tessl/pypi-pymisp
Python API for MISP threat intelligence platform enabling programmatic access to MISP instances.
Overall
score
96%
task.mdevals/scenario-2/
Threat Intelligence Query Tool
A command-line tool for querying and exporting threat intelligence data from a MISP instance with advanced filtering and multi-format export capabilities.
Capabilities
Connection Management
- It establishes a connection to a MISP instance using URL and API key from environment variables @test
- It raises an error if MISP_URL or MISP_API_KEY environment variables are missing @test
Basic Search with Tag Filtering
- It searches for events with a single tag (e.g., "tlp:amber") and returns matching events @test
- It searches for events with multiple tags using AND logic (e.g., events must have both "malware" AND "apt") @test
- It searches for events excluding specific tags using NOT logic (e.g., events with "phishing" but NOT "false-positive") @test
Time-Based Filtering
- It searches for events published within the last 7 days using shorthand notation (e.g., "7d") @test
- It searches for events within a specific date range using timestamps @test
Multi-Format Export
- It exports search results to JSON format and saves to a file @test
- It exports search results to CSV format and saves to a file @test
- It exports search results to STIX 2 format and saves to a file @test
Attribute-Specific Search
- It searches for attributes of specific types (e.g., "ip-src", "domain") within a time range @test
- It returns attribute values that can be used for threat hunting @test
Implementation
@generates
API
import os
from typing import List, Dict, Optional, Any
def connect_to_misp() -> Any:
"""
Establishes connection to MISP instance using environment variables.
Returns:
A PyMISP connection object.
Raises:
ValueError: If MISP_URL or MISP_API_KEY environment variables are not set.
"""
pass
def search_events_by_tags(
misp_connection: Any,
tags: List[str],
tag_logic: str = "AND",
exclude_tags: Optional[List[str]] = None
) -> List[Dict]:
"""
Searches for events matching tag criteria.
Args:
misp_connection: Active MISP connection object.
tags: List of tags to search for.
tag_logic: Logic to apply ("AND" or "OR"). Default is "AND".
exclude_tags: Optional list of tags to exclude (NOT logic).
Returns:
List of matching events as dictionaries.
"""
pass
def search_events_by_time(
misp_connection: Any,
time_range: str,
tags: Optional[List[str]] = None
) -> List[Dict]:
"""
Searches for events within a time range.
Args:
misp_connection: Active MISP connection object.
time_range: Time range in shorthand notation (e.g., "7d", "24h") or date range.
tags: Optional list of tags to filter by.
Returns:
List of matching events as dictionaries.
"""
pass
def export_to_format(
misp_connection: Any,
search_results: List[Dict],
format_type: str,
output_path: str
) -> None:
"""
Exports search results to specified format.
Args:
misp_connection: Active MISP connection object.
search_results: List of events/attributes to export.
format_type: Export format ("json", "csv", "stix2").
output_path: File path where export should be saved.
"""
pass
def search_attributes_by_type(
misp_connection: Any,
attribute_types: List[str],
time_range: Optional[str] = None
) -> List[Dict]:
"""
Searches for attributes of specific types.
Args:
misp_connection: Active MISP connection object.
attribute_types: List of attribute types to search for (e.g., ["ip-src", "domain"]).
time_range: Optional time range filter.
Returns:
List of matching attributes as dictionaries.
"""
pass
def extract_ioc_values(attributes: List[Dict]) -> List[str]:
"""
Extracts IOC values from attribute search results.
Args:
attributes: List of attribute dictionaries.
Returns:
List of attribute values suitable for threat hunting.
"""
passDependencies { .dependencies }
pymisp { .dependency }
Provides Python API for MISP threat intelligence platform.
Install with Tessl CLI
npx tessl i tessl/pypi-pymispdocs
evals
scenario-1
scenario-2
scenario-3
scenario-4
scenario-5
scenario-6
scenario-7
scenario-8
scenario-9
scenario-10