misp-client
| Crates.io | misp-client |
| lib.rs | misp-client |
| version | 0.2.0 |
| created_at | 2025-12-06 04:40:55.100141+00 |
| updated_at | 2025-12-06 04:40:55.100141+00 |
| description | A Rust client library for MISP threat intelligence platform |
| homepage | |
| repository | https://github.com/gbrigandi/misp-client-rs |
| max_upload_size | |
| id | 1969621 |
| size | 144,381 |
Gianluca Brigandi (gbrigandi)
documentation
README
MISP Client
Rust client for the MISP threat intelligence platform API.
Usage
use misp_client::MispClientFactory;
let misp = MispClientFactory::builder()
.base_url("https://misp.local")
.api_key("your-api-key")
.verify_ssl(false)
.build();
// search attributes
let attrs = misp.attributes().search_by_value("8.8.8.8").await?;
// get event details
let event = misp.events().get("123").await?;
// check warninglists
let on_list = misp.warninglists().is_whitelisted("8.8.8.8").await?;
Clients
MispClientFactory provides access to:
events()for event queriesattributes()for IOC searchesgalaxies()for threat actors, MITRE ATT&CK, malwaresightings()for observation trackingwarninglists()for false positive checks
Example
IOC enrichment with context lookup, sighting history, and warninglist check:
use misp_client::MispClientFactory;
use std::env;
#[tokio::main]
async fn main() -> misp_client::Result<()> {
let misp = MispClientFactory::builder()
.base_url(env::var("MISP_URL").expect("MISP_URL required"))
.api_key(env::var("MISP_API_KEY").expect("MISP_API_KEY required"))
.verify_ssl(false)
.build();
let info = misp.test_connection().await?;
println!("MISP {}\n", info.version);
let ioc = "192.168.1.100";
println!("Lookup: {}", ioc);
let results = misp.attributes().search_by_value(ioc).await?;
if results.is_empty() {
println!(" no matches");
} else {
println!(" {} matches:", results.len());
for attr in &results {
println!(" Event #{}: {} ({})", attr.event_id, attr.value, attr.attr_type);
}
}
let count = misp.sightings().count_for_value(ioc).await?;
println!("\nSightings: {} total ({} pos, {} neg)",
count.total, count.positive, count.negative);
if misp.warninglists().is_whitelisted(ioc).await? {
println!("\nOn warninglist");
} else {
println!("\nNot on any warninglist");
}
Ok(())
}
Run with:
MISP_URL=https://misp.local MISP_API_KEY=xxx cargo run --example enrichment
See examples/ for more.
License
MIT