MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity
MISP/app/webroot/doc/openapi.yaml

7307 lines
214 KiB
YAML
Raw Blame History

openapi: 3.0.0
info:
version: 2.4.142
title: MISP Automation API
description: |
### Getting Started
Automation functionality is designed to automatically generate signatures for intrusion detection systems.
To enable signature generation for a given attribute, Signature field of this attribute must be set to Yes.
Note that not all attribute types are applicable for signature generation, currently we only support NIDS signature
generation for IP, domains, host names, user agents etc., and hash list generation for MD5/SHA1 values of file artefacts.
Support for more attribute types is planned. To make this functionality available for automated tools an authentication
key is used. This makes it easier for your tools to access the data without further form-based-authentication.
The [API](https://www.circl.lu/doc/misp/GLOSSARY.html#api) key can be found and managed under My Profile page (/users/view/me)
on a MISP instance.
#### Accept and Content-Type headers
When performing your request, depending on the type of request, you might need to explicitly specify in what content
type you want to get your results. This is done by setting one of the below `Accept` headers:
Accept: application/json
Accept: application/xml
When submitting data in a `POST`, `PUT` or `DELETE` operation you also need to specify in what content-type you encoded the payload.
This is done by setting one of the below `Content-Type` headers:
Content-Type: application/json
Content-Type: application/xml
Example:
```
curl --header "Authorization: YOUR_API_KEY" \
--header "Accept: application/json" \
--header "Content-Type: application/json" https://<misp url>/
```
> **NOTE**: By appending .json or .xml the content type can also be set without the need for a header.
#### Automation using PyMISP
[PyMISP](https://github.com/MISP/PyMISP) is a Python library to access MISP platforms via their REST [API](https://www.circl.lu/doc/misp/GLOSSARY.html#api).
It allows you to fetch events, add or update events/attributes, add or update samples or search for attributes.
### FAQ
* [Dev FAQ](https://www.circl.lu/doc/misp/dev-faq/)
* [GitHub project FAQ](https://github.com/MISP/MISP/wiki/Frequently-Asked-Questions)
servers:
- url: /
tags:
- name: Attributes
description: "Attributes in MISP can be network indicators (e.g. IP address), system indicators (e.g. a string in memory) or even bank account details."
externalDocs:
url: https://www.circl.lu/doc/misp/GLOSSARY.html#misp-attribute
- name: Events
description: "MISP events are encapsulations for contextually related information represented as attributes and objects."
externalDocs:
url: https://www.circl.lu/doc/misp/GLOSSARY.html#misp-event
- name: Galaxies
description: "Galaxies in MISP are a method used to express a large object called cluster that can be attached to MISP events or attributes."
externalDocs:
url: https://www.circl.lu/doc/misp/galaxy/
- name: GalaxyClusters
description: "A galaxy cluster that can be attached to MISP events or attributes."
externalDocs:
url: https://www.circl.lu/doc/misp/galaxy/
- name: Users
description: "As an admin (not to be confused with Org Admin), you can set up new accounts for users, edit user profiles, delete them, or just have a look at all the viewers' profiles."
externalDocs:
url: https://www.circl.lu/doc/misp/administration/#users
- name: Organisations
description: "Each users belongs to an organisation. As admin, you can manage these organisations."
externalDocs:
url: https://www.circl.lu/doc/misp/administration/#organisations
- name: Servers
description: "Servers represent MISP instances we are connected to and from which we can pull/push data from/to."
externalDocs:
url: https://www.circl.lu/doc/misp/sharing/
- name: Sharing Groups
description: "Sharing groups in MISP are a more granular way to create re-usable distribution lists for events/attributes that allow users to include organisations from their own instance (local organisations) as well as organisations from directly, or indirectly connected instances (external organisations)."
externalDocs:
url: https://www.circl.lu/doc/misp/sharing/#sharing-groups
- name: Feeds
description: "Feeds are remote or local resources containing indicators that can be automatically imported into MISP at regular intervals. Feeds can be structured in [MISP format](https://www.circl.lu/doc/misp/GLOSSARY.html#misp-format), CSV format or even free-text format."
externalDocs:
url: https://www.circl.lu/doc/misp/managing-feeds/#feeds
- name: Objects
description: "MISP objects are in addition to MISP attributes to allow advanced combinations and concatenation of attributes. The creation of these objects and their associated attributes are based on real cyber security use-cases and existing practices in information sharing."
externalDocs:
url: https://www.circl.lu/doc/misp/misp-objects/
- name: Tags
description: ""
externalDocs:
url: https://www.circl.lu/doc/misp/quick-start/#tags-and-taglist
- name: Sightings
description: "Sightings is a system allowing people to react on attributes on an event. It was originally designed to provide an easy method for user to tell when they see a given attribute, giving it more credibility."
externalDocs:
url: https://www.circl.lu/doc/misp/sightings/
- name: Warninglists
description: "MISP warninglists are lists of well-known indicators that can be associated to potential false positives, errors or mistakes."
externalDocs:
url: https://www.circl.lu/doc/misp/warninglists/
- name: Noticelists
description: "Notice lists to inform MISP users of the legal, privacy, policy or even technical implications of using specific attributes, categories or objects."
externalDocs:
url: https://www.circl.lu/doc/misp/noticelists/
paths:
/attributes/add/{eventId}:
post:
summary: "Add an attribute"
operationId: addAttribute
tags:
- Attributes
parameters:
- $ref: "#/components/parameters/eventIdParameter"
requestBody:
$ref: "#/components/requestBodies/AddAttributeRequest"
responses:
"200":
$ref: "#/components/responses/AttributeResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/attributes/edit/{attributeId}:
put:
summary: "Edit an attribute"
operationId: editAttribute
tags:
- Attributes
parameters:
- $ref: "#/components/parameters/attributeIdParameter"
requestBody:
$ref: "#/components/requestBodies/EditAttributeRequest"
responses:
"200":
$ref: "#/components/responses/AttributeResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/attributes/delete/{attributeId}:
delete:
summary: "Delete an attribute"
operationId: deleteAttribute
tags:
- Attributes
parameters:
- $ref: "#/components/parameters/attributeIdParameter"
responses:
"200":
$ref: "#/components/responses/DeleteAttributeResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/attributes/restore/{attributeId}:
post:
summary: "Restore an attribute"
operationId: restoreAttribute
tags:
- Attributes
parameters:
- $ref: "#/components/parameters/attributeIdParameter"
responses:
"200":
$ref: "#/components/responses/AttributeResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/attributes/addTag/{attributeId}/{tagId}:
post:
summary: "Add a tag to an attribute"
operationId: tagAttribute
tags:
- Attributes
parameters:
- $ref: "#/components/parameters/attributeIdParameter"
- $ref: "#/components/parameters/tagIdParameter"
responses:
"200":
$ref: "#/components/responses/AddAttributeTagResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/attributes/removeTag/{attributeId}/{tagId}:
post:
summary: "Remove a tag from an attribute"
operationId: untagAttribute
tags:
- Attributes
parameters:
- $ref: "#/components/parameters/attributeIdParameter"
- $ref: "#/components/parameters/tagIdParameter"
responses:
"200":
$ref: "#/components/responses/RemoveAttributeTagResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/attributes:
get:
summary: "Get a list of attributes"
operationId: getAttributes
tags:
- Attributes
responses:
"200":
$ref: "#/components/responses/AttributeListResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/attributes/view/{attributeId}:
get:
summary: "Get an attribute by ID"
operationId: getAttributeById
tags:
- Attributes
parameters:
- $ref: "#/components/parameters/attributeIdParameter"
responses:
"200":
$ref: "#/components/responses/AttributeResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/attributes/restSearch:
post:
summary: "Get a filtered and paginated list of attributes"
operationId: restSearchAttributes
tags:
- Attributes
parameters:
- $ref: "#/components/parameters/returnFormatParameter"
requestBody:
$ref: "#/components/requestBodies/RestSearchAttributesRequest"
responses:
"200":
$ref: "#/components/responses/AttributesRestSearchResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/attributes/attributeStatistics/{context}/{percentage}:
get:
summary: "Get a filtered and paginated list of attributes"
operationId: getAttributeStatistics
tags:
- Attributes
parameters:
- $ref: "#/components/parameters/attributeStatisticsContextParameter"
- $ref: "#/components/parameters/attributeStatisticsPercentageParameter"
responses:
"200":
$ref: "#/components/responses/AttributeStatisticsResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/attributes/describeTypes:
get:
summary: "Get a list of the available attribute types"
operationId: describeAttributeTypes
tags:
- Attributes
responses:
"200":
$ref: "#/components/responses/DescribeAttributeTypesResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/events/add:
post:
summary: "Add event"
operationId: addEvent
tags:
- Events
requestBody:
$ref: "#/components/requestBodies/AddEventRequest"
responses:
"200":
$ref: "#/components/responses/AddEventResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/events/edit/{eventId}:
put:
summary: "Edit event"
operationId: editEvent
tags:
- Events
parameters:
- $ref: "#/components/parameters/eventIdParameter"
requestBody:
$ref: "#/components/requestBodies/EditEventRequest"
responses:
"200":
$ref: "#/components/responses/EditEventResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/events/delete/{eventId}:
delete:
summary: "Delete event"
operationId: deleteEvent
tags:
- Events
parameters:
- $ref: "#/components/parameters/eventIdParameter"
responses:
"200":
$ref: "#/components/responses/DeleteEventResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/events:
get:
summary: "Get a list of events"
operationId: getEvents
tags:
- Events
responses:
"200":
$ref: "#/components/responses/ExtendedEventListResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/events/index:
post:
summary: "Search events"
operationId: searchEvents
tags:
- Events
requestBody:
$ref: "#/components/requestBodies/SearchEventRequest"
responses:
"200":
$ref: "#/components/responses/ExtendedEventListResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/events/view/{eventId}:
get:
summary: "Get event by ID"
operationId: getEventById
tags:
- Events
parameters:
- $ref: "#/components/parameters/eventIdParameter"
responses:
"200":
$ref: "#/components/responses/ExtendedEventResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/events/restSearch:
post:
summary: "Get a filtered and paginated list of events"
operationId: restSearchEvents
tags:
- Events
parameters:
- $ref: "#/components/parameters/returnFormatParameter"
requestBody:
$ref: "#/components/requestBodies/RestSearchEventsRequest"
responses:
"200":
$ref: "#/components/responses/EventsRestSearchResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/events/publish/{eventId}:
post:
summary: "Publish an event"
operationId: publishEvent
tags:
- Events
parameters:
- $ref: "#/components/parameters/eventIdParameter"
responses:
"200":
$ref: "#/components/responses/PublishEventResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/events/unpublish/{eventId}:
post:
summary: "Unpublish an event"
operationId: unpublishEvent
tags:
- Events
parameters:
- $ref: "#/components/parameters/eventIdParameter"
responses:
"200":
$ref: "#/components/responses/UnpublishEventResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/events/addTag/{eventId}/{tagId}:
post:
summary: "Add event tag"
operationId: tagEvent
tags:
- Events
parameters:
- $ref: "#/components/parameters/eventIdParameter"
- $ref: "#/components/parameters/tagIdParameter"
responses:
"200":
$ref: "#/components/responses/AddEventTagResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/events/removeTag/{eventId}/{tagId}:
post:
summary: "Remove event tag"
operationId: untagEvent
tags:
- Events
parameters:
- $ref: "#/components/parameters/eventIdParameter"
- $ref: "#/components/parameters/tagIdParameter"
responses:
"200":
$ref: "#/components/responses/RemoveEventTagResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/galaxies:
get:
summary: "Get galaxies"
operationId: getGalaxies
tags:
- Galaxies
responses:
"200":
$ref: "#/components/responses/GalaxyListResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
post:
summary: "Search galaxies"
operationId: searchGalaxies
tags:
- Galaxies
requestBody:
$ref: "#/components/requestBodies/SearchGalaxyRequest"
responses:
"200":
$ref: "#/components/responses/GalaxyListResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/galaxies/view/{galaxyId}:
get:
summary: "Get galaxy by ID"
operationId: getGalaxyById
tags:
- Galaxies
parameters:
- $ref: "#/components/parameters/galaxyIdParameter"
responses:
"200":
$ref: "#/components/responses/ExtendedGalaxyResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/galaxies/update:
post:
summary: "Force update the galaxies with the galaxy json definitions"
operationId: updateGalaxies
tags:
- Galaxies
responses:
"200":
$ref: "#/components/responses/UpdateGalaxiesResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/galaxies/delete/{galaxyId}:
delete:
summary: "Delete a galaxy"
operationId: deleteGalaxy
tags:
- Galaxies
parameters:
- $ref: "#/components/parameters/galaxyIdParameter"
responses:
"200":
$ref: "#/components/responses/DeleteGalaxyResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/galaxies/import:
post:
summary: "Import a galaxy cluster"
operationId: importGalaxyCluster
tags:
- Galaxies
requestBody:
$ref: "#/components/requestBodies/ImportGalaxyClusterRequest"
responses:
"200":
$ref: "#/components/responses/ImportGalaxyClusterResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/galaxies/export/{galaxyId}:
post:
summary: "Export galaxy clusters"
operationId: exportGalaxyClusters
tags:
- Galaxies
parameters:
- $ref: "#/components/parameters/galaxyIdParameter"
requestBody:
$ref: "#/components/requestBodies/ExportGalaxyClusterRequest"
responses:
"200":
$ref: "#/components/responses/ExportGalaxyClustersResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/galaxies/attachCluster/{attachTargetId}/{attachTargetType}:
post:
summary: "Attach the galaxy cluster tag a given entity"
operationId: attachGalaxyCluster
tags:
- Galaxies
parameters:
- $ref: "#/components/parameters/attachTargetIdParameter"
- $ref: "#/components/parameters/attachTargetTypeParameter"
requestBody:
$ref: "#/components/requestBodies/AttachGalaxyClusterRequest"
responses:
"200":
$ref: "#/components/responses/AttachGalaxyClusterResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/galaxy_clusters/add/{galaxyId}:
post:
summary: "Add galaxy cluster"
operationId: addGalaxyCluster
tags:
- GalaxyClusters
parameters:
- $ref: "#/components/parameters/galaxyIdParameter"
requestBody:
$ref: "#/components/requestBodies/AddGalaxyClusterRequest"
responses:
"200":
$ref: "#/components/responses/GalaxyClusterResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/galaxy_clusters/edit/{galaxyClusterId}:
put:
summary: "Edit galaxy cluster"
operationId: editGalaxyCluster
tags:
- GalaxyClusters
parameters:
- $ref: "#/components/parameters/galaxyClusterIdParameter"
requestBody:
$ref: "#/components/requestBodies/EditGalaxyClusterRequest"
responses:
"200":
$ref: "#/components/responses/GalaxyClusterResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/galaxy_clusters/index/{galaxyId}:
get:
summary: "Get galaxy clusters"
operationId: getGalaxyClusters
tags:
- GalaxyClusters
parameters:
- $ref: "#/components/parameters/galaxyIdParameter"
responses:
"200":
$ref: "#/components/responses/GalaxyClusterListResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
post:
summary: "Search galaxy clusters"
operationId: searchGalaxyClusters
tags:
- GalaxyClusters
parameters:
- $ref: "#/components/parameters/galaxyIdParameter"
requestBody:
$ref: "#/components/requestBodies/SearchGalaxyClustersRequest"
responses:
"200":
$ref: "#/components/responses/GalaxyClusterListResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/galaxy_clusters/view/{galaxyClusterId}:
get:
summary: "Get galaxy cluster by ID"
operationId: getGalaxyClusterById
tags:
- GalaxyClusters
parameters:
- $ref: "#/components/parameters/galaxyClusterIdParameter"
responses:
"200":
$ref: "#/components/responses/ExtendedGalaxyClusterResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/galaxy_clusters/publish/{galaxyClusterId}:
post:
summary: "Publish galaxy cluster"
operationId: publishGalaxyCluster
tags:
- GalaxyClusters
parameters:
- $ref: "#/components/parameters/galaxyClusterIdParameter"
responses:
"200":
$ref: "#/components/responses/PublishGalaxyClusterResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/galaxy_clusters/unpublish/{galaxyClusterId}:
post:
summary: "Unpublish galaxy cluster"
operationId: unpublishGalaxyCluster
tags:
- GalaxyClusters
parameters:
- $ref: "#/components/parameters/galaxyClusterIdParameter"
responses:
"200":
$ref: "#/components/responses/UnpublishGalaxyClusterResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/galaxy_clusters/delete/{galaxyClusterId}:
post:
summary: "Delete galaxy cluster"
operationId: deleteGalaxyCluster
tags:
- GalaxyClusters
parameters:
- $ref: "#/components/parameters/galaxyClusterIdParameter"
responses:
"200":
$ref: "#/components/responses/DeleteGalaxyClusterResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/galaxy_clusters/restore/{galaxyClusterId}:
post:
summary: "Restore galaxy cluster"
operationId: restoreGalaxyCluster
tags:
- GalaxyClusters
parameters:
- $ref: "#/components/parameters/galaxyClusterIdParameter"
responses:
"200":
$ref: "#/components/responses/RestoreGalaxyClusterResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/users/initiatePasswordReset/{userId}/{firstTimeReset}:
post:
summary: "Reset user password"
operationId: resetUserPassword
tags:
- Users
parameters:
- $ref: "#/components/parameters/userIdParameter"
- $ref: "#/components/parameters/firstTimeResetParameter"
responses:
"200":
$ref: "#/components/responses/ResetUserPasswordResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/admin/users/add:
post:
summary: "Add user"
operationId: addUser
tags:
- Users
requestBody:
$ref: "#/components/requestBodies/AddUserRequest"
responses:
"200":
$ref: "#/components/responses/UserResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/admin/users/edit/{userId}:
put:
summary: "Edit user"
operationId: editUser
tags:
- Users
parameters:
- $ref: "#/components/parameters/userIdParameter"
requestBody:
$ref: "#/components/requestBodies/EditUserRequest"
responses:
"200":
$ref: "#/components/responses/UserResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/admin/users/delete/{userId}:
delete:
summary: "Delete user"
operationId: deleteUser
tags:
- Users
parameters:
- $ref: "#/components/parameters/userIdParameter"
responses:
"200":
$ref: "#/components/responses/DeleteUserResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/admin/users:
get:
summary: "Get users"
operationId: getUsers
tags:
- Users
responses:
"200":
$ref: "#/components/responses/UserListResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/admin/users/view/{userId}:
get:
summary: "Get user by ID"
operationId: getUserById
tags:
- Users
parameters:
- $ref: "#/components/parameters/userIdParameter"
responses:
"200":
$ref: "#/components/responses/ExtendedUserResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/admin/organisations/add:
post:
summary: "Add organisation"
operationId: addOrganisation
tags:
- Organisations
requestBody:
$ref: "#/components/requestBodies/AddOrganisationRequest"
responses:
"200":
$ref: "#/components/responses/OrganisationResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/admin/organisations/edit/{organisationId}:
put:
summary: "Edit organisation"
operationId: editOrganisation
tags:
- Organisations
parameters:
- $ref: "#/components/parameters/organisationIdParameter"
requestBody:
$ref: "#/components/requestBodies/EditOrganisationRequest"
responses:
"200":
$ref: "#/components/responses/OrganisationResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/admin/organisations/delete/{organisationId}:
delete:
