MISP API

Watcher.common.misp.create_misp_tags(misp_api)

Create and verify MISP tags.

Args:

misp_api: PyMISP API instance

Returns:

list: Created/verified tags

Watcher.common.misp.create_objects(obj, existing_values=None)

Create MISP Objects for any domain object (Site or DnsTwisted).

Args:

obj: Domain object (Site or DnsTwisted) containing domain data existing_values: Optional set of (type, value) tuples to check for duplicates

Returns:

list: MISP objects ready to be added/updated

Watcher.common.misp.create_or_update_objects(misp_api, event, site, dry_run=False)

Create or update MISP objects for a given site.

Args:

misp_api: PyMISP API instance event: MISP Event object site: Site object containing domain data dry_run: If True, simulate the operation without making changes

Returns:

tuple: (success, message)

Watcher.common.misp.find_domain_object(misp_api, event, domain_name)

Find a domain object in a MISP event.

Args:

misp_api: PyMISP API instance event: MISP Event object domain_name: Domain name to search for

Returns:

tuple: (object_found, existing_object)

Watcher.common.misp.get_misp_uuid(domain_name)

Get MISP event UUID for a domain.

Args:

domain_name: Domain name to get UUID for

Returns:

list: List of MISP event UUID (or empty list if none found)

Watcher.common.misp.update_misp_uuid(domain_name, event_uuid)

Update MISP event UUID for a domain.

Args:

domain_name: Domain name to update UUID for event_uuid: UUID to add (will be added as the latest)

Returns:

list: Updated list of MISP event UUID