def delete_object_reference(
self,
reference_id: Union[int, str]
) -> dict:
"""Delete object reference."""
def get_object_references(
self,
object_id: Union[int, str]
) -> list:
"""Get all references for object."""
def update_object_reference(
self,
reference_id: Union[int, str],
relationship_type: str
) -> dict:
"""Update object reference relationship type."""Object Tags & Classification
Manage object-level tags and classifications.
def tag_object(
self,
object_id: Union[int, str],
tag: Union[str, 'MISPTag'],
local: bool = False
) -> dict:
"""Add tag to object."""
def untag_object(
self,
object_id: Union[int, str],
tag: Union[str, 'MISPTag']
) -> dict:
"""Remove tag from object."""Usage Examples
Basic Object Operations
from pymisp import PyMISP, MISPObject
misp = PyMISP('https://misp.example.com', 'your-api-key')
# Create a file object
file_obj = MISPObject('file')
file_obj.add_attribute('filename', 'malware.exe')
file_obj.add_attribute('md5', 'd41d8cd98f00b204e9800998ecf8427e')
file_obj.add_attribute('sha1', 'da39a3ee5e6b4b0d3255bfef95601890afd80709')
file_obj.add_attribute('size-in-bytes', 1024)
# Add object to event
response = misp.add_object(event_id, file_obj)
object_id = response['Object']['id']Working with Object Templates
# Get available templates
templates = misp.object_templates()
print(f"Available templates: {len(templates)}")
# Get specific template
file_template = misp.get_object_template('file')
print(f"Template attributes: {file_template['ObjectTemplate']['requirements']}")
# Create object from template
network_conn = MISPObject('network-connection')
network_conn.add_attribute('src-port', 8080)
network_conn.add_attribute('dst-port', 443)
network_conn.add_attribute('protocol', 'tcp')
network_conn.add_attribute('src-ip', '192.168.1.100')
network_conn.add_attribute('dst-ip', '203.0.113.10')
misp.add_object(event_id, network_conn)Object References & Relationships
from pymisp import MISPObjectReference
# Create objects
domain_obj = MISPObject('domain-ip')
domain_obj.add_attribute('domain', 'malware.example.com')
domain_obj.add_attribute('ip', '203.0.113.10')
url_obj = MISPObject('url')
url_obj.add_attribute('url', 'http://malware.example.com/payload')
# Add objects
domain_response = misp.add_object(event_id, domain_obj)
url_response = misp.add_object(event_id, url_obj)
# Create reference between objects
reference = MISPObjectReference()
reference.referenced_uuid = domain_response['Object']['uuid']
reference.relationship_type = 'hosted-on'
reference.object_uuid = url_response['Object']['uuid']
misp.add_object_reference(reference)Complex Object Creation
# Create email object with attachments
email_obj = MISPObject('email')
email_obj.add_attribute('from', 'attacker@evil.com')
email_obj.add_attribute('to', 'victim@company.com')
email_obj.add_attribute('subject', 'Important Document')
email_obj.add_attribute('message-id', '<12345@evil.com>')
# Add attachment as separate file object
attachment_obj = MISPObject('file')
attachment_obj.add_attribute('filename', 'document.pdf')
attachment_obj.add_attribute('md5', 'abc123def456')
# Add both objects
email_response = misp.add_object(event_id, email_obj)
file_response = misp.add_object(event_id, attachment_obj)
# Link attachment to email
attachment_ref = MISPObjectReference()
attachment_ref.referenced_uuid = file_response['Object']['uuid']
attachment_ref.relationship_type = 'attachment'
attachment_ref.object_uuid = email_response['Object']['uuid']
misp.add_object_reference(attachment_ref)Object Searching & Filtering
# Search objects by template
file_objects = misp.objects(template='file', limit=100)
# Search objects with specific attributes
domain_objects = misp.objects(
template='domain-ip',
attribute_value='%.example.com'
)
# Get objects from specific event
event_objects = misp.objects(event_id=123)
# Search by object attribute type
hash_objects = misp.objects(attribute_type='md5')Object Updates & Management
# Update object distribution
misp.set_object_distribution(object_id, 1) # Community only
# Add tags to object
misp.tag_object(object_id, 'malware')
misp.tag_object(object_id, 'apt-campaign')
# Update object attributes
updated_obj = misp.get_object(object_id)
# Modify object attributes as needed
misp.update_object(updated_obj, object_id)Types
from typing import Union, List, Dict, Optional
ObjectID = Union[int, str]
TemplateID = Union[int, str]
ObjectTemplate = Dict[str, Union[str, int, Dict, List]]
ObjectReference = Dict[str, Union[str, int]]
RelationshipType = str # 'hosted-on', 'attachment', 'connects-to', etc.Install with Tessl CLI
npx tessl i tessl/pypi-pymispdocs
evals
scenario-1
scenario-2
scenario-3
scenario-4
scenario-5
scenario-6
scenario-7
scenario-8
scenario-9
scenario-10