creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-12 14:14:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/performing-threat-intelligence-sharing-with-misp/references/api-reference.md
T

98 lines
2.7 KiB
Markdown
Raw Blame History

# MISP / PyMISP API Reference
## Installation
```bash
pip install pymisp
```
## Connection Setup
```python
from pymisp import PyMISP, MISPEvent, MISPAttribute
misp = PyMISP(
url="https://misp.example.com",
key="YOUR_API_KEY",
ssl=True
)
```
## Core PyMISP Methods
| Method | Description |
|--------|-------------|
| `misp.add_event(event)` | Create new event |
| `misp.update_event(event)` | Update existing event |
| `misp.publish(event)` | Publish event for sharing |
| `misp.delete_event(event_id)` | Delete an event |
| `misp.search(controller, value, type_attribute)` | Search events/attributes |
| `misp.get_event(event_id)` | Retrieve single event |
| `misp.add_tag(event, tag)` | Add tag to event |
| `misp.search_index(published=True)` | Search event index |
## Creating Events
```python
event = MISPEvent()
event.info = "APT Campaign - Phishing IOCs"
event.distribution = 1 # 0=Org, 1=Community, 2=Connected, 3=All
event.threat_level_id = 2 # 1=High, 2=Medium, 3=Low, 4=Undefined
event.analysis = 0 # 0=Initial, 1=Ongoing, 2=Complete
event.add_attribute("ip-dst", "203.0.113.50", to_ids=True, comment="C2 server")
event.add_attribute("domain", "evil.example.com", to_ids=True)
event.add_attribute("sha256", "a1b2c3d4...", category="Payload delivery")
event.add_tag("tlp:amber")
event.add_tag("mitre-attack-pattern:T1566 - Phishing")
result = misp.add_event(event)
```
## Searching Intelligence
```python
# Search by attribute value
results = misp.search(controller="attributes", value="203.0.113.50", type_attribute="ip-dst")
# Search events by date range
results = misp.search(controller="events", date_from="2025-01-01", date_to="2025-12-31")
# Search with tags
results = misp.search(controller="events", tags=["tlp:white", "ransomware"])
```
## MISP Attribute Types
| Type | Example | Category |
|------|---------|----------|
| `ip-dst` | `203.0.113.50` | Network activity |
| `domain` | `evil.example.com` | Network activity |
| `url` | `https://evil.com/payload` | Network activity |
| `sha256` | `a1b2c3...` | Payload delivery |
| `md5` | `d41d8c...` | Payload delivery |
| `email-src` | `attacker@evil.com` | Payload delivery |
| `filename` | `malware.exe` | Payload delivery |
| `regkey` | `HKLM\...\Run\evil` | Persistence mechanism |
## Distribution Levels
- `0` - Your organisation only
- `1` - This community only
- `2` - Connected communities
- `3` - All communities
- `4` - Sharing group
## CLI Usage
```bash
python agent.py --input events.json --output report.json
python agent.py --input events.json --misp-url https://misp.example.com --api-key KEY
```
## References
- PyMISP Docs: https://pymisp.readthedocs.io/
- PyMISP GitHub: https://github.com/MISP/PyMISP
- MISP REST API: https://www.circl.lu/doc/misp/automation/
Reference in New Issue View Git Blame Copy Permalink