pymisp - Classes¶
PyMISP¶
- class pymisp.PyMISP(url, key, ssl=True, debug=False, proxies=None, cert=None, auth=None, tool='', timeout=None, http_headers=None)[source]¶
Python API for MISP
- Parameters:
url (
str) – URL of the MISP instance you want to connect tokey (
str) – API key of the user you want to usessl (
bool) – can be True or False (to check or to not check the validity of the certificate. Or a CA_BUNDLE in case of self signed or other certificate (the concatenation of all the crt of the chain)debug (
bool) – Write all the debug information to stderrproxies (
Optional[MutableMapping[str,str]]) – Proxy dict, as described here: http://docs.python-requests.org/en/master/user/advanced/#proxiescert (
Union[str,Tuple[str,str],None]) – Client certificate, as described here: http://docs.python-requests.org/en/master/user/advanced/#client-side-certificatesauth (
Optional[AuthBase]) – The auth parameter is passed directly to requests, as described here: http://docs.python-requests.org/en/master/user/authentication/tool (
str) – The software using PyMISP (string), used to set a unique user-agenthttp_headers (
Optional[Dict[str,str]]) – Arbitrary headers to pass to all the requests.timeout (
Union[float,Tuple[float,float],None]) – Timeout, as described here: https://requests.readthedocs.io/en/master/user/advanced/#timeouts
- accept_attribute_proposal(proposal)[source]¶
Accept a proposal. You cannot modify an existing proposal, only accept/discard
- accept_user_registration(registration, organisation=None, role=None, perm_sync=False, perm_publish=False, perm_admin=False, unsafe_fallback=False)[source]¶
Accept a user registration
- Parameters:
registration (
Union[MISPInbox,int,str,UUID]) – the registration to acceptorganisation (
Union[MISPOrganisation,int,str,UUID,None]) – user organizationperm_sync (
bool) – indicator for syncperm_publish (
bool) – indicator for publishperm_admin (
bool) – indicator for adminunsafe_fallback (
bool) – indicator for unsafe fallback
- add_attribute(event, attribute, pythonify=False, break_on_duplicate=True)[source]¶
Add an attribute to an existing MISP event: https://www.misp-project.org/openapi/#tag/Attributes/operation/addAttribute
- Parameters:
attribute (
Union[MISPAttribute,Iterable]) – attribute or (MISP version 2.4.113+) list of attributes to add. If a list is passed, the pythonified response is a dict with the following structure: {‘attributes’: [MISPAttribute], ‘errors’: {errors by attributes}}pythonify (
bool) – Returns a PyMISP Object instead of the plain json outputbreak_on_duplicate (
bool) – if False, do not fail if the attribute already exists, updates existing attribute instead (timestamp will be always updated)
- Return type:
- add_attribute_proposal(event, attribute, pythonify=False)[source]¶
Propose a new attribute in an event
- Parameters:
- Return type:
- add_correlation_exclusion(correlation_exclusion, pythonify=False)[source]¶
Add a new correlation exclusion
- add_event(event, pythonify=False, metadata=False)[source]¶
Add a new event on a MISP instance: https://www.misp-project.org/openapi/#tag/Events/operation/addEvent
- add_event_blocklist(uuids, comment=None, event_info=None, event_orgc=None)[source]¶
Add a new event in the blocklist
- add_event_report(event, event_report, pythonify=False)[source]¶
Add an event report to an existing MISP event
- add_feed(feed, pythonify=False)[source]¶
Add a new feed on a MISP instance: https://www.misp-project.org/openapi/#tag/Feeds/operation/addFeed
- add_galaxy_cluster(galaxy, galaxy_cluster, pythonify=False)[source]¶
Add a new galaxy cluster to a MISP Galaxy: https://www.misp-project.org/openapi/#tag/Galaxy-Clusters/operation/addGalaxyCluster
- Parameters:
- Return type:
- add_galaxy_cluster_relation(galaxy_cluster_relation)[source]¶
Add a galaxy cluster relation, cluster relation must include cluster UUIDs in both directions
- Parameters:
galaxy_cluster_relation (
MISPGalaxyClusterRelation) – The MISPGalaxyClusterRelation to add- Return type:
- add_object(event, misp_object, pythonify=False, break_on_duplicate=False)[source]¶
Add a MISP Object to an existing MISP event: https://www.misp-project.org/openapi/#tag/Objects/operation/addObject
- Parameters:
misp_object (
MISPObject) – object to addpythonify (
bool) – Returns a PyMISP Object instead of the plain json outputbreak_on_duplicate (
bool) – if True, check and reject if this object’s attributes match an existing object’s attributes; may require much time
- Return type:
- add_object_reference(misp_object_reference, pythonify=False)[source]¶
Add a reference to an object
- Parameters:
misp_object_reference (
MISPObjectReference) – object referencepythonify (
bool) – Returns a PyMISP Object instead of the plain json output
- Return type:
- add_org_to_sharing_group(sharing_group, organisation, extend=False)[source]¶
Add an organisation to a sharing group: https://www.misp-project.org/openapi/#tag/Sharing-Groups/operation/addOrganisationToSharingGroup
- Parameters:
sharing_group (
Union[MISPSharingGroup,int,str,UUID]) – Sharing group’s local instance ID, or Sharing group’s global UUIDorganisation (
Union[MISPOrganisation,int,str,UUID]) – Organisation’s local instance ID, or Organisation’s global UUID, or Organisation’s name as known to the curent instanceextend (
bool) – Allow the organisation to extend the group
- Return type:
- add_organisation(organisation, pythonify=False)[source]¶
Add an organisation: https://www.misp-project.org/openapi/#tag/Organisations/operation/addOrganisation
- Parameters:
organisation (
MISPOrganisation) – organization to addpythonify (
bool) – Returns a PyMISP Object instead of the plain json output
- Return type:
- add_organisation_blocklist(uuids, comment=None, org_name=None)[source]¶
Add a new organisation in the blocklist
- add_server(server, pythonify=False)[source]¶
Add a server to synchronise with: https://www.misp-project.org/openapi/#tag/Servers/operation/getServers Note: You probably want to use PyMISP.get_sync_config and PyMISP.import_server instead
- Parameters:
server (
MISPServer) – sync server configpythonify (
bool) – Returns a PyMISP Object instead of the plain json output
- Return type:
- add_server_to_sharing_group(sharing_group, server, all_orgs=False)[source]¶
Add a server to a sharing group: https://www.misp-project.org/openapi/#tag/Sharing-Groups/operation/addServerToSharingGroup
- Parameters:
sharing_group (
Union[MISPSharingGroup,int,str,UUID]) – Sharing group’s local instance ID, or Sharing group’s global UUIDserver (
Union[MISPServer,int,str,UUID]) – Server’s local instance ID, or URL of the Server, or Server’s name as known to the curent instanceall_orgs (
bool) – Add all the organisations of the server to the group
- Return type:
- add_sharing_group(sharing_group, pythonify=False)[source]¶
Add a new sharing group: https://www.misp-project.org/openapi/#tag/Sharing-Groups/operation/addSharingGroup
- Parameters:
sharing_group (
MISPSharingGroup) – sharing group to addpythonify (
bool) – Returns a PyMISP Object instead of the plain json output
- Return type:
- add_sighting(sighting, attribute=None, pythonify=False)[source]¶
Add a new sighting (globally, or to a specific attribute): https://www.misp-project.org/openapi/#tag/Sightings/operation/addSighting and https://www.misp-project.org/openapi/#tag/Sightings/operation/getSightingsByEventId
- Parameters:
sighting (
MISPSighting) – sighting to addattribute (
Union[MISPAttribute,int,str,UUID,None]) – specific attribute to modify with the sightingpythonify (
bool) – Returns a PyMISP Object instead of the plain json output
- Return type:
- add_tag(tag, pythonify=False)[source]¶
Add a new tag on a MISP instance: https://www.misp-project.org/openapi/#tag/Tags/operation/addTag The user calling this method needs the Tag Editor permission. It doesn’t add a tag to an event, simply creates it on the MISP instance.
- add_user(user, pythonify=False)[source]¶
Add a new user: https://www.misp-project.org/openapi/#tag/Users/operation/addUser
- attributes(pythonify=False)[source]¶
Get all the attributes from the MISP instance: https://www.misp-project.org/openapi/#tag/Attributes/operation/getAttributes
- Parameters:
pythonify (
bool) – Returns a list of PyMISP Objects instead of the plain json output. Warning: it might use a lot of RAM- Return type:
- attributes_statistics(context='type', percentage=False)[source]¶
Get attribute statistics from the MISP instance
- build_complex_query(or_parameters=None, and_parameters=None, not_parameters=None)[source]¶
Build a complex search query. MISP expects a dictionary with AND, OR and NOT keys.
- cache_all_feeds()[source]¶
Cache all the feeds: https://www.misp-project.org/openapi/#tag/Feeds/operation/cacheFeeds
- Return type:
- cache_feed(feed)[source]¶
Cache a specific feed by id: https://www.misp-project.org/openapi/#tag/Feeds/operation/cacheFeeds
- change_sharing_group_on_entity(misp_entity, sharing_group_id, pythonify=False)[source]¶
Change the sharing group of an event, an attribute, or an object
- Parameters:
misp_entity (
Union[MISPEvent,MISPAttribute,MISPObject]) – entity to changesharing_group_id – group to change
pythonify (
bool) – Returns a PyMISP Object instead of the plain json output
- Return type:
Union[Dict,MISPEvent,MISPObject,MISPAttribute,MISPShadowAttribute]
- delegate_event(event=None, organisation=None, event_delegation=None, distribution=-1, message='', pythonify=False)[source]¶
Delegate an event. Either event and organisation OR event_delegation are required
- Parameters:
event (
Union[MISPEvent,int,str,UUID,None]) – event to delegateorganisation (
Union[MISPOrganisation,int,str,UUID,None]) – organizationevent_delegation (
Optional[MISPEventDelegation]) – event delegationdistribution (
int) – distribution == -1 means recipient decidesmessage (
str) – messagepythonify (
bool) – Returns a PyMISP Object instead of the plain json output
- Return type:
- delete_attribute(attribute, hard=False)[source]¶
Delete an attribute from a MISP instance: https://www.misp-project.org/openapi/#tag/Attributes/operation/deleteAttribute
- delete_event(event)[source]¶
Delete an event from a MISP instance: https://www.misp-project.org/openapi/#tag/Events/operation/deleteEvent
- delete_event_blocklist(event_blocklist)[source]¶
Delete a blocklisted event by id
- Parameters:
event_blocklist (
Union[MISPEventBlocklist,str,UUID]) – event block list to delete- Return type:
- delete_galaxy_cluster(galaxy_cluster, hard=False)[source]¶
Deletes a galaxy cluster from MISP: https://www.misp-project.org/openapi/#tag/Galaxy-Clusters/operation/deleteGalaxyCluster
- delete_object(misp_object, hard=False)[source]¶
Delete an object from a MISP instance: https://www.misp-project.org/openapi/#tag/Objects/operation/deleteObject
- delete_object_reference(object_reference, hard=False)[source]¶
Delete a reference to an object.