summary: "Delete organisation"
operationId: deleteOrganisation
tags:
- Organisations
parameters:
- $ref: "#/components/parameters/organisationIdParameter"
responses:
"200":
$ref: "#/components/responses/DeleteOrganisationResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/organisations:
get:
summary: "Get organisations"
operationId: getOrganisations
tags:
- Organisations
responses:
"200":
$ref: "#/components/responses/OrganisationListResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/organisations/view/{organisationId}:
get:
summary: "Get organisation by ID"
operationId: getOrganisationById
tags:
- Organisations
parameters:
- $ref: "#/components/parameters/organisationIdParameter"
responses:
"200":
$ref: "#/components/responses/OrganisationResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/servers/add:
post:
summary: "Add server"
operationId: addServer
tags:
- Servers
responses:
"200":
$ref: "#/components/responses/ServerResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/servers/edit/{serverId}:
put:
summary: "Edit server"
operationId: editServer
tags:
- Servers
parameters:
- $ref: "#/components/parameters/serverIdParameter"
responses:
"200":
$ref: "#/components/responses/ServerResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/servers/delete/{serverId}:
post:
summary: "Delete server"
operationId: deleteServer
tags:
- Servers
parameters:
- $ref: "#/components/parameters/serverIdParameter"
responses:
"200":
$ref: "#/components/responses/DeleteServerResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/servers:
get:
summary: "Get servers"
operationId: getServers
tags:
- Servers
responses:
"200":
$ref: "#/components/responses/ServerListResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/servers/pull/{serverId}/{pullTechnique}:
get:
summary: "Pull server"
operationId: pullServer
tags:
- Servers
parameters:
- $ref: "#/components/parameters/serverIdParameter"
- $ref: "#/components/parameters/pullTechniqueParameter"
responses:
"200":
$ref: "#/components/responses/PullServerResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/servers/push/{serverId}/{pushTechnique}:
get:
summary: "Push server"
operationId: pushServer
tags:
- Servers
parameters:
- $ref: "#/components/parameters/serverIdParameter"
- $ref: "#/components/parameters/pushTechniqueParameter"
responses:
"200":
$ref: "#/components/responses/PushServerResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/servers/getVersion:
get:
summary: "Get current instance version"
operationId: getServerVersion
tags:
- Servers
responses:
"200":
$ref: "#/components/responses/ServerVersionResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/servers/getPyMISPVersion:
get:
summary: "Get current instance PyMISP version"
operationId: getPyMISPVersion
tags:
- Servers
responses:
"200":
$ref: "#/components/responses/ServerPyMISPVersionResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/servers/serverSettings:
get:
summary: "Get current instance settings and diagnostics"
operationId: getServerSettings
tags:
- Servers
responses:
"200":
$ref: "#/components/responses/ServerSettingsResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/servers/getWorkers:
get:
summary: "Get workers"
operationId: getWorkers
tags:
- Servers
responses:
"200":
$ref: "#/components/responses/GetWorkersResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/servers/startWorker/{workerType}:
post:
summary: "Start worker"
operationId: startWorker
tags:
- Servers
parameters:
- $ref: "#/components/parameters/workerTypeParameter"
responses:
"200":
$ref: "#/components/responses/StartWorkerResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/servers/stopWorker/{workerPid}:
post:
summary: "Stop worker"
operationId: stopWorker
tags:
- Servers
parameters:
- $ref: "#/components/parameters/workerPidParameter"
responses:
"200":
$ref: "#/components/responses/StopWorkerResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/servers/killAllWorkers:
post:
summary: "Kill all workers"
operationId: killAllWorkers
tags:
- Servers
responses:
"200":
$ref: "#/components/responses/KillAllWorkersResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/servers/restartWorkers:
post:
summary: "Restart workers"
operationId: restartWorkers
tags:
- Servers
responses:
"200":
$ref: "#/components/responses/RestartWorkersResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/servers/restartDeadWorkers:
post:
summary: "Restart dead workers"
operationId: restartDeadWorkers
tags:
- Servers
responses:
"200":
$ref: "#/components/responses/RestartDeadWorkersResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/servers/update:
post:
summary: "Update server"
operationId: updateServer
tags:
- Servers
responses:
"200":
$ref: "#/components/responses/UpdateServerResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/servers/cache:
post:
summary: "Cache server"
operationId: cacheServer
tags:
- Servers
responses:
"200":
$ref: "#/components/responses/CacheServerResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/servers/createSync:
post:
summary: "Create sync"
operationId: createSync
tags:
- Servers
responses:
"200":
$ref: "#/components/responses/CreateSyncResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/servers/getInstanceUUID:
get:
summary: "Get instance UUID"
operationId: getServerUuid
tags:
- Servers
responses:
"200":
$ref: "#/components/responses/GetInstanceUUIDResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/servers/getSetting/{settingName}:
get:
summary: "Get server setting by name"
operationId: getServerSetting
tags:
- Servers
parameters:
- $ref: "#/components/parameters/settingNameParameter"
responses:
"200":
$ref: "#/components/responses/GetServerSettingResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/servers/serverSettingsEdit/{settingName}:
post:
summary: "Edit server setting"
operationId: editServerSetting
tags:
- Servers
parameters:
- $ref: "#/components/parameters/settingNameParameter"
requestBody:
$ref: "#/components/requestBodies/EditServerSettingRequest"
responses:
"200":
$ref: "#/components/responses/EditServerSettingResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/servers/import:
post:
summary: "Import server"
operationId: importServer
tags:
- Servers
requestBody:
$ref: "#/components/requestBodies/ImportServerRequest"
responses:
"200":
$ref: "#/components/responses/ServerResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/sharing_groups/add:
post:
summary: "Add a sharing group"
operationId: addSharingGroup
tags:
- Sharing Groups
requestBody:
$ref: "#/components/requestBodies/AddSharingGroupRequest"
responses:
"200":
$ref: "#/components/responses/SharingGroupResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/sharing_groups/edit/{sharingGroupId}:
post:
summary: "Edit a sharing group"
operationId: editSharingGroup
tags:
- Sharing Groups
parameters:
- $ref: "#/components/parameters/sharingGroupIdParameter"
requestBody:
$ref: "#/components/requestBodies/EditSharingGroupRequest"
responses:
"200":
$ref: "#/components/responses/SharingGroupResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/sharing_groups/delete/{sharingGroupId}:
delete:
summary: "Delete a sharing group"
operationId: deleteSharingGroup
tags:
- Sharing Groups
parameters:
- $ref: "#/components/parameters/sharingGroupIdParameter"
responses:
"200":
$ref: "#/components/responses/DeleteSharingGroupResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/sharing_groups:
get:
summary: "Get a list of sharing groups"
operationId: getSharingGroup
tags:
- Sharing Groups
responses:
"200":
$ref: "#/components/responses/SharingGroupListResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/sharing_groups/view/{sharingGroupId}:
get:
summary: "Get a sharing group by ID"
operationId: getSharingGroupById
tags:
- Sharing Groups
parameters:
- $ref: "#/components/parameters/sharingGroupIdParameter"
responses:
"200":
$ref: "#/components/responses/SharingGroupResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/sharing_groups/addOrg/{sharingGroupId}/{organisationId}:
post:
summary: "Add an organisation to a sharing group"
operationId: addOrganisationToSharingGroup
tags:
- Sharing Groups
parameters:
- $ref: "#/components/parameters/sharingGroupIdParameter"
- $ref: "#/components/parameters/organisationIdParameter"
responses:
"200":
$ref: "#/components/responses/AddOrganisationToSharingGroupResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/sharing_groups/removeOrg/{sharingGroupId}/{organisationId}:
post:
summary: "Remove an organisation from a sharing group"
operationId: removeOrganisationFromSharingGroup
tags:
- Sharing Groups
parameters:
- $ref: "#/components/parameters/sharingGroupIdParameter"
- $ref: "#/components/parameters/organisationIdParameter"
responses:
"200":
$ref: "#/components/responses/RemoveOrganisationFromSharingGroupResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/sharing_groups/addServer/{sharingGroupId}/{serverId}:
post:
summary: "Add a server to a sharing group"
operationId: addServerToSharingGroup
tags:
- Sharing Groups
parameters:
- $ref: "#/components/parameters/sharingGroupIdParameter"
- $ref: "#/components/parameters/serverIdParameter"
responses:
"200":
$ref: "#/components/responses/AddServerToSharingGroupResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/sharing_groups/removeServer/{sharingGroupId}/{serverId}:
post:
summary: "Remove a server from a sharing group"
operationId: removeServerFromSharingGroup
tags:
- Sharing Groups
parameters:
- $ref: "#/components/parameters/sharingGroupIdParameter"
- $ref: "#/components/parameters/serverIdParameter"
responses:
"200":
$ref: "#/components/responses/RemoveServerFromSharingGroupResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/feeds:
get:
summary: "Get a list of feeds"
operationId: getFeeds
tags:
- Feeds
responses:
"200":
$ref: "#/components/responses/FeedListResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/feeds/view/{feedId}:
get:
summary: "Get a feed by ID"
operationId: getFeedById
tags:
- Feeds
parameters:
- $ref: "#/components/parameters/feedIdParameter"
responses:
"200":
$ref: "#/components/responses/FeedResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/feeds/add:
post:
summary: "Add a feed"
operationId: addFeed
tags:
- Feeds
requestBody:
$ref: "#/components/requestBodies/AddFeedRequest"
responses:
"200":
$ref: "#/components/responses/FeedResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/feeds/edit/{feedId}:
put:
summary: "Edit a feed"
operationId: editFeed
tags:
- Feeds
parameters:
- $ref: "#/components/parameters/feedIdParameter"
requestBody:
$ref: "#/components/requestBodies/EditFeedRequest"
responses:
"200":
$ref: "#/components/responses/FeedResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/feeds/enable/{feedId}:
post:
summary: "Enable feed"
operationId: enableFeed
tags:
- Feeds
parameters:
- $ref: "#/components/parameters/feedIdParameter"
responses:
"200":
$ref: "#/components/responses/EnableFeedResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/feeds/disable/{feedId}:
post:
summary: "Disable feed"
operationId: disableFeed
tags:
- Feeds
parameters:
- $ref: "#/components/parameters/feedIdParameter"
responses:
"200":
$ref: "#/components/responses/DisableFeedResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/feeds/cacheFeeds/{cacheFeedsScope}:
post:
summary: "Cache feeds"
operationId: cacheFeeds
tags:
- Feeds
parameters:
- $ref: "#/components/parameters/cacheFeedsScopeParameter"
responses:
"200":
$ref: "#/components/responses/CacheFeedsResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/feeds/fetchFromFeed/{feedId}:
post:
summary: "Fetch from feed by ID"
operationId: fetchFromFeed
tags:
- Feeds
parameters:
- $ref: "#/components/parameters/feedIdParameter"
responses:
"200":
$ref: "#/components/responses/FetchFromFeedResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/feeds/fetchFromAllFeeds:
post:
summary: "Fetch from all feeds"
operationId: fetchFromAllFeeds
tags:
- Feeds
responses:
"200":
$ref: "#/components/responses/FetchFromAllFeedsResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/warninglists:
get:
summary: "Get a list of warninglists"
operationId: getWarninglists
tags:
- Warninglists
responses:
"200":
$ref: "#/components/responses/WarninglistListResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
post:
summary: "Search warninglists"
operationId: searchWarninglists
tags:
- Warninglists
requestBody:
$ref: "#/components/requestBodies/WarninglistsSearchRequest"
responses:
"200":
$ref: "#/components/responses/WarninglistListResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/warninglists/toggleEnable:
post:
summary: "Enable/disable warninglists"
operationId: toggleEnableWarninglist
tags:
- Warninglists
requestBody:
$ref: "#/components/requestBodies/WarninglistsToggleEnableRequest"
responses:
"200":
$ref: "#/components/responses/WarninglistToggleEnabledResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/warninglists/view/{warninglistId}:
get:
summary: "Get warninglist by ID"
operationId: getWarninglistById
tags:
- Warninglists
parameters:
- $ref: "#/components/parameters/warninglistIdParameter"
responses:
"200":
$ref: "#/components/responses/WarninglistResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/warninglists/checkValue:
post:
summary: "Check if a list of values matches any warninglists"
operationId: checkValueWarninglistsMatches
tags:
- Warninglists
requestBody:
$ref: "#/components/requestBodies/WarninglistCheckValuesRequest"
responses:
"200":
$ref: "#/components/responses/WarninglistMatchListResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/warninglists/update:
post:
summary: "Update warninglists"
operationId: updateWarninglists
tags:
- Warninglists
responses:
"200":
$ref: "#/components/responses/UpdateWarninglistsResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/noticelists:
get:
summary: "Get a list of noticelists"
operationId: getNoticelists
tags:
- Noticelists
responses:
"200":
$ref: "#/components/responses/NoticelistListResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/noticelists/view/{noticelistId}:
get:
summary: "Get a noticelist by ID"
operationId: getNoticelistById
tags:
- Noticelists
parameters:
- $ref: "#/components/parameters/noticelistIdParameter"
responses:
"200":
$ref: "#/components/responses/NoticelistResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/noticelists/toggleEnable:
post:
summary: "Enable/disable noticelist"
operationId: toggleEnableNoticelist
tags:
- Noticelists
requestBody:
$ref: "#/components/requestBodies/ToggleEnableNoticelistRequest"
responses:
"200":
$ref: "#/components/responses/NoticelistToggleEnableResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/noticelists/update:
post:
summary: "Update noticelists"
operationId: updateNoticelists
tags:
- Noticelists
responses:
"200":
$ref: "#/components/responses/UpdateNoticelistsResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/objects/add/{eventId}/{objectTemplateId}:
post:
summary: "Add an object to an event"
operationId: addObject
tags:
- Objects
parameters:
- $ref: "#/components/parameters/eventIdParameter"
- $ref: "#/components/parameters/objectTemplateIdParameter"
requestBody:
$ref: "#/components/requestBodies/AddObjectRequest"
responses:
"200":
$ref: "#/components/responses/ObjectResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/objects/view/{objectId}:
get:
summary: "Get object by ID"
operationId: getObjectById
tags:
- Objects
parameters:
- $ref: "#/components/parameters/objectIdParameter"
responses:
"200":
$ref: "#/components/responses/ExtendedObjectResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/objects/delete/{objectId}/{hardDelete}:
delete:
summary: "Delete object"
operationId: deleteObject
tags:
- Objects
parameters:
- $ref: "#/components/parameters/objectIdParameter"
- $ref: "#/components/parameters/hardDeleteParameter"
responses:
"200":
$ref: "#/components/responses/DeleteObjectResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/sightings/index/{eventId}:
get:
summary: "Get sightings by event ID"
operationId: getSightingsByEventId
tags:
- Sightings
parameters:
- $ref: "#/components/parameters/eventIdParameter"
responses:
"200":
$ref: "#/components/responses/SightingListResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/sightings/add/{attributeId}:
post:
summary: "Add sighting of an attribute"
operationId: addSighting
tags:
- Sightings
parameters:
- $ref: "#/components/parameters/attributeIdParameter"
responses:
"200":
$ref: "#/components/responses/SightingResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/sightings/delete/{sightingId}:
post:
summary: "Delete sighting"
operationId: deleteSighting
tags:
- Sightings
parameters:
- $ref: "#/components/parameters/sightingIdParameter"
responses:
"200":
$ref: "#/components/responses/DeleteSightingResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/tags:
get:
summary: "Get tags"
operationId: getTags
tags:
- Tags
responses:
"200":
$ref: "#/components/responses/TagListResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/tags/view/{tagId}:
get:
summary: "Get tag by ID"
operationId: getTagById
tags:
- Tags
parameters:
- $ref: "#/components/parameters/tagIdParameter"
responses:
"200":
$ref: "#/components/responses/TagResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/tags/add:
post:
summary: "Add tag"
operationId: addTag
tags:
- Tags
requestBody:
$ref: "#/components/requestBodies/AddTagRequest"
responses:
"200":
$ref: "#/components/responses/TagResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/tags/delete/{tagId}:
post:
summary: "Delete tag"
operationId: deleteTag
tags:
- Tags
parameters:
- $ref: "#/components/parameters/tagIdParameter"
responses:
"200":
$ref: "#/components/responses/DeleteTagResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/tags/edit/{tagId}:
post:
summary: "Edit tag"
operationId: editTag
tags:
- Tags
parameters:
- $ref: "#/components/parameters/tagIdParameter"
requestBody:
$ref: "#/components/requestBodies/EditTagRequest"
responses:
"200":
$ref: "#/components/responses/EditTagResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/tags/search/{tagSearchTerm}:
get:
summary: "Search tag"
operationId: searchTag
tags:
- Tags
parameters:
- $ref: "#/components/parameters/tagSearchTermParameter"
responses:
"200":
$ref: "#/components/responses/SearchTagResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
components:
schemas:
# Attributes
AttributeId:
type: string
format: int32
maxLength: 10
example: "12345"
AttributeType:
type: string
maxLength: 100
example: "ip-src"
AttributeValue:
type: string
maxLength: 131071
example: "127.0.0.1"
AttributeCategory:
type: string
maxLength: 255
example: "Payload delivery"
AttributeComment:
type: string
maxLength: 65535
example: "logged source ip"
AttributeEventUUID:
$ref: "#/components/schemas/UUID"
AttributeAttachment:
description: "base64 representation of the attachment"
type: string
format: byte
AttributeNoId:
type: object
properties:
event_id:
$ref: "#/components/schemas/EventId"
object_id:
$ref: "#/components/schemas/ObjectId"
object_relation:
nullable: true
$ref: "#/components/schemas/NullableObjectRelation"
category:
$ref: "#/components/schemas/AttributeCategory"
type:
$ref: "#/components/schemas/AttributeType"
value:
$ref: "#/components/schemas/AttributeValue"
to_ids:
$ref: "#/components/schemas/ToIDS"
uuid:
$ref: "#/components/schemas/UUID"
timestamp:
$ref: "#/components/schemas/NullableTimestamp"
distribution:
$ref: "#/components/schemas/DistributionLevelId"
sharing_group_id:
$ref: "#/components/schemas/SharingGroupId"
comment:
$ref: "#/components/schemas/AttributeComment"
deleted:
$ref: "#/components/schemas/SoftDeletedFlag"
disable_correlation:
$ref: "#/components/schemas/DisableCorrelationFlag"
first_seen:
$ref: "#/components/schemas/NullableMicroTimestamp"
last_seen:
$ref: "#/components/schemas/NullableMicroTimestamp"
Attribute:
allOf:
- type: object
properties:
id:
$ref: "#/components/schemas/AttributeId"
- $ref: "#/components/schemas/AttributeNoId"
ExtendedAttribute:
allOf:
- $ref: "#/components/schemas/Attribute"
- type: object
properties:
data:
$ref: "#/components/schemas/AttributeAttachment"
event_uuid:
nullable: true
$ref: "#/components/schemas/UUID"
decay_score:
nullable: true
$ref: "#/components/schemas/DecayScoreList"
AttributeList:
type: array
items:
$ref: "#/components/schemas/Attribute"
AttributeRestSearchListItem:
allOf:
- $ref: "#/components/schemas/ExtendedAttribute"
- type: object
properties:
Event:
$ref: "#/components/schemas/Event"
Object:
$ref: "#/components/schemas/Object"
Tag:
$ref: "#/components/schemas/TagList"
AttributeRestSearchList:
type: array
items:
$ref: "#/components/schemas/AttributeRestSearchListItem"
AttributeStatisticsResponse:
description: Dictionary of attribute types/categories showing the ammount of occurences/percentage.
type: object
example:
- "Antivirus detection": "10"
- "Artifacts dropped": "20"
DescribeAttributeTypesResponse:
description: "Lists available attribute types, default categories and category-type mappings."
type: object
properties:
sane_defaults:
type: object
example:
md5:
default_category: "Payload delivery"
to_ids: 1
pdb:
default_category: "Artifacts dropped"
to_ids: 0
types:
type: array
items:
$ref: "#/components/schemas/AttributeType"
categories:
type: array
items:
$ref: "#/components/schemas/AttributeCategory"
category_type_mappings:
type: object
example:
"Internal reference":
- "text"
- "link"
- "comment"
- "other"
"Antivirus detection":
- "link"
- "comment"
- "text"
- "hex"
- "other"
# Decay Models
DecayingModelParameters:
type: object
properties:
lifetime:
type: number
format: float
example: 3
decay_speed:
type: number
format: float
example: 2.3
threshold:
type: number
format: float
example: 30
default_base_score:
type: number
format: float
example: 80
base_score_config:
type: object
example:
estimative-language:confidence-in-analytic-judgment: 0.25
estimative-language:likelihood-probability: 0.25
phishing:psychological-acceptability: 0.25
phishing:state: 0.20
DecayingModel:
type: object
properties:
id:
type: string
format: int32
maxLength: 10
example: "12345"
name:
type: string
maxLength: 255
example: "Phishing model"
FullDecayingModel:
description: "Present if the `includeFullModel` flag was set to *true* in the rest search request"
type: object
properties:
id:
type: string
format: int32
maxLength: 10
example: "12345"
uuid:
$ref: "#/components/schemas/UUID"
name:
type: string
maxLength: 255
example: "Phishing model"
description:
type: string
maxLength: 65535
example: "Simple model to rapidly decay phishing website."
parameters:
$ref: "#/components/schemas/DecayingModelParameters"
attribute_types:
type: array
items:
$ref: "#/components/schemas/AttributeType"
org_id:
$ref: "#/components/schemas/OrganisationId"
enabled:
type: boolean
all_orgs:
type: boolean
ref:
type: array
items:
type: string
example: "https://arxiv.org/abs/1902.03914"
formula:
type: string
enum:
- Polynomial
version:
type: string
example: "2"
default:
type: boolean
isEditable:
type: boolean
DecayScore:
type: object
properties:
score:
type: number
format: float
example: 10.5
base_score:
type: number
format: float
example: 80
decayed:
type: boolean
DecayingModel:
oneOf:
- $ref: "#/components/schemas/DecayingModel"
- $ref: "#/components/schemas/FullDecayingModel"
DecayScoreList:
type: array
items:
$ref: "#/components/schemas/DecayScore"
# Events
EventId:
type: string
format: int32
maxLength: 10
example: "12345"
EventInfo:
type: string
maxLength: 65535
example: "logged source ip"
EventAttributeCount:
type: string
format: int64
example: "321"
EventProposalEmailLock:
type: boolean
EventOrganisation:
type: object
properties:
id:
$ref: "#/components/schemas/OrganisationId"
name:
$ref: "#/components/schemas/OrganisationName"
uuid:
$ref: "#/components/schemas/UUID"
EventTagId:
type: string
format: int32
maxLength: 10
example: "12345"
EventTag:
type: object
properties:
id:
$ref: "#/components/schemas/EventTagId"
event_id:
$ref: "#/components/schemas/EventId"
tag_id:
$ref: "#/components/schemas/TagId"
local:
$ref: "#/components/schemas/IsLocal"
Tag:
$ref: "#/components/schemas/Tag"
EventTagList:
type: array
items:
$ref: "#/components/schemas/EventTag"
EventReport: # TODO: describe
type: object
EventNoId:
type: object
properties:
org_id:
$ref: "#/components/schemas/OrganisationId"
distribution:
$ref: "#/components/schemas/DistributionLevelId"
info:
$ref: "#/components/schemas/EventInfo"
orgc_id:
$ref: "#/components/schemas/OrganisationId"
uuid:
$ref: "#/components/schemas/UUID"
published:
$ref: "#/components/schemas/PublishedFlag"
analysis:
$ref: "#/components/schemas/AnalysisLevelId"
attribute_count:
$ref: "#/components/schemas/EventAttributeCount"
timestamp:
$ref: "#/components/schemas/NullableTimestamp"
sharing_group_id:
$ref: "#/components/schemas/SharingGroupId"
proposal_email_lock:
$ref: "#/components/schemas/EventProposalEmailLock"
locked:
$ref: "#/components/schemas/IsLocked"
threat_level_id:
$ref: "#/components/schemas/ThreatLevelId"
publish_timestamp:
$ref: "#/components/schemas/Timestamp"
sighting_timestamp:
$ref: "#/components/schemas/Timestamp"
disable_correlation:
$ref: "#/components/schemas/DisableCorrelationFlag"
extends_uuid:
$ref: "#/components/schemas/ExtendsUUID"
Event:
allOf:
- type: object
properties:
id:
$ref: "#/components/schemas/EventId"
- $ref: "#/components/schemas/EventNoId"
ExtendedEvent:
allOf:
- $ref: "#/components/schemas/Event"
- type: object
properties:
Org:
$ref: "#/components/schemas/EventOrganisation"
Orgc:
$ref: "#/components/schemas/EventOrganisation"
Attribute:
$ref: "#/components/schemas/AttributeList"
ShadowAttribute:
$ref: "#/components/schemas/AttributeList"
RelatedEvent:
type: array
items:
type: object
properties:
Event:
$ref: "#/components/schemas/ExtendedEvent"
EventTag:
$ref: "#/components/schemas/EventTagList"
required:
- Org
- Orgc
CreatedEvent:
type: object
properties:
Event:
allOf:
- $ref: "#/components/schemas/ExtendedEvent"
- type: object
properties:
event_creator_email:
type: string
format: email
Galaxy:
type: array
items:
$ref: "#/components/schemas/Galaxy"
Object:
type: array
items:
$ref: "#/components/schemas/Object"
EventReport:
type: array
items:
$ref: "#/components/schemas/EventReport"
UpdatedEvent:
type: object
properties:
Event:
allOf:
- $ref: "#/components/schemas/ExtendedEvent"
- type: object
properties:
event_creator_email:
type: string
format: email
Galaxy:
type: array
items:
$ref: "#/components/schemas/Galaxy"
Object:
type: array
items:
$ref: "#/components/schemas/Object"
EventReport:
type: array
items:
$ref: "#/components/schemas/EventReport"
Tag:
type: array
items:
$ref: "#/components/schemas/Tag"
SlimEvent:
type: object
properties:
id:
$ref: "#/components/schemas/EventId"
timestamp:
$ref: "#/components/schemas/Timestamp"
sighting_timestamp:
$ref: "#/components/schemas/Timestamp"
published:
$ref: "#/components/schemas/PublishedFlag"
uuid:
$ref: "#/components/schemas/UUID"
orgc_uuid:
$ref: "#/components/schemas/UUID"
required:
- id
- timestamp
- sighting_timestamp
- published
- uuid
- orgc_uuid
EventList:
type: array
items:
$ref: "#/components/schemas/Event"
ExtendedEventList:
type: array
items:
$ref: "#/components/schemas/ExtendedEvent"
SlimEventList:
type: array
items:
$ref: "#/components/schemas/SlimEvent"
EventRestSearchList:
type: array
items:
type: object
properties:
Event:
type: object
allOf:
- $ref: "#/components/schemas/ExtendedEvent"
- type: object
properties:
Event:
$ref: "#/components/schemas/SlimEvent"
# Objects
ObjectId:
type: string
format: int32
maxLength: 10
example: "12345"
ObjectName:
type: string
maxLength: 131071
example: "ail-leak"
ObjectMetaCategory:
type: string
ObjectDescription:
type: string
ObjectTemplateVersion:
type: string
format: int32
example: "1"
ObjectRelation:
type: string
maxLength: 255
example: "sensor"
NullableObjectRelation:
nullable: true
type: string
maxLength: 255
example: "sensor"
Object:
type: object
properties:
id:
$ref: "#/components/schemas/ObjectId"
name:
$ref: "#/components/schemas/ObjectName"
meta-category:
$ref: "#/components/schemas/ObjectMetaCategory"
description:
$ref: "#/components/schemas/ObjectDescription"
template_uuid:
$ref: "#/components/schemas/UUID"
template_version:
$ref: "#/components/schemas/ObjectTemplateVersion"
event_id:
$ref: "#/components/schemas/EventId"
uuid:
$ref: "#/components/schemas/UUID"
timestamp:
$ref: "#/components/schemas/Timestamp"
distribution:
$ref: "#/components/schemas/DistributionLevelId"
sharing_group_id:
$ref: "#/components/schemas/SharingGroupId"
comment:
type: string
deleted:
type: boolean
first_seen:
$ref: "#/components/schemas/NullableMicroTimestamp"
last_seen:
$ref: "#/components/schemas/NullableMicroTimestamp"
Attribute:
type: array
items:
$ref: "#/components/schemas/Attribute"
ExtendedObject:
allOf:
- $ref: "#/components/schemas/Object"
- type: object
properties:
Event:
type: object
properties:
id:
$ref: "#/components/schemas/EventId"
info:
$ref: "#/components/schemas/EventInfo"
org_id:
$ref: "#/components/schemas/OrganisationId"
orgc_id:
$ref: "#/components/schemas/OrganisationId"
ObjectTemplateId:
type: string
format: int32
maxLength: 10
example: "12345"
# Sightings
SightingId:
type: string
format: int32
maxLength: 10
example: "12345"
Sighting:
type: object
properties:
id:
$ref: "#/components/schemas/SightingId"
attribute_id:
$ref: "#/components/schemas/AttributeId"
event_id:
$ref: "#/components/schemas/EventId"
org_id:
$ref: "#/components/schemas/OrganisationId"
date_sighting:
$ref: "#/components/schemas/Timestamp"
uuid:
$ref: "#/components/schemas/UUID"
source:
type: string
type:
type: string
attribute_uuid:
$ref: "#/components/schemas/UUID"
Organisation:
type: object
properties:
id:
$ref: "#/components/schemas/OrganisationId"
uuid:
$ref: "#/components/schemas/UUID"
name:
$ref: "#/components/schemas/OrganisationName"
# Galaxies
GalaxyId:
type: string
format: int32
maxLength: 10
example: "12345"
GalaxyName:
type: string
maxLength: 255
example: "Ransomware"
GalaxyType:
type: string
maxLength: 255
example: "ransomware"
GalaxyDescription:
type: string
maxLength: 65535
example: "Ransomware galaxy based on ..."
GalaxyVersion:
type: string
maxLength: 255
example: "1"
GalaxyNamespace:
type: string
maxLength: 255
example: "misp"
Galaxy:
type: object
properties:
id:
$ref: "#/components/schemas/GalaxyId"
uuid:
$ref: "#/components/schemas/UUID"
name:
$ref: "#/components/schemas/GalaxyName"
type:
$ref: "#/components/schemas/GalaxyType"
description:
$ref: "#/components/schemas/GalaxyDescription"
version:
$ref: "#/components/schemas/GalaxyVersion"
icon:
$ref: "#/components/schemas/Icon"
namespace:
$ref: "#/components/schemas/GalaxyNamespace"
kill_chain_order:
type: object
nullable: true
example:
fraud-tactics:
- "Initiation"
- "Target Compromise"
- "Perform Fraud"
- "Obtain Fraudulent Assets"
- "Assets Transfer"
- "Monetisation"
GalaxyClusterId:
type: string
format: int32
maxLength: 10
example: "12345"
GalaxyClusterValue:
type: string
maxLength: 65535
example: "Brute Force - T1110"
GalaxyClusterType:
type: string
maxLength: 255
example: "mitre-enterprise-attack-attack-pattern"
GalaxyClusterDescription:
type: string
maxLength: 65535
example: "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained..."
GalaxyClusterSource:
type: string
maxLength: 255
example: "https://github.com/mitre/cti"
GalaxyClusterAuthors:
type: array
items:
type: string
example: "MITRE"
GalaxyClusterVersion:
type: string
nullable: true
maxLength: 255
example: "1"
GalaxyElementId:
type: string
format: int32
maxLength: 10
example: "12345"
GalaxyElementKey:
type: string
maxLength: 255
example: "categories"
GalaxyElementValue:
type: string
maxLength: 65535
example: "Military"
GalaxyElement:
type: object
properties:
id:
$ref: "#/components/schemas/GalaxyElementId"
galaxy_cluster_id:
$ref: "#/components/schemas/GalaxyClusterId"
key:
$ref: "#/components/schemas/GalaxyElementKey"
value:
$ref: "#/components/schemas/GalaxyElementValue"
GalaxyElementList:
type: array
items:
$ref: "#/components/schemas/GalaxyElement"
GalaxyClusterRelation:
type: object # TODO describe
GalaxyClusterRelationList:
type: array
items:
$ref: "#/components/schemas/GalaxyElement"
GalaxyClusterNoId:
type: object
properties:
uuid:
$ref: "#/components/schemas/UUID"
collection_uuid:
$ref: "#/components/schemas/UUID"
type:
$ref: "#/components/schemas/GalaxyClusterType"
value:
$ref: "#/components/schemas/GalaxyClusterValue"
tag_name:
$ref: "#/components/schemas/TagName"
description:
$ref: "#/components/schemas/GalaxyClusterDescription"
galaxy_id:
$ref: "#/components/schemas/GalaxyId"
source:
$ref: "#/components/schemas/GalaxyClusterSource"
authors:
$ref: "#/components/schemas/GalaxyClusterAuthors"
version:
$ref: "#/components/schemas/GalaxyClusterVersion"
distribution:
$ref: "#/components/schemas/DistributionLevelId"
sharing_group_id:
$ref: "#/components/schemas/SharingGroupId"
org_id:
$ref: "#/components/schemas/OrganisationId"
orgc_id:
$ref: "#/components/schemas/OrganisationId"
default:
$ref: "#/components/schemas/IsDefault"
locked:
$ref: "#/components/schemas/IsLocked"
extends_uuid:
$ref: "#/components/schemas/ExtendsUUID"
extends_version:
$ref: "#/components/schemas/GalaxyClusterVersion"
published:
$ref: "#/components/schemas/PublishedFlag"
deleted:
$ref: "#/components/schemas/SoftDeletedFlag"
GalaxyElement:
type: array
items:
$ref: "#/components/schemas/GalaxyElement"
GalaxyCluster:
description: "MISP galaxy is a simple method to express a large object called cluster that can be attached to MISP events or attributes."
allOf:
- type: object
properties:
id:
$ref: "#/components/schemas/GalaxyClusterId"
- $ref: "#/components/schemas/GalaxyClusterNoId"
ExtendedGalaxyCluster:
description: "A galaxy cluster with all it's details."
allOf:
- $ref: "#/components/schemas/GalaxyCluster"
- type: object
properties:
Galaxy:
$ref: "#/components/schemas/Galaxy"
GalaxyElement:
$ref: "#/components/schemas/GalaxyElementList"
GalaxyClusterRelation:
$ref: "#/components/schemas/GalaxyClusterRelationList"
Org:
$ref: "#/components/schemas/Organisation"
Orgc:
$ref: "#/components/schemas/Organisation"
tag_count:
type: integer
format: int32
tag_id:
$ref: "#/components/schemas/TagId"
ExtendedGalaxy:
description: "A galaxy with it's galaxy cluster details."
allOf:
- type: object
properties:
Galaxy:
$ref: "#/components/schemas/Galaxy"
GalaxyCluster:
type: array
items:
$ref: "#/components/schemas/GalaxyCluster"
GalaxyMispFormat:
description: "Galaxy and clusters representation in misp-galaxy format."
type: object
properties:
name:
$ref: "#/components/schemas/GalaxyName"
type:
$ref: "#/components/schemas/GalaxyType"
authors:
$ref: "#/components/schemas/GalaxyClusterAuthors"
version:
oneOf:
- type: boolean
- $ref: "#/components/schemas/GalaxyClusterVersion"
uuid:
description: "Collection UUID."
$ref: "#/components/schemas/UUID"
source:
$ref: "#/components/schemas/GalaxyClusterSource"
values:
type: array
items:
type: object
properties:
description:
$ref: "#/components/schemas/GalaxyClusterDescription"
uuid:
description: "Galaxy Cluster UUID."
$ref: "#/components/schemas/UUID"
value:
$ref: "#/components/schemas/GalaxyClusterValue"
extends_uuid:
$ref: "#/components/schemas/ExtendsUUID"
extends_Version:
$ref: "#/components/schemas/GalaxyClusterVersion"
meta:
description: "Each Galaxy element associated to this cluster represents a key-value property."
type: object
example:
- categories: "botnet"
- refs: "http://example.com"
- aliases:
- "malware"
- "win32"
- "windows"
- topics:
- "Windows"
- "Malware"
GalaxyValueSearchFilter:
description: "Text search term to find a matching galaxy name, namespace, description, kill_chain_order or uuid."
type: string
example: "botnet"
ImportGalaxyClusterItem:
type: object
properties:
GalaxyCluster:
$ref: "#/components/schemas/GalaxyClusterNoId"
Galaxy:
type: object
properties:
uuid:
$ref: "#/components/schemas/UUID"
# Tags
TagId:
type: string
format: int32
maxLength: 10
example: "12345"
TagName:
type: string
example: "tlp:white"
maxLength: 255
TagColour:
type: string
example: "#ffffff"
maxLength: 7
TagNumericalValue:
type: string
nullable: true
format: int32
example: "12345"
HideTagFlag:
type: boolean
default: false
TagNoId:
type: object
properties:
name:
$ref: "#/components/schemas/TagName"
colour:
$ref: "#/components/schemas/TagColour"
exportable:
$ref: "#/components/schemas/IsExportable"
org_id:
$ref: "#/components/schemas/OrganisationId"
user_id:
$ref: "#/components/schemas/UserId"
hide_tag:
$ref: "#/components/schemas/HideTagFlag"
numerical_value:
$ref: "#/components/schemas/TagNumericalValue"
is_galaxy:
$ref: "#/components/schemas/IsGalaxy"
is_custom_galaxy:
$ref: "#/components/schemas/IsCustomGalaxy"
inherited:
$ref: "#/components/schemas/IsInherited"
Tag:
description: "A tag is a simple method to classify an event with a simple string. The tag name can be freely chosen. The tag name can be also chosen from a fixed machine-tag vocabulary called MISP taxonomies"
allOf:
- type: object
properties:
id:
$ref: "#/components/schemas/TagId"
- $ref: "#/components/schemas/TagNoId"
TagList:
type: array
items:
$ref: "#/components/schemas/Tag"
TagCollectionId:
type: string
format: int32
maxLength: 10
example: "12345"
ExtendedTag:
type: object
properties:
Tag:
$ref: "#/components/schemas/Tag"
Taxonomy:
$ref: "#/components/schemas/Taxonomy"
TaxonomyPredicate:
$ref: "#/components/schemas/TaxonomyPredicate"
# Taxonomies
TaxonomyId:
type: string
format: int32
maxLength: 10
example: "12345"
TaxonomyPredicateId:
type: string
format: int32
maxLength: 10
example: "12345"
Taxonomy:
type: object
properties:
id:
$ref: "#/components/schemas/TaxonomyId"
namespace:
type: string
example: "tlp"
description:
type: string
example: "Disclosure is not limited. Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction."
version:
type: string
format: int32
example: "5"
enabled:
type: boolean
exclusive:
type: boolean
required:
type: boolean
TaxonomyPredicate:
type: object
properties:
id:
$ref: "#/components/schemas/TaxonomyPredicateId"
taxonomy_id:
$ref: "#/components/schemas/TaxonomyId"
value:
type: string
example: "white"
expanded:
type: string
example: "(TLP:WHITE) Information can be shared publicly in accordance with the law."
colour:
type: string
example: "#ffffff"
description:
type: string
example: Disclosure is not limited. Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction.
exclusive:
type: boolean
numerical_value:
type: integer
nullable: true
# Users
UserId:
type: string
format: int32
maxLength: 10
example: "12345"
UserDashboardSetting:
type: object
properties:
widget:
type: string
example: "MispStatusWidget"
position:
type: object
properties:
x:
type: string
format: int32
example: "0"
y:
type: string
format: int32
example: "0"
width:
type: string
format: int32
example: "2"
height:
type: string
format: int32
example: "2"
UserSetting:
type: object
properties:
dashboard:
type: array
items:
$ref: "#/components/schemas/UserDashboardSetting"
UserNoId:
type: object
properties:
id:
$ref: "#/components/schemas/UserId"
org_id:
$ref: "#/components/schemas/OrganisationId"
server_id:
$ref: "#/components/schemas/ServerId"
email:
type: string
format: email
autoalert:
type: boolean
authkey:
description: "API auth key used for the API, only set if MISP setting `Security.advanced_authkeys` is set to `false`."
nullable: true
type: string
minLength: 40
maxLength: 40
example: "894c8d095180c7ea28789092e96ca6424199aa4f"
invited_by:
$ref: "#/components/schemas/UserId"
gpgkey:
type: string
nullable: true
certif_public:
type: string
nullable: true
nids_sid:
type: string
format: int32
maxLength: 10
example: "4000000"
termsaccepted:
type: boolean
newsread:
$ref: "#/components/schemas/Timestamp"
role_id:
$ref: "#/components/schemas/RoleId"
change_pw:
description: "Password change required."
type: string
format: int32
enum:
- "0"
- "1"
contactalert:
type: boolean
disabled:
type: boolean
expiration:
type: string
format: date-time
nullable: true
current_login:
$ref: "#/components/schemas/Timestamp"
last_login:
$ref: "#/components/schemas/Timestamp"
force_logout:
type: boolean
date_created:
$ref: "#/components/schemas/Timestamp"
date_modified:
$ref: "#/components/schemas/Timestamp"
User:
allOf:
- type: object
properties:
id:
$ref: "#/components/schemas/UserId"
- $ref: "#/components/schemas/UserNoId"
ExtendedUser:
allOf:
- $ref: "#/components/schemas/User"
- type: object
properties:
User:
$ref: "#/components/schemas/User"
Role:
$ref: "#/components/schemas/Role"
UserSetting:
$ref: "#/components/schemas/UserSetting"
UserListItem:
type: object
properties:
User:
$ref: "#/components/schemas/User"
Role:
$ref: "#/components/schemas/Role"
Organisation:
type: object
properties:
id:
$ref: "#/components/schemas/OrganisationId"
name:
$ref: "#/components/schemas/OrganisationName"
UserList:
type: array
items:
$ref: "#/components/schemas/UserListItem"
# Organisations
OrganisationId:
type: string
format: int32
maxLength: 10
example: "12345"
OrganisationName:
type: string
maxLength: 255
example: "ORGNAME"
OrganisationType:
type: string
nullable: true
maxLength: 255
example: "ADMIN"
OrganisationNoId:
type: object
properties:
name:
$ref: "#/components/schemas/OrganisationName"
date_created:
$ref: "#/components/schemas/Timestamp"
date_modified:
$ref: "#/components/schemas/Timestamp"
description:
type: string
type:
$ref: "#/components/schemas/OrganisationType"
nationality:
type: string
sector:
type: string
created_by:
$ref: "#/components/schemas/UserId"
uuid:
type: string
contacts:
type: string
nullable: true
local:
type: boolean
restricted_to_domain:
type: array
items:
type: string
format: hostname
landingpage:
type: string
nullable: true
user_count:
type: string
nullable: true
format: int32
example: "3"
created_by_email:
nullable: true
type: string
Organisation:
allOf:
- type: object
properties:
id:
$ref: "#/components/schemas/OrganisationId"
- $ref: "#/components/schemas/OrganisationNoId"
OrganisationListItem:
type: object
properties:
Organisation:
$ref: "#/components/schemas/Organisation"
OrganisationList:
type: array
items:
$ref: "#/components/schemas/OrganisationListItem"
# Servers
ServerId:
type: string
format: int32
maxLength: 10
example: "12345"
ServerName:
type: string
maxLength: 255
example: "Phising Server"
ServerNoId:
type: object
properties:
name:
$ref: "#/components/schemas/ServerName"
url:
type: string
example: "https://misppriv.circl.lu"
authkey:
$ref: "#/components/schemas/AuthKey"
org_id:
$ref: "#/components/schemas/OrganisationId"
push:
type: boolean
pull:
type: boolean
push_sightings:
type: boolean
push_galaxy_clusters:
type: boolean
pull_galaxy_clusters:
type: boolean
lastpulledid:
type: string
nullable: true
format: int32
maxLength: 10
example: "12345"
lastpushedid:
type: string
nullable: true
format: int32
maxLength: 10
example: "12345"
organization:
type: string
nullable: true
remote_org_id:
$ref: "#/components/schemas/OrganisationId"
publish_without_email:
type: boolean
unpublish_event:
type: boolean
self_signed:
type: boolean
pull_rules:
description: "Stringified JSON rules for pulling events from this server."
type: string
example: '{"tags":{"OR":[],"NOT":[]},"orgs":{"OR":[],"NOT":[]},"url_params":""}'
push_rules:
type: string
description: "Stringified JSON rules for pushing events from this server."
example: '{"tags":{"OR":[],"NOT":[]},"orgs":{"OR":[],"NOT":[]}}'
cert_file:
type: string
description: "Base64 encoded certificate"
nullable: true
format: byte
client_cert_file:
type: string
description: "Base64 encoded client certificate"
nullable: true
format: byte
internal:
type: boolean
skip_proxy:
type: boolean
caching_enabled:
type: boolean
priority:
type: string
nullable: true
format: int32
maxLength: 10
example: "1"
cache_timestamp:
type: boolean
Server:
allOf:
- type: object
properties:
id:
$ref: "#/components/schemas/ServerId"
- $ref: "#/components/schemas/ServerNoId"
ServerListItem:
type: object
properties:
Server:
$ref: "#/components/schemas/Server"
Organisation:
$ref: "#/components/schemas/Organisation"
RemoteOrg:
$ref: "#/components/schemas/Organisation"
User:
type: array
items:
$ref: "#/components/schemas/User"
ServerList:
type: array
items:
$ref: "#/components/schemas/ServerListItem"
PhpServerSetting:
type: object
properties:
explanation:
type: string
example: "The maximum duration that a script can run (does not affect the background workers). A too low number will break long running scripts like comprehensive API exports"
recommended:
anyOf:
- type: integer
example: 300
- type: string
unit:
type: string
example: "seconds"
value:
anyOf:
- type: integer
example: 300
- type: string
ServerPackageVersion:
type: object
properties:
version:
type: string
example: "1.2.0.11"
expected:
type: string
example: ">1.2.0.9"
status:
type: integer
example: 1
DatabaseTableDiagnostics:
type: object
properties:
used:
type: string
example: "207.63MB"
reclaimable:
type: string
example: "5MB"
table:
type: string
example: "attributes"
MispSetting:
type: object
properties:
level:
type: integer
example: 0
value:
anyOf:
- type: string
- type: boolean
- type: number
errorMessage:
type: string
nullable: true
example: "The currently set baseurl does not match the URL through which you have accessed the page. Disregard this if you are accessing the page via an alternate URL (for example via IP address)."
test:
nullable: true
anyOf:
- type: string
example: "testBaseURL"
- type: boolean
type:
type: string
example: "string"
enum:
- "string"
- "boolean"
- "numeric"
"null":
type: boolean
nullable: true
subGroup:
type: string
nullable: true
example: "Enrichment"
cli_only:
type: integer
nullable: true
example: 1
redacted:
type: boolean
nullable: true
optionsSource:
type: object
nullable: true
afterHook:
type: string
nullable: true
example: "cleanCacheFiles"
error:
type: integer
nullable: true
example: 1
tab:
type: string
example: "MISP"
setting:
type: string
example: "MISP.baseurl"
options:
nullable: true
anyOf:
- type: object
- type: array
Worker:
type: object
properties:
pid:
type: integer
example: 1233
user:
type: string
example: "www-data"
alive:
type: boolean
correct_user:
type: boolean
ok:
type: boolean
WorkersStatus:
type: object
properties:
ok:
type: boolean
workers:
type: array
items:
$ref: "#/components/schemas/Worker"
jobCount:
type: integer
nullable: true
example: 0
UpdateServerResultItem:
type: object
properties:
input:
type: string
example: "cd $(git rev-parse --show-toplevel) && git checkout app\/composer.json 2>&1"
output:
type: array
items:
type: string
example: "Updated 1 path from the index"
status:
type: integer
example: 0
# Feeds
FeedId:
type: string
format: int32
maxLength: 10
example: "3"
FeedName:
type: string
maxLength: 255
example: "CIRCL OSINT Feed"
FeedSourceFormat:
type: string
enum:
- "1"
- "csv"
- "freetext"
- "misp"
FeedInputSource:
description: "Specify whether the source (url field) is a directory (local) or an genuine url (network)."
type: string
enum:
- "local"
- "network"
FeedHeaders:
description: "Headers to be passed with the requests. All separated by \n"
type: string
nullable: true
example: |
X-Custom-Header-A: Foo
X-Custom-Header-B: Bar
FeedSettings:
type: string
nullable: true
example: '{"csv":{"value":"","delimiter":""},"common":{"excluderegex":""}}'
FeedRules:
description: "Stringified JSON filter rules."
type: string
nullable: true
example: '{"tags":{"OR":[],"NOT":[]},"orgs":{"OR":[],"NOT":[]},"url_params":""}'
FeedUrl:
type: string
example: "https://www.circl.lu/doc/misp/feed-osint"
FeedFixedEvent:
description: "target_event option might be considered"
type: boolean
FeedDeltaMergeFlag:
description: "Merge attributes (only add new attribute, remove revoked attributes)"
type: boolean
FeedProvider:
type: string
example: "CIRCL"
FeedOverrideIDSFlag:
description: "The IDS flags will be set to Off for this feed"
type: boolean
FeedDeleteLocalFileFlag:
description: "The IDS flags will be set to Off for this feed"
type: boolean
FeedLookupVisibleFlag:
description: "The lookup will not be visible in the feed correlation"
type: boolean
FeedCachingEnabledFlag:
description: "The feed is cached"
type: boolean
FeedForceToIDSFlag:
description: "The IDS flags will be set to On for this feed"
type: boolean
FeedEnabledFlag:
type: boolean
FeedCacheTimestamp:
nullable: true
anyOf:
- $ref: "#/components/schemas/Timestamp"
- type: boolean
FeedNoId:
type: object
properties:
name:
$ref: "#/components/schemas/FeedName"
provider:
$ref: "#/components/schemas/FeedProvider"
url:
$ref: "#/components/schemas/FeedUrl"
rules:
$ref: "#/components/schemas/FeedRules"
enabled:
$ref: "#/components/schemas/FeedEnabledFlag"
distribution:
$ref: "#/components/schemas/DistributionLevelId"
sharing_group_id:
$ref: "#/components/schemas/SharingGroupId"
tag_id:
$ref: "#/components/schemas/TagId"
default:
$ref: "#/components/schemas/IsDefault"
source_format:
$ref: "#/components/schemas/FeedSourceFormat"
fixed_event:
$ref: "#/components/schemas/FeedFixedEvent"
delta_merge:
$ref: "#/components/schemas/FeedDeltaMergeFlag"
event_id:
$ref: "#/components/schemas/EventId"
publish:
$ref: "#/components/schemas/PublishedFlag"
override_ids:
$ref: "#/components/schemas/FeedOverrideIDSFlag"
settings:
$ref: "#/components/schemas/FeedSettings"
input_source:
$ref: "#/components/schemas/FeedInputSource"
delete_local_file:
$ref: "#/components/schemas/FeedDeleteLocalFileFlag"
lookup_visible:
$ref: "#/components/schemas/FeedLookupVisibleFlag"
headers:
$ref: "#/components/schemas/FeedHeaders"
caching_enabled:
$ref: "#/components/schemas/FeedCachingEnabledFlag"
force_to_ids:
$ref: "#/components/schemas/FeedForceToIDSFlag"
orgc_id:
$ref: "#/components/schemas/OrganisationId"
cache_timestamp:
$ref: "#/components/schemas/FeedCacheTimestamp"
Feed:
allOf:
- type: object
properties:
id:
$ref: "#/components/schemas/FeedId"
- $ref: "#/components/schemas/FeedNoId"
# Warninglists
WarninglistId:
type: string
format: int32
maxLength: 10
example: "3"
WarninglistEntry:
type: object
properties:
id:
type: string
format: int32
example: "1234"
value:
type: string
example: "10.128.0.0/24"
warninglist_id:
$ref: "#/components/schemas/WarninglistId"
Warninglist:
type: object
properties:
id:
$ref: "#/components/schemas/WarninglistId"
name:
type: string
example: "List of known domains to know external IP"
type:
type: string
enum:
- "cidr"
- "hostname"
- "substring"
- "string"
- "regex"
example: "cidr"
description:
type: string
version:
type: string
format: int32
example: "10"
enabled:
type: boolean
warninglist_entry_count:
type: string
format: int32
example: "1234"
valid_attributes:
description: "List of comma separated warninglist types."
type: string
example: "domain, hostname, domain|ip, uri, url"
WarninglistEntry:
type: array
items:
$ref: "#/components/schemas/WarninglistEntry"
WarninglistsIdFilter:
anyOf:
- $ref: "#/components/schemas/WarninglistId"
- type: array
items:
$ref: "#/components/schemas/WarninglistId"
WarninglistsNameFilter:
anyOf:
- type: string
example: "%search term%"
- type: array
items:
type: string
example: "%search term%"
# Noticelists
NoticelistId:
type: string
format: int32
maxLength: 10
example: "3"
NoticelistEntry:
type: object
properties:
id:
type: string
format: int32
example: "1234"
noticelist_id:
$ref: "#/components/schemas/NoticelistId"
data:
type: object
properties:
scope:
type: array
items:
type: string
example: "attribute"
field:
type: array
items:
type: string
example: "category"
value:
type: array
items:
type: string
example: "Person"
tags:
type: array
items:
$ref: "#/components/schemas/TagName"
message:
type: object
properties:
en:
type: string
example: "This attribute is likely to contain personal data and the data subject is likely to be directly identifiable."
Noticelist:
type: object
properties:
id:
$ref: "#/components/schemas/NoticelistId"
name:
type: string
example: "List of known domains to know external IP"
type:
type: string
enum:
- "cidr"
- "hostname"
- "substring"
- "string"
- "regex"
example: "cidr"
description:
type: string
version:
type: string
format: int32
example: "10"
enabled:
type: boolean
warninglist_entry_count:
type: string
format: int32
example: "1234"
valid_attributes:
description: "List of comma separated warninglist types."
type: string
example: "domain, hostname, domain|ip, uri, url"
NoticelistEntry:
type: array
items:
$ref: "#/components/schemas/NoticelistEntry"
# Roles
RoleId:
type: string
format: int32
maxLength: 10
example: "3"
RoleName:
type: string
maxLength: 255
example: "ORGNAME"
Role:
type: object
properties:
id:
$ref: "#/components/schemas/RoleId"
name:
$ref: "#/components/schemas/RoleName"
perm_add:
type: boolean
perm_modify:
type: boolean
perm_modify_org:
type: boolean
perm_publish:
type: boolean
perm_delegate:
type: boolean
perm_sync:
type: boolean
perm_admin:
type: boolean
perm_audit:
type: boolean
perm_auth:
type: boolean
perm_site_admin:
type: boolean
perm_regexp_access:
type: boolean
perm_tagger:
type: boolean
perm_template:
type: boolean
perm_sharing_group:
type: boolean
perm_tag_editor:
type: boolean
perm_sighting:
type: boolean
perm_object_template:
type: boolean
perm_publish_zmq:
type: boolean
perm_publish_kafka:
type: boolean
perm_decaying:
type: boolean
perm_galaxy_editor:
type: boolean
default_role:
type: boolean
memory_limit:
type: string
nullable: true
format: int32
max_execution_time:
type: string
nullable: true
format: int32
restricted_to_site_admin:
type: boolean
enforce_rate_limit:
type: boolean
rate_limit_count:
type: string
format: int32
permission:
type: string
format: int32
example: "3"
permission_description:
type: string
example: "publish"
# Sharing Groups
SharingGroupId:
type: string
nullable: true
format: int32
maxLength: 10
example: "1"
SharingGroupOrganisationId:
type: string
nullable: true
format: int32
maxLength: 10
example: "1"
SharingGroupName:
type: string
maxLength: 255
example: "Banking Sharing Group"
SharingGroupDescription:
type: string
maxLength: 65535
example: "Banking Institutions of X Sharing Group"
SharingGroupReleasability:
type: string
maxLength: 65535
SlimSharingGroupNoId:
type: object
properties:
id:
$ref: "#/components/schemas/SharingGroupId"
uuid:
$ref: "#/components/schemas/UUID"
name:
$ref: "#/components/schemas/SharingGroupName"
description:
$ref: "#/components/schemas/SharingGroupDescription"
releasability:
$ref: "#/components/schemas/SharingGroupReleasability"
local:
type: boolean
active:
type: boolean
org_count:
type: string
format: int32
example: "6"
SlimSharingGroup:
allOf:
- type: object
properties:
id:
$ref: "#/components/schemas/SharingGroupId"
- $ref: "#/components/schemas/SlimSharingGroupNoId"
SharingGroupNoId:
allOf:
- $ref: "#/components/schemas/SlimSharingGroupNoId"
- type: object
properties:
organisation_uuid:
$ref: "#/components/schemas/UUID"
org_id:
$ref: "#/components/schemas/OrganisationId"
sync_user_id:
$ref: "#/components/schemas/UserId"
created:
type: string
format: datetime
modified:
type: string
format: datetime
roaming:
type: boolean
SharingGroup:
allOf:
- type: object
properties:
id:
$ref: "#/components/schemas/SharingGroupId"
- $ref: "#/components/schemas/SharingGroupNoId"
SharingGroupOrganisation:
type: object
properties:
id:
$ref: "#/components/schemas/SharingGroupOrganisationId"
sharing_group_id:
$ref: "#/components/schemas/SharingGroupId"
org_id:
$ref: "#/components/schemas/OrganisationId"
extend:
type: boolean
Organisation:
type: object
properties:
id:
$ref: "#/components/schemas/OrganisationId"
name:
$ref: "#/components/schemas/OrganisationName"
uuid:
$ref: "#/components/schemas/UUID"
SharingGroupServer:
type: object
properties:
all_orgs:
type: boolean
server_id:
$ref: "#/components/schemas/ServerId"
sharing_group_id:
$ref: "#/components/schemas/SharingGroupId"
Server:
type: object
properties:
id:
$ref: "#/components/schemas/ServerId"
name:
$ref: "#/components/schemas/ServerName"
SharingGroupListItem:
type: object
properties:
SharingGroup:
$ref: "#/components/schemas/SlimSharingGroup"
Organisation:
type: object
properties:
id:
$ref: "#/components/schemas/OrganisationId"
name:
$ref: "#/components/schemas/OrganisationName"
uuid:
$ref: "#/components/schemas/UUID"
SharingGroupOrg:
type: array
items:
$ref: "#/components/schemas/SharingGroupOrganisation"
SharingGroupServer:
type: array
items:
$ref: "#/components/schemas/SharingGroupServer"
editable:
type: boolean
deletable:
type: boolean
# General
AuthKey:
type: string
minLength: 40
maxLength: 40
example: "894c8d095180c7ea28789092e96ca6424199aa4f"
DistributionLevelId:
type: string
format: int32
enum: ["0", "1", "2", "3", "4", "5"]
description: >
Who will be able to see this event once it becomes published and eventually when it becomes pulled:
* `0` - Your organization only
* `1` - This community only
* `2` - Connected communities
* `3` - All communities
* `4` - Sharing group
* `5` - Inherit Event
ThreatLevelId:
type: string
format: int32
enum: ["1", "2", "3", "4"]
description: >
Represents the threat level.
* `1` - High
* `2` - Medium
* `3` - Low
* `4` - Undefined
AnalysisLevelId:
type: string
format: int32
enum: ["0", "1", "2"]
description: >
Represents the analysis maturity level.
* `0` - Initial
* `1` - Ongoing
* `2` - Complete
ToIDS:
type: boolean
default: true
UUID:
type: string
format: uuid
maxLength: 36
example: "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
ExtendsUUID:
type: string
nullable: true
maxLength: 36
example: "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
Timestamp:
type: string
format: int64
default: "0"
example: "1617875568"
NullableTimestamp:
nullable: true
type: string
format: int64
default: "0"
example: "1617875568"
MicroTimestamp:
type: string
format: int64
default: null
example: "1581984000000000"
NullableMicroTimestamp:
nullable: true
type: string
format: int64
default: null
example: "1581984000000000"
SoftDeletedFlag:
type: boolean
default: false
PublishedFlag:
type: boolean
default: false
DisableCorrelationFlag:
type: boolean
default: false
IsExportable:
type: boolean
default: true
IsGalaxy:
type: boolean
default: true
IsCustomGalaxy:
type: boolean
default: true
IsInherited:
type: integer
format: int32
default: 1
IsLocked:
type: boolean
IsDefault:
type: boolean
IsLocal:
type: boolean
Icon:
type: string
maxLength: 255
example: "globe"
PageSearchFilter:
type: integer
format: int32
nullable: true
minimum: 0
LimitSearchFilter:
type: integer
format: int32
nullable: true
minimum: 1
SortSearchField:
description: Field to be used to sort the result
type: string
nullable: true
example: "timestamp"
DirectionSearchField:
description: Sort direction of the result
type: string
nullable: true
default: "asc"
enum:
- "asc"
- "desc"
DateRestSearchFilter:
description: "You can use any of the valid time related filters (examples: 7d, timestamps, [14d, 7d] for ranges, etc.)"
type: string
nullable: true
LastRestSearchFilter:
description: "Published within the last x amount of time, where x can be defined in days, hours, minutes (for example 5d or 12h or 30m)"
type: integer
nullable: true
TagsRestSearchFilter:
nullable: true
type: array
items:
type: string
example: "tlp:amber"
MetadataRestSearchFilter:
description: "Will only return the metadata of the given query scope, contained data is omitted."
nullable: true
type: boolean
IncludeEventUUIDRestSearchFlag:
description: "Include matching eventUuids in the response"
type: boolean
default: false
IncludeEventTagsRestSearchFlag:
description: "Include tags of matching events in the response"
type: boolean
default: false
IncludeProposalsRestSearchFlag:
description: "Include proposals of matching events in the response"
type: boolean
default: false
EnforceWarninglistRestSearchFilter:
description: "Should the warning list be enforced. Adds blocked field for matching attributes"
nullable: true
type: boolean
RequestedAttributesRestSearchFilter:
description: "List of properties that will be selected in the CSV export"
type: array
items:
type: string
example: "id"
IncludeContextRestSearchFlag:
description: "Adds events context fields in the CSV export"
nullable: true
type: boolean
HeaderlessRestSearchFlag:
description: "Removes header in the CSV export"
nullable: true
type: boolean
IncludeWarninglistHitsRestSearchFlag:
nullable: true
type: boolean
AttackGalaxyRestSearchFilter:
nullable: true
type: string
example: "mitre-attack"
ExcludeLocalTagsRestSearchFilter:
description: "Exclude local tags from the export"
nullable: true
type: boolean
IncludeSightingDbRestSearchFlag:
description: "Extend response with Sightings DB results if the module is enabled"
nullable: true
type: boolean
IncludeCorrelationsRestSearchFlag:
nullable: true
type: boolean
ModelOverridesRestSearchFilter:
$ref: "#/components/schemas/DecayingModelParameters"
ObjectRelationRestSearchFilter:
description: "Filter by the attribute object relation value"
nullable: true
type: string
example: "filepath"
ApiError:
type: object
required:
- name
- message
- url
properties:
name:
type: string
message:
type: string
url:
type: string
example: "/attributes"
UnauthorizedApiError:
type: object
required:
- name
- message
- url
properties:
name:
type: string
example: "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header."
message:
type: string
example: "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header."
url:
type: string
example: "/attributes"
NotFoundApiError:
type: object
required:
- name
- message
- url
properties:
name:
type: string
example: "Invalid attribute"
message:
type: string
example: "Invalid attribute"
url:
type: string
example: "/attributes/1234"
parameters:
eventIdParameter:
name: eventId
in: path
description: "UUID or numeric ID of the event"
required: true
schema:
oneOf:
- $ref: "#/components/schemas/EventId"
- $ref: "#/components/schemas/UUID"
attributeIdParameter:
name: attributeId
in: path
description: "UUID or numeric ID of the attribute"
required: true
schema:
oneOf:
- $ref: "#/components/schemas/AttributeId"
- $ref: "#/components/schemas/UUID"
tagIdParameter:
name: tagId
in: path
description: Numeric ID of the attribute
required: true
schema:
$ref: "#/components/schemas/TagId"
tagSearchTermParameter:
name: tagSearchTerm
in: path
description: Tag search term
required: true
schema:
type: string
example: "%tlp%"
galaxyIdParameter:
name: galaxyId
in: path
description: "UUID or numeric ID of the galaxy"
required: true
schema:
oneOf:
- $ref: "#/components/schemas/GalaxyId"
- $ref: "#/components/schemas/UUID"
galaxyClusterIdParameter:
name: galaxyClusterId
in: path
description: "UUID or numeric ID of the galaxy cluster"
required: true
schema:
oneOf:
- $ref: "#/components/schemas/GalaxyClusterId"
- $ref: "#/components/schemas/UUID"
userIdParameter:
name: userId
in: path
description: "Numeric ID of the user"
required: true
schema:
$ref: "#/components/schemas/UserId"
firstTimeResetParameter:
name: firstTimeReset
in: path
description: "First time reset is set to `1` only for new user registrations."
required: true
schema:
type: string
enum:
- "0"
- "1"
organisationIdParameter:
name: organisationId
in: path
description: "UUID or numeric ID of the organisation"
required: true
schema:
oneOf:
- $ref: "#/components/schemas/OrganisationId"
- $ref: "#/components/schemas/UUID"
serverIdParameter:
name: serverId
in: path
description: "UUID or numeric ID of the server"
required: true
schema:
oneOf:
- $ref: "#/components/schemas/ServerId"
- $ref: "#/components/schemas/UUID"
pullTechniqueParameter:
name: pullTechnique
in: path
description: "Pull technique to be used for pulling events from this instance."
required: true
schema:
type: string
enum:
- "full"
- "incremental"
- "pull_relevant_clusters"
pushTechniqueParameter:
name: pushTechnique
in: path
description: "Push technique to be used for pushing events to this instance."
required: true
schema:
type: string
enum:
- "full"
- "incremental"
workerTypeParameter:
name: workerType
in: path
description: "Worker type."
required: true
schema:
type: string
enum:
- "default"
- "email"
- "scheduler"
- "cache"
- "prio"
- "update"
workerPidParameter:
name: workerPid
in: path
description: "Worker PID."
required: true
schema:
type: string
format: int32
settingNameParameter:
name: settingName
in: path
description: "Setting name."
