creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-14 15:04:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/collecting-threat-intelligence-with-misp/references/api-reference.md
T
mukul975 c21af3347e Complete folder anatomy for all 649 cybersecurity skills + update LICENSE to Mahipal 
- Add scripts/agent.py and references/api-reference.md to all remaining skills
- Update all 648 LICENSE files: copyright now reads 'Mahipal'
- Add implementing-security-monitoring-with-datadog (new skill with full anatomy)
- All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
2026-03-11 00:22:12 +01:00

1.8 KiB
Raw Blame History

API Reference: Collecting Threat Intelligence with MISP

PyMISP Installation

pip install pymisp

Client Initialization

from pymisp import PyMISP

misp = PyMISP(
    url="https://misp.example.org",
    key=os.environ["MISP_API_KEY"],
    ssl=True
)

Event Search

# By tags
events = misp.search("events", tags=["tlp:white", "type:OSINT"], pythonify=True)

# By date range
events = misp.search("events", date_from="2025-01-01", date_to="2025-01-31", pythonify=True)

# Published only
events = misp.search("events", published=True, limit=100, pythonify=True)

Attribute Search

# By type
attrs = misp.search("attributes", type_attribute="ip-dst", to_ids=True, pythonify=True)

# By event
attrs = misp.search("attributes", eventid=42, pythonify=True)

# By value
attrs = misp.search("attributes", value="198.51.100.42", pythonify=True)

REST API (curl)

# Search events
curl -X POST "https://misp/events/restSearch" \
  -H "Authorization: $KEY" \
  -H "Content-Type: application/json" \
  -d '{"tags":["tlp:white"],"limit":50}'

# Get event
curl -H "Authorization: $KEY" "https://misp/events/view/42"

# STIX 2 export
curl -H "Authorization: $KEY" "https://misp/events/restSearch/stix2"

Common Attribute Types

Type Category Example
ip-dst Network activity 198.51.100.42
domain Network activity evil.example.com
url Network activity https://evil.com/mal
sha256 Payload delivery a1b2c3...
md5 Payload delivery d41d8c...
email-src Payload delivery attacker@evil.com
filename Payload delivery malware.exe

Feed Management

# List feeds
feeds = misp.feeds()

# Enable feed
misp.enable_feed(feed_id=1)

# Fetch and cache
misp.fetch_feed(feed_id=1)
misp.cache_feeds()
Reference in New Issue View Git Blame Copy Permalink