Skip to content

Enrichment

EnrichAttributeData

Bases: BaseModel

Encapsulates the necessary data to create an enrich-attribute job.

attribute_id instance-attribute 

attribute_id: NonNegativeInt

The ID of the attribute to enrich.

enrichment_plugins instance-attribute 

enrichment_plugins: list[str]

The list of enrichment plugins to use for enrichment

EnrichEventData

Bases: BaseModel

Encapsulates the data needed for an enrich-event job.

enrichment_plugins instance-attribute 

enrichment_plugins: list[str]

The list of enrichment plugins to use for enrichment

event_id instance-attribute 

event_id: int

The ID of the event to enrich.

EnrichEventResult

Bases: BaseModel

Encapsulates the result of an enrich-event job.

Contains the number of created attributes.

created_attributes class-attribute instance-attribute 

created_attributes: NonNegativeInt = 0

The number of created attributes.

enrich_attribute async 

enrich_attribute(db: AsyncSession, misp_attribute: Attribute, enrichment_plugins: list[str]) -> EnrichAttributeResult

Enriches the given event attribute with the specified plugins and returns the created attributes and tags.

:param misp_attribute: The attribute to enrich. :type misp_attribute: AttributeWithTagRelationship :param enrichment_plugins: The plugins to use for enriching the attribute. :type enrichment_plugins: list[str] :return: The created Attributes and Tags. :rtype: EnrichAttributeData

enrich_attribute_job async 

enrich_attribute_job(ctx: WrappedContext[None], user_data: UserData, data: EnrichAttributeData) -> EnrichAttributeResult

Provides an implementation of the enrich-attribute job.

Takes a Misp event-attribute as input and runs specified plugins to enrich the attribute.

Parameters:

Name Type Description Default
user_data UserData

The user who created the job. (not used)

 required
data EnrichAttributeData

The data needed for the enrichment process.

 required

Returns: The created Attributes and Tags.

ENV_ENRICHMENT_PLUGIN_DIRECTORY module-attribute 

ENV_ENRICHMENT_PLUGIN_DIRECTORY = 'ENRICHMENT_PLUGIN_DIRECTORY'

The name of the environment variable that configures the directory where enrichment plugins are loaded from.

EnrichmentConfigData

Bases: BaseSettings

Encapsulates configuration for the enrichment worker and its jobs.

plugin_directory class-attribute instance-attribute 

plugin_directory: str = Field(_PLUGIN_DEFAULT_DIRECTORY, validation_alias=ENV_ENRICHMENT_PLUGIN_DIRECTORY)

The directory where the plugins are stored.

validate_plugin_module classmethod 

validate_plugin_module(value: str) -> str

Validates the plugin_directory. If the module is not valid or could not be found a default value is assigned. :param value: The plugin_directory value. :type value: str :return: The given or a default plugin directory.

enrich_event_job async 

enrich_event_job(ctx: WrappedContext[None], user_data: UserData, data: EnrichEventData) -> EnrichEventResult

Encapsulates a Job enriching a given MISP Event.

Job fetches MISP Attributes from a given Event and executes the specified enrichment plugins for each of these attributes. Newly created Attributes and Tags are attached to the Event in the MISP-Database.

:param user_data: The user who created the job. (not used) :type user_data: UserData :param data: The event id and enrichment plugins. :return: The number of newly created attributes. :rtype: EnrichEventResult