- Return type:
- delete_organisation(organisation)[source]¶
Delete an organisation by id: https://www.misp-project.org/openapi/#tag/Organisations/operation/deleteOrganisation
- delete_organisation_blocklist(organisation_blocklist)[source]¶
Delete a blocklisted organisation by id
- Parameters:
organisation_blocklist (
Union[MISPOrganisationBlocklist,str,UUID]) – organization block list to delete- Return type:
- delete_server(server)[source]¶
Delete a sync server: https://www.misp-project.org/openapi/#tag/Servers/operation/getServers
- delete_sharing_group(sharing_group)[source]¶
Delete a sharing group: https://www.misp-project.org/openapi/#tag/Sharing-Groups/operation/deleteSharingGroup
- delete_sighting(sighting)[source]¶
Delete a sighting from a MISP instance: https://www.misp-project.org/openapi/#tag/Sightings/operation/deleteSighting
- delete_tag(tag)[source]¶
Delete a tag from a MISP instance: https://www.misp-project.org/openapi/#tag/Tags/operation/deleteTag
- delete_user(user)[source]¶
Delete a user by id: https://www.misp-project.org/openapi/#tag/Users/operation/deleteUser
- delete_user_setting(user_setting, user=None)[source]¶
Delete a user setting: https://www.misp-project.org/openapi/#tag/UserSettings/operation/deleteUserSettingById
- property describe_types_remote: Dict¶
Returns the content of describe types from the remote instance
- direct_call(url, data=None, params={}, kw_params={})[source]¶
Very lightweight call that posts a data blob (python dictionary or json string) on the URL
- disable_feed(feed, pythonify=False)[source]¶
Disable a feed: https://www.misp-project.org/openapi/#tag/Feeds/operation/disableFeed
- disable_taxonomy(taxonomy)[source]¶
Disable a taxonomy: https://www.misp-project.org/openapi/#tag/Taxonomies/operation/disableTaxonomy
- discard_attribute_proposal(proposal)[source]¶
Discard a proposal. You cannot modify an existing proposal, only accept/discard
- enable_feed(feed, pythonify=False)[source]¶
Enable a feed; fetching it will create event(s): https://www.misp-project.org/openapi/#tag/Feeds/operation/enableFeed
- enable_noticelist(noticelist)[source]¶
Enable a noticelist by id: https://www.misp-project.org/openapi/#tag/Noticelists/operation/toggleEnableNoticelist
- enable_taxonomy(taxonomy)[source]¶
Enable a taxonomy: https://www.misp-project.org/openapi/#tag/Taxonomies/operation/enableTaxonomy
- enable_taxonomy_tags(taxonomy)[source]¶
Enable all the tags of a taxonomy. NOTE: this is automatically done when you call enable_taxonomy
- event_blocklists(pythonify=False)[source]¶
Get all the blocklisted events
- Parameters:
pythonify (
bool) – Returns a list of PyMISP Objects instead of the plain json output. Warning: it might use a lot of RAM- Return type:
- event_delegations(pythonify=False)[source]¶
Get all the event delegations
- Parameters:
pythonify (
bool) – Returns a list of PyMISP Objects instead of the plain json output. Warning: it might use a lot of RAM- Return type:
- events(pythonify=False)[source]¶
Get all the events from the MISP instance: https://www.misp-project.org/openapi/#tag/Events/operation/getEvents
- feeds(pythonify=False)[source]¶
Get the list of existing feeds: https://www.misp-project.org/openapi/#tag/Feeds/operation/getFeeds
- fetch_feed(feed)[source]¶
Fetch one single feed by id: https://www.misp-project.org/openapi/#tag/Feeds/operation/fetchFromFeed
- fork_galaxy_cluster(galaxy, galaxy_cluster, pythonify=False)[source]¶
Forks an existing galaxy cluster, creating a new one with matching attributes
- Parameters:
- Return type:
- freetext(event, string, adhereToWarninglists=False, distribution=None, returnMetaAttributes=False, pythonify=False, **kwargs)[source]¶
Pass a text to the freetext importer
- galaxies(withCluster=False, pythonify=False)[source]¶
Get all the galaxies: https://www.misp-project.org/openapi/#tag/Galaxies/operation/getGalaxies
- get_all_functions(not_implemented=False)[source]¶
Get all methods available via the API, including ones that are not implemented.
- get_attribute(attribute, pythonify=False)[source]¶
Get an attribute from a MISP instance: https://www.misp-project.org/openapi/#tag/Attributes/operation/getAttributeById
- Parameters:
- Return type:
- get_attribute_proposal(proposal, pythonify=False)[source]¶
Get an attribute proposal
- Parameters:
- Return type:
- get_correlation_exclusion(correlation_exclusion, pythonify=False)[source]¶
Get a correlation exclusion by ID
- get_event(event, deleted=False, extended=False, pythonify=False)[source]¶
Get an event from a MISP instance. Includes collections like Attribute, EventReport, Feed, Galaxy, Object, Tag, etc. so the response size may be large : https://www.misp-project.org/openapi/#tag/Events/operation/getEventById
- get_event_reports(event_id, pythonify=False)[source]¶
Get event report from a MISP instance that are attached to an event ID
- get_feed(feed, pythonify=False)[source]¶
Get a feed by id: https://www.misp-project.org/openapi/#tag/Feeds/operation/getFeedById
- get_galaxy(galaxy, withCluster=False, pythonify=False)[source]¶
Get a galaxy by id: https://www.misp-project.org/openapi/#tag/Galaxies/operation/getGalaxyById
- get_new_authkey(user='me')[source]¶
Get a new authorization key for a specific user, defaults to user doing the call: https://www.misp-project.org/openapi/#tag/AuthKeys/operation/addAuthKey
- get_noticelist(noticelist, pythonify=False)[source]¶
Get a noticelist by id: https://www.misp-project.org/openapi/#tag/Noticelists/operation/getNoticelistById
- Parameters:
notistlist – Noticelist to get
pythonify (
bool) – Returns a PyMISP Object instead of the plain json output
- Return type:
- get_object(misp_object, pythonify=False)[source]¶
Get an object from the remote MISP instance: https://www.misp-project.org/openapi/#tag/Objects/operation/getObjectById
- Parameters:
- Return type:
- get_object_template(object_template, pythonify=False)[source]¶
Gets the full object template
- Parameters:
- Return type:
- get_organisation(organisation, pythonify=False)[source]¶
Get an organisation by id: https://www.misp-project.org/openapi/#tag/Organisations/operation/getOrganisationById
- Parameters:
- Return type:
- get_raw_object_template(uuid_or_name)[source]¶
Get a row template. It needs to be present on disk on the MISP instance you’re connected to. The response of this method can be passed to MISPObject(<name>, misp_objects_template_custom=<response>)
- Return type:
- get_sharing_group(sharing_group, pythonify=False)[source]¶
Get a sharing group: https://www.misp-project.org/openapi/#tag/Sharing-Groups/operation/getSharingGroupById
- Parameters:
- Return type:
- get_sync_config(pythonify=False)[source]¶
Get the sync server config. WARNING: This method only works if the user calling it is a sync user
- Parameters:
pythonify (
bool) – Returns a PyMISP Object instead of the plain json output- Return type:
- get_tag(tag, pythonify=False)[source]¶
Get a tag by id: https://www.misp-project.org/openapi/#tag/Tags/operation/getTagById
- get_taxonomy(taxonomy, pythonify=False)[source]¶
Get a taxonomy by id or namespace from a MISP instance: https://www.misp-project.org/openapi/#tag/Taxonomies/operation/getTaxonomyById
- Parameters:
- Return type:
- get_user(user='me', pythonify=False, expanded=False)[source]¶
Get a user by id: https://www.misp-project.org/openapi/#tag/Users/operation/getUsers
- get_user_setting(user_setting, user=None, pythonify=False)[source]¶
Get a user setting: https://www.misp-project.org/openapi/#tag/UserSettings/operation/getUserSettingById
- get_warninglist(warninglist, pythonify=False)[source]¶
Get a warninglist by id: https://www.misp-project.org/openapi/#tag/Warninglists/operation/getWarninglistById
- Parameters:
- Return type:
- import_server(server, pythonify=False)[source]¶
Import a sync server config received from get_sync_config
- Parameters:
server (
MISPServer) – sync server configpythonify (
bool) – Returns a PyMISP Object instead of the plain json output
- Return type:
- noticelists(pythonify=False)[source]¶
Get all the noticelists: https://www.misp-project.org/openapi/#tag/Noticelists/operation/getNoticelists
- Parameters:
pythonify (
bool) – Returns a list of PyMISP Objects instead of the plain json output. Warning: it might use a lot of RAM- Return type:
- object_templates(pythonify=False)[source]¶
Get all the object templates
- Parameters:
pythonify (
bool) – Returns a list of PyMISP Objects instead of the plain json output. Warning: it might use a lot of RAM- Return type:
- organisation_blocklists(pythonify=False)[source]¶
Get all the blocklisted organisations
- Parameters:
pythonify (
bool) – Returns a list of PyMISP Objects instead of the plain json output. Warning: it might use a lot of RAM- Return type:
- organisations(scope='local', search=None, pythonify=False)[source]¶
Get all the organisations: https://www.misp-project.org/openapi/#tag/Organisations/operation/getOrganisations
- publish(event, alert=False)[source]¶
Publish the event with one single HTTP POST: https://www.misp-project.org/openapi/#tag/Events/operation/publishEvent
- publish_galaxy_cluster(galaxy_cluster)[source]¶
Publishes a galaxy cluster: https://www.misp-project.org/openapi/#tag/Galaxy-Clusters/operation/publishGalaxyCluster
- remote_acl(debug_type='findMissingFunctionNames')[source]¶
This should return an empty list, unless the ACL is outdated.
