Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • 08:58

    adulau on main

    chg: [README] updated (compare)

  • Nov 12 11:50
    adulau commented #17
  • Nov 12 11:50

    adulau on master

    Update README.md Proposal to l… Merge pull request #17 from lde… (compare)

  • Nov 12 11:50
    adulau closed #17
  • Nov 12 11:49
    ldelavaissiere opened #17
  • Nov 12 11:46
    iglocska commented #16
  • Nov 12 11:36
    ldelavaissiere commented #16
  • Nov 12 11:35
    adulau commented #16
  • Nov 12 11:35
    adulau closed #16
  • Nov 12 11:35

    adulau on master

    Create information_sharing_dora… Merge pull request #16 from lde… (compare)

  • Nov 12 11:28
    ldelavaissiere opened #16
  • Nov 06 16:52

    adulau on master

    chg: [doc] updated (compare)

  • Nov 06 16:44

    adulau on master

    fix: [book] glossary (compare)

  • Nov 06 16:20

    adulau on master

    chg: [clean-up] various updates… (compare)

  • Sep 27 09:25

    iglocska on master

    Some minor changes to the docum… (compare)

  • Sep 26 14:16
    adulau commented #284
  • Sep 26 14:15
    adulau closed #284
  • Sep 26 14:15

    adulau on main

    logical typo fixed help manual Merge pull request #284 from Co… (compare)

  • Sep 26 13:40
    Cooper-Dale opened #284
  • Sep 14 17:24
    adulau commented #283
andras
@andras:matrix.circl.lu
[m]
/events/restSearch is what you should be using these days
2 replies
POST this:
{
"returnFormat": "stix",
"other_parameters": ["foo"]
}
for the available parameters / filters
have a look at the API documentation in MISP
API -> OpenAPI
Yeah that is outdated
Have a look at restsearch as described above
andras
@andras:matrix.circl.lu
[m]
Should be much more flexible and produce the same output
1 reply
/events/stix is actually internally remapping to restsearch to support legacy apps
andras
@andras:matrix.circl.lu
[m]
{
"returnFormat": "stix",
"publish_timestamp": "24h"
}
POST that to /events/restSearch
alternativelly, if you can'd to POST requests
you can
GET /events/restSearch/returnFormat:stix/publish_timestamp:24h
but I'd highly advise you to use POST requests
cybgit
@cybgit
@andras:matrix.circl.lu as you're here :) Got 2 questions. Is pymisp a different API endpoint within the server than say events/restSearch and attributes/restSearch? Like, does pymisp library call to something different entirely?
andras
@andras:matrix.circl.lu
[m]
nono it calls the normal API endpoints
for the search it uses both /events/index and the restSearch endpoints depending on your search scope IIRC
it is just an overlay over those, making their usage a bit more sane ;)
cybgit
@cybgit
yeah i was hoping that was the case. So this is why i ask.
andras
@andras:matrix.circl.lu
[m]
😎
Luca
@lucacyber
i try get request /events/restSearch/returnFormat:stix/publish_timestamp:24h and WORKS, now i'd like to try post request: {
"returnFormat": "stix",
"publish_timestamp": "24h"
} but from where can i run it?
5 replies
cybgit
@cybgit
When using pymisp i seem to get more info back than doing an events/restSearch primarily i'm interested in knowing if an attribute is on a feed
8 replies
so here is pymisp
image.png
andras
@andras:matrix.circl.lu
[m]
nah, we don't use it ourselves, so no experience with tippingpoint sadly
I'll have a look in a bit currently in a conf call
but it should be the same
cybgit
@cybgit
yeah sure mate no worries. Appreciated as always. I've looked in the docs and the options available on restclient on the UI and can't see anything like includeFeeds or includeWarninghits for e.g
andras
@andras:matrix.circl.lu
[m]
had a super quick look
looks like some parameters are indeed not escribed
"includeWarninglistHits", "includeFeedCorrelations", "includeServerCorrelations"
these are the 3 you're probably after
always just set 1 as value to enable them
cybgit
@cybgit
arr so they should work if i call them then they are just not mentioned anywhere
i'll give it a go
andras
@andras:matrix.circl.lu
[m]
yup!
cybgit
@cybgit
AWESOME!!! its worked
andras
@andras:matrix.circl.lu
[m]
yay B-)
cybgit
@cybgit
Out of interest if its quick - where did you look on a misp to find them? I presume there in the api code somewhere
andras
@andras:matrix.circl.lu
[m]
I looked directly in the code like a chump
/var/www/MISP/app/Model/Event.php, fetchEvent() function
cybgit
@cybgit
awesome. arrr right cool. Cheers
andras
@andras:matrix.circl.lu
[m]
you can use "timestamp":"24h"
for events added/edited
sorry not entirely sure I follow
there are two metrics you can use to subselect the data based on time
publish_timestamp: events published the past 24 hours
timestamp: events added/modified the past 24 hours
cybgit
@cybgit
Presume the above is for @lucatrabalza :)