misp_update_event

Instructions

Implementation Reference

• src/tools/events.ts:206-253 (registration)

  Registration of 'misp_update_event' tool via server.tool(), including the handler callback and input schema definition

  // Update event
  server.tool(
    "misp_update_event",
    "Update an existing MISP event's metadata (info, threat level, analysis status). Publishing is separate - use misp_publish_event.",
    {
      eventId: z.string().describe("Event ID to update"),
      info: z.string().optional().describe("New event description"),
      threatLevel: z.union([z.literal(1), z.literal(2), z.literal(3), z.literal(4)]).optional()
        .describe("1=High, 2=Medium, 3=Low, 4=Undefined"),
      analysis: z.union([z.literal(0), z.literal(1), z.literal(2)]).optional()
        .describe("0=Initial, 1=Ongoing, 2=Complete"),
    },
    async ({ eventId, info, threatLevel, analysis }) => {
      try {
        const event = await client.updateEvent(eventId, {
          info,
          threat_level_id: threatLevel,
          analysis,
        });
  
        return {
          content: [
            {
              type: "text",
              text: JSON.stringify(
                {
                  id: event.id,
                  info: event.info,
                  threat_level_id: event.threat_level_id,
                  analysis: event.analysis,
                  published: event.published,
                },
                null,
                2
              ),
            },
          ],
        };
      } catch (err) {
        return {
          content: [
            { type: "text", text: `Error updating event: ${err instanceof Error ? err.message : String(err)}` },
          ],
          isError: true,
        };
      }
    }
  );

• src/tools/events.ts:210-217 (schema)

  Input schema: eventId (required), info, threatLevel (1-4), analysis (0-2) all optional

  {
    eventId: z.string().describe("Event ID to update"),
    info: z.string().optional().describe("New event description"),
    threatLevel: z.union([z.literal(1), z.literal(2), z.literal(3), z.literal(4)]).optional()
      .describe("1=High, 2=Medium, 3=Low, 4=Undefined"),
    analysis: z.union([z.literal(0), z.literal(1), z.literal(2)]).optional()
      .describe("0=Initial, 1=Ongoing, 2=Complete"),
  },

• src/tools/events.ts:218-252 (handler)

  Handler: calls client.updateEvent() with the event data and returns the updated event metadata as JSON

  async ({ eventId, info, threatLevel, analysis }) => {
    try {
      const event = await client.updateEvent(eventId, {
        info,
        threat_level_id: threatLevel,
        analysis,
      });
  
      return {
        content: [
          {
            type: "text",
            text: JSON.stringify(
              {
                id: event.id,
                info: event.info,
                threat_level_id: event.threat_level_id,
                analysis: event.analysis,
                published: event.published,
              },
              null,
              2
            ),
          },
        ],
      };
    } catch (err) {
      return {
        content: [
          { type: "text", text: `Error updating event: ${err instanceof Error ? err.message : String(err)}` },
        ],
        isError: true,
      };
    }
  }

• src/client.ts:212-232 (helper)

  MispClient.updateEvent() helper method that sends a POST to /events/edit/{eventId} with the Event payload

  async updateEvent(
    eventId: string,
    params: {
      info?: string;
      threat_level_id?: number;
      analysis?: number;
    }
  ): Promise<MispEvent> {
    const eventData: Record<string, unknown> = {};
    if (params.info !== undefined) eventData.info = params.info;
    if (params.threat_level_id !== undefined)
      eventData.threat_level_id = params.threat_level_id;
    if (params.analysis !== undefined) eventData.analysis = params.analysis;
  
    const data = await this.request<EventResponse>(
      "POST",
      `/events/edit/${encodeId(eventId, "eventId")}`,
      { Event: eventData }
    );
    return data.Event;
  }

• src/index.ts:31-42 (registration)

  Registration call that wires up registerEventTools() which registers misp_update_event among other event tools

  registerEventTools(server, client);
  registerAttributeTools(server, client);
  registerCorrelationTools(server, client);
  registerTagTools(server, client);
  registerExportTools(server, client);
  registerSightingTools(server, client);
  registerWarninglistTools(server, client);
  registerObjectTools(server, client);
  registerGalaxyTools(server, client);
  registerFeedTools(server, client);
  registerOrganisationTools(server, client);
  registerServerTools(server, client);