Skip to content

Api schemas package

Role

Bases: BaseModel

perm_admin instance-attribute 

perm_admin: bool

Limited organisation admin - create, manage users of their own organisation.

perm_audit instance-attribute 

perm_audit: bool

Access to the audit logs of the user's organisation.

perm_auth instance-attribute 

perm_auth: bool

Users with this permission have access to authenticating via their Auth keys, granting them access to the API.

perm_decaying instance-attribute 

perm_decaying: bool

Create or modify MISP Decaying Models.

perm_delegate instance-attribute 

perm_delegate: bool

Allow users to create delegation requests for their own org only events to trusted third parties.

perm_galaxy_editor instance-attribute 

perm_galaxy_editor: bool

Create or modify MISP Galaxies and MISP Galaxies Clusters.

perm_modify instance-attribute 

perm_modify: bool

Manage Own Events.

perm_modify_org instance-attribute 

perm_modify_org: bool

Manage Organisation Events.

perm_object_template instance-attribute 

perm_object_template: bool

Create or modify MISP Object templates.

perm_publish instance-attribute 

perm_publish: bool

Publish Organisation Events.

perm_publish_kafka instance-attribute 

perm_publish_kafka: bool

Allow users to publish data to Kafka via the publish event to Kafka button.

perm_publish_zmq instance-attribute 

perm_publish_zmq: bool

Allow users to publish data to the ZMQ pubsub channel via the publish event to ZMQ button.

perm_regexp_access instance-attribute 

perm_regexp_access: bool

Users with this role can modify the regex rules affecting how data is fed into MISP. Make sure that caution is advised with handing out roles that include this permission, user controlled executed regexes are dangerous.

perm_sharing_group instance-attribute 

perm_sharing_group: bool

Permission to create or modify sharing groups.

perm_sighting instance-attribute 

perm_sighting: bool

Permits the user to push feedback on attributes into MISP by providing sightings.

perm_site_admin instance-attribute 

perm_site_admin: bool

Unrestricted access to any data and functionality on this instance.

perm_sync instance-attribute 

perm_sync: bool

Synchronisation permission, can be used to connect two MISP instances create data on behalf of other users. Make sure that the role with this permission has also access to tagging and tag editing rights.

perm_tag_editor instance-attribute 

perm_tag_editor: bool

This permission gives users the ability to create tags.

perm_tagger instance-attribute 

perm_tagger: bool

Users with roles that include this permission can attach or detach existing tags to and from events/attributes.

perm_template instance-attribute 

perm_template: bool

Create or modify templates, to be used when populating events.

perm_view_feed_correlations instance-attribute 

perm_view_feed_correlations: bool

Allow the viewing of feed correlations. Enabling this can come at a performance cost.

perm_warninglist instance-attribute 

perm_warninglist: bool

Allow to manage warninglists.

CreateSharingGroupLegacyBody

Bases: BaseModel

created class-attribute instance-attribute 

created: datetime | str | None = None

attribute will be ignored

modified class-attribute instance-attribute 

modified: datetime | str | None = None

attribute will be ignored

org_count class-attribute instance-attribute 

org_count: str | None = None

attribute will be ignored

sync_user_id class-attribute instance-attribute 

sync_user_id: int | None = Field(default=None)

attribute will be ignored

UpdateSharingGroupLegacyBody

Bases: BaseModel

created class-attribute instance-attribute 

created: datetime | str | None = None

attribute will be ignored

id class-attribute instance-attribute 

id: int | None = None

attribute will be ignored

modified class-attribute instance-attribute 

modified: datetime | str | None = None

attribute will be ignored

org_count class-attribute instance-attribute 

org_count: str | None = None

attribute will be ignored

org_id instance-attribute 

org_id: int | None

attribute will be ignored

organisation_uuid class-attribute instance-attribute 

organisation_uuid: str | None = Field(
    default=None, max_length=36
)

attribute will be ignored

sync_user_id instance-attribute 

sync_user_id: int | None

attribute will be ignored

uuid class-attribute instance-attribute 

uuid: str | None = Field(default=None, max_length=36)

attribute will be ignored

CheckGraphResponse

Bases: BaseModel

Response schema from the API for checking a graph.

