otx_misp¶
-
otx_misp.
create_events
(pulse_or_list, author=False, server=False, key=False, misp=False, distribution=0, threat_level=4, analysis=2, publish=True, tlp=True, discover_tags=False, to_ids=False, author_tag=False, bulk_tag=None, dedup_titles=False, stop_on_error=False)[source]¶ Parse a Pulse or a list of Pulses and add it/them to MISP if server and key are present
Parameters: - pulse_or_list – a Pulse or list of Pulses as returned by get_pulses
- author (Boolean) – Prepend the author to the Pulse name
- server – MISP server URL
- key – MISP API key
- misp (
pymisp.PyMISP
) – MISP connection object - distribution – distribution of the MISP event (0-4)
- threat_level – threat level of the MISP object (1-4)
- analysis – analysis stae of the MISP object (0-2)
- publish (Boolean) – Is the MISP event should be published?
- tlp (Boolean) – Add TLP level tag to event
- discover_tags (Boolean) – discover MISP tags from Pulse tags
- to_ids (Boolean) – Flag pulse attributes as being sent to an IDS
- author_tag (Boolean) – Add the pulse author as an event tag
- bulk_tag (String) – A tag that will be added to all events for categorization (e.g. OTX)
- dedup_titles (Boolean) – Search MISP for an existing event title and update it, rather than create a new one
Returns: a dict or a list of dict with the selected attributes
-
otx_misp.
get_pulses
(otx_api_key, from_timestamp=None)[source]¶ Get the Pulses from Alienvault OTX
Parameters: - otx_api_key (string) – Alienvault OTX API key
- from_timestamp (
datetime.datetime
or ISO string or Unix timestamp) – only download Pulses after this date/time (None for all Pulses)
Returns: a list of Pulses (dict)
-
otx_misp.
get_pulses_iter
(otx_api_key, from_timestamp=None)[source]¶ Get the Pulses from Alienvault OTX and returns a generator
Parameters: - otx_api_key (string) – Alienvault OTX API key
- from_timestamp (
datetime.datetime
or ISO string or Unix timestamp) – only download Pulses after this date/time (None for all Pulses)
Returns: a generator of Pulses (dict)