Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • Jun 30 14:58

    chrisr3d on main

    fix: [python doc] Updated instr… (compare)

  • Jun 27 04:44

    cvandeplas on main

    Fixes broken GH taxonomy links Merge pull request #282 from 00… (compare)

  • Jun 27 04:44
    cvandeplas closed #282
  • Jun 27 04:44
    cvandeplas commented #282
  • Jun 26 21:36
    00willo opened #282
  • Jun 02 12:32

    SteveClement on main

    chg: [doc] removed trailing spa… fix: [pdf] PDF conversion works… Merge branch 'MISP:main' into m… and 1 more (compare)

  • Jun 02 12:32
    SteveClement closed #281
  • Jun 02 12:31
    SteveClement opened #281
  • Jun 01 19:56

    SteveClement on main

    chg: [workflow] PDF fails, putt… chg: [workflow] PDF fails, remo… Merge branch 'MISP:main' into m… and 1 more (compare)

  • Jun 01 19:56
    SteveClement closed #280
  • Jun 01 19:56
    SteveClement opened #280
  • Jun 01 15:58

    SteveClement on main

    chg: [workflow] use node_module… chg: [dbg] Workflow chg: [dbg] Workflow, split plug… and 8 more (compare)

  • Jun 01 15:58
    SteveClement closed #279
  • Jun 01 15:57
    SteveClement opened #279
  • Jun 01 14:06

    SteveClement on main

    chg: [doc] Made it working with… new: [workflow] first tentative… chg: [workflow] because npm is … and 4 more (compare)

  • Jun 01 14:06
    SteveClement closed #278
  • Jun 01 14:06
    SteveClement opened #278
  • Jun 01 09:36

    adulau on main

    chg: [honkit] fixes (compare)

  • Jun 01 09:31

    adulau on main

    chg: [workflow] because npm is … (compare)

  • Jun 01 09:23

    adulau on main

    chg: [workflow] because npm is … (compare)

andras
@andras:matrix.circl.lu
[m]
looks like some parameters are indeed not escribed
"includeWarninglistHits", "includeFeedCorrelations", "includeServerCorrelations"
these are the 3 you're probably after
always just set 1 as value to enable them
cybgit
@cybgit
arr so they should work if i call them then they are just not mentioned anywhere
i'll give it a go
andras
@andras:matrix.circl.lu
[m]
yup!
cybgit
@cybgit
AWESOME!!! its worked
andras
@andras:matrix.circl.lu
[m]
yay B-)
cybgit
@cybgit
Out of interest if its quick - where did you look on a misp to find them? I presume there in the api code somewhere
andras
@andras:matrix.circl.lu
[m]
I looked directly in the code like a chump
/var/www/MISP/app/Model/Event.php, fetchEvent() function
cybgit
@cybgit
awesome. arrr right cool. Cheers
andras
@andras:matrix.circl.lu
[m]
you can use "timestamp":"24h"
for events added/edited
sorry not entirely sure I follow
there are two metrics you can use to subselect the data based on time
publish_timestamp: events published the past 24 hours
timestamp: events added/modified the past 24 hours
cybgit
@cybgit
Presume the above is for @lucatrabalza :)
andras
@andras:matrix.circl.lu
[m]
content type and accept should both be application/json
otherwise your parameters are ignored
cybgit
@cybgit
yeah as you are sending json data in the -d
Also, probably worth obfuscating your API token when posting or at least delete that one :)
andras
@andras:matrix.circl.lu
[m]
yeah probably a good oment to invalidate that key :)
moment* even
Luca
@lucacyber
@lucatrabalza
i try this:
cat 2337982.json | curl --insecure -H "Authorization: xxxxxxx" -H "Content-type: application/json" -H "Accept: application/json" -X "POST" https://xxxxx/events/add
and give me this error:
{"name":"No valid event data received.","message":"No valid event data received.","url":"\/events\/add\/"}
3 replies
andras
@andras:matrix.circl.lu
[m]
--data "@/foo/bar/baz.json"
Luca
@lucacyber
curl --location --request POST 'https://MY IP/events/add' --header 'Accept: application/json' --header 'Content-Type: application/json'--header 'Authorization: MY KEY' --data "@filename.json"

i run this and give me a ssl error: curl: (60) SSL certificate problem: self signed certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
curl: (3) Port number ended with 'R'

is strange cause if i run the comand to export: curl --insecure -H "Authorization: APY KEY" -H "Content-type: application/json" -H "Accept: application/json" -X "POST" https://ip/events/restSearch -d '{"returnFormat": "stix", "publish_timestamp": "24h"}', don't give me errors
andras
@andras:matrix.circl.lu
[m]
ok, debugging basic curl usage isn't really my thing - but just a hint: have a look at what the --insecure flag (used in the second query) does ;)
Luca
@lucacyber
curl --location --request "POST" https://172.x.x.x/events/add -H "Accept: application/json" -H "Content-Type: application/json"--header --insecure "Authorization: xxxxxx" --data "@2337982.json"
i did this and give me this error: {"name":"No valid event data received.","message":"No valid event data received.","url":"\/events\/add"}
Luca
@lucacyber
this is the first part of the file
{"response":[{
"Event": {
"id": "xx",
"orgc_id": "xx",
"org_id": "xx",
"date": "2021-08-04",
"threat_level_id": "2",
"info": "xxxxx",
"published": true,
"uuid": "xxxx",
"attribute_count": "45",
"analysis": "2",
"timestamp": "xx",
"distribution": "2",
"proposal_email_lock": false,
"locked": false,
"publish_timestamp": "xx",
"sharing_group_id": "0",
"disable_correlation": false,
"extends_uuid": "",
"Org": {
"id": "295",
"name": "x",
"uuid": "xxx"
},
"Orgc": {
"id": "x",
"name": "x",
"uuid": "x"
},
"Attribute": [
{
Sascha Rommelfangen
@rommelfs
I see two potential problems: (1) you didn’t specify the path (2) check if 2337982.json is valid json
29 replies
andras
@andras:matrix.circl.lu
[m]
strip this:
{"response":[
it should be {"Event":...
andras
@andras:matrix.circl.lu
[m]
I think that the error messages are pretty clear.
curl -d "@curl101.json" --insecure -H "Authorization: YOUR_API_KEY" -H "Accept: application/json" -H "Content-type: application/json" -X POST https://foo.bar.baz/events/add
Luca
@lucacyber
yes now the result is different, if i run---> curl -d "@filename.json" --insecure -H "Authorization: MY KEY" -H "Accept: application/json" -H "Content-type: application/json" -X POST https://172.29.3.38/events/add
i have ---> {
"saved": false,
"name": "Could not add Event",
"message": "Could not add Event",
"url": "\/events\/add",
"errors": []
}
"saved": false,
"name": "Could not add Event",
"message": "Could not add Event",
"url": "\/events\/add",
"errors": {
"Event": {
"info": [
"valueNotEmpty"
]
}
}
3 replies
luciano (righel)
@luciano:matrix.circl.lu
[m]

that JSON is invalid, the response key must be removed. the payload should be:

{
   "Event": {
      "id": "xx",
      "orgc_id": "xx",
      ...

or:

{
   "id": "xx",
   "orgc_id": "xx",
    ...

but NOT with response key:

{
   "response":[{ <--- NO
      "Event": {
      ...
Luca
@lucacyber
ok, but why if import this json from the MISP web interface works?
andras
@andras:matrix.circl.lu
[m]
Because it’s a different endpoint
Luca
@lucacyber
yes okay now i change into {
"Event": {
"id": "xxxxx",
"orgc_id": "xxxxx",
"org_id": "xxxxx",
"date": "2021-08-10",
"threat_level_id": "3",
"info": "Ixxxxx",
"published": true,
"uuid": "xxxxx",
"attribute_count": "21",
"analysis": "2",
"timestamp": "xxxxx",
"distribution": "2",
"proposal_email_lock": false,
"locked": false,
"publish_timestamp": "xxxxx",
"sharing_group_id": "0",
"disable_correlation": false,
"extends_uuid": "",
and give me this