MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

minor improvements in documentation

pull/217/head
Christophe Vandeplas 2013-06-11 00:23:01 +02:00
parent 0dc596fcac
commit b7a60d6b71
5 changed files with 70 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
app/View/Pages/administration.ctp
View File

@ -18,12 +18,12 @@
</div>
<div class="index" style="width:80%">
<h2><a name ="blacklist"></a>Import Blacklist</h2>
<h2><a id="blacklist"></a>Import Blacklist</h2>
It is possible to ban certain values from ever being entered into the system via an event info field or an attribute value. This is done by blacklisting the value in this section.<br />
<h3>Adding and modifying entries</h3>
Administrators can add, edit or delete blacklisted items by using the appropriate functions in the list's action menu and the menu on the left.<br />
<hr />
<h2><a name ="regexp"></a>Import Regexp</h2>
<h2><a id="regexp"></a>Import Regexp</h2>
The system allows administrators to set up rules for regular expressions that will automatically alter newly entered or imported events (from GFI Sandbox).<br />
<h3>The purpose of Import Regexp entries</h3>
They can be used for several things, such as unifying the capitalisation of file paths for more accurate event correlation or to automatically censor the usernames and use system path variable names (changing C:\Users\UserName\Appdata\Roaming\file.exe to %APPDATA%\file.exe).<br />
@ -32,7 +32,7 @@ The second use is blocking, if a regular expression is entered with a blank repl
Administrators can add, edit or delete regular expression rules, which are made up of a regex pattern that the system searches for and a replacement for the detected pattern.<br />
<p><img src="/img/doc/regexp.png" alt = "" title = "Add, edit or remove Regexp entries that will affect all newly created attributes here."/></p><br />
<hr />
<h2><a name ="whitelist"></a>Managing the Signature whitelist</h2>
<h2><a id="whitelist"></a>Managing the Signature whitelist</h2>
The signature whitelist view, accessible through the administration menu on the left, allows administrators to create and maintain a list of addresses that are whitelisted from ever being added to the NIDS signatures. Addresses listed here will be commented out when exporting the NIDS list.<br />
<h3>Whitelisting an address:</h3>
While in the whitelist view, click on New Whitelist on the left to bring up the add whitelist view to add a new address. <br />
@ -40,7 +40,7 @@ The signature whitelist view, accessible through the administration menu on the
When viewing the list of whitelisted addresses, the following pieces of information are shown: The ID of the whitelist entry (assigned automatically when a new address is added), the address itself that is being whitelisted and a set of controls allowing you to delete the entry or edit the address.<br />
<img src="/img/doc/whitelist.png" alt = "Whitelist" title = "You can edit or delete currently white-listed addresses using the action buttons on this list."/><br />
<hr />
<h2><a name ="user"></a>Managing the users:</h2>
<h2><a id="user"></a>Managing the users:</h2>
As an admin, you can set up new accounts for users, edit the profiles of users, delete them, or just have a look at all the viewers' profiles. Organisation admins are restricted to executing the same actions on their organisation's users only.<br />
<img src="/img/doc/add_user.png" alt = "Add user" style="float:right;" title = "Fill this form out to add a new user. Keep in mind that the drop-down menu titled Role controls the privileges the user will have."/>
<h3>Adding a new user:</h3>
@ -100,7 +100,7 @@ Site admins can use the "Contact users" feature to send all or an individual use
</ul>
Keep in mind that all e-mails sent through this system will, in addition to your own message, will be signed in the name of the instance's host organisation's support team, will include the e-mail address of the instance's support (if the contact field is set in the bootstrap file), and will include the instance's PGP signature for users that have a PGP key set (and thus are eligible for an encrypted e-mail).
<hr />
<h2><a name ="roles"></a>Managing the roles</h2>
<h2><a id="roles"></a>Managing the roles</h2>
Privileges are assigned to users by assigning them to rule groups, which use one of four options determining what they can do with events and four additional privilege elevating settings. The four options for event manipulation are: Read Only, Manage My Own Events, Manage Organisation Events, Manage &amp; Publish Organisation Events. The extra privileges are admin, sync, authentication key usage and audit permission<br />
<em>Read Only:</em> This allows the user to browse events that his organisation has access to, but doesn't allow any changes to be made to the database. <br />
<em>Manage My Own Events:</em> The second option, gives its users rights to create, modify or delete their own events, but they cannot publish them. <br />
@ -116,7 +116,7 @@ When creating a new role, you will have to enter a name for the role to be creat
By clicking on the List Roles button, you can view a list of all the currently registered roles and a list of the permission flags turned on for each. In addition, you can find buttons that allow you to edit and delete the roles. Keep in mind that you will need to first remove every member from a role before you can delete it.<br />
<img src="/img/doc/list_groups.png" alt = "List roles" title = "You can View, Edit or Delete roles using the action buttons to the right in each row. Keep in mind that a role has to be devoid of members before it can be deleted."/><br />
<hr />
<h2><a name ="logs"></a>Using the logs of MISP</h2>
<h2><a id="logs"></a>Using the logs of MISP</h2>
Users with audit permissions are able to browse or search the logs that MISP automatically appends each time certain actions are taken (actions that modify data or if a user logs in and out).<br />
Generally, the following actions are logged:<br />
<ul>

14
app/View/Pages/categories_and_types.ctp
View File

@ -20,26 +20,28 @@ $attr = new Attribute();
<th>Category</th>
<?php foreach ($attr->categoryDefinitions as $cat => $catDef): ?>
<th style="width:5%; text-align:center; white-space:normal">
<?php echo $cat; ?>
<a href="#<?php echo $cat; ?>"><?php echo $cat; ?></a>
</th>
<?php endforeach; ?>
<th>Category</th>
</tr>
<?php foreach ($attr->typeDefinitions as $type => $def): ?>
<tr>
<th><?php echo $type; ?></th>
<th><a href="#<?php echo $type; ?>"><?php echo $type; ?></a></th>
<?php foreach ($attr->categoryDefinitions as $cat => $catDef): ?>
<td style="text-align:center">
<?php echo in_array($type, $catDef['types'])? 'X' : ''; ?>
</td>
<?php endforeach; ?>
<th><?php echo $type; ?></th>
<th><a href="#<?php echo $type; ?>"><?php echo $type; ?></a></th>
<?php endforeach; ?>
</tr>
<tr>
<th>Category</th>
<?php foreach ($attr->categoryDefinitions as $cat => $catDef): ?>
<th style="width:5%; text-align:center; white-space:normal"><?php echo $cat; ?></th>
<th style="width:5%; text-align:center; white-space:normal">
<a href="#<?php echo $cat; ?>"><?php echo $cat; ?></a>
</th>
<?php endforeach; ?>
<th>Category</th>
</tr>
@ -52,7 +54,7 @@ $attr = new Attribute();
</tr>
<?php foreach ($attr->categoryDefinitions as $cat => $def): ?>
<tr>
<th>
<th><a id="<?php echo $cat; ?>"></a>
<?php echo $cat; ?>
</th>
<td>
@ -69,7 +71,7 @@ $attr = new Attribute();
</tr>
<?php foreach ($attr->typeDefinitions as $type => $def): ?>
<tr>
<th>
<th><a id="<?php echo $type; ?>"></a>
<?php echo $type; ?>
</th>
<td>

63
app/View/Pages/documentation.ctp
View File

@ -10,48 +10,67 @@
<div class="index" style="width:80%">
<h2>General Layout</h2>
<h3>The top bar</h3>
The top bar's only interactive part is a link to the MISP system itself - this will redirect the user to the default view of the site, which is the List Events view.<br />
<h3>The left menu</h3>
This menu contains all of the main functions of the site as a series of buttons.<br />
<h3>The top bar</h3>
<p>This menu contains all of the main functions of the site as a series of buttons.</p>
<p><img src="/img/doc/menu_image.png" alt = "" style="float:right;" title = "This is the main menu that will be accessible from all of the views. In some instances, some additional buttons that will appear on top of these when a view provides it."/></p>
<ul>
<li><em>New Event:</em> Allows you to create a new event.</li>
<li><em>List Events:</em> You can browse all the currently stored events here.</li>
<li><em>Add Event:</em> Allows you to create a new event.</li>
<li><em>List Attributes:</em> You can browse all the currently stored attributes of events here.</li>
<li><em>Search Attributes:</em> Search for and filter a list of attributes.</li>
<li><em>Export:</em> Export various types of data from the system for NIDSs or other uses.<br /></li></ul>
<i><u>Global Actions</u></i><br />
<li><em>Export:</em> Export various types of data from the system for NIDSs or other uses.</li>
<li><em>Automation:</em> Automation functionality is designed to let tools access the data. </li>
</ul>
<h5>Input Filters</h5>
<ul>
<li><em>Import Blacklist:</em> Create, modify or delete blacklisted strings. These will stop any matching events/attributes from being entered into the system.</li>
<li><em>Import Regexp:</em> Create, modify or delete regular expressions and their replacements. Each time an event / attribute is created or modified, they will be parsed and found expressions will be replaced.</li>
<li><em>Signature Whitelist:</em> View and manage the list of whitelisted addresses. These, if contained in attributes, will be blocked from the NIDS signature exports.</li>
</ul>
<h5>Global Actions</h5>
<ul>
<li><em>News:</em> Read about the latest news regarding the MISP system</li>
<li><em>My Profile:</em> Manage your user account.</li>
<li><em>Members List:</em> View the number of users per organisation and get some statistics about the currently stored attributes.</li>
<li><em>User Guide:</em> A link to this user guide.</li>
<li><em>Terms &amp; Conditions:</em> View the terms &amp; conditions again.</li>
<li><em>Log out:</em> Logs the current user out.<br /></li></ul>
<i><u>Sync Actions</u></i><br />
<li><em>Log out:</em> Logs the current user out.</li>
</ul>
<h5>Sync Actions</h5>
<ul>
<li><em>List Servers:</em> Connect your MISP instance to other instances, or view and modify the currently established connections.<br /></li></ul>
<i><u>Input Filters</u></i><br />
<ul>
<li><em>Import Blacklist:</em> Create, modify or delete blacklisted strings. These will stop any matching events/attributes from being entered into the system.</li>
<li><em>Import Regexp:</em> Create, modify or delete regular expressions and their replacements. Each time an event / attribute is created or modified, they will be parsed and found expressions will be replaced.</li>
<li><em>Signature Whitelist:</em> View and manage the list of whitelisted addresses. These, if contained in attributes, will be blocked from the NIDS signature exports.<br /></li></ul>
<i><u>Administration</u></i><br />
<li><em>List Servers:</em> Connect your MISP instance to other instances, or view and modify the currently established connections.</li></ul>
<h5>Administration</h5>
<ul>
<li><em>New User:</em> Create an account for a new user.</li>
<li><em>List Users:</em> View, modify or delete the currently registered users.</li>
<li><em>New Role:</em> Create a new role group for the users of this instance, controlling their privileges to create, modify, delete and to publish events.</li>
<li><em>List Roles:</em> List, modify or delete currently existing roles.<br /></li></ul>
<i><u>Audit</u></i><br />
<li><em>List Roles:</em> List, modify or delete currently existing roles.</li>
<li><em>Contact Users:</em> You can use this view to send messages to your current or future users or send them a temporary password.</li>
</ul>
<h5>Audit</h5>
<ul>
<li><em>List Logs:</em> View the logs of the instance.</li>
<li><em>Search Logs:</em> Search the logs by various attributes.<br /></li></ul>
<li><em>Search Logs:</em> Search the logs by various attributes.</li>
</ul>
<h3>The left bar</h3>
<p>This bar changes based on each page-group. The blue selection shows you what page you are on.</p>
<h3>The main area</h3>
This is where all the views (navigated to via the menu buttons) will be displayed. In general, there are two main view types, information views (which list the currently stored data and allow you to modify it) and form views (allowing you to enter or alter data). All lists are organised in such a way that all the information columns are on the left and every line of data can be modified or viewed in more detail on the right-most column, titled "Actions". All lists display a certain set number of the most recent items, but page control buttons at the bottom allow you to browse older entries.<br />
<p>This is where all the views (navigated to via the menu buttons) will be displayed.
In general, there are two main view types, information views (which list the currently
stored data and allow you to modify it) and form views (allowing you to enter or alter data).
All lists are organised in such a way that all the information columns are on the left and every
line of data can be modified or viewed in more detail on the right-most column, titled "Actions".
All lists display a certain set number of the most recent items, but page control buttons at the
bottom allow you to browse older entries.</p>
<h3>The bottom bar</h3>
Contains a link to download the gpg key used for encrypting the e-mails sent through the system and the current version number - if you are logged in.<br />
<p><img src="/img/doc/bottom_bar.png" alt = "" style="float:left;" title = "Download your PGP/GPG key using the link on the bottom bar or log out."/></p><br />
<p>Contains a link to download the gpg key used for encrypting the e-mails sent through the system and the current version number - if you are logged in.</p>
<p><img src="/img/doc/bottom_bar.png" alt = "" style="float:left;" title = "Download your PGP/GPG key using the link on the bottom bar or log out."/></p>
</div>

