A wrapper around MISP’s HTTP API to provide native interaction.
If available in Hex, the package can be installed
by adding mispex to your list of dependencies in mix.exs:
def deps do
[
{:mispex, "~> 0.1.8"}
]
endIn your application config, add a block of the format
config :mispex,
url: "https://misp.local",
apikey: "myapikey"See the full documentation for full reference, but here are a few common usage examples
Documentation can also be generated with ExDoc
All functions that call the API in any way return a tuple of the format:
{:ok, value}
{:error, reason}To indicate whether the API call was successful or not.
For example
iex> MISP.Event.create(%MISP.EventInfo{info: "my event"})
{:ok,
%MISP.Event{
}
}
iex> MISP.Event.create(%MISP.EventInfo{})
{:error, "Event.info: Info cannot be empty."}{:ok, my_event} = %MISP.EventInfo{info: "my event"} |> MISP.Event.create(){:ok, my_event} = MISP.Event.get(15){:ok, my_event} = MISP.Event.get(17)
{:ok, my_updated_event} =
my_event
|> put_in([:Event, :info], "my new info field")
|> MISP.Event.update(){:ok, my_event} = MISP.Event.get(17)
{:ok, updated_event} =
my_event
|> MISP.Event.add_attribute(%MISP.Attribute{value: "8.8.8.8", type: "ip-dst"})
|> MISP.Event.update(){:ok, my_event} = MISP.Event.get(17)
{:ok, tagged_event} =
my_event
|> MISP.Event.add_tag(%MISP.Tag{name: "my tag"})
|> MISP.Event.update(){:ok, matching} = MISP.Attribute.search(%{value: "8.8.8.8"})
{:ok, updated_attr} =
matching
|> List.first()
|> MISP.Attribute.add_tag(%MISP.Tag{name: "my tag"})
|> MISP.Attribute.update()%MISP.EventInfo{
info: "my event",
Attribute: [
%MISP.Attribute{
value: "8.8.8.8",
type: "ip-dst",
Tag: [
%MISP.Tag{name: "my attribute-level tag"}
]
}
],
Tag: [
%MISP.Tag{name: "my event-level tag"}
]
} |> MISP.Event.create()
https://github.com/FloatingGhost/mispex
Leave a Reply