pymisp - Tools¶

File Object¶

class pymisp.tools.FileObject(filepath=None, pseudofile=None, filename=None, **kwargs)[source]¶

add_attribute(object_relation, simple_value=None, **value)¶

Add an attribute. :type object_relation: str :param object_relation: The object relation of the attribute you’re adding to the object :type simple_value: Union[str, int, float, None] :param simple_value: The value :type value: :param value: dictionary with all the keys supported by MISPAttribute

Note: as long as PyMISP knows about the object template, only the object_relation and the simple_value are required. :rtype: Optional[MISPAttribute]

If PyMISP doesn’t know the template, you also must pass a type. All the other options that can be passed along when creating an attribute (comment, IDS flag, …) will be either taked out of the template, or out of the default setting for the type as defined on the MISP instance.

add_attributes(object_relation, *attributes)¶

Add multiple attributes with the same object_relation. Helper for object_relation when multiple is True in the template. It is the same as calling multiple times add_attribute with the same object_relation.

Return type:: List[Optional[MISPAttribute]]

add_reference(referenced_uuid, relationship_type, comment=None, **kwargs)¶

Add a link (uuid) to another object

Return type:: MISPObjectReference

clear() → None. Remove all items from D.¶

delete()¶: Mark the object as deleted (soft delete)

property edited: bool¶: Recursively check if an object has been edited and update the flag accordingly to the parent objects

from_dict(**kwargs)¶: Loading all the parameters as class properties, if they aren’t None. This method aims to be called when all the properties requiring a special treatment are processed. Note: This method is used when you initialize an object with existing data so by default, the class is flaged as not edited.

from_json(json_string)¶

Load a JSON string

Return type:: None

generate_attributes()[source]¶: Contains the logic where all the values of the object are gathered

get(k[, d]) → D[k] if k in D, else d. d defaults to None.¶

get_attributes_by_relation(object_relation)¶

Returns the list of attributes with the given object relation in the object

Return type:: List[MISPAttribute]

has_attributes_by_relation(list_of_relations)¶

True if all the relations in the list are defined in the object

Return type:: bool

items() → a set-like object providing a view on D's items¶

jsonable()¶

This method is used by the JSON encoder

Return type:: Dict

keys() → a set-like object providing a view on D's keys¶

pop(k[, d]) → v, remove specified key and return the corresponding value.¶: If key is not found, d is returned if given, otherwise KeyError is raised.

popitem() → (k, v), remove and return some (key, value) pair¶: as a 2-tuple; but raise KeyError if D is empty.

set_not_jsonable(args)¶

Set __not_jsonable to a new list

Return type:: None

setdefault(k[, d]) → D.get(k,d), also set D[k]=d if k not in D¶

to_dict(json_format=False, strict=False)¶

Dump the class to a dictionary. This method automatically removes the timestamp recursively in every object that has been edited is order to let MISP update the event accordingly.

Return type:: Dict

to_json(sort_keys=False, indent=None, strict=False)¶: Dump recursively any class of type MISPAbstract to a json string

update([E, ]**F) → None. Update D from mapping/iterable E and F.¶: If E present and has a .keys() method, does: for k in E: D[k] = E[k] If E present and lacks .keys() method, does: for (k, v) in E: D[k] = v In either case, this is followed by: for k, v in F.items(): D[k] = v

update_not_jsonable(*args)¶

Add entries to the __not_jsonable list

Return type:: None

values() → an object providing a view on D's values¶

ELF Object¶

class pymisp.tools.ELFObject(parsed=None, filepath=None, pseudofile=None, **kwargs)[source]¶

add_attribute(object_relation, simple_value=None, **value)¶

Add an attribute. :type object_relation: str :param object_relation: The object relation of the attribute you’re adding to the object :type simple_value: Union[str, int, float, None] :param simple_value: The value :type value: :param value: dictionary with all the keys supported by MISPAttribute

Note: as long as PyMISP knows about the object template, only the object_relation and the simple_value are required. :rtype: Optional[MISPAttribute]

If PyMISP doesn’t know the template, you also must pass a type. All the other options that can be passed along when creating an attribute (comment, IDS flag, …) will be either taked out of the template, or out of the default setting for the type as defined on the MISP instance.

add_attributes(object_relation, *attributes)¶

Add multiple attributes with the same object_relation. Helper for object_relation when multiple is True in the template. It is the same as calling multiple times add_attribute with the same object_relation.