8
app/View/Pages/user_management.ctp
View File

@ -15,7 +15,7 @@
</div>
<div class="index" style="width:80%">
<h2>User Management and Global Actions</h2>
<a name="first_run"></a>
<a id="first_run"></a>
<h3>First run of the system:</h3>
When first logging into MISP with the username and password provided by your administrator, there are a number of things that need to be done, before you can start using the system.<br><br>
<ul>
@ -29,7 +29,7 @@
<li><em>Reviewing the Terms &amp; Conditions:</em> To review the Terms &amp; Conditions or to read the User Guide, use the appropriate button on the left navigation menu.<br /><br /></li>
<li><em>Making sure that compatibility mode is turned off (IE9&amp;IE10):</em>Compatibility mode can cause some elements to appear differently than intended or not appear at all. Make sure you have this option turned off.</li></ul>
<hr />
<a name="manage"></a><h3>Managing your account:</h3>
<a id="manage"></a><h3>Managing your account:</h3>
To alter any details regarding your profile, use the "My Profile" menu button to bring up the profile overview and then click on "Edit Profile" in the right upper corner.<br>
<ul>
<li style="list-style: none">
@ -43,7 +43,7 @@ To alter any details regarding your profile, use the "My Profile" menu button to
<li><em>Requesting a new authentication key:</em> It is possible to make the system generate a new authentication key for you (for example if your previous one gets compromised. This can be accessed by clicking on the My Profile button and then clicking the reset key next to the currently active authentication code. The old key will become invalid when the new one is generated.<br /><br />
<p><img src="/img/doc/reset.png" alt = "" title="Clicking on reset will generate a new key for you and invalidate the old one, blocking it from being used."></p></li></ul>
<hr />
<a name="uptodate"></a><h3>Staying up to date:</h3>
<a id="uptodate"></a><h3>Staying up to date:</h3>
MISP also provides its users with some information about itself and its users through the links provided in the Global Actions menu.<br><br>
<ul>
<li><em>News:</em> To read about the news regarding the system itself, click on News on the left menu. This will bring up a list of news items concerning updates and changes to MISP itself.<br /><br /></li>
@ -51,7 +51,7 @@ MISP also provides its users with some information about itself and its users th
<li><em>User Guide:</em> The user guide is also accessible via the Global Actions menu. You can find out more about how to use the system by reading this.<br /><br /></li>
<li><em>Terms &amp; Conditions:</em> It is possible to review the terms &amp; conditions that were shown during the first run of the system by clicking on the terms &amp; conditions link in the Global Actions menu.<br /><br /></li>
</ul>
<a name="filters"></a><h3>Inspecting the input filters:</h3>
<a id="filters"></a><h3>Inspecting the input filters:</h3>
All the events and attributes that get entered into MISP will be run through a series of input filters. These are defined by the site administrators, but every user can take a look at the currently active lists.<br><br>
<ul>
<li><em>Import Blacklist:</em> Events with the info field containing or Attributes with a value containing any of the items listed in the Import Blacklist will be blocked from being entered.<br /><br /></li>

