MISP

A wrapper around MISP's HTTP API to provide native interaction.

Installation

If available in Hex, the package can be installed by adding mispex to your list of dependencies in mix.exs:

def deps do
  [
    {:mispex, "~> 0.1.5"}
  ]
end

Configuration

In your application config, add a block of the format

config :mispex,
  url: "https://misp.local",
  apikey: "myapikey"

Usage

See the full documentation for full reference, but here are a few common usage examples

Documentation can also be generated with ExDoc

Create an event

%MISP.EventInfo{info: "my event"}
|> MISP.Event.create()

Retrive an event

MISP.Event.get(15)

Update an event

MISP.Event.get(17)
|> put_in([:Event, :info], "my new info field")
|> MISP.Event.update()

Add an attribute

MISP.Event.get(17)
|> MISP.Event.add_attribute(%MISP.Attribute{value: "8.8.8.8", type: "ip-dst"})

Tag an event

MISP.Event.get(17)
|> MISP.Event.add_tag(%MISP.Tag{name: "my tag"})
|> MISP.Event.update()

Tag an attribute

MISP.Attribute.search(%{value: "8.8.8.8"})
|> List.first() 
|> MISP.Attribute.add_tag(%MISP.Tag{name: "my tag"})
|> MISP.Attribute.update()

Create an event with attributes and tags already applied

%MISP.EventInfo{
    info: "my event",
    Attribute: [
        %MISP.Attribute{
            value: "8.8.8.8",
            type: "ip-dst",
            Tag: [
                %MISP.Tag{name: "my attribute-level tag"}
            ]
        }
    ],
    Tag: [
        %MISP.Tag{name: "my event-level tag"}
    ]
} |> MISP.Event.create()