Return type:: List[Optional[MISPAttribute]]

add_reference(referenced_uuid, relationship_type, comment=None, **kwargs)¶

Add a link (uuid) to another object

Return type:: MISPObjectReference

clear() → None. Remove all items from D.¶

delete()¶: Mark the object as deleted (soft delete)

property edited: bool¶: Recursively check if an object has been edited and update the flag accordingly to the parent objects

from_dict(**kwargs)¶: Loading all the parameters as class properties, if they aren’t None. This method aims to be called when all the properties requiring a special treatment are processed. Note: This method is used when you initialize an object with existing data so by default, the class is flaged as not edited.

from_json(json_string)¶

Load a JSON string

Return type:: None

generate_attributes()[source]¶: Contains the logic where all the values of the object are gathered

get(k[, d]) → D[k] if k in D, else d. d defaults to None.¶

get_attributes_by_relation(object_relation)¶

Returns the list of attributes with the given object relation in the object

Return type:: List[MISPAttribute]

has_attributes_by_relation(list_of_relations)¶

True if all the relations in the list are defined in the object

Return type:: bool

items() → a set-like object providing a view on D's items¶

jsonable()¶

This method is used by the JSON encoder

Return type:: Dict

keys() → a set-like object providing a view on D's keys¶

pop(k[, d]) → v, remove specified key and return the corresponding value.¶: If key is not found, d is returned if given, otherwise KeyError is raised.

popitem() → (k, v), remove and return some (key, value) pair¶: as a 2-tuple; but raise KeyError if D is empty.

set_not_jsonable(args)¶

Set __not_jsonable to a new list

Return type:: None

setdefault(k[, d]) → D.get(k,d), also set D[k]=d if k not in D¶

to_dict(json_format=False, strict=False)¶

Dump the class to a dictionary. This method automatically removes the timestamp recursively in every object that has been edited is order to let MISP update the event accordingly.

Return type:: Dict

to_json(sort_keys=False, indent=None, strict=False)¶: Dump recursively any class of type MISPAbstract to a json string

update([E, ]**F) → None. Update D from mapping/iterable E and F.¶: If E present and has a .keys() method, does: for k in E: D[k] = E[k] If E present and lacks .keys() method, does: for (k, v) in E: D[k] = v In either case, this is followed by: for k, v in F.items(): D[k] = v

update_not_jsonable(*args)¶

Add entries to the __not_jsonable list

Return type:: None

values() → an object providing a view on D's values¶

class pymisp.tools.ELFSectionObject(section, **kwargs)[source]¶

add_attribute(object_relation, simple_value=None, **value)¶

Add an attribute. :type object_relation: str :param object_relation: The object relation of the attribute you’re adding to the object :type simple_value: Union[str, int, float, None] :param simple_value: The value :type value: :param value: dictionary with all the keys supported by MISPAttribute

Note: as long as PyMISP knows about the object template, only the object_relation and the simple_value are required. :rtype: Optional[MISPAttribute]

If PyMISP doesn’t know the template, you also must pass a type. All the other options that can be passed along when creating an attribute (comment, IDS flag, …) will be either taked out of the template, or out of the default setting for the type as defined on the MISP instance.

add_attributes(object_relation, *attributes)¶

Add multiple attributes with the same object_relation. Helper for object_relation when multiple is True in the template. It is the same as calling multiple times add_attribute with the same object_relation.

Return type:: List[Optional[MISPAttribute]]

add_reference(referenced_uuid, relationship_type, comment=None, **kwargs)¶

Add a link (uuid) to another object

Return type:: MISPObjectReference

clear() → None. Remove all items from D.¶

delete()¶: Mark the object as deleted (soft delete)

property edited: bool¶: Recursively check if an object has been edited and update the flag accordingly to the parent objects

from_dict(**kwargs)¶: Loading all the parameters as class properties, if they aren’t None. This method aims to be called when all the properties requiring a special treatment are processed. Note: This method is used when you initialize an object with existing data so by default, the class is flaged as not edited.

from_json(json_string)¶

Load a JSON string

Return type:: None

generate_attributes()[source]¶: Contains the logic where all the values of the object are gathered

get(k[, d]) → D[k] if k in D, else d. d defaults to None.¶

get_attributes_by_relation(object_relation)¶

Returns the list of attributes with the given object relation in the object

Return type:: List[MISPAttribute]

has_attributes_by_relation(list_of_relations)¶

True if all the relations in the list are defined in the object

Return type:: bool

items() → a set-like object providing a view on D's items¶

jsonable()¶

This method is used by the JSON encoder

Return type:: Dict

keys() → a set-like object providing a view on D's keys¶

pop(k[, d]) → v, remove specified key and return the corresponding value.¶: If key is not found, d is returned if given, otherwise KeyError is raised.

popitem() → (k, v), remove and return some (key, value) pair¶: as a 2-tuple; but raise KeyError if D is empty.

set_not_jsonable(args)¶

Set __not_jsonable to a new list

Return type:: None

setdefault(k[, d]) → D.get(k,d), also set D[k]=d if k not in D¶

to_dict(json_format=False, strict=False)¶

Dump the class to a dictionary. This method automatically removes the timestamp recursively in every object that has been edited is order to let MISP update the event accordingly.

Return type:: Dict

to_json(sort_keys=False, indent=None, strict=False)¶: Dump recursively any class of type MISPAbstract to a json string

update([E, ]**F) → None. Update D from mapping/iterable E and F.¶: If E present and has a .keys() method, does: for k in E: D[k] = E[k] If E present and lacks .keys() method, does: for (k, v) in E: D[k] = v In either case, this is followed by: for k, v in F.items(): D[k] = v

update_not_jsonable(*args)¶

Add entries to the __not_jsonable list

Return type:: None

values() → an object providing a view on D's values¶

PE Object¶

class pymisp.tools.PEObject(parsed=None, filepath=None, pseudofile=None, **kwargs)[source]¶

add_attribute(object_relation, simple_value=None, **value)¶

Add an attribute. :type object_relation: str :param object_relation: The object relation of the attribute you’re adding to the object :type simple_value: Union[str, int, float, None] :param simple_value: The value :type value: :param value: dictionary with all the keys supported by MISPAttribute

Note: as long as PyMISP knows about the object template, only the object_relation and the simple_value are required. :rtype: Optional[MISPAttribute]

If PyMISP doesn’t know the template, you also must pass a type. All the other options that can be passed along when creating an attribute (comment, IDS flag, …) will be either taked out of the template, or out of the default setting for the type as defined on the MISP instance.

add_attributes(object_relation, *attributes)¶

Add multiple attributes with the same object_relation. Helper for object_relation when multiple is True in the template. It is the same as calling multiple times add_attribute with the same object_relation.

Return type:: List[Optional[MISPAttribute]]

add_reference(referenced_uuid, relationship_type, comment=None, **kwargs)¶

Add a link (uuid) to another object

Return type:: MISPObjectReference

clear() → None. Remove all items from D.¶

delete()¶: Mark the object as deleted (soft delete)

property edited: bool¶: Recursively check if an object has been edited and update the flag accordingly to the parent objects

from_dict(**kwargs)¶: Loading all the parameters as class properties, if they aren’t None. This method aims to be called when all the properties requiring a special treatment are processed. Note: This method is used when you initialize an object with existing data so by default, the class is flaged as not edited.

from_json(json_string)¶

Load a JSON string

Return type:: None

generate_attributes()[source]¶: Contains the logic where all the values of the object are gathered

get(k[, d]) → D[k] if k in D, else d. d defaults to None.¶

get_attributes_by_relation(object_relation)¶

Returns the list of attributes with the given object relation in the object

Return type:: List[MISPAttribute]

has_attributes_by_relation(list_of_relations)¶

True if all the relations in the list are defined in the object

Return type:: bool

items() → a set-like object providing a view on D's items¶

jsonable()¶

This method is used by the JSON encoder

Return type:: Dict

keys() → a set-like object providing a view on D's keys¶

pop(k[, d]) → v, remove specified key and return the corresponding value.¶: If key is not found, d is returned if given, otherwise KeyError is raised.

popitem() → (k, v), remove and return some (key, value) pair¶: as a 2-tuple; but raise KeyError if D is empty.

set_not_jsonable(args)¶

Set __not_jsonable to a new list

Return type:: None

setdefault(k[, d]) → D.get(k,d), also set D[k]=d if k not in D¶

to_dict(json_format=False, strict=False)¶

Dump the class to a dictionary. This method automatically removes the timestamp recursively in every object that has been edited is order to let MISP update the event accordingly.

Return type:: Dict

to_json(sort_keys=False, indent=None, strict=False)¶: Dump recursively any class of type MISPAbstract to a json string

update([E, ]**F) → None. Update D from mapping/iterable E and F.¶: If E present and has a .keys() method, does: for k in E: D[k] = E[k] If E present and lacks .keys() method, does: for (k, v) in E: D[k] = v In either case, this is followed by: for k, v in F.items(): D[k] = v

update_not_jsonable(*args)¶

Add entries to the __not_jsonable list

Return type:: None

values() → an object providing a view on D's values¶

class pymisp.tools.PESectionObject(section, **kwargs)[source]¶

add_attribute(object_relation, simple_value=None, **value)¶

Add an attribute. :type object_relation: str :param object_relation: The object relation of the attribute you’re adding to the object :type simple_value: Union[str, int, float, None] :param simple_value: The value :type value: :param value: dictionary with all the keys supported by MISPAttribute

Note: as long as PyMISP knows about the object template, only the object_relation and the simple_value are required. :rtype: Optional[MISPAttribute]

If PyMISP doesn’t know the template, you also must pass a type. All the other options that can be passed along when creating an attribute (comment, IDS flag, …) will be either taked out of the template, or out of the default setting for the type as defined on the MISP instance.

add_attributes(object_relation, *attributes)¶

Add multiple attributes with the same object_relation. Helper for object_relation when multiple is True in the template. It is the same as calling multiple times add_attribute with the same object_relation.

Return type:: List[Optional[MISPAttribute]]

add_reference(referenced_uuid, relationship_type, comment=None, **kwargs)¶

Add a link (uuid) to another object

Return type:: MISPObjectReference

clear() → None. Remove all items from D.¶

delete()¶: Mark the object as deleted (soft delete)

property edited: bool¶: Recursively check if an object has been edited and update the flag accordingly to the parent objects

from_dict(**kwargs)¶: Loading all the parameters as class properties, if they aren’t None. This method aims to be called when all the properties requiring a special treatment are processed. Note: This method is used when you initialize an object with existing data so by default, the class is flaged as not edited.

from_json(json_string)¶

Load a JSON string

Return type:: None

generate_attributes()[source]¶: Contains the logic where all the values of the object are gathered

get(k[, d]) → D[k] if k in D, else d. d defaults to None.¶

get_attributes_by_relation(object_relation)¶

Returns the list of attributes with the given object relation in the object

Return type:: List[MISPAttribute]

has_attributes_by_relation(list_of_relations)¶

True if all the relations in the list are defined in the object

Return type:: bool

items() → a set-like object providing a view on D's items¶

jsonable()¶

This method is used by the JSON encoder

Return type:: Dict

keys() → a set-like object providing a view on D's keys¶

pop(k[, d]) → v, remove specified key and return the corresponding value.¶: If key is not found, d is returned if given, otherwise KeyError is raised.

popitem() → (k, v), remove and return some (key, value) pair¶: as a 2-tuple; but raise KeyError if D is empty.

set_not_jsonable(args)¶

Set __not_jsonable to a new list

Return type:: None

setdefault(k[, d]) → D.get(k,d), also set D[k]=d if k not in D¶

to_dict(json_format=False, strict=False)¶

Dump the class to a dictionary. This method automatically removes the timestamp recursively in every object that has been edited is order to let MISP update the event accordingly.

Return type:: Dict

to_json(sort_keys=False, indent=None, strict=False)¶: Dump recursively any class of type MISPAbstract to a json string

update([E, ]**F) → None. Update D from mapping/iterable E and F.¶: If E present and has a .keys() method, does: for k in E: D[k] = E[k] If E present and lacks .keys() method, does: for (k, v) in E: D[k] = v In either case, this is followed by: for k, v in F.items(): D[k] = v

update_not_jsonable(*args)¶

Add entries to the __not_jsonable list

Return type:: None

values() → an object providing a view on D's values¶

Mach-O Object¶

class pymisp.tools.MachOObject(parsed=None, filepath=None, pseudofile=None, **kwargs)[source]¶

add_attribute(object_relation, simple_value=None, **value)¶

Add an attribute. :type object_relation: str :param object_relation: The object relation of the attribute you’re adding to the object :type simple_value: Union[str, int, float, None] :param simple_value: The value :type value: :param value: dictionary with all the keys supported by MISPAttribute

Note: as long as PyMISP knows about the object template, only the object_relation and the simple_value are required. :rtype: Optional[MISPAttribute]

If PyMISP doesn’t know the template, you also must pass a type. All the other options that can be passed along when creating an attribute (comment, IDS flag, …) will be either taked out of the template, or out of the default setting for the type as defined on the MISP instance.

add_attributes(object_relation, *attributes)¶

Add multiple attributes with the same object_relation. Helper for object_relation when multiple is True in the template. It is the same as calling multiple times add_attribute with the same object_relation.

Return type:: List[Optional[MISPAttribute]]

add_reference(referenced_uuid, relationship_type, comment=None, **kwargs)¶

Add a link (uuid) to another object

Return type:: MISPObjectReference

clear() → None. Remove all items from D.¶

delete()¶: Mark the object as deleted (soft delete)

property edited: bool¶: Recursively check if an object has been edited and update the flag accordingly to the parent objects

from_dict(**kwargs)¶: Loading all the parameters as class properties, if they aren’t None. This method aims to be called when all the properties requiring a special treatment are processed. Note: This method is used when you initialize an object with existing data so by default, the class is flaged as not edited.

from_json(json_string)¶

Load a JSON string

Return type:: None

generate_attributes()[source]¶: Contains the logic where all the values of the object are gathered

get(k[, d]) → D[k] if k in D, else d. d defaults to None.¶

get_attributes_by_relation(object_relation)¶

Returns the list of attributes with the given object relation in the object

Return type:: List[MISPAttribute]

has_attributes_by_relation(list_of_relations)¶

True if all the relations in the list are defined in the object

Return type:: bool

items() → a set-like object providing a view on D's items¶

jsonable()¶

This method is used by the JSON encoder

Return type:: Dict

keys() → a set-like object providing a view on D's keys¶

pop(k[, d]) → v, remove specified key and return the corresponding value.¶: If key is not found, d is returned if given, otherwise KeyError is raised.

popitem() → (k, v), remove and return some (key, value) pair¶: as a 2-tuple; but raise KeyError if D is empty.

set_not_jsonable(args)¶

Set __not_jsonable to a new list

Return type:: None

setdefault(k[, d]) → D.get(k,d), also set D[k]=d if k not in D¶

to_dict(json_format=False, strict=False)¶

Dump the class to a dictionary. This method automatically removes the timestamp recursively in every object that has been edited is order to let MISP update the event accordingly.

Return type:: Dict

to_json(sort_keys=False, indent=None, strict=False)¶: Dump recursively any class of type MISPAbstract to a json string

update([E, ]**F) → None. Update D from mapping/iterable E and F.¶: If E present and has a .keys() method, does: for k in E: D[k] = E[k] If E present and lacks .keys() method, does: for (k, v) in E: D[k] = v In either case, this is followed by: for k, v in F.items(): D[k] = v

update_not_jsonable(*args)¶

Add entries to the __not_jsonable list

Return type:: None

values() → an object providing a view on D's values¶

class pymisp.tools.MachOSectionObject(section, **kwargs)[source]¶

add_attribute(object_relation, simple_value=None, **value)¶

Add an attribute. :type object_relation: str :param object_relation: The object relation of the attribute you’re adding to the object :type simple_value: Union[str, int, float, None] :param simple_value: The value :type value: :param value: dictionary with all the keys supported by MISPAttribute

Note: as long as PyMISP knows about the object template, only the object_relation and the simple_value are required. :rtype: Optional[MISPAttribute]

If PyMISP doesn’t know the template, you also must pass a type. All the other options that can be passed along when creating an attribute (comment, IDS flag, …) will be either taked out of the template, or out of the default setting for the type as defined on the MISP instance.

add_attributes(object_relation, *attributes)¶

Add multiple attributes with the same object_relation. Helper for object_relation when multiple is True in the template. It is the same as calling multiple times add_attribute with the same object_relation.

Return type:: List[Optional[MISPAttribute]]

add_reference(referenced_uuid, relationship_type, comment=None, **kwargs)¶

Add a link (uuid) to another object

Return type:: MISPObjectReference

clear() → None. Remove all items from D.¶

delete()¶: Mark the object as deleted (soft delete)

property edited: bool¶: Recursively check if an object has been edited and update the flag accordingly to the parent objects

from_dict(**kwargs)¶: Loading all the parameters as class properties, if they aren’t None. This method aims to be called when all the properties requiring a special treatment are processed. Note: This method is used when you initialize an object with existing data so by default, the class is flaged as not edited.

from_json(json_string)¶

Load a JSON string

Return type:: None

generate_attributes()[source]¶: Contains the logic where all the values of the object are gathered

get(k[, d]) → D[k] if k in D, else d. d defaults to None.¶

get_attributes_by_relation(object_relation)¶

Returns the list of attributes with the given object relation in the object

Return type:: List[MISPAttribute]

has_attributes_by_relation(list_of_relations)¶

True if all the relations in the list are defined in the object

Return type:: bool

items() → a set-like object providing a view on D's items¶

jsonable()¶

This method is used by the JSON encoder

Return type:: Dict

keys() → a set-like object providing a view on D's keys¶

pop(k[, d]) → v, remove specified key and return the corresponding value.¶: If key is not found, d is returned if given, otherwise KeyError is raised.

popitem() → (k, v), remove and return some (key, value) pair¶: as a 2-tuple; but raise KeyError if D is empty.

set_not_jsonable(args)¶

Set __not_jsonable to a new list

Return type:: None

setdefault(k[, d]) → D.get(k,d), also set D[k]=d if k not in D¶

to_dict(json_format=False, strict=False)¶

Dump the class to a dictionary. This method automatically removes the timestamp recursively in every object that has been edited is order to let MISP update the event accordingly.

Return type:: Dict

to_json(sort_keys=False, indent=None, strict=False)¶: Dump recursively any class of type MISPAbstract to a json string

update([E, ]**F) → None. Update D from mapping/iterable E and F.¶: If E present and has a .keys() method, does: for k in E: D[k] = E[k] If E present and lacks .keys() method, does: for (k, v) in E: D[k] = v In either case, this is followed by: for k, v in F.items(): D[k] = v

update_not_jsonable(*args)¶

Add entries to the __not_jsonable list

Return type:: None

values() → an object providing a view on D's values¶

VT Report Object¶

class pymisp.tools.VTReportObject(apikey, indicator, vt_proxies=None, **kwargs)[source]¶

VirusTotal Report

Apikey:: VirusTotal API key (private works, but only public features are supported right now)
Indicator:: IOC to search VirusTotal for

add_attribute(object_relation, simple_value=None, **value)¶

Add an attribute. :type object_relation: str :param object_relation: The object relation of the attribute you’re adding to the object :type simple_value: Union[str, int, float, None] :param simple_value: The value :type value: :param value: dictionary with all the keys supported by MISPAttribute

Note: as long as PyMISP knows about the object template, only the object_relation and the simple_value are required. :rtype: Optional[MISPAttribute]

If PyMISP doesn’t know the template, you also must pass a type. All the other options that can be passed along when creating an attribute (comment, IDS flag, …) will be either taked out of the template, or out of the default setting for the type as defined on the MISP instance.

add_attributes(object_relation, *attributes)¶

Add multiple attributes with the same object_relation. Helper for object_relation when multiple is True in the template. It is the same as calling multiple times add_attribute with the same object_relation.

Return type:: List[Optional[MISPAttribute]]

add_reference(referenced_uuid, relationship_type, comment=None, **kwargs)¶

Add a link (uuid) to another object

Return type:: MISPObjectReference

clear() → None. Remove all items from D.¶

delete()¶: Mark the object as deleted (soft delete)

property edited: bool¶: Recursively check if an object has been edited and update the flag accordingly to the parent objects

from_dict(**kwargs)¶: Loading all the parameters as class properties, if they aren’t None. This method aims to be called when all the properties requiring a special treatment are processed. Note: This method is used when you initialize an object with existing data so by default, the class is flaged as not edited.

from_json(json_string)¶

Load a JSON string

Return type:: None

generate_attributes()[source]¶: Parse the VirusTotal report for relevant attributes

get(k[, d]) → D[k] if k in D, else d. d defaults to None.¶

get_attributes_by_relation(object_relation)¶

Returns the list of attributes with the given object relation in the object

Return type:: List[MISPAttribute]

has_attributes_by_relation(list_of_relations)¶

True if all the relations in the list are defined in the object

Return type:: bool

items() → a set-like object providing a view on D's items¶

jsonable()¶

This method is used by the JSON encoder

Return type:: Dict

keys() → a set-like object providing a view on D's keys¶

pop(k[, d]) → v, remove specified key and return the corresponding value.¶: If key is not found, d is returned if given, otherwise KeyError is raised.

popitem() → (k, v), remove and return some (key, value) pair¶: as a 2-tuple; but raise KeyError if D is empty.

set_not_jsonable(args)¶

Set __not_jsonable to a new list

Return type:: None

setdefault(k[, d]) → D.get(k,d), also set D[k]=d if k not in D¶

to_dict(json_format=False, strict=False)¶

Dump the class to a dictionary. This method automatically removes the timestamp recursively in every object that has been edited is order to let MISP update the event accordingly.

Return type:: Dict

to_json(sort_keys=False, indent=None, strict=False)¶: Dump recursively any class of type MISPAbstract to a json string

update([E, ]**F) → None. Update D from mapping/iterable E and F.¶: If E present and has a .keys() method, does: for k in E: D[k] = E[k] If E present and lacks .keys() method, does: for (k, v) in E: D[k] = v In either case, this is followed by: for k, v in F.items(): D[k] = v

update_not_jsonable(*args)¶

Add entries to the __not_jsonable list

Return type:: None

values() → an object providing a view on D's values¶

STIX¶

pymisp.tools.stix.load_stix(stix, distribution=3, threat_level_id=2, analysis=0)[source]¶: Returns a MISPEvent object from a STIX package

pymisp.tools.stix.make_stix_package(misp_event, to_json=False, to_xml=False)[source]¶

Returns a STIXPackage from a MISPEvent.

Optionally can return the package in json or xml.

OpenIOC¶

tools.load_openioc()¶

tools.load_openioc_file()¶

pymisp - Tools¶

File Object¶

ELF Object¶

PE Object¶

Mach-O Object¶

VT Report Object¶

STIX¶

OpenIOC¶

PyMISP

Navigation

Related Topics