How to use the pymisp.MISPEvent function in pymisp
To help you get started, weāve selected a few pymisp examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
MISP / PyMISP / tests / testlive_comprehensive.py View on Github 
* +
'''
# Creates a test user for roles
user = MISPUser()
user.email = 'testusr-roles@user.local'
user.org_id = self.test_org.id
tag = MISPTag()
tag.name = 'tlp:white___test'
try:
test_roles_user = self.admin_misp_connector.add_user(user, pythonify=True)
test_tag = self.admin_misp_connector.add_tag(tag, pythonify=True)
test_roles_user_connector = ExpandedPyMISP(url, test_roles_user.authkey, verifycert, debug=False)
test_roles_user_connector.toggle_global_pythonify()
# ===== Read Only
self.admin_misp_connector.update_user({'role_id': 6}, test_roles_user)
base_event = MISPEvent()
base_event.info = 'Test Roles'
base_event.distribution = 0
base_event.add_attribute('ip-dst', '8.8.8.8')
base_event.add_attribute('ip-dst', '9.9.9.9')
base_event.attributes[0].add_tag('tlp:white___test')
r = test_roles_user_connector.add_event(base_event)
self.assertTrue(isinstance(r['errors'], tuple), r['errors'])
self.assertEqual(r['errors'][1]['message'], 'You do not have permission to use this functionality.', r)
try:
e = self.user_misp_connector.add_event(base_event, pythonify=True)
e = test_roles_user_connector.get_event(e)
self.assertEqual(e.info, 'Test Roles')
self.assertEqual(e.attributes[0].tags[0].name, 'tlp:white___test')
r = test_roles_user_connector.publish(e)
self.assertEqual(r['errors'][1]['message'], 'You do not have permission to use this functionality.', r)
r = test_roles_user_connector.tag(e.attributes[1], 'tlp:white___test')attributes = self.user_misp_connector.search(controller='attributes', value=first.attributes[0].value)
self.assertEqual(len(attributes), 1)
for a in attributes:
self.assertIn(a.event_id, [second.id])
# Non-existing value
attributes = self.user_misp_connector.search(controller='attributes', value=str(uuid4()))
self.assertEqual(attributes, [])
# Include context - search as user (can only see one event)
attributes = self.user_misp_connector.search(controller='attributes', value=first.attributes[0].value, include_context=True, pythonify=True)
self.assertTrue(isinstance(attributes[0].Event, MISPEvent))
self.assertEqual(attributes[0].Event.uuid, second.uuid)
# Include context - search as admin (can see both event)
attributes = self.admin_misp_connector.search(controller='attributes', value=first.attributes[0].value, include_context=True, pythonify=True)
self.assertTrue(isinstance(attributes[0].Event, MISPEvent))
self.assertEqual(attributes[0].Event.uuid, first.uuid)
self.assertEqual(attributes[1].Event.uuid, second.uuid)
# Include correlations - search as admin (can see both event)
attributes = self.admin_misp_connector.search(controller='attributes', value=first.attributes[0].value, include_correlations=True, pythonify=True)
self.assertTrue(isinstance(attributes[0].Event, MISPEvent))
self.assertEqual(attributes[0].Event.uuid, first.uuid)
self.assertEqual(attributes[1].Event.uuid, second.uuid)
self.assertEqual(attributes[0].RelatedAttribute[0].Event.uuid, second.uuid)
self.assertEqual(attributes[1].RelatedAttribute[0].Event.uuid, first.uuid)
# Include sightings - search as admin (can see both event)
self.admin_misp_connector.add_sighting({'value': first.attributes[0].value})
attributes = self.admin_misp_connector.search(controller='attributes', value=first.attributes[0].value, include_sightings=True, pythonify=True)
self.assertTrue(isinstance(attributes[0].Event, MISPEvent))
self.assertEqual(attributes[0].Event.uuid, first.uuid)def test_sync_all_communities(self):
'''Simple event, all communities, enable automatic push on two sub-instances'''
event = MISPEvent()
event.info = 'Event created on first instance - test_sync_all_communities'
event.distribution = Distribution.all_communities
event.add_attribute('ip-src', '1.1.1.1')
try:
source = self.instances[0]
server = source.site_admin_connector.update_server({'push': True}, source.sync_servers[0].id)
self.assertTrue(server.push)
middle = self.instances[1]
middle.site_admin_connector.update_server({'push': True}, middle.sync_servers[1].id) # Enable automatic push to 3rd instance
last = self.instances[2]
event = source.user_connector.add_event(event)
source.org_admin_connector.publish(event)
source.site_admin_connector.server_push(source.sync_servers[0])
time.sleep(30)
middle_event = middle.user_connector.get_event(event.uuid)
self.assertEqual(event.attributes[0].value, middle_event.attributes[0].value)def test_batch_image_events(self):
# Test case ONLY for manual testing. Needs to download a full list of image events !
if self.check_python_2():
self.assertTrue(True)
elif not manual_testing:
self.assertTrue(True)
else:
self.init_event()
file_nb = str(len(os.listdir(self.test_image_folder)))
i = 0
t = time.time()
for curr_file in os.listdir(self.test_image_folder):
self.mispevent = MISPEvent()
file_path = self.test_image_folder + curr_file
print("Current file : " + file_path + " " + str(i) + " over " + file_nb)
i += 1
self.mispevent.load_file(file_path)
reportlab_generator.register_value_to_file(
reportlab_generator.convert_event_in_pdf_buffer(self.mispevent),
self.storage_image_folder + curr_file + ".pdf")
print("Elapsed time : " + str(time.time() - t))
