pymisp - Tools

File Object

class pymisp.tools.FileObject(filepath=None, pseudofile=None, filename=None, standalone=True, **kwargs)[source]
add_attribute(object_relation, **value)

Add an attribute. object_relation is required and the value key is a dictionary with all the keys supported by MISPAttribute

add_reference(referenced_uuid, relationship_type, comment=None, **kwargs)

Add a link (uuid) to an other object

clear() → None. Remove all items from D.
edited

Recursively check if an object has been edited and update the flag accordingly to the parent objects

from_json(json_string)

Load a JSON string

get(k[, d]) → D[k] if k in D, else d. d defaults to None.
get_attributes_by_relation(object_relation)

Returns the list of attributes with the given object relation in the object

has_attributes_by_relation(list_of_relations)

True if all the relations in the list are defined in the object

items() → a set-like object providing a view on D's items
jsonable()

This method is used by the JSON encoder

keys() → a set-like object providing a view on D's keys
pop(k[, d]) → v, remove specified key and return the corresponding value.

If key is not found, d is returned if given, otherwise KeyError is raised.

popitem() → (k, v), remove and return some (key, value) pair

as a 2-tuple; but raise KeyError if D is empty.

properties

All the class public properties that will be dumped in the dictionary, and the JSON export. Note: all the properties starting with a _ (private), or listed in __not_jsonable will be skipped.

set_not_jsonable(*args)

Set __not_jsonable to a new list

setdefault(k[, d]) → D.get(k,d), also set D[k]=d if k not in D
update([E, ]**F) → None. Update D from mapping/iterable E and F.

If E present and has a .keys() method, does: for k in E: D[k] = E[k] If E present and lacks .keys() method, does: for (k, v) in E: D[k] = v In either case, this is followed by: for k, v in F.items(): D[k] = v

update_not_jsonable(*args)

Add entries to the __not_jsonable list

values() → an object providing a view on D's values

ELF Object

class pymisp.tools.ELFObject(parsed=None, filepath=None, pseudofile=None, standalone=True, **kwargs)[source]
add_attribute(object_relation, **value)

Add an attribute. object_relation is required and the value key is a dictionary with all the keys supported by MISPAttribute

add_reference(referenced_uuid, relationship_type, comment=None, **kwargs)

Add a link (uuid) to an other object

clear() → None. Remove all items from D.
edited

Recursively check if an object has been edited and update the flag accordingly to the parent objects

from_json(json_string)

Load a JSON string

get(k[, d]) → D[k] if k in D, else d. d defaults to None.
get_attributes_by_relation(object_relation)

Returns the list of attributes with the given object relation in the object

has_attributes_by_relation(list_of_relations)

True if all the relations in the list are defined in the object

items() → a set-like object providing a view on D's items
jsonable()

This method is used by the JSON encoder

keys() → a set-like object providing a view on D's keys
pop(k[, d]) → v, remove specified key and return the corresponding value.

If key is not found, d is returned if given, otherwise KeyError is raised.

popitem() → (k, v), remove and return some (key, value) pair

as a 2-tuple; but raise KeyError if D is empty.

properties

All the class public properties that will be dumped in the dictionary, and the JSON export. Note: all the properties starting with a _ (private), or listed in __not_jsonable will be skipped.

set_not_jsonable(*args)

Set __not_jsonable to a new list

setdefault(k[, d]) → D.get(k,d), also set D[k]=d if k not in D
update([E, ]**F) → None. Update D from mapping/iterable E and F.

If E present and has a .keys() method, does: for k in E: D[k] = E[k] If E present and lacks .keys() method, does: for (k, v) in E: D[k] = v In either case, this is followed by: for k, v in F.items(): D[k] = v

update_not_jsonable(*args)

Add entries to the __not_jsonable list

values() → an object providing a view on D's values
class pymisp.tools.ELFSectionObject(section, standalone=True, **kwargs)[source]
add_attribute(object_relation, **value)

Add an attribute. object_relation is required and the value key is a dictionary with all the keys supported by MISPAttribute

add_reference(referenced_uuid, relationship_type, comment=None, **kwargs)

Add a link (uuid) to an other object

clear() → None. Remove all items from D.
edited

Recursively check if an object has been edited and update the flag accordingly to the parent objects

from_json(json_string)

Load a JSON string

get(k[, d]) → D[k] if k in D, else d. d defaults to None.
get_attributes_by_relation(object_relation)

Returns the list of attributes with the given object relation in the object

has_attributes_by_relation(list_of_relations)

True if all the relations in the list are defined in the object

items() → a set-like object providing a view on D's items
jsonable()

This method is used by the JSON encoder

keys() → a set-like object providing a view on D's keys
pop(k[, d]) → v, remove specified key and return the corresponding value.

If key is not found, d is returned if given, otherwise KeyError is raised.

popitem() → (k, v), remove and return some (key, value) pair

as a 2-tuple; but raise KeyError if D is empty.

properties

All the class public properties that will be dumped in the dictionary, and the JSON export. Note: all the properties starting with a _ (private), or listed in __not_jsonable will be skipped.

set_not_jsonable(*args)

Set __not_jsonable to a new list

setdefault(k[, d]) → D.get(k,d), also set D[k]=d if k not in D
update([E, ]**F) → None. Update D from mapping/iterable E and F.

If E present and has a .keys() method, does: for k in E: D[k] = E[k] If E present and lacks .keys() method, does: for (k, v) in E: D[k] = v In either case, this is followed by: for k, v in F.items(): D[k] = v

update_not_jsonable(*args)

Add entries to the __not_jsonable list

values() → an object providing a view on D's values

PE Object

class pymisp.tools.PEObject(parsed=None, filepath=None, pseudofile=None, standalone=True, **kwargs)[source]
add_attribute(object_relation, **value)

Add an attribute. object_relation is required and the value key is a dictionary with all the keys supported by MISPAttribute

add_reference(referenced_uuid, relationship_type, comment=None, **kwargs)

Add a link (uuid) to an other object

clear() → None. Remove all items from D.
edited

Recursively check if an object has been edited and update the flag accordingly to the parent objects

from_json(json_string)

Load a JSON string

get(k[, d]) → D[k] if k in D, else d. d defaults to None.
get_attributes_by_relation(object_relation)

Returns the list of attributes with the given object relation in the object

has_attributes_by_relation(list_of_relations)

True if all the relations in the list are defined in the object

items() → a set-like object providing a view on D's items
jsonable()

This method is used by the JSON encoder

keys() → a set-like object providing a view on D's keys
pop(k[, d]) → v, remove specified key and return the corresponding value.

If key is not found, d is returned if given, otherwise KeyError is raised.

popitem() → (k, v), remove and return some (key, value) pair

as a 2-tuple; but raise KeyError if D is empty.

properties

All the class public properties that will be dumped in the dictionary, and the JSON export. Note: all the properties starting with a _ (private), or listed in __not_jsonable will be skipped.

set_not_jsonable(*args)

Set __not_jsonable to a new list

setdefault(k[, d]) → D.get(k,d), also set D[k]=d if k not in D
update([E, ]**F) → None. Update D from mapping/iterable E and F.

If E present and has a .keys() method, does: for k in E: D[k] = E[k] If E present and lacks .keys() method, does: for (k, v) in E: D[k] = v In either case, this is followed by: for k, v in F.items(): D[k] = v

update_not_jsonable(*args)

Add entries to the __not_jsonable list

values() → an object providing a view on D's values
class pymisp.tools.PESectionObject(section, standalone=True, **kwargs)[source]
add_attribute(object_relation, **value)

Add an attribute. object_relation is required and the value key is a dictionary with all the keys supported by MISPAttribute

add_reference(referenced_uuid, relationship_type, comment=None, **kwargs)