- remove_org_from_sharing_group(sharing_group, organisation)[source]¶
Remove an organisation from a sharing group: https://www.misp-project.org/openapi/#tag/Sharing-Groups/operation/removeOrganisationFromSharingGroup
- Parameters:
sharing_group (
Union[MISPSharingGroup,int,str,UUID]) – Sharing group’s local instance ID, or Sharing group’s global UUIDorganisation (
Union[MISPOrganisation,int,str,UUID]) – Organisation’s local instance ID, or Organisation’s global UUID, or Organisation’s name as known to the curent instance
- Return type:
- remove_server_from_sharing_group(sharing_group, server)[source]¶
Remove a server from a sharing group: https://www.misp-project.org/openapi/#tag/Sharing-Groups/operation/removeServerFromSharingGroup
- request_community_access(community, requestor_email_address=None, requestor_gpg_key=None, requestor_organisation_name=None, requestor_organisation_uuid=None, requestor_organisation_description=None, message=None, sync=False, anonymise_requestor_server=False, mock=False)[source]¶
Request the access to a community
- Parameters:
community (
Union[MISPCommunity,int,str,UUID]) – community to request accessrequestor_organisation_name (
Optional[str]) – requestor org namerequestor_organisation_uuid (
Optional[str]) – requestor org IDrequestor_organisation_description (
Optional[str]) – requestor org descsync (
bool) – synchronize flaganonymise_requestor_server (
bool) – anonymise flagmock (
bool) – mock flag
- Return type:
- restore_attribute(attribute, pythonify=False)[source]¶
Restore a soft deleted attribute from a MISP instance: https://www.misp-project.org/openapi/#tag/Attributes/operation/restoreAttribute
- Parameters:
attribute (
Union[MISPAttribute,int,str,UUID]) – attribute to restore- Return type:
- search(controller='events', return_format='json', limit=None, page=None, value=None, type_attribute=None, category=None, org=None, tags=None, event_tags=None, quick_filter=None, quickFilter=None, date_from=None, date_to=None, eventid=None, with_attachments=None, withAttachments=None, metadata=None, uuid=None, publish_timestamp=None, last=None, timestamp=None, published=None, enforce_warninglist=None, enforceWarninglist=None, to_ids=None, deleted=None, include_event_uuid=None, includeEventUuid=None, include_event_tags=None, includeEventTags=None, event_timestamp=None, sg_reference_only=None, eventinfo=None, searchall=None, requested_attributes=None, include_context=None, includeContext=None, headerless=None, include_sightings=None, includeSightings=None, include_correlations=None, includeCorrelations=None, include_decay_score=None, includeDecayScore=None, object_name=None, exclude_decayed=None, sharinggroup=None, pythonify=False, **kwargs)[source]¶
Search in the MISP instance
- Parameters:
controller (
str) –Controller to search on, it can be events, objects, attributes. The response will either be a list of events, objects, or attributes. Reference documentation for each controller:
return_format (
str) – Set the return format of the search (Currently supported: json, xml, openioc, suricata, snort - more formats are being moved to restSearch with the goal being that all searches happen through this API). Can be passed as the first parameter after restSearch or via the JSON payload.limit (
Optional[int]) – Limit the number of results returned, depending on the scope (for example 10 attributes or 10 full events).page (
Optional[int]) – If a limit is set, sets the page to be returned. page 3, limit 100 will return records 201->300).value (
Optional[TypeVar(SearchParameterTypes,str,List[Union[str,int]],Dict[str,Union[str,int]])]) – Search for the given value in the attributes’ value field.type_attribute (
Optional[TypeVar(SearchParameterTypes,str,List[Union[str,int]],Dict[str,Union[str,int]])]) – The attribute type, any valid MISP attribute type is accepted.category (
Optional[TypeVar(SearchParameterTypes,str,List[Union[str,int]],Dict[str,Union[str,int]])]) – The attribute category, any valid MISP attribute category is accepted.org (
Optional[TypeVar(SearchParameterTypes,str,List[Union[str,int]],Dict[str,Union[str,int]])]) – Search by the creator organisation by supplying the organisation identifier.tags (
Optional[TypeVar(SearchParameterTypes,str,List[Union[str,int]],Dict[str,Union[str,int]])]) – Tags to search or to exclude. You can pass a list, or the output of build_complex_queryevent_tags (
Optional[TypeVar(SearchParameterTypes,str,List[Union[str,int]],Dict[str,Union[str,int]])]) – Tags to search or to exclude at the event level. You can pass a list, or the output of build_complex_queryquick_filter (
Optional[str]) – The string passed to this field will ignore all of the other arguments. MISP will return an xml / json (depending on the header sent) of all events that have a sub-string match on value in the event info, event orgc, or any of the attribute value1 / value2 fields, or in the attribute comment.date_from (
Union[datetime,date,int,str,float,None]) – Events with the date set to a date after the one specified. This filter will use the date of the event.date_to (
Union[datetime,date,int,str,float,None]) – Events with the date set to a date before the one specified. This filter will use the date of the event.eventid (
Optional[TypeVar(SearchType,str,int)]) – The events that should be included / excluded from the searchwith_attachments (
Optional[bool]) – If set, encodes the attachments / zipped malware samples as base64 in the data field within each attributemetadata (
Optional[bool]) – Only the metadata (event, tags, relations) is returned, attributes and proposals are omitted.publish_timestamp (
Union[datetime,date,int,str,float,None,Tuple[Union[datetime,date,int,str,float,None],Union[datetime,date,int,str,float,None]]]) – Restrict the results by the last publish timestamp (newer than).timestamp (
Union[datetime,date,int,str,float,None,Tuple[Union[datetime,date,int,str,float,None],Union[datetime,date,int,str,float,None]]]) – Restrict the results by the timestamp (last edit). Any event with a timestamp newer than the given timestamp will be returned. In case you are dealing with /attributes as scope, the attribute’s timestamp will be used for the lookup. The input can be a timestamp or a short-hand time description (7d or 24h for example). You can also pass a list with two values to set a time range (for example [“14d”, “7d”]).published (
Optional[bool]) – Set whether published or unpublished events should be returned. Do not set the parameter if you want both.enforce_warninglist (
Optional[bool]) – Remove any attributes from the result that would cause a hit on a warninglist entry.to_ids (
Union[TypeVar(ToIDSType,str,int,bool),List[TypeVar(ToIDSType,str,int,bool)],None]) – By default all attributes are returned that match the other filter parameters, regardless of their to_ids setting. To restrict the returned data set to to_ids only attributes set this parameter to 1. 0 for the ones with to_ids set to False.deleted (
Optional[str]) – If this parameter is set to 1, it will only return soft-deleted attributes. [“0”, “1”] will return the active ones as well as the soft-deleted ones.include_event_uuid (
Optional[bool]) – Instead of just including the event ID, also include the event UUID in each of the attributes.include_event_tags (
Optional[bool]) – Include the event level tags in each of the attributes.event_timestamp (
Union[datetime,date,int,str,float,None]) – Only return attributes from events that have received a modification after the given timestamp.sg_reference_only (
Optional[bool]) – If this flag is set, sharing group objects will not be included, instead only the sharing group ID is set.eventinfo (
Optional[str]) – Filter on the event’s info field.searchall (
Optional[bool]) – Search for a full or a substring (delimited by % for substrings) in the event info, event tags, attribute tags, attribute values or attribute comment fields.requested_attributes (
Optional[str]) – [CSV only] Select the fields that you wish to include in the CSV export. By setting event level fields additionally, includeContext is not required to get event metadata.include_context (
Optional[bool]) – [Attribute only] Include the event data with each attribute. [CSV output] Add event level metadata in every line of the CSV.headerless (
Optional[bool]) – [CSV Only] The CSV created when this setting is set to true will not contain the header row.include_sightings (
Optional[bool]) – [JSON Only - Attribute] Include the sightings of the matching attributes.include_decay_score (
Optional[bool]) – Include the decay score at attribute level.include_correlations (
Optional[bool]) – [JSON Only - attribute] Include the correlations of the matching attributes.object_name (
Optional[str]) – [objects controller only] Search for objects with that nameexclude_decayed (
Optional[bool]) – [attributes controller only] Exclude the decayed attributes from the responsesharinggroup (
Union[int,List[int],None]) – Filter by sharing group ID(s)pythonify (
Optional[bool]) – Returns a list of PyMISP Objects instead of the plain json output. Warning: it might use a lot of RAM
- Return type:
Union[Dict,str,List[Union[MISPEvent,MISPAttribute,MISPObject]]]
Deprecated:
- Parameters:
withAttachments (
Optional[bool]) – synonym for with_attachmentslast (
Union[datetime,date,int,str,float,None,Tuple[Union[datetime,date,int,str,float,None],Union[datetime,date,int,str,float,None]]]) – synonym for publish_timestampenforceWarninglist (
Optional[bool]) – synonym for enforce_warninglistincludeEventUuid (
Optional[bool]) – synonym for include_event_uuidincludeEventTags (
Optional[bool]) – synonym for include_event_tagsincludeContext (
Optional[bool]) – synonym for include_context
- search_galaxy(value, withCluster=False, pythonify=False)[source]¶
Text search to find a matching galaxy name, namespace, description, or uuid.
- search_galaxy_clusters(galaxy, context='all', searchall=None, pythonify=False)[source]¶
Searches the galaxy clusters within a specific galaxy: https://www.misp-project.org/openapi/#tag/Galaxy-Clusters/operation/getGalaxyClusters and https://www.misp-project.org/openapi/#tag/Galaxy-Clusters/operation/getGalaxyClusterById
- Parameters:
galaxy (
Union[MISPGalaxy,int,str,UUID]) – The MISPGalaxy you wish to search incontext (
str) – The context of how you want to search within the galaxy_searchall (
Optional[str]) – The search you want to make against the galaxy and contextpythonify (
bool) – Returns a PyMISP Object instead of the plain json output
- Return type:
- search_index(all=None, attribute=None, email=None, published=None, hasproposal=None, eventid=None, tags=None, date_from=None, date_to=None, eventinfo=None, threatlevel=None, distribution=None, analysis=None, org=None, timestamp=None, publish_timestamp=None, sharinggroup=None, minimal=None, sort=None, desc=None, limit=None, page=None, pythonify=None)[source]¶
Search event metadata shown on the event index page. Using ! in front of a value means NOT, except for parameters date_from, date_to and timestamp which cannot be negated. Criteria are AND-ed together; values in lists are OR-ed together. Return matching events with metadata but no attributes or objects; also see minimal parameter.
- Parameters:
all (
Optional[str]) – Search for a full or a substring (delimited by % for substrings) in the event info, event tags, attribute tags, attribute values or attribute comment fields.published (
Optional[bool]) – Set whether published or unpublished events should be returned. Do not set the parameter if you want both.hasproposal (
Optional[bool]) – Filter for events containing proposal(s).eventid (
Optional[TypeVar(SearchType,str,int)]) – The events that should be included / excluded from the searchtags (
Optional[TypeVar(SearchParameterTypes,str,List[Union[str,int]],Dict[str,Union[str,int]])]) – Tags to search or to exclude. You can pass a list, or the output of build_complex_querydate_from (
Union[datetime,date,int,str,float,None]) – Events with the date set to a date after the one specified. This filter will use the date of the event.date_to (
Union[datetime,date,int,str,float,None]) – Events with the date set to a date before the one specified. This filter will use the date of the event.eventinfo (
Optional[str]) – Filter on the event’s info field.threatlevel (
Optional[List[TypeVar(SearchType,str,int)]]) – Threat level(s) (1,2,3,4) | listdistribution (
Optional[List[TypeVar(SearchType,str,int)]]) – Distribution level(s) (0,1,2,3) | listanalysis (
Optional[List[TypeVar(SearchType,str,int)]]) – Analysis level(s) (0,1,2) | listorg (
Optional[TypeVar(SearchParameterTypes,str,List[Union[str,int]],Dict[str,Union[str,int]])]) – Search by the creator organisation by supplying the organisation identifier.timestamp (
Union[datetime,date,int,str,float,None,Tuple[Union[datetime,date,int,str,float,None],Union[datetime,date,int,str,float,None]]]) – Restrict the results by the timestamp (last edit). Any event with a timestamp newer than the given timestamp will be returned. In case you are dealing with /attributes as scope, the attribute’s timestamp will be used for the lookup.publish_timestamp (
Union[datetime,date,int,str,float,None,Tuple[Union[datetime,date,int,str,float,None],Union[datetime,date,int,str,float,None]]]) – Filter on event’s publish timestamp.sharinggroup (
Optional[List[TypeVar(SearchType,str,int)]]) – Restrict by a sharing group | listminimal (
Optional[bool]) – Return only event ID, UUID, timestamp, sighting_timestamp and published.sort (
Optional[str]) – The field to sort the events by, such as ‘id’, ‘date’, ‘attribute_count’.desc (
Optional[bool]) – Whether to sort events ascending (default) or descending.page (
Optional[int]) – If a limit is set, sets the page to be returned. page 3, limit 100 will return records 201->300).pythonify (
Optional[bool]) – Returns a list of PyMISP Objects instead of the plain json output. Warning: it might use a lot of RAM
- Return type:
- search_logs(limit=None, page=None, log_id=None, title=None, created=None, model=None, action=None, user_id=None, change=None, email=None, org=None, description=None, ip=None, pythonify=False)[source]¶
Search in logs
Note: to run substring queries simply append/prepend/encapsulate the search term with %
- Parameters:
limit (
Optional[int]) – Limit the number of results returned, depending on the scope (for example 10 attributes or 10 full events).page (
Optional[int]) – If a limit is set, sets the page to be returned. page 3, limit 100 will return records 201->300).created (
Union[datetime,date,int,str,float,None]) – Creation timestampmodel (
Optional[str]) – Model name that generated the log entryorg (
Optional[str]) – Organisation of the User doing the actionip (
Optional[str]) – Origination IP of the User doing the actionpythonify (
Optional[bool]) – Returns a list of PyMISP Objects instead of the plain json output. Warning: it might use a lot of RAM
- Return type:
- search_sightings(context=None, context_id=None, type_sighting=None, date_from=None, date_to=None, publish_timestamp=None, last=None, org=None, source=None, include_attribute=None, include_event_meta=None, pythonify=False)[source]¶
Search sightings
- Parameters:
context (
Optional[str]) – The context of the search. Can be either “attribute”, “event”, or nothing (will then match on events and attributes).context_id (
Optional[TypeVar(SearchType,str,int)]) – Only relevant if context is either “attribute” or “event”. Then it is the relevant ID.date_from (
Union[datetime,date,int,str,float,None]) – Events with the date set to a date after the one specified. This filter will use the date of the event.date_to (
Union[datetime,date,int,str,float,None]) – Events with the date set to a date before the one specified. This filter will use the date of the event.publish_timestamp (
Union[datetime,date,int,str,float,None,Tuple[Union[datetime,date,int,str,float,None],Union[datetime,date,int,str,float,None]]]) – Restrict the results by the last publish timestamp (newer than).org (
Optional[TypeVar(SearchType,str,int)]) – Search by the creator organisation by supplying the organisation identifier.include_event_meta (
Optional[bool]) – Include the meta information of the event.
- Return type:
Union[Dict,List[Dict[str,Union[MISPEvent,MISPAttribute,MISPSighting]]]]
Deprecated:
- Parameters:
last (
Union[datetime,date,int,str,float,None,Tuple[Union[datetime,date,int,str,float,None],Union[datetime,date,int,str,float,None]]]) – synonym for publish_timestamp- Example:
>>> misp.search_sightings(publish_timestamp='30d') # search sightings for the last 30 days on the instance [ ... ] >>> misp.search_sightings(context='attribute', context_id=6, include_attribute=True) # return list of sighting for attribute 6 along with the attribute itself [ ... ] >>> misp.search_sightings(context='event', context_id=17, include_event_meta=True, org=2) # return list of sighting for event 17 filtered with org id 2
- search_tags(tagname, strict_tagname=False, pythonify=False)[source]¶
Search for tags by name: https://www.misp-project.org/openapi/#tag/Tags/operation/searchTag
- server_pull(server, event=None)[source]¶
Initialize a pull from a sync server, optionally limited to one event: https://www.misp-project.org/openapi/#tag/Servers/operation/pullServer
- server_push(server, event=None)[source]¶
Initialize a push to a sync server, optionally limited to one event: https://www.misp-project.org/openapi/#tag/Servers/operation/pushServer
- servers(pythonify=False)[source]¶
Get the existing servers the MISP instance can synchronise with: https://www.misp-project.org/openapi/#tag/Servers/operation/getServers
- Parameters:
pythonify (
bool) – Returns a list of PyMISP Objects instead of the plain json output. Warning: it might use a lot of RAM- Return type:
Union[Dict,List[MISPServer]]
- set_user_setting(user_setting, value, user=None, pythonify=False)[source]¶
Set a user setting: https://www.misp-project.org/openapi/#tag/UserSettings/operation/setUserSetting
- sharing_groups(pythonify=False)[source]¶
Get the existing sharing groups: https://www.misp-project.org/openapi/#tag/Sharing-Groups/operation/getSharingGroup
- Parameters:
pythonify (
bool) – Returns a list of PyMISP Objects instead of the plain json output. Warning: it might use a lot of RAM- Return type:
- sightings(misp_entity=None, org=None, pythonify=False)[source]¶
Get the list of sightings related to a MISPEvent or a MISPAttribute (depending on type of misp_entity): https://www.misp-project.org/openapi/#tag/Sightings/operation/getSightingsByEventId
- Parameters:
misp_entity (
Optional[AbstractMISP]) – MISP entityorg (
Union[MISPOrganisation,int,str,UUID,None]) – MISP organizationpythonify (
bool) – Returns a list of PyMISP Objects instead of the plain json output. Warning: it might use a lot of RAM
- Return type:
- tags(pythonify=False, **kw_params)[source]¶
Get the list of existing tags: https://www.misp-project.org/openapi/#tag/Tags/operation/getTags
- tags_statistics(percentage=False, name_sort=False)[source]¶
Get tag statistics from the MISP instance
- taxonomies(pythonify=False)[source]¶
Get all the taxonomies: https://www.misp-project.org/openapi/#tag/Taxonomies/operation/getTaxonomies
- Parameters:
pythonify (
bool) – Returns a list of PyMISP Objects instead of the plain json output. Warning: it might use a lot of RAM- Return type:
- toggle_warninglist(warninglist_id=None, warninglist_name=None, force_enable=False)[source]¶
Toggle (enable/disable) the status of a warninglist by id: https://www.misp-project.org/openapi/#tag/Warninglists/operation/toggleEnableWarninglist
- unpublish(event)[source]¶
Unpublish the event with one single HTTP POST: https://www.misp-project.org/openapi/#tag/Events/operation/unpublishEvent
- update_attribute(attribute, attribute_id=None, pythonify=False)[source]¶
Update an attribute on a MISP instance: https://www.misp-project.org/openapi/#tag/Attributes/operation/editAttribute
- Parameters:
attribute (
MISPAttribute) – attribute to updatepythonify (
bool) – Returns a PyMISP Object instead of the plain json output
- Return type:
- update_attribute_proposal(initial_attribute, attribute, pythonify=False)[source]¶
Propose a change for an attribute
- Parameters:
initial_attribute (
Union[MISPAttribute,int,str,UUID]) – attribute to changeattribute (
MISPAttribute) – attribute to proposepythonify (
bool) – Returns a PyMISP Object instead of the plain json output
- Return type:
- update_event(event, event_id=None, pythonify=False, metadata=False)[source]¶
Update an event on a MISP instance: https://www.misp-project.org/openapi/#tag/Events/operation/editEvent
- update_event_blocklist(event_blocklist, event_blocklist_id=None, pythonify=False)[source]¶
Update an event in the blocklist
- Parameters:
- Return type:
- update_event_report(event_report, event_report_id=None, pythonify=False)[source]¶
Update an event report on a MISP instance
- update_galaxies()[source]¶
Update all the galaxies: https://www.misp-project.org/openapi/#tag/Galaxies/operation/updateGalaxies
- Return type:
- update_galaxy_cluster(galaxy_cluster, pythonify=False)[source]¶
Update a custom galaxy cluster: https://www.misp-project.org/openapi/#tag/Galaxy-Clusters/operation/editGalaxyCluster
;param galaxy_cluster: The MISPGalaxyCluster you wish to update :type pythonify:
bool:param pythonify: Returns a PyMISP Object instead of the plain json output
- update_galaxy_cluster_relation(galaxy_cluster_relation)[source]¶
Update a galaxy cluster relation
- Parameters:
galaxy_cluster_relation (
MISPGalaxyClusterRelation) – The MISPGalaxyClusterRelation to update- Return type:
- update_noticelists()[source]¶
Update all the noticelists: https://www.misp-project.org/openapi/#tag/Noticelists/operation/updateNoticelists
- Return type:
- update_object(misp_object, object_id=None, pythonify=False)[source]¶
Update an object on a MISP instance
- Parameters:
misp_object (
MISPObject) – object to updatepythonify (
bool) – Returns a PyMISP Object instead of the plain json output
- Return type:
- update_organisation(organisation, organisation_id=None, pythonify=False)[source]¶
Update an organisation: https://www.misp-project.org/openapi/#tag/Organisations/operation/editOrganisation
- Parameters:
organisation (
MISPOrganisation) – organization to updatepythonify (
bool) – Returns a PyMISP Object instead of the plain json output
- Return type:
- update_organisation_blocklist(organisation_blocklist, organisation_blocklist_id=None, pythonify=False)[source]¶
Update an organisation in the blocklist
- Parameters:
- Return type:
- update_server(server, server_id=None, pythonify=False)[source]¶
Update a server to synchronise with: https://www.misp-project.org/openapi/#tag/Servers/operation/getServers
- Parameters:
server (
MISPServer) – sync server configpythonify (
bool) – Returns a PyMISP Object instead of the plain json output
- Return type:
- update_sharing_group(sharing_group, sharing_group_id=None, pythonify=False)[source]¶
Update sharing group parameters: https://www.misp-project.org/openapi/#tag/Sharing-Groups/operation/editSharingGroup :rtype:
Union[Dict,MISPSharingGroup]- Parameters:
sharing_group (
Union[MISPSharingGroup,dict]) – MISP Sharing Group
:param sharing_group_id Sharing group ID :type pythonify:
bool:param pythonify: Returns a PyMISP Object instead of the plain json output
- update_tag(tag, tag_id=None, pythonify=False)[source]¶
Edit only the provided parameters of a tag: https://www.misp-project.org/openapi/#tag/Tags/operation/editTag
- update_taxonomies()[source]¶
Update all the taxonomies: https://www.misp-project.org/openapi/#tag/Taxonomies/operation/updateTaxonomies
- Return type:
- update_user(user, user_id=None, pythonify=False)[source]¶
Update a user on a MISP instance: https://www.misp-project.org/openapi/#tag/Users/operation/editUser
- update_warninglists()[source]¶
Update all the warninglists: https://www.misp-project.org/openapi/#tag/Warninglists/operation/updateWarninglists
- Return type:
- user_settings(pythonify=False)[source]¶
Get all the user settings: https://www.misp-project.org/openapi/#tag/UserSettings/operation/getUserSettings
- Parameters:
pythonify (
bool) – Returns a list of PyMISP Objects instead of the plain json output. Warning: it might use a lot of RAM- Return type:
- users(search=None, organisation=None, pythonify=False)[source]¶
Get all the users, or a filtered set of users: https://www.misp-project.org/openapi/#tag/Users/operation/getUsers
- Parameters:
- Return type:
- warninglists(pythonify=False)[source]¶
Get all the warninglists: https://www.misp-project.org/openapi/#tag/Warninglists/operation/getWarninglists
- Parameters:
pythonify (
bool) – Returns a list of PyMISP Objects instead of the plain json output. Warning: it might use a lot of RAM- Return type:
MISPAbstract¶
- class pymisp.AbstractMISP(**kwargs)[source]¶
- property edited: bool¶
Recursively check if an object has been edited and update the flag accordingly to the parent objects
- from_dict(**kwargs)[source]¶
Loading all the parameters as class properties, if they aren’t None. This method aims to be called when all the properties requiring a special treatment are processed. Note: This method is used when you initialize an object with existing data so by default, the class is flaged as not edited.
- Return type:
- to_dict(json_format=False)[source]¶
Dump the class to a dictionary. This method automatically removes the timestamp recursively in every object that has been edited is order to let MISP update the event accordingly.
- Return type:
MISPEncode¶
- class pymisp.MISPEncode(*args, **kwargs)[source]¶
- default(obj)[source]¶
Implement this method in a subclass such that it returns a serializable object for
o, or calls the base implementation (to raise aTypeError).For example, to support arbitrary iterators, you could implement default like this:
def default(self, o): try: iterable = iter(o) except TypeError: pass else: return list(iterable) # Let the base class default method raise the TypeError return JSONEncoder.default(self, o)
MISPEvent¶
- class pymisp.MISPEvent(describe_types=None, strict_validation=False, **kwargs)[source]¶
- add_attribute(type, value, **kwargs)[source]¶
Add an attribute. type and value are required but you can pass all other parameters supported by MISPAttribute
- Return type:
- add_attribute_tag(tag, attribute_identifier)[source]¶
Add a tag to an existing attribute. Raise an Exception if the attribute doesn’t exist.
- add_event_report(name, content, **kwargs)[source]¶
Add an event report. name and value are requred but you can pass all other parameters supported by MISPEventReport
- Return type:
MISPEventReport
- add_galaxy(galaxy=None, **kwargs)[source]¶
Add a galaxy and sub-clusters into an event, either by passing a MISPGalaxy or a dictionary. Supports all other parameters supported by MISPGalaxy
- Return type:
MISPGalaxy
- add_object(obj=None, **kwargs)[source]¶
Add an object to the Event, either by passing a MISPObject, or a dictionary
- Return type:
- add_shadow_attribute(shadow_attribute=None, **kwargs)[source]¶
Add a tag to the attribute (by name or a MISPTag object)
- Return type:
- clear() None. Remove all items from D.¶
- delete_attribute(attribute_id)[source]¶
Delete an attribute
- Parameters:
attribute_id (
str) – ID or UUID
- property edited: bool¶
Recursively check if an object has been edited and update the flag accordingly to the parent objects
- from_dict(**kwargs)[source]¶
Loading all the parameters as class properties, if they aren’t None. This method aims to be called when all the properties requiring a special treatment are processed. Note: This method is used when you initialize an object with existing data so by default, the class is flaged as not edited.
- get(k[, d]) D[k] if k in D, else d. d defaults to None.¶
- get_attribute_tag(attribute_identifier)[source]¶
Return the tags associated to an attribute or an object attribute.
- get_object_by_id(object_id)[source]¶
Get an object by ID
- get_object_by_uuid(object_uuid)[source]¶
Get an object by UUID
- Parameters:
object_uuid (
str) – the UUID is set by the server when creating the new object- Return type:
- get_objects_by_name(object_name)[source]¶
Get objects by name
- Parameters:
object_name (
str) – name is set by the server when creating the new object- Return type:
- items() a set-like object providing a view on D's items¶
- keys() a set-like object providing a view on D's keys¶
- load(json_event, validate=False, metadata_only=False)[source]¶
Load a JSON dump from a pseudo file or a JSON string
- load_file(event_path, validate=False, metadata_only=False)[source]¶
Load a JSON dump from a file on the disk
- pop(k[, d]) v, remove specified key and return the corresponding value.¶
If key is not found, d is returned if given, otherwise KeyError is raised.
- popitem() (k, v), remove and return some (key, value) pair¶
as a 2-tuple; but raise KeyError if D is empty.
- setdefault(k[, d]) D.get(k,d), also set D[k]=d if k not in D¶
- to_dict(json_format=False)[source]¶
Dump the class to a dictionary. This method automatically removes the timestamp recursively in every object that has been edited is order to let MISP update the event accordingly.
- Return type:
- to_feed(valid_distributions=[0, 1, 2, 3, 4, 5], with_meta=False, with_distribution=False, with_local_tags=True, with_event_reports=True)[source]¶
Generate a json output for MISP Feed.
- Parameters:
valid_distributions (
List[int]) – only makes sense if the distribution key is set; i.e., the event is exported from a MISP instance.with_distribution – exports distribution and Sharing Group info; otherwise all SharingGroup information is discarded (protecting privacy)
with_local_tags (
bool) – tag export includes local exportable tags along with global exportable tagswith_event_reports (
bool) – include event reports in the returned MISP event
- Return type:
- to_json(sort_keys=False, indent=None)¶
Dump recursively any class of type MISPAbstract to a json string
- Return type:
- update([E, ]**F) None. Update D from mapping/iterable E and F.¶
If E present and has a .keys() method, does: for k in E: D[k] = E[k] If E present and lacks .keys() method, does: for (k, v) in E: D[k] = v In either case, this is followed by: for k, v in F.items(): D[k] = v
- values() an object providing a view on D's values¶
MISPEventBlocklist¶
- class pymisp.MISPEventBlocklist(**kwargs)[source]¶
- clear() None. Remove all items from D.¶
- property edited: bool¶
Recursively check if an object has been edited and update the flag accordingly to the parent objects
- from_dict(**kwargs)[source]¶
Loading all the parameters as class properties, if they aren’t None. This method aims to be called when all the properties requiring a special treatment are processed. Note: This method is used when you initialize an object with existing data so by default, the class is flaged as not edited.
- get(k[, d]) D[k] if k in D, else d. d defaults to None.¶
- items() a set-like object providing a view on D's items¶
- keys() a set-like object providing a view on D's keys¶
- pop(k[, d]) v, remove specified key and return the corresponding value.¶
If key is not found, d is returned if given, otherwise KeyError is raised.
- popitem() (k, v), remove and return some (key, value) pair¶
as a 2-tuple; but raise KeyError if D is empty.
- setdefault(k[, d]) D.get(k,d), also set D[k]=d if k not in D¶
- to_dict(json_format=False)¶
Dump the class to a dictionary. This method automatically removes the timestamp recursively in every object that has been edited is order to let MISP update the event accordingly.