  • is_acyclic: Indicates whether the graph is acyclic and provides information about the first detected cycle, if any.
  • multiple_output_connection: Indicates whether the graph has illegal multiple output connections, detailing the nodes involved.
  • path_warnings: Records warnings if a path leads to a blocking node from a 'Concurrent Task' node, providing relevant details. Not used in Modern MISP, and will be returned empty.
  • **unsupported_modules"" List of the modules (identified with their graph_id) that are currently unsupported in Modern MISP (not yet implemented) causing the workflow to be invalid.
  • misc_errors Other miscellaneous errors indicating that the workflow graph is broken or etc. (edges registered at ports outside the valid range, inconsistencies between the incoming and outgoing adjacency lists etc.)

Example JSON structure: 

{
    "is_acyclic": {
        "is_acyclic": false,
        "cycles": [
            [4, 3, "Cycle"],
            [3, 4, "Cycle"]
        ]
    },
    "multiple_output_connection": {
        "has_multiple_output_connection": true,
        "edges": {
            "1": [5, 3]
        }
    },
    "path_warnings": {
        "has_path_warnings": true,
        "edges": [
            [5, 2, "This path leads to a blocking node from a non-blocking context", true, "stop-execution", 2]
        ]
    }
}

IsAcyclic

Bases: BaseModel

Represents the whether graph is acyclic and details of the first detected cycle.

  • is_acyclic: False if the graph contains at least one cycle.
  • cycles: A list of entries, each containing two node IDs and a "Cycle" string. Conbined they result in the cycle.

Example: 

"is_acyclic": {
    "is_acyclic": false,
    "cycles": [
        [
            4,
            3,
            "Cycle"
        ],
        [
            3,
            4,
            "Cycle"
        ]
    ]
}

MiscellaneousGraphValidationError

Bases: BaseModel

Validation errors that do no fit in the legacy MISP json response format for Graph Validation will be returned as errors in this format.

error_id instance-attribute 

error_id: str

The type of error that this instance represents.

message instance-attribute 

message: str

The error message of this instance.

MultipleOutputConnection

Bases: BaseModel

Represents the status and details of nodes with illegal multiple output connections in a graph.

  • has_multiple_output_connection: True if at least one node has multiple output connections that are not allowed. For example, the 'Concurrent Task' node can have multiple output connections while the value here is False.
  • edges: A dictionary where the key is the ID of a node with multiple illegal connections, and the value is a list of node IDs to which these illegal connections are made.

Example: 

"multiple_output_connection": {
    "has_multiple_output_connection": true,
    "edges": {
        "1": [
            5,
            3
        ]
    }
}

PathWarnings

Bases: BaseModel

Represents warnings for paths in a graph.

  • has_path_warnings: True if the graph contains at least one warning.
  • edges: A list containing all connections which are flagged as warnings.

Example: 

"path_warnings": {
    "has_path_warnings": true,
    "edges": [
        [
            5,
            2,
            "This path leads to a blocking node from a non-blocking context",
            true,
            "stop-execution",
            2
        ]
    ]
}

GetAllAttributesResponse

Bases: BaseModel

check_sharing_group_id classmethod 

check_sharing_group_id(
    value: Any, values: Dict[str, Any]
) -> Optional[int]

If distribution equals 4, sharing_group_id will be shown.

AddOrganisation

Bases: BaseModel

local instance-attribute 

local: bool

organisation gains access to the local instance, otherwise treated as external

EditOrganisation

Bases: BaseModel

local instance-attribute 

local: bool

organisation gains access to the local instance, otherwise treated as external

Organisation

Bases: BaseOrganisation

local instance-attribute 

local: bool

organisation gains access to the local instance, otherwise treated as external

AddUserBody

Bases: BaseModel

name instance-attribute 

name: str

role_id newly added

GetUsersUser

Bases: BaseModel

sub instance-attribute 

sub: str | None

new contents bellow

totp instance-attribute 

totp: str | None

detailed information bellow

User

Bases: BaseModel

current_login instance-attribute 

current_login: int

time in seconds

date_created instance-attribute 

date_created: int

time in seconds

date_modified instance-attribute 

date_modified: int

time in seconds

last_api_access instance-attribute 

last_api_access: int

time in seconds

last_login instance-attribute 

last_login: int

time in seconds

last_pw_change class-attribute instance-attribute 

last_pw_change: int | None = None

time in seconds

ObjectWithAttributesResponse

Bases: BaseModel

check_sharing_group_id classmethod 

check_sharing_group_id(
    value: Any, values: Dict[str, Any]
) -> Optional[int]

If distribution equals 4, sharing_group_id will be shown.

FeedAttributesResponse

Bases: BaseModel

check_sharing_group_id classmethod 

check_sharing_group_id(
    value: Any, values: Dict[str, Any]
) -> int | None

If distribution equals 4, sharing_group_id will be shown.