MISP
/
misp-book
mirror of https://github.com/MISP/misp-book
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #75 from Delta-Sierra/master 

update automation chapter
pull/77/head
Alexandre Dulaunoy 2017-11-30 15:35:40 +01:00 committed by GitHub
parent cb8d25444d ce84ea5c96
commit 1b88ee13dd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 49 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
automation/README.md
View File

@ -134,6 +134,14 @@ You can configure your tools to automatically download the following file:
https://<misp url>/events/csv/download https://<misp url>/events/csv/download
~~~~ ~~~~
This will download all the valid attributes in your MISP instance (might take some time).
You can also configure your tools to download the attributes from a specific event. Here is the old legacy CSV export that will work like exporting all attributes:
~~~~
https://<misp url>/events/csv/download/<event-id>
~~~~
You can specify additional flags for CSV exports as follows: You can specify additional flags for CSV exports as follows:
POST to: POST to:
@ -201,6 +209,32 @@ To export the attributes of all events that are of the type "domain", use the fo
https://<misp url>/events/csv/download/false/false/false/false/domain https://<misp url>/events/csv/download/false/false/false/false/domain
~~~~ ~~~~
#### Update 2.4.82
Since version 2.4.82, the new export format allows to select more columns using the following query format:
~~~~
https://<misp-instance>/events/csv/download/<event-id>?attributes=timestamp,type,uuid,value
~~~~
The order of columns will be honoured including those related to object level information.
To select object level columns, simply pre-pend the given object columns name by object_, such as:
~~~~
https://<misp-instance>/events/csv/download/<event-id>?attributes=timestamp,type,uuid,value