MISP DXL Python Service 0.1.5

MISP service for use with the OpenDXL Python Client

Overview



The MISP DXL Python Service exposes access to the MISP REST APIs via the Data Exchange Layer (DXL) fabric. The service also provides support for forwarding MISP ZeroMQ message notifications to the DXL fabric.

Documentation



See the Wiki for an overview of the MISP DXL Python Service and usage examples.


See the MISP DXL Python Service documentation for installation instructions, API documentation, and usage examples.

  • Version 0.1.5

    MISP DXL Python Service 0.1.5 Release

    • Pinned version of PyMISP due to change in JSON format
  • Version 0.1.4

    MISP DXL Python Service 0.1.4 Release

    • Updated to latest version of PyMISP
    • Updated test cases to work with latest version of PyMISP
  • Version 0.1.3

    MISP DXL Python Service 0.1.3 Release

    • Pinned PyMISP to previous version as it was causing test cases to fail
  • Version 0.1.2

    MISP DXL Python Service 0.1.2 Release

    • Only forward exact topic match ZeroMQ notifications to DXL
  • Version 0.1.1

    MISP DXL Python Service 0.1.1 Release

    • ZeroMQ socket handling cleanup to avoid shutdown hang
    • Added enum34 dependency to resolve pymisp Python2 compatibility issue
  • Version 0.1.0

  • Can this service be used to search by attribute as well as event?

    • Anything available via the PyMISP library can be exposed by this service to the DXL fabric. The service methods page in the service's documentation describes how to modify the configuration to expose additional methods.


      The general search method appears to support the specification of attributes as criteria. The DXL service is just a thin layer over the PyMISP library. Thus, if it possible with the library, it would be possible with this service.


      Thanks,

      Chris

Bootprint

MISP DXL Service

Version: 0.1.0

The OpenDXL MISP service exposes access to the MISP REST APIs via the Data Exchange Layer (DXL) fabric. The service also provides support for forwarding MISP ZeroMQ message notifications to the DXL fabric.

Solutions

Services

MISP DXL Python Service

The OpenDXL MISP service exposes access to the MISP REST APIs via the Data Exchange Layer (DXL) fabric. The service also provides support for forwarding MISP ZeroMQ message notifications to the DXL fabric.

MISP DXL Python Service (GitHub)

Version:

0.1.3

/opendxl-misp/service/misp-api/<User-Defined-Topic(s)>

Events

/opendxl-misp/event/zeromq-notifications/<User-Defined-Topic(s)>

The OpenDXL MISP service can be configured with a set of topics for use with forwarding MISP ZeroMQ messages as DXL Events to be sent to the DXL fabric.

MISP DXL Python Service SDK Documentation: Configuration

payload: object

Refer to the MISP ZeroMQ documentation for information on the event(s) to which you are subcribing.

{
"Event": {
"Attribute": [
]
,
"Galaxy": [
]
,
"Object": [
]
,
"Org": {
"id": "1",
"name": "ORGNAME",
"uuid": "5ad76731-5170-4bda-88fe-0179ac110002"
}
,
"Orgc": {
"id": "1",
"name": "ORGNAME",
"uuid": "5ad76731-5170-4bda-88fe-0179ac110002"
}
,
"RelatedEvent": [
]
,
"ShadowAttribute": [
]
,
"analysis": "1",
"attribute_count": "0",
"date": "2018-09-27",
"disable_correlation": false,
"distribution": "3",
"extends_uuid": "",
"id": "175",
"info": "OpenDXL MISP event notification example",
"locked": false,
"org_id": "1",
"orgc_id": "1",
"proposal_email_lock": false,
"publish_timestamp": "1538008974",
"published": true,
"sharing_group_id": "0",
"threat_level_id": "3",
"timestamp": "1538008973",
"uuid": "5bac278d-b910-4912-9b3f-03f7ac110005"
}
}

Requests

/opendxl-misp/service/misp-api/<User-Defined-Topic(s)>

The OpenDXL MISP service can be configured with a set of DXL service topics corresponding to MISP API methods. For more information please see the MISP DXL Python Service's configuration file.

MISP DXL Python Service SDK Documentation: Service Methods

payload: object

Refer to the MISP API documentation for information on the service method(s) you are configuring the MISP DXL Service to forward to the MISP Automation API.

Also see the OpenDXL MISP Service SDK Documentation examples below for a detailed walkthrough of configuring a service method, sending a request, and receiving a response:

{
"analysis": 1,
"distribution": 3,
"info": "OpenDXL MISP new event example",
"threat_level_id": 3
}

The contents of the DXL response payload are provided as a JSON string form of the response provided by the MISP API. Please see the MISP Automation API reference for further details.

payload: object

{
"Event": {
"Attribute": [
]
,
"Galaxy": [
]
,
"Object": [
]
,
"Org": {
"id": "1",
"name": "ORGNAME",
"uuid": "5ac3c55a-41a4-4294-adf3-00f8ac110003"
}
,
"Orgc": {
"id": "1",
"name": "ORGNAME",
"uuid": "5ac3c55a-41a4-4294-adf3-00f8ac110003"
}
,
"RelatedEvent": [
]
,
"ShadowAttribute": [
]
,
"analysis": "1",
"attribute_count": "0",
"date": "2018-04-09",
"disable_correlation": false,
"distribution": "3",
"event_creator_email": "admin@admin.test",
"id": "169",
"info": "OpenDXL MISP new event example",
"locked": false,
"org_id": "1",
"orgc_id": "1",
"proposal_email_lock": false,
"publish_timestamp": "0",
"published": false,
"sharing_group_id": "0",
"threat_level_id": "3",
"timestamp": "1523287869",
"uuid": "5acb873d-a914-4f9f-92b9-196cac110002"
}
}
Error Code: 0

payload: object

"Error handling request: An Internal Error has occurred."
                                                                            

Definitions

Error Response Object: object

"Error handling request: An Internal Error has occurred."