MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

add: [OpenAPI] objects restsearch endpoint docs

pull/8765/head
Luciano Righetti 2022-11-18 12:32:30 +01:00
parent 757908e81f
commit 0bded9c30f
No known key found for this signature in database
GPG Key ID: CB91F2A37C557248
1 changed files with 227 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

252
app/webroot/doc/openapi.yaml
View File

@ -13,7 +13,7 @@ info:
To get an API key there are several options:
* **[UI]** Go to [My Profile -> Auth Keys](/auth_keys/index) section and click on `+ Add authentication key`
* **[UI]** As an admin go to the the [Administration -> List Users -> View](/admin/users/view/[id]) page of the user you want to create an auth key for and on the `Auth keys` section click on `+ Add authentication key`
* **[CLI]** Use the following command: `./app/Console/cake user change_authkey [e-mail/user_id]`
@ -1896,6 +1896,24 @@ paths:
default:
$ref: "#/components/responses/ApiErrorResponse"
/objects/restsearch:
post:
summary: "[restSearch] Get a filtered and paginated list of objects"
description: |
**This is the recommended endpoint for searching objects.**
operationId: restSearchObjects
tags:
- Objects
requestBody:
$ref: "#/components/requestBodies/RestSearchObjectsRequest"
responses:
"200":
$ref: "#/components/responses/ObjectsRestSearchResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/objects/add/{eventId}/{objectTemplateId}:
post:
summary: "Add an object to an event"
@ -2854,9 +2872,7 @@ components:
eventid:
$ref: "#/components/schemas/EventId"
withAttachments:
description: "Extends the response with the base64 representation of the attachment, if there is one"
type: boolean
default: false
$ref: "#/components/schemas/WithAttachmentsRestSearchFilter"
uuid:
$ref: "#/components/schemas/UUID"
publish_timestamp:
@ -2870,7 +2886,7 @@ components:
enforceWarninglist:
$ref: "#/components/schemas/EnforceWarninglistRestSearchFilter"
to_ids:
$ref: "#/components/schemas/ToIDS"
$ref: "#/components/schemas/ToIDSRestSearchFlag"
deleted:
$ref: "#/components/schemas/SoftDeletedFlag"
event_timestamp:
@ -2883,11 +2899,9 @@ components:
sharinggroup:
$ref: "#/components/schemas/SharingGroupIDRestSearchFilter"
decayingModel:
description: "Specify the decaying model from which the decaying score should be calculated"
type: string
$ref: "#/components/schemas/DecayingModelRestSearchFilter"
score:
description: "An alias to override on-the-fly the threshold of the decaying model"
type: string
$ref: "#/components/schemas/DecayingModelScoreRestSearchFilter"
first_seen:
description: "Seen within the last x amount of time, where x can be defined in days, hours, minutes (for example 5d or 12h or 30m)"
type: string
@ -2919,17 +2933,11 @@ components:
modelOverrides:
$ref: "#/components/schemas/ModelOverridesRestSearchFilter"
includeDecayScore:
description: "Include all enabled decaying score"
type: boolean
default: false
$ref: "#/components/schemas/IncludeDecayScoreRestSearchFlag"
includeFullModel:
description: "Include all model information of matching events in the response"
type: boolean
default: false
$ref: "#/components/schemas/IncludeFullModelRestSearchFlag"
excludeDecayed:
description: "Should the decayed elements by excluded"
type: boolean
default: false
$ref: "#/components/schemas/ExcludeDecayedRestSearchFlag"
returnFormat:
$ref: "#/components/schemas/AttributesRestSearchReturnFormat"
@ -3391,6 +3399,126 @@ components:
maxLength: 10
example: "12345"
ObjectRestSearchList:
type: object
properties:
Object:
$ref: "#/components/schemas/Object"
ObjectRestSearchFilter:
type: object
properties:
page:
$ref: "#/components/schemas/PageSearchFilter"
limit:
$ref: "#/components/schemas/LimitSearchFilter"
quickFilter:
$ref: "#/components/schemas/SearchAllRestSearchFilter"
searchall:
$ref: "#/components/schemas/SearchAllRestSearchFilter"
timestamp:
$ref: "#/components/schemas/Timestamp"
object_name:
$ref: "#/components/schemas/ObjectName"
object_template_uuid:
$ref: "#/components/schemas/UUID"
object_template_version:
$ref: "#/components/schemas/ObjectTemplateVersion"
eventid:
$ref: "#/components/schemas/EventId"
eventinfo:
$ref: "#/components/schemas/EventInfo"
ignore:
description: "If true matches both true and false values for `to_ids` and `published`"
type: boolean
default: false
from:
$ref: "#/components/schemas/DateRestSearchFilter"
to:
$ref: "#/components/schemas/DateRestSearchFilter"
date:
$ref: "#/components/schemas/DateRestSearchFilter"
tags:
$ref: "#/components/schemas/TagsRestSearchFilter"
last:
$ref: "#/components/schemas/LastRestSearchFilter"
event_timestamp:
$ref: "#/components/schemas/Timestamp"
publish_timestamp:
$ref: "#/components/schemas/Timestamp"
org:
oneOf:
- $ref: "#/components/schemas/OrganisationId"
- $ref: "#/components/schemas/OrganisationName"
uuid:
$ref: "#/components/schemas/UUID"
value:
$ref: "#/components/schemas/AttributeValue"
type:
$ref: "#/components/schemas/AttributeType"
category:
$ref: "#/components/schemas/AttributeCategory"
object_relation:
$ref: "#/components/schemas/ObjectRelationRestSearchFilter"
attribute_timestamp:
$ref: "#/components/schemas/Timestamp"
first_seen:
$ref: "#/components/schemas/NullableMicroTimestamp"
last_seen:
$ref: "#/components/schemas/NullableMicroTimestamp"
comment:
$ref: "#/components/schemas/AttributeComment"
to_ids:
$ref: "#/components/schemas/ToIDSRestSearchFlag"
published:
$ref: "#/components/schemas/PublishedFlag"
deleted:
$ref: "#/components/schemas/SoftDeletedFlag"
withAttachments:
$ref: "#/components/schemas/WithAttachmentsRestSearchFilter"
enforceWarninglist:
$ref: "#/components/schemas/EnforceWarninglistRestSearchFilter"
includeAllTags:
$ref: "#/components/schemas/IncludeAllTagsRestSearchFilter"
includeEventUuid:
$ref: "#/components/schemas/IncludeEventUUIDRestSearchFlag"
include_event_uuid:
$ref: "#/components/schemas/IncludeEventUUIDRestSearchFlag"
includeEventTags:
$ref: "#/components/schemas/IncludeEventTagsRestSearchFlag"
includeProposals:
$ref: "#/components/schemas/IncludeProposalsRestSearchFlag"
includeWarninglistHits:
$ref: "#/components/schemas/IncludeWarninglistHitsRestSearchFlag"
includeContext:
$ref: "#/components/schemas/IncludeContextRestSearchFlag"
includeSightings:
$ref: "#/components/schemas/IncludeContextRestSearchFlag"
includeSightingdb:
$ref: "#/components/schemas/IncludeSightingDbRestSearchFlag"
includeCorrelations:
$ref: "#/components/schemas/IncludeCorrelationsRestSearchFlag"
includeDecayScore:
$ref: "#/components/schemas/IncludeDecayScoreRestSearchFlag"
includeFullModel:
$ref: "#/components/schemas/IncludeFullModelRestSearchFlag"
allow_proposal_blocking:
$ref: "#/components/schemas/AllowProposalBlockingRestSearchFlag"
metadata:
$ref: "#/components/schemas/MetadataRestSearchFilter"
attackGalaxy:
$ref: "#/components/schemas/AttackGalaxyRestSearchFilter"
excludeDecayed:
$ref: "#/components/schemas/ExcludeDecayedRestSearchFlag"
decayingModel:
$ref: "#/components/schemas/DecayingModelRestSearchFilter"
modelOverrides:
$ref: "#/components/schemas/ModelOverridesRestSearchFilter"
score:
$ref: "#/components/schemas/DecayingModelScoreRestSearchFilter"
returnFormat:
$ref: "#/components/schemas/ObjectsRestSearchReturnFormat"
# Sightings
SightingId:
type: string
@ -5391,6 +5519,15 @@ components:
type: string
example: "tlp:amber"
SearchAllRestSearchFilter:
description: "Search events by matching any tag names, event descriptions, attribute values or attribute comments"
type: string
example: malware
ToIDSRestSearchFlag:
nullable: true
type: boolean
SharingGroupIDRestSearchFilter:
description: "Sharing group ID(s), either as single string or list of IDs"
nullable: true
@ -5398,6 +5535,14 @@ components:
type: string
example: "1"
DecayingModelRestSearchFilter:
description: "Specify the decaying model from which the decaying score should be calculated"
type: string
DecayingModelScoreRestSearchFilter:
description: "An alias to override on-the-fly the threshold of the decaying model"
type: string
MetadataRestSearchFilter:
description: "Will only return the metadata of the given query scope, contained data is omitted."
nullable: true
@ -5408,6 +5553,11 @@ components:
type: boolean
default: false
IncludeAllTagsRestSearchFilter:
description: "Include also exportable tags"
type: boolean
default: false
IncludeEventTagsRestSearchFlag:
description: "Include tags of matching events in the response"
type: boolean
@ -5423,6 +5573,11 @@ components:
nullable: true
type: boolean
WithAttachmentsRestSearchFilter:
description: "Extends the response with the base64 representation of the attachment, if there is one"
type: boolean
default: false
RequestedAttributesRestSearchFilter:
description: "List of properties that will be selected in the CSV export"
type: array
@ -5463,6 +5618,26 @@ components:
nullable: true
type: boolean
IncludeDecayScoreRestSearchFlag:
description: "Include all enabled decaying score"
type: boolean
default: false
IncludeFullModelRestSearchFlag:
description: "Include all model information of matching events in the response"
type: boolean
default: false
AllowProposalBlockingRestSearchFlag:
description: "Allow blocking attributes from to_ids sensitive exports if a proposal has been made to it to remove the IDS flag"
type: boolean
default: false
ExcludeDecayedRestSearchFlag:
description: "Should the decayed elements by excluded"
type: boolean
default: false
ModelOverridesRestSearchFilter:
$ref: "#/components/schemas/DecayingModelParameters"
@ -5600,6 +5775,12 @@ components:
- yara
- yara-json
ObjectsRestSearchReturnFormat:
description: "Format of the response payload"
type: string
enum:
- json
ObjectRelationRestSearchFilter:
description: "Filter by the attribute object relation value"
nullable: true
@ -5731,7 +5912,6 @@ components:
name: local
in: path
description: "Whether the object should be attached locally or not to the target"
required: false
schema:
$ref: "#/components/schemas/Local"
@ -6211,9 +6391,7 @@ components:
event_tags:
$ref: "#/components/schemas/TagsRestSearchFilter"
searchall:
description: "Search events by matching any tag names, event descriptions, attribute values or attribute comments"
type: string
example: malware
$ref: "#/components/schemas/SearchAllRestSearchFilter"
from:
$ref: "#/components/schemas/DateRestSearchFilter"
to:
@ -6223,9 +6401,7 @@ components:
eventid:
$ref: "#/components/schemas/EventId"
withAttachments:
description: "Extends the response with the base64 representation of the attachment, if there is one"
type: boolean
default: false
$ref: "#/components/schemas/WithAttachmentsRestSearchFilter"
sharinggroup:
$ref: "#/components/schemas/SharingGroupIDRestSearchFilter"
metadata:
@ -6626,6 +6802,13 @@ components:
type: integer
example: 1
RestSearchObjectsRequest:
required: true
content:
application/json:
schema:
$ref: "#/components/schemas/ObjectRestSearchFilter"
AddObjectRequest:
content:
application/json:
@ -8514,6 +8697,25 @@ components:
type: string
example: "/objects/delete/1"
ObjectsRestSearchResponse:
description: "Rest search objects response"
headers:
X-Result-Count:
$ref: "#/components/headers/X-Result-Count"
X-Export-Module-Used:
$ref: "#/components/headers/X-Export-Module-Used"
X-Response-Format:
$ref: "#/components/headers/X-Response-Format"
content:
application/json:
schema:
type: object
properties:
response:
type: array
items:
$ref: "#/components/schemas/ObjectRestSearchList"
SightingListResponse:
description: "Get sightings response"
content: