MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity
MISP/app/webroot/doc/openapi.yaml

9816 lines
287 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

openapi: 3.0.0
info:
title: MISP Automation API
version: "2.4"
description: |
### Getting Started
MISP API allows you to query, create, modify data models, such as [Events](https://www.circl.lu/doc/misp/GLOSSARY.html#misp-event),
[Objects](https://www.circl.lu/doc/misp/misp-objects/), [Attributes](https://www.circl.lu/doc/misp/GLOSSARY.html#misp-attribute).
This is extremly useful for interconnecting MISP with external tools and feeding other systems with threat intel data.
It also lets you perform administrative tasks such as creating users, organisations, altering MISP settings, and much more.
To get an API key there are several options:
* **[UI]** Go to [My Profile -> Auth Keys](/auth_keys/index) section and click on `+ Add authentication key`
* **[UI]** As an admin go to the the [Administration -> List Users -> View](/admin/users/view/[id]) page of the user you want to create an auth key for and on the `Auth keys` section click on `+ Add authentication key`
* **[CLI]** Use the following command: `./app/Console/cake user change_authkey [e-mail/user_id]`
* **API** Provided you already have an admin level API key, you can create an API key for another user using the `[POST]/auth_keys/add/{{user_id}}` endpoint.
> **NOTE:** The authentication key will only be displayed once, so take note of it or store it properly in your application secrets.
#### Accept and Content-Type headers
When performing your request, depending on the type of request, you might need to explicitly specify in what content
type you want to get your results. This is done by setting one of the below `Accept` headers:
Accept: application/json
Accept: application/xml
When submitting data in a `POST`, `PUT` or `DELETE` operation you also need to specify in what content-type you encoded the payload.
This is done by setting one of the below `Content-Type` headers:
Content-Type: application/json
Content-Type: application/xml
Example:
```
curl --header "Authorization: YOUR_API_KEY" \
--header "Accept: application/json" \
--header "Content-Type: application/json" https://<misp url>/
```
> **NOTE**: By appending .json or .xml the content type can also be set without the need for a header.
#### Automation using PyMISP
[PyMISP](https://github.com/MISP/PyMISP) is a Python library to access MISP platforms via their REST [API](https://www.circl.lu/doc/misp/GLOSSARY.html#api).
It allows you to fetch events, add or update events/attributes, add or update samples or search for attributes.
### FAQ
* [Dev FAQ](https://www.circl.lu/doc/misp/dev-faq/)
* [GitHub project FAQ](https://github.com/MISP/MISP/wiki/Frequently-Asked-Questions)
servers:
- url: https://misp.local
tags:
- name: Analyst Data
description: "Analyst Data allows analysts to share and add their own analysis to any MISP data having an UUID. They can be one of these three type: Analyst Note, Analyst Opionion or Analyst Relationship."
- name: Attributes
description: "Attributes in MISP can be network indicators (e.g. IP address), system indicators (e.g. a string in memory) or even bank account details."
externalDocs:
url: https://www.circl.lu/doc/misp/GLOSSARY.html#misp-attribute
- name: Events
description: "MISP events are encapsulations for contextually related information represented as attributes and objects."
externalDocs:
url: https://www.circl.lu/doc/misp/GLOSSARY.html#misp-event
- name: Galaxies
description: "Galaxies in MISP are a method used to express a large object called cluster that can be attached to MISP events or attributes."
externalDocs:
url: https://www.circl.lu/doc/misp/galaxy/
- name: Galaxy Clusters
description: "A galaxy cluster that can be attached to MISP events or attributes."
externalDocs:
url: https://www.circl.lu/doc/misp/galaxy/
- name: Users
description: "As an admin (not to be confused with Org Admin), you can set up new accounts for users, edit user profiles, delete them, or just have a look at all the viewers' profiles."
externalDocs:
url: https://www.circl.lu/doc/misp/administration/#users
- name: Organisations
description: "Each users belongs to an organisation. As admin, you can manage these organisations."
externalDocs:
url: https://www.circl.lu/doc/misp/administration/#organisations
- name: Servers
description: "Servers represent MISP instances we are connected to and from which we can pull/push data from/to."
externalDocs:
url: https://www.circl.lu/doc/misp/sharing/
- name: Sharing Groups
description: "Sharing groups in MISP are a more granular way to create re-usable distribution lists for events/attributes that allow users to include organisations from their own instance (local organisations) as well as organisations from directly, or indirectly connected instances (external organisations)."
externalDocs:
url: https://www.circl.lu/doc/misp/sharing/#sharing-groups
- name: Feeds
description: "Feeds are remote or local resources containing indicators that can be automatically imported into MISP at regular intervals. Feeds can be structured in [MISP format](https://www.circl.lu/doc/misp/GLOSSARY.html#misp-format), CSV format or even free-text format."
externalDocs:
url: https://www.circl.lu/doc/misp/managing-feeds/#feeds
- name: Objects
description: "MISP objects are in addition to MISP attributes to allow advanced combinations and concatenation of attributes. The creation of these objects and their associated attributes are based on real cyber security use-cases and existing practices in information sharing."
externalDocs:
url: https://www.circl.lu/doc/misp/misp-objects/
- name: Tags
description: ""
externalDocs:
url: https://www.circl.lu/doc/misp/quick-start/#tags-and-taglist
- name: Sightings
description: "Sightings is a system allowing people to react on attributes on an event. It was originally designed to provide an easy method for user to tell when they see a given attribute, giving it more credibility."
externalDocs:
url: https://www.circl.lu/doc/misp/sightings/
- name: Warninglists
description: "MISP warninglists are lists of well-known indicators that can be associated to potential false positives, errors or mistakes."
externalDocs:
url: https://www.circl.lu/doc/misp/warninglists/
- name: Noticelists
description: "Notice lists to inform MISP users of the legal, privacy, policy or even technical implications of using specific attributes, categories or objects."
externalDocs:
url: https://www.circl.lu/doc/misp/noticelists/
- name: Logs
description: "Users with audit permissions are able to browse or search logs that MISP automatically appends each time certain actions are taken (actions that modify data or if a user logs in and out)."
externalDocs:
url: https://www.circl.lu/doc/misp/administration/#using-misp-logs
- name: AuthKeys
description: "AuthKeys are used to authenticate MISP API requests. AuthKeys can be set to read-only, a single user can have multiple auth keys."
externalDocs:
url: https://www.circl.lu/doc/misp/automation/#automation-key
- name: UserSettings
description: "User settings enables users to customize different MISP features, such as UI elements and default API behaviors."
- name: Taxonomies
description: "MISP Taxonomies is a set of common classification libraries to tag, classify and organise information. Taxonomy allows to express the same vocabulary among a distributed set of users and organisations."
externalDocs:
url: https://www.circl.lu/doc/misp/taxonomy/#taxonomies
- name: Event Report
description: "Event reports can contain text under the markdown format and are stored inside an event. They can be used to describe events or processes in a readable way."
paths:
/analystData/add/{analystType}/{objectUUID}/{ObjectType}:
post:
summary: "Add analyst data"
operationId: addAnalystData
tags:
- Analyst Data
parameters:
- $ref: "#/components/parameters/analystDataTypeParameter"
- $ref: "#/components/parameters/analystDataObjectUUIDParameter"
- $ref: "#/components/parameters/analystDataObjectTypeParameter"
requestBody:
$ref: "#/components/requestBodies/AddAnalystDataRequest"
responses:
"200":
$ref: "#/components/responses/AnalystDataResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/analystData/edit/{analystType}/{analystDataID}:
post:
summary: "Edit analyst data"
operationId: editAnalystData
tags:
- Analyst Data
parameters:
- $ref: "#/components/parameters/analystDataTypeParameter"
- $ref: "#/components/parameters/analystDataIdParameter"
requestBody:
$ref: "#/components/requestBodies/AddAnalystDataRequest"
responses:
"200":
$ref: "#/components/responses/AnalystDataResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/analystData/delete/{analystType}/{analystDataID}:
delete:
summary: "Delete Analyst data"
operationId: deleteAnalystData
tags:
- Analyst Data
parameters:
- $ref: "#/components/parameters/analystDataTypeParameter"
- $ref: "#/components/parameters/analystDataIdParameter"
responses:
"200":
$ref: "#/components/responses/DeleteAnalystDataResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/analystData/index/{analystType}:
get:
summary: "List Analyst data"
operationId: indexAnalystData
tags:
- Analyst Data
parameters:
- $ref: "#/components/parameters/analystDataTypeParameter"
responses:
"200":
$ref: "#/components/responses/AnalystDataListResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/analystData/view/{analystType}/{analystDataID}:
get:
summary: "Get Analyst Data by ID"
operationId: getEventById
tags:
- Analyst Data
parameters:
- $ref: "#/components/parameters/analystDataTypeParameter"
- $ref: "#/components/parameters/analystDataIdParameter"
responses:
"200":
$ref: "#/components/responses/AnalystDataResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/attributes/restSearch:
post:
summary: "[restSearch] Get a filtered and paginated list of attributes"
description: |
**This is the recommended endpoint for searching attributes.**
operationId: restSearchAttributes
tags:
- Attributes
requestBody:
$ref: "#/components/requestBodies/RestSearchAttributesRequest"
responses:
"200":
$ref: "#/components/responses/AttributesRestSearchResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/attributes/add/{eventId}:
post:
summary: "Add an attribute"
operationId: addAttribute
tags:
- Attributes
parameters:
- $ref: "#/components/parameters/eventIdParameter"
requestBody:
$ref: "#/components/requestBodies/AddAttributeRequest"
responses:
"200":
$ref: "#/components/responses/AttributeResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/attributes/edit/{attributeId}:
put:
summary: "Edit an attribute"
operationId: editAttribute
tags:
- Attributes
parameters:
- $ref: "#/components/parameters/attributeIdParameter"
requestBody:
$ref: "#/components/requestBodies/EditAttributeRequest"
responses:
"200":
$ref: "#/components/responses/AttributeResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/attributes/delete/{attributeId}:
delete:
summary: "Delete an attribute"
operationId: deleteAttribute
tags:
- Attributes
parameters:
- $ref: "#/components/parameters/attributeIdParameter"
responses:
"200":
$ref: "#/components/responses/DeleteAttributeResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/attributes/restore/{attributeId}:
post:
summary: "Restore an attribute"
operationId: restoreAttribute
tags:
- Attributes
parameters:
- $ref: "#/components/parameters/attributeIdParameter"
responses:
"200":
$ref: "#/components/responses/AttributeResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/attributes/addTag/{attributeId}/{tagId}/local:{local}:
post:
summary: "Add a tag to an attribute"
operationId: tagAttribute
tags:
- Attributes
parameters:
- $ref: "#/components/parameters/attributeIdParameter"
- $ref: "#/components/parameters/tagIdParameter"
- $ref: "#/components/parameters/localParameter"
responses:
"200":
$ref: "#/components/responses/AddAttributeTagResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/attributes/removeTag/{attributeId}/{tagId}:
post:
summary: "Remove a tag from an attribute"
operationId: untagAttribute
tags:
- Attributes
parameters:
- $ref: "#/components/parameters/attributeIdParameter"
- $ref: "#/components/parameters/tagIdParameter"
responses:
"200":
$ref: "#/components/responses/RemoveAttributeTagResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/attributes:
get:
summary: "Get a list of attributes"
operationId: getAttributes
tags:
- Attributes
responses:
"200":
$ref: "#/components/responses/AttributeListResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/attributes/view/{attributeId}:
get:
summary: "Get an attribute by ID"
operationId: getAttributeById
tags:
- Attributes
parameters:
- $ref: "#/components/parameters/attributeIdParameter"
responses:
"200":
$ref: "#/components/responses/AttributeResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/attributes/attributeStatistics/{context}/{percentage}:
get:
summary: "Get the count of attributes per category"
operationId: getAttributeStatistics
tags:
- Attributes
parameters:
- $ref: "#/components/parameters/attributeStatisticsContextParameter"
- $ref: "#/components/parameters/attributeStatisticsPercentageParameter"
responses:
"200":
$ref: "#/components/responses/AttributeStatisticsResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/attributes/describeTypes:
get:
summary: "Get a list of the available attribute types"
operationId: describeAttributeTypes
tags:
- Attributes
responses:
"200":
$ref: "#/components/responses/DescribeAttributeTypesResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/eventReports/view/{eventReportId}:
get:
summary: "Get event report by ID"
operationId: viewEventReport
tags:
- Event Report
parameters:
- $ref: "#/components/parameters/eventReportIdParameter"
responses:
"200":
$ref: "#/components/responses/EventReportResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/eventReports/add/{eventId}:
post:
summary: "Add Event Report"
operationId: addEventReport
tags:
- Event Report
parameters:
- $ref: "#/components/parameters/eventIdParameter"
requestBody:
$ref: "#/components/requestBodies/AddEventReportRequest"
responses:
"200":
$ref: "#/components/responses/EventReportResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/eventReports/edit/{eventReportId}:
post:
summary: "Edit Event Report"
operationId: editEventReport
tags:
- Event Report
parameters:
- $ref: "#/components/parameters/eventReportIdParameter"
responses:
"200":
$ref: "#/components/responses/EventReportResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/eventReports/delete/{eventReportId}/{hardDelete}:
post:
summary: "Delete Event Report"
operationId: deleteEventReport
tags:
- Event Report
parameters:
- $ref: "#/components/parameters/eventReportIdParameter"
- $ref: "#/components/parameters/hardDeleteParameterNotRequired"
responses:
"200":
$ref: "#/components/responses/DeleteEventReportResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/eventReports/restore/{eventReportId}:
post:
summary: "Restore Event Report"
operationId: restoreEventReport
tags:
- Event Report
parameters:
- $ref: "#/components/parameters/eventReportIdParameter"
responses:
"200":
$ref: "#/components/responses/RestoreEventReportResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/eventReports/index:
get:
summary: "Get event reports"
operationId: indexEventReport
tags:
- Event Report
responses:
"200":
$ref: "#/components/responses/EventReportListResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/eventReports/importReportFromUrl/{eventId}:
post:
summary: "Import Report From URL"
operationId: importFromURLEventReport
tags:
- Event Report
parameters:
- $ref: "#/components/parameters/eventIdParameter"
requestBody:
$ref: "#/components/requestBodies/ImportFromURLEventReportRequest"
responses:
"200":
$ref: "#/components/responses/EventReportImportFromUrlResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/events/restSearch:
post:
summary: "[restSearch] Get a filtered and paginated list of events"
operationId: restSearchEvents
description: |
**This is the recommended endpoint for searching events.**
tags:
- Events
requestBody:
$ref: "#/components/requestBodies/RestSearchEventsRequest"
responses:
"200":
$ref: "#/components/responses/EventsRestSearchResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/events/add:
post:
summary: "Add event"
operationId: addEvent
tags:
- Events
requestBody:
$ref: "#/components/requestBodies/AddEventRequest"
responses:
"200":
$ref: "#/components/responses/AddEventResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/events/edit/{eventId}:
put:
summary: "Edit event"
operationId: editEvent
tags:
- Events
parameters:
- $ref: "#/components/parameters/eventIdParameter"
requestBody:
$ref: "#/components/requestBodies/EditEventRequest"
responses:
"200":
$ref: "#/components/responses/EditEventResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/events/delete/{eventId}:
delete:
summary: "Delete event"
operationId: deleteEvent
tags:
- Events
parameters:
- $ref: "#/components/parameters/eventIdParameter"
responses:
"200":
$ref: "#/components/responses/DeleteEventResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/events:
get:
summary: "Get a list of events"
operationId: getEvents
tags:
- Events
responses:
"200":
$ref: "#/components/responses/ExtendedEventListResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/events/index:
post:
summary: "Search events"
operationId: searchEvents
tags:
- Events
requestBody:
$ref: "#/components/requestBodies/SearchEventRequest"
responses:
"200":
$ref: "#/components/responses/ExtendedEventListResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/events/view/{eventId}:
get:
summary: "Get event by ID"
operationId: getEventById
tags:
- Events
parameters:
- $ref: "#/components/parameters/eventIdParameter"
responses:
"200":
$ref: "#/components/responses/ExtendedEventResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/events/publish/{eventId}:
post:
summary: "Publish an event"
operationId: publishEvent
tags:
- Events
parameters:
- $ref: "#/components/parameters/eventIdParameter"
responses:
"200":
$ref: "#/components/responses/PublishEventResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/events/unpublish/{eventId}:
post:
summary: "Unpublish an event"
operationId: unpublishEvent
tags:
- Events
parameters:
- $ref: "#/components/parameters/eventIdParameter"
responses:
"200":
$ref: "#/components/responses/UnpublishEventResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/events/addTag/{eventId}/{tagId}/local:{local}:
post:
summary: "Add event tag"
operationId: tagEvent
tags:
- Events
parameters:
- $ref: "#/components/parameters/eventIdParameter"
- $ref: "#/components/parameters/tagIdParameter"
- $ref: "#/components/parameters/localParameter"
responses:
"200":
$ref: "#/components/responses/AddEventTagResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/events/removeTag/{eventId}/{tagId}:
post:
summary: "Remove event tag"
operationId: untagEvent
tags:
- Events
parameters:
- $ref: "#/components/parameters/eventIdParameter"
- $ref: "#/components/parameters/tagIdParameter"
responses:
"200":
$ref: "#/components/responses/RemoveEventTagResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/galaxies:
get:
summary: "Get galaxies"
operationId: getGalaxies
tags:
- Galaxies
responses:
"200":
$ref: "#/components/responses/GalaxyListResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
post:
summary: "Search galaxies"
operationId: searchGalaxies
tags:
- Galaxies
requestBody:
$ref: "#/components/requestBodies/SearchGalaxyRequest"
responses:
"200":
$ref: "#/components/responses/GalaxyListResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/galaxies/view/{galaxyId}:
get:
summary: "Get galaxy by ID"
operationId: getGalaxyById
tags:
- Galaxies
parameters:
- $ref: "#/components/parameters/galaxyIdParameter"
responses:
"200":
$ref: "#/components/responses/ExtendedGalaxyResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/galaxies/update:
post:
summary: "Force update the galaxies with the galaxy json definitions"
operationId: updateGalaxies
tags:
- Galaxies
responses:
"200":
$ref: "#/components/responses/UpdateGalaxiesResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/galaxies/delete/{galaxyId}:
delete:
summary: "Delete a galaxy"
operationId: deleteGalaxy
tags:
- Galaxies
parameters:
- $ref: "#/components/parameters/galaxyIdParameter"
responses:
"200":
$ref: "#/components/responses/DeleteGalaxyResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/galaxies/import:
post:
summary: "Import a galaxy cluster"
operationId: importGalaxyCluster
tags:
- Galaxies
requestBody:
$ref: "#/components/requestBodies/ImportGalaxyClusterRequest"
responses:
"200":
$ref: "#/components/responses/ImportGalaxyClusterResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/galaxies/export/{galaxyId}:
post:
summary: "Export galaxy clusters"
operationId: exportGalaxyClusters
tags:
- Galaxies
parameters:
- $ref: "#/components/parameters/galaxyIdParameter"
requestBody:
$ref: "#/components/requestBodies/ExportGalaxyClusterRequest"
responses:
"200":
$ref: "#/components/responses/ExportGalaxyClustersResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/galaxies/attachCluster/{attachTargetId}/{attachTargetType}/local:{local}:
post:
summary: "Attach the galaxy cluster tag a given entity"
operationId: attachGalaxyCluster
tags:
- Galaxies
parameters:
- $ref: "#/components/parameters/attachTargetIdParameter"
- $ref: "#/components/parameters/attachTargetTypeParameter"
- $ref: "#/components/parameters/localParameter"
requestBody:
$ref: "#/components/requestBodies/AttachGalaxyClusterRequest"
responses:
"200":
$ref: "#/components/responses/AttachGalaxyClusterResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/galaxy_clusters/add/{galaxyId}:
post:
summary: "Add galaxy cluster"
operationId: addGalaxyCluster
tags:
- Galaxy Clusters
parameters:
- $ref: "#/components/parameters/galaxyIdParameter"
requestBody:
$ref: "#/components/requestBodies/AddGalaxyClusterRequest"
responses:
"200":
$ref: "#/components/responses/GalaxyClusterResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/galaxy_clusters/edit/{galaxyClusterId}:
put:
summary: "Edit galaxy cluster"
operationId: editGalaxyCluster
tags:
- Galaxy Clusters
parameters:
- $ref: "#/components/parameters/galaxyClusterIdParameter"
requestBody:
$ref: "#/components/requestBodies/EditGalaxyClusterRequest"
responses:
"200":
$ref: "#/components/responses/GalaxyClusterResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/galaxy_clusters/index/{galaxyId}:
get:
summary: "Get galaxy clusters"
operationId: getGalaxyClusters
tags:
- Galaxy Clusters
parameters:
- $ref: "#/components/parameters/galaxyIdParameter"
responses:
"200":
$ref: "#/components/responses/GalaxyClusterListResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
post:
summary: "Search galaxy clusters"
operationId: searchGalaxyClusters
tags:
- Galaxy Clusters
parameters:
- $ref: "#/components/parameters/galaxyIdParameter"
requestBody:
$ref: "#/components/requestBodies/SearchGalaxyClustersRequest"
responses:
"200":
$ref: "#/components/responses/GalaxyClusterListResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/galaxy_clusters/view/{galaxyClusterId}:
get:
summary: "Get galaxy cluster by ID"
operationId: getGalaxyClusterById
tags:
- Galaxy Clusters
parameters:
- $ref: "#/components/parameters/galaxyClusterIdParameter"
responses:
"200":
$ref: "#/components/responses/ExtendedGalaxyClusterResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/galaxy_clusters/publish/{galaxyClusterId}:
post:
summary: "Publish galaxy cluster"
operationId: publishGalaxyCluster
tags:
- Galaxy Clusters
parameters:
- $ref: "#/components/parameters/galaxyClusterIdParameter"
responses:
"200":
$ref: "#/components/responses/PublishGalaxyClusterResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/galaxy_clusters/unpublish/{galaxyClusterId}:
post:
summary: "Unpublish galaxy cluster"
operationId: unpublishGalaxyCluster
tags:
- Galaxy Clusters
parameters:
- $ref: "#/components/parameters/galaxyClusterIdParameter"
responses:
"200":
$ref: "#/components/responses/UnpublishGalaxyClusterResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/galaxy_clusters/delete/{galaxyClusterId}:
post:
summary: "Delete galaxy cluster"
operationId: deleteGalaxyCluster
tags:
- Galaxy Clusters
parameters:
- $ref: "#/components/parameters/galaxyClusterIdParameter"
responses:
"200":
$ref: "#/components/responses/DeleteGalaxyClusterResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/galaxy_clusters/restore/{galaxyClusterId}:
post:
summary: "Restore galaxy cluster"
operationId: restoreGalaxyCluster
tags:
- Galaxy Clusters
parameters:
- $ref: "#/components/parameters/galaxyClusterIdParameter"
responses:
"200":
$ref: "#/components/responses/RestoreGalaxyClusterResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/users/initiatePasswordReset/{userId}/{firstTimeReset}:
post:
summary: "Reset user password"
operationId: resetUserPassword
tags:
- Users
parameters:
- $ref: "#/components/parameters/userIdParameter"
- $ref: "#/components/parameters/firstTimeResetParameter"
responses:
"200":
$ref: "#/components/responses/ResetUserPasswordResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/admin/users/add:
post:
summary: "Add user"
operationId: addUser
tags:
- Users
requestBody:
$ref: "#/components/requestBodies/AddUserRequest"
responses:
"200":
$ref: "#/components/responses/UserResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/admin/users/edit/{userId}:
put:
summary: "Edit user"
operationId: editUser
tags:
- Users
parameters:
- $ref: "#/components/parameters/userIdParameter"
requestBody:
$ref: "#/components/requestBodies/EditUserRequest"
responses:
"200":
$ref: "#/components/responses/UserResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/admin/users/delete/{userId}:
delete:
summary: "Delete user"
operationId: deleteUser
tags:
- Users
parameters:
- $ref: "#/components/parameters/userIdParameter"
responses:
"200":
$ref: "#/components/responses/DeleteUserResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/admin/users:
get:
summary: "Get users"
operationId: getUsers
tags:
- Users
responses:
"200":
$ref: "#/components/responses/UserListResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/admin/users/view/{userId}:
get:
summary: "Get user by ID"
operationId: getUserById
tags:
- Users
parameters:
- $ref: "#/components/parameters/userIdParameter"
responses:
"200":
$ref: "#/components/responses/ExtendedUserResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/users/totp_delete/{userId}:
delete:
summary: "Delete user TOTP"
operationId: deleteUserTotp
tags:
- Users
parameters:
- $ref: "#/components/parameters/userIdParameter"
responses:
"200":
$ref: "#/components/responses/DeleteUserTotpResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundUserTotpDeleteResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/admin/organisations/add:
post:
summary: "Add organisation"
operationId: addOrganisation
tags:
- Organisations
requestBody:
$ref: "#/components/requestBodies/AddOrganisationRequest"
responses:
"200":
$ref: "#/components/responses/OrganisationResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/admin/organisations/edit/{organisationId}:
put:
summary: "Edit organisation"
operationId: editOrganisation
tags:
- Organisations
parameters:
- $ref: "#/components/parameters/organisationIdParameter"
requestBody:
$ref: "#/components/requestBodies/EditOrganisationRequest"
responses:
"200":
$ref: "#/components/responses/OrganisationResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/admin/organisations/delete/{organisationId}:
delete:
summary: "Delete organisation"
operationId: deleteOrganisation
tags:
- Organisations
parameters:
- $ref: "#/components/parameters/organisationIdParameter"
responses:
"200":
$ref: "#/components/responses/DeleteOrganisationResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/admin/logs:
post:
summary: "Get instance logs"
operationId: getLogs
tags:
- Logs
requestBody:
$ref: "#/components/requestBodies/GetLogsRequest"
responses:
"200":
$ref: "#/components/responses/GetLogsResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/organisations:
get:
summary: "Get organisations"
operationId: getOrganisations
tags:
- Organisations
responses:
"200":
$ref: "#/components/responses/OrganisationListResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/organisations/view/{organisationId}:
get:
summary: "Get organisation by ID"
operationId: getOrganisationById
tags:
- Organisations
parameters:
- $ref: "#/components/parameters/organisationIdParameter"
responses:
"200":
$ref: "#/components/responses/OrganisationResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/servers/add:
post:
summary: "Add server"
operationId: addServer
tags:
- Servers
requestBody:
$ref: "#/components/requestBodies/AddServerRequest"
responses:
"200":
$ref: "#/components/responses/ServerResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/servers/edit/{serverId}:
put:
summary: "Edit server"
operationId: editServer
tags:
- Servers
parameters:
- $ref: "#/components/parameters/serverIdParameter"
requestBody:
$ref: "#/components/requestBodies/EditServerRequest"
responses:
"200":
$ref: "#/components/responses/ServerResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/servers/delete/{serverId}:
post:
summary: "Delete server"
operationId: deleteServer
tags:
- Servers
parameters:
- $ref: "#/components/parameters/serverIdParameter"
responses:
"200":
$ref: "#/components/responses/DeleteServerResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/servers:
get:
summary: "Get servers"
operationId: getServers
tags:
- Servers
responses:
"200":
$ref: "#/components/responses/ServerListResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/servers/pull/{serverId}/{pullTechnique}:
get:
summary: "Pull server"
operationId: pullServer
tags:
- Servers
parameters:
- $ref: "#/components/parameters/serverIdParameter"
- $ref: "#/components/parameters/pullTechniqueParameter"
responses:
"200":
$ref: "#/components/responses/PullServerResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/servers/push/{serverId}/{pushTechnique}:
get:
summary: "Push server"
operationId: pushServer
tags:
- Servers
parameters:
- $ref: "#/components/parameters/serverIdParameter"
- $ref: "#/components/parameters/pushTechniqueParameter"
responses:
"200":
$ref: "#/components/responses/PushServerResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/servers/getVersion:
get:
summary: "Get current instance version"
operationId: getServerVersion
tags:
- Servers
responses:
"200":
$ref: "#/components/responses/ServerVersionResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/servers/getPyMISPVersion:
get:
summary: "Get current instance PyMISP version"
operationId: getPyMISPVersion
tags:
- Servers
responses:
"200":
$ref: "#/components/responses/ServerPyMISPVersionResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/servers/serverSettings:
get:
summary: "Get current instance settings and diagnostics"
operationId: getServerSettings
tags:
- Servers
responses:
"200":
$ref: "#/components/responses/ServerSettingsResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/servers/getWorkers:
get:
summary: "Get workers"
operationId: getWorkers
tags:
- Servers
responses:
"200":
$ref: "#/components/responses/GetWorkersResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/servers/startWorker/{workerType}:
post:
summary: "Start worker"
operationId: startWorker
tags:
- Servers
parameters:
- $ref: "#/components/parameters/workerTypeParameter"
responses:
"200":
$ref: "#/components/responses/StartWorkerResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/servers/stopWorker/{workerPid}:
post:
summary: "Stop worker"
operationId: stopWorker
tags:
- Servers
parameters:
- $ref: "#/components/parameters/workerPidParameter"
responses:
"200":
$ref: "#/components/responses/StopWorkerResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/servers/killAllWorkers:
post:
summary: "Kill all workers"
operationId: killAllWorkers
tags:
- Servers
responses:
"200":
$ref: "#/components/responses/KillAllWorkersResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/servers/restartWorkers:
post:
summary: "Restart workers"
operationId: restartWorkers
tags:
- Servers
responses:
"200":
$ref: "#/components/responses/RestartWorkersResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/servers/restartDeadWorkers:
post:
summary: "Restart dead workers"
operationId: restartDeadWorkers
tags:
- Servers
responses:
"200":
$ref: "#/components/responses/RestartDeadWorkersResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/servers/update:
post:
summary: "Update server"
operationId: updateServer
tags:
- Servers
responses:
"200":
$ref: "#/components/responses/UpdateServerResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/servers/cache:
post:
summary: "Cache server"
operationId: cacheServer
tags:
- Servers
responses:
"200":
$ref: "#/components/responses/CacheServerResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/servers/createSync:
post:
summary: "Create sync"
operationId: createSync
tags:
- Servers
responses:
"200":
$ref: "#/components/responses/CreateSyncResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/servers/getInstanceUUID:
get:
summary: "Get instance UUID"
operationId: getServerUuid
tags:
- Servers
responses:
"200":
$ref: "#/components/responses/GetInstanceUUIDResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/servers/getSetting/{settingName}:
get:
summary: "Get server setting by name"
operationId: getServerSetting
tags:
- Servers
parameters:
- $ref: "#/components/parameters/settingNameParameter"
responses:
"200":
$ref: "#/components/responses/GetServerSettingResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/servers/serverSettingsEdit/{settingName}:
post:
summary: "Edit server setting"
operationId: editServerSetting
tags:
- Servers
parameters:
- $ref: "#/components/parameters/settingNameParameter"
requestBody:
$ref: "#/components/requestBodies/EditServerSettingRequest"
responses:
"200":
$ref: "#/components/responses/EditServerSettingResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/servers/import:
post:
summary: "Import server"
operationId: importServer
tags:
- Servers
requestBody:
$ref: "#/components/requestBodies/ImportServerRequest"
responses:
"200":
$ref: "#/components/responses/ServerResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/sharing_groups/add:
post:
summary: "Add a sharing group"
operationId: addSharingGroup
tags:
- Sharing Groups
requestBody:
$ref: "#/components/requestBodies/AddSharingGroupRequest"
responses:
"200":
$ref: "#/components/responses/SharingGroupResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/sharing_groups/edit/{sharingGroupId}:
post:
summary: "Edit a sharing group"
operationId: editSharingGroup
tags:
- Sharing Groups
parameters:
- $ref: "#/components/parameters/sharingGroupIdParameter"
requestBody:
$ref: "#/components/requestBodies/EditSharingGroupRequest"
responses:
"200":
$ref: "#/components/responses/SharingGroupResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/sharing_groups/delete/{sharingGroupId}:
delete:
summary: "Delete a sharing group"
operationId: deleteSharingGroup
tags:
- Sharing Groups
parameters:
- $ref: "#/components/parameters/sharingGroupIdParameter"
responses:
"200":
$ref: "#/components/responses/DeleteSharingGroupResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/sharing_groups:
get:
summary: "Get a list of sharing groups"
operationId: getSharingGroup
tags:
- Sharing Groups
responses:
"200":
$ref: "#/components/responses/SharingGroupListResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/sharing_groups/view/{sharingGroupId}:
get:
summary: "Get a sharing group by ID"
operationId: getSharingGroupById
tags:
- Sharing Groups
parameters:
- $ref: "#/components/parameters/sharingGroupIdParameter"
responses:
"200":
$ref: "#/components/responses/SharingGroupResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/sharing_groups/addOrg/{sharingGroupId}/{organisationId}:
post:
summary: "Add an organisation to a sharing group"
operationId: addOrganisationToSharingGroup
tags:
- Sharing Groups
parameters:
- $ref: "#/components/parameters/sharingGroupIdParameter"
- $ref: "#/components/parameters/organisationIdParameter"
responses:
"200":
$ref: "#/components/responses/AddOrganisationToSharingGroupResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/sharing_groups/removeOrg/{sharingGroupId}/{organisationId}:
post:
summary: "Remove an organisation from a sharing group"
operationId: removeOrganisationFromSharingGroup
tags:
- Sharing Groups
parameters:
- $ref: "#/components/parameters/sharingGroupIdParameter"
- $ref: "#/components/parameters/organisationIdParameter"
responses:
"200":
$ref: "#/components/responses/RemoveOrganisationFromSharingGroupResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/sharing_groups/addServer/{sharingGroupId}/{serverId}:
post:
summary: "Add a server to a sharing group"
operationId: addServerToSharingGroup
tags:
- Sharing Groups
parameters:
- $ref: "#/components/parameters/sharingGroupIdParameter"
- $ref: "#/components/parameters/serverIdParameter"
responses:
"200":
$ref: "#/components/responses/AddServerToSharingGroupResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/sharing_groups/removeServer/{sharingGroupServerId}/{serverId}:
post:
summary: "Remove a server from a sharing group"
operationId: removeServerFromSharingGroup
tags:
- Sharing Groups
parameters:
- $ref: "#/components/parameters/sharingGroupServerIdParameter"
- $ref: "#/components/parameters/serverIdParameter"
responses:
"200":
$ref: "#/components/responses/RemoveServerFromSharingGroupResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/feeds:
get:
summary: "Get a list of feeds"
operationId: getFeeds
tags:
- Feeds
responses:
"200":
$ref: "#/components/responses/FeedListResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/feeds/view/{feedId}:
get:
summary: "Get a feed by ID"
operationId: getFeedById
tags:
- Feeds
parameters:
- $ref: "#/components/parameters/feedIdParameter"
responses:
"200":
$ref: "#/components/responses/FeedResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/feeds/add:
post:
summary: "Add a feed"
operationId: addFeed
tags:
- Feeds
requestBody:
$ref: "#/components/requestBodies/AddFeedRequest"
responses:
"200":
$ref: "#/components/responses/FeedResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/feeds/edit/{feedId}:
put:
summary: "Edit a feed"
operationId: editFeed
tags:
- Feeds
parameters:
- $ref: "#/components/parameters/feedIdParameter"
requestBody:
$ref: "#/components/requestBodies/EditFeedRequest"
responses:
"200":
$ref: "#/components/responses/FeedResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/feeds/enable/{feedId}:
post:
summary: "Enable feed"
operationId: enableFeed
tags:
- Feeds
parameters:
- $ref: "#/components/parameters/feedIdParameter"
responses:
"200":
$ref: "#/components/responses/EnableFeedResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/feeds/disable/{feedId}:
post:
summary: "Disable feed"
operationId: disableFeed
tags:
- Feeds
parameters:
- $ref: "#/components/parameters/feedIdParameter"
responses:
"200":
$ref: "#/components/responses/DisableFeedResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/feeds/cacheFeeds/{cacheFeedsScope}:
post:
summary: "Cache feeds"
operationId: cacheFeeds
tags:
- Feeds
parameters:
- $ref: "#/components/parameters/cacheFeedsScopeParameter"
responses:
"200":
$ref: "#/components/responses/CacheFeedsResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/feeds/fetchFromFeed/{feedId}:
post:
summary: "Fetch from feed by ID"
operationId: fetchFromFeed
tags:
- Feeds
parameters:
- $ref: "#/components/parameters/feedIdParameter"
responses:
"200":
$ref: "#/components/responses/FetchFromFeedResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/feeds/fetchFromAllFeeds:
post:
summary: "Fetch from all feeds"
operationId: fetchFromAllFeeds
tags:
- Feeds
responses:
"200":
$ref: "#/components/responses/FetchFromAllFeedsResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/warninglists:
get:
summary: "Get a list of warninglists"
operationId: getWarninglists
tags:
- Warninglists
responses:
"200":
$ref: "#/components/responses/WarninglistListResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
post:
summary: "Search warninglists"
operationId: searchWarninglists
tags:
- Warninglists
requestBody:
$ref: "#/components/requestBodies/WarninglistsSearchRequest"
responses:
"200":
$ref: "#/components/responses/WarninglistListResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/warninglists/toggleEnable:
post:
summary: "Enable/disable warninglists"
operationId: toggleEnableWarninglist
tags:
- Warninglists
requestBody:
$ref: "#/components/requestBodies/WarninglistsToggleEnableRequest"
responses:
"200":
$ref: "#/components/responses/WarninglistToggleEnabledResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/warninglists/view/{warninglistId}:
get:
summary: "Get warninglist by ID"
operationId: getWarninglistById
tags:
- Warninglists
parameters:
- $ref: "#/components/parameters/warninglistIdParameter"
responses:
"200":
$ref: "#/components/responses/WarninglistResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/warninglists/checkValue:
post:
summary: "Check if a list of values matches any warninglists"
operationId: checkValueWarninglistsMatches
tags:
- Warninglists
requestBody:
$ref: "#/components/requestBodies/WarninglistCheckValuesRequest"
responses:
"200":
$ref: "#/components/responses/WarninglistMatchListResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/warninglists/update:
post:
summary: "Update warninglists"
operationId: updateWarninglists
tags:
- Warninglists
responses:
"200":
$ref: "#/components/responses/UpdateWarninglistsResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/noticelists:
get:
summary: "Get a list of noticelists"
operationId: getNoticelists
tags:
- Noticelists
responses:
"200":
$ref: "#/components/responses/NoticelistListResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/noticelists/view/{noticelistId}:
get:
summary: "Get a noticelist by ID"
operationId: getNoticelistById
tags:
- Noticelists
parameters:
- $ref: "#/components/parameters/noticelistIdParameter"
responses:
"200":
$ref: "#/components/responses/NoticelistResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/noticelists/toggleEnable/{noticelistId}:
post:
summary: "Enable/disable noticelist"
operationId: toggleEnableNoticelist
tags:
- Noticelists
parameters:
- $ref: "#/components/parameters/noticelistIdParameter"
responses:
"200":
$ref: "#/components/responses/NoticelistToggleEnableResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/noticelists/update:
post:
summary: "Update noticelists"
operationId: updateNoticelists
tags:
- Noticelists
responses:
"200":
$ref: "#/components/responses/UpdateNoticelistsResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/objects/restsearch:
post:
summary: "[restSearch] Get a filtered and paginated list of objects"
description: |
**This is the recommended endpoint for searching objects.**
operationId: restSearchObjects
tags:
- Objects
requestBody:
$ref: "#/components/requestBodies/RestSearchObjectsRequest"
responses:
"200":
$ref: "#/components/responses/ObjectsRestSearchResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/objects/add/{eventId}/{objectTemplateId}:
post:
summary: "Add an object to an event"
operationId: addObject
tags:
- Objects
parameters:
- $ref: "#/components/parameters/eventIdParameter"
- $ref: "#/components/parameters/objectTemplateIdParameter"
requestBody:
$ref: "#/components/requestBodies/AddObjectRequest"
responses:
"200":
$ref: "#/components/responses/ObjectResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/objects/view/{objectId}:
get:
summary: "Get object by ID"
operationId: getObjectById
tags:
- Objects
parameters:
- $ref: "#/components/parameters/objectIdParameter"
responses:
"200":
$ref: "#/components/responses/ExtendedObjectResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/objects/delete/{objectId}/{hardDelete}:
delete:
summary: "Delete object"
operationId: deleteObject
tags:
- Objects
parameters:
- $ref: "#/components/parameters/objectIdParameter"
- $ref: "#/components/parameters/hardDeleteParameter"
responses:
"200":
$ref: "#/components/responses/DeleteObjectResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/sightings/index/{eventId}:
get:
summary: "Get sightings by event ID"
operationId: getSightingsByEventId
tags:
- Sightings
parameters:
- $ref: "#/components/parameters/eventIdParameter"
responses:
"200":
$ref: "#/components/responses/SightingListResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/sightings/add:
post:
summary: "Add sightings of a list of values"
operationId: addSightingByValue
tags:
- Sightings
requestBody:
$ref: "#/components/requestBodies/AddSightingsRequest"
responses:
"200":
$ref: "#/components/responses/SightingResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/sightings/add/{attributeId}:
post:
summary: "Add sighting of an attribute"
operationId: addSighting
tags:
- Sightings
parameters:
- $ref: "#/components/parameters/attributeIdParameter"
responses:
"200":
$ref: "#/components/responses/SightingResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/sightings/delete/{sightingId}:
post:
summary: "Delete sighting"
operationId: deleteSighting
tags:
- Sightings
parameters:
- $ref: "#/components/parameters/sightingIdParameter"
responses:
"200":
$ref: "#/components/responses/DeleteSightingResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/tags:
get:
summary: "Get tags"
operationId: getTags
tags:
- Tags
responses:
"200":
$ref: "#/components/responses/TagListResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/tags/view/{tagId}:
get:
summary: "Get tag by ID"
operationId: getTagById
tags:
- Tags
parameters:
- $ref: "#/components/parameters/tagIdParameter"
responses:
"200":
$ref: "#/components/responses/TagResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/tags/add:
post:
summary: "Add tag"
operationId: addTag
tags:
- Tags
requestBody:
$ref: "#/components/requestBodies/AddTagRequest"
responses:
"200":
$ref: "#/components/responses/TagResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/tags/delete/{tagId}:
post:
summary: "Delete tag"
operationId: deleteTag
tags:
- Tags
parameters:
- $ref: "#/components/parameters/tagIdParameter"
responses:
"200":
$ref: "#/components/responses/DeleteTagResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/tags/edit/{tagId}:
post:
summary: "Edit tag"
operationId: editTag
tags:
- Tags
parameters:
- $ref: "#/components/parameters/tagIdParameter"
requestBody:
$ref: "#/components/requestBodies/EditTagRequest"
responses:
"200":
$ref: "#/components/responses/EditTagResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/tags/search/{tagSearchTerm}:
get:
summary: "Search tag"
operationId: searchTag
tags:
- Tags
parameters:
- $ref: "#/components/parameters/tagSearchTermParameter"
responses:
"200":
$ref: "#/components/responses/SearchTagResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/auth_keys:
get:
summary: "Get auth keys"
operationId: getAuthKeys
tags:
- AuthKeys
responses:
"200":
$ref: "#/components/responses/GetAuthKeysResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
post:
summary: "Search auth keys"
operationId: searchAuthKeys
tags:
- AuthKeys
requestBody:
$ref: "#/components/requestBodies/GetAuthKeyRequest"
responses:
"200":
$ref: "#/components/responses/GetAuthKeysResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/auth_keys/add/{userId}:
post:
summary: "Add auth keys"
operationId: addAuthKey
tags:
- AuthKeys
parameters:
- $ref: "#/components/parameters/userIdParameter"
requestBody:
$ref: "#/components/requestBodies/AddAuthKeyRequest"
responses:
"200":
$ref: "#/components/responses/AddAuthKeyResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/auth_keys/view/{authKeyId}:
get:
summary: "View auth key"
operationId: getAuthKeyById
tags:
- AuthKeys
parameters:
- $ref: "#/components/parameters/authKeyIdParameter"
responses:
"200":
$ref: "#/components/responses/AuthKeyResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/auth_keys/edit/{authKeyId}:
post:
summary: "Edit auth key"
operationId: editAuthKey
tags:
- AuthKeys
parameters:
- $ref: "#/components/parameters/authKeyIdParameter"
requestBody:
$ref: "#/components/requestBodies/EditAuthKeyRequest"
responses:
"200":
$ref: "#/components/responses/AuthKeyResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/auth_keys/delete/{authKeyId}:
delete:
summary: "Delete auth key"
operationId: deleteAuthKey
tags:
- AuthKeys
parameters:
- $ref: "#/components/parameters/authKeyIdParameter"
responses:
"200":
$ref: "#/components/responses/DeleteAuthKeyResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/user_settings:
get:
summary: "Get user settings"
operationId: getUserSettings
tags:
- UserSettings
responses:
"200":
$ref: "#/components/responses/GetUserSettingsResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
post:
summary: "Search user settings"
operationId: searchUserSettings
tags:
- UserSettings
requestBody:
$ref: "#/components/requestBodies/GetUserSettingRequest"
responses:
"200":
$ref: "#/components/responses/GetUserSettingsResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/user_settings/view/{userSettingId}:
get:
summary: "Get user setting by id"
operationId: getUserSettingById
tags:
- UserSettings
parameters:
- $ref: "#/components/parameters/userSettingIdParameter"
responses:
"200":
$ref: "#/components/responses/UserSettingResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/user_settings/setSetting/{userId}/{userSettingName}:
post:
summary: "Set user setting"
operationId: setUserSetting
tags:
- UserSettings
parameters:
- $ref: "#/components/parameters/userIdParameter"
- $ref: "#/components/parameters/userSettingNameParameter"
requestBody:
$ref: "#/components/requestBodies/SetUserSettingRequest"
responses:
"200":
$ref: "#/components/responses/UserSettingResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/user_settings/getSetting/{userId}/{userSettingName}:
get:
summary: "Get user setting by id"
operationId: getUserSettingByName
tags:
- UserSettings
parameters:
- $ref: "#/components/parameters/userIdParameter"
- $ref: "#/components/parameters/userSettingNameParameter"
responses:
"200":
$ref: "#/components/responses/UserSettingResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/user_settings/delete/{userSettingId}:
delete:
summary: "Delete user setting by id"
operationId: deleteUserSettingById
tags:
- UserSettings
parameters:
- $ref: "#/components/parameters/userSettingIdParameter"
responses:
"200":
$ref: "#/components/responses/DeleteUserSettingResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/taxonomies:
get:
summary: "Get taxonomies"
operationId: getTaxonomies
tags:
- Taxonomies
responses:
"200":
$ref: "#/components/responses/GetTaxonomiesResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/taxonomies/view/{taxonomyIdParameter}:
get:
summary: "Get a taxonomy by ID"
operationId: getTaxonomyById
tags:
- Taxonomies
responses:
"200":
$ref: "#/components/responses/TaxonomiesResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/taxonomies/enable/{taxonomyIdParameter}:
post:
summary: "Enable taxonomy"
operationId: enableTaxonomy
tags:
- Taxonomies
responses:
"200":
$ref: "#/components/responses/EnableTaxonomyResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/taxonomies/disable/{taxonomyIdParameter}:
post:
summary: "Disable taxonomy"
operationId: disableTaxonomy
tags:
- Taxonomies
responses:
"200":
$ref: "#/components/responses/DisableTaxonomyResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/taxonomies/update:
post:
summary: "Update taxonomies"
operationId: updateTaxonomies
tags:
- Taxonomies
responses:
"200":
$ref: "#/components/responses/UpdateTaxonomiesResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/taxonomies/taxonomy_tags/{taxonomyIdParameter}:
get:
summary: "Get a taxonomy extended with tags used in events and attributes."
operationId: getTaxonomyTags
tags:
- Taxonomies
responses:
"200":
$ref: "#/components/responses/GetTaxonomyTagsResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/taxonomies/export/{taxonomyIdParameter}:
get:
summary: "Export taxonomy."
operationId: exportTaxonomy
tags:
- Taxonomies
responses:
"200":
$ref: "#/components/responses/ExportTaxonomyTagsResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
components:
schemas:
# Analyst Data
AnalystDataID:
type: string
pattern: '^\d+$'
maxLength: 10
example: "12345"
AnalystDataType:
type: string
enum:
- "Note"
- "Opinion"
- "Relationship"
AnalystObjectType:
type: string
enum:
- "Attribute"
- "Event"
- "EventReport"
- "GalaxyCluster"
- "Galaxy"
- "Object"
- "Note"
- "Opinion"
- "Relationship"
- "Organisation"
- "SharingGroup"
AnalystDataAuthors:
type: string
example: "john.doe@admin.test"
AnalystNoteNote:
type: string
example: "Provide more context"
AnalystNoteLanguage:
type: string
description: "RFC5646 Language code"
example: "fr-BE"
AnalystNoteOpinion:
type: number
description: "The opinion expressed on a scale from 0 to 100 where values < 50 are negatives, 50 is neutral and values > 50 are positives"
format: integer
minimum: 0
maximum: 100
example: 70
AnalystData:
type: object
properties:
uuid:
$ref: "#/components/schemas/UUID"
object_uuid:
$ref: "#/components/schemas/UUID"
object_type:
$ref: "#/components/schemas/AnalystObjectType"
authors:
$ref: "#/components/schemas/AnalystDataAuthors"
org_uuid:
$ref: "#/components/schemas/UUID"
orgc_uuid:
$ref: "#/components/schemas/UUID"
created:
type: string
example: "2024-03-19 11:10:24"
modified:
type: string
example: "2024-03-19 11:10:24"
distribution:
$ref: "#/components/schemas/DistributionLevelId"
sharing_group_id:
$ref: "#/components/schemas/SharingGroupId"
locked:
$ref: "#/components/schemas/IsLocked"
AnalystNote:
allOf:
- type: object
properties:
note:
$ref: "#/components/schemas/AnalystNoteNote"
language:
$ref: "#/components/schemas/AnalystNoteLanguage"
note_type_name:
type: string
enum:
- "Note"
- $ref: "#/components/schemas/AnalystData"
AnalystOpinion:
allOf:
- type: object
properties:
comment:
$ref: "#/components/schemas/AnalystNoteNote"
opinion:
$ref: "#/components/schemas/AnalystNoteOpinion"
note_type_name:
type: string
enum:
- "Opinion"
- $ref: "#/components/schemas/AnalystData"
AnalystRelationship:
allOf:
- type: object
properties:
related_object_uuid:
$ref: "#/components/schemas/UUID"
related_object_type:
$ref: "#/components/schemas/AnalystObjectType"
relationship_type:
type: string
example: "related-to"
note_type_name:
type: string
enum:
- "Relationship"
- $ref: "#/components/schemas/AnalystData"
# Attributes
AttributeId:
type: string
pattern: '^\d+$'
maxLength: 10
example: "12345"
AttributeType:
type: string
maxLength: 100
enum:
- "md5"
- "sha1"
- "sha256"
- "filename"
- "pdb"
- "filename|md5"
- "filename|sha1"
- "filename|sha256"
- "ip-src"
- "ip-dst"
- "hostname"
- "domain"
- "domain|ip"
- "email"
- "email-src"
- "eppn"
- "email-dst"
- "email-subject"
- "email-attachment"
- "email-body"
- "float"
- "git-commit-id"
- "url"
- "http-method"
- "user-agent"
- "ja3-fingerprint-md5"
- "jarm-fingerprint"
- "favicon-mmh3"
- "hassh-md5"
- "hasshserver-md5"
- "regkey"
- "regkey|value"
- "AS"
- "snort"
- "bro"
- "zeek"
- "community-id"
- "pattern-in-file"
- "pattern-in-traffic"
- "pattern-in-memory"
- "pattern-filename"
- "pgp-public-key"
- "pgp-private-key"
- "yara"
- "stix2-pattern"
- "sigma"
- "gene"
- "kusto-query"
- "mime-type"
- "identity-card-number"
- "cookie"
- "vulnerability"
- "cpe"
- "weakness"
- "attachment"
- "malware-sample"
- "link"
- "comment"
- "text"
- "hex"
- "other"
- "named pipe"
- "mutex"
- "process-state"
- "target-user"
- "target-email"
- "target-machine"
- "target-org"
- "target-location"
- "target-external"
- "btc"
- "dash"
- "xmr"
- "iban"
- "bic"
- "bank-account-nr"
- "aba-rtn"
- "bin"
- "cc-number"
- "prtn"
- "phone-number"
- "threat-actor"
- "campaign-name"
- "campaign-id"
- "malware-type"
- "uri"
- "authentihash"
- "vhash"
- "ssdeep"
- "imphash"
- "telfhash"
- "pehash"
- "impfuzzy"
- "sha224"
- "sha384"
- "sha512"
- "sha512/224"
- "sha512/256"
- "sha3-224"
- "sha3-256"
- "sha3-384"
- "sha3-512"
- "tlsh"
- "cdhash"
- "filename|authentihash"
- "filename|vhash"
- "filename|ssdeep"
- "filename|imphash"
- "filename|impfuzzy"
- "filename|pehash"
- "filename|sha224"
- "filename|sha384"
- "filename|sha512"
- "filename|sha512/224"
- "filename|sha512/256"
- "filename|sha3-224"
- "filename|sha3-256"
- "filename|sha3-384"
- "filename|sha3-512"
- "filename|tlsh"
- "windows-scheduled-task"
- "windows-service-name"
- "windows-service-displayname"
- "whois-registrant-email"
- "whois-registrant-phone"
- "whois-registrant-name"
- "whois-registrant-org"
- "whois-registrar"
- "whois-creation-date"
- "x509-fingerprint-sha1"
- "x509-fingerprint-md5"
- "x509-fingerprint-sha256"
- "dns-soa-email"
- "size-in-bytes"
- "counter"
- "datetime"
- "port"
- "ip-dst|port"
- "ip-src|port"
- "hostname|port"
- "mac-address"
- "mac-eui-64"
- "email-dst-display-name"
- "email-src-display-name"
- "email-header"
- "email-reply-to"
- "email-x-mailer"
- "email-mime-boundary"
- "email-thread-index"
- "email-message-id"
- "github-username"
- "github-repository"
- "github-organisation"
- "jabber-id"
- "twitter-id"
- "dkim"
- "dkim-signature"
- "first-name"
- "middle-name"
- "last-name"
- "full-name"
- "date-of-birth"
- "place-of-birth"
- "gender"
- "passport-number"
- "passport-country"
- "passport-expiration"
- "redress-number"
- "nationality"
- "visa-number"
- "issue-date-of-the-visa"
- "primary-residence"
- "country-of-residence"
- "special-service-request"
- "frequent-flyer-number"
- "travel-details"
- "payment-details"
- "place-port-of-original-embarkation"
- "place-port-of-clearance"
- "place-port-of-onward-foreign-destination"
- "passenger-name-record-locator-number"
- "mobile-application-id"
- "chrome-extension-id"
- "cortex"
- "boolean"
- "anonymised"
AttributeValue:
type: string
maxLength: 131071
example: "127.0.0.1"
AttributeCategory:
type: string
maxLength: 255
enum:
- "Internal reference"
- "Targeting data"
- "Antivirus detection"
- "Payload delivery"
- "Artifacts dropped"
- "Payload installation"
- "Persistence mechanism"
- "Network activity"
- "Payload type"
- "Attribution"
- "External analysis"
- "Financial fraud"
- "Support Tool"
- "Social network"
- "Person"
- "Other"
AttributeComment:
type: string
maxLength: 65535
example: "logged source ip"
AttributeEventUUID:
$ref: "#/components/schemas/UUID"
AttributeAttachment:
description: "base64 representation of the attachment"
type: string
format: byte
AttributeNoId:
type: object
properties:
event_id:
$ref: "#/components/schemas/EventId"
object_id:
$ref: "#/components/schemas/ObjectId"
object_relation:
$ref: "#/components/schemas/NullableObjectRelation"
category:
$ref: "#/components/schemas/AttributeCategory"
type:
$ref: "#/components/schemas/AttributeType"
value:
$ref: "#/components/schemas/AttributeValue"
to_ids:
$ref: "#/components/schemas/ToIDS"
uuid:
$ref: "#/components/schemas/UUID"
timestamp:
$ref: "#/components/schemas/NullableTimestamp"
distribution:
$ref: "#/components/schemas/DistributionLevelId"
sharing_group_id:
$ref: "#/components/schemas/SharingGroupId"
comment:
$ref: "#/components/schemas/AttributeComment"
deleted:
$ref: "#/components/schemas/SoftDeletedFlag"
disable_correlation:
$ref: "#/components/schemas/DisableCorrelationFlag"
first_seen:
$ref: "#/components/schemas/NullableMicroTimestamp"
last_seen:
$ref: "#/components/schemas/NullableMicroTimestamp"
Attribute:
allOf:
- type: object
properties:
id:
$ref: "#/components/schemas/AttributeId"
- $ref: "#/components/schemas/AttributeNoId"
ExtendedAttribute:
allOf:
- $ref: "#/components/schemas/Attribute"
- type: object
properties:
data:
$ref: "#/components/schemas/AttributeAttachment"
event_uuid:
$ref: "#/components/schemas/UUID"
decay_score:
$ref: "#/components/schemas/DecayScoreList"
AttributeList:
type: array
items:
$ref: "#/components/schemas/Attribute"
AttributeRestSearchListItem:
allOf:
- $ref: "#/components/schemas/ExtendedAttribute"
- type: object
properties:
Event:
$ref: "#/components/schemas/Event"
Object:
$ref: "#/components/schemas/Object"
Tag:
$ref: "#/components/schemas/TagList"
AttributeRestSearchList:
type: array
items:
$ref: "#/components/schemas/AttributeRestSearchListItem"
AttributeStatisticsResponse:
description: Dictionary of attribute types/categories showing the ammount of occurences/percentage.
type: object
example:
- "Antivirus detection": "10"
- "Artifacts dropped": "20"
DescribeAttributeTypesResponse:
description: "Lists available attribute types, default categories and category-type mappings."
type: object
properties:
sane_defaults:
type: object
example:
md5:
default_category: "Payload delivery"
to_ids: 1
pdb:
default_category: "Artifacts dropped"
to_ids: 0
types:
type: array
items:
$ref: "#/components/schemas/AttributeType"
categories:
type: array
items:
$ref: "#/components/schemas/AttributeCategory"
category_type_mappings:
type: object
example:
"Internal reference":
- "text"
- "link"
- "comment"
- "other"
"Antivirus detection":
- "link"
- "comment"
- "text"
- "hex"
- "other"
AttributeRestSearchFilter:
type: object
properties:
page:
$ref: "#/components/schemas/PageSearchFilter"
limit:
$ref: "#/components/schemas/LimitSearchFilter"
value:
$ref: "#/components/schemas/AttributeValue"
value1:
$ref: "#/components/schemas/AttributeValue"
value2:
$ref: "#/components/schemas/AttributeValue"
type:
$ref: "#/components/schemas/AttributeType"
category:
$ref: "#/components/schemas/AttributeCategory"
org:
oneOf:
- $ref: "#/components/schemas/OrganisationId"
- $ref: "#/components/schemas/OrganisationName"
tags:
$ref: "#/components/schemas/TagsRestSearchFilter"
from:
$ref: "#/components/schemas/DateRestSearchFilter"
to:
$ref: "#/components/schemas/DateRestSearchFilter"
last:
$ref: "#/components/schemas/LastRestSearchFilter"
eventid:
$ref: "#/components/schemas/EventId"
withAttachments:
$ref: "#/components/schemas/WithAttachmentsRestSearchFilter"
uuid:
$ref: "#/components/schemas/UUID"
publish_timestamp:
$ref: "#/components/schemas/Timestamp"
published:
$ref: "#/components/schemas/PublishedFlag"
timestamp:
$ref: "#/components/schemas/Timestamp"
attribute_timestamp:
$ref: "#/components/schemas/Timestamp"
enforceWarninglist:
$ref: "#/components/schemas/EnforceWarninglistRestSearchFilter"
to_ids:
$ref: "#/components/schemas/ToIDSRestSearchFlag"
deleted:
$ref: "#/components/schemas/SoftDeletedFlagValuesToInclude"
event_timestamp:
$ref: "#/components/schemas/Timestamp"
threat_level_id:
$ref: "#/components/schemas/ThreatLevelId"
eventinfo:
description: "Quick event description"
type: string
sharinggroup:
$ref: "#/components/schemas/SharingGroupIDRestSearchFilter"
decayingModel:
$ref: "#/components/schemas/DecayingModelRestSearchFilter"
score:
$ref: "#/components/schemas/DecayingModelScoreRestSearchFilter"
first_seen:
description: "Seen within the last x amount of time, where x can be defined in days, hours, minutes (for example 5d or 12h or 30m)"
type: string
last_seen:
description: "Seen within the last x amount of time, where x can be defined in days, hours, minutes (for example 5d or 12h or 30m)"
type: string
includeEventUuid:
$ref: "#/components/schemas/IncludeEventUUIDRestSearchFlag"
includeEventTags:
$ref: "#/components/schemas/IncludeEventTagsRestSearchFlag"
includeProposals:
$ref: "#/components/schemas/IncludeProposalsRestSearchFlag"
requested_attributes:
$ref: "#/components/schemas/RequestedAttributesRestSearchFilter"
includeContext:
$ref: "#/components/schemas/IncludeContextRestSearchFlag"
headerless:
$ref: "#/components/schemas/HeaderlessRestSearchFlag"
includeWarninglistHits:
$ref: "#/components/schemas/IncludeWarninglistHitsRestSearchFlag"
attackGalaxy:
$ref: "#/components/schemas/AttackGalaxyRestSearchFilter"
object_relation:
$ref: "#/components/schemas/ObjectRelationRestSearchFilter"
includeSightings:
$ref: "#/components/schemas/IncludeSightingDbRestSearchFlag"
includeCorrelations:
$ref: "#/components/schemas/IncludeCorrelationsRestSearchFlag"
modelOverrides:
$ref: "#/components/schemas/ModelOverridesRestSearchFilter"
includeDecayScore:
$ref: "#/components/schemas/IncludeDecayScoreRestSearchFlag"
includeFullModel:
$ref: "#/components/schemas/IncludeFullModelRestSearchFlag"
excludeDecayed:
$ref: "#/components/schemas/ExcludeDecayedRestSearchFlag"
returnFormat:
$ref: "#/components/schemas/AttributesRestSearchReturnFormat"
# Decay Models
DecayingModelParameters:
type: object
properties:
lifetime:
type: number
format: float
example: 3
decay_speed:
type: number
format: float
example: 2.3
threshold:
type: number
format: float
example: 30
default_base_score:
type: number
format: float
example: 80
base_score_config:
type: object
example:
estimative-language:confidence-in-analytic-judgment: 0.25
estimative-language:likelihood-probability: 0.25
phishing:psychological-acceptability: 0.25
phishing:state: 0.20
DecayingModel:
type: object
properties:
id:
type: string
pattern: '^\d+$'
maxLength: 10
example: "12345"
name:
type: string
maxLength: 255
example: "Phishing model"
FullDecayingModel:
description: "Present if the `includeFullModel` flag was set to *true* in the rest search request"
type: object
properties:
id:
type: string
pattern: '^\d+$'
maxLength: 10
example: "12345"
uuid:
$ref: "#/components/schemas/UUID"
name:
type: string
maxLength: 255
example: "Phishing model"
description:
type: string
maxLength: 65535
example: "Simple model to rapidly decay phishing website."
parameters:
$ref: "#/components/schemas/DecayingModelParameters"
attribute_types:
type: array
items:
$ref: "#/components/schemas/AttributeType"
org_id:
$ref: "#/components/schemas/OrganisationId"
enabled:
type: boolean
all_orgs:
type: boolean
ref:
type: array
items:
type: string
example: "https://arxiv.org/abs/1902.03914"
formula:
type: string
enum:
- Polynomial
version:
type: string
example: "2"
default:
type: boolean
isEditable:
type: boolean
DecayScore:
type: object
properties:
score:
type: number
format: float
example: 10.5
base_score:
type: number
format: float
example: 80
decayed:
type: boolean
DecayingModel:
oneOf:
- $ref: "#/components/schemas/DecayingModel"
- $ref: "#/components/schemas/FullDecayingModel"
DecayScoreList:
type: array
items:
$ref: "#/components/schemas/DecayScore"
# Events
EventId:
type: string
pattern: '^\d+$'
maxLength: 10
example: "12345"
EventInfo:
type: string
maxLength: 65535
example: "logged source ip"
EventAttributeCount:
type: string
pattern: '^\d+$'
example: "321"
EventProposalEmailLock:
type: boolean
EventOrganisation:
type: object
properties:
id:
$ref: "#/components/schemas/OrganisationId"
name:
$ref: "#/components/schemas/OrganisationName"
uuid:
$ref: "#/components/schemas/UUID"
EventTagId:
type: string
pattern: '^\d+$'
maxLength: 10
example: "12345"
EventTag:
type: object
properties:
id:
$ref: "#/components/schemas/EventTagId"
event_id:
$ref: "#/components/schemas/EventId"
tag_id:
$ref: "#/components/schemas/TagId"
local:
$ref: "#/components/schemas/IsLocal"
Tag:
$ref: "#/components/schemas/Tag"
EventTagList:
type: array
items:
$ref: "#/components/schemas/EventTag"
EventReportId:
type: string
pattern: '^\d+$'
maxLength: 10
example: "12345"
EventReportName:
type: string
maxLength: 65535
example: "Report of the incident"
EventReportValue:
type: string
EventReport:
allOf:
- type: object
properties:
id:
$ref: "#/components/schemas/EventReportId"
- $ref: "#/components/schemas/EventReportNoId"
EventReportNoId:
type: object
properties:
uuid:
$ref: "#/components/schemas/UUID"
event_id:
$ref: "#/components/schemas/EventId"
name:
$ref: "#/components/schemas/EventReportName"
content:
$ref: "#/components/schemas/EventReportValue"
distribution:
$ref: "#/components/schemas/DistributionLevelId"
sharing_group_id:
$ref: "#/components/schemas/SharingGroupId"
timestamp:
$ref: "#/components/schemas/NullableTimestamp"
deleted:
$ref: "#/components/schemas/SoftDeletedFlag"
EventNoId:
type: object
properties:
org_id:
$ref: "#/components/schemas/OrganisationId"
distribution:
$ref: "#/components/schemas/DistributionLevelId"
info:
$ref: "#/components/schemas/EventInfo"
orgc_id:
$ref: "#/components/schemas/OrganisationId"
uuid:
$ref: "#/components/schemas/UUID"
date:
type: string
example: "1991-01-15"
published:
$ref: "#/components/schemas/PublishedFlag"
analysis:
$ref: "#/components/schemas/AnalysisLevelId"
attribute_count:
$ref: "#/components/schemas/EventAttributeCount"
timestamp:
$ref: "#/components/schemas/NullableTimestamp"
sharing_group_id:
$ref: "#/components/schemas/SharingGroupId"
proposal_email_lock:
$ref: "#/components/schemas/EventProposalEmailLock"
locked:
$ref: "#/components/schemas/IsLocked"
threat_level_id:
$ref: "#/components/schemas/ThreatLevelId"
publish_timestamp:
$ref: "#/components/schemas/Timestamp"
sighting_timestamp:
$ref: "#/components/schemas/Timestamp"
disable_correlation:
$ref: "#/components/schemas/DisableCorrelationFlag"
extends_uuid:
$ref: "#/components/schemas/ExtendsUUID"
event_creator_email:
type: string
format: email
Event:
allOf:
- type: object
properties:
id:
$ref: "#/components/schemas/EventId"
- $ref: "#/components/schemas/EventNoId"
ExtendedEvent:
allOf:
- $ref: "#/components/schemas/Event"
- type: object
properties:
Feed:
$ref: "#/components/schemas/Feed"
Org:
$ref: "#/components/schemas/EventOrganisation"
Orgc:
$ref: "#/components/schemas/EventOrganisation"
Attribute:
$ref: "#/components/schemas/AttributeList"
ShadowAttribute:
$ref: "#/components/schemas/AttributeList"
RelatedEvent:
type: array
items:
type: object
properties:
Event:
$ref: "#/components/schemas/ExtendedEvent"
Galaxy:
type: array
items:
$ref: "#/components/schemas/Galaxy"
Object:
type: array
items:
$ref: "#/components/schemas/Object"
EventReport:
type: array
items:
$ref: "#/components/schemas/EventReport"
Tag:
$ref: "#/components/schemas/TagList"
CreatedEvent:
type: object
properties:
Event:
allOf:
- $ref: "#/components/schemas/ExtendedEvent"
- type: object
properties:
event_creator_email:
type: string
format: email
Galaxy:
type: array
items:
$ref: "#/components/schemas/Galaxy"
Object:
type: array
items:
$ref: "#/components/schemas/Object"
EventReport:
type: array
items:
$ref: "#/components/schemas/EventReport"
UpdatedEvent:
type: object
properties:
Event:
allOf:
- $ref: "#/components/schemas/ExtendedEvent"
- type: object
properties:
event_creator_email:
type: string
format: email
Galaxy:
type: array
items:
$ref: "#/components/schemas/Galaxy"
Object:
type: array
items:
$ref: "#/components/schemas/Object"
EventReport:
type: array
items:
$ref: "#/components/schemas/EventReport"
Tag:
type: array
items:
$ref: "#/components/schemas/Tag"
SlimEvent:
type: object
properties:
id:
$ref: "#/components/schemas/EventId"
timestamp:
$ref: "#/components/schemas/Timestamp"
sighting_timestamp:
$ref: "#/components/schemas/Timestamp"
published:
$ref: "#/components/schemas/PublishedFlag"
uuid:
$ref: "#/components/schemas/UUID"
orgc_uuid:
$ref: "#/components/schemas/UUID"
required:
- id
- timestamp
- sighting_timestamp
- published
- uuid
- orgc_uuid
EventList:
type: array
items:
$ref: "#/components/schemas/Event"
ExtendedEventList:
type: array
items:
$ref: "#/components/schemas/ExtendedEvent"
SlimEventList:
type: array
items:
$ref: "#/components/schemas/SlimEvent"
EventRestSearchList:
type: array
items:
type: object
properties:
Event:
type: object
allOf:
- $ref: "#/components/schemas/ExtendedEvent"
- type: object
properties:
Event:
$ref: "#/components/schemas/SlimEvent"
# Objects
ObjectId:
type: string
pattern: '^\d+$'
maxLength: 10
example: "12345"
ObjectName:
type: string
maxLength: 131071
example: "ail-leak"
ObjectMetaCategory:
type: string
ObjectDescription:
type: string
ObjectTemplateVersion:
type: string
pattern: '^\d+$'
example: "1"
ObjectRelation:
type: string
maxLength: 255
example: "sensor"
NullableObjectRelation:
nullable: true
type: string
maxLength: 255
example: "sensor"
Object:
type: object
properties:
id:
$ref: "#/components/schemas/ObjectId"
name:
$ref: "#/components/schemas/ObjectName"
meta-category:
$ref: "#/components/schemas/ObjectMetaCategory"
description:
$ref: "#/components/schemas/ObjectDescription"
template_uuid:
$ref: "#/components/schemas/UUID"
template_version:
$ref: "#/components/schemas/ObjectTemplateVersion"
event_id:
$ref: "#/components/schemas/EventId"
uuid:
$ref: "#/components/schemas/UUID"
timestamp:
$ref: "#/components/schemas/Timestamp"
distribution:
$ref: "#/components/schemas/DistributionLevelId"
sharing_group_id:
$ref: "#/components/schemas/SharingGroupId"
comment:
type: string
deleted:
type: boolean
first_seen:
$ref: "#/components/schemas/NullableMicroTimestamp"
last_seen:
$ref: "#/components/schemas/NullableMicroTimestamp"
Attribute:
type: array
items:
$ref: "#/components/schemas/Attribute"
ExtendedObject:
allOf:
- $ref: "#/components/schemas/Object"
- type: object
properties:
Event:
type: object
properties:
id:
$ref: "#/components/schemas/EventId"
info:
$ref: "#/components/schemas/EventInfo"
org_id:
$ref: "#/components/schemas/OrganisationId"
orgc_id:
$ref: "#/components/schemas/OrganisationId"
ObjectTemplateId:
type: string
pattern: '^\d+$'
maxLength: 10
example: "12345"
ObjectRestSearchList:
type: object
properties:
Object:
$ref: "#/components/schemas/Object"
ObjectRestSearchFilter:
type: object
properties:
page:
$ref: "#/components/schemas/PageSearchFilter"
limit:
$ref: "#/components/schemas/LimitSearchFilter"
quickFilter:
$ref: "#/components/schemas/SearchAllRestSearchFilter"
searchall:
$ref: "#/components/schemas/SearchAllRestSearchFilter"
timestamp:
$ref: "#/components/schemas/Timestamp"
object_name:
$ref: "#/components/schemas/ObjectName"
object_template_uuid:
$ref: "#/components/schemas/UUID"
object_template_version:
$ref: "#/components/schemas/ObjectTemplateVersion"
eventid:
$ref: "#/components/schemas/EventId"
eventinfo:
$ref: "#/components/schemas/EventInfo"
ignore:
description: "If true matches both true and false values for `to_ids` and `published`"
type: boolean
default: false
from:
$ref: "#/components/schemas/DateRestSearchFilter"
to:
$ref: "#/components/schemas/DateRestSearchFilter"
date:
$ref: "#/components/schemas/DateRestSearchFilter"
tags:
$ref: "#/components/schemas/TagsRestSearchFilter"
last:
$ref: "#/components/schemas/LastRestSearchFilter"
event_timestamp:
$ref: "#/components/schemas/Timestamp"
publish_timestamp:
$ref: "#/components/schemas/Timestamp"
org:
oneOf:
- $ref: "#/components/schemas/OrganisationId"
- $ref: "#/components/schemas/OrganisationName"
uuid:
$ref: "#/components/schemas/UUID"
value:
$ref: "#/components/schemas/AttributeValue"
type:
$ref: "#/components/schemas/AttributeType"
category:
$ref: "#/components/schemas/AttributeCategory"
object_relation:
$ref: "#/components/schemas/ObjectRelationRestSearchFilter"
attribute_timestamp:
$ref: "#/components/schemas/Timestamp"
first_seen:
$ref: "#/components/schemas/NullableMicroTimestamp"
last_seen:
$ref: "#/components/schemas/NullableMicroTimestamp"
comment:
$ref: "#/components/schemas/AttributeComment"
to_ids:
$ref: "#/components/schemas/ToIDSRestSearchFlag"
published:
$ref: "#/components/schemas/PublishedFlag"
deleted:
$ref: "#/components/schemas/SoftDeletedFlag"
withAttachments:
$ref: "#/components/schemas/WithAttachmentsRestSearchFilter"
enforceWarninglist:
$ref: "#/components/schemas/EnforceWarninglistRestSearchFilter"
includeAllTags:
$ref: "#/components/schemas/IncludeAllTagsRestSearchFilter"
includeEventUuid:
$ref: "#/components/schemas/IncludeEventUUIDRestSearchFlag"
include_event_uuid:
$ref: "#/components/schemas/IncludeEventUUIDRestSearchFlag"
includeEventTags:
$ref: "#/components/schemas/IncludeEventTagsRestSearchFlag"
includeProposals:
$ref: "#/components/schemas/IncludeProposalsRestSearchFlag"
includeWarninglistHits:
$ref: "#/components/schemas/IncludeWarninglistHitsRestSearchFlag"
includeContext:
$ref: "#/components/schemas/IncludeContextRestSearchFlag"
includeSightings:
$ref: "#/components/schemas/IncludeContextRestSearchFlag"
includeSightingdb:
$ref: "#/components/schemas/IncludeSightingDbRestSearchFlag"
includeCorrelations:
$ref: "#/components/schemas/IncludeCorrelationsRestSearchFlag"
includeDecayScore:
$ref: "#/components/schemas/IncludeDecayScoreRestSearchFlag"
includeFullModel:
$ref: "#/components/schemas/IncludeFullModelRestSearchFlag"
allow_proposal_blocking:
$ref: "#/components/schemas/AllowProposalBlockingRestSearchFlag"
metadata:
$ref: "#/components/schemas/MetadataRestSearchFilter"
attackGalaxy:
$ref: "#/components/schemas/AttackGalaxyRestSearchFilter"
excludeDecayed:
$ref: "#/components/schemas/ExcludeDecayedRestSearchFlag"
decayingModel:
$ref: "#/components/schemas/DecayingModelRestSearchFilter"
modelOverrides:
$ref: "#/components/schemas/ModelOverridesRestSearchFilter"
score:
$ref: "#/components/schemas/DecayingModelScoreRestSearchFilter"
returnFormat:
$ref: "#/components/schemas/ObjectsRestSearchReturnFormat"
# Sightings
SightingId:
type: string
pattern: '^\d+$'
maxLength: 10
example: "12345"
Sighting:
type: object
properties:
id:
$ref: "#/components/schemas/SightingId"
attribute_id:
$ref: "#/components/schemas/AttributeId"
event_id:
$ref: "#/components/schemas/EventId"
org_id:
$ref: "#/components/schemas/OrganisationId"
date_sighting:
$ref: "#/components/schemas/Timestamp"
uuid:
$ref: "#/components/schemas/UUID"
source:
type: string
type:
type: string
attribute_uuid:
$ref: "#/components/schemas/UUID"
Organisation:
type: object
properties:
id:
$ref: "#/components/schemas/OrganisationId"
uuid:
$ref: "#/components/schemas/UUID"
name:
$ref: "#/components/schemas/OrganisationName"
# Galaxies
GalaxyId:
type: string
pattern: '^\d+$'
maxLength: 10
example: "12345"
GalaxyName:
type: string
maxLength: 255
example: "Ransomware"
GalaxyType:
type: string
maxLength: 255
example: "ransomware"
GalaxyDescription:
type: string
maxLength: 65535
example: "Ransomware galaxy based on ..."
GalaxyVersion:
type: string
maxLength: 255
example: "1"
GalaxyNamespace:
type: string
maxLength: 255
example: "misp"
Galaxy:
type: object
properties:
id:
$ref: "#/components/schemas/GalaxyId"
uuid:
$ref: "#/components/schemas/UUID"
name:
$ref: "#/components/schemas/GalaxyName"
type:
$ref: "#/components/schemas/GalaxyType"
description:
$ref: "#/components/schemas/GalaxyDescription"
version:
$ref: "#/components/schemas/GalaxyVersion"
icon:
$ref: "#/components/schemas/Icon"
namespace:
$ref: "#/components/schemas/GalaxyNamespace"
kill_chain_order:
type: object
nullable: true
example:
fraud-tactics:
- "Initiation"
- "Target Compromise"
- "Perform Fraud"
- "Obtain Fraudulent Assets"
- "Assets Transfer"
- "Monetisation"
GalaxyClusterId:
type: string
pattern: '^\d+$'
maxLength: 10
example: "12345"
GalaxyClusterValue:
type: string
maxLength: 65535
example: "Brute Force - T1110"
GalaxyClusterType:
type: string
maxLength: 255
example: "mitre-enterprise-attack-attack-pattern"
GalaxyClusterDescription:
type: string
maxLength: 65535
example: "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained..."
GalaxyClusterSource:
type: string
maxLength: 255
example: "https://github.com/mitre/cti"
GalaxyClusterAuthors:
type: array
items:
type: string
example: "MITRE"
GalaxyClusterVersion:
type: string
nullable: true
maxLength: 255
example: "1"
GalaxyElementId:
type: string
pattern: '^\d+$'
maxLength: 10
example: "12345"
GalaxyElementKey:
type: string
maxLength: 255
example: "categories"
GalaxyElementValue:
type: string
maxLength: 65535
example: "Military"
GalaxyElement:
type: object
properties:
id:
$ref: "#/components/schemas/GalaxyElementId"
galaxy_cluster_id:
$ref: "#/components/schemas/GalaxyClusterId"
key:
$ref: "#/components/schemas/GalaxyElementKey"
value:
$ref: "#/components/schemas/GalaxyElementValue"
GalaxyElementList:
type: array
items:
$ref: "#/components/schemas/GalaxyElement"
GalaxyClusterRelationList:
type: array
items:
$ref: "#/components/schemas/GalaxyElement"
GalaxyClusterNoId:
type: object
properties:
uuid:
$ref: "#/components/schemas/UUID"
collection_uuid:
$ref: "#/components/schemas/UUID"
type:
$ref: "#/components/schemas/GalaxyClusterType"
value:
$ref: "#/components/schemas/GalaxyClusterValue"
tag_name:
$ref: "#/components/schemas/TagName"
description:
$ref: "#/components/schemas/GalaxyClusterDescription"
galaxy_id:
$ref: "#/components/schemas/GalaxyId"
source:
$ref: "#/components/schemas/GalaxyClusterSource"
authors:
$ref: "#/components/schemas/GalaxyClusterAuthors"
version:
$ref: "#/components/schemas/GalaxyClusterVersion"
distribution:
$ref: "#/components/schemas/DistributionLevelId"
sharing_group_id:
$ref: "#/components/schemas/SharingGroupId"
org_id:
$ref: "#/components/schemas/OrganisationId"
orgc_id:
$ref: "#/components/schemas/OrganisationId"
default:
$ref: "#/components/schemas/IsDefault"
locked:
$ref: "#/components/schemas/IsLocked"
extends_uuid:
$ref: "#/components/schemas/ExtendsUUID"
extends_version:
$ref: "#/components/schemas/GalaxyClusterVersion"
published:
$ref: "#/components/schemas/PublishedFlag"
deleted:
$ref: "#/components/schemas/SoftDeletedFlag"
GalaxyElement:
type: array
items:
$ref: "#/components/schemas/GalaxyElement"
GalaxyCluster:
description: "MISP galaxy is a simple method to express a large object called cluster that can be attached to MISP events or attributes."
allOf:
- type: object
properties:
id:
$ref: "#/components/schemas/GalaxyClusterId"
- $ref: "#/components/schemas/GalaxyClusterNoId"
ExtendedGalaxyCluster:
description: "A galaxy cluster with all it's details."
allOf:
- $ref: "#/components/schemas/GalaxyCluster"
- type: object
properties:
Galaxy:
$ref: "#/components/schemas/Galaxy"
GalaxyClusterRelation:
$ref: "#/components/schemas/GalaxyClusterRelationList"
Org:
$ref: "#/components/schemas/Organisation"
Orgc:
$ref: "#/components/schemas/Organisation"
tag_count:
type: integer
format: int32
tag_id:
$ref: "#/components/schemas/TagId"
ExtendedGalaxy:
description: "A galaxy with it's galaxy cluster details."
allOf:
- type: object
properties:
Galaxy:
$ref: "#/components/schemas/Galaxy"
GalaxyCluster:
type: array
items:
$ref: "#/components/schemas/GalaxyCluster"
GalaxyMispFormat:
description: "Galaxy and clusters representation in misp-galaxy format."
type: object
properties:
name:
$ref: "#/components/schemas/GalaxyName"
type:
$ref: "#/components/schemas/GalaxyType"
authors:
$ref: "#/components/schemas/GalaxyClusterAuthors"
version:
oneOf:
- type: boolean
- $ref: "#/components/schemas/GalaxyClusterVersion"
uuid:
$ref: "#/components/schemas/UUID"
source:
$ref: "#/components/schemas/GalaxyClusterSource"
values:
type: array
items:
type: object
properties:
description:
$ref: "#/components/schemas/GalaxyClusterDescription"
uuid:
$ref: "#/components/schemas/UUID"
value:
$ref: "#/components/schemas/GalaxyClusterValue"
extends_uuid:
$ref: "#/components/schemas/ExtendsUUID"
extends_Version:
$ref: "#/components/schemas/GalaxyClusterVersion"
meta:
description: "Each Galaxy element associated to this cluster represents a key-value property."
type: object
example:
- categories: "botnet"
- refs: "http://example.com"
- aliases:
- "malware"
- "win32"
- "windows"
- topics:
- "Windows"
- "Malware"
GalaxyValueSearchFilter:
description: "Text search term to find a matching galaxy name, namespace, description, kill_chain_order or uuid."
type: string
example: "botnet"
ImportGalaxyClusterItem:
type: object
properties:
GalaxyCluster:
$ref: "#/components/schemas/GalaxyClusterNoId"
Galaxy:
type: object
properties:
uuid:
$ref: "#/components/schemas/UUID"
# Tags
TagId:
type: string
pattern: '^\d+$'
maxLength: 10
example: "12345"
TagName:
type: string
example: "tlp:white"
maxLength: 255
TagColour:
type: string
example: "#ffffff"
maxLength: 7
TagNumericalValue:
type: string
nullable: true
pattern: '^\d+$'
example: "12345"
HideTagFlag:
type: boolean
default: false
TagNoId:
type: object
properties:
name:
$ref: "#/components/schemas/TagName"
colour:
$ref: "#/components/schemas/TagColour"
exportable:
$ref: "#/components/schemas/IsExportable"
org_id:
$ref: "#/components/schemas/OrganisationId"
user_id:
$ref: "#/components/schemas/UserId"
hide_tag:
$ref: "#/components/schemas/HideTagFlag"
numerical_value:
$ref: "#/components/schemas/TagNumericalValue"
is_galaxy:
$ref: "#/components/schemas/IsGalaxy"
is_custom_galaxy:
$ref: "#/components/schemas/IsCustomGalaxy"
inherited:
$ref: "#/components/schemas/IsInherited"
Tag:
description: "A tag is a simple method to classify an event with a simple string. The tag name can be freely chosen. The tag name can be also chosen from a fixed machine-tag vocabulary called MISP taxonomies"
allOf:
- type: object
properties:
id:
$ref: "#/components/schemas/TagId"
- $ref: "#/components/schemas/TagNoId"
TagList:
type: array
items:
$ref: "#/components/schemas/Tag"
TagCollectionId:
type: string
pattern: '^\d+$'
maxLength: 10
example: "12345"
ExtendedTag:
type: object
properties:
Tag:
$ref: "#/components/schemas/Tag"
Taxonomy:
$ref: "#/components/schemas/Taxonomy"
TaxonomyPredicate:
$ref: "#/components/schemas/TaxonomyPredicate"
# Taxonomies
TaxonomyId:
type: string
pattern: '^\d+$'
maxLength: 10
example: "12345"
TaxonomyPredicateId:
type: string
pattern: '^\d+$'
maxLength: 10
example: "12345"
TaxonomyNamespace:
type: string
example: "tlp"
TaxonomyDescription:
type: string
example: "Disclosure is not limited. Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction."
TaxonomyVersion:
type: string
pattern: '^\d+$'
example: "5"
Taxonomy:
type: object
properties:
id:
$ref: "#/components/schemas/TaxonomyId"
namespace:
$ref: "#/components/schemas/TaxonomyNamespace"
description:
$ref: "#/components/schemas/TaxonomyDescription"
version:
$ref: "#/components/schemas/TaxonomyVersion"
enabled:
type: boolean
exclusive:
type: boolean
required:
type: boolean
TaxonomyPredicateValue:
type: string
example: "white"
TaxonomyPredicateExpanded:
type: string
example: "(TLP:WHITE) Information can be shared publicly in accordance with the law."
TaxonomyPredicateDescription:
type: string
example: "Disclosure is not limited. Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction."
TaxonomyPredicate:
type: object
properties:
id:
$ref: "#/components/schemas/TaxonomyPredicateId"
taxonomy_id:
$ref: "#/components/schemas/TaxonomyId"
value:
$ref: "#/components/schemas/TaxonomyPredicateValue"
expanded:
$ref: "#/components/schemas/TaxonomyPredicateExpanded"
colour:
type: string
example: "#ffffff"
description:
$ref: "#/components/schemas/TaxonomyPredicateDescription"
exclusive:
type: boolean
numerical_value:
type: integer
nullable: true
TaxonomyPredicateExport:
type: object
properties:
value:
$ref: "#/components/schemas/TaxonomyPredicateValue"
expanded:
$ref: "#/components/schemas/TaxonomyPredicateExpanded"
TaxonomyEntryExport:
type: object
properties:
value:
type: string
example: "spam"
expanded:
type: string
example: "spam"
description:
type: string
example: "Spam or unsolicited bulk e-mail, meaning that the recipient has not granted verifiable permission for the message to be sent and that the message is sent as part of a larger collection of messages, all having identical content."
TaxonomyValueExport:
type: object
properties:
predicate:
$ref: "#/components/schemas/TaxonomyPredicateValue"
entry:
type: array
items:
$ref: "#/components/schemas/TaxonomyEntryExport"
TaxonomyEntry:
type: object
properties:
tag:
$ref: "#/components/schemas/TagName"
expanded:
type: string
description:
type: string
exclusive_predicate:
type: boolean
existing_tag:
type: boolean
ExtendedTaxonomyEntry:
allOf:
- $ref: "#/components/schemas/UserNoId"
- type: object
properties:
events:
type: number
attributes:
type: number
# Users
UserId:
type: string
pattern: '^\d+$'
maxLength: 10
example: "12345"
DashboardUserSetting:
type: object
properties:
widget:
type: string
example: "MispStatusWidget"
position:
type: object
properties:
x:
type: string
pattern: '^\d+$'
example: "0"
y:
type: string
pattern: '^\d+$'
example: "0"
width:
type: string
pattern: '^\d+$'
example: "2"
height:
type: string
pattern: '^\d+$'
example: "2"
PublishAlertFilterUserSetting:
type: object
example:
- "AND":
- "NOT":
- "EventTag.name":
- "%osint%"
- "OR":
- "Tag.name":
- "tlp:green"
- "tlp:amber"
- "tlp:red"
- "%privint%"
DashboardAccessUserSetting:
type: boolean
HomepageUserSetting:
type: object
properties:
path:
type: string
example: "/events/index"
DefaultRestSearchParametersUserSetting:
type: object
example:
- "AND":
- "NOT":
- "EventTag.name":
- "%osint%"
- "OR":
- "Tag.name":
- "tlp:green"
- "tlp:amber"
- "tlp:red"
- "%privint%"
TagNumbericalValueOverrideUserSetting:
type: object
example:
- "false-positive:risk='medium'": 99
EventIndexHideColumnsUserSetting:
type: array
items:
type: string
example: "clusters"
UserSettingId:
type: string
pattern: '^\d+$'
maxLength: 10
example: "12345"
UserSettingName:
type: string
enum:
- "publish_alert_filter"
- "dashboard_access"
- "dashboard"
- "homepage"
- "default_restsearch_parameters"
- "tag_numerical_value_override"
- "event_index_hide_columns"
UserSetting:
type: object
properties:
id:
$ref: "#/components/schemas/UserSettingId"
setting:
$ref: "#/components/schemas/UserSettingName"
value:
anyOf:
- $ref: "#/components/schemas/DashboardUserSetting"
- $ref: "#/components/schemas/PublishAlertFilterUserSetting"
- $ref: "#/components/schemas/DashboardAccessUserSetting"
- $ref: "#/components/schemas/HomepageUserSetting"
- $ref: "#/components/schemas/DefaultRestSearchParametersUserSetting"
- $ref: "#/components/schemas/TagNumbericalValueOverrideUserSetting"
- $ref: "#/components/schemas/EventIndexHideColumnsUserSetting"
user_id:
$ref: "#/components/schemas/UserId"
timestamp:
$ref: "#/components/schemas/Timestamp"
ViewUserSettings:
type: object
properties:
publish_alert_filter:
$ref: "#/components/schemas/PublishAlertFilterUserSetting"
dashboard_access:
$ref: "#/components/schemas/DashboardAccessUserSetting"
dashboard:
type: array
items:
$ref: "#/components/schemas/DashboardUserSetting"
homepage:
$ref: "#/components/schemas/HomepageUserSetting"
default_restsearch_parameters:
$ref: "#/components/schemas/DefaultRestSearchParametersUserSetting"
tag_numerical_value_override:
$ref: "#/components/schemas/TagNumbericalValueOverrideUserSetting"
event_index_hide_columns:
$ref: "#/components/schemas/EventIndexHideColumnsUserSetting"
UserNoId:
type: object
properties:
org_id:
$ref: "#/components/schemas/OrganisationId"
server_id:
$ref: "#/components/schemas/ServerId"
email:
type: string
format: email
autoalert:
type: boolean
authkey:
description: "API auth key used for the API, only set if MISP setting `Security.advanced_authkeys` is set to `false`."
nullable: true
type: string
minLength: 40
maxLength: 40
example: "894c8d095180c7ea28789092e96ca6424199aa4f"
invited_by:
$ref: "#/components/schemas/UserId"
gpgkey:
type: string
nullable: true
certif_public:
type: string
nullable: true
nids_sid:
type: string
pattern: '^\d+$'
maxLength: 10
example: "4000000"
termsaccepted:
type: boolean
newsread:
$ref: "#/components/schemas/Timestamp"
role_id:
$ref: "#/components/schemas/RoleId"
change_pw:
description: "Password change required."
type: string
enum:
- "0"
- "1"
contactalert:
type: boolean
disabled:
type: boolean
expiration:
type: string
format: date-time
nullable: true
current_login:
$ref: "#/components/schemas/Timestamp"
last_login:
$ref: "#/components/schemas/Timestamp"
force_logout:
type: boolean
date_created:
$ref: "#/components/schemas/Timestamp"
date_modified:
$ref: "#/components/schemas/Timestamp"
User:
allOf:
- type: object
properties:
id:
$ref: "#/components/schemas/UserId"
- $ref: "#/components/schemas/UserNoId"
ExtendedUser:
allOf:
- $ref: "#/components/schemas/User"
- type: object
properties:
User:
$ref: "#/components/schemas/User"
Role:
$ref: "#/components/schemas/Role"
UserSetting:
$ref: "#/components/schemas/ViewUserSettings"
UserListItem:
type: object
properties:
User:
$ref: "#/components/schemas/User"
Role:
$ref: "#/components/schemas/Role"
Organisation:
type: object
properties:
id:
$ref: "#/components/schemas/OrganisationId"
name:
$ref: "#/components/schemas/OrganisationName"
UserList:
type: array
items:
$ref: "#/components/schemas/UserListItem"
# Organisations
OrganisationId:
type: string
pattern: '^\d+$'
maxLength: 10
example: "12345"
OrganisationName:
type: string
maxLength: 255
example: "ORGNAME"
OrganisationType:
type: string
nullable: true
maxLength: 255
example: "ADMIN"
OrganisationNoId:
type: object
properties:
name:
$ref: "#/components/schemas/OrganisationName"
date_created:
type: string
example: "2021-06-14 14:29:19"
date_modified:
type: string
example: "2021-06-14 14:29:19"
description:
type: string
type:
$ref: "#/components/schemas/OrganisationType"
nationality:
type: string
sector:
type: string
created_by:
$ref: "#/components/schemas/UserId"
uuid:
type: string
contacts:
type: string
nullable: true
local:
type: boolean
restricted_to_domain:
type: array
items:
type: string
format: hostname
landingpage:
type: string
nullable: true
user_count:
type: string
nullable: true
pattern: '^\d+$'
example: "3"
created_by_email:
nullable: true
type: string
Organisation:
allOf:
- type: object
properties:
id:
$ref: "#/components/schemas/OrganisationId"
- $ref: "#/components/schemas/OrganisationNoId"
OrganisationListItem:
type: object
properties:
Organisation:
$ref: "#/components/schemas/Organisation"
OrganisationList:
type: array
items:
$ref: "#/components/schemas/OrganisationListItem"
# Servers
ServerId:
type: string
pattern: '^\d+$'
maxLength: 10
example: "12345"
ServerName:
type: string
maxLength: 255
example: "Phising Server"
ServerNoId:
type: object
properties:
name:
$ref: "#/components/schemas/ServerName"
url:
type: string
example: "https://misppriv.circl.lu"
authkey:
$ref: "#/components/schemas/AuthKeyRaw"
org_id:
$ref: "#/components/schemas/OrganisationId"
push:
type: boolean
pull:
type: boolean
push_sightings:
type: boolean
push_galaxy_clusters:
type: boolean
pull_galaxy_clusters:
type: boolean
lastpulledid:
type: string
nullable: true
pattern: '^\d+$'
maxLength: 10
example: "12345"
lastpushedid:
type: string
nullable: true
pattern: '^\d+$'
maxLength: 10
example: "12345"
organization:
type: string
nullable: true
remote_org_id:
$ref: "#/components/schemas/OrganisationId"
publish_without_email:
type: boolean
unpublish_event:
type: boolean
self_signed:
type: boolean
pull_rules:
description: "Stringified JSON rules for pulling events from this server."
type: string
example: '{"tags":{"OR":[],"NOT":[]},"orgs":{"OR":[],"NOT":[]},"url_params":""}'
push_rules:
type: string
description: "Stringified JSON rules for pushing events from this server."
example: '{"tags":{"OR":[],"NOT":[]},"orgs":{"OR":[],"NOT":[]}}'
cert_file:
type: string
description: "Base64 encoded certificate"
nullable: true
format: byte
client_cert_file:
type: string
description: "Base64 encoded client certificate"
nullable: true
format: byte
internal:
type: boolean
skip_proxy:
type: boolean
caching_enabled:
type: boolean
priority:
type: string
nullable: true
pattern: '^\d+$'
maxLength: 10
example: "1"
cache_timestamp:
type: boolean
Server:
allOf:
- type: object
properties:
id:
$ref: "#/components/schemas/ServerId"
- $ref: "#/components/schemas/ServerNoId"
ServerListItem:
type: object
properties:
Server:
$ref: "#/components/schemas/Server"
Organisation:
$ref: "#/components/schemas/Organisation"
RemoteOrg:
$ref: "#/components/schemas/Organisation"
User:
type: array
items:
$ref: "#/components/schemas/User"
ServerList:
type: array
items:
$ref: "#/components/schemas/ServerListItem"
PhpServerSetting:
type: object
properties:
explanation:
type: string
example: "The maximum duration that a script can run (does not affect the background workers). A too low number will break long running scripts like comprehensive API exports"
recommended:
anyOf:
- type: integer
example: 300
- type: string
unit:
type: string
example: "seconds"
value:
anyOf:
- type: integer
format: int32
example: 300
- type: string
ServerPackageVersion:
type: object
properties:
version:
type: string
example: "1.2.0.11"
expected:
type: string
example: ">1.2.0.9"
status:
type: integer
format: int32
minimum: 0
example: 1
DatabaseTableDiagnostics:
type: object
properties:
used:
type: string
example: "207.63MB"
reclaimable:
type: string
example: "5MB"
table:
type: string
example: "attributes"
MispSetting:
type: object
properties:
level:
type: integer
example: 0
value:
anyOf:
- type: string
- type: boolean
- type: number
errorMessage:
type: string
nullable: true
example: "The currently set baseurl does not match the URL through which you have accessed the page. Disregard this if you are accessing the page via an alternate URL (for example via IP address)."
test:
nullable: true
anyOf:
- type: string
example: "testBaseURL"
- type: boolean
type:
type: string
example: "string"
enum:
- "string"
- "boolean"
- "numeric"
"null":
type: boolean
nullable: true
subGroup:
type: string
nullable: true
example: "Enrichment"
cli_only:
type: integer
nullable: true
example: 1
redacted:
type: boolean
nullable: true
optionsSource:
type: object
nullable: true
afterHook:
type: string
nullable: true
example: "cleanCacheFiles"
error:
type: integer
nullable: true
example: 1
tab:
type: string
example: "MISP"
setting:
type: string
example: "MISP.baseurl"
options:
nullable: true
anyOf:
- type: object
- type: string
- type: array
items:
type: string
- type: array
items:
type: object
Worker:
type: object
properties:
pid:
type: integer
example: 1233
user:
type: string
example: "www-data"
alive:
type: boolean
correct_user:
type: boolean
ok:
type: boolean
WorkersStatus:
type: object
properties:
ok:
type: boolean
workers:
type: array
items:
$ref: "#/components/schemas/Worker"
jobCount:
type: integer
nullable: true
example: 0
UpdateServerResultItem:
type: object
properties:
input:
type: string
example: "cd $(git rev-parse --show-toplevel) && git checkout app/composer.json 2>&1"
output:
type: array
items:
type: string
example: "Updated 1 path from the index"
status:
type: integer
example: 0
# Feeds
FeedId:
type: string
pattern: '^\d+$'
maxLength: 10
example: "3"
FeedName:
type: string
maxLength: 255
example: "CIRCL OSINT Feed"
FeedSourceFormat:
type: string
enum:
- "1"
- "csv"
- "freetext"
- "misp"
FeedInputSource:
description: "Specify whether the source (url field) is a directory (local) or an genuine url (network)."
type: string
enum:
- "local"
- "network"
FeedHeaders:
description: "Headers to be passed with the requests. All separated by \n"
type: string
nullable: true
example: |
X-Custom-Header-A: Foo
X-Custom-Header-B: Bar
FeedSettings:
type: string
nullable: true
example: '{"csv":{"value":"","delimiter":""},"common":{"excluderegex":""},"disable_correlation":"1"}'
FeedRules:
description: "Stringified JSON filter rules."
type: string
nullable: true
example: '{"tags":{"OR":[],"NOT":[]},"orgs":{"OR":[],"NOT":[]},"url_params":""}'
FeedUrl:
type: string
example: "https://www.circl.lu/doc/misp/feed-osint"
FeedFixedEvent:
description: "target_event option might be considered"
type: boolean
FeedDeltaMergeFlag:
description: "Merge attributes (only add new attribute, remove revoked attributes)"
type: boolean
FeedProvider:
type: string
example: "CIRCL"
FeedOverrideIDSFlag:
description: "The IDS flags will be set to Off for this feed"
type: boolean
FeedDeleteLocalFileFlag:
description: "The IDS flags will be set to Off for this feed"
type: boolean
FeedLookupVisibleFlag:
description: "The lookup will not be visible in the feed correlation"
type: boolean
FeedCachingEnabledFlag:
description: "The feed is cached"
type: boolean
FeedForceToIDSFlag:
description: "The IDS flags will be set to On for this feed"
type: boolean
FeedEnabledFlag:
type: boolean
FeedCacheTimestamp:
nullable: true
anyOf:
- $ref: "#/components/schemas/Timestamp"
- type: boolean
FeedNoId:
type: object
properties:
name:
$ref: "#/components/schemas/FeedName"
provider:
$ref: "#/components/schemas/FeedProvider"
url:
$ref: "#/components/schemas/FeedUrl"
rules:
$ref: "#/components/schemas/FeedRules"
enabled:
$ref: "#/components/schemas/FeedEnabledFlag"
distribution:
$ref: "#/components/schemas/DistributionLevelId"
sharing_group_id:
$ref: "#/components/schemas/SharingGroupId"
tag_id:
$ref: "#/components/schemas/TagId"
default:
$ref: "#/components/schemas/IsDefault"
source_format:
$ref: "#/components/schemas/FeedSourceFormat"
fixed_event:
$ref: "#/components/schemas/FeedFixedEvent"
delta_merge:
$ref: "#/components/schemas/FeedDeltaMergeFlag"
event_id:
$ref: "#/components/schemas/EventId"
publish:
$ref: "#/components/schemas/PublishedFlag"
override_ids:
$ref: "#/components/schemas/FeedOverrideIDSFlag"
settings:
$ref: "#/components/schemas/FeedSettings"
input_source:
$ref: "#/components/schemas/FeedInputSource"
delete_local_file:
$ref: "#/components/schemas/FeedDeleteLocalFileFlag"
lookup_visible:
$ref: "#/components/schemas/FeedLookupVisibleFlag"
headers:
$ref: "#/components/schemas/FeedHeaders"
caching_enabled:
$ref: "#/components/schemas/FeedCachingEnabledFlag"
force_to_ids:
$ref: "#/components/schemas/FeedForceToIDSFlag"
orgc_id:
$ref: "#/components/schemas/OrganisationId"
cache_timestamp:
$ref: "#/components/schemas/FeedCacheTimestamp"
Feed:
allOf:
- type: object
properties:
id:
$ref: "#/components/schemas/FeedId"
- $ref: "#/components/schemas/FeedNoId"
# Warninglists
WarninglistId:
type: string
pattern: '^\d+$'
maxLength: 10
example: "3"
WarninglistEntry:
type: object
properties:
id:
type: string
pattern: '^\d+$'
example: "1234"
value:
type: string
example: "10.128.0.0/24"
warninglist_id:
$ref: "#/components/schemas/WarninglistId"
Warninglist:
type: object
properties:
id:
$ref: "#/components/schemas/WarninglistId"
name:
type: string
example: "List of known domains to know external IP"
type:
type: string
enum:
- "cidr"
- "hostname"
- "substring"
- "string"
- "regex"
example: "cidr"
description:
type: string
version:
type: string
pattern: '^\d+$'
example: "10"
enabled:
type: boolean
warninglist_entry_count:
type: string
pattern: '^\d+$'
example: "1234"
valid_attributes:
description: "List of comma separated warninglist types."
type: string
example: "domain, hostname, domain|ip, uri, url"
WarninglistEntry:
type: array
items:
$ref: "#/components/schemas/WarninglistEntry"
WarninglistsIdFilter:
anyOf:
- $ref: "#/components/schemas/WarninglistId"
- type: array
items:
$ref: "#/components/schemas/WarninglistId"
WarninglistsNameFilter:
anyOf:
- type: string
example: "%search term%"
- type: array
items:
type: string
example: "%search term%"
# Noticelists
NoticelistId:
type: string
pattern: '^\d+$'
maxLength: 10
example: "3"
NoticelistEntry:
type: object
properties:
id:
type: string
pattern: '^\d+$'
example: "1234"
noticelist_id:
$ref: "#/components/schemas/NoticelistId"
data:
type: object
properties:
scope:
type: array
items:
type: string
example: "attribute"
field:
type: array
items:
type: string
example: "category"
value:
type: array
items:
type: string
example: "Person"
tags:
type: array
items:
$ref: "#/components/schemas/TagName"
message:
type: object
properties:
en:
type: string
example: "This attribute is likely to contain personal data and the data subject is likely to be directly identifiable."
Noticelist:
type: object
properties:
id:
$ref: "#/components/schemas/NoticelistId"
name:
type: string
example: "List of known domains to know external IP"
type:
type: string
enum:
- "cidr"
- "hostname"
- "substring"
- "string"
- "regex"
example: "cidr"
description:
type: string
version:
type: string
pattern: '^\d+$'
example: "10"
enabled:
type: boolean
warninglist_entry_count:
type: string
pattern: '^\d+$'
example: "1234"
valid_attributes:
description: "List of comma separated warninglist types."
type: string
example: "domain, hostname, domain|ip, uri, url"
NoticelistEntry:
type: array
items:
$ref: "#/components/schemas/NoticelistEntry"
# Roles
RoleId:
type: string
pattern: '^\d+$'
maxLength: 10
example: "3"
RoleName:
type: string
maxLength: 255
example: "ORGNAME"
Role:
type: object
properties:
id:
$ref: "#/components/schemas/RoleId"
name:
$ref: "#/components/schemas/RoleName"
perm_add:
type: boolean
perm_modify:
type: boolean
perm_modify_org:
type: boolean
perm_publish:
type: boolean
perm_delegate:
type: boolean
perm_sync:
type: boolean
perm_admin:
type: boolean
perm_audit:
type: boolean
perm_auth:
type: boolean
perm_site_admin:
type: boolean
perm_regexp_access:
type: boolean
perm_tagger:
type: boolean
perm_template:
type: boolean
perm_sharing_group:
type: boolean
perm_tag_editor:
type: boolean
perm_sighting:
type: boolean
perm_object_template:
type: boolean
perm_publish_zmq:
type: boolean
perm_publish_kafka:
type: boolean
perm_decaying:
type: boolean
perm_galaxy_editor:
type: boolean
default_role:
type: boolean
memory_limit:
type: string
nullable: true
pattern: '^\d+$|^$'
max_execution_time:
type: string
nullable: true
pattern: '^\d+$|^$'
restricted_to_site_admin:
type: boolean
enforce_rate_limit:
type: boolean
rate_limit_count:
type: string
pattern: '^\d+$'
permission:
type: string
pattern: '^\d+$'
example: "3"
permission_description:
type: string
example: "publish"
# Sharing Groups
SharingGroupId:
type: string
nullable: true
pattern: '^\d+$|^$'
maxLength: 10
example: "1"
SharingGroupServerId:
type: string
nullable: true
pattern: '^\d+$|^$'
maxLength: 10
example: "1"
SharingGroupOrganisationId:
type: string
nullable: true
pattern: '^\d+$|^$'
maxLength: 10
example: "1"
SharingGroupName:
type: string
maxLength: 255
example: "Banking Sharing Group"
SharingGroupDescription:
type: string
maxLength: 65535
example: "Banking Institutions of X Sharing Group"
SharingGroupReleasability:
type: string
maxLength: 65535
SlimSharingGroupNoId:
type: object
properties:
uuid:
$ref: "#/components/schemas/UUID"
name:
$ref: "#/components/schemas/SharingGroupName"
description:
$ref: "#/components/schemas/SharingGroupDescription"
releasability:
$ref: "#/components/schemas/SharingGroupReleasability"
local:
type: boolean
active:
type: boolean
org_count:
type: string
pattern: '^\d+$'
example: "6"
SlimSharingGroup:
allOf:
- type: object
properties:
id:
$ref: "#/components/schemas/SharingGroupId"
- $ref: "#/components/schemas/SlimSharingGroupNoId"
SharingGroupNoId:
allOf:
- $ref: "#/components/schemas/SlimSharingGroupNoId"
- type: object
properties:
organisation_uuid:
$ref: "#/components/schemas/UUID"
org_id:
$ref: "#/components/schemas/OrganisationId"
sync_user_id:
$ref: "#/components/schemas/UserId"
created:
type: string
format: datetime
modified:
type: string
format: datetime
roaming:
type: boolean
SharingGroup:
allOf:
- type: object
properties:
id:
$ref: "#/components/schemas/SharingGroupId"
- $ref: "#/components/schemas/SharingGroupNoId"
SharingGroupOrganisation:
type: object
properties:
id:
$ref: "#/components/schemas/SharingGroupOrganisationId"
sharing_group_id:
$ref: "#/components/schemas/SharingGroupId"
org_id:
$ref: "#/components/schemas/OrganisationId"
extend:
type: boolean
Organisation:
type: object
properties:
id:
$ref: "#/components/schemas/OrganisationId"
name:
$ref: "#/components/schemas/OrganisationName"
uuid:
$ref: "#/components/schemas/UUID"
SharingGroupServer:
type: object
properties:
all_orgs:
type: boolean
server_id:
$ref: "#/components/schemas/ServerId"
sharing_group_id:
$ref: "#/components/schemas/SharingGroupId"
Server:
type: object
properties:
id:
$ref: "#/components/schemas/ServerId"
name:
$ref: "#/components/schemas/ServerName"
SharingGroupListItem:
type: object
properties:
SharingGroup:
$ref: "#/components/schemas/SlimSharingGroup"
Organisation:
type: object
properties:
id:
$ref: "#/components/schemas/OrganisationId"
name:
$ref: "#/components/schemas/OrganisationName"
uuid:
$ref: "#/components/schemas/UUID"
SharingGroupOrg:
type: array
items:
$ref: "#/components/schemas/SharingGroupOrganisation"
SharingGroupServer:
type: array
items:
$ref: "#/components/schemas/SharingGroupServer"
editable:
type: boolean
deletable:
type: boolean
# Logs
LogActionType:
type: string
enum:
- "accept"
- "accept_delegation"
- "acceptRegistrations"
- "add"
- "admin_email"
- "attachTags"
- "auth"
- "auth_fail"
- "blocklisted"
- "captureRelations"
- "change_pw"
- "delete"
- "disable"
- "discard"
- "discardRegistrations"
- "edit"
- "email"
- "enable"
- "enrichment"
- "error"
- "export"
- "fetchEvent"
- "file_upload"
- "galaxy"
- "include_formula"
- "login"
- "login_fail"
- "logout"
- "merge"
- "pruneUpdateLogs"
- "publish"
- "publish_sightings"
- "publish alert"
- "pull"
- "purge_events"
- "push"
- "registration"
- "registration_error"
- "remove_dead_workers"
- "request"
- "request_delegation"
- "reset_auth_key"
- "send_mail"
- "security"
- "serverSettingsEdit"
- "tag"
- "undelete"
- "update"
- "update_database"
- "update_db_worker"
- "upgrade_24"
- "upload_sample"
- "version_warning"
- "warning"
- "wipe_default"
LogId:
type: string
pattern: '^\d+$'
maxLength: 10
example: "12345"
LogTitle:
type: string
example: "Attribute (448272) from Event (1): Other/text foo"
LogChange:
type: string
example: "name () => (ORGNAME)"
LogDescription:
type: string
example: 'Organisation "ORGNAME" (1) added by User "SYSTEM" (0).'
Log:
type: object
properties:
id:
$ref: "#/components/schemas/LogId"
title:
$ref: "#/components/schemas/LogTitle"
created:
type: string
format: datetime
model:
$ref: "#/components/schemas/ModelName"
model_id:
$ref: "#/components/schemas/ModelId"
action:
$ref: "#/components/schemas/LogActionType"
user_id:
$ref: "#/components/schemas/UserId"
change:
$ref: "#/components/schemas/LogChange"
email:
type: string
format: email
org:
$ref: "#/components/schemas/OrganisationName"
description:
$ref: "#/components/schemas/LogDescription"
ip:
type: string
example: "10.0.0.10"
# General
AuthKeyRaw:
type: string
minLength: 40
maxLength: 40
example: "894c8d095180c7ea28789092e96ca6424199aa4f"
DistributionLevelId:
type: string
enum: ["0", "1", "2", "3", "4", "5"]
description: >
Who will be able to see this event once it becomes published and eventually when it becomes pulled:
* `0` - Your organization only
* `1` - This community only
* `2` - Connected communities
* `3` - All communities
* `4` - Sharing group
* `5` - Inherit Event
ThreatLevelId:
type: string
enum: ["1", "2", "3", "4"]
description: >
Represents the threat level.
* `1` - High
* `2` - Medium
* `3` - Low
* `4` - Undefined
AnalysisLevelId:
type: string
enum: ["0", "1", "2"]
description: >
Represents the analysis maturity level.
* `0` - Initial
* `1` - Ongoing
* `2` - Complete
ToIDS:
type: boolean
default: true
UUID:
type: string
format: uuid
maxLength: 36
example: "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
ExtendsUUID:
type: string
nullable: true
maxLength: 36
example: "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
Timestamp:
type: string
pattern: '^\d+$'
default: "0"
example: "1617875568"
NullableTimestamp:
nullable: true
type: string
pattern: '^\d+$|^$'
default: "0"
example: "1617875568"
MicroTimestamp:
type: string
pattern: '^\d+$'
example: "1581984000000000"
NullableMicroTimestamp:
nullable: true
type: string
pattern: '^\d+$|^$'
default: null
example: "1581984000000000"
SoftDeletedFlag:
type: boolean
default: false
SoftDeletedFlagValuesToInclude:
description: 'Whether to include soft-deleted attributes. Default value 0. If set to 1, only deleted attributes will be returned. If set to [0,1], both deleted and non-deleted attributes wil be returned.'
type: boolean
default: false
PublishedFlag:
type: boolean
default: false
DisableCorrelationFlag:
type: boolean
default: false
IsExportable:
type: boolean
default: true
IsGalaxy:
type: boolean
default: true
IsCustomGalaxy:
type: boolean
default: true
IsInherited:
type: integer
format: int32
default: 1
IsLocked:
type: boolean
IsDefault:
type: boolean
IsLocal:
type: boolean
Local:
type: integer
format: int32
maxLength: 1
default: 0
nullable: false
enum:
- 0
- 1
IsReadOnly:
type: boolean
Icon:
type: string
maxLength: 255
example: "globe"
PageSearchFilter:
type: integer
format: int32
nullable: true
minimum: 1
LimitSearchFilter:
type: integer
format: int32
nullable: true
minimum: 0
SortSearchField:
description: Field to be used to sort the result
type: string
nullable: true
example: "timestamp"
DirectionSearchField:
description: Sort direction of the result
type: string
nullable: true
default: "asc"
enum:
- "asc"
- "desc"
DateRestSearchFilter:
description: "You can use any of the valid time related filters (examples: 7d, timestamps, [14d, 7d] for ranges, etc.)"
type: string
nullable: true
DateIntervalRestSearchFilter:
description: "Interval described by two dates"
type: array
minimum: 2
maximum: 2
items:
$ref: "#/components/schemas/DateRestSearchFilter"
LastRestSearchFilter:
description: "Events published within the last x amount of time, where x can be defined in days, hours, minutes (for example 5d or 12h or 30m), ISO 8601 datetime format or timestamp"
oneOf:
- type: integer
- type: string
nullable: true
TagsRestSearchFilter:
nullable: true
type: array
items:
type: string
example: "tlp:amber"
SearchAllRestSearchFilter:
description: "Search events by matching any tag names, event descriptions, attribute values or attribute comments"
type: string
example: malware
ToIDSRestSearchFlag:
nullable: true
type: boolean
SharingGroupIDRestSearchFilter:
description: "Sharing group ID(s), either as single string or list of IDs"
nullable: true
items:
type: string
example: "1"
DecayingModelRestSearchFilter:
description: "Specify the decaying model from which the decaying score should be calculated"
type: string
DecayingModelScoreRestSearchFilter:
description: "An alias to override on-the-fly the threshold of the decaying model"
type: string
MetadataRestSearchFilter:
description: "Will only return the metadata of the given query scope, contained data is omitted."
nullable: true
type: boolean
IncludeEventUUIDRestSearchFlag:
description: "Include matching eventUuids in the response"
type: boolean
default: false
IncludeAllTagsRestSearchFilter:
description: "Include also exportable tags"
type: boolean
default: false
IncludeEventTagsRestSearchFlag:
description: "Include tags of matching events in the response"
type: boolean
default: false
IncludeProposalsRestSearchFlag:
description: "Include proposals of matching events in the response"
type: boolean
default: false
EnforceWarninglistRestSearchFilter:
description: "Should the warning list be enforced. Adds blocked field for matching attributes"
nullable: true
type: boolean
WithAttachmentsRestSearchFilter:
description: "Extends the response with the base64 representation of the attachment, if there is one"
type: boolean
default: false
RequestedAttributesRestSearchFilter:
description: "List of properties that will be selected in the CSV export"
type: array
items:
type: string
example: "id"
IncludeContextRestSearchFlag:
description: "Adds events context fields in the CSV export"
nullable: true
type: boolean
HeaderlessRestSearchFlag:
description: "Removes header in the CSV export"
nullable: true
type: boolean
IncludeWarninglistHitsRestSearchFlag:
nullable: true
type: boolean
AttackGalaxyRestSearchFilter:
nullable: true
type: string
example: "mitre-attack"
ExcludeLocalTagsRestSearchFilter:
description: "Exclude local tags from the export"
nullable: true
type: boolean
IncludeSightingDbRestSearchFlag:
description: "Extend response with Sightings DB results if the module is enabled"
nullable: true
type: boolean
IncludeCorrelationsRestSearchFlag:
nullable: true
type: boolean
IncludeDecayScoreRestSearchFlag:
description: "Include all enabled decaying score"
type: boolean
default: false
IncludeFullModelRestSearchFlag:
description: "Include all model information of matching events in the response"
type: boolean
default: false
AllowProposalBlockingRestSearchFlag:
description: "Allow blocking attributes from to_ids sensitive exports if a proposal has been made to it to remove the IDS flag"
type: boolean
default: false
ExcludeDecayedRestSearchFlag:
description: "Should the decayed elements by excluded"
type: boolean
default: false
ModelOverridesRestSearchFilter:
$ref: "#/components/schemas/DecayingModelParameters"
ModelId:
type: string
pattern: '^\d+$'
maxLength: 10
example: "12345"
ModelName:
type: string
enum:
- "AdminSetting"
- "Allowedlist"
- "AttachmentScan"
- "Attribute"
- "AttributeTag"
- "AuditLog"
- "AuthKey"
- "Bruteforce"
- "Cerebrate"
- "Community"
- "CorrelationExclusion"
- "Correlation"
- "Dashboard"
- "DecayingModelMapping"
- "DecayingModel"
- "EventBlocklist"
- "EventDelegation"
- "EventGraph"
- "EventLock"
- "Event"
- "EventReport"
- "EventTag"
- "FavouriteTag"
- "Feed"
- "FuzzyCorrelateSsdeep"
- "GalaxyClusterBlocklist"
- "GalaxyCluster"
- "GalaxyClusterRelation"
- "GalaxyClusterRelationTag"
- "GalaxyElement"
- "Galaxy"
- "Inbox"
- "Job"
- "Log"
- "MispObject"
- "Module"
- "News"
- "NoticelistEntry"
- "Noticelist"
- "NotificationLog"
- "ObjectReference"
- "ObjectRelationship"
- "ObjectTemplateElement"
- "ObjectTemplate"
- "Organisation"
- "OrgBlocklist"
- "Post"
- "Regexp"
- "RestClientHistory"
- "Role"
- "Server"
- "ShadowAttribute"
- "SharingGroupOrg"
- "SharingGroup"
- "SharingGroupServer"
- "SightingdbOrg"
- "Sightingdb"
- "Sighting"
- "TagCollection"
- "TagCollectionTag"
- "Tag"
- "Task"
- "TaxonomyEntry"
- "Taxonomy"
- "TaxonomyPredicate"
- "TemplateElementAttribute"
- "TemplateElementFile"
- "TemplateElement"
- "TemplateElementText"
- "Template"
- "TemplateTag"
- "Thread"
- "ThreatLevel"
- "User"
- "UserSetting"
- "WarninglistEntry"
- "Warninglist"
- "WarninglistType"
EventsRestSearchReturnFormat:
description: "Format of the response payload"
type: string
enum:
- json
- xml
- csv
- text
- stix
- stix2
- stix-json
- attack
- attack-sightings
- cache
- count
- hashes
- netfilter
- opendata
- openioc
- rpz
- snort
- suricata
- yara
- yara-json
AttributesRestSearchReturnFormat:
description: "Format of the response payload"
type: string
enum:
- json
- xml
- csv
- text
- hashes
- cache
- count
- netfilter
- opendata
- openioc
- rpz
- snort
- suricata
- text
- yara
- yara-json
ObjectsRestSearchReturnFormat:
description: "Format of the response payload"
type: string
enum:
- json
ObjectRelationRestSearchFilter:
description: "Filter by the attribute object relation value"
nullable: true
type: string
example: "filepath"
# AuthKeys
AuthKeyId:
type: string
pattern: '^\d+$'
maxLength: 10
example: "12345"
AuthKey:
type: object
properties:
id:
$ref: "#/components/schemas/AuthKeyId"
uuid:
$ref: "#/components/schemas/UUID"
authkey_start:
type: string
maxLength: 4
authkey_end:
type: string
maxLength: 4
created:
$ref: "#/components/schemas/Timestamp"
expiration:
type: string
format: datetime
example: "1970-01-01 00:00:00"
nullable: true
read_only:
$ref: "#/components/schemas/IsReadOnly"
user_id:
$ref: "#/components/schemas/UserId"
comment:
type: string
allowed_ips:
type: array
items:
description: IP address
type: string
example: "127.0.0.1"
nullable: true
last_used:
$ref: "#/components/schemas/NullableTimestamp"
ApiError:
type: object
required:
- name
- message
- url
properties:
name:
type: string
message:
type: string
url:
type: string
example: "/attributes"
UnauthorizedApiError:
type: object
required:
- name
- message
- url
properties:
name:
type: string
example: "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header."
message:
type: string
example: "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header."
url:
type: string
example: "/attributes"
NotFoundApiError:
type: object
required:
- name
- message
- url
properties:
name:
type: string
example: "Invalid attribute"
message:
type: string
example: "Invalid attribute"
url:
type: string
example: "/attributes/1234"
NotFoundUserTotpDeleteError:
type: object
required:
- name
- message
- url
properties:
name:
type: string
example: "Invalid user"
message:
type: string
example: "Invalid user"
url:
type: string
example: "/users/totp_delete/1"
parameters:
eventIdParameter:
name: eventId
in: path
description: "UUID or numeric ID of the event"
required: true
schema:
oneOf:
- $ref: "#/components/schemas/EventId"
- $ref: "#/components/schemas/UUID"
attributeIdParameter:
name: attributeId
in: path
description: "UUID or numeric ID of the attribute"
required: true
schema:
oneOf:
- $ref: "#/components/schemas/AttributeId"
- $ref: "#/components/schemas/UUID"
tagIdParameter:
name: tagId
in: path
description: Numeric ID of the attribute
required: true
schema:
$ref: "#/components/schemas/TagId"
localParameter:
name: local
in: path
description: "Whether the object should be attached locally or not to the target"
schema:
$ref: "#/components/schemas/Local"
tagSearchTermParameter:
name: tagSearchTerm
in: path
description: Tag search term
required: true
schema:
type: string
example: "%tlp%"
galaxyIdParameter:
name: galaxyId
in: path
description: "UUID or numeric ID of the galaxy"
required: true
schema:
oneOf:
- $ref: "#/components/schemas/GalaxyId"
- $ref: "#/components/schemas/UUID"
galaxyClusterIdParameter:
name: galaxyClusterId
in: path
description: "UUID or numeric ID of the galaxy cluster"
required: true
schema:
oneOf:
- $ref: "#/components/schemas/GalaxyClusterId"
- $ref: "#/components/schemas/UUID"
userIdParameter:
name: userId
in: path
description: "Numeric ID of the user"
required: true
schema:
$ref: "#/components/schemas/UserId"
firstTimeResetParameter:
name: firstTimeReset
in: path
description: "First time reset is set to `1` only for new user registrations."
required: true
schema:
type: string
enum:
- "0"
- "1"
organisationIdParameter:
name: organisationId
in: path
description: "UUID or numeric ID of the organisation"
required: true
schema:
oneOf:
- $ref: "#/components/schemas/OrganisationId"
- $ref: "#/components/schemas/UUID"
serverIdParameter:
name: serverId
in: path
description: "UUID or numeric ID of the server"
required: true
schema:
oneOf:
- $ref: "#/components/schemas/ServerId"
- $ref: "#/components/schemas/UUID"
pullTechniqueParameter:
name: pullTechnique
in: path
description: "Pull technique to be used for pulling events from this instance."
required: true
schema:
type: string
enum:
- "full"
- "incremental"
- "pull_relevant_clusters"
pushTechniqueParameter:
name: pushTechnique
in: path
description: "Push technique to be used for pushing events to this instance."
required: true
schema:
type: string
enum:
- "full"
- "incremental"
workerTypeParameter:
name: workerType
in: path
description: "Worker type."
required: true
schema:
type: string
enum:
- "default"
- "email"
- "scheduler"
- "cache"
- "prio"
- "update"
workerPidParameter:
name: workerPid
in: path
description: "Worker PID."
required: true
schema:
type: string
pattern: '^\d+$'
settingNameParameter:
name: settingName
in: path
description: "Setting name."
required: true
schema:
type: string
example: "MISP.background_jobs"
sharingGroupIdParameter:
name: sharingGroupId
in: path
description: "UUID or numeric ID of the sharing group"
required: true
schema:
oneOf:
- $ref: "#/components/schemas/SharingGroupId"
- $ref: "#/components/schemas/UUID"
sharingGroupServerIdParameter:
name: sharingGroupServerId
in: path
description: "UUID or numeric ID of the sharing group server"
required: true
schema:
$ref: "#/components/schemas/SharingGroupServerId"
feedIdParameter:
name: feedId
in: path
description: "UUID or numeric ID of the feed"
required: true
schema:
oneOf:
- $ref: "#/components/schemas/FeedId"
- $ref: "#/components/schemas/UUID"
warninglistIdParameter:
name: warninglistId
in: path
description: "Numeric ID of the warninglist"
required: true
schema:
$ref: "#/components/schemas/WarninglistId"
noticelistIdParameter:
name: noticelistId
in: path
description: "Numeric ID of the noticelist"
required: true
schema:
$ref: "#/components/schemas/NoticelistId"
sightingIdParameter:
name: sightingId
in: path
description: "UUID or numeric ID of the sighting"
required: true
schema:
$ref: "#/components/schemas/SightingId"
cacheFeedsScopeParameter:
name: cacheFeedsScope
in: path
description: "Cache feeds strategy"
required: true
schema:
type: string
enum:
- "all"
- "csv"
- "freetext"
attachTargetIdParameter:
name: attachTargetId
in: path
description: "UUID or numeric ID of the target entity (Event, Attribute or TagCollection)"
required: true
schema:
anyOf:
- $ref: "#/components/schemas/EventId"
- $ref: "#/components/schemas/AttributeId"
- $ref: "#/components/schemas/TagCollectionId"
attachTargetTypeParameter:
name: attachTargetType
in: path
description: "Type of the target entity to attach to the galaxy cluster."
required: true
schema:
type: string
enum:
- "event"
- "attribute"
- "tag_collection"
attributeStatisticsContextParameter:
name: context
in: path
required: true
description: Context of the statistics.
schema:
type: string
default: "type"
enum:
- type
- category
attributeStatisticsPercentageParameter:
name: percentage
in: path
required: true
description: "`0` to show attribute count, `1` for showing percentages"
schema:
type: integer
objectIdParameter:
name: objectId
in: path
description: "UUID or numeric ID of the object"
required: true
schema:
oneOf:
- $ref: "#/components/schemas/ObjectId"
- $ref: "#/components/schemas/UUID"
hardDeleteParameter:
name: hardDelete
in: path
description: "`1` for hard delete the entity, `0` for soft deletion."
required: true
schema:
type: string
enum:
- "0"
- "1"
hardDeleteParameterNotRequired:
name: hardDelete
in: path
description: "`1` for hard delete the entity, `0` for soft deletion."
required: false
schema:
type: string
enum:
- "0"
- "1"
objectTemplateIdParameter:
name: objectTemplateId
in: path
description: "UUID or numeric ID of the object template"
required: true
schema:
oneOf:
- $ref: "#/components/schemas/ObjectTemplateId"
- $ref: "#/components/schemas/UUID"
authKeyIdParameter:
name: authKeyId
in: path
description: "UUID or numeric ID of the auth key"
required: true
schema:
oneOf:
- $ref: "#/components/schemas/AuthKeyId"
- $ref: "#/components/schemas/UUID"
userSettingIdParameter:
name: userSettingId
in: path
description: "UUID or numeric ID of the user setting"
required: true
schema:
$ref: "#/components/schemas/UserSettingId"
userSettingNameParameter:
name: userSettingName
in: path
description: "Name of the user setting"
required: true
schema:
$ref: "#/components/schemas/UserSettingName"
taxonomyIdParameter:
name: taxonomyId
in: path
description: "Numeric ID of the taxonomy"
required: true
schema:
$ref: "#/components/schemas/TaxonomyId"
eventReportIdParameter:
name: eventReportId
in: path
description: "UUID or numeric ID of the event report"
required: true
schema:
oneOf:
- $ref: "#/components/schemas/EventReportId"
- $ref: "#/components/schemas/UUID"
analystDataIdParameter:
name: analystID
in: path
description: "UUID or numeric ID of the Analyst data"
required: true
schema:
oneOf:
- $ref: "#/components/schemas/AnalystDataID"
- $ref: "#/components/schemas/UUID"
analystDataTypeParameter:
name: analystType
in: path
description: "Type of the analyst data."
required: true
schema:
$ref: "#/components/schemas/AnalystDataType"
analystDataObjectUUIDParameter:
name: analystObjectUUID
in: path
description: "Object UUID that has an analyst data"
required: true
schema:
$ref: "#/components/schemas/UUID"
analystDataObjectTypeParameter:
name: analystObjectType
in: path
description: "Object type that has an analyst data"
required: true
schema:
$ref: "#/components/schemas/analystObjectType"
securitySchemes:
ApiKeyAuth:
type: apiKey
in: header
name: Authorization
description: |
The authentication of the automation is performed via a secure key available in the MISP UI interface.
Make sure you keep that key secret as it gives access to the entire database! The [API](https://www.circl.lu/doc/misp/GLOSSARY.html#api)
key is available in the event actions menu under automation.
The authorization is performed by using the following header in the API requests:
Authorization: YOUR_API_KEY
> **NOTE**: Since version 2.2 the usage of the authentication key in the URL is deprecated.
Instead, pass the auth key in an Authorization header in the request. The legacy option of having the auth key
in the URL is temporarily still supported but not recommended.
requestBodies:
AddAttributeRequest:
required: true
content:
application/json:
schema:
$ref: "#/components/schemas/AttributeNoId"
EditAttributeRequest:
required: true
content:
application/json:
schema:
$ref: "#/components/schemas/Attribute"
RestSearchAttributesRequest:
required: true
content:
application/json:
schema:
$ref: "#/components/schemas/AttributeRestSearchFilter"
AddEventRequest:
required: true
content:
application/json:
schema:
$ref: "#/components/schemas/EventNoId"
EditEventRequest:
required: true
content:
application/json:
schema:
$ref: "#/components/schemas/EventNoId"
SearchEventRequest:
required: true
content:
application/json:
schema:
type: object
properties:
page:
$ref: "#/components/schemas/PageSearchFilter"
limit:
$ref: "#/components/schemas/LimitSearchFilter"
sort:
$ref: "#/components/schemas/SortSearchField"
direction:
$ref: "#/components/schemas/DirectionSearchField"
minimal:
description: "Returns a minimal version of the event, only events with `attributeCount` > 0 will be returned"
type: boolean
nullable: true
default: false
attribute:
description: "Filter events matching the given string with attributes values"
type: string
nullable: true
example: "covert channel"
eventid:
$ref: "#/components/schemas/EventId"
datefrom:
description: "Event creation date is greater or equal"
type: string
nullable: true
format: date
example: "2021-03-05"
dateuntil:
description: "Event creation date is less or equal"
type: string
nullable: true
format: date
example: "2021-03-05"
org:
description: "Filter events by matching the creator organisation name"
type: string
nullable: true
example: "CIRCL"
eventinfo:
description: "Filter events by matching the event info text"
type: string
nullable: true
example: "Phishing campaing"
tag:
$ref: "#/components/schemas/TagName"
tags:
description: "Filter events by matching *any* of the event tags of a given list of tag names"
type: array
nullable: true
items:
$ref: "#/components/schemas/TagName"
example:
- "tlp:amber"
- 'cycat:scope="exploit"'
distribution:
$ref: "#/components/schemas/DistributionLevelId"
sharinggroup:
$ref: "#/components/schemas/SharingGroupId"
analysis:
$ref: "#/components/schemas/AnalysisLevelId"
threatlevel:
$ref: "#/components/schemas/ThreatLevelId"
email:
description: "Filter events by matching the event creator user email"
type: string
nullable: true
format: email
example: "admin@admin.test"
hasproposal:
description: "Filter events by checking if it has attributes with change proposals. Possible values: `0`, `1`"
type: string
nullable: true
example: "1"
timestamp:
description: "Event timestamp greater or equal"
type: string
nullable: true
example: "1"
publish_timestamp:
description: "Event publish timestamp greater or equal"
type: string
nullable: true
example: "1"
searchDatefrom:
description: "Filters on the date, anything newer than the given date in YYYY-MM-DD format is taken - non-negatable"
type: string
nullable: true
example: "2020-01-20"
searchDateuntil:
description: "Filters on the date, anything older than the given date in YYYY-MM-DD format is taken - non-negatable"
type: string
nullable: true
example: "2020-01-20"
RestSearchEventsRequest:
required: true
content:
application/json:
schema:
type: object
properties:
page:
$ref: "#/components/schemas/PageSearchFilter"
limit:
$ref: "#/components/schemas/LimitSearchFilter"
value:
$ref: "#/components/schemas/AttributeValue"
type:
$ref: "#/components/schemas/AttributeType"
category:
$ref: "#/components/schemas/AttributeCategory"
org:
oneOf:
- $ref: "#/components/schemas/OrganisationId"
- $ref: "#/components/schemas/OrganisationName"
tags:
$ref: "#/components/schemas/TagsRestSearchFilter"
event_tags:
$ref: "#/components/schemas/TagsRestSearchFilter"
searchall:
$ref: "#/components/schemas/SearchAllRestSearchFilter"
from:
$ref: "#/components/schemas/DateRestSearchFilter"
to:
$ref: "#/components/schemas/DateRestSearchFilter"
last:
$ref: "#/components/schemas/LastRestSearchFilter"
eventid:
$ref: "#/components/schemas/EventId"
withAttachments:
$ref: "#/components/schemas/WithAttachmentsRestSearchFilter"
sharinggroup:
$ref: "#/components/schemas/SharingGroupIDRestSearchFilter"
metadata:
$ref: "#/components/schemas/MetadataRestSearchFilter"
uuid:
$ref: "#/components/schemas/UUID"
publish_timestamp:
$ref: "#/components/schemas/Timestamp"
timestamp:
$ref: "#/components/schemas/Timestamp"
published:
$ref: "#/components/schemas/PublishedFlag"
enforceWarninglist:
$ref: "#/components/schemas/EnforceWarninglistRestSearchFilter"
sgReferenceOnly:
description: "Will only return the sharing group ID"
type: boolean
requested_attributes:
$ref: "#/components/schemas/RequestedAttributesRestSearchFilter"
includeContext:
$ref: "#/components/schemas/IncludeContextRestSearchFlag"
headerless:
$ref: "#/components/schemas/HeaderlessRestSearchFlag"
includeWarninglistHits:
$ref: "#/components/schemas/IncludeWarninglistHitsRestSearchFlag"
attackGalaxy:
$ref: "#/components/schemas/AttackGalaxyRestSearchFilter"
to_ids:
$ref: "#/components/schemas/ToIDS"
deleted:
$ref: "#/components/schemas/SoftDeletedFlagValuesToInclude"
excludeLocalTags:
$ref: "#/components/schemas/ExcludeLocalTagsRestSearchFilter"
date:
$ref: "#/components/schemas/DateRestSearchFilter"
includeSightingdb:
$ref: "#/components/schemas/IncludeSightingDbRestSearchFlag"
tag:
$ref: "#/components/schemas/TagName"
object_relation:
$ref: "#/components/schemas/ObjectRelationRestSearchFilter"
threat_level_id:
$ref: "#/components/schemas/ThreatLevelId"
returnFormat:
$ref: "#/components/schemas/EventsRestSearchReturnFormat"
SearchGalaxyRequest:
required: true
content:
application/json:
schema:
type: object
properties:
value:
$ref: "#/components/schemas/GalaxyValueSearchFilter"
ImportGalaxyClusterRequest:
required: true
content:
application/json:
schema:
type: array
items:
$ref: "#/components/schemas/ImportGalaxyClusterItem"
ExportGalaxyClusterRequest:
content:
application/json:
schema:
type: object
properties:
Galaxy:
type: object
properties:
default:
description: "`true` to filter out galaxy clusters with `default=true` set."
type: boolean
custom:
description: "`true` to filter out galaxy clusters with `default=false` set"
type: boolean
distribution:
$ref: "#/components/schemas/DistributionLevelId"
format:
description: "If set to `misp-galaxy` result set is in the misp-galaxy format."
type: string
enum:
- "default"
- "misp-galaxy"
download:
description: "`true` returns the response as a json file attachment, `false` returns the response in the response body."
type: boolean
AttachGalaxyClusterRequest:
content:
application/json:
schema:
type: object
properties:
Galaxy:
type: object
properties:
target_id:
description: "Target galaxy cluster to attach."
type: integer
format: int32
example: 1235
SearchGalaxyClustersRequest:
content:
application/json:
schema:
type: object
properties:
context:
type: string
enum:
- "all"
- "default"
- "org"
- "deleted"
searchall:
description: "Search galaxy clusters by matching any value, description, uuid or galaxy elements values."
type: string
example: "botnet"
AddGalaxyClusterRequest:
content:
application/json:
schema:
$ref: "#/components/schemas/GalaxyCluster"
EditGalaxyClusterRequest:
content:
application/json:
schema:
$ref: "#/components/schemas/GalaxyCluster"
AddUserRequest:
content:
application/json:
schema:
$ref: "#/components/schemas/UserNoId"
EditUserRequest:
content:
application/json:
schema:
$ref: "#/components/schemas/User"
AddOrganisationRequest:
content:
application/json:
schema:
$ref: "#/components/schemas/OrganisationNoId"
EditOrganisationRequest:
content:
application/json:
schema:
type: object
properties:
name:
$ref: "#/components/schemas/OrganisationName"
type:
$ref: "#/components/schemas/OrganisationType"
nationality:
type: string
nullable: true
sector:
type: string
nullable: true
contacts:
type: string
nullable: true
description:
type: string
nullable: true
local:
type: boolean
nullable: true
uuid:
type: string
nullable: true
format: uuid
restricted_to_domain:
nullable: true
type: array
items:
type: string
format: hostname
AddServerRequest:
content:
application/json:
schema:
$ref: "#/components/schemas/ServerNoId"
EditServerRequest:
content:
application/json:
schema:
$ref: "#/components/schemas/Server"
EditServerSettingRequest:
content:
application/json:
schema:
type: object
properties:
value:
anyOf:
- type: string
- type: boolean
- type: number
- type: object
ImportServerRequest:
content:
application/json:
schema:
type: object
properties:
name:
$ref: "#/components/schemas/ServerName"
url:
type: string
example: "https://misppriv.circl.lu"
uuid:
$ref: "#/components/schemas/UUID"
authkey:
$ref: "#/components/schemas/AuthKeyRaw"
Organisation:
type: object
properties:
name:
$ref: "#/components/schemas/OrganisationName"
AddSharingGroupRequest:
content:
application/json:
schema:
$ref: "#/components/schemas/SharingGroupNoId"
EditSharingGroupRequest:
content:
application/json:
schema:
$ref: "#/components/schemas/SharingGroup"
AddFeedRequest:
content:
application/json:
schema:
type: object
properties:
name:
$ref: "#/components/schemas/FeedName"
provider:
$ref: "#/components/schemas/FeedProvider"
url:
$ref: "#/components/schemas/FeedUrl"
rules:
$ref: "#/components/schemas/FeedRules"
enabled:
$ref: "#/components/schemas/FeedEnabledFlag"
distribution:
$ref: "#/components/schemas/DistributionLevelId"
sharing_group_id:
$ref: "#/components/schemas/SharingGroupId"
tag_id:
$ref: "#/components/schemas/TagId"
source_format:
$ref: "#/components/schemas/FeedSourceFormat"
fixed_event:
$ref: "#/components/schemas/FeedFixedEvent"
delta_merge:
$ref: "#/components/schemas/FeedDeltaMergeFlag"
event_id:
$ref: "#/components/schemas/EventId"
publish:
$ref: "#/components/schemas/PublishedFlag"
override_ids:
$ref: "#/components/schemas/FeedOverrideIDSFlag"
input_source:
$ref: "#/components/schemas/FeedInputSource"
delete_local_file:
$ref: "#/components/schemas/FeedDeleteLocalFileFlag"
lookup_visible:
$ref: "#/components/schemas/FeedLookupVisibleFlag"
headers:
$ref: "#/components/schemas/FeedHeaders"
caching_enabled:
$ref: "#/components/schemas/FeedCachingEnabledFlag"
force_to_ids:
$ref: "#/components/schemas/FeedForceToIDSFlag"
orgc_id:
$ref: "#/components/schemas/OrganisationId"
EditFeedRequest:
content:
application/json:
schema:
type: object
properties:
id:
$ref: "#/components/schemas/FeedId"
name:
$ref: "#/components/schemas/FeedName"
provider:
$ref: "#/components/schemas/FeedProvider"
url:
$ref: "#/components/schemas/FeedUrl"
rules:
$ref: "#/components/schemas/FeedRules"
enabled:
$ref: "#/components/schemas/FeedEnabledFlag"
distribution:
$ref: "#/components/schemas/DistributionLevelId"
sharing_group_id:
$ref: "#/components/schemas/SharingGroupId"
tag_id:
$ref: "#/components/schemas/TagId"
source_format:
$ref: "#/components/schemas/FeedSourceFormat"
fixed_event:
$ref: "#/components/schemas/FeedFixedEvent"
delta_merge:
$ref: "#/components/schemas/FeedDeltaMergeFlag"
event_id:
$ref: "#/components/schemas/EventId"
publish:
$ref: "#/components/schemas/PublishedFlag"
override_ids:
$ref: "#/components/schemas/FeedOverrideIDSFlag"
input_source:
$ref: "#/components/schemas/FeedInputSource"
delete_local_file:
$ref: "#/components/schemas/FeedDeleteLocalFileFlag"
lookup_visible:
$ref: "#/components/schemas/FeedLookupVisibleFlag"
headers:
$ref: "#/components/schemas/FeedHeaders"
caching_enabled:
$ref: "#/components/schemas/FeedCachingEnabledFlag"
force_to_ids:
$ref: "#/components/schemas/FeedForceToIDSFlag"
orgc_id:
$ref: "#/components/schemas/OrganisationId"
WarninglistsSearchRequest:
content:
application/x-www-form-urlencoded:
schema:
type: object
properties:
value:
description: "Search term to be used to match warninglists name, description or type."
type: string
nullable: true
enabled:
type: boolean
nullable: true
WarninglistsToggleEnableRequest:
content:
application/x-www-form-urlencoded:
schema:
type: object
properties:
id:
$ref: "#/components/schemas/WarninglistsIdFilter"
name:
$ref: "#/components/schemas/WarninglistsNameFilter"
enabled:
type: boolean
nullable: false
WarninglistCheckValuesRequest:
content:
application/json:
schema:
type: array
items:
type: string
example: "10.128.0.2"
ToggleEnableNoticelistRequest:
content:
application/json:
schema:
type: object
properties:
Noticelist:
type: object
properties:
data:
description: "Id of the noticelist to enable/disable."
type: integer
example: 1
RestSearchObjectsRequest:
required: true
content:
application/json:
schema:
$ref: "#/components/schemas/ObjectRestSearchFilter"
AddObjectRequest:
content:
application/json:
schema:
type: object
properties:
Attribute:
type: array
items:
type: object
properties:
category:
$ref: "#/components/schemas/AttributeCategory"
value:
$ref: "#/components/schemas/AttributeValue"
to_ids:
$ref: "#/components/schemas/ToIDS"
disable_correlation:
$ref: "#/components/schemas/DisableCorrelationFlag"
distribution:
$ref: "#/components/schemas/DistributionLevelId"
comment:
$ref: "#/components/schemas/AttributeComment"
object_relation:
$ref: "#/components/schemas/ObjectRelation"
AddSightingsRequest:
content:
application/json:
schema:
type: object
properties:
values:
type: array
items:
$ref: "#/components/schemas/AttributeValue"
timestamp:
$ref: "#/components/schemas/NullableTimestamp"
filters:
$ref: "#/components/schemas/AttributeRestSearchFilter"
AddTagRequest:
content:
application/json:
schema:
$ref: "#/components/schemas/TagNoId"
EditTagRequest:
content:
application/json:
schema:
$ref: "#/components/schemas/TagNoId"
GetLogsRequest:
content:
application/json:
schema:
type: object
properties:
page:
$ref: "#/components/schemas/PageSearchFilter"
limit:
$ref: "#/components/schemas/LimitSearchFilter"
id:
$ref: "#/components/schemas/LogId"
title:
$ref: "#/components/schemas/LogTitle"
created:
oneOf:
- $ref: "#/components/schemas/DateRestSearchFilter"
- $ref: "#/components/schemas/DateIntervalRestSearchFilter"
model:
$ref: "#/components/schemas/ModelName"
model_id:
$ref: "#/components/schemas/ModelId"
action:
$ref: "#/components/schemas/LogActionType"
user_id:
$ref: "#/components/schemas/UserId"
change:
type: string
description: "Text search for log change property"
example: "%name () => (ORGNAME)%"
email:
type: string
format: email
org:
type: string
description: "Text search for log organisation name property"
example: "ORG_%"
description:
type: string
description: "Text search for log change property"
example: "%updated by User%"
ip:
type: string
description: "Text search for log ip property"
GetAuthKeyRequest:
content:
application/json:
schema:
type: object
properties:
page:
$ref: "#/components/schemas/PageSearchFilter"
limit:
$ref: "#/components/schemas/LimitSearchFilter"
id:
$ref: "#/components/schemas/AuthKeyId"
uuid:
$ref: "#/components/schemas/UUID"
authkey_start:
description: "Search term matching the first 4 characers of the authkey"
type: string
authkey_end:
description: "Search term matching the last 4 characers of the authkey"
type: string
created:
$ref: "#/components/schemas/DateRestSearchFilter"
expiration:
$ref: "#/components/schemas/DateRestSearchFilter"
read_only:
$ref: "#/components/schemas/IsReadOnly"
user_id:
$ref: "#/components/schemas/UserId"
comment:
type: string
allowed_ips:
description: "Stringified JSON array of the IP addresses."
type: string
example: '["127.0.0.1","127.0.0.2"]'
last_used:
$ref: "#/components/schemas/DateRestSearchFilter"
AddAuthKeyRequest:
content:
application/json:
schema:
type: object
properties:
uuid:
$ref: "#/components/schemas/UUID"
read_only:
$ref: "#/components/schemas/IsReadOnly"
user_id:
$ref: "#/components/schemas/UserId"
comment:
type: string
allowed_ips:
type: array
items:
description: IP address
type: string
example: "127.0.0.1"
nullable: true
EditAuthKeyRequest:
content:
application/json:
schema:
type: object
properties:
read_only:
$ref: "#/components/schemas/IsReadOnly"
comment:
type: string
allowed_ips:
type: array
items:
description: IP address
type: string
example: "127.0.0.1"
nullable: true
GetUserSettingRequest:
content:
application/json:
schema:
type: object
properties:
id:
$ref: "#/components/schemas/UserSettingId"
setting:
$ref: "#/components/schemas/UserSettingName"
user_id:
$ref: "#/components/schemas/UserId"
SetUserSettingRequest:
content:
application/json:
schema:
anyOf:
- $ref: "#/components/schemas/DashboardUserSetting"
- $ref: "#/components/schemas/PublishAlertFilterUserSetting"
- $ref: "#/components/schemas/DashboardAccessUserSetting"
- $ref: "#/components/schemas/HomepageUserSetting"
- $ref: "#/components/schemas/DefaultRestSearchParametersUserSetting"
- $ref: "#/components/schemas/TagNumbericalValueOverrideUserSetting"
- $ref: "#/components/schemas/EventIndexHideColumnsUserSetting"
AddEventReportRequest:
required: true
content:
application/json:
schema:
$ref: "#/components/schemas/EventReportNoId"
ImportFromURLEventReportRequest:
required: true
content:
application/json:
schema:
type: object
properties:
url:
type: string
example: "https://domain.example/blogpost/123.pdf"
responses:
AnalystDataResponse:
description: "An analyst data. Could be a Note, Opinion or Relationship depending on the `analystType` parameter"
content:
application/json:
schema:
oneOf:
- $ref: "#/components/schemas/AnalystNote"
- $ref: "#/components/schemas/AnalystOpinion"
- $ref: "#/components/schemas/AnalystRelationship"
DeleteAnalystDataResponse:
description: "Delete analyst data response"
content:
application/json:
schema:
type: object
properties:
message:
type: string
example: Analyst Note deleted.
AnalystDataListResponse:
description: "A list of Analyst Data"
content:
application/json:
schema:
type: array
items:
oneOf:
- $ref: "#/components/schemas/AnalystNote"
- $ref: "#/components/schemas/AnalystOpinion"
- $ref: "#/components/schemas/AnalystRelationship"
AttributeResponse:
description: "An attribute"
content:
application/json:
schema:
type: object
properties:
Attribute:
$ref: "#/components/schemas/Attribute"
AttributeListResponse:
description: "A list of attributes"
content:
application/json:
schema:
$ref: "#/components/schemas/AttributeList"
DeleteAttributeResponse:
description: "Delete attribute response"
content:
application/json:
schema:
type: object
properties:
message:
type: string
example: Attribute deleted.
AddAttributeTagResponse:
description: "Add attribute tag response"
content:
application/json:
schema:
type: object
properties:
saved:
description: "`true` if the tag was succesfully added, `false` if it failed"
type: boolean
nullable: false
success:
description: "Present if the tag was succesfully added"
type: string
nullable: true
example: "Tag added."
check_publish:
type: boolean
nullable: true
errors:
type: string
nullable: true
example: Tag could not be added.
RemoveAttributeTagResponse:
description: "Remove attribute tag response"
content:
application/json:
schema:
type: object
properties:
saved:
description: "`true` if the tag was succesfully removed, `false` if it failed"
type: boolean
nullable: false
success:
description: "Present if the tag was succesfully added"
type: string
nullable: true
example: "Tag removed."
check_publish:
type: boolean
nullable: true
errors:
type: string
nullable: true
example: Tag could not be added.
AttributesRestSearchResponse:
description: "Rest search attributes response"
headers:
X-Result-Count:
$ref: "#/components/headers/X-Result-Count"
X-Export-Module-Used:
$ref: "#/components/headers/X-Export-Module-Used"
X-Response-Format:
$ref: "#/components/headers/X-Response-Format"
content:
application/json:
schema:
type: object
properties:
response:
type: object
properties:
Attribute:
$ref: "#/components/schemas/AttributeRestSearchList"
AttributeStatisticsResponse:
description: "Attribute statistics response"
content:
application/json:
schema:
$ref: "#/components/schemas/AttributeStatisticsResponse"
DescribeAttributeTypesResponse:
description: "Describe attribute categories and types response"
content:
application/json:
schema:
$ref: "#/components/schemas/DescribeAttributeTypesResponse"
AddEventResponse:
description: "A freshly created event"
content:
application/json:
schema:
$ref: "#/components/schemas/CreatedEvent"
EditEventResponse:
description: "A freshly updated event"
content:
application/json:
schema:
$ref: "#/components/schemas/UpdatedEvent"
DeleteEventResponse:
description: "Delete event response"
content:
application/json:
schema:
type: object
properties:
saved:
description: "`true` if the event was succesfully deleted, `false` if it failed"
type: boolean
success:
description: "`true` if the event was succesfully deleted, `false` if it failed"
nullable: true
type: boolean
name:
type: string
example: "Event deleted."
message:
type: string
example: "Could not delete Event"
url:
type: string
example: "/events/delete/1"
errors:
description: "Only present if an error occurred when deleting the event"
type: string
nullable: true
example: "Event was not deleted."
DeleteEventReportResponse:
description: "Delete event report response"
content:
application/json:
schema:
type: object
properties:
saved:
description: "`true` if the event was succesfully deleted, `false` if it failed"
type: boolean
success:
description: "`true` if the event was succesfully deleted, `false` if it failed"
nullable: true
type: boolean
name:
type: string
example: "Event report 1 soft deleted."
message:
type: string
example: "Event Report 1 could not be soft deleted. Reasons: Errors"
url:
type: string
example: "/eventReport/delete/1"
errors:
description: "Only present if an error occurred when deleting the event"
type: string
nullable: true
example: "Event Report was not deleted."
RestoreEventReportResponse:
description: "Restore Event Report response"
content:
application/json:
schema:
type: object
properties:
saved:
description: "`true` if the event was succesfully deleted, `false` if it failed"
type: boolean
success:
description: "`true` if the event was succesfully deleted, `false` if it failed"
nullable: true
type: boolean
name:
type: string
example: "Event report 1 restored."
message:
type: string
example: "Event Report 1 could not be restored. Reasons: Errors"
url:
type: string
example: "/eventReport/restore/1"
errors:
description: "Only present if an error occurred when deleting the event"
type: string
nullable: true
example: "Event Report was not restored."
EventReportImportFromUrlResponse:
description: "Import from URL Event Report response"
content:
application/json:
schema:
type: object
properties:
saved:
description: "`true` if the event report was succesfully created, `false` if it failed"
type: boolean
success:
description: "`true` if the event report was succesfully created, `false` if it failed"
nullable: true
type: boolean
name:
type: string
example: "Event report imported"
message:
type: string
example: "Report downloaded and created"
url:
type: string
example: "/eventReport/importReportFromUrl/1"
errors:
description: "Only present if an error occurred when deleting the event"
type: string
nullable: true
example: "Could not fetch report from URL. Fetcher module not enabled or could not download the page"
AddEventTagResponse:
description: "Add event tag response"
content:
application/json:
schema:
type: object
properties:
saved:
description: "`true` if the tag was succesfully added, `false` if it failed"
type: boolean
nullable: false
success:
description: "Present if the tag was succesfully added"
type: string
nullable: true
example: "Tag added."
check_publish:
type: boolean
nullable: true
errors:
type: string
nullable: true
example: Tag could not be added.
RemoveEventTagResponse:
description: "Remove event tag response"
content:
application/json:
schema:
type: object
properties:
saved:
description: "`true` if the tag was succesfully removed, `false` if it failed"
type: boolean
nullable: false
success:
description: "Present if the tag was succesfully added"
type: string
nullable: true
example: "Tag removed."
check_publish:
type: boolean
nullable: true
errors:
type: string
nullable: true
example: Tag could not be added.
ExtendedEventListResponse:
description: "A list of events with extended properties"
headers:
X-Result-Count:
$ref: "#/components/headers/X-Result-Count"
content:
application/json:
schema:
$ref: "#/components/schemas/ExtendedEventList"
ExtendedEventResponse:
description: "An event with extended properties"
content:
application/json:
schema:
type: object
properties:
Event:
$ref: "#/components/schemas/ExtendedEvent"
EventsRestSearchResponse:
description: "Rest search events response"
headers:
X-Result-Count:
$ref: "#/components/headers/X-Result-Count"
X-Export-Module-Used:
$ref: "#/components/headers/X-Export-Module-Used"
X-Response-Format:
$ref: "#/components/headers/X-Response-Format"
content:
application/json:
schema:
type: object
properties:
response:
$ref: "#/components/schemas/EventRestSearchList"
PublishEventResponse:
description: "Publish event response"
content:
application/json:
schema:
type: object
properties:
name:
type: string
example: "Publish"
message:
type: string
example: "Job queued"
url:
type: string
example: "https://misp.local/events/alert/1"
id:
type: string
pattern: '^\d+$'
UnpublishEventResponse:
description: "Unpublish event response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: boolean
name:
type: string
example: "Event unpublished."
message:
type: string
example: "Event unpublished."
url:
type: string
example: "/events/unpublish/1"
EventReportResponse:
description: "An Event Report"
content:
application/json:
schema:
type: object
properties:
EventReport:
$ref: "#/components/schemas/EventReport"
EventReportListResponse:
description: "Get a list of Event Report"
content:
application/json:
schema:
type: array
items:
type: object
properties:
EventReport:
$ref: "#/components/schemas/EventReport"
GalaxyListResponse:
description: "A list of galaxies"
content:
application/json:
schema:
type: array
items:
type: object
properties:
Galaxy:
$ref: "#/components/schemas/Galaxy"
ExtendedGalaxyResponse:
description: "A extended galaxy response"
content:
application/json:
schema:
$ref: "#/components/schemas/ExtendedGalaxy"
UpdateGalaxiesResponse:
description: "Update galaxies response"
content:
application/json:
schema:
type: object
properties:
saved:
description: "Present and `true` if the galaxies were succesfully updated."
nullable: true
type: boolean
success:
description: "Present and `true` if the galaxies were succesfully updated."
nullable: true
type: boolean
name:
type: string
example: "Galaxies updated."
message:
type: string
example: "Galaxies updated."
url:
type: string
example: "/galaxies/update"
DeleteGalaxyResponse:
description: "Delete galaxy response"
content:
application/json:
schema:
type: object
properties:
saved:
description: "Present and `true` if the galaxy was succesfully removed."
nullable: true
type: boolean
success:
description: "Present and `true` if the galaxy was succesfully removed."
nullable: true
type: boolean
name:
type: string
example: "Galaxy deleted"
message:
type: string
example: "Galaxy deleted"
url:
type: string
example: "/galaxies/delete"
ImportGalaxyClusterResponse:
description: "Import galaxy cluster response"
content:
application/json:
schema:
type: object
properties:
saved:
description: "Present and `true` if the galaxy was succesfully imported."
nullable: true
type: boolean
success:
description: "Present and `true` if the galaxy was succesfully imported."
nullable: true
type: boolean
name:
type: string
example: "'Galaxy clusters imported. 1 imported, 0 ignored, 0 failed."
message:
type: string
example: "'Galaxy clusters imported. 1 imported, 0 ignored, 0 failed."
url:
type: string
example: "/galaxies/import"
ExportGalaxyClustersResponse:
description: "Export galaxy clusters response"
content:
application/json:
schema:
oneOf:
- type: array
items:
$ref: "#/components/schemas/GalaxyCluster"
- $ref: "#/components/schemas/GalaxyMispFormat"
AttachGalaxyClusterResponse:
description: "Attach galaxy cluster response"
content:
application/json:
schema:
type: object
properties:
saved:
description: "Present and `true` if the galaxy cluster was succesfully attached."
type: boolean
success:
description: "Status message of the operation."
type: string
example: "Cluster attached."
check_publish:
type: boolean
GalaxyClusterResponse:
description: "Galaxy cluster by ID response"
content:
application/json:
schema:
type: object
properties:
GalaxyCluster:
$ref: "#/components/schemas/GalaxyCluster"
ExtendedGalaxyClusterResponse:
description: "Extended galaxy cluster by ID response"
content:
application/json:
schema:
type: object
properties:
GalaxyCluster:
$ref: "#/components/schemas/ExtendedGalaxyCluster"
GalaxyClusterListResponse:
description: "Get galaxy clusters response"
content:
application/json:
schema:
type: array
items:
type: object
properties:
GalaxyCluster:
$ref: "#/components/schemas/GalaxyCluster"
PublishGalaxyClusterResponse:
description: "Publish galaxy cluster response"
content:
application/json:
schema:
type: object
properties:
message:
type: string
example: "Publish job queued. Job ID: 4e9d26c275a7b190fcab10029df8c6b6"
UnpublishGalaxyClusterResponse:
description: "Unpublish galaxy cluster response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: boolean
name:
type: string
example: "GalaxyCluster unpublished"
message:
type: string
example: "GalaxyCluster unpublished"
url:
type: string
example: "/galaxy_clusters/publish/1"
DeleteGalaxyClusterResponse:
description: "Delete galaxy cluster response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: boolean
name:
type: string
example: "Galaxy cluster successfuly soft deleted."
message:
type: string
example: "Galaxy cluster successfuly soft deleted."
url:
type: string
example: "/galaxy_clusters/delete/1"
RestoreGalaxyClusterResponse:
description: "Restore galaxy cluster response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: boolean
name:
type: string
example: "GalaxyCluster restored"
message:
type: string
example: "GalaxyCluster restored"
url:
type: string
example: "/galaxy_clusters/restore/1"
ResetUserPasswordResponse:
description: "Reset user password response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: string
example: "New credentials sent."
UserResponse:
description: "User response"
content:
application/json:
schema:
$ref: "#/components/schemas/User"
UserListResponse:
description: "User list response"
content:
application/json:
schema:
$ref: "#/components/schemas/UserList"
ExtendedUserResponse:
description: "Extended user response"
content:
application/json:
schema:
$ref: "#/components/schemas/ExtendedUser"
DeleteUserResponse:
description: "Delete user response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: boolean
name:
type: string
example: "User deleted."
message:
type: string
example: "User deleted."
url:
type: string
example: "/admin/users/delete/1"
DeleteUserTotpResponse:
description: "Delete user TOTP response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: boolean
name:
type: string
example: "User TOTP deleted."
message:
type: string
example: "User TOTP deleted."
url:
type: string
example: "/users/totp_delete/1"
id:
type: string
example: "1"
OrganisationResponse:
description: "Organisation list response"
content:
application/json:
schema:
$ref: "#/components/schemas/Organisation"
OrganisationListResponse:
description: "Organisation list response"
content:
application/json:
schema:
$ref: "#/components/schemas/OrganisationList"
DeleteOrganisationResponse:
description: "Delete organisation response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: boolean
name:
type: string
example: "Organisation deleted"
message:
type: string
example: "Organisation deleted"
url:
type: string
example: "/admin/organisations/delete/1"
ServerResponse:
description: "Server response"
content:
application/json:
schema:
type: object
properties:
Server:
$ref: "#/components/schemas/Server"
ServerListResponse:
description: "Server list response"
content:
application/json:
schema:
$ref: "#/components/schemas/ServerList"
DeleteServerResponse:
description: "Delete server response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: boolean
name:
type: string
example: "Server deleted"
message:
type: string
example: "Server deleted"
url:
type: string
example: "/servers/delete/1"
PullServerResponse:
description: "Pull server response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: boolean
name:
type: string
example: "Pull queued for background execution. Job ID: 1"
message:
type: string
example: "Pull queued for background execution. Job ID: 1"
url:
type: string
example: "/servers/pull/1"
PushServerResponse:
description: "Push server response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: boolean
name:
type: string
example: "Push queued for background execution. Job ID: 1"
message:
type: string
example: "Push queued for background execution. Job ID: 1"
url:
type: string
example: "/servers/push/1"
ServerVersionResponse:
description: "Server version"
content:
application/json:
schema:
type: object
properties:
version:
type: string
example: "2.4.142"
perm_sync:
nullable: true
type: boolean
perm_sighting:
nullable: true
type: boolean
perm_galaxy_editor:
nullable: true
type: boolean
request_encoding:
type: array
items:
type: string
enum:
- "gzip"
- "br"
ServerPyMISPVersionResponse:
description: "Server PyMISP version"
content:
application/json:
schema:
type: object
properties:
version:
type: string
example: "2.4.142"
ServerSettingsResponse:
description: "Server settings and diagnostics"
content:
application/json:
schema:
type: object
properties:
version:
type: object
properties:
current:
type: string
example: "v2.4.142"
newest:
type: string
example: "v2.4.142"
upToDate:
type: string
example: "same"
phpSettings:
type: object
properties:
max_execution_time:
$ref: "#/components/schemas/PhpServerSetting"
memory_limit:
$ref: "#/components/schemas/PhpServerSetting"
upload_max_filesize:
$ref: "#/components/schemas/PhpServerSetting"
post_max_size:
$ref: "#/components/schemas/PhpServerSetting"
gpgStatus:
type: string
example: "FAIL: Failed to load GnuPG"
proxyStatus:
type: string
example: "not configured (so not tested)"
zmqStatus:
type: integer
example: 1
stix:
type: object
properties:
operational:
type: integer
example: 1
stix:
$ref: "#/components/schemas/ServerPackageVersion"
cybox:
$ref: "#/components/schemas/ServerPackageVersion"
mixbox:
$ref: "#/components/schemas/ServerPackageVersion"
maec:
$ref: "#/components/schemas/ServerPackageVersion"
stix2:
$ref: "#/components/schemas/ServerPackageVersion"
pymisp:
$ref: "#/components/schemas/ServerPackageVersion"
moduleStatus:
type: object
properties:
Enrichment:
type: integer
example: 1
Import:
type: integer
example: 1
Export:
type: integer
example: 1
Cortex:
type: integer
example: 1
writeableDirs:
type: object
example:
"/tmp": 0
"/var/www/MISP/app/tmp": 0
"/var/www/MISP/app/files": 0
"/var/www/MISP/app/files/scripts/tmp": 0
writeableFiles:
type: object
example:
"/var/www/MISP/app/Config/config.php": 0
"/var/www/MISP/.git/ORIG_HEAD": 2
readableFiles:
type: object
example:
"/var/www/MISP/app/files/scripts/stixtest.py": 0
dbDiagnostics:
type: object
example:
"admin_settings":
"table": "admin_settings"
"used": "0.03 MB"
"reclaimable": "0 MB"
"data_in_bytes": 16384
"index_in_bytes": 16384
"reclaimable_in_bytes": 0
"allowedlist":
"table": "allowedlist"
"used": "0.02 MB"
"reclaimable": "0 MB"
"data_in_bytes": 16384
"index_in_bytes": 0
"reclaimable_in_bytes": 0
dbSchemaDiagnostics:
type: object
properties:
dataSource:
type: string
example: "Database/Mysql"
actual_db_version:
type: string
pattern: '^\d+$'
example: "68"
checked_table_column:
type: array
items:
type: string
example: "column_name"
diagnostic:
type: object
diagnostic_index:
anyOf:
- type: object
example:
"event_reports":
"event_id":
"message": "Column `event_id` is indexed but should not"
"sql": "DROP INDEX `event_id` ON event_reports;"
- type: array
items:
type: object
example: []
expected_db_version:
type: string
pattern: '^\d+$'
example: "70"
error:
type: string
update_locked:
type: boolean
remaining_lock_time:
type: number
example: 0
update_fail_number_reached:
type: boolean
indexes:
type: object
example:
"admin_settings":
"id": true
"setting": false
columnPerTable:
type: object
example:
"admin_settings":
- "id"
- "setting"
- "value"
redisInfo:
type: object
example:
"extensionVersion": "5.1.1"
"connection": true
"redis_version": "5.0.7"
"redis_git_sha1": 0
"redis_git_dirty": 0
"redis_build_id": "636cde3b5c7a3923"
"redis_mode": "standalone"
"os": "Linux 5.8.0-50-generic x86_64"
"arch_bits": 64
"multiplexing_api": "epoll"
"atomicvar_api": "atomic-builtin"
"gcc_version": "9.2.1"
"process_id": 1051
"run_id": "f894944d92c978df93a18821fb5ebe30dfd0b257"
"tcp_port": 6379
"uptime_in_seconds": 327116
"uptime_in_days": 3
"hz": 10
"configured_hz": 10
"lru_clock": 10365184
"executable": "/usr/bin/redis-server"
"config_file": "/etc/redis/redis.conf"
"connected_clients": 18
"client_recent_max_input_buffer": 2
"client_recent_max_output_buffer": 0
"blocked_clients": 0
"used_memory": 1309488
"used_memory_human": "1.25M"
"used_memory_rss": 5541888
"used_memory_rss_human": "5.29M"
"used_memory_peak": 1410464
"used_memory_peak_human": "1.35M"
"used_memory_peak_perc": "92.84%"
"used_memory_overhead": 1200800
"used_memory_startup": 796232
"used_memory_dataset": 108688
"used_memory_dataset_perc": "21.18%"
"allocator_allocated": 1480176
"allocator_active": 1896448
"allocator_resident": 5890048
"total_system_memory": 33406590976
"total_system_memory_human": "31.11G"
"used_memory_lua": 41984
"used_memory_lua_human": "41.00K"
"used_memory_scripts": 0
"used_memory_scripts_human": "0B"
"number_of_cached_scripts": 0
"maxmemory": 0
"maxmemory_human": "0B"
"maxmemory_policy": "noeviction"
"allocator_frag_ratio": 1.28
"allocator_frag_bytes": 416272
"allocator_rss_ratio": 3.11
"allocator_rss_bytes": 3993600
"rss_overhead_ratio": 0.94
"rss_overhead_bytes": -348160
"mem_fragmentation_ratio": 4.24
"mem_fragmentation_bytes": 4233432
"mem_not_counted_for_evict": 0
"mem_replication_backlog": 0
"mem_clients_slaves": 0
"mem_clients_normal": 402912
"mem_aof_buffer": 0
"mem_allocator": "jemalloc-5.2.1"
"active_defrag_running": 0
"lazyfree_pending_objects": 0
"loading": 0
"rdb_changes_since_last_save": 0
"rdb_bgsave_in_progress": 0
"rdb_last_save_time": 1620977919
"rdb_last_bgsave_status": "ok"
"rdb_last_bgsave_time_sec": 0
"rdb_current_bgsave_time_sec": -1
"rdb_last_cow_size": 446464
"aof_enabled": 0
"aof_rewrite_in_progress": 0
"aof_rewrite_scheduled": 0
"aof_last_rewrite_time_sec": -1
"aof_current_rewrite_time_sec": -1
"aof_last_bgrewrite_status": "ok"
"aof_last_write_status": "ok"
"aof_last_cow_size": 0
"total_connections_received": 289
"total_commands_processed": 252747
"instantaneous_ops_per_sec": 7
"total_net_input_bytes": 12111506
"total_net_output_bytes": 1232466
"instantaneous_input_kbps": 0.36
"instantaneous_output_kbps": 0.03
"rejected_connections": 0
"sync_full": 0
"sync_partial_ok": 0
"sync_partial_err": 0
"expired_keys": 17
"expired_stale_perc": 0
"expired_time_cap_reached_count": 0
"evicted_keys": 0
"keyspace_hits": 70
"keyspace_misses": 62805
"pubsub_channels": 0
"pubsub_patterns": 0
"latest_fork_usec": 168
"migrate_cached_sockets": 0
"slave_expires_tracked_keys": 0
"active_defrag_hits": 0
"active_defrag_misses": 0
"active_defrag_key_hits": 0
"active_defrag_key_misses": 0
"role": "master"
"connected_slaves": 0
"master_replid": "d5e7afcf4fd1a31e539a4eadd5caf2a7da6d121c"
"master_replid2": 0
"master_repl_offset": 0
"second_repl_offset": -1
"repl_backlog_active": 0
"repl_backlog_size": 1048576
"repl_backlog_first_byte_offset": 0
"repl_backlog_histlen": 0
"used_cpu_sys": 195.014281
"used_cpu_user": 217.352183
"used_cpu_sys_children": 0.050885
"used_cpu_user_children": 0.076436
"cluster_enabled": 0
"db0": "keys=15,expires=0,avg_ttl=0"
"db13": "keys=12,expires=4,avg_ttl=21265731140"
finalSettings:
type: array
items:
$ref: "#/components/schemas/MispSetting"
extensions:
type: object
properties:
cli:
type: object
properties:
phpversion:
type: string
example: "7.4.3"
extensions:
type: object
example:
"json":
"web_version": "7.4.3"
"web_version_outdated": false
"cli_version": "7.4.3"
"cli_version_outdated": false
"required": true
"info": null
workers:
type: object
properties:
cache:
$ref: "#/components/schemas/WorkersStatus"
default:
$ref: "#/components/schemas/WorkersStatus"
email:
$ref: "#/components/schemas/WorkersStatus"
prio:
$ref: "#/components/schemas/WorkersStatus"
update:
$ref: "#/components/schemas/WorkersStatus"
scheduler:
$ref: "#/components/schemas/WorkersStatus"
proc_accessible:
type: boolean
controls:
type: boolean
StartWorkerResponse:
description: "Start worker response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: boolean
name:
type: string
example: "Worker start signal sent"
message:
type: string
example: "Worker start signal sent"
url:
type: string
example: "/servers/startWorker/email"
StopWorkerResponse:
description: "Stop worker response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: boolean
name:
type: string
example: "Worker stop signal sent"
message:
type: string
example: "Worker stop signal sent"
url:
type: string
example: "/servers/startWorker/1234"
KillAllWorkersResponse:
description: "Kill all workers response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: boolean
name:
type: string
example: "Killing workers."
message:
type: string
example: "Killing workers."
url:
type: string
example: "/servers/killAllWorkers"
RestartWorkersResponse:
description: "Restart workers response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: boolean
name:
type: string
example: "Restarting workers."
message:
type: string
example: "Restarting workers."
url:
type: string
example: "/servers/restartWorkers"
RestartDeadWorkersResponse:
description: "Restart dead workers response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: boolean
name:
type: string
example: "Restarting workers."
message:
type: string
example: "Restarting workers."
url:
type: string
example: "/servers/restartDeadWorkers"
GetWorkersResponse:
description: "Stop worker response"
content:
application/json:
schema:
type: object
properties:
cache:
$ref: "#/components/schemas/WorkersStatus"
default:
$ref: "#/components/schemas/WorkersStatus"
email:
$ref: "#/components/schemas/WorkersStatus"
prio:
$ref: "#/components/schemas/WorkersStatus"
update:
$ref: "#/components/schemas/WorkersStatus"
scheduler:
$ref: "#/components/schemas/WorkersStatus"
proc_accessible:
type: boolean
controls:
type: boolean
UpdateServerResponse:
description: "Update server response"
content:
application/json:
schema:
type: object
properties:
results:
type: array
items:
anyOf:
- $ref: "#/components/schemas/UpdateServerResultItem"
- type: string
example: "Update failed, you are not on branch"
CacheServerResponse:
description: "Cache server response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: boolean
name:
type: string
example: "Server caching job initiated."
message:
type: string
example: "Server caching job initiated."
url:
type: string
example: "/servers/cache"
CreateSyncResponse:
description: "Create server sync"
content:
application/json:
schema:
type: object
properties:
Server:
type: object
properties:
url:
type: string
example: "https://misppriv.circl.lu"
uuid:
$ref: "#/components/schemas/UUID"
authkey:
$ref: "#/components/schemas/AuthKeyRaw"
Organisation:
type: object
properties:
name:
$ref: "#/components/schemas/OrganisationName"
uuid:
$ref: "#/components/schemas/UUID"
GetInstanceUUIDResponse:
description: "Get instance UUID response"
content:
application/json:
schema:
type: object
properties:
uuid:
$ref: "#/components/schemas/UUID"
GetServerSettingResponse:
description: "Get setting response"
content:
application/json:
schema:
$ref: "#/components/schemas/MispSetting"
EditServerSettingResponse:
description: "Edit setting response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: boolean
name:
type: string
example: "Field updated"
message:
type: string
example: "Field updated"
url:
type: string
example: "/servers/serverSettingsEdit"
SharingGroupResponse:
description: "Get sharing group response"
content:
application/json:
schema:
type: object
properties:
SharingGroup:
$ref: "#/components/schemas/SharingGroup"
Organisation:
$ref: "#/components/schemas/Organisation"
SharingGroupOrg:
type: array
items:
$ref: "#/components/schemas/SharingGroupOrganisation"
SharingGroupServer:
type: array
items:
$ref: "#/components/schemas/SharingGroupServer"
editable:
type: boolean
deletable:
type: boolean
SharingGroupListResponse:
description: "Get sharing groups response"
content:
application/json:
schema:
type: object
properties:
response:
type: array
items:
$ref: "#/components/schemas/SharingGroupListItem"
DeleteSharingGroupResponse:
description: "Delete sharing group response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: boolean
name:
type: string
example: "SharingGroup deleted"
message:
type: string
example: "SharingGroup deleted"
url:
type: string
example: "/sharing_groups/delete/1"
AddOrganisationToSharingGroupResponse:
description: "Add organisation to a sharing group response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: boolean
name:
type: string
example: "Organisation added to the sharing group."
message:
type: string
example: "Organisation added to the sharing group."
url:
type: string
example: "/sharing_groups/addOrg"
RemoveOrganisationFromSharingGroupResponse:
description: "Remove organisation from a sharing group response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: boolean
name:
type: string
example: "Organisation removed from the sharing group."
message:
type: string
example: "Organisation removed from the sharing group."
url:
type: string
example: "/sharing_groups/removeOrg"
AddServerToSharingGroupResponse:
description: "Add server to a sharing group response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: boolean
name:
type: string
example: "Server added to the sharing group."
message:
type: string
example: "Server added to the sharing group."
url:
type: string
example: "/sharing_groups/addServer"
RemoveServerFromSharingGroupResponse:
description: "Remove server from a sharing group response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: boolean
name:
type: string
example: "Server removed from the sharing group."
message:
type: string
example: "Server removed from the sharing group."
url:
type: string
example: "/sharing_groups/removeServer"
FeedListResponse:
description: "Get feeds response"
content:
application/json:
schema:
type: array
items:
type: object
properties:
Feed:
$ref: "#/components/schemas/Feed"
FeedResponse:
description: "Get feed response"
content:
application/json:
schema:
type: object
properties:
Feed:
$ref: "#/components/schemas/Feed"
EnableFeedResponse:
description: "Enable feed response"
content:
application/json:
schema:
type: object
properties:
name:
type: string
example: "Feed enabled."
message:
type: string
example: "Feed enabled."
url:
type: string
example: "/feeds/enable/1"
DisableFeedResponse:
description: "Disable feed response"
content:
application/json:
schema:
type: object
properties:
name:
type: string
example: "Feed disabled."
message:
type: string
example: "Feed disabled."
url:
type: string
example: "/feeds/disable/1"
CacheFeedsResponse:
description: "Cache feeds response"
content:
application/json:
schema:
type: object
properties:
name:
type: string
example: "Feed caching job initiated."
message:
type: string
example: "Feed caching job initiated."
url:
type: string
example: "/feeds/cacheFeed"
FetchFromFeedResponse:
description: "Fetch feed response"
content:
application/json:
schema:
type: object
properties:
result:
type: string
example: "Pull queued for background execution."
FetchFromAllFeedsResponse:
description: "Fetch all feeds response"
content:
application/json:
schema:
type: object
properties:
result:
type: string
example: "Pull queued for background execution."
WarninglistListResponse:
description: "Get warninglists response"
content:
application/json:
schema:
type: object
properties:
Warninglists:
type: array
items:
type: object
properties:
Warninglist:
$ref: "#/components/schemas/Warninglist"
WarninglistToggleEnabledResponse:
description: "Toggle enable warninglists response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: string
example: "1 warninglist(s) disabled"
WarninglistResponse:
description: "Get warninglists response"
content:
application/json:
schema:
type: object
properties:
Warninglist:
$ref: "#/components/schemas/Warninglist"
WarninglistMatchListResponse:
description: "List of values matching warninglists response"
content:
application/json:
schema:
type: object
example:
"10.128.0.2":
- "id": "10"
"name": "List of known Wikimedia address ranges"
UpdateWarninglistsResponse:
description: "List of values matching warninglists response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
nullable: true
type: boolean
name:
type: string
example: "Successfully updated 1 warninglists."
message:
type: string
example: "Successfully updated 1 warninglists."
url:
type: string
example: "/warninglists/update"
NoticelistListResponse:
description: "Get noticelists response"
content:
application/json:
schema:
type: array
items:
type: object
properties:
Noticelist:
$ref: "#/components/schemas/Noticelist"
NoticelistResponse:
description: "Get noticelist response"
content:
application/json:
schema:
type: object
properties:
Noticelist:
$ref: "#/components/schemas/Noticelist"
NoticelistToggleEnableResponse:
description: "Toggle enable noticelist response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: boolean
name:
type: string
example: "Noticelist enabled."
message:
type: string
example: "Noticelist enabled."
url:
type: string
example: "/noticelists/toggleEnable/1"
UpdateNoticelistsResponse:
description: "Toggle enable noticelist response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: boolean
name:
type: string
example: "Successfully updated 1 noticelists."
message:
type: string
example: "Successfully updated 1 noticelists."
url:
type: string
example: "/noticelists/update"
ObjectResponse:
description: "Object response"
content:
application/json:
schema:
type: object
properties:
Object:
$ref: "#/components/schemas/Object"
ExtendedObjectResponse:
description: "Extended object response"
content:
application/json:
schema:
type: object
properties:
Object:
$ref: "#/components/schemas/ExtendedObject"
DeleteObjectResponse:
description: "Delete object response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: boolean
name:
type: string
example: "Object deleted"
message:
type: string
example: "Object deleted"
url:
type: string
example: "/objects/delete/1"
ObjectsRestSearchResponse:
description: "Rest search objects response"
headers:
X-Result-Count:
$ref: "#/components/headers/X-Result-Count"
X-Export-Module-Used:
$ref: "#/components/headers/X-Export-Module-Used"
X-Response-Format:
$ref: "#/components/headers/X-Response-Format"
content:
application/json:
schema:
type: object
properties:
response:
type: array
items:
$ref: "#/components/schemas/ObjectRestSearchList"
SightingListResponse:
description: "Get sightings response"
content:
application/json:
schema:
type: array
items:
$ref: "#/components/schemas/Sighting"
SightingResponse:
description: "Add sighting response"
content:
application/json:
schema:
$ref: "#/components/schemas/Sighting"
DeleteSightingResponse:
description: "Delete sighting response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: boolean
name:
type: string
example: "Sighting successfully deleted."
message:
type: string
example: "Sighting successfully deleted."
url:
type: string
example: "/sightings/delete/1"
TagListResponse:
description: "Tag list response"
content:
application/json:
schema:
type: object
properties:
Tag:
$ref: "#/components/schemas/TagList"
TagResponse:
description: "Tag response"
content:
application/json:
schema:
$ref: "#/components/schemas/Tag"
DeleteTagResponse:
description: "Delete tag response"
content:
application/json:
schema:
type: object
properties:
name:
type: string
example: "Tag deleted."
message:
type: string
example: "Tag deleted."
url:
type: string
example: "https://misppriv.circl.lu/tags/delete/1"
EditTagResponse:
description: "Tag response"
content:
application/json:
schema:
type: object
properties:
Tag:
$ref: "#/components/schemas/Tag"
SearchTagResponse:
description: "Search tag response"
content:
application/json:
schema:
type: array
items:
$ref: "#/components/schemas/ExtendedTag"
GetLogsResponse:
description: "Get logs response"
content:
application/json:
schema:
type: array
items:
type: object
properties:
Log:
$ref: "#/components/schemas/Log"
GetAuthKeysResponse:
description: "Get auth keys response"
content:
application/json:
schema:
type: array
items:
type: object
properties:
AuthKey:
$ref: "#/components/schemas/AuthKey"
User:
type: object
properties:
id:
$ref: "#/components/schemas/UserId"
email:
type: string
format: email
AddAuthKeyResponse:
description: "Auth key response"
content:
application/json:
schema:
type: object
properties:
AuthKey:
$ref: "#/components/schemas/AuthKey"
AuthKeyResponse:
description: "Auth key response"
content:
application/json:
schema:
type: object
properties:
AuthKey:
$ref: "#/components/schemas/AuthKey"
User:
type: object
properties:
id:
$ref: "#/components/schemas/UserId"
org_id:
$ref: "#/components/schemas/OrganisationId"
nullable: true
email:
type: string
format: email
nullable: true
DeleteAuthKeyResponse:
description: "Delete auth key response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: boolean
name:
type: string
example: "AuthKey deleted."
message:
type: string
example: "AuthKey deleted."
url:
type: string
example: "/auth_keys/delete/1234"
GetUserSettingsResponse:
description: "Get user settings response"
content:
application/json:
schema:
type: array
items:
type: object
properties:
UserSetting:
$ref: "#/components/schemas/UserSetting"
UserSettingResponse:
description: "Get user setting response"
content:
application/json:
schema:
type: object
properties:
UserSetting:
$ref: "#/components/schemas/UserSetting"
DeleteUserSettingResponse:
description: "Delete user setting response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: boolean
name:
type: string
example: "Setting deleted."
message:
type: string
example: "Setting deleted."
url:
type: string
example: "/user_settings/delete/1234"
GetTaxonomiesResponse:
description: "Get taxonomies response"
content:
application/json:
schema:
type: array
items:
type: object
properties:
Taxonomy:
$ref: "#/components/schemas/Taxonomy"
total_count:
type: integer
description: "Amount of related tags to this taxonomy."
current_count:
type: integer
description: "Amount of active related tags to this taxonomy."
TaxonomiesResponse:
description: "Get taxonomy response"
content:
application/json:
schema:
type: object
properties:
Taxonomy:
$ref: "#/components/schemas/Taxonomy"
entries:
type: array
items:
$ref: "#/components/schemas/TaxonomyEntry"
EnableTaxonomyResponse:
description: "Enable taxonomy response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: boolean
name:
type: string
example: "Taxonomy enabled"
message:
type: string
example: "Taxonomy enabled"
url:
type: string
example: "/taxonomies/enable/1234"
DisableTaxonomyResponse:
description: "Disable taxonomy response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: boolean
name:
type: string
example: "Taxonomy disabled"
message:
type: string
example: "Taxonomy disabled"
url:
type: string
example: "/taxonomies/disabled/1234"
UpdateTaxonomiesResponse:
description: "Update taxonomies response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: boolean
name:
type: string
example: "Successfully updated 120 taxonomy libraries."
message:
type: string
example: "Successfully updated 120 taxonomy libraries."
url:
type: string
example: "/taxonomies/update"
GetTaxonomyTagsResponse:
description: "Get taxonomy tags response"
content:
application/json:
schema:
type: object
properties:
Taxonomy:
$ref: "#/components/schemas/Taxonomy"
entries:
type: array
items:
$ref: "#/components/schemas/ExtendedTaxonomyEntry"
ExportTaxonomyTagsResponse:
description: "Export taxonomy response"
content:
application/json:
schema:
type: object
properties:
namespace:
$ref: "#/components/schemas/TaxonomyNamespace"
description:
$ref: "#/components/schemas/TaxonomyDescription"
version:
type: integer
exclusive:
type: boolean
predicates:
type: array
items:
$ref: "#/components/schemas/TaxonomyPredicateExport"
values:
type: array
items:
$ref: "#/components/schemas/TaxonomyValueExport"
ApiErrorResponse:
description: "Unexpected API error"
content:
application/json:
schema:
$ref: "#/components/schemas/ApiError"
NotFoundApiErrorResponse:
description: "The specified resource was not found"
content:
application/json:
schema:
$ref: "#/components/schemas/NotFoundApiError"
NotFoundUserTotpDeleteResponse:
description: "The specified resource was not found"
content:
application/json:
schema:
$ref: "#/components/schemas/NotFoundUserTotpDeleteError"
UnauthorizedApiErrorResponse:
description: "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header."
content:
application/json:
schema:
$ref: "#/components/schemas/UnauthorizedApiError"
headers:
X-Result-Count:
description: Result set count
schema:
type: integer
X-Export-Module-Used:
description: Export module used
schema:
type: string
enum:
- json
- xml
- csv
- text
- download
- stix
- stix2
- stix-json
- attack
- attack-sightings
- cache
- count
- hashes
- netfilter
- opendata
- openioc
- rpz
- snort
- suricata
- yara
- yara-json
X-Response-Format:
description: Response format
schema:
type: string
enum:
- json
- xml
- csv
- text
- download
- stix
- stix2
- stix-json
- attack
- attack-sightings
- cache
- count
- hashes
- netfilter
- opendata
- openioc
- rpz
- snort
- suricata
- yara
- yara-json
security:
- ApiKeyAuth: []
Reference in New Issue View Git Blame Copy Permalink