misp-client-rs
| Crates.io | misp-client-rs |
| lib.rs | misp-client-rs |
| version | 0.1.0 |
| created_at | 2025-05-17 17:23:48.337647+00 |
| updated_at | 2025-05-17 17:23:48.337647+00 |
| description | A Rust client library for interacting with MISP (Malware Information Sharing Platform) instances via their REST API. |
| homepage | |
| repository | https://github.com/gbrigandi/misp-client-rs |
| max_upload_size | |
| id | 1678012 |
| size | 2,462,955 |
Gianluca Brigandi (gbrigandi)
documentation
README
MISP Client for Rust
A Rust client library for interacting with MISP (Malware Information Sharing Platform) instances via their REST API.
What is MISP?
MISP (Malware Information Sharing Platform) is an open-source threat intelligence platform that facilitates the collection, storage, and sharing of Indicators of Compromise (IoCs) and threat intelligence. It enables organizations to share, store, and correlate information about cyber security incidents, threats, and malware.
Key features of MISP include:
- Sharing of IoCs and threat intelligence between organizations
- Automatic correlation of attributes to identify relationships between events
- Flexible data model with support for various attribute types
- Integration with other security tools and platforms
- Support for taxonomies, galaxies, and other classification systems
- Collaborative analysis of threats
About This Client
This Rust client library provides a comprehensive API to interact with MISP instances. It was generated using OpenAPI Generator from a fine-tuned OpenAPI specification that accurately describes the MISP REST API.
The client supports all major MISP API endpoints, including:
- Events management
- Attributes handling
- Objects manipulation
- Galaxies and taxonomies
- Users and organizations administration
- Sharing groups
- And much more
Installation
Add the package to your Cargo.toml:
```toml
[dependencies]
misp-client-rs = "0.1.0" # Or the version you intend to publish
Usage Examples
Example 1: Authenticating and Retrieving Events
use misp_client_rs::apis::{configuration::Configuration, events_api};
use std::error::Error;
#[tokio::main]
async fn main() -> Result<(), Box<dyn Error>> {
// Configure API key authorization
let mut config = Configuration::new();
config.base_path = "https://your-misp-instance.com".to_string();
config.api_key = Some(misp_client_rs::apis::configuration::ApiKey {
prefix: None,
key: "YOUR_API_KEY".to_string(),
});
// Retrieve all events
let events = events_api::get_events(&config).await?;
// Print event information
for event in events {
println!("Event ID: {}", event.id);
println!("Event Info: {}", event.info);
println!("Event Date: {}", event.date);
println!("Organization: {}", event.org_id);
println!("Attributes count: {}", event.attribute_count);
println!("----------------------------");
}
Ok(())
}
Example 2: Searching for Specific Attributes
use misp_client_rs::apis::{configuration::Configuration, attributes_api};
use misp_client_rs::models::AttributeRestSearchFilter; // Removed unused AttributesRestSearchReturnFormat
use std::error::Error;
#[tokio::main]
async fn main() -> Result<(), Box<dyn Error>> {
// Configure API key authorization
let mut config = Configuration::new();
config.base_path = "https://your-misp-instance.com".to_string();
config.api_key = Some(misp_client_rs::apis::configuration::ApiKey {
prefix: None,
key: "YOUR_API_KEY".to_string(),
});
// Create search filter
let filter = AttributeRestSearchFilter {
value: Some("malicious.com".to_string()),
type_: Some("domain".to_string().into()), // Assuming "domain" is a valid AttributeType variant
category: None,
org: None,
tags: None,
from: None,
to: None,
last: None,