- Return type:
- to_json(sort_keys=False, indent=None)¶
Dump recursively any class of type MISPAbstract to a json string
- Return type:
- update([E, ]**F) None. Update D from mapping/iterable E and F.¶
If E present and has a .keys() method, does: for k in E: D[k] = E[k] If E present and lacks .keys() method, does: for (k, v) in E: D[k] = v In either case, this is followed by: for k, v in F.items(): D[k] = v
- values() an object providing a view on D's values¶
MISPEventDelegation¶
- class pymisp.MISPEventDelegation(**kwargs)[source]¶
- clear() None. Remove all items from D.¶
- property edited: bool¶
Recursively check if an object has been edited and update the flag accordingly to the parent objects
- from_dict(**kwargs)[source]¶
Loading all the parameters as class properties, if they aren’t None. This method aims to be called when all the properties requiring a special treatment are processed. Note: This method is used when you initialize an object with existing data so by default, the class is flaged as not edited.
- get(k[, d]) D[k] if k in D, else d. d defaults to None.¶
- items() a set-like object providing a view on D's items¶
- keys() a set-like object providing a view on D's keys¶
- pop(k[, d]) v, remove specified key and return the corresponding value.¶
If key is not found, d is returned if given, otherwise KeyError is raised.
- popitem() (k, v), remove and return some (key, value) pair¶
as a 2-tuple; but raise KeyError if D is empty.
- setdefault(k[, d]) D.get(k,d), also set D[k]=d if k not in D¶
- to_dict(json_format=False)¶
Dump the class to a dictionary. This method automatically removes the timestamp recursively in every object that has been edited is order to let MISP update the event accordingly.
- Return type:
- to_json(sort_keys=False, indent=None)¶
Dump recursively any class of type MISPAbstract to a json string
- Return type:
- update([E, ]**F) None. Update D from mapping/iterable E and F.¶
If E present and has a .keys() method, does: for k in E: D[k] = E[k] If E present and lacks .keys() method, does: for (k, v) in E: D[k] = v In either case, this is followed by: for k, v in F.items(): D[k] = v
- values() an object providing a view on D's values¶
MISPAttribute¶
- class pymisp.MISPAttribute(describe_types=None, strict=False)[source]¶
- add_galaxy(galaxy=None, **kwargs)[source]¶
Add a galaxy to the Attribute, either by passing a MISPGalaxy or a dictionary
- Return type:
MISPGalaxy
- add_shadow_attribute(shadow_attribute=None, **kwargs)[source]¶
Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
- Return type:
- add_sighting(sighting=None, **kwargs)[source]¶
Add a sighting to the attribute (by name or a MISPSighting object)
- Return type:
- clear() None. Remove all items from D.¶
- property edited: bool¶
Recursively check if an object has been edited and update the flag accordingly to the parent objects
- from_dict(**kwargs)[source]¶
Loading all the parameters as class properties, if they aren’t None. This method aims to be called when all the properties requiring a special treatment are processed. Note: This method is used when you initialize an object with existing data so by default, the class is flaged as not edited.
- get(k[, d]) D[k] if k in D, else d. d defaults to None.¶
- items() a set-like object providing a view on D's items¶
- keys() a set-like object providing a view on D's keys¶
- property malware_binary: BytesIO | None¶
Returns a BytesIO of the malware, if the attribute has one. Decrypts, unpacks and caches the binary on the first invocation, which may require some time for large attachments (~1s/MB).
- pop(k[, d]) v, remove specified key and return the corresponding value.¶
If key is not found, d is returned if given, otherwise KeyError is raised.
- popitem() (k, v), remove and return some (key, value) pair¶
as a 2-tuple; but raise KeyError if D is empty.
- setdefault(k[, d]) D.get(k,d), also set D[k]=d if k not in D¶
- to_dict(json_format=False)[source]¶
Dump the class to a dictionary. This method automatically removes the timestamp recursively in every object that has been edited is order to let MISP update the event accordingly.
- Return type:
- to_json(sort_keys=False, indent=None)¶
Dump recursively any class of type MISPAbstract to a json string
- Return type:
- update([E, ]**F) None. Update D from mapping/iterable E and F.¶
If E present and has a .keys() method, does: for k in E: D[k] = E[k] If E present and lacks .keys() method, does: for (k, v) in E: D[k] = v In either case, this is followed by: for k, v in F.items(): D[k] = v
- values() an object providing a view on D's values¶
MISPObject¶
- class pymisp.MISPObject(name, strict=False, standalone=True, default_attributes_parameters={}, **kwargs)[source]¶
- add_attribute(object_relation, simple_value=None, **value)[source]¶
Add an attribute. :type object_relation:
str:param object_relation: The object relation of the attribute you’re adding to the object :type simple_value:Union[str,int,float,None] :param simple_value: The value :type value: :param value: dictionary with all the keys supported by MISPAttribute- Return type:
- Note: as long as PyMISP knows about the object template, only the object_relation and the simple_value are required.
If PyMISP doesn’t know the template, you also must pass a type. All the other options that can be passed along when creating an attribute (comment, IDS flag, …) will be either taked out of the template, or out of the default setting for the type as defined on the MISP instance.
- add_attributes(object_relation, *attributes)[source]¶
Add multiple attributes with the same object_relation. Helper for object_relation when multiple is True in the template. It is the same as calling multiple times add_attribute with the same object_relation.
- Return type:
- add_reference(referenced_uuid, relationship_type, comment=None, **kwargs)[source]¶
Add a link (uuid) to another object
- Return type:
- clear() None. Remove all items from D.¶
- property edited: bool¶
Recursively check if an object has been edited and update the flag accordingly to the parent objects
- from_dict(**kwargs)[source]¶
Loading all the parameters as class properties, if they aren’t None. This method aims to be called when all the properties requiring a special treatment are processed. Note: This method is used when you initialize an object with existing data so by default, the class is flaged as not edited.
- get(k[, d]) D[k] if k in D, else d. d defaults to None.¶
- get_attributes_by_relation(object_relation)[source]¶
Returns the list of attributes with the given object relation in the object
- Return type:
- has_attributes_by_relation(list_of_relations)[source]¶
True if all the relations in the list are defined in the object
- Return type:
- items() a set-like object providing a view on D's items¶
- keys() a set-like object providing a view on D's keys¶
- pop(k[, d]) v, remove specified key and return the corresponding value.¶
If key is not found, d is returned if given, otherwise KeyError is raised.
- popitem() (k, v), remove and return some (key, value) pair¶
as a 2-tuple; but raise KeyError if D is empty.
- setdefault(k[, d]) D.get(k,d), also set D[k]=d if k not in D¶
- to_dict(json_format=False, strict=False)[source]¶
Dump the class to a dictionary. This method automatically removes the timestamp recursively in every object that has been edited is order to let MISP update the event accordingly.
- Return type:
- to_json(sort_keys=False, indent=None, strict=False)[source]¶
Dump recursively any class of type MISPAbstract to a json string
- update([E, ]**F) None. Update D from mapping/iterable E and F.¶
If E present and has a .keys() method, does: for k in E: D[k] = E[k] If E present and lacks .keys() method, does: for (k, v) in E: D[k] = v In either case, this is followed by: for k, v in F.items(): D[k] = v
- values() an object providing a view on D's values¶
MISPObjectAttribute¶
- class pymisp.MISPObjectAttribute(definition)[source]¶
- add_galaxy(galaxy=None, **kwargs)¶
Add a galaxy to the Attribute, either by passing a MISPGalaxy or a dictionary
- Return type:
MISPGalaxy
- add_proposal(shadow_attribute=None, **kwargs)¶
Alias for add_shadow_attribute
- Return type:
- add_shadow_attribute(shadow_attribute=None, **kwargs)¶
Add a shadow attribute to the attribute (by name or a MISPShadowAttribute object)
- Return type:
- add_sighting(sighting=None, **kwargs)¶
Add a sighting to the attribute (by name or a MISPSighting object)
- Return type:
- clear() None. Remove all items from D.¶
- delete()¶
Mark the attribute as deleted (soft delete)
- property edited: bool¶
Recursively check if an object has been edited and update the flag accordingly to the parent objects
- from_dict(object_relation, value, **kwargs)[source]¶
Loading all the parameters as class properties, if they aren’t None. This method aims to be called when all the properties requiring a special treatment are processed. Note: This method is used when you initialize an object with existing data so by default, the class is flaged as not edited.
- get(k[, d]) D[k] if k in D, else d. d defaults to None.¶
- hash_values(algorithm='sha512')¶
Compute the hash of every value for fast lookups
- items() a set-like object providing a view on D's items¶
- keys() a set-like object providing a view on D's keys¶
- property malware_binary: BytesIO | None¶
Returns a BytesIO of the malware, if the attribute has one. Decrypts, unpacks and caches the binary on the first invocation, which may require some time for large attachments (~1s/MB).
- pop(k[, d]) v, remove specified key and return the corresponding value.¶
If key is not found, d is returned if given, otherwise KeyError is raised.
- popitem() (k, v), remove and return some (key, value) pair¶
as a 2-tuple; but raise KeyError if D is empty.
- setdefault(k[, d]) D.get(k,d), also set D[k]=d if k not in D¶
- to_dict(json_format=False)¶
Dump the class to a dictionary. This method automatically removes the timestamp recursively in every object that has been edited is order to let MISP update the event accordingly.
- Return type:
- to_json(sort_keys=False, indent=None)¶
Dump recursively any class of type MISPAbstract to a json string
- Return type:
- update([E, ]**F) None. Update D from mapping/iterable E and F.¶
If E present and has a .keys() method, does: for k in E: D[k] = E[k] If E present and lacks .keys() method, does: for (k, v) in E: D[k] = v In either case, this is followed by: for k, v in F.items(): D[k] = v
- values() an object providing a view on D's values¶
MISPObjectReference¶
- class pymisp.MISPObjectReference[source]¶
- clear() None. Remove all items from D.¶
- property edited: bool¶
Recursively check if an object has been edited and update the flag accordingly to the parent objects
- from_dict(**kwargs)[source]¶
Loading all the parameters as class properties, if they aren’t None. This method aims to be called when all the properties requiring a special treatment are processed. Note: This method is used when you initialize an object with existing data so by default, the class is flaged as not edited.
