How to use the pymisp.PyMISP function in pymisp
To help you get started, weāve selected a few pymisp examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
MISP / PyMISP / tests / test_offline.py View on Github 
def test_auth_error(self, m):
self.initURI(m)
pymisp = PyMISP(self.domain, self.key)
error = pymisp.get(1)
response = self.auth_error_msg
response['errors'] = [response['message']]
self.assertEqual(error, response)def test_searchIndexByTagName(self, m):
self.initURI(m)
pymisp = PyMISP(self.domain, self.key)
response = pymisp.search_index(tag='ecsirt:malicious-code="ransomware"')
self.assertEqual(response['response'], self.search_index_result)def test_change_disablecorrelation_invalid(self, m):
self.initURI(m)
pymisp = PyMISP(self.domain, self.key)
try:
pymisp.change_disablecorrelation(self.key, 42)
self.assertFalse('Exception required for off domain value')
except Exception:
passdef init():
""" init connection to MISP """
return PyMISP(misp_url, misp_key, misp_verifycert, 'json')def init(url, key):
return PyMISP(url, key, False, 'json', debug=False)def init(cert_to_priv=True):
global source
global destination
print(cert_to_priv)
if cert_to_priv:
source = PyMISP(url_cert, cert, cert_cert, 'xml')
destination = PyMISP(url_priv, priv, cert_priv, 'xml')
else:
source = PyMISP(url_priv, priv, cert_priv, 'xml')
destination = PyMISP(url_cert, cert, cert_cert, 'xml')def init():
"""
Initialize PyMISP
Get configuration settings from config file
"""
global source
source = PyMISP(misp_url, misp_key, misp_verifycert, 'json')def init(url, key):
return PyMISP(url, key, misp_verifycert, 'json')def __init__(self, url, key, ssl=True, tags=None, artifact_types=None, filter_string=None, allowed_sources=None):
"""MISP operator."""
self.api = pymisp.PyMISP(url, key, ssl, 'json')
if tags:
self.tags = tags
else:
self.tags = ['type:OSINT']
self.event_info = 'ThreatIngestor Event: {source_name}'
super(Plugin, self).__init__(artifact_types, filter_string, allowed_sources)
self.artifact_types = artifact_types or [
threatingestor.artifacts.Domain,
threatingestor.artifacts.Hash,
threatingestor.artifacts.IPAddress,
threatingestor.artifacts.URL,
threatingestor.artifacts.YARASignature,
]if m != '' and m != '-':
key_set = True
if not key_set or 'pymisp' in deactivated_features:
return info
# Loop through MISP instances
misp_info = []
misp_events = []
for c, m_url in enumerate(MISP_URLS, start=0):
# Get the corresponding auth key
m_auth_key = MISP_AUTH_KEYS[c]
if args.debug:
print("[D] Querying MISP: %s" % m_url)
try:
# Preparing API request
misp = pymisp.PyMISP(m_url, m_auth_key, args.verifycert, debug=args.debug, proxies={},cert=None,auth=None,tool='Munin : Online hash checker')
if args.debug:
print("[D] Query: values=%s" % hash)
result = misp.search('attributes', type_attribute=fetchHash(hash)[1] ,value=hash)
# Processing the result
if result['Attribute']:
events_added = list()
if args.debug:
print("[D] Dump Attribute : "+json.dumps(result['Attribute'], indent=2))
for r in result['Attribute']:
# Check for duplicates
if r['event_id'] in events_added:
continue
# Try to get info on the events
event_info = ""
misp_events.append('MISP%d:%s' % (c+1, r['event_id']))
e_result = misp.search('events', eventid=r['event_id'])
Popular pymisp functions
- pymisp.abstract.AbstractMISP
- pymisp.Distribution
- pymisp.exceptions.InvalidMISPObject
- pymisp.exceptions.PyMISPError
- pymisp.ExpandedPyMISP
- pymisp.MISPAttribute
- pymisp.MISPEvent
- pymisp.mispevent.MISPAttribute
- pymisp.mispevent.MISPEvent
- pymisp.mispevent.MISPFeed
- pymisp.mispevent.MISPOrganisation
- pymisp.mispevent.MISPShadowAttribute
- pymisp.MISPObject
- pymisp.MISPTag
- pymisp.PyMISP
- pymisp.tools.abstractgenerator.AbstractMISPObjectGenerator
- pymisp.tools.GenericObjectGenerator
- pymisp.tools.make_binary_objects
- pymisp.tools.reportlab_generator.convert_event_in_pdf_buffer
- pymisp.tools.reportlab_generator.register_value_to_file