// event_id: None, // Removed redundant event_id, using eventid as per model comment
event_info: None,
threat_level_id: None,
distribution: None,
analysis: None,
org_c: None,
timestamp: None,
published: None,
enforceWarninglist: None,
to_ids: None,
deleted: None,
include_event_uuid: None,
include_event_tags: None,
event_timestamp: None,
sg_reference_only: None,
eventid: None, // Use this for event ID filtering
uuid: None,
publish_timestamp: None,
sharinggroup: None,
..Default::default() // Initialize other fields to None
};
// Search for attributes
let result = attributes_api::rest_search_attributes(
&config,
filter,
).await?;
// Process results
if let Some(attributes_container) = result.response {
if let Some(attributes) = attributes_container.attribute {
println!("Found {} attributes", attributes.len());
for attribute_item in attributes {
println!("Attribute ID: {}", attribute_item.id.as_deref().unwrap_or("N/A"));
println!("Value: {}", attribute_item.value.as_deref().unwrap_or("N/A"));
println!("Type: {}", attribute_item.r#type.as_ref().map_or("N/A".to_string(), |t| t.to_string()));
println!("Event ID: {}", attribute_item.event_id.as_deref().unwrap_or("N/A"));
println!("----------------------------");
}
} else {
println!("No attributes found in the response.");
}
} else {
println!("No response field in the result.");
}
Ok(())
}
Example 3: Creating an Event and Adding an Attribute
use misp_client_rs::apis::{configuration::Configuration, events_api, attributes_api};
use misp_client_rs::models::{
EventNoId, AttributeNoId, AttributeType, AttributeCategory, DistributionLevelId,
AnalysisLevelId, ThreatLevelId
};
use std::error::Error;
#[tokio::main]
async fn main() -> Result<(), Box<dyn Error>> {
// Configure API key authorization
let mut config = Configuration::new();
config.base_path = "https://your-misp-instance.com".to_string();
config.api_key = Some(misp_client_rs::apis::configuration::ApiKey {
prefix: None,
key: "YOUR_API_KEY".to_string(),
});
// 1. Create a new event
let new_event_data = EventNoId {
info: Some("New Event Created via API Client - Ransomware Campaign X".to_string()),
distribution: Some(DistributionLevelId::Variant0), // Your organization only
analysis: Some(AnalysisLevelId::Variant0), // Initial
threat_level_id: Some(ThreatLevelId::Variant1), // High
date: Some("2024-05-17".to_string()), // Set to the appropriate date
..Default::default()
};
let created_event_response = events_api::add_event(&config, new_event_data).await?;
let event_id = if let Some(event_details_boxed) = created_event_response.event {
if let Some(event_id_str) = event_details_boxed.id {
event_id_str
} else {
return Err("Event ID not found in response after creation".into());
}
} else {
return Err("Event details not found in response after creation".into());
};
println!("Successfully created event with ID: {}", event_id);
// 2. Add an attribute to the new event
let new_attribute_data = AttributeNoId {
event_id: Some(event_id.clone()), // Link to the newly created event
r#type: Some(AttributeType::Domain),
value: Some("example-malicious-domain.com".to_string()),
category: Some(AttributeCategory::NetworkActivity),
to_ids: Some(false),
comment: Some("C2 domain associated with Ransomware Campaign X".to_string()),
distribution: Some(DistributionLevelId::Variant0),
..Default::default()
};
let added_attribute_response = attributes_api::add_attribute(&config, &event_id, new_attribute_data).await?;
if let Some(attribute_details_boxed) = added_attribute_response.attribute {
println!("Successfully added attribute with ID: {} and value: '{}' to event ID: {}",
attribute_details_boxed.id.as_deref().unwrap_or("N/A"),
attribute_details_boxed.value.as_deref().unwrap_or("N/A"),
event_id
);
} else {
