Python API for the taxonomies.
Project description
PyTaxonomies
Pythonic way to work with the taxonomies defined there: https://github.com/MISP/misp-taxonomies
Usage
Taxonomies and predicates are represented as immutable Python dictionaries.
Installation
pip install pytaxonomies
Basics
In [1]: from pytaxonomies import Taxonomies
In [2]: taxonomies = Taxonomies()
In [3]: taxonomies.version
Out[3]: '20160725'
In [4]: taxonomies.license
Out[4]: 'CC-BY'
In [5]: taxonomies.description
Out[5]: 'Manifest file of MISP taxonomies available.'
# How many taxonomies have been imported
In [6]: len(taxonomies)
Out[6]: 27
# Names of the taxonomies
In [7]: list(taxonomies.keys())
Out[7]:
['tlp',
'eu-critical-sectors',
'dni-ism',
'de-vs',
'osint',
'ms-caro-malware',
'open-threat',
'circl',
'iep',
'euci',
'kill-chain',
'europol-events',
'veris',
'information-security-indicators',
'estimative-language',
'adversary',
'europol-incident',
'malware_classification',
'ecsirt',
'dhs-ciip-sectors',
'csirt_case_classification',
'nato',
'fr-classif',
'enisa',
'misp',
'admiralty-scale',
'ms-caro-malware-full']
In [8]: taxonomies.get('enisa').description
Out[8]: 'The present threat taxonomy is an initial version that has been developed on the basis of available ENISA material. This material has been used as an ENISA-internal structuring aid for information collection and threat consolidation purposes. It emerged in the time period 2012-2015.'
In [9]: taxonomies.get('enisa').version
Out[9]: 201601
In [10]: taxonomies.get('enisa').name
Out[10]: 'enisa'
In [11]: list(taxonomies.get('enisa').keys())
Out[11]:
['legal',
'outages',
'eavesdropping-interception-hijacking',
'nefarious-activity-abuse',
'physical-attack',
'failures-malfunction',
'disaster',
'unintentional-damage']
In [12]: list(taxonomies.get('enisa').get('physical-attack'))
Out[12]:
['fraud-by-employees',
'theft',
'unauthorised-physical-access-or-unauthorised-entry-to-premises',
'theft-of-documents',
'information-leak-or-unauthorised-sharing',
'vandalism',
'damage-from-the-wafare',
'sabotage',
'coercion-or-extortion-or-corruption',
'theft-of-mobile-devices',
'theft-of-fixed-hardware',
'terrorist-attack',
'theft-of-backups',
'fraud']
In [13]: taxonomies.get('enisa').get('physical-attack').get('vandalism').value
Out[13]: 'vandalism'
In [14]: taxonomies.get('enisa').get('physical-attack').get('vandalism').expanded
Out[14]: 'Vandalism'
In [15]: taxonomies.get('enisa').get('physical-attack').get('vandalism').description
Out[15]: 'Act of physically damaging IT assets.'
Get machine tags
In [1]: print(taxonomies) # or taxonomies.all_machinetags()
<display the machine tags for all the taxonomies>
In [2]: print(taxonomies.get('circl')) # or taxonomies.get('circl').machinetags()
circl:incident-classification="vulnerability"
circl:incident-classification="malware"
circl:incident-classification="fastflux"
circl:incident-classification="system-compromise"
circl:incident-classification="sql-injection"
circl:incident-classification="scan"
circl:incident-classification="XSS"
circl:incident-classification="information-leak"
circl:incident-classification="scam"
circl:incident-classification="copyright-issue"
circl:incident-classification="denial-of-service"
circl:incident-classification="phishing"
circl:incident-classification="spam"
circl:topic="undefined"
circl:topic="industry"
circl:topic="ict"
circl:topic="finance"
circl:topic="services"
circl:topic="individual"
circl:topic="medical"
# All entries
In [3]: taxonomies.get('circl').amount_entries()
Out[3]: 28
# Amount predicates
In [3]: len(taxonomies.get('circl'))
Out[3]: 2
Expanded machine tag
In [10]: print(taxonomies.get('circl').machinetags_expanded())
circl:topic="Individual"
circl:topic="Services"
circl:topic="Finance"
circl:topic="Medical"
circl:topic="Industry"
circl:topic="Undefined"
circl:topic="ICT"
circl:incident-classification="Phishing"
circl:incident-classification="Malware"
circl:incident-classification="XSS"
circl:incident-classification="Copyright issue"
circl:incident-classification="Spam"
circl:incident-classification="SQL Injection"
circl:incident-classification="Scan"
circl:incident-classification="Scam"
circl:incident-classification="Vulnerability"
circl:incident-classification="Denial of Service"
circl:incident-classification="Information leak"
circl:incident-classification="Fastflux"
circl:incident-classification="System compromise"
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
pytaxonomies-2.1.1.tar.gz
(872.7 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
pytaxonomies-2.1.1-py3-none-any.whl
(969.0 kB
view details)
File details
Details for the file pytaxonomies-2.1.1.tar.gz.
File metadata
- Download URL: pytaxonomies-2.1.1.tar.gz
- Upload date:
- Size: 872.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
677e1d1b17ad9c601dada0b387a2900a0879e1acc8961eca97124134e5fc2f40
|
|
| MD5 |
7f28d06bcecd9b348ff85c6d835df840
|
|
| BLAKE2b-256 |
bf947d9fba47782c5ee8d273e784af29a85bbeabbcc2f5685d47768a7b572b7c
|
Provenance
The following attestation bundles were made for pytaxonomies-2.1.1.tar.gz:
Publisher:
release.yml on MISP/PyTaxonomies
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
pytaxonomies-2.1.1.tar.gz -
Subject digest:
677e1d1b17ad9c601dada0b387a2900a0879e1acc8961eca97124134e5fc2f40 - Sigstore transparency entry: 1722694465
- Sigstore integration time:
-
Permalink:
MISP/PyTaxonomies@cb831d3a05356c83a279ec57e9ec9c3bf07934a8 -
Branch / Tag:
refs/tags/v2.1.1 - Owner: https://github.com/MISP
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@cb831d3a05356c83a279ec57e9ec9c3bf07934a8 -
Trigger Event:
release
-
Statement type:
File details
Details for the file pytaxonomies-2.1.1-py3-none-any.whl.
File metadata
- Download URL: pytaxonomies-2.1.1-py3-none-any.whl
- Upload date:
- Size: 969.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c96ed540d459c3c59287f9aeb9ad68076dd9beecb1263161014aac96a2b85d21
|
|
| MD5 |
6b42ca6ea4d51dbf82597e7ddadddd2e
|
|
| BLAKE2b-256 |
7e9d3a164f44c742b7acfa0e2a1155475433a57cfdbaea1cf1add3bf4478ad4d
|
Provenance
The following attestation bundles were made for pytaxonomies-2.1.1-py3-none-any.whl:
Publisher:
release.yml on MISP/PyTaxonomies
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
pytaxonomies-2.1.1-py3-none-any.whl -
Subject digest:
c96ed540d459c3c59287f9aeb9ad68076dd9beecb1263161014aac96a2b85d21 - Sigstore transparency entry: 1722694533
- Sigstore integration time:
-
Permalink:
MISP/PyTaxonomies@cb831d3a05356c83a279ec57e9ec9c3bf07934a8 -
Branch / Tag:
refs/tags/v2.1.1 - Owner: https://github.com/MISP
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@cb831d3a05356c83a279ec57e9ec9c3bf07934a8 -
Trigger Event:
release
-
Statement type:
