Python API for the taxonomies.
Project description
PyTaxonomies
Pythonic way to work with the taxonomies defined there: https://github.com/MISP/misp-taxonomies
Usage
Taxonomies and predicates are represented as immutable Python dictionaries.
Installation
pip install pytaxonomies
Basics
In [1]: from pytaxonomies import Taxonomies
In [2]: taxonomies = Taxonomies()
In [3]: taxonomies.version
Out[3]: '20160725'
In [4]: taxonomies.license
Out[4]: 'CC-BY'
In [5]: taxonomies.description
Out[5]: 'Manifest file of MISP taxonomies available.'
# How many taxonomies have been imported
In [6]: len(taxonomies)
Out[6]: 27
# Names of the taxonomies
In [7]: list(taxonomies.keys())
Out[7]:
['tlp',
'eu-critical-sectors',
'dni-ism',
'de-vs',
'osint',
'ms-caro-malware',
'open-threat',
'circl',
'iep',
'euci',
'kill-chain',
'europol-events',
'veris',
'information-security-indicators',
'estimative-language',
'adversary',
'europol-incident',
'malware_classification',
'ecsirt',
'dhs-ciip-sectors',
'csirt_case_classification',
'nato',
'fr-classif',
'enisa',
'misp',
'admiralty-scale',
'ms-caro-malware-full']
In [8]: taxonomies.get('enisa').description
Out[8]: 'The present threat taxonomy is an initial version that has been developed on the basis of available ENISA material. This material has been used as an ENISA-internal structuring aid for information collection and threat consolidation purposes. It emerged in the time period 2012-2015.'
In [9]: taxonomies.get('enisa').version
Out[9]: 201601
In [10]: taxonomies.get('enisa').name
Out[10]: 'enisa'
In [11]: list(taxonomies.get('enisa').keys())
Out[11]:
['legal',
'outages',
'eavesdropping-interception-hijacking',
'nefarious-activity-abuse',
'physical-attack',
'failures-malfunction',
'disaster',
'unintentional-damage']
In [12]: list(taxonomies.get('enisa').get('physical-attack'))
Out[12]:
['fraud-by-employees',
'theft',
'unauthorised-physical-access-or-unauthorised-entry-to-premises',
'theft-of-documents',
'information-leak-or-unauthorised-sharing',
'vandalism',
'damage-from-the-wafare',
'sabotage',
'coercion-or-extortion-or-corruption',
'theft-of-mobile-devices',
'theft-of-fixed-hardware',
'terrorist-attack',
'theft-of-backups',
'fraud']
In [13]: taxonomies.get('enisa').get('physical-attack').get('vandalism').value
Out[13]: 'vandalism'
In [14]: taxonomies.get('enisa').get('physical-attack').get('vandalism').expanded
Out[14]: 'Vandalism'
In [15]: taxonomies.get('enisa').get('physical-attack').get('vandalism').description
Out[15]: 'Act of physically damaging IT assets.'
Get machine tags
In [1]: print(taxonomies) # or taxonomies.all_machinetags()
<display the machine tags for all the taxonomies>
In [2]: print(taxonomies.get('circl')) # or taxonomies.get('circl').machinetags()
circl:incident-classification="vulnerability"
circl:incident-classification="malware"
circl:incident-classification="fastflux"
circl:incident-classification="system-compromise"
circl:incident-classification="sql-injection"
circl:incident-classification="scan"
circl:incident-classification="XSS"
circl:incident-classification="information-leak"
circl:incident-classification="scam"
circl:incident-classification="copyright-issue"
circl:incident-classification="denial-of-service"
circl:incident-classification="phishing"
circl:incident-classification="spam"
circl:topic="undefined"
circl:topic="industry"
circl:topic="ict"
circl:topic="finance"
circl:topic="services"
circl:topic="individual"
circl:topic="medical"
# All entries
In [3]: taxonomies.get('circl').amount_entries()
Out[3]: 28
# Amount predicates
In [3]: len(taxonomies.get('circl'))
Out[3]: 2
Expanded machine tag
In [10]: print(taxonomies.get('circl').machinetags_expanded())
circl:topic="Individual"
circl:topic="Services"
circl:topic="Finance"
circl:topic="Medical"
circl:topic="Industry"
circl:topic="Undefined"
circl:topic="ICT"
circl:incident-classification="Phishing"
circl:incident-classification="Malware"
circl:incident-classification="XSS"
circl:incident-classification="Copyright issue"
circl:incident-classification="Spam"
circl:incident-classification="SQL Injection"
circl:incident-classification="Scan"
circl:incident-classification="Scam"
circl:incident-classification="Vulnerability"
circl:incident-classification="Denial of Service"
circl:incident-classification="Information leak"
circl:incident-classification="Fastflux"
circl:incident-classification="System compromise"
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file pytaxonomies-2.1.0.tar.gz
.
File metadata
- Download URL: pytaxonomies-2.1.0.tar.gz
- Upload date:
- Size: 780.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.12.9
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 |
ad4bf5a9ad94fa23c663240358587fa46e55559db5cfc2e24b74d892c926a4d7
|
|
MD5 |
6591b2502b0b5f1caf112ff4ca9e8e7b
|
|
BLAKE2b-256 |
940f33a743d8b5b2d12c2442811a6ca818c854cc0db83a81dc33ddbd4b10fb4b
|
Provenance
The following attestation bundles were made for pytaxonomies-2.1.0.tar.gz
:
Publisher:
release.yml
on MISP/PyTaxonomies
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1
-
Predicate type:
https://docs.pypi.org/attestations/publish/v1
-
Subject name:
pytaxonomies-2.1.0.tar.gz
-
Subject digest:
ad4bf5a9ad94fa23c663240358587fa46e55559db5cfc2e24b74d892c926a4d7
- Sigstore transparency entry: 177343568
- Sigstore integration time:
-
Permalink:
MISP/PyTaxonomies@46234415ed48f0ff4a29996cf3fa5a30c756fec7
-
Branch / Tag:
refs/tags/v2.1.0
- Owner: https://github.com/MISP
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com
-
Runner Environment:
github-hosted
-
Publication workflow:
release.yml@46234415ed48f0ff4a29996cf3fa5a30c756fec7
-
Trigger Event:
release
-
Statement type:
File details
Details for the file pytaxonomies-2.1.0-py3-none-any.whl
.
File metadata
- Download URL: pytaxonomies-2.1.0-py3-none-any.whl
- Upload date:
- Size: 865.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.12.9
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 |
682a7ef953f7ba7db1cf13f414cfc156f54ec36f272cbfb11e795a1a5c411533
|
|
MD5 |
23aa76fd294e9255e3a190c0eb481143
|
|
BLAKE2b-256 |
75da82063e887dabc74ac0c153a90a585808f767f7d9255d01b6777c0be3e4ef
|
Provenance
The following attestation bundles were made for pytaxonomies-2.1.0-py3-none-any.whl
:
Publisher:
release.yml
on MISP/PyTaxonomies
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1
-
Predicate type:
https://docs.pypi.org/attestations/publish/v1
-
Subject name:
pytaxonomies-2.1.0-py3-none-any.whl
-
Subject digest:
682a7ef953f7ba7db1cf13f414cfc156f54ec36f272cbfb11e795a1a5c411533
- Sigstore transparency entry: 177343569
- Sigstore integration time:
-
Permalink:
MISP/PyTaxonomies@46234415ed48f0ff4a29996cf3fa5a30c756fec7
-
Branch / Tag:
refs/tags/v2.1.0
- Owner: https://github.com/MISP
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com
-
Runner Environment:
github-hosted
-
Publication workflow:
release.yml@46234415ed48f0ff4a29996cf3fa5a30c756fec7
-
Trigger Event:
release
-
Statement type: