2016-08-26 12:13:58 +02:00
|
|
|
README
|
|
|
|
======
|
|
|
|
|
2016-08-26 17:01:32 +02:00
|
|
|
[![Documentation Status](https://readthedocs.org/projects/pymisp/badge/?version=master)](http://pymisp.readthedocs.io/en/master/?badge=master)
|
2016-08-18 00:23:49 +02:00
|
|
|
[![Build Status](https://travis-ci.org/MISP/PyMISP.svg?branch=master)](https://travis-ci.org/MISP/PyMISP)
|
|
|
|
[![Coverage Status](https://coveralls.io/repos/github/MISP/PyMISP/badge.svg?branch=master)](https://coveralls.io/github/MISP/PyMISP?branch=master)
|
|
|
|
|
2015-11-06 11:40:43 +01:00
|
|
|
# PyMISP - Python Library to access MISP
|
|
|
|
|
2014-10-29 10:45:18 +01:00
|
|
|
PyMISP is a Python library to access [MISP](https://github.com/MISP/MISP) platforms via their REST API.
|
|
|
|
|
2015-11-06 11:40:43 +01:00
|
|
|
PyMISP allows you to fetch events, add or update events/attributes, add or update samples or search for attributes.
|
|
|
|
|
|
|
|
## Requirements
|
2014-10-29 10:45:18 +01:00
|
|
|
|
|
|
|
* [requests](http://docs.python-requests.org)
|
2014-04-16 15:43:54 +02:00
|
|
|
|
2016-06-28 15:19:08 +02:00
|
|
|
## Install from pip
|
2016-08-26 12:13:58 +02:00
|
|
|
|
|
|
|
```
|
2017-02-27 11:43:46 +01:00
|
|
|
pip3 install pymisp
|
2016-08-26 12:13:58 +02:00
|
|
|
```
|
2016-06-28 15:19:08 +02:00
|
|
|
|
2017-08-06 17:03:22 +02:00
|
|
|
## Install the latest version from repo
|
2014-04-16 15:43:54 +02:00
|
|
|
|
2016-08-26 12:13:58 +02:00
|
|
|
```
|
2016-06-28 15:19:08 +02:00
|
|
|
git clone https://github.com/CIRCL/PyMISP.git && cd PyMISP
|
2017-09-28 13:21:10 +02:00
|
|
|
pip3 install -I .
|
2016-08-26 12:13:58 +02:00
|
|
|
```
|
2014-04-16 15:43:54 +02:00
|
|
|
|
2016-08-18 00:23:49 +02:00
|
|
|
## Samples and how to use PyMISP
|
2014-04-16 15:43:54 +02:00
|
|
|
|
2015-11-06 11:40:43 +01:00
|
|
|
Various examples and samples scripts are in the [examples/](examples/) directory.
|
|
|
|
|
|
|
|
In the examples directory, you will need to change the keys.py.sample to enter your MISP url and API key.
|
|
|
|
|
2016-08-26 12:13:58 +02:00
|
|
|
```
|
2015-11-06 11:40:43 +01:00
|
|
|
cd examples
|
|
|
|
cp keys.py.sample keys.py
|
|
|
|
vim keys.py
|
2016-08-26 12:13:58 +02:00
|
|
|
```
|
2015-11-06 11:40:43 +01:00
|
|
|
|
|
|
|
The API key of MISP is available in the Automation section of the MISP web interface.
|
|
|
|
|
|
|
|
To test if your URL and API keys are correct, you can test with examples/last.py to
|
|
|
|
fetch the last 10 events published.
|
|
|
|
|
2016-08-26 12:13:58 +02:00
|
|
|
```
|
2015-11-06 11:40:43 +01:00
|
|
|
cd examples
|
2017-02-27 11:43:46 +01:00
|
|
|
python3 last.py -l 10
|
2016-08-26 12:13:58 +02:00
|
|
|
```
|
2014-10-29 10:45:18 +01:00
|
|
|
|
2017-11-09 03:01:27 +01:00
|
|
|
## Debugging
|
|
|
|
|
|
|
|
You have two options there:
|
|
|
|
|
|
|
|
1. Pass `debug=True` to `PyMISP` and it will enable logging.DEBUG to stderr on the whole module
|
|
|
|
|
|
|
|
2. Use the python logging module directly:
|
|
|
|
|
|
|
|
```python
|
|
|
|
|
|
|
|
import logging
|
|
|
|
logger = logging.getLogger('pymisp')
|
|
|
|
|
|
|
|
# Configure it as you whish, for example, enable DEBUG mode:
|
|
|
|
logger.setLevel(logging.DEBUG)
|
|
|
|
```
|
|
|
|
|
2017-11-10 23:56:53 +01:00
|
|
|
Or if you want to write the debug output to a file instead of stderr:
|
|
|
|
|
|
|
|
```python
|
|
|
|
import pymisp
|
|
|
|
import logging
|
|
|
|
|
|
|
|
logger = logging.getLogger('pymisp')
|
|
|
|
logging.basicConfig(level=logging.DEBUG, filename="debug.log", filemode='w', format=pymisp.FORMAT)
|
|
|
|
```
|
|
|
|
|
2015-11-06 11:40:43 +01:00
|
|
|
## Documentation
|
2014-10-29 10:45:18 +01:00
|
|
|
|
2017-01-18 17:27:56 +01:00
|
|
|
[PyMISP API documentation is available](https://media.readthedocs.org/pdf/pymisp/master/pymisp.pdf).
|
2014-10-29 10:45:18 +01:00
|
|
|
|
|
|
|
Documentation can be generated with epydoc:
|
|
|
|
|
2016-08-26 12:13:58 +02:00
|
|
|
```
|
|
|
|
epydoc --url https://github.com/CIRCL/PyMISP --graph all --name PyMISP --pdf pymisp -o doc
|
|
|
|
```
|
2017-10-16 00:20:54 +02:00
|
|
|
|
|
|
|
## Everything is a Mutable Mapping
|
|
|
|
|
|
|
|
... or at least everything that can be imported/exported from/to a json blob
|
|
|
|
|
|
|
|
`AbstractMISP` is the master class, and inherit `collections.MutableMapping` which means
|
|
|
|
the class can be represented as a python dictionary.
|
|
|
|
|
|
|
|
The abstraction assumes every property that should not be seen in the dictionary is prepended with a `_`,
|
|
|
|
or its name is added to the private list `__not_jsonable` (accessible through `update_not_jsonable` and `set_not_jsonable`.
|
|
|
|
|
|
|
|
This master class has helpers that will make it easy to load, and export, to, and from, a json string.
|
|
|
|
|
|
|
|
`MISPEvent`, `MISPAttribute`, `MISPObjectReference`, `MISPObjectAttribute`, and `MISPObject`
|
|
|
|
are subclasses of AbstractMISP, which mean that they can be handled as python dictionaries.
|
|
|
|
|
|
|
|
## MISP Objects
|
|
|
|
|
|
|
|
Creating a new MISP object generator should be done using a pre-defined template and inherit `AbstractMISPObjectGenerator`.
|
|
|
|
|
|
|
|
Your new MISPObject generator need to generate attributes, and add them as class properties using `add_attribute`.
|
|
|
|
|
|
|
|
When the object is sent to MISP, all the class properties will be exported to the JSON export.
|