- get(k[, d]) D[k] if k in D, else d. d defaults to None.¶
- items() a set-like object providing a view on D's items¶
- keys() a set-like object providing a view on D's keys¶
- pop(k[, d]) v, remove specified key and return the corresponding value.¶
If key is not found, d is returned if given, otherwise KeyError is raised.
- popitem() (k, v), remove and return some (key, value) pair¶
as a 2-tuple; but raise KeyError if D is empty.
- setdefault(k[, d]) D.get(k,d), also set D[k]=d if k not in D¶
- to_dict(json_format=False)¶
Dump the class to a dictionary. This method automatically removes the timestamp recursively in every object that has been edited is order to let MISP update the event accordingly.
- Return type:
- to_json(sort_keys=False, indent=None)¶
Dump recursively any class of type MISPAbstract to a json string
- Return type:
- update([E, ]**F) None. Update D from mapping/iterable E and F.¶
If E present and has a .keys() method, does: for k in E: D[k] = E[k] If E present and lacks .keys() method, does: for (k, v) in E: D[k] = v In either case, this is followed by: for k, v in F.items(): D[k] = v
- values() an object providing a view on D's values¶
MISPObjectTemplate¶
- class pymisp.MISPObjectTemplate(**kwargs)[source]¶
- clear() None. Remove all items from D.¶
- property edited: bool¶
Recursively check if an object has been edited and update the flag accordingly to the parent objects
- from_dict(**kwargs)[source]¶
Loading all the parameters as class properties, if they aren’t None. This method aims to be called when all the properties requiring a special treatment are processed. Note: This method is used when you initialize an object with existing data so by default, the class is flaged as not edited.
- get(k[, d]) D[k] if k in D, else d. d defaults to None.¶
- items() a set-like object providing a view on D's items¶
- keys() a set-like object providing a view on D's keys¶
- pop(k[, d]) v, remove specified key and return the corresponding value.¶
If key is not found, d is returned if given, otherwise KeyError is raised.
- popitem() (k, v), remove and return some (key, value) pair¶
as a 2-tuple; but raise KeyError if D is empty.
- setdefault(k[, d]) D.get(k,d), also set D[k]=d if k not in D¶
- to_dict(json_format=False)¶
Dump the class to a dictionary. This method automatically removes the timestamp recursively in every object that has been edited is order to let MISP update the event accordingly.
- Return type:
- to_json(sort_keys=False, indent=None)¶
Dump recursively any class of type MISPAbstract to a json string
- Return type:
- update([E, ]**F) None. Update D from mapping/iterable E and F.¶
If E present and has a .keys() method, does: for k in E: D[k] = E[k] If E present and lacks .keys() method, does: for (k, v) in E: D[k] = v In either case, this is followed by: for k, v in F.items(): D[k] = v
- values() an object providing a view on D's values¶
MISPTag¶
- class pymisp.MISPTag(**kwargs)[source]¶
- clear() None. Remove all items from D.¶
- property edited: bool¶
Recursively check if an object has been edited and update the flag accordingly to the parent objects
- from_dict(**kwargs)[source]¶
Loading all the parameters as class properties, if they aren’t None. This method aims to be called when all the properties requiring a special treatment are processed. Note: This method is used when you initialize an object with existing data so by default, the class is flaged as not edited.
- get(k[, d]) D[k] if k in D, else d. d defaults to None.¶
- items() a set-like object providing a view on D's items¶
- keys() a set-like object providing a view on D's keys¶
- pop(k[, d]) v, remove specified key and return the corresponding value.¶
If key is not found, d is returned if given, otherwise KeyError is raised.
- popitem() (k, v), remove and return some (key, value) pair¶
as a 2-tuple; but raise KeyError if D is empty.
- setdefault(k[, d]) D.get(k,d), also set D[k]=d if k not in D¶
- to_dict(json_format=False)¶
Dump the class to a dictionary. This method automatically removes the timestamp recursively in every object that has been edited is order to let MISP update the event accordingly.
- Return type:
- to_json(sort_keys=False, indent=None)¶
Dump recursively any class of type MISPAbstract to a json string
- Return type:
- update([E, ]**F) None. Update D from mapping/iterable E and F.¶
If E present and has a .keys() method, does: for k in E: D[k] = E[k] If E present and lacks .keys() method, does: for (k, v) in E: D[k] = v In either case, this is followed by: for k, v in F.items(): D[k] = v
- values() an object providing a view on D's values¶
MISPUser¶
- class pymisp.MISPUser(**kwargs)[source]¶
- clear() None. Remove all items from D.¶
- property edited: bool¶
Recursively check if an object has been edited and update the flag accordingly to the parent objects
- from_dict(**kwargs)[source]¶
Loading all the parameters as class properties, if they aren’t None. This method aims to be called when all the properties requiring a special treatment are processed. Note: This method is used when you initialize an object with existing data so by default, the class is flaged as not edited.
- get(k[, d]) D[k] if k in D, else d. d defaults to None.¶
- items() a set-like object providing a view on D's items¶
- keys() a set-like object providing a view on D's keys¶
- pop(k[, d]) v, remove specified key and return the corresponding value.¶
If key is not found, d is returned if given, otherwise KeyError is raised.
- popitem() (k, v), remove and return some (key, value) pair¶
as a 2-tuple; but raise KeyError if D is empty.
- setdefault(k[, d]) D.get(k,d), also set D[k]=d if k not in D¶
- to_dict(json_format=False)¶
Dump the class to a dictionary. This method automatically removes the timestamp recursively in every object that has been edited is order to let MISP update the event accordingly.
- Return type:
- to_json(sort_keys=False, indent=None)¶
Dump recursively any class of type MISPAbstract to a json string
- Return type:
- update([E, ]**F) None. Update D from mapping/iterable E and F.¶
If E present and has a .keys() method, does: for k in E: D[k] = E[k] If E present and lacks .keys() method, does: for (k, v) in E: D[k] = v In either case, this is followed by: for k, v in F.items(): D[k] = v
- values() an object providing a view on D's values¶
MISPUserSetting¶
- class pymisp.MISPUserSetting(**kwargs)[source]¶
- clear() None. Remove all items from D.¶
- property edited: bool¶
Recursively check if an object has been edited and update the flag accordingly to the parent objects
- from_dict(**kwargs)[source]¶
Loading all the parameters as class properties, if they aren’t None. This method aims to be called when all the properties requiring a special treatment are processed. Note: This method is used when you initialize an object with existing data so by default, the class is flaged as not edited.
- get(k[, d]) D[k] if k in D, else d. d defaults to None.¶
- items() a set-like object providing a view on D's items¶
- keys() a set-like object providing a view on D's keys¶
- pop(k[, d]) v, remove specified key and return the corresponding value.¶
If key is not found, d is returned if given, otherwise KeyError is raised.
- popitem() (k, v), remove and return some (key, value) pair¶
as a 2-tuple; but raise KeyError if D is empty.
- setdefault(k[, d]) D.get(k,d), also set D[k]=d if k not in D¶
- to_dict(json_format=False)¶
Dump the class to a dictionary. This method automatically removes the timestamp recursively in every object that has been edited is order to let MISP update the event accordingly.
- Return type:
- to_json(sort_keys=False, indent=None)¶
Dump recursively any class of type MISPAbstract to a json string
- Return type:
- update([E, ]**F) None. Update D from mapping/iterable E and F.¶
If E present and has a .keys() method, does: for k in E: D[k] = E[k] If E present and lacks .keys() method, does: for (k, v) in E: D[k] = v In either case, this is followed by: for k, v in F.items(): D[k] = v
- values() an object providing a view on D's values¶
MISPOrganisation¶
- class pymisp.MISPOrganisation[source]¶
- clear() None. Remove all items from D.¶
- property edited: bool¶
Recursively check if an object has been edited and update the flag accordingly to the parent objects
- from_dict(**kwargs)[source]¶
Loading all the parameters as class properties, if they aren’t None. This method aims to be called when all the properties requiring a special treatment are processed. Note: This method is used when you initialize an object with existing data so by default, the class is flaged as not edited.
- get(k[, d]) D[k] if k in D, else d. d defaults to None.¶
- items() a set-like object providing a view on D's items¶
- keys() a set-like object providing a view on D's keys¶
- pop(k[, d]) v, remove specified key and return the corresponding value.¶
If key is not found, d is returned if given, otherwise KeyError is raised.
- popitem() (k, v), remove and return some (key, value) pair¶
as a 2-tuple; but raise KeyError if D is empty.
- setdefault(k[, d]) D.get(k,d), also set D[k]=d if k not in D¶
- to_dict(json_format=False)¶
Dump the class to a dictionary. This method automatically removes the timestamp recursively in every object that has been edited is order to let MISP update the event accordingly.
- Return type:
- to_json(sort_keys=False, indent=None)¶
Dump recursively any class of type MISPAbstract to a json string
- Return type:
- update([E, ]**F) None. Update D from mapping/iterable E and F.¶
If E present and has a .keys() method, does: for k in E: D[k] = E[k] If E present and lacks .keys() method, does: for (k, v) in E: D[k] = v In either case, this is followed by: for k, v in F.items(): D[k] = v
- values() an object providing a view on D's values¶
MISPOrganisationBlocklist¶
- class pymisp.MISPOrganisationBlocklist(**kwargs)[source]¶
- clear() None. Remove all items from D.¶
- property edited: bool¶
Recursively check if an object has been edited and update the flag accordingly to the parent objects
- from_dict(**kwargs)[source]¶
Loading all the parameters as class properties, if they aren’t None. This method aims to be called when all the properties requiring a special treatment are processed. Note: This method is used when you initialize an object with existing data so by default, the class is flaged as not edited.
- get(k[, d]) D[k] if k in D, else d. d defaults to None.¶
- items() a set-like object providing a view on D's items¶
- keys() a set-like object providing a view on D's keys¶
- pop(k[, d]) v, remove specified key and return the corresponding value.¶
If key is not found, d is returned if given, otherwise KeyError is raised.
- popitem() (k, v), remove and return some (key, value) pair¶
as a 2-tuple; but raise KeyError if D is empty.