println!("Attribute added, but details not found in response.");
}
Ok(())
}
All URIs are relative to https://misp.local
| Class | Method | HTTP request | Description |
|---|
AnalystDataApi | add_analyst_data | POST /analystData/add/{analystType}/{analystObjectUUID}/{analystObjectType} | Add analyst data AnalystDataApi | delete_analyst_data | DELETE /analystData/delete/{analystType}/{analystDataID} | Delete Analyst data AnalystDataApi | edit_analyst_data | POST /analystData/edit/{analystType}/{analystDataID} | Edit analyst data AnalystDataApi | get_analyst_data_by_id | GET /analystData/view/{analystType}/{analystDataID} | Get Analyst Data by ID AnalystDataApi | index_analyst_data | GET /analystData/index/{analystType} | List Analyst data AnalystDataApi | index_minimal_analyst_data | GET /analystData/indexMinimal | List minimal Analyst data AttributesApi | add_attribute | POST /attributes/add/{eventId} | Add an attribute AttributesApi | delete_attribute | DELETE /attributes/delete/{attributeId} | Delete an attribute AttributesApi | describe_attribute_types | GET /attributes/describeTypes | Get a list of the available attribute types AttributesApi | edit_attribute | PUT /attributes/edit/{attributeId} | Edit an attribute AttributesApi | enrich_attribute | POST /attributes/enrich/{attributeId} | Enrich an attribute with the given modules AttributesApi | get_attribute_by_id | GET /attributes/view/{attributeId} | Get an attribute by ID AttributesApi | get_attribute_statistics | GET /attributes/attributeStatistics/{context}/{percentage} | Get the count of attributes per category AttributesApi | get_attributes | GET /attributes | Get a list of attributes AttributesApi | rest_search_attributes | POST /attributes/restSearch | [restSearch] Get a filtered and paginated list of attributes AttributesApi | restore_attribute | POST /attributes/restore/{attributeId} | Restore an attribute AttributesApi | tag_attribute | POST /attributes/addTag/{attributeId}/{tagId}/local:{local} | Add tag(s) to attribute(s) AttributesApi | untag_attribute | POST /attributes/removeTag/{attributeId}/{tagId} | Remove a tag from an attribute AuthKeysApi | add_auth_key | POST /auth_keys/add/{userId} | Add auth keys AuthKeysApi | delete_auth_key | DELETE /auth_keys/delete/{authKeyId} | Delete auth key AuthKeysApi | edit_auth_key | POST /auth_keys/edit/{authKeyId} | Edit auth key AuthKeysApi | get_auth_key_by_id | GET /auth_keys/view/{authKeyId} | View auth key AuthKeysApi | get_auth_keys | GET /auth_keys | Get auth keys AuthKeysApi | search_auth_keys | POST /auth_keys | Search auth keys CollectionsApi | add_collection | POST /collections/add | Add a collection CollectionsApi | delete_collection | DELETE /collections/delete/{collectionId} | Delete a collection CollectionsApi | edit_collection | POST /collections/edit/{collectionId} | Edit a collection CollectionsApi | get_collection_by_id | GET /collections/view/{collectionId} | View a collection by ID CollectionsApi | get_collections | GET /collections/index/{filter} | Get a list of collections with optional filtering EventReportApi | add_event_report | POST /eventReports/add/{eventId} | Add Event Report EventReportApi | delete_event_report | POST /eventReports/delete/{eventReportId} | Delete Event Report EventReportApi | edit_event_report | POST /eventReports/edit/{eventReportId} | Edit Event Report EventReportApi | hard_delete_event_report | POST /eventReports/delete/{eventReportId}/{hardDelete} | Hard Delete Event Report EventReportApi | import_from_url_event_report | POST /eventReports/importReportFromUrl/{eventId} | Import Report From URL EventReportApi | index_event_report | GET /eventReports/index | Get event reports EventReportApi | restore_event_report | POST /eventReports/restore/{eventReportId} | Restore Event Report EventReportApi | view_event_report | GET /eventReports/view/{eventReportId} | Get event report by ID EventsApi | add_event | POST /events/add | Add event EventsApi | delete_event | DELETE /events/delete/{eventId} | Delete event EventsApi | edit_event | PUT /events/edit/{eventId} | Edit event EventsApi | enrich_event | POST /events/enrichEvent/{eventId} | Enrich an event with the given modules EventsApi | get_event_by_id | GET /events/view/{eventId} | Get event by ID EventsApi | get_events | GET /events | Get a list of events EventsApi | publish_event | POST /events/publish/{eventId} | Publish an event EventsApi | rest_search_events | POST /events/restSearch | [restSearch] Get a filtered and paginated list of events EventsApi | search_events | POST /events/index | Search events EventsApi | tag_event | POST /events/addTag/{eventId}/{tagId}/local:{local} | Add event tag EventsApi | unpublish_event | POST /events/unpublish/{eventId} | Unpublish an event EventsApi | untag_event | POST /events/removeTag/{eventId}/{tagId} | Remove event tag FeedsApi | add_feed | POST /feeds/add | Add a feed FeedsApi | cache_feeds | POST /feeds/cacheFeeds/{cacheFeedsScope} | Cache feeds FeedsApi | disable_feed | POST /feeds/disable/{feedId} | Disable feed FeedsApi | edit_feed | PUT /feeds/edit/{feedId} | Edit a feed FeedsApi | enable_feed | POST /feeds/enable/{feedId} | Enable feed FeedsApi | fetch_from_all_feeds | POST /feeds/fetchFromAllFeeds | Fetch from all feeds FeedsApi | fetch_from_feed | POST /feeds/fetchFromFeed/{feedId} | Fetch from feed by ID FeedsApi | get_feed_by_id | GET /feeds/view/{feedId} | Get a feed by ID FeedsApi | get_feeds | GET /feeds | Get a list of feeds GalaxiesApi | attach_galaxy_cluster | POST /galaxies/attachCluster/{attachTargetId}/{attachTargetType}/local:{local} | Attach the galaxy cluster tag a given entity GalaxiesApi | delete_galaxy | DELETE /galaxies/delete/{galaxyId} | Delete a galaxy GalaxiesApi | export_galaxy_clusters | POST /galaxies/export/{galaxyId} | Export galaxy clusters GalaxiesApi | get_galaxies | GET /galaxies | Get galaxies GalaxiesApi | get_galaxy_by_id | GET /galaxies/view/{galaxyId} | Get galaxy by ID GalaxiesApi | import_galaxy_cluster | POST /galaxies/import | Import a galaxy cluster GalaxiesApi | search_galaxies | POST /galaxies | Search galaxies GalaxiesApi | update_galaxies | POST /galaxies/update | Force update the galaxies with the galaxy json definitions GalaxyClustersApi | add_galaxy_cluster | POST /galaxy_clusters/add/{galaxyId} | Add galaxy cluster GalaxyClustersApi | delete_galaxy_cluster | POST /galaxy_clusters/delete/{galaxyClusterId} | Delete galaxy cluster GalaxyClustersApi | edit_galaxy_cluster | PUT /galaxy_clusters/edit/{galaxyClusterId} | Edit galaxy cluster GalaxyClustersApi | get_galaxy_cluster_by_id | GET /galaxy_clusters/view/{galaxyClusterId} | Get galaxy cluster by ID GalaxyClustersApi | get_galaxy_clusters | GET /galaxy_clusters/index/{galaxyId} | Get galaxy clusters GalaxyClustersApi | publish_galaxy_cluster | POST /galaxy_clusters/publish/{galaxyClusterId} | Publish galaxy cluster GalaxyClustersApi | restore_galaxy_cluster | POST /galaxy_clusters/restore/{galaxyClusterId} | Restore galaxy cluster GalaxyClustersApi | search_galaxy_clusters | POST /galaxy_clusters/index/{galaxyId} | Search galaxy clusters GalaxyClustersApi | unpublish_galaxy_cluster | POST /galaxy_clusters/unpublish/{galaxyClusterId} | Unpublish galaxy cluster LogsApi | get_logs | POST /admin/logs | Get instance logs NoticelistsApi | get_noticelist_by_id | GET /noticelists/view/{noticelistId} | Get a noticelist by ID NoticelistsApi | get_noticelists | GET /noticelists | Get a list of noticelists NoticelistsApi | toggle_enable_noticelist | POST /noticelists/toggleEnable/{noticelistId} | Enable/disable noticelist NoticelistsApi | update_noticelists | POST /noticelists/update | Update noticelists ObjectsApi | add_object | POST /objects/add/{eventId}/{objectTemplateId} | Add an object to an event ObjectsApi | delete_object | DELETE /objects/delete/{objectId}/{hardDelete} | Delete object ObjectsApi | get_object_by_id | GET /objects/view/{objectId} | Get object by ID ObjectsApi | rest_search_objects | POST /objects/restsearch | [restSearch] Get a filtered and paginated list of objects OrganisationsApi | add_organisation | POST /admin/organisations/add | Add organisation OrganisationsApi | delete_organisation | DELETE /admin/organisations/delete/{organisationId} | Delete organisation OrganisationsApi | edit_organisation | PUT /admin/organisations/edit/{organisationId} | Edit organisation OrganisationsApi | get_organisation_by_id | GET /organisations/view/{organisationId} | Get organisation by ID OrganisationsApi | get_organisations | GET /organisations | Get organisations ServersApi | add_server | POST /servers/add | Add server ServersApi | cache_server | POST /servers/cache | Cache server ServersApi | create_sync | POST /servers/createSync | Create sync ServersApi | delete_server | POST /servers/delete/{serverId} | Delete server ServersApi | edit_server | PUT /servers/edit/{serverId} | Edit server ServersApi | edit_server_setting | POST /servers/serverSettingsEdit/{settingName} | Edit server setting ServersApi | get_py_misp_version | GET /servers/getPyMISPVersion | Get current instance PyMISP version ServersApi | get_server_setting | GET /servers/getSetting/{settingName} | Get server setting by name ServersApi | get_server_settings | GET /servers/serverSettings | Get current instance settings and diagnostics ServersApi | get_server_uuid | GET /servers/getInstanceUUID | Get instance UUID ServersApi | get_server_version | GET /servers/getVersion | Get current instance version ServersApi | get_servers | GET /servers | Get servers ServersApi | get_workers | GET /servers/getWorkers | Get workers ServersApi | import_server | POST /servers/import | Import server ServersApi | kill_all_workers | POST /servers/killAllWorkers | Kill all workers ServersApi | pull_server | GET /servers/pull/{serverId}/{pullTechnique} | Pull server ServersApi | push_server | GET /servers/push/{serverId}/{pushTechnique} | Push server ServersApi | restart_dead_workers | POST /servers/restartDeadWorkers | Restart dead workers ServersApi | restart_workers | POST /servers/restartWorkers | Restart workers ServersApi | start_worker | POST /servers/startWorker/{workerType} | Start worker ServersApi | stop_worker | POST /servers/stopWorker/{workerPid} | Stop worker ServersApi | update_server | POST /servers/update | Update server SharingGroupsApi | add_organisation_to_sharing_group | POST /sharing_groups/addOrg/{sharingGroupId}/{organisationId} | Add an organisation to a sharing group SharingGroupsApi | add_server_to_sharing_group | POST /sharing_groups/addServer/{sharingGroupId}/{serverId} | Add a server to a sharing group SharingGroupsApi | add_sharing_group | POST /sharing_groups/add | Add a sharing group SharingGroupsApi | delete_sharing_group | DELETE /sharing_groups/delete/{sharingGroupId} | Delete a sharing group SharingGroupsApi | edit_sharing_group | POST /sharing_groups/edit/{sharingGroupId} | Edit a sharing group SharingGroupsApi | get_sharing_group | GET /sharing_groups | Get a list of sharing groups SharingGroupsApi | get_sharing_group_by_id | GET /sharing_groups/view/{sharingGroupId} | Get a sharing group by ID SharingGroupsApi | remove_organisation_from_sharing_group | POST /sharing_groups/removeOrg/{sharingGroupId}/{organisationId} | Remove an organisation from a sharing group SharingGroupsApi | remove_server_from_sharing_group | POST /sharing_groups/removeServer/{sharingGroupServerId}/{serverId} | Remove a server from a sharing group SightingsApi | add_sighting | POST /sightings/add/{attributeId} | Add sighting of an attribute SightingsApi | add_sighting_by_value | POST /sightings/add | Add sightings of a list of values SightingsApi | delete_sighting | POST /sightings/delete/{sightingId} | Delete sighting SightingsApi | get_sightings_by_event_id | GET /sightings/index/{eventId} | Get sightings by event ID TagsApi | add_tag | POST /tags/add | Add tag TagsApi | delete_tag | POST /tags/delete/{tagId} | Delete tag TagsApi | edit_tag | POST /tags/edit/{tagId} | Edit tag TagsApi | get_tag_by_id | GET /tags/view/{tagId} | Get tag by ID TagsApi | get_tags | GET /tags | Get tags TagsApi | search_tag | GET /tags/search/{tagSearchTerm} | Search tag TaxonomiesApi | disable_taxonomy | POST /taxonomies/disable/{taxonomyId} | Disable taxonomy TaxonomiesApi | enable_taxonomy | POST /taxonomies/enable/{taxonomyId} | Enable taxonomy TaxonomiesApi | export_taxonomy | GET /taxonomies/export/{taxonomyId} | Export taxonomy. TaxonomiesApi | get_taxonomies | GET /taxonomies | Get taxonomies TaxonomiesApi | get_taxonomy_by_id | GET /taxonomies/view/{taxonomyId} | Get a taxonomy by ID TaxonomiesApi | get_taxonomy_tags | GET /taxonomies/taxonomy_tags/{taxonomyId} | Get a taxonomy extended with tags used in events and attributes. TaxonomiesApi | update_taxonomies | POST /taxonomies/update | Update taxonomies UserSettingsApi | delete_user_setting_by_id | DELETE /user_settings/delete/{userSettingId} | Delete user setting by id UserSettingsApi | get_user_setting_by_id | GET /user_settings/view/{userSettingId} | Get user setting by id UserSettingsApi | get_user_setting_by_name | GET /user_settings/getSetting/{userId}/{userSettingName} | Get user setting by id UserSettingsApi | get_user_settings | GET /user_settings | Get user settings UserSettingsApi | search_user_settings | POST /user_settings | Search user settings UserSettingsApi | set_user_setting | POST /user_settings/setSetting/{userId}/{userSettingName} | Set user setting UsersApi | add_user | POST /admin/users/add | Add user UsersApi | delete_user | DELETE /admin/users/delete/{userId} | Delete user UsersApi | delete_user_totp | DELETE /users/totp_delete/{userId} | Delete user TOTP UsersApi | edit_user | PUT /admin/users/edit/{userId} | Edit user UsersApi | get_user_by_id | GET /admin/users/view/{userId} | Get user by ID UsersApi | get_users | GET /admin/users | Get users UsersApi | reset_user_password | POST /users/initiatePasswordReset/{userId}/{firstTimeReset} | Reset user password WarninglistsApi | check_value_warninglists_matches | POST /warninglists/checkValue | Check if a list of values matches any warninglists WarninglistsApi | get_warninglist_by_id | GET /warninglists/view/{warninglistId} | Get warninglist by ID WarninglistsApi | get_warninglists | GET /warninglists | Get a list of warninglists WarninglistsApi | search_warninglists | POST /warninglists | Search warninglists WarninglistsApi | toggle_enable_warninglist | POST /warninglists/toggleEnable | Enable/disable warninglists WarninglistsApi | update_warninglists | POST /warninglists/update | Update warninglists
Documentation For Models
See the docs directory for detailed documentation of all models.
License
This project is licensed under the terms specified in the Cargo.toml file.
Author
This client was generated using OpenAPI Generator from a fine-tuned OpenAPI specification of the MISP API.