22
app/View/Pages/using_the_system.ctp
View File

@ -20,7 +20,7 @@
</div>
<div class="index" style="width:80%">
<h2>Using the system:</h2>
<a name="create"></a><h3>Creating an event:</h3>
<a id="create"></a><h3>Creating an event:</h3>
The process of entering an event can be split into 3 phases, the creation of the event itself, populating it with attributes
and attachments and finally publishing it.<br /><br />
During this first step, you will be create a basic event without any actual attributes, but storing general information such as a description, time and risk level of the incident. To start creating the event, click on the New Event button on the left and fill out the form you are presented with. The following fields need to be filled out:<br /><br />
@ -28,7 +28,7 @@ and attachments and finally publishing it.<br /><br />
<ul>
<li><em>Date:</em> The date when the incident has happened.<br /><br /></li>
<li><em>Distribution:</em>
<a name="distribution"></a>This setting controls, who will be able to see this event once it becomes published.
<a id="distribution"></a>This setting controls, who will be able to see this event once it becomes published.
Apart from being able to set which users on this server are allowed to see the event, this also controls whether
the event will be synchronised to other servers or not. The distribution is inherited by attributes: the most restrictive setting wins.
The following options are available:<br /><br /></li>
@ -74,7 +74,7 @@ and attachments and finally publishing it.<br /><br />
<li><em>GFI Sandbox:</em> It is possible to upload the exported .zip file from GFI sandbox with the help of this tool. These will be dissected by the MISP and a list of attributes and attachments will automatically be generated from the .zip file. Whilst this does most of the work needed to be done in the second step of the event's creation, it is important to manually look over all the data that is being entered. <br /><br /></li>
</ul>
<hr />
<a name="create_attribute"></a><h3>Add attributes to the event:</h3>
<a id="create_attribute"></a><h3>Add attributes to the event:</h3>
The second step of creating an event is to populate it with attributes and attachments. In addition to being able to import the attributes and attachments from GFI, it is also possible to manually add attributes and attachments to an event, by using the two appropriate buttons on the event's page. Let's look at adding attributes first.<br />
When clicking on the add attribute button, you will have to fill out a form with all the data about the attribute.<br /><br />
Keep in mind that the system searches for regular expressions in the value field of all attributes when entered, replacing detected strings within it as set up by the server's administrator (for example to enforce standardised capitalisation in paths for event correlation or to bring exact paths to a standardised format). The following fields need to be filled out:<br />
@ -108,7 +108,7 @@ You can also upload attachments, such as the malware itself, report files from e
Once all the attributes and attachments that you want to include with the event are uploaded / set, it is time to finalise its creation by publishing the event (click on publish event in the event view). This will alert the eligible users of it (based on the private-controls of the event and its attributes/attachments and whether they have auto-alert turned on), push the event to instances that your instance connects to and propagate it further based on the distribution rules. It also readies the network related attributes for NIDS signature creation (through the NIDS signature export feature, for more information, go to the export section.).<br /><br />
There is an alternate way of publishing an event without alerting any other users, by using the "publish (no email)" button. This should only be used for minor edits (such as correcting a typo). <br />
<hr />
<a name ="browsing_events"></a><h2>Browsing past events:</h2>
<a id="browsing_events"></a><h2>Browsing past events:</h2>
The MISP interface allows the user to have an overview over or to search for events and attributes of events that are already stored in the system in various ways.<br /><br />
<h3>To list all events:</h3>
On the left menu bar, the option "List events" will generate a list of the last 60 events. While the attributes themselves aren't shown in this view, the following pieces of information can be seen:<br /><br />
@ -168,18 +168,18 @@ This will bring up a form that lets you enter one or several search strings (sep
The list generated by the search will look exactly the same as listing all attributes, except that only the attributes that matched the search criteria will be listed (to find out more about the list attributes view, <?php echo $this->Html->link(__('click here', true), array('controller' => 'pages', 'action' => 'display', 'categories_and_types')); ?>.). The search parameters will be shown above the produced list and the search terms will be highlighted.<br />
<br /><img src="/img/doc/search_attribute_result.png" alt = "" title = "You can view the event that an attribute belongs to with the view button, or you can edit/delete the attribute via the buttons on the right."/><br />
<hr />
<a name ="update_events"></a><h2>Updating and modifying events and attributes:</h2>
<a id="update_events"></a><h2>Updating and modifying events and attributes:</h2>
Every event and attribute can easily be edited. First of all it is important to find the event or attribute that is to be edited, using any of the methods mentioned in the section on <a href="#browsing_events">browsing past events</a>.<br /><br />
Once it is found, the edit button (whether it be under actions when events/attributes get listed or simply on the event view) will bring up the same screen as what is used to create the entry of the same type (for an event it would be the event screen as <a href="#create">seen here</a>, for an attribute the attribute screen as <a href="#create_attribute">described here</a>).<br /><br />
