Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • Jun 30 14:58

    chrisr3d on main

    fix: [python doc] Updated instr… (compare)

  • Jun 27 04:44

    cvandeplas on main

    Fixes broken GH taxonomy links Merge pull request #282 from 00… (compare)

  • Jun 27 04:44
    cvandeplas closed #282
  • Jun 27 04:44
    cvandeplas commented #282
  • Jun 26 21:36
    00willo opened #282
  • Jun 02 12:32

    SteveClement on main

    chg: [doc] removed trailing spa… fix: [pdf] PDF conversion works… Merge branch 'MISP:main' into m… and 1 more (compare)

  • Jun 02 12:32
    SteveClement closed #281
  • Jun 02 12:31
    SteveClement opened #281
  • Jun 01 19:56

    SteveClement on main

    chg: [workflow] PDF fails, putt… chg: [workflow] PDF fails, remo… Merge branch 'MISP:main' into m… and 1 more (compare)

  • Jun 01 19:56
    SteveClement closed #280
  • Jun 01 19:56
    SteveClement opened #280
  • Jun 01 15:58

    SteveClement on main

    chg: [workflow] use node_module… chg: [dbg] Workflow chg: [dbg] Workflow, split plug… and 8 more (compare)

  • Jun 01 15:58
    SteveClement closed #279
  • Jun 01 15:57
    SteveClement opened #279
  • Jun 01 14:06

    SteveClement on main

    chg: [doc] Made it working with… new: [workflow] first tentative… chg: [workflow] because npm is … and 4 more (compare)

  • Jun 01 14:06
    SteveClement closed #278
  • Jun 01 14:06
    SteveClement opened #278
  • Jun 01 09:36

    adulau on main

    chg: [honkit] fixes (compare)

  • Jun 01 09:31

    adulau on main

    chg: [workflow] because npm is … (compare)

  • Jun 01 09:23

    adulau on main

    chg: [workflow] because npm is … (compare)

cybgit
@cybgit
yeah sure mate no worries. Appreciated as always. I've looked in the docs and the options available on restclient on the UI and can't see anything like includeFeeds or includeWarninghits for e.g
andras
@andras:matrix.circl.lu
[m]
had a super quick look
looks like some parameters are indeed not escribed
"includeWarninglistHits", "includeFeedCorrelations", "includeServerCorrelations"
these are the 3 you're probably after
always just set 1 as value to enable them
cybgit
@cybgit
arr so they should work if i call them then they are just not mentioned anywhere
i'll give it a go
andras
@andras:matrix.circl.lu
[m]
yup!
cybgit
@cybgit
AWESOME!!! its worked
andras
@andras:matrix.circl.lu
[m]
yay B-)
cybgit
@cybgit
Out of interest if its quick - where did you look on a misp to find them? I presume there in the api code somewhere
andras
@andras:matrix.circl.lu
[m]
I looked directly in the code like a chump
/var/www/MISP/app/Model/Event.php, fetchEvent() function
cybgit
@cybgit
awesome. arrr right cool. Cheers
andras
@andras:matrix.circl.lu
[m]
you can use "timestamp":"24h"
for events added/edited
sorry not entirely sure I follow
there are two metrics you can use to subselect the data based on time
publish_timestamp: events published the past 24 hours
timestamp: events added/modified the past 24 hours
cybgit
@cybgit
Presume the above is for @lucatrabalza :)
andras
@andras:matrix.circl.lu
[m]
content type and accept should both be application/json
otherwise your parameters are ignored
cybgit
@cybgit
yeah as you are sending json data in the -d
Also, probably worth obfuscating your API token when posting or at least delete that one :)
andras
@andras:matrix.circl.lu
[m]
yeah probably a good oment to invalidate that key :)
moment* even
Luca
@lucacyber
@lucatrabalza
i try this:
cat 2337982.json | curl --insecure -H "Authorization: xxxxxxx" -H "Content-type: application/json" -H "Accept: application/json" -X "POST" https://xxxxx/events/add
and give me this error:
{"name":"No valid event data received.","message":"No valid event data received.","url":"\/events\/add\/"}
3 replies
andras
@andras:matrix.circl.lu
[m]
--data "@/foo/bar/baz.json"
Luca
@lucacyber
curl --location --request POST 'https://MY IP/events/add' --header 'Accept: application/json' --header 'Content-Type: application/json'--header 'Authorization: MY KEY' --data "@filename.json"

i run this and give me a ssl error: curl: (60) SSL certificate problem: self signed certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
curl: (3) Port number ended with 'R'

is strange cause if i run the comand to export: curl --insecure -H "Authorization: APY KEY" -H "Content-type: application/json" -H "Accept: application/json" -X "POST" https://ip/events/restSearch -d '{"returnFormat": "stix", "publish_timestamp": "24h"}', don't give me errors
andras
@andras:matrix.circl.lu
[m]
ok, debugging basic curl usage isn't really my thing - but just a hint: have a look at what the --insecure flag (used in the second query) does ;)
Luca
@lucacyber
curl --location --request "POST" https://172.x.x.x/events/add -H "Accept: application/json" -H "Content-Type: application/json"--header --insecure "Authorization: xxxxxx" --data "@2337982.json"
i did this and give me this error: {"name":"No valid event data received.","message":"No valid event data received.","url":"\/events\/add"}
Luca
@lucacyber
this is the first part of the file
{"response":[{
"Event": {
"id": "xx",
"orgc_id": "xx",
"org_id": "xx",
"date": "2021-08-04",
"threat_level_id": "2",
"info": "xxxxx",
"published": true,
"uuid": "xxxx",
"attribute_count": "45",
"analysis": "2",
"timestamp": "xx",
"distribution": "2",
"proposal_email_lock": false,
"locked": false,
"publish_timestamp": "xx",
"sharing_group_id": "0",
"disable_correlation": false,
"extends_uuid": "",
"Org": {
"id": "295",
"name": "x",
"uuid": "xxx"
},
"Orgc": {
"id": "x",
"name": "x",
"uuid": "x"
},
"Attribute": [
{
Sascha Rommelfangen
@rommelfs
I see two potential problems: (1) you didn’t specify the path (2) check if 2337982.json is valid json
29 replies
andras
@andras:matrix.circl.lu
[m]
strip this:
{"response":[
it should be {"Event":...
andras
@andras:matrix.circl.lu
[m]
I think that the error messages are pretty clear.
curl -d "@curl101.json" --insecure -H "Authorization: YOUR_API_KEY" -H "Accept: application/json" -H "Content-type: application/json" -X POST https://foo.bar.baz/events/add
Luca
@lucacyber
yes now the result is different, if i run---> curl -d "@filename.json" --insecure -H "Authorization: MY KEY" -H "Accept: application/json" -H "Content-type: application/json" -X POST https://172.29.3.38/events/add
i have ---> {
"saved": false,
"name": "Could not add Event",
"message": "Could not add Event",
"url": "\/events\/add",
"errors": []
}
"saved": false,
"name": "Could not add Event",
"message": "Could not add Event",
"url": "\/events\/add",
"errors": {
"Event": {
"info": [
"valueNotEmpty"
]
}
}
3 replies
luciano (righel)
@luciano:matrix.circl.lu
[m]

that JSON is invalid, the response key must be removed. the payload should be:

{
   "Event": {
      "id": "xx",
      "orgc_id": "xx",
      ...

or:

{
   "id": "xx",
   "orgc_id": "xx",
    ...

but NOT with response key:

{
   "response":[{ <--- NO
      "Event": {
      ...
Luca
@lucacyber
ok, but why if import this json from the MISP web interface works?
andras
@andras:matrix.circl.lu
[m]
Because it’s a different endpoint