required: true
schema:
type: string
example: "MISP.background_jobs"
sharingGroupIdParameter:
name: sharingGroupId
in: path
description: "UUID or numeric ID of the sharing group"
required: true
schema:
oneOf:
- $ref: "#/components/schemas/SharingGroupId"
- $ref: "#/components/schemas/UUID"
feedIdParameter:
name: feedId
in: path
description: "UUID or numeric ID of the feed"
required: true
schema:
oneOf:
- $ref: "#/components/schemas/FeedId"
- $ref: "#/components/schemas/UUID"
warninglistIdParameter:
name: warninglistId
in: path
description: "Numeric ID of the warninglist"
required: true
schema:
$ref: "#/components/schemas/WarninglistId"
noticelistIdParameter:
name: noticelistId
in: path
description: "Numeric ID of the noticelist"
required: true
schema:
$ref: "#/components/schemas/NoticelistId"
sightingIdParameter:
name: sightingId
in: path
description: "UUID or numeric ID of the sighting"
required: true
schema:
$ref: "#/components/schemas/SightingId"
cacheFeedsScopeParameter:
name: cacheFeedsScope
in: path
description: "Cache feeds strategy"
required: true
schema:
type: string
enum:
- "all"
- "csv"
- "freetext"
attachTargetIdParameter:
name: attachTargetId
in: path
description: "UUID or numeric ID of the target entity (Event, Attribute or TagCollection)"
required: true
schema:
anyOf:
- $ref: "#/components/schemas/EventId"
- $ref: "#/components/schemas/AttributeId"
- $ref: "#/components/schemas/TagCollectionId"
attachTargetTypeParameter:
name: attachTargetType
in: path
description: "Type of the target entity to attach to the galaxy cluster."
required: true
schema:
type: string
enum:
- "event"
- "attribute"
- "tag_collection"
returnFormatParameter:
name: returnFormat
in: query
description: Return type of the restSearch query.
required: true
schema:
type: string
enum:
- json
- xml
- download
- stix
- stix2
attributeStatisticsContextParameter:
name: context
in: path
required: true
description: Context of the statistics.
schema:
type: string
default: "type"
enum:
- type
- category
attributeStatisticsPercentageParameter:
name: percentage
in: path
required: true
description: "`0` to show attribute count, `1` for showing percentages"
schema:
type: integer
default: 0
objectIdParameter:
name: objectId
in: path
description: "UUID or numeric ID of the object"
required: true
schema:
oneOf:
- $ref: "#/components/schemas/ObjectId"
- $ref: "#/components/schemas/UUID"
hardDeleteParameter:
name: objectId
in: path
description: "`1` for hard delete the entity, `0` for soft deletion."
required: true
schema:
type: string
enum:
- "0"
- "1"
objectTemplateIdParameter:
name: objectTemplateId
in: path
description: "UUID or numeric ID of the object template"
required: true
schema:
oneOf:
- $ref: "#/components/schemas/ObjectTemplateId"
- $ref: "#/components/schemas/UUID"
securitySchemes:
ApiKeyAuth:
type: apiKey
in: header
name: Authorization
description: |
The authentication of the automation is performed via a secure key available in the MISP UI interface.
Make sure you keep that key secret as it gives access to the entire database! The [API](https://www.circl.lu/doc/misp/GLOSSARY.html#api)
key is available in the event actions menu under automation.
The authorization is performed by using the following header in the API requests:
Authorization: YOUR_API_KEY
> **NOTE**: Since version 2.2 the usage of the authentication key in the URL is deprecated.
Instead, pass the auth key in an Authorization header in the request. The legacy option of having the auth key
in the URL is temporarily still supported but not recommended.
requestBodies:
AddAttributeRequest:
required: true
content:
application/json:
schema:
$ref: "#/components/schemas/AttributeNoId"
EditAttributeRequest:
required: true
content:
application/json:
schema:
type: object
$ref: "#/components/schemas/Attribute"
RestSearchAttributesRequest:
required: true
content:
application/json:
schema:
type: object
properties:
page:
$ref: "#/components/schemas/PageSearchFilter"
limit:
$ref: "#/components/schemas/LimitSearchFilter"
value:
$ref: "#/components/schemas/AttributeValue"
type:
$ref: "#/components/schemas/AttributeType"
category:
$ref: "#/components/schemas/AttributeCategory"
org:
oneOf:
- $ref: "#/components/schemas/OrganisationId"
- $ref: "#/components/schemas/OrganisationName"
tags:
$ref: "#/components/schemas/TagsRestSearchFilter"
from:
$ref: "#/components/schemas/DateRestSearchFilter"
to:
$ref: "#/components/schemas/DateRestSearchFilter"
last:
$ref: "#/components/schemas/LastRestSearchFilter"
eventid:
$ref: "#/components/schemas/EventId"
withAttachments:
description: "Extends the response with the base64 representation of the attachment, if there is one"
type: boolean
default: false
uuid:
$ref: "#/components/schemas/UUID"
publish_timestamp:
$ref: "#/components/schemas/Timestamp"
published:
$ref: "#/components/schemas/PublishedFlag"
timestamp:
$ref: "#/components/schemas/Timestamp"
attribute_timestamp:
$ref: "#/components/schemas/Timestamp"
enforceWarninglist:
$ref: "#/components/schemas/EnforceWarninglistRestSearchFilter"
to_ids:
$ref: "#/components/schemas/ToIDS"
deleted:
$ref: "#/components/schemas/SoftDeletedFlag"
event_timestamp:
description: "The timestamp at which the event was last modified"
$ref: "#/components/schemas/Timestamp"
threat_level_id:
$ref: "#/components/schemas/ThreatLevelId"
eventinfo:
description: "Quick event description"
type: string
decayingModel:
description: "Specify the decaying model from which the decaying score should be calculated"
type: string
score:
description: "An alias to override on-the-fly the threshold of the decaying model"
type: string
first_seen:
description: "Seen within the last x amount of time, where x can be defined in days, hours, minutes (for example 5d or 12h or 30m)"
type: string
last_seen:
description: "Seen within the last x amount of time, where x can be defined in days, hours, minutes (for example 5d or 12h or 30m)"
type: string
includeEventUuid:
$ref: "#/components/schemas/IncludeEventUUIDRestSearchFlag"
includeEventTags:
$ref: "#/components/schemas/IncludeEventTagsRestSearchFlag"
includeProposals:
$ref: "#/components/schemas/IncludeProposalsRestSearchFlag"
requested_attributes:
$ref: "#/components/schemas/RequestedAttributesRestSearchFilter"
includeContext:
$ref: "#/components/schemas/IncludeContextRestSearchFlag"
headerless:
$ref: "#/components/schemas/HeaderlessRestSearchFlag"
includeWarninglistHits:
$ref: "#/components/schemas/IncludeWarninglistHitsRestSearchFlag"
attackGalaxy:
$ref: "#/components/schemas/AttackGalaxyRestSearchFilter"
object_relation:
$ref: "#/components/schemas/ObjectRelationRestSearchFilter"
includeSightings:
$ref: "#/components/schemas/IncludeSightingDbRestSearchFlag"
includeCorrelations:
$ref: "#/components/schemas/IncludeCorrelationsRestSearchFlag"
modelOverrides:
$ref: "#/components/schemas/ModelOverridesRestSearchFilter"
includeDecayScore:
description: "Include all enabled decaying score"
type: boolean
default: false
includeFullModel:
description: "Include all model information of matching events in the response"
type: boolean
default: false
excludeDecayed:
description: "Should the decayed elements by excluded"
type: boolean
default: false
AddEventRequest:
required: true
content:
application/json:
schema:
$ref: "#/components/schemas/EventNoId"
EditEventRequest:
required: true
content:
application/json:
schema:
$ref: "#/components/schemas/EventNoId"
SearchEventRequest:
required: true
content:
application/json:
schema:
type: object
properties:
page:
$ref: "#/components/schemas/PageSearchFilter"
limit:
$ref: "#/components/schemas/LimitSearchFilter"
sort:
$ref: "#/components/schemas/SortSearchField"
direction:
$ref: "#/components/schemas/DirectionSearchField"
minimal:
description: "Returns a minimal version of the event, only events with `attributeCount` > 0 will be returned"
type: boolean
nullable: true
default: false
attribute:
description: "Filter events matching the given string with attributes values"
type: string
nullable: true
example: "covert channel"
eventid:
$ref: "#/components/schemas/EventId"
datefrom:
description: "Event creation date is greater or equal"
type: string
nullable: true
format: date
example: "2021-03-05"
dateuntil:
description: "Event creation date is less or equal"
type: string
nullable: true
format: date
example: "2021-03-05"
org:
description: "Filter events by matching an the creator organisation name"
type: string
nullable: true
example: "CIRCL"
eventinfo:
description: "Filter events by matching the event info text"
type: string
nullable: true
example: "Phishing campaing"
tag:
description: "Filter events by matching the event tags with a given tag name"
nullable: true
$ref: "#/components/schemas/TagName"
example: "tlp:white"
tags:
description: "Filter events by matching *any* of the event tags of a given list of tag names"
type: array
nullable: true
items:
$ref: "#/components/schemas/TagName"
example:
- "tlp:amber"
- 'cycat:scope="exploit"'
distribution:
$ref: "#/components/schemas/DistributionLevelId"
sharinggroup:
$ref: "#/components/schemas/SharingGroupId"
analysis:
$ref: "#/components/schemas/AnalysisLevelId"
threatlevel:
$ref: "#/components/schemas/ThreatLevelId"
email:
description: "Filter events by matching the event creator user email"
type: string
nullable: true
format: email
example: "admin@admin.test"
hasproposal:
description: "Filter events by checking if it has attributes with change proposals. Possible values: `0`, `1`"
type: string
nullable: true
example: "1"
timestamp:
description: "Event timestamp greater or equal"
type: string
nullable: true
example: "1"
publish_timestamp:
description: "Event publish timestamp greater or equal"
type: string
nullable: true
example: "1"
RestSearchEventsRequest:
required: true
content:
application/json:
schema:
type: object
properties:
page:
$ref: "#/components/schemas/PageSearchFilter"
limit:
$ref: "#/components/schemas/LimitSearchFilter"
value:
$ref: "#/components/schemas/AttributeValue"
type:
$ref: "#/components/schemas/AttributeType"
category:
$ref: "#/components/schemas/AttributeCategory"
org:
oneOf:
- $ref: "#/components/schemas/OrganisationId"
- $ref: "#/components/schemas/OrganisationName"
tags:
$ref: "#/components/schemas/TagsRestSearchFilter"
searchall:
description: "Search events by matching any tag names, event descriptions, attribute values or attribute comments"
type: string
example: malware
from:
$ref: "#/components/schemas/DateRestSearchFilter"
to:
$ref: "#/components/schemas/DateRestSearchFilter"
last:
$ref: "#/components/schemas/LastRestSearchFilter"
eventid:
$ref: "#/components/schemas/EventId"
withAttachments:
description: "Extends the response with the base64 representation of the attachment, if there is one"
type: boolean
default: false
metadata:
$ref: "#/components/schemas/MetadataRestSearchFilter"
uuid:
$ref: "#/components/schemas/UUID"
publish_timestamp:
$ref: "#/components/schemas/Timestamp"
timestamp:
$ref: "#/components/schemas/Timestamp"
published:
$ref: "#/components/schemas/PublishedFlag"
enforceWarninglist:
$ref: "#/components/schemas/EnforceWarninglistRestSearchFilter"
sgReferenceOnly:
description: "Will only return the sharing group ID"
type: boolean
requested_attributes:
$ref: "#/components/schemas/RequestedAttributesRestSearchFilter"
includeContext:
$ref: "#/components/schemas/IncludeContextRestSearchFlag"
headerless:
$ref: "#/components/schemas/HeaderlessRestSearchFlag"
includeWarninglistHits:
$ref: "#/components/schemas/IncludeWarninglistHitsRestSearchFlag"
attackGalaxy:
$ref: "#/components/schemas/AttackGalaxyRestSearchFilter"
to_ids:
$ref: "#/components/schemas/ToIDS"
deleted:
description: "Include deleted elements"
$ref: "#/components/schemas/SoftDeletedFlag"
excludeLocalTags:
$ref: "#/components/schemas/ExcludeLocalTagsRestSearchFilter"
date:
$ref: "#/components/schemas/DateRestSearchFilter"
includeSightingdb:
$ref: "#/components/schemas/IncludeSightingDbRestSearchFlag"
tag:
$ref: "#/components/schemas/TagName"
object_relation:
$ref: "#/components/schemas/ObjectRelationRestSearchFilter"
threat_level_id:
$ref: "#/components/schemas/ThreatLevelId"
SearchGalaxyRequest:
required: true
content:
application/json:
schema:
type: object
properties:
value:
$ref: "#/components/schemas/GalaxyValueSearchFilter"
ImportGalaxyClusterRequest:
required: true
content:
application/json:
schema:
type: array
items:
$ref: "#/components/schemas/ImportGalaxyClusterItem"
ExportGalaxyClusterRequest:
content:
application/json:
schema:
type: object
properties:
Galaxy:
type: object
properties:
default:
description: "`true` to filter out galaxy clusters with `default=true` set."
type: boolean
custom:
description: "`true` to filter out galaxy clusters with `default=false` set"
type: boolean
distribution:
$ref: "#/components/schemas/DistributionLevelId"
format:
description: "If set to `misp-galaxy` result set is in the misp-galaxy format."
type: string
enum:
- "default"
- "misp-galaxy"
download:
description: "`true` returns the response as a json file attachment, `false` returns the response in the response body."
type: boolean
AttachGalaxyClusterRequest:
content:
application/json:
schema:
type: object
properties:
Galaxy:
type: object
properties:
target_id:
description: "Target galaxy cluster to attach."
type: integer
format: int32
example: 1235
SearchGalaxyClustersRequest:
content:
application/json:
schema:
type: object
properties:
context:
type: string
enum:
- "all"
- "default"
- "org"
- "deleted"
searchall:
description: "Search galaxy clusters by matching any value, description, uuid or galaxy elements values."
type: string
example: "botnet"
AddGalaxyClusterRequest:
content:
application/json:
schema:
$ref: "#/components/schemas/GalaxyCluster"
EditGalaxyClusterRequest:
content:
application/json:
schema:
$ref: "#/components/schemas/GalaxyCluster"
AddUserRequest:
content:
application/json:
schema:
$ref: "#/components/schemas/UserNoId"
EditUserRequest:
content:
application/json:
schema:
$ref: "#/components/schemas/User"
AddOrganisationRequest:
content:
application/json:
schema:
$ref: "#/components/schemas/OrganisationNoId"
EditOrganisationRequest:
content:
application/json:
schema:
type: object
properties:
name:
$ref: "#/components/schemas/OrganisationName"
type:
$ref: "#/components/schemas/OrganisationType"
nationality:
type: string
nullable: true
sector:
type: string
nullable: true
contacts:
type: string
nullable: true
description:
type: string
nullable: true
local:
type: boolean
nullable: true
uuid:
type: string
nullable: true
format: uuid
restricted_to_domain:
nullable: true
type: array
items:
type: string
format: hostname
EditServerSettingRequest:
content:
application/json:
schema:
type: object
properties:
value:
anyOf:
- type: string
- type: boolean
- type: number
- type: object
ImportServerRequest:
content:
application/json:
schema:
type: object
properties:
name:
$ref: "#/components/schemas/ServerName"
url:
type: string
example: "https://misppriv.circl.lu"
uuid:
$ref: "#/components/schemas/UUID"
authkey:
$ref: "#/components/schemas/AuthKey"
Organisation:
type: object
properties:
name:
$ref: "#/components/schemas/OrganisationName"
AddSharingGroupRequest:
content:
application/json:
schema:
$ref: "#/components/schemas/SharingGroupNoId"
EditSharingGroupRequest:
content:
application/json:
schema:
$ref: "#/components/schemas/SharingGroup"
AddFeedRequest:
content:
application/json:
schema:
type: object
properties:
name:
$ref: "#/components/schemas/FeedName"
provider:
$ref: "#/components/schemas/FeedProvider"
url:
$ref: "#/components/schemas/FeedUrl"
rules:
$ref: "#/components/schemas/FeedRules"
enabled:
$ref: "#/components/schemas/FeedEnabledFlag"
distribution:
$ref: "#/components/schemas/DistributionLevelId"
sharing_group_id:
$ref: "#/components/schemas/SharingGroupId"
tag_id:
$ref: "#/components/schemas/TagId"
source_format:
$ref: "#/components/schemas/FeedSourceFormat"
fixed_event:
$ref: "#/components/schemas/FeedFixedEvent"
delta_merge:
$ref: "#/components/schemas/FeedDeltaMergeFlag"
event_id:
$ref: "#/components/schemas/EventId"
publish:
$ref: "#/components/schemas/PublishedFlag"
override_ids:
$ref: "#/components/schemas/FeedOverrideIDSFlag"
input_source:
$ref: "#/components/schemas/FeedInputSource"
delete_local_file:
$ref: "#/components/schemas/FeedDeleteLocalFileFlag"
lookup_visible:
$ref: "#/components/schemas/FeedLookupVisibleFlag"
headers:
$ref: "#/components/schemas/FeedHeaders"
caching_enabled:
$ref: "#/components/schemas/FeedCachingEnabledFlag"
force_to_ids:
$ref: "#/components/schemas/FeedForceToIDSFlag"
orgc_id:
$ref: "#/components/schemas/OrganisationId"
EditFeedRequest:
content:
application/json:
schema:
type: object
properties:
id:
$ref: "#/components/schemas/FeedId"
name:
$ref: "#/components/schemas/FeedName"
provider:
$ref: "#/components/schemas/FeedProvider"
url:
$ref: "#/components/schemas/FeedUrl"
rules:
$ref: "#/components/schemas/FeedRules"
enabled:
$ref: "#/components/schemas/FeedEnabledFlag"
distribution:
$ref: "#/components/schemas/DistributionLevelId"
sharing_group_id:
$ref: "#/components/schemas/SharingGroupId"
tag_id:
$ref: "#/components/schemas/TagId"
source_format:
$ref: "#/components/schemas/FeedSourceFormat"
fixed_event:
$ref: "#/components/schemas/FeedFixedEvent"
delta_merge:
$ref: "#/components/schemas/FeedDeltaMergeFlag"
event_id:
$ref: "#/components/schemas/EventId"
publish:
$ref: "#/components/schemas/PublishedFlag"
override_ids:
$ref: "#/components/schemas/FeedOverrideIDSFlag"
input_source:
$ref: "#/components/schemas/FeedInputSource"
delete_local_file:
$ref: "#/components/schemas/FeedDeleteLocalFileFlag"
lookup_visible:
$ref: "#/components/schemas/FeedLookupVisibleFlag"
headers:
$ref: "#/components/schemas/FeedHeaders"
caching_enabled:
$ref: "#/components/schemas/FeedCachingEnabledFlag"
force_to_ids:
$ref: "#/components/schemas/FeedForceToIDSFlag"
orgc_id:
$ref: "#/components/schemas/OrganisationId"
WarninglistsSearchRequest:
content:
application/x-www-form-urlencoded:
schema:
type: object
properties:
value:
description: "Search term to be used to match warninglists name, description or type."
type: string
nullable: true
enabled:
type: boolean
nullable: true
WarninglistsToggleEnableRequest:
content:
application/x-www-form-urlencoded:
schema:
type: object
properties:
id:
$ref: "#/components/schemas/WarninglistsIdFilter"
name:
$ref: "#/components/schemas/WarninglistsNameFilter"
enabled:
type: boolean
nullable: false
WarninglistCheckValuesRequest:
content:
application/json:
schema:
type: array
items:
type: string
example: "10.128.0.2"
ToggleEnableNoticelistRequest:
content:
application/json:
schema:
type: object
properties:
Noticelist:
type: object
properties:
data:
description: "Id of the noticelist to enable/disable."
type: integer
example: 1
AddObjectRequest:
content:
application/json:
schema:
type: object
properties:
Attribute:
type: array
items:
type: object
properties:
category:
$ref: "#/components/schemas/AttributeCategory"
value:
$ref: "#/components/schemas/AttributeValue"
to_ids:
$ref: "#/components/schemas/ToIDS"
disable_correlation:
$ref: "#/components/schemas/DisableCorrelationFlag"
distribution:
$ref: "#/components/schemas/DisableCorrelationFlag"
comment:
$ref: "#/components/schemas/AttributeComment"
object_relation:
$ref: "#/components/schemas/ObjectRelation"
AddTagRequest:
content:
application/json:
schema:
$ref: "#/components/schemas/TagNoId"
EditTagRequest:
content:
application/json:
schema:
$ref: "#/components/schemas/TagNoId"
responses:
AttributeResponse:
description: "An attribute"
content:
application/json:
schema:
type: object
properties:
Attribute:
$ref: "#/components/schemas/Attribute"
AttributeListResponse:
description: "A list of attributes"
content:
application/json:
schema:
$ref: "#/components/schemas/AttributeList"
DeleteAttributeResponse:
description: "Delete attribute response"
content:
application/json:
schema:
type: object
properties:
message:
type: string
example: Attribute deleted.
AddAttributeTagResponse:
description: "Add attribute tag response"
content:
application/json:
schema:
type: object
properties:
saved:
description: "`true` if the tag was succesfully added, `false` if it failed"
type: boolean
nullable: false
success:
description: "Present if the tag was succesfully added"
type: string
nullable: true
example: "Tag added."
check_publish:
type: boolean
nullable: true
errors:
type: string
nullable: true
example: Tag could not be added.
RemoveAttributeTagResponse:
description: "Remove attribute tag response"
content:
application/json:
schema:
type: object
properties:
saved:
description: "`true` if the tag was succesfully removed, `false` if it failed"
type: boolean
nullable: false
success:
description: "Present if the tag was succesfully added"
type: string
nullable: true
example: "Tag removed."
check_publish:
type: boolean
nullable: true
errors:
type: string
nullable: true
example: Tag could not be added.
AttributesRestSearchResponse:
description: "Rest search attributes response"
headers:
X-Result-Count:
$ref: "#/components/headers/X-Result-Count"
X-Export-Module-Used:
$ref: "#/components/headers/X-Export-Module-Used"
X-Response-Format:
$ref: "#/components/headers/X-Response-Format"
content:
application/json:
schema:
type: object
properties:
response:
type: object
properties:
Attribute:
$ref: "#/components/schemas/AttributeRestSearchList"
AttributeStatisticsResponse:
description: "Attribute statistics response"
content:
application/json:
schema:
$ref: "#/components/schemas/AttributeStatisticsResponse"
DescribeAttributeTypesResponse:
description: "Describe attribute categories and types response"
content:
application/json:
schema:
$ref: "#/components/schemas/DescribeAttributeTypesResponse"
AddEventResponse:
description: "A freshly created event"
content:
application/json:
schema:
$ref: "#/components/schemas/CreatedEvent"
EditEventResponse:
description: "A freshly updated event"
content:
application/json:
schema:
$ref: "#/components/schemas/UpdatedEvent"
DeleteEventResponse:
description: "Delete event response"
content:
application/json:
schema:
type: object
properties:
saved:
description: "`true` if the event was succesfully deleted, `false` if it failed"
type: boolean
success:
description: "`true` if the event was succesfully deleted, `false` if it failed"
nullable: true
type: boolean
name:
type: string
example: "Event deleted."
message:
type: string
example: "Could not delete Event"
url:
type: string
example: "/events/delete/1"
errors:
description: "Only present if an error occurred when deleting the event"
type: string
nullable: true
example: "Event was not deleted."
AddEventTagResponse:
description: "Add event tag response"
content:
application/json:
schema:
type: object
properties:
saved:
description: "`true` if the tag was succesfully added, `false` if it failed"
type: boolean
nullable: false
success:
description: "Present if the tag was succesfully added"
type: string
nullable: true
example: "Tag added."
check_publish:
type: boolean
nullable: true
errors:
type: string
nullable: true
example: Tag could not be added.
RemoveEventTagResponse:
description: "Remove event tag response"
content:
application/json:
schema:
type: object
properties:
saved:
description: "`true` if the tag was succesfully removed, `false` if it failed"
type: boolean
nullable: false
success:
description: "Present if the tag was succesfully added"
type: string
nullable: true
example: "Tag removed."
check_publish:
type: boolean
nullable: true
errors:
type: string
nullable: true
example: Tag could not be added.
ExtendedEventListResponse:
description: "A list of events with extended properties"
headers:
X-Result-Count:
$ref: "#/components/headers/X-Result-Count"
content:
application/json:
schema:
oneOf:
- $ref: "#/components/schemas/ExtendedEventList"
- $ref: "#/components/schemas/SlimEventList"
ExtendedEventResponse:
description: "An event with extended properties"
content:
application/json:
schema:
type: object
properties:
Event:
$ref: "#/components/schemas/ExtendedEvent"
EventsRestSearchResponse:
description: "Rest search events response"
headers:
X-Result-Count:
$ref: "#/components/headers/X-Result-Count"
X-Export-Module-Used:
$ref: "#/components/headers/X-Export-Module-Used"
X-Response-Format:
$ref: "#/components/headers/X-Response-Format"
content:
application/json:
schema:
type: object
properties:
response:
$ref: "#/components/schemas/EventRestSearchList"
PublishEventResponse:
description: "Publish event response"
content:
application/json:
schema:
type: object
properties:
name:
type: string
example: "Publish"
message:
type: string
example: "Job queued"
url:
type: string
example: "https://misp.local/events/alert/1"
id:
type: string
format: int32
UnpublishEventResponse:
description: "Unpublish event response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: boolean
name:
type: string
example: "Event unpublished."
message:
type: string
example: "Event unpublished."
url:
type: string
example: "/events/unpublish/1"
GalaxyListResponse:
description: "A list of galaxies"
content:
application/json:
schema:
type: array
items:
type: object
properties:
Galaxy:
$ref: "#/components/schemas/Galaxy"
ExtendedGalaxyResponse:
description: "A extended galaxy response"
content:
application/json:
schema:
$ref: "#/components/schemas/ExtendedGalaxy"
UpdateGalaxiesResponse:
description: "Update galaxies response"
content:
application/json:
schema:
type: object
properties:
saved:
description: "Present and `true` if the galaxies were succesfully updated."
nullable: true
type: boolean
success:
description: "Present and `true` if the galaxies were succesfully updated."
nullable: true
type: boolean
name:
type: string
example: "Galaxies updated."
message:
type: string
example: "Galaxies updated."
url:
type: string
example: "/galaxies/update"
DeleteGalaxyResponse:
description: "Delete galaxy response"
content:
application/json:
schema:
type: object
properties:
saved:
description: "Present and `true` if the galaxy was succesfully removed."
nullable: true
type: boolean
success:
description: "Present and `true` if the galaxy was succesfully removed."
nullable: true
type: boolean
name:
type: string
example: "Galaxy deleted"
message:
type: string
example: "Galaxy deleted"
url:
type: string
example: "/galaxies/delete"
ImportGalaxyClusterResponse:
description: "Import galaxy cluster response"
content:
application/json:
schema:
type: object
properties:
saved:
description: "Present and `true` if the galaxy was succesfully imported."
nullable: true
type: boolean
success:
description: "Present and `true` if the galaxy was succesfully imported."
nullable: true
type: boolean
name:
type: string
example: "'Galaxy clusters imported. 1 imported, 0 ignored, 0 failed."
message:
type: string
example: "'Galaxy clusters imported. 1 imported, 0 ignored, 0 failed."
url:
type: string
example: "/galaxies/import"
ExportGalaxyClustersResponse:
description: "Export galaxy clusters response"
content:
application/json:
schema:
oneOf:
- type: array
items:
$ref: "#/components/schemas/GalaxyCluster"
- $ref: "#/components/schemas/GalaxyMispFormat"
AttachGalaxyClusterResponse:
description: "Attach galaxy cluster response"
content:
application/json:
schema:
type: object
properties:
saved:
description: "Present and `true` if the galaxy cluster was succesfully attached."
type: boolean
success:
description: "Status message of the operation."
type: string
example: "Cluster attached."
check_publish:
type: boolean
GalaxyClusterResponse:
description: "Galaxy cluster by ID response"
content:
application/json:
schema:
type: object
properties:
GalaxyCluster:
$ref: "#/components/schemas/GalaxyCluster"
ExtendedGalaxyClusterResponse:
description: "Extended galaxy cluster by ID response"
content:
application/json:
schema:
type: object
properties:
GalaxyCluster:
$ref: "#/components/schemas/ExtendedGalaxyCluster"
GalaxyClusterListResponse:
description: "Get galaxy clusters response"
content:
application/json:
schema:
type: array
items:
type: object
properties:
GalaxyCluster:
$ref: "#/components/schemas/GalaxyCluster"
PublishGalaxyClusterResponse:
description: "Publish galaxy cluster response"
content:
application/json:
schema:
type: object
properties:
message:
type: string
example: "Publish job queued. Job ID: 4e9d26c275a7b190fcab10029df8c6b6"
UnpublishGalaxyClusterResponse:
description: "Unpublish galaxy cluster response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: boolean
name:
type: string
example: "GalaxyCluster unpublished"
message:
type: string
example: "GalaxyCluster unpublished"
url:
type: string
example: "/galaxy_clusters/publish/1"
DeleteGalaxyClusterResponse:
description: "Delete galaxy cluster response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: boolean
name:
type: string
example: "Galaxy cluster successfuly soft deleted."
message:
type: string
example: "Galaxy cluster successfuly soft deleted."
url:
type: string
example: "/galaxy_clusters/delete/1"
RestoreGalaxyClusterResponse:
description: "Restore galaxy cluster response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: boolean
name:
type: string
example: "GalaxyCluster restored"
message:
type: string
example: "GalaxyCluster restored"
url:
type: string
example: "/galaxy_clusters/restore/1"
ResetUserPasswordResponse:
description: "Reset user password response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: string
example: "New credentials sent."
UserResponse:
description: "User response"
content:
application/json:
schema:
$ref: "#/components/schemas/User"
UserListResponse:
description: "User list response"
content:
application/json:
schema:
$ref: "#/components/schemas/UserList"
ExtendedUserResponse:
description: "Extended user response"
content:
application/json:
schema:
$ref: "#/components/schemas/ExtendedUser"
DeleteUserResponse:
description: "Delete user response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: boolean
name:
type: string
example: "User deleted."
message:
type: string
example: "User deleted."
url:
type: string
example: "/admin/users/delete/1"
OrganisationResponse:
description: "Organisation list response"
content:
application/json:
schema:
$ref: "#/components/schemas/Organisation"
OrganisationListResponse:
description: "Organisation list response"
content:
application/json:
schema:
$ref: "#/components/schemas/OrganisationList"
DeleteOrganisationResponse:
description: "Delete organisation response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: boolean
name:
type: string
example: "Organisation deleted"
message:
type: string
example: "Organisation deleted"
url:
type: string
example: "/admin/organisations/delete/1"
ServerResponse:
description: "Server response"
content:
application/json:
schema:
type: object
properties:
Server:
$ref: "#/components/schemas/Server"
ServerListResponse:
description: "Server list response"
content:
application/json:
schema:
$ref: "#/components/schemas/ServerList"
DeleteServerResponse:
description: "Delete server response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: boolean
name:
type: string
example: "Server deleted"
message:
type: string
example: "Server deleted"
url:
type: string
example: "/servers/delete/1"
PullServerResponse:
description: "Pull server response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: boolean
name:
type: string
example: "Pull queued for background execution. Job ID: 1"
message:
type: string
example: "Pull queued for background execution. Job ID: 1"
url:
type: string
example: "/servers/pull/1"
PushServerResponse:
description: "Push server response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: boolean
name:
type: string
example: "Push queued for background execution. Job ID: 1"
message:
type: string
example: "Push queued for background execution. Job ID: 1"
url:
type: string
example: "/servers/push/1"
ServerVersionResponse:
description: "Server version"
content:
application/json:
schema:
type: object
properties:
version:
type: string
example: "2.4.142"
perm_sync:
type: boolean
perm_sighting:
type: boolean
perm_galaxy_editor:
type: boolean
request_encoding:
type: array
items:
type: string
enum:
- "gzip"
- "br"
ServerPyMISPVersionResponse:
description: "Server PyMISP version"
content:
application/json:
schema:
type: object
properties:
version:
type: string
example: "2.4.142"
ServerSettingsResponse:
description: "Server settings and diagnostics"
content:
application/json:
schema:
type: object
properties:
version:
type: object
properties:
current:
type: string
example: "v2.4.142"
newest:
type: string
example: "v2.4.142"
upToDate:
type: string
example: "same"
phpSettings:
type: object
properties:
max_execution_time:
$ref: "#/components/schemas/PhpServerSetting"
memory_limit:
$ref: "#/components/schemas/PhpServerSetting"
upload_max_filesize:
$ref: "#/components/schemas/PhpServerSetting"
post_max_size:
$ref: "#/components/schemas/PhpServerSetting"
gpgStatus:
type: string
example: "FAIL: Failed to load GnuPG"
proxyStatus:
type: string
example: "not configured (so not tested)"
zmqStatus:
type: integer
example: 1
stix:
type: object
properties:
operational:
type: integer
example: 1
stix:
$ref: "#/components/schemas/ServerPackageVersion"
cybox:
$ref: "#/components/schemas/ServerPackageVersion"
mixbox:
$ref: "#/components/schemas/ServerPackageVersion"
maec:
$ref: "#/components/schemas/ServerPackageVersion"
stix2:
$ref: "#/components/schemas/ServerPackageVersion"
pymisp:
$ref: "#/components/schemas/ServerPackageVersion"
moduleStatus:
type: object
properties:
Enrichment:
type: integer
example: 1
Import:
type: integer
example: 1
Export:
type: integer
example: 1
Cortex:
type: integer
example: 1
writeableDirs:
type: object
example:
"/tmp": 0
"/var/www/MISP/app/tmp": 0
"/var/www/MISP/app/files": 0
"/var/www/MISP/app/files/scripts/tmp": 0
writeableFiles:
type: object
example:
"/var/www/MISP/app/Config/config.php": 0
"/var/www/MISP/.git/ORIG_HEAD": 2
readableFiles:
type: object
example:
"/var/www/MISP/app/files/scripts/stixtest.py": 0
dbDiagnostics:
type: object
example:
"admin_settings":
"table": "admin_settings"
"used": "0.03 MB"
"reclaimable": "0 MB"
"data_in_bytes": 16384
"index_in_bytes": 16384
"reclaimable_in_bytes": 0
"allowedlist":
"table": "allowedlist"
"used": "0.02 MB"
"reclaimable": "0 MB"
"data_in_bytes": 16384
"index_in_bytes": 0
"reclaimable_in_bytes": 0
dbSchemaDiagnostics:
type: object
properties:
dataSource:
type: string
example: "Database/Mysql"
actual_db_version:
type: string
example: "68"
checked_table_column:
type: array
items:
type: string
example: "column_name"
diagnostic:
type: object
diagnostic_index:
type: array
items:
type: object
expected_db_version:
type: string
example: "67"
error:
type: string
update_locked:
type: boolean
remaining_lock_time:
type: number
update_fail_number_reached:
type: boolean
indexes:
type: object
example:
"admin_settings":
"id": true
"setting": false
columnPerTable:
type: object
example:
"admin_settings":
- "id"
- "setting"
- "value"
redisInfo:
type: object
example:
"extensionVersion": "5.1.1"
"connection": true
"redis_version": "5.0.7"
"redis_git_sha1": 0
"redis_git_dirty": 0
"redis_build_id": "636cde3b5c7a3923"
"redis_mode": "standalone"
"os": "Linux 5.8.0-50-generic x86_64"
"arch_bits": 64
"multiplexing_api": "epoll"
"atomicvar_api": "atomic-builtin"
"gcc_version": "9.2.1"
"process_id": 1051
"run_id": "f894944d92c978df93a18821fb5ebe30dfd0b257"
"tcp_port": 6379
"uptime_in_seconds": 327116
"uptime_in_days": 3
"hz": 10
"configured_hz": 10
"lru_clock": 10365184
"executable": "/usr/bin/redis-server"
"config_file": "/etc/redis/redis.conf"
"connected_clients": 18
"client_recent_max_input_buffer": 2
"client_recent_max_output_buffer": 0
"blocked_clients": 0
"used_memory": 1309488
"used_memory_human": "1.25M"
"used_memory_rss": 5541888
"used_memory_rss_human": "5.29M"
"used_memory_peak": 1410464
"used_memory_peak_human": "1.35M"
"used_memory_peak_perc": "92.84%"
"used_memory_overhead": 1200800
"used_memory_startup": 796232
"used_memory_dataset": 108688
"used_memory_dataset_perc": "21.18%"
"allocator_allocated": 1480176
"allocator_active": 1896448
"allocator_resident": 5890048
"total_system_memory": 33406590976
"total_system_memory_human": "31.11G"
"used_memory_lua": 41984
"used_memory_lua_human": "41.00K"
"used_memory_scripts": 0
"used_memory_scripts_human": "0B"
"number_of_cached_scripts": 0
"maxmemory": 0
"maxmemory_human": "0B"
"maxmemory_policy": "noeviction"
"allocator_frag_ratio": 1.28
"allocator_frag_bytes": 416272
"allocator_rss_ratio": 3.11
"allocator_rss_bytes": 3993600
"rss_overhead_ratio": 0.94
"rss_overhead_bytes": -348160
"mem_fragmentation_ratio": 4.24
"mem_fragmentation_bytes": 4233432
"mem_not_counted_for_evict": 0
"mem_replication_backlog": 0
"mem_clients_slaves": 0
"mem_clients_normal": 402912
"mem_aof_buffer": 0
"mem_allocator": "jemalloc-5.2.1"
"active_defrag_running": 0
"lazyfree_pending_objects": 0
"loading": 0
"rdb_changes_since_last_save": 0
"rdb_bgsave_in_progress": 0
"rdb_last_save_time": 1620977919
"rdb_last_bgsave_status": "ok"
"rdb_last_bgsave_time_sec": 0
"rdb_current_bgsave_time_sec": -1
"rdb_last_cow_size": 446464
"aof_enabled": 0
"aof_rewrite_in_progress": 0
"aof_rewrite_scheduled": 0
"aof_last_rewrite_time_sec": -1
"aof_current_rewrite_time_sec": -1
"aof_last_bgrewrite_status": "ok"
"aof_last_write_status": "ok"
"aof_last_cow_size": 0
"total_connections_received": 289
"total_commands_processed": 252747
"instantaneous_ops_per_sec": 7
"total_net_input_bytes": 12111506
"total_net_output_bytes": 1232466
"instantaneous_input_kbps": 0.36
"instantaneous_output_kbps": 0.03
"rejected_connections": 0
"sync_full": 0
"sync_partial_ok": 0
"sync_partial_err": 0
"expired_keys": 17
"expired_stale_perc": 0
"expired_time_cap_reached_count": 0
"evicted_keys": 0
"keyspace_hits": 70
"keyspace_misses": 62805
"pubsub_channels": 0
"pubsub_patterns": 0
"latest_fork_usec": 168
"migrate_cached_sockets": 0
"slave_expires_tracked_keys": 0
"active_defrag_hits": 0
"active_defrag_misses": 0
"active_defrag_key_hits": 0
"active_defrag_key_misses": 0
"role": "master"
"connected_slaves": 0
"master_replid": "d5e7afcf4fd1a31e539a4eadd5caf2a7da6d121c"
"master_replid2": 0
"master_repl_offset": 0
"second_repl_offset": -1
"repl_backlog_active": 0
"repl_backlog_size": 1048576
"repl_backlog_first_byte_offset": 0
"repl_backlog_histlen": 0
"used_cpu_sys": 195.014281
"used_cpu_user": 217.352183
"used_cpu_sys_children": 0.050885
"used_cpu_user_children": 0.076436
"cluster_enabled": 0
"db0": "keys=15,expires=0,avg_ttl=0"
"db13": "keys=12,expires=4,avg_ttl=21265731140"
finalSettings:
type: array
items:
$ref: "#/components/schemas/MispSetting"
extensions:
type: object
properties:
cli:
type: object
properties:
phpversion:
type: string
example: "7.4.3"
extensions:
type: object
example:
"json":
"web_version": "7.4.3"
"web_version_outdated": false
"cli_version": "7.4.3"
"cli_version_outdated": false
"required": true
"info": null
workers:
type: object
properties:
cache:
$ref: "#/components/schemas/WorkersStatus"
default:
$ref: "#/components/schemas/WorkersStatus"
email:
$ref: "#/components/schemas/WorkersStatus"
prio:
$ref: "#/components/schemas/WorkersStatus"
update:
$ref: "#/components/schemas/WorkersStatus"
scheduler:
$ref: "#/components/schemas/WorkersStatus"
proc_accessible:
type: boolean
controls:
type: boolean
StartWorkerResponse:
description: "Start worker response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: boolean
name:
type: string
example: "Worker start signal sent"
message:
type: string
example: "Worker start signal sent"
url:
type: string
example: "/servers/startWorker/email"
StopWorkerResponse:
description: "Stop worker response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: boolean
name:
type: string
example: "Worker stop signal sent"
message:
type: string
example: "Worker stop signal sent"
url:
type: string
example: "/servers/startWorker/1234"
KillAllWorkersResponse:
description: "Kill all workers response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: boolean
name:
type: string
example: "Killing workers."
message:
type: string
example: "Killing workers."
url:
type: string
example: "/servers/killAllWorkers"
RestartWorkersResponse:
description: "Restart workers response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: boolean
name:
type: string
example: "Restarting workers."
message:
type: string
example: "Restarting workers."
url:
type: string
example: "/servers/restartWorkers"
RestartDeadWorkersResponse:
description: "Restart dead workers response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: boolean
name:
type: string
example: "Restarting workers."
message:
type: string
example: "Restarting workers."
url:
type: string
example: "/servers/restartDeadWorkers"
GetWorkersResponse:
description: "Stop worker response"
content:
application/json:
schema:
type: object
properties:
cache:
$ref: "#/components/schemas/WorkersStatus"
default:
$ref: "#/components/schemas/WorkersStatus"
email:
$ref: "#/components/schemas/WorkersStatus"
prio:
$ref: "#/components/schemas/WorkersStatus"
update:
$ref: "#/components/schemas/WorkersStatus"
scheduler:
$ref: "#/components/schemas/WorkersStatus"
proc_accessible:
type: boolean
controls:
type: boolean
UpdateServerResponse:
description: "Update server response"
content:
application/json:
schema:
type: object
properties:
results:
type: array
items:
anyOf:
- $ref: "#/components/schemas/UpdateServerResultItem"
- type: string
example: "Update failed, you are not on branch"
CacheServerResponse:
description: "Cache server response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: boolean
name:
type: string
example: "Server caching job initiated."
message:
type: string
example: "Server caching job initiated."
url:
type: string
example: "/servers/cache"
CreateSyncResponse:
description: "Create server sync"
content:
application/json:
schema:
type: object
properties:
Server:
type: object
properties:
url:
type: string
example: "https://misppriv.circl.lu"
uuid:
$ref: "#/components/schemas/UUID"
authkey:
$ref: "#/components/schemas/AuthKey"
Organisation:
type: object
properties:
name:
$ref: "#/components/schemas/OrganisationName"
uuid:
$ref: "#/components/schemas/UUID"
GetInstanceUUIDResponse:
description: "Get instance UUID response"
content:
application/json:
schema:
type: object
properties:
uuid:
$ref: "#/components/schemas/UUID"
GetServerSettingResponse:
description: "Get setting response"
content:
application/json:
schema:
$ref: "#/components/schemas/MispSetting"
EditServerSettingResponse:
description: "Edit setting response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: boolean
name:
type: string
example: "Field updated"
message:
type: string
example: "Field updated"
url:
type: string
example: "/servers/serverSettingsEdit"
SharingGroupResponse:
description: "Get sharing group response"
content:
application/json:
schema:
type: object
properties:
SharingGroup:
$ref: "#/components/schemas/SharingGroup"
Organisation:
$ref: "#/components/schemas/Organisation"
SharingGroupOrg:
type: array
items:
$ref: "#/components/schemas/SharingGroupOrganisation"
SharingGroupServer:
type: array
items:
$ref: "#/components/schemas/SharingGroupServer"
editable:
type: boolean
deletable:
type: boolean
SharingGroupListResponse:
description: "Get sharing groups response"
content:
application/json:
schema:
type: object
properties:
response:
type: array
items:
$ref: "#/components/schemas/SharingGroupListItem"
DeleteSharingGroupResponse:
description: "Delete sharing group response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: boolean
name:
type: string
example: "SharingGroup deleted"
message:
type: string
example: "SharingGroup deleted"
url:
type: string
example: "/sharing_groups/delete/1"
AddOrganisationToSharingGroupResponse:
description: "Add organisation to a sharing group response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: boolean
name:
type: string
example: "Organisation added to the sharing group."
message:
type: string
example: "Organisation added to the sharing group."
url:
type: string
example: "/sharing_groups/addOrg"
RemoveOrganisationFromSharingGroupResponse:
description: "Remove organisation from a sharing group response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: boolean
name:
type: string
example: "Organisation removed from the sharing group."
message:
type: string
example: "Organisation removed from the sharing group."
url:
type: string
example: "/sharing_groups/removeOrg"
AddServerToSharingGroupResponse:
description: "Add server to a sharing group response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: boolean
name:
type: string
example: "Server added to the sharing group."
message:
type: string
example: "Server added to the sharing group."
url:
type: string
example: "/sharing_groups/addServer"
RemoveServerFromSharingGroupResponse:
description: "Remove server from a sharing group response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: boolean
name:
type: string
example: "Server removed from the sharing group."
message:
type: string
example: "Server removed from the sharing group."
url:
type: string
example: "/sharing_groups/removeServer"
FeedListResponse:
description: "Get feeds response"
content:
application/json:
schema:
type: array
items:
type: object
properties:
Feed:
$ref: "#/components/schemas/Feed"
FeedResponse:
description: "Get feed response"
content:
application/json:
schema:
type: object
properties:
Feed:
$ref: "#/components/schemas/Feed"
EnableFeedResponse:
description: "Enable feed response"
content:
application/json:
schema:
type: object
properties:
name:
type: string
example: "Feed enabled."
message:
type: string
example: "Feed enabled."
url:
type: string
example: "/feeds/enable/1"
DisableFeedResponse:
description: "Disable feed response"
content:
application/json:
schema:
type: object
properties:
name:
type: string
example: "Feed disabled."
message:
type: string
example: "Feed disabled."
url:
type: string
example: "/feeds/disable/1"
CacheFeedsResponse:
description: "Cache feeds response"
content:
application/json:
schema:
type: object
properties:
name:
type: string
example: "Feed caching job initiated."
message:
type: string
example: "Feed caching job initiated."
url:
type: string
example: "/feeds/cacheFeed"
FetchFromFeedResponse:
description: "Fetch feed response"
content:
application/json:
schema:
type: object
properties:
result:
type: string
example: "Pull queued for background execution."
FetchFromAllFeedsResponse:
description: "Fetch all feeds response"
content:
application/json:
schema:
type: object
properties:
result:
type: string
example: "Pull queued for background execution."
WarninglistListResponse:
description: "Get warninglists response"
content:
application/json:
schema:
type: object
properties:
Warninglists:
type: array
items:
type: object
properties:
Warninglist:
$ref: "#/components/schemas/Warninglist"
WarninglistToggleEnabledResponse:
description: "Toggle enable warninglists response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: string
example: "1 warninglist(s) disabled"
WarninglistResponse:
description: "Get warninglists response"
content:
application/json:
schema:
type: object
properties:
Warninglist:
$ref: "#/components/schemas/Warninglist"
WarninglistMatchListResponse:
description: "List of values matching warninglists response"
content:
application/json:
schema:
type: object
example:
"10.128.0.2":
- "id": "10"
"name": "List of known Wikimedia address ranges"
UpdateWarninglistsResponse:
description: "List of values matching warninglists response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
nullable: true
type: boolean
name:
type: string
example: "Successfully updated 1 warninglists."
message:
type: string
example: "Successfully updated 1 warninglists."
url:
type: string
example: "/warninglists/update"
NoticelistListResponse:
description: "Get noticelists response"
content:
application/json:
schema:
type: array
items:
type: object
properties:
Noticelist:
$ref: "#/components/schemas/Noticelist"
NoticelistResponse:
description: "Get noticelist response"
content:
application/json:
schema:
type: object
properties:
Noticelist:
$ref: "#/components/schemas/Noticelist"
NoticelistToggleEnableResponse:
description: "Toggle enable noticelist response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: string
example: "Noticelist enabled"
UpdateNoticelistsResponse:
description: "Toggle enable noticelist response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: boolean
name:
type: string
example: "Successfully updated 1 noticelists."
message:
type: string
example: "Successfully updated 1 noticelists."
url:
type: string
example: "/noticelists/update"
ObjectResponse:
description: "Object response"
content:
application/json:
schema:
type: object
properties:
Object:
$ref: "#/components/schemas/Object"
ExtendedObjectResponse:
description: "Extended object response"
content:
application/json:
schema:
type: object
properties:
Object:
$ref: "#/components/schemas/ExtendedObject"
DeleteObjectResponse:
description: "Delete object response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: boolean
name:
type: string
example: "Object deleted"
message:
type: string
example: "Object deleted"
url:
type: string
example: "/objects/delete/1"
SightingListResponse:
description: "Get sightings response"
content:
application/json:
schema:
type: array
items:
$ref: "#/components/schemas/Sighting"
SightingResponse:
description: "Add sighting response"
content:
application/json:
schema:
$ref: "#/components/schemas/Sighting"
DeleteSightingResponse:
description: "Delete sighting response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: boolean
name:
type: string
example: "Sighting successfully deleted."
message:
type: string
example: "Sighting successfully deleted."
url:
type: string
example: "/sightings/delete/1"
TagListResponse:
description: "Tag list response"
content:
application/json:
schema:
type: object
properties:
Tag:
$ref: "#/components/schemas/TagList"
TagResponse:
description: "Tag response"
content:
application/json:
schema:
$ref: "#/components/schemas/Tag"
DeleteTagResponse:
description: "Delete tag response"
content:
application/json:
schema:
type: object
properties:
name:
type: string
example: "Tag deleted."
message:
type: string
example: "Tag deleted."
url:
type: string
example: "https://misppriv.circl.lu/tags/delete/1"
EditTagResponse:
description: "Tag response"
content:
application/json:
schema:
type: object
properties:
Tag:
$ref: "#/components/schemas/Tag"
SearchTagResponse:
description: "Search tag response"
content:
application/json:
schema:
type: array
items:
$ref: "#/components/schemas/ExtendedTag"
ApiErrorResponse:
description: "Unexpected API error"
content:
application/json:
schema:
$ref: "#/components/schemas/ApiError"
NotFoundApiErrorResponse:
description: "The specified resource was not found"
content:
application/json:
schema:
$ref: "#/components/schemas/NotFoundApiError"
UnauthorizedApiErrorResponse:
description: "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header."
content:
application/json:
schema:
$ref: "#/components/schemas/UnauthorizedApiError"
headers:
X-Result-Count:
description: Result set count
schema:
type: integer
X-Export-Module-Used:
description: Export module used
schema:
type: string
enum:
- json
- xml
- download
- stix
- stix2
X-Response-Format:
description: Response format
schema:
type: string
enum:
- json
- xml
- download
- stix
- stix2
security:
- ApiKeyAuth: []
Reference in New Issue View Git Blame Copy Permalink