- setdefault(k[, d]) D.get(k,d), also set D[k]=d if k not in D¶
- to_dict(json_format=False)¶
Dump the class to a dictionary. This method automatically removes the timestamp recursively in every object that has been edited is order to let MISP update the event accordingly.
- Return type:
- to_json(sort_keys=False, indent=None)¶
Dump recursively any class of type MISPAbstract to a json string
- Return type:
- update([E, ]**F) None. Update D from mapping/iterable E and F.¶
If E present and has a .keys() method, does: for k in E: D[k] = E[k] If E present and lacks .keys() method, does: for (k, v) in E: D[k] = v In either case, this is followed by: for k, v in F.items(): D[k] = v
- values() an object providing a view on D's values¶
MISPFeed¶
- class pymisp.MISPFeed(**kwargs)[source]¶
- clear() None. Remove all items from D.¶
- property edited: bool¶
Recursively check if an object has been edited and update the flag accordingly to the parent objects
- from_dict(**kwargs)[source]¶
Loading all the parameters as class properties, if they aren’t None. This method aims to be called when all the properties requiring a special treatment are processed. Note: This method is used when you initialize an object with existing data so by default, the class is flaged as not edited.
- get(k[, d]) D[k] if k in D, else d. d defaults to None.¶
- items() a set-like object providing a view on D's items¶
- keys() a set-like object providing a view on D's keys¶
- pop(k[, d]) v, remove specified key and return the corresponding value.¶
If key is not found, d is returned if given, otherwise KeyError is raised.
- popitem() (k, v), remove and return some (key, value) pair¶
as a 2-tuple; but raise KeyError if D is empty.
- setdefault(k[, d]) D.get(k,d), also set D[k]=d if k not in D¶
- to_dict(json_format=False)¶
Dump the class to a dictionary. This method automatically removes the timestamp recursively in every object that has been edited is order to let MISP update the event accordingly.
- Return type:
- to_json(sort_keys=False, indent=None)¶
Dump recursively any class of type MISPAbstract to a json string
- Return type:
- update([E, ]**F) None. Update D from mapping/iterable E and F.¶
If E present and has a .keys() method, does: for k in E: D[k] = E[k] If E present and lacks .keys() method, does: for (k, v) in E: D[k] = v In either case, this is followed by: for k, v in F.items(): D[k] = v
- values() an object providing a view on D's values¶
MISPInbox¶
- class pymisp.MISPInbox(**kwargs)[source]¶
- clear() None. Remove all items from D.¶
- property edited: bool¶
Recursively check if an object has been edited and update the flag accordingly to the parent objects
- from_dict(**kwargs)[source]¶
Loading all the parameters as class properties, if they aren’t None. This method aims to be called when all the properties requiring a special treatment are processed. Note: This method is used when you initialize an object with existing data so by default, the class is flaged as not edited.
- get(k[, d]) D[k] if k in D, else d. d defaults to None.¶
- items() a set-like object providing a view on D's items¶
- keys() a set-like object providing a view on D's keys¶
- pop(k[, d]) v, remove specified key and return the corresponding value.¶
If key is not found, d is returned if given, otherwise KeyError is raised.
- popitem() (k, v), remove and return some (key, value) pair¶
as a 2-tuple; but raise KeyError if D is empty.
- setdefault(k[, d]) D.get(k,d), also set D[k]=d if k not in D¶
- to_dict(json_format=False)¶
Dump the class to a dictionary. This method automatically removes the timestamp recursively in every object that has been edited is order to let MISP update the event accordingly.
- Return type:
- to_json(sort_keys=False, indent=None)¶
Dump recursively any class of type MISPAbstract to a json string
- Return type:
- update([E, ]**F) None. Update D from mapping/iterable E and F.¶
If E present and has a .keys() method, does: for k in E: D[k] = E[k] If E present and lacks .keys() method, does: for (k, v) in E: D[k] = v In either case, this is followed by: for k, v in F.items(): D[k] = v
- values() an object providing a view on D's values¶
MISPLog¶
- class pymisp.MISPLog(**kwargs)[source]¶
- clear() None. Remove all items from D.¶
- property edited: bool¶
Recursively check if an object has been edited and update the flag accordingly to the parent objects
- from_dict(**kwargs)[source]¶
Loading all the parameters as class properties, if they aren’t None. This method aims to be called when all the properties requiring a special treatment are processed. Note: This method is used when you initialize an object with existing data so by default, the class is flaged as not edited.
- get(k[, d]) D[k] if k in D, else d. d defaults to None.¶
- items() a set-like object providing a view on D's items¶
- keys() a set-like object providing a view on D's keys¶
- pop(k[, d]) v, remove specified key and return the corresponding value.¶
If key is not found, d is returned if given, otherwise KeyError is raised.
- popitem() (k, v), remove and return some (key, value) pair¶
as a 2-tuple; but raise KeyError if D is empty.
- setdefault(k[, d]) D.get(k,d), also set D[k]=d if k not in D¶
- to_dict(json_format=False)¶
Dump the class to a dictionary. This method automatically removes the timestamp recursively in every object that has been edited is order to let MISP update the event accordingly.
- Return type:
- to_json(sort_keys=False, indent=None)¶
Dump recursively any class of type MISPAbstract to a json string
- Return type:
- update([E, ]**F) None. Update D from mapping/iterable E and F.¶
If E present and has a .keys() method, does: for k in E: D[k] = E[k] If E present and lacks .keys() method, does: for (k, v) in E: D[k] = v In either case, this is followed by: for k, v in F.items(): D[k] = v
- values() an object providing a view on D's values¶
MISPNoticelist¶
- class pymisp.MISPNoticelist(**kwargs)[source]¶
- clear() None. Remove all items from D.¶
- property edited: bool¶
Recursively check if an object has been edited and update the flag accordingly to the parent objects
- from_dict(**kwargs)[source]¶
Loading all the parameters as class properties, if they aren’t None. This method aims to be called when all the properties requiring a special treatment are processed. Note: This method is used when you initialize an object with existing data so by default, the class is flaged as not edited.
- get(k[, d]) D[k] if k in D, else d. d defaults to None.¶
- items() a set-like object providing a view on D's items¶
- keys() a set-like object providing a view on D's keys¶
- pop(k[, d]) v, remove specified key and return the corresponding value.¶
If key is not found, d is returned if given, otherwise KeyError is raised.
- popitem() (k, v), remove and return some (key, value) pair¶
as a 2-tuple; but raise KeyError if D is empty.
- setdefault(k[, d]) D.get(k,d), also set D[k]=d if k not in D¶
- to_dict(json_format=False)¶
Dump the class to a dictionary. This method automatically removes the timestamp recursively in every object that has been edited is order to let MISP update the event accordingly.
- Return type:
- to_json(sort_keys=False, indent=None)¶
Dump recursively any class of type MISPAbstract to a json string
- Return type:
- update([E, ]**F) None. Update D from mapping/iterable E and F.¶
If E present and has a .keys() method, does: for k in E: D[k] = E[k] If E present and lacks .keys() method, does: for (k, v) in E: D[k] = v In either case, this is followed by: for k, v in F.items(): D[k] = v
- values() an object providing a view on D's values¶
MISPRole¶
- class pymisp.MISPRole(**kwargs)[source]¶
- clear() None. Remove all items from D.¶
- property edited: bool¶
Recursively check if an object has been edited and update the flag accordingly to the parent objects
- from_dict(**kwargs)[source]¶
Loading all the parameters as class properties, if they aren’t None. This method aims to be called when all the properties requiring a special treatment are processed. Note: This method is used when you initialize an object with existing data so by default, the class is flaged as not edited.
- get(k[, d]) D[k] if k in D, else d. d defaults to None.¶
- items() a set-like object providing a view on D's items¶
- keys() a set-like object providing a view on D's keys¶
- pop(k[, d]) v, remove specified key and return the corresponding value.¶
If key is not found, d is returned if given, otherwise KeyError is raised.
- popitem() (k, v), remove and return some (key, value) pair¶
as a 2-tuple; but raise KeyError if D is empty.
- setdefault(k[, d]) D.get(k,d), also set D[k]=d if k not in D¶
- to_dict(json_format=False)¶
Dump the class to a dictionary. This method automatically removes the timestamp recursively in every object that has been edited is order to let MISP update the event accordingly.
- Return type:
- to_json(sort_keys=False, indent=None)¶
Dump recursively any class of type MISPAbstract to a json string
- Return type:
- update([E, ]**F) None. Update D from mapping/iterable E and F.¶
If E present and has a .keys() method, does: for k in E: D[k] = E[k] If E present and lacks .keys() method, does: for (k, v) in E: D[k] = v In either case, this is followed by: for k, v in F.items(): D[k] = v
- values() an object providing a view on D's values¶
MISPServer¶
- class pymisp.MISPServer(**kwargs)[source]¶
- clear() None. Remove all items from D.¶
- property edited: bool¶
Recursively check if an object has been edited and update the flag accordingly to the parent objects
- from_dict(**kwargs)[source]¶
Loading all the parameters as class properties, if they aren’t None. This method aims to be called when all the properties requiring a special treatment are processed. Note: This method is used when you initialize an object with existing data so by default, the class is flaged as not edited.
- get(k[, d]) D[k] if k in D, else d. d defaults to None.¶
- items() a set-like object providing a view on D's items¶
- keys() a set-like object providing a view on D's keys¶
- pop(k[, d]) v, remove specified key and return the corresponding value.¶
If key is not found, d is returned if given, otherwise KeyError is raised.
- popitem() (k, v), remove and return some (key, value) pair¶
as a 2-tuple; but raise KeyError if D is empty.
- setdefault(k[, d]) D.get(k,d), also set D[k]=d if k not in D¶
- to_dict(json_format=False)¶
Dump the class to a dictionary. This method automatically removes the timestamp recursively in every object that has been edited is order to let MISP update the event accordingly.
- Return type:
- to_json(sort_keys=False, indent=None)¶
Dump recursively any class of type MISPAbstract to a json string
- Return type:
- update([E, ]**F) None. Update D from mapping/iterable E and F.¶
If E present and has a .keys() method, does: for k in E: D[k] = E[k] If E present and lacks .keys() method, does: for (k, v) in E: D[k] = v In either case, this is followed by: for k, v in F.items(): D[k] = v
- update_not_jsonable(*args)¶
Add entries to the __not_jsonable list
- Return type: