creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-12 06:04:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/performing-threat-intelligence-sharing-with-misp/references/api-reference.md
T

2.7 KiB
Raw Blame History

MISP / PyMISP API Reference

Installation

pip install pymisp

Connection Setup

from pymisp import PyMISP, MISPEvent, MISPAttribute

misp = PyMISP(
    url="https://misp.example.com",
    key="YOUR_API_KEY",
    ssl=True
)

Core PyMISP Methods

Method Description
misp.add_event(event) Create new event
misp.update_event(event) Update existing event
misp.publish(event) Publish event for sharing
misp.delete_event(event_id) Delete an event
misp.search(controller, value, type_attribute) Search events/attributes
misp.get_event(event_id) Retrieve single event
misp.add_tag(event, tag) Add tag to event
misp.search_index(published=True) Search event index

Creating Events

event = MISPEvent()
event.info = "APT Campaign - Phishing IOCs"
event.distribution = 1        # 0=Org, 1=Community, 2=Connected, 3=All
event.threat_level_id = 2     # 1=High, 2=Medium, 3=Low, 4=Undefined
event.analysis = 0            # 0=Initial, 1=Ongoing, 2=Complete

event.add_attribute("ip-dst", "203.0.113.50", to_ids=True, comment="C2 server")
event.add_attribute("domain", "evil.example.com", to_ids=True)
event.add_attribute("sha256", "a1b2c3d4...", category="Payload delivery")
event.add_tag("tlp:amber")
event.add_tag("mitre-attack-pattern:T1566 - Phishing")

result = misp.add_event(event)

Searching Intelligence

# Search by attribute value
results = misp.search(controller="attributes", value="203.0.113.50", type_attribute="ip-dst")

# Search events by date range
results = misp.search(controller="events", date_from="2025-01-01", date_to="2025-12-31")

# Search with tags
results = misp.search(controller="events", tags=["tlp:white", "ransomware"])

MISP Attribute Types

Type Example Category
ip-dst 203.0.113.50 Network activity
domain evil.example.com Network activity
url https://evil.com/payload Network activity
sha256 a1b2c3... Payload delivery
md5 d41d8c... Payload delivery
email-src attacker@evil.com Payload delivery
filename malware.exe Payload delivery
regkey HKLM\...\Run\evil Persistence mechanism

Distribution Levels

  • 0 - Your organisation only
  • 1 - This community only
  • 2 - Connected communities
  • 3 - All communities
  • 4 - Sharing group

CLI Usage

python agent.py --input events.json --output report.json
python agent.py --input events.json --misp-url https://misp.example.com --api-key KEY

References

Reference in New Issue View Git Blame Copy Permalink