misp-rb
A dead simple MISP API wrapper for Ruby.
If you aren't a Rubyist, I highly recommend to use the official PyMISP.
Installation
gem install mispUsage
Configuration
By default, it tries to load configurations from environmental variables:
-
MISP_API_ENDPOINT: MISP API endpoint (e.g. https://misppriv.circl.lu) -
MISP_API_KEY: MISP API key
Also, you can configure them manually.
require "misp"
MISP.configure do |config|
config.api_endpoint = "https://misppriv.circl.lu"
config.api_key = "MISP_API_KEY"
endCreate an event
event = MISP::Event.create(info: "my event")Retrive an event
event = MISP::Event.get(15)Update an event
event = MISP::Event.get(17)
event.info = "my new info field"
event.updateAdd an attribute
event = MISP::Event.get(17)
event.add_attribute(value: "8.8.8.8", type: "ip-dst")
# or
attribute = MISP::Attribute.new(value: "1.1.1.1", type: "ip-dst")
event.add_attribute attribute
event.updateTag an event
event = MISP::Event.get(17)
event.add_tag name: "my tag"
event.updateTag an attribute
attribute = MISP::Attribute.search(value: "8.8.8.8").first
attribute.add_tag(name: "my tag")Create an event with attributes and tags already applied
event = MISP::Event.new(
info: "my event",
Attribute: [
value: "8.8.8.8",
type: "ip-dst",
Tag: [
{ name: "my attribute-level tag" }
]
],
Tag: [
{ name: "my event-level tag" }
]
)
event.create
# or
event = MISP::Event.new(info: "my event")
attribute = MISP::Attribute.new(value: "8.8.8.8", type: "ip-dst")
attribute.tags << MISP::Tag.new(name: "my attribute-level tag")
event.attributes << attribute
event.tags << MISP::Tag.new(name: "my event-level tag")
event.createSearch for events / attributes
events = MISP::Event.search(info: "test")
attributes = MISP::Attribute.search(type: "ip-dst")Acknowledgement
The implementation design of this gem is highly influenced by FloatingGhost/mispex.
License
The gem is available as open source under the terms of the MIT License.