misp

A dead simple MISP API wrapper for Ruby


License
MIT
Install
gem install misp -v 0.1.1

Documentation

misp-rb

Gem Version Build Status Coverage Status CodeFactor

A dead simple MISP API wrapper for Ruby.

If you aren't a Rubyist, I highly recommend to use the official PyMISP.

Installation

gem install misp

Usage

Configuration

By default, it tries to load configurations from environmental variables:

Also, you can configure them manually.

require "misp"

MISP.configure do |config|
  config.api_endpoint = "https://misppriv.circl.lu"
  config.api_key = "MISP_API_KEY"
end

Create an event

event = MISP::Event.create(info: "my event")

Retrive an event

event = MISP::Event.get(15)

Update an event

event = MISP::Event.get(17)
event.info = "my new info field"
event.update

Add an attribute

event = MISP::Event.get(17)
event.add_attribute(value: "8.8.8.8", type: "ip-dst")
# or
attribute = MISP::Attribute.new(value: "1.1.1.1", type: "ip-dst")
event.add_attribute attribute
event.update

Tag an event

event = MISP::Event.get(17)
event.add_tag name: "my tag"
event.update

Tag an attribute

attribute = MISP::Attribute.search(value: "8.8.8.8").first
attribute.add_tag(name: "my tag")

Create an event with attributes and tags already applied

event = MISP::Event.new(
  info: "my event",
  Attribute: [
    value: "8.8.8.8",
    type: "ip-dst",
    Tag: [
      { name: "my attribute-level tag" }
    ]
  ],
  Tag: [
    { name: "my event-level tag" }
  ]
)
event.create
# or
event = MISP::Event.new(info: "my event")

attribute = MISP::Attribute.new(value: "8.8.8.8", type: "ip-dst")
attribute.tags << MISP::Tag.new(name: "my attribute-level tag")

event.attributes << attribute
event.tags << MISP::Tag.new(name: "my event-level tag")

event.create

Search for events / attributes

events = MISP::Event.search(info: "test")

attributes = MISP::Attribute.search(type: "ip-dst")

Acknowledgement

The implementation design of this gem is highly influenced by FloatingGhost/mispex.

License

The gem is available as open source under the terms of the MIT License.