# Local run : 73.061s for 102 filesdef test_batch_OSINT_events(self):
# Test case ONLY for manual testing. Needs to download a full list of OSINT events !
if self.check_python_2():
self.assertTrue(True)
elif not manual_testing:
self.assertTrue(True)
else:
self.init_event()
file_nb = str(len(os.listdir(self.test_batch_folder)))
i = 0
t = time.time()
for curr_file in os.listdir(self.test_batch_folder):
self.mispevent = MISPEvent()
file_path = self.test_batch_folder + curr_file
print("Current file : " + file_path + " " + str(i) + " over " + file_nb)
i += 1
self.mispevent.load_file(file_path)
reportlab_generator.register_value_to_file(
reportlab_generator.convert_event_in_pdf_buffer(self.mispevent),
self.storage_folder_OSINT + curr_file + ".pdf")
print("Elapsed time : " + str(time.time() - t))
# Local run : 1958.930s for 1064 filesdef test_sync_community(self):
'''Simple event, this community only, pull from member of the community'''
event = MISPEvent()
event.info = 'Event created on first instance - test_sync_community'
event.distribution = Distribution.this_community_only
event.add_attribute('ip-src', '1.1.1.1')
try:
source = self.instances[0]
dest = self.instances[1]
event = source.org_admin_connector.add_event(event)
source.org_admin_connector.publish(event)
dest.site_admin_connector.server_pull(dest.sync_servers[0])
time.sleep(10)
dest_event = dest.org_admin_connector.get_event(event.uuid)
self.assertEqual(dest_event.distribution, 0)
finally:
source.org_admin_connector.delete_event(event)
dest.site_admin_connector.delete_event(dest_event)parser.add_argument("-p", "--password", default='neo4j', help="Password on neo4j.")
parser.add_argument("-d", "--deleteall", action="store_true", default=False, help="Delete all nodes from the database")
args = parser.parse_args()
neo4j = Neo4j(args.host, args.user, args.password)
if args.deleteall:
neo4j.del_all()
misp = PyMISP(misp_url, misp_key)
result = misp.search_all(args.search)
for json_event in result['response']:
if not json_event['Event']:
print(json_event)
continue
print('Importing', json_event['Event']['info'], json_event['Event']['id'])
try:
misp_event = MISPEvent()
misp_event.load(json_event)
neo4j.import_event(misp_event)
except:
print('broken')def create_daily_event(self):
new_uuid = gen_uuid()
today = str(datetime.date.today())
event_dict = {
'uuid': new_uuid,
'id': len(self.manifest)+1,
'Tag': settings.Tag,
'info': self.daily_event_name.format(today),
'analysis': settings.analysis, # [0-2]
'threat_level_id': settings.threat_level_id, # [1-4]
'published': settings.published,
'date': today
}
event = MISPEvent()
event.from_dict(**event_dict)
# reference org
org_dict = {}
org_dict['name'] = settings.org_name
org_dict['uuid'] = settings.org_uuid
event['Orgc'] = org_dict
# save event on disk
self.flush_event(new_event=event)
# add event to manifest
self.manifest[event['uuid']] = self._addEventToManifest(event)
self.save_manifest()
return eventdef __init__(self, template_dir):
"""This class is used to fill a new MISP object with the default values defined in the object template
* template is the path to the template within the misp-object repository
* misp_objects_path is the path to the misp-object repository
"""
self.misp_objects_path = os.path.join(
os.path.abspath(os.path.dirname(sys.modules['pymisp'].__file__)),
'data', 'misp-objects', 'objects')
with open(os.path.join(self.misp_objects_path, template_dir, 'definition.json'), 'r') as f:
self.definition = json.load(f)
self.misp_event = MISPEvent()
self.name = self.definition['name']
setattr(self, 'meta-category', self.definition['meta-category'])
self.template_uuid = self.definition['uuid']
self.description = self.definition['description']
self.version = self.definition['version']
self.uuid = str(uuid.uuid4())
self.Attribute = []
self.references = []for tag in value['event_tags']:
self._check_tag(tag)
for attribute in value['attributes']:
for tag in attribute['tags']:
self._check_tag(tag)
cnt = 0
while True:
try:
if self.misp == None:
self._connect()
tmp = MISPEvent()
tmp.from_dict(
distribution = self.misp_param['distribution']
, threat_level_id = self.misp_param['threat_level_id']
, analysis = self.misp_param['analysis']
, info = value['title']
, date = value['date']
, published = False
)
response = self.misp.add_event(tmp)
if response.get('errors'):
raise Exception(str(response['errors']))
event = MISPEvent()
event.load(response)
break
Popular pymisp functions
- pymisp.abstract.AbstractMISP
- pymisp.Distribution
- pymisp.exceptions.InvalidMISPObject
- pymisp.exceptions.PyMISPError
- pymisp.ExpandedPyMISP
- pymisp.MISPAttribute
- pymisp.MISPEvent
- pymisp.mispevent.MISPAttribute
- pymisp.mispevent.MISPEvent
- pymisp.mispevent.MISPFeed
- pymisp.mispevent.MISPOrganisation
- pymisp.mispevent.MISPShadowAttribute
- pymisp.MISPObject
- pymisp.MISPTag
- pymisp.PyMISP
- pymisp.tools.abstractgenerator.AbstractMISPObjectGenerator
- pymisp.tools.GenericObjectGenerator
- pymisp.tools.make_binary_objects
- pymisp.tools.reportlab_generator.convert_event_in_pdf_buffer
- pymisp.tools.reportlab_generator.register_value_to_file