Add a link (uuid) to an other object

clear() → None. Remove all items from D.
edited

Recursively check if an object has been edited and update the flag accordingly to the parent objects

from_json(json_string)

Load a JSON string

get(k[, d]) → D[k] if k in D, else d. d defaults to None.
get_attributes_by_relation(object_relation)

Returns the list of attributes with the given object relation in the object

has_attributes_by_relation(list_of_relations)

True if all the relations in the list are defined in the object

items() → a set-like object providing a view on D's items
jsonable()

This method is used by the JSON encoder

keys() → a set-like object providing a view on D's keys
pop(k[, d]) → v, remove specified key and return the corresponding value.

If key is not found, d is returned if given, otherwise KeyError is raised.

popitem() → (k, v), remove and return some (key, value) pair

as a 2-tuple; but raise KeyError if D is empty.

properties

All the class public properties that will be dumped in the dictionary, and the JSON export. Note: all the properties starting with a _ (private), or listed in __not_jsonable will be skipped.

set_not_jsonable(*args)

Set __not_jsonable to a new list

setdefault(k[, d]) → D.get(k,d), also set D[k]=d if k not in D
update([E, ]**F) → None. Update D from mapping/iterable E and F.

If E present and has a .keys() method, does: for k in E: D[k] = E[k] If E present and lacks .keys() method, does: for (k, v) in E: D[k] = v In either case, this is followed by: for k, v in F.items(): D[k] = v

update_not_jsonable(*args)

Add entries to the __not_jsonable list

values() → an object providing a view on D's values

Mach-O Object

class pymisp.tools.MachOObject(parsed=None, filepath=None, pseudofile=None, standalone=True, **kwargs)[source]
add_attribute(object_relation, **value)

Add an attribute. object_relation is required and the value key is a dictionary with all the keys supported by MISPAttribute

add_reference(referenced_uuid, relationship_type, comment=None, **kwargs)

Add a link (uuid) to an other object

clear() → None. Remove all items from D.
edited

Recursively check if an object has been edited and update the flag accordingly to the parent objects

from_json(json_string)

Load a JSON string

get(k[, d]) → D[k] if k in D, else d. d defaults to None.
get_attributes_by_relation(object_relation)

Returns the list of attributes with the given object relation in the object

has_attributes_by_relation(list_of_relations)

True if all the relations in the list are defined in the object

items() → a set-like object providing a view on D's items
jsonable()

This method is used by the JSON encoder

keys() → a set-like object providing a view on D's keys
pop(k[, d]) → v, remove specified key and return the corresponding value.

If key is not found, d is returned if given, otherwise KeyError is raised.

popitem() → (k, v), remove and return some (key, value) pair

as a 2-tuple; but raise KeyError if D is empty.

properties

All the class public properties that will be dumped in the dictionary, and the JSON export. Note: all the properties starting with a _ (private), or listed in __not_jsonable will be skipped.

set_not_jsonable(*args)

Set __not_jsonable to a new list

setdefault(k[, d]) → D.get(k,d), also set D[k]=d if k not in D
update([E, ]**F) → None. Update D from mapping/iterable E and F.

If E present and has a .keys() method, does: for k in E: D[k] = E[k] If E present and lacks .keys() method, does: for (k, v) in E: D[k] = v In either case, this is followed by: for k, v in F.items(): D[k] = v

update_not_jsonable(*args)

Add entries to the __not_jsonable list

values() → an object providing a view on D's values
class pymisp.tools.MachOSectionObject(section, standalone=True, **kwargs)[source]
add_attribute(object_relation, **value)

Add an attribute. object_relation is required and the value key is a dictionary with all the keys supported by MISPAttribute

add_reference(referenced_uuid, relationship_type, comment=None, **kwargs)

Add a link (uuid) to an other object

clear() → None. Remove all items from D.
edited

Recursively check if an object has been edited and update the flag accordingly to the parent objects

from_json(json_string)

Load a JSON string

get(k[, d]) → D[k] if k in D, else d. d defaults to None.
get_attributes_by_relation(object_relation)

Returns the list of attributes with the given object relation in the object

has_attributes_by_relation(list_of_relations)

True if all the relations in the list are defined in the object

items() → a set-like object providing a view on D's items
jsonable()

This method is used by the JSON encoder

keys() → a set-like object providing a view on D's keys
pop(k[, d]) → v, remove specified key and return the corresponding value.

If key is not found, d is returned if given, otherwise KeyError is raised.

popitem() → (k, v), remove and return some (key, value) pair

as a 2-tuple; but raise KeyError if D is empty.

properties

All the class public properties that will be dumped in the dictionary, and the JSON export. Note: all the properties starting with a _ (private), or listed in __not_jsonable will be skipped.

set_not_jsonable(*args)

Set __not_jsonable to a new list

setdefault(k[, d]) → D.get(k,d), also set D[k]=d if k not in D
update([E, ]**F) → None. Update D from mapping/iterable E and F.

If E present and has a .keys() method, does: for k in E: D[k] = E[k] If E present and lacks .keys() method, does: for (k, v) in E: D[k] = v In either case, this is followed by: for k, v in F.items(): D[k] = v

update_not_jsonable(*args)

Add entries to the __not_jsonable list

values() → an object providing a view on D's values

VT Report Object

class pymisp.tools.VTReportObject(apikey, indicator, vt_proxies=None, standalone=True, **kwargs)[source]

VirusTotal Report

Apikey:VirusTotal API key (private works, but only public features are supported right now)
Indicator:IOC to search VirusTotal for
add_attribute(object_relation, **value)

Add an attribute. object_relation is required and the value key is a dictionary with all the keys supported by MISPAttribute

add_reference(referenced_uuid, relationship_type, comment=None, **kwargs)

Add a link (uuid) to an other object

clear() → None. Remove all items from D.
edited

Recursively check if an object has been edited and update the flag accordingly to the parent objects

from_json(json_string)

Load a JSON string

generate_attributes()[source]

Parse the VirusTotal report for relevant attributes

get(k[, d]) → D[k] if k in D, else d. d defaults to None.
get_attributes_by_relation(object_relation)

Returns the list of attributes with the given object relation in the object

has_attributes_by_relation(list_of_relations)

True if all the relations in the list are defined in the object

items() → a set-like object providing a view on D's items
jsonable()

This method is used by the JSON encoder

keys() → a set-like object providing a view on D's keys
pop(k[, d]) → v, remove specified key and return the corresponding value.

If key is not found, d is returned if given, otherwise KeyError is raised.

popitem() → (k, v), remove and return some (key, value) pair

as a 2-tuple; but raise KeyError if D is empty.

properties

All the class public properties that will be dumped in the dictionary, and the JSON export. Note: all the properties starting with a _ (private), or listed in __not_jsonable will be skipped.

set_not_jsonable(*args)

Set __not_jsonable to a new list

setdefault(k[, d]) → D.get(k,d), also set D[k]=d if k not in D
update([E, ]**F) → None. Update D from mapping/iterable E and F.

If E present and has a .keys() method, does: for k in E: D[k] = E[k] If E present and lacks .keys() method, does: for (k, v) in E: D[k] = v In either case, this is followed by: for k, v in F.items(): D[k] = v

update_not_jsonable(*args)

Add entries to the __not_jsonable list

values() → an object providing a view on D's values

STIX

pymisp.tools.stix.load_stix(stix, distribution=3, threat_level_id=2, analysis=0)[source]

Returns a MISPEvent object from a STIX package

pymisp.tools.stix.make_stix_package(misp_event, to_json=False, to_xml=False)[source]

Returns a STIXPackage from a MISPEvent.

Optionally can return the package in json or xml.

OpenIOC

tools.load_openioc(openioc)
tools.load_openioc_file(openioc_path)