{"id":4711,"library":"pymisp","title":"PyMISP","description":"PyMISP is a Python library designed to interact with MISP (Malware Information Sharing Platform) instances via their REST API. It provides comprehensive functionalities to fetch, add, update, and search for events, attributes, objects, samples, and more, facilitating automated threat intelligence sharing and analysis. The library is actively maintained with frequent releases, ensuring compatibility with the latest MISP features.","status":"active","version":"2.5.33.1","language":"en","source_language":"en","source_url":"https://github.com/MISP/PyMISP","tags":["security","threat intelligence","MISP","API client","cybersecurity","information sharing"],"install":[{"cmd":"pip install pymisp","lang":"bash","label":"Basic Installation"},{"cmd":"pip install 'pymisp[fileobjects,url,email,brotli]'","lang":"bash","label":"Installation with common optional dependencies"}],"dependencies":[{"reason":"Core HTTP client for API communication.","package":"requests","optional":false},{"reason":"Required for generating URL objects and improved URL parsing.","package":"pyfaup","optional":true},{"reason":"Enables creation and analysis of PE/ELF/Mach-o objects.","package":"LIEF","optional":true},{"reason":"Used for file type detection when creating file objects.","package":"python-magic","optional":true},{"reason":"Provides Brotli compression support for interacting with MISP instances.","package":"brotli","optional":true},{"reason":"Needed for parsing and generating MISP Email objects.","package":"oletools","optional":true}],"imports":[{"symbol":"PyMISP","correct":"from pymisp import PyMISP"},{"symbol":"MISPEvent","correct":"from pymisp import MISPEvent"},{"symbol":"MISPAttribute","correct":"from pymisp import MISPAttribute"}],"quickstart":{"code":"import os\nfrom pymisp import PyMISP\n\n# Configure MISP connection from environment variables\nmisp_url = os.environ.get('MISP_URL', 'https://your.misp.instance')\nmisp_key = os.environ.get('MISP_KEY', 'YOUR_MISP_AUTOMATION_KEY') # Your MISP automation key\nmisp_verifycert = os.environ.get('MISP_VERIFYCERT', 'True').lower() == 'true'\n\n# Initialize PyMISP object\ntry:\n    misp = PyMISP(misp_url, misp_key, misp_verifycert)\n    print(f\"Successfully connected to MISP instance at {misp_url}.\")\n\n    # Example: Fetch last 5 published events\n    last_events = misp.search(limit=5, controller='events', published=True)\n    if last_events:\n        print(f\"Found {len(last_events)} published events:\")\n        for event in last_events:\n            print(f\"  Event ID: {event['Event']['id']}, Info: {event['Event']['info']}\")\n    else:\n        print(\"No published events found in the last search.\")\n\nexcept Exception as e:\n    print(f\"Error connecting to MISP or fetching events: {e}\")\n    print(\"Please ensure MISP_URL, MISP_KEY, and MISP_VERIFYCERT are correctly set.\")","lang":"python","description":"This quickstart demonstrates how to initialize the PyMISP object using environment variables for the MISP URL and API key, and then how to fetch the last 5 published events. It includes basic error handling for connection issues."},"warnings":[{"fix":"Update `pyfaup-rs` to its latest compatible version, or adapt code to new `pyfaup-rs` expectations. Alternatively, if compatibility is critical, pin `pymisp<2.5.33.1`.","message":"Version 2.5.33.1 introduced backward incompatible changes related to `pyfaup-rs` (and implicitly `faup-rs`). If you rely on URL object parsing, review your code and potentially update `pyfaup-rs` or pin an older PyMISP version if issues arise.","severity":"breaking","affected_versions":">=2.5.33.1"},{"fix":"Set `misp_verifycert=False` during PyMISP object initialization when necessary. For production, ensure proper SSL certificate setup and verification.","message":"SSL certificate verification is `True` by default (`misp_verifycert=True`). In development environments or with self-signed certificates, this often leads to `SSLError` exceptions.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Ensure the API key used for PyMISP is an automation key, which can be generated or found in the 'Automation' section of the MISP web interface or your user profile.","message":"PyMISP requires an 'automation key' from your MISP user profile. Regular user API keys may not have sufficient permissions for automated tasks, leading to authorization errors (e.g., 'Not available: you don't have \"Auth key access\" role').","severity":"gotcha","affected_versions":"All versions"},{"fix":"Explicitly specify the desired ordering using the `order_by` and `direction` parameters in your `misp.search()` calls to maintain consistent result ordering.","message":"With MISP v2.5.35, the default ordering for `restsearch` (e.g., when searching for attributes or events) has changed due to a transition to cursor-based pagination. If your application relies on a specific default order, your search results might appear different.","severity":"breaking","affected_versions":"All versions when connecting to MISP server >=2.5.35"}],"env_vars":null,"last_verified":"2026-04-12T00:00:00.000Z","next_check":"2026-07-11T00:00:00.000Z"}