Keep in mind that editing any event (either directly or indirectly through an attribute) will unpublish it, meaning that you'll have to publish it (through the event view) again once you are done.<br /><br />
<hr />
<a name ="contact"></a><h2>Contacting the reporter:</h2>
<a id="contact"></a><h2>Contacting the reporter:</h2>
To get in touch with the reporter of a previously registered event, just find the event for which you would like to contact the reporter by either finding it on the list of events, by finding it through one of its attributes or by finding it through a related event.<br /><br />
Once the event is found and the event view opened, click the button titled "Contact Reporter". This will bring up a view where you can enter your message that is to be e-mailed to all members of the reporting organisation that subscribe to receiving such reports or the reporting user himself. Along with your message, the detailed information about the event in question will be included in the e-mail.<br /><br />
<br /><img src="/img/doc/contact_reporter.png" alt = "" title = "Enter your message to the reporter and choose whether his/her entire organisation should get the message or not by ticking the check-box."/><br /><br />
By default, the message will be sent to every member of the organisation that posted the event in the first place, but if you tick the check-box below the message field before sending the mail, only the person that reported the event will get e-mailed. <br />
<hr />
<a name ="automation"></a><h2>Automation:</h2>
<a id="automation"></a><h2>Automation:</h2>
It is possible to quickly and conveniently export the data contained within the system using the automation features located in the main menu on the left (available to users with authentication key access only). There are various sets of data that can be exported, by using the authentication key provided by the system (also shown on the export page). If for whatever reason you would need to invalidate your current key and get a new one instead (for example due to the old one becoming compromised) just hit the reset link next to the authentication key in the export view or in your "my profile" view.<br /><br />
The following types of export are possible:<br /><br />
<h3>XML export:</h3>
@ -197,7 +197,7 @@ The following types of export are possible:<br /><br />
<i>&lt;server&gt;/events/text/&lt;authentication_key&gt;/&lt;type&gt;</i><br /><br />
Type could be any valid type (as according to the list of <?php echo $this->Html->link(__('categories and types', true), array('controller' => 'pages', 'action' => 'display', 'categories_and_types')); ?>), for example md5, ip-src or comment.<br />
<hr />
<a name ="export"></a><h2>Exporting data:</h2>
<a id="export"></a><h2>Exporting data:</h2>
For users that do not have authentication key access, an alternate export feature is available that relies on your interactive login to the site. To access these, just use the automation menu button to the left and you'll be presented with a list of export options. The results of the export will automatically be offered as a file download.<br /><br/>
<br /><img src="/img/doc/export.png" alt = "" title = "Use the export features here to quickly download data in various formats"/><br /><br />
Apart from that, it's also possible to export all events involved in a search attribute result table, by using the "Download results as XML" button on the left menu bar. <br /><br />
@ -205,9 +205,9 @@ Apart from that, it's also possible to export all events involved in a search at
Each event's view has its own export feature, both as an XML export and as a .ioc file. To reach these features, just navigate to an event and use the appropriate buttons on the right side.<br /><br />
<br /><img src="/img/doc/export_event.png" alt = "" title = "Download a .xml or a .ioc of the event."/><br /><br />
<hr />
<h2><a name ="connect"></a>Connecting to other instances:</h2>
<h2><a id="connect"></a>Connecting to other instances:</h2>
Apart from being a self contained repository of attacks/malware, one of the main features of MISP is its ability to connect to other instances and share (parts of) its information. The following options allow you to set up and maintain such connections.<br /><br />
<h3><a name ="new_server"></a>Setting up a connection to another server:</h3>
<h3><a id="new_server"></a>Setting up a connection to another server:</h3>
In order to share data with a remote server via pushes and pulls, you need to request a valid authentication key from the hosting organisation of the remote instance. When clicking on List Servers and then on New Server, a form comes up that needs to be filled out in order for your instance to connect to it. The following fields need to be filled out:<br /><br />
<p><img src="/img/doc/add_server.png" alt ="Add server" title = "Make sure that you enter the authentication key that you have been given by the hosting organisation of the remote instance, instead of the one you have gotten from this one."/></p><br />
<ul>
@ -232,7 +232,7 @@ If you ever need to change the data about the linked servers or remove any conne
<li><em>Pull all:</em> By clicking this button, all events that are set to be pull-able or full access on the remote server will be copied to this instance. Existing events will not be updated.<br /><br /></li>
</ul>
<hr />
<a name ="rest"></a><h2>Rest API:</h2>
<a id="rest"></a><h2>Rest API:</h2>
The platform is also <a href="http://en.wikipedia.org/wiki/Representational_state_transfer">RESTfull</a>, so this means that you can use structured format (XML) to access Events data.<br /><br />
<h3>Requests</h3>
Use any HTTP compliant library to perform requests. However to make clear you are doing a REST request you need to either specify the Accept type to application/xml, or append .xml to the url<br /><br />