Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • Sep 27 09:25

    iglocska on master

    Some minor changes to the docum… (compare)

  • Sep 26 14:16
    adulau commented #284
  • Sep 26 14:15
    adulau closed #284
  • Sep 26 14:15

    adulau on main

    logical typo fixed help manual Merge pull request #284 from Co… (compare)

  • Sep 26 13:40
    Cooper-Dale opened #284
  • Sep 14 17:24
    adulau commented #283
  • Sep 14 17:24

    adulau on main

    chg: [synchronisation] clarify … Merge pull request #283 from Wa… (compare)

  • Sep 14 17:24
    adulau closed #283
  • Sep 14 15:45
    Wachizungu opened #283
  • Jun 30 14:58

    chrisr3d on main

    fix: [python doc] Updated instr… (compare)

  • Jun 27 04:44

    cvandeplas on main

    Fixes broken GH taxonomy links Merge pull request #282 from 00… (compare)

  • Jun 27 04:44
    cvandeplas closed #282
  • Jun 27 04:44
    cvandeplas commented #282
  • Jun 26 21:36
    00willo opened #282
  • Jun 02 12:32

    SteveClement on main

    chg: [doc] removed trailing spa… fix: [pdf] PDF conversion works… Merge branch 'MISP:main' into m… and 1 more (compare)

  • Jun 02 12:32
    SteveClement closed #281
  • Jun 02 12:31
    SteveClement opened #281
  • Jun 01 19:56

    SteveClement on main

    chg: [workflow] PDF fails, putt… chg: [workflow] PDF fails, remo… Merge branch 'MISP:main' into m… and 1 more (compare)

  • Jun 01 19:56
    SteveClement closed #280
  • Jun 01 19:56
    SteveClement opened #280
andras
@andras:matrix.circl.lu
[m]
but I'd highly advise you to use POST requests
cybgit
@cybgit
@andras:matrix.circl.lu as you're here :) Got 2 questions. Is pymisp a different API endpoint within the server than say events/restSearch and attributes/restSearch? Like, does pymisp library call to something different entirely?
andras
@andras:matrix.circl.lu
[m]
nono it calls the normal API endpoints
for the search it uses both /events/index and the restSearch endpoints depending on your search scope IIRC
it is just an overlay over those, making their usage a bit more sane ;)
cybgit
@cybgit
yeah i was hoping that was the case. So this is why i ask.
andras
@andras:matrix.circl.lu
[m]
😎
Luca
@lucacyber
i try get request /events/restSearch/returnFormat:stix/publish_timestamp:24h and WORKS, now i'd like to try post request: {
"returnFormat": "stix",
"publish_timestamp": "24h"
} but from where can i run it?
5 replies
cybgit
@cybgit
When using pymisp i seem to get more info back than doing an events/restSearch primarily i'm interested in knowing if an attribute is on a feed
8 replies
so here is pymisp
image.png
andras
@andras:matrix.circl.lu
[m]
nah, we don't use it ourselves, so no experience with tippingpoint sadly
I'll have a look in a bit currently in a conf call
but it should be the same
cybgit
@cybgit
yeah sure mate no worries. Appreciated as always. I've looked in the docs and the options available on restclient on the UI and can't see anything like includeFeeds or includeWarninghits for e.g
andras
@andras:matrix.circl.lu
[m]
had a super quick look
looks like some parameters are indeed not escribed
"includeWarninglistHits", "includeFeedCorrelations", "includeServerCorrelations"
these are the 3 you're probably after
always just set 1 as value to enable them
cybgit
@cybgit
arr so they should work if i call them then they are just not mentioned anywhere
i'll give it a go
andras
@andras:matrix.circl.lu
[m]
yup!
cybgit
@cybgit
AWESOME!!! its worked
andras
@andras:matrix.circl.lu
[m]
yay B-)
cybgit
@cybgit
Out of interest if its quick - where did you look on a misp to find them? I presume there in the api code somewhere
andras
@andras:matrix.circl.lu
[m]
I looked directly in the code like a chump
/var/www/MISP/app/Model/Event.php, fetchEvent() function
cybgit
@cybgit
awesome. arrr right cool. Cheers
andras
@andras:matrix.circl.lu
[m]
you can use "timestamp":"24h"
for events added/edited
sorry not entirely sure I follow
there are two metrics you can use to subselect the data based on time
publish_timestamp: events published the past 24 hours
timestamp: events added/modified the past 24 hours
cybgit
@cybgit
Presume the above is for @lucatrabalza :)
andras
@andras:matrix.circl.lu
[m]
content type and accept should both be application/json
otherwise your parameters are ignored
cybgit
@cybgit
yeah as you are sending json data in the -d
Also, probably worth obfuscating your API token when posting or at least delete that one :)
andras
@andras:matrix.circl.lu
[m]
yeah probably a good oment to invalidate that key :)
moment* even
Luca
@lucacyber
@lucatrabalza
i try this:
cat 2337982.json | curl --insecure -H "Authorization: xxxxxxx" -H "Content-type: application/json" -H "Accept: application/json" -X "POST" https://xxxxx/events/add
and give me this error:
{"name":"No valid event data received.","message":"No valid event data received.","url":"\/events\/add\/"}
3 replies
andras
@andras:matrix.circl.lu
[m]
--data "@/foo/bar/baz.json"
Luca
@lucacyber
curl --location --request POST 'https://MY IP/events/add' --header 'Accept: application/json' --header 'Content-Type: application/json'--header 'Authorization: MY KEY' --data "@filename.json"

i run this and give me a ssl error: curl: (60) SSL certificate problem: self signed certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
curl: (3) Port number ended with 'R'

is strange cause if i run the comand to export: curl --insecure -H "Authorization: APY KEY" -H "Content-type: application/json" -H "Accept: application/json" -X "POST" https://ip/events/restSearch -d '{"returnFormat": "stix", "publish_timestamp": "24h"}', don't give me errors
andras
@andras:matrix.circl.lu
[m]
ok, debugging basic curl usage isn't really my thing - but just a hint: have a look at what the --insecure flag (used in the second query) does ;)
Luca
@lucacyber
curl --location --request "POST" https://172.x.x.x/events/add -H "Accept: application/json" -H "Content-Type: application/json"--header --insecure "Authorization: xxxxxx" --data "@2337982.json"
i did this and give me this error: {"name":"No valid event data received.","message":"No valid event data received.","url":"\/events\/add"}