creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-14 15:04:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/collecting-threat-intelligence-with-misp/references/api-reference.md
T
mukul975 c21af3347e Complete folder anatomy for all 649 cybersecurity skills + update LICENSE to Mahipal 
- Add scripts/agent.py and references/api-reference.md to all remaining skills
- Update all 648 LICENSE files: copyright now reads 'Mahipal'
- Add implementing-security-monitoring-with-datadog (new skill with full anatomy)
- All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
2026-03-11 00:22:12 +01:00

81 lines
1.8 KiB
Markdown
Raw Blame History

# API Reference: Collecting Threat Intelligence with MISP
## PyMISP Installation
```bash
pip install pymisp
```
## Client Initialization
```python
from pymisp import PyMISP
misp = PyMISP(
url="https://misp.example.org",
key=os.environ["MISP_API_KEY"],
ssl=True
)
```
## Event Search
```python
# By tags
events = misp.search("events", tags=["tlp:white", "type:OSINT"], pythonify=True)
# By date range
events = misp.search("events", date_from="2025-01-01", date_to="2025-01-31", pythonify=True)
# Published only
events = misp.search("events", published=True, limit=100, pythonify=True)
```
## Attribute Search
```python
# By type
attrs = misp.search("attributes", type_attribute="ip-dst", to_ids=True, pythonify=True)
# By event
attrs = misp.search("attributes", eventid=42, pythonify=True)
# By value
attrs = misp.search("attributes", value="198.51.100.42", pythonify=True)
```
## REST API (curl)
```bash
# Search events
curl -X POST "https://misp/events/restSearch" \
-H "Authorization: $KEY" \
-H "Content-Type: application/json" \
-d '{"tags":["tlp:white"],"limit":50}'
# Get event
curl -H "Authorization: $KEY" "https://misp/events/view/42"
# STIX 2 export
curl -H "Authorization: $KEY" "https://misp/events/restSearch/stix2"
```
## Common Attribute Types
| Type | Category | Example |
|------|----------|---------|
| ip-dst | Network activity | 198.51.100.42 |
| domain | Network activity | evil.example.com |
| url | Network activity | https://evil.com/mal |
| sha256 | Payload delivery | a1b2c3... |
| md5 | Payload delivery | d41d8c... |
| email-src | Payload delivery | attacker@evil.com |
| filename | Payload delivery | malware.exe |
## Feed Management
```python
# List feeds
feeds = misp.feeds()
# Enable feed
misp.enable_feed(feed_id=1)
# Fetch and cache
misp.fetch_feed(feed_id=1)
misp.cache_feeds()
```
Reference in New Issue View Git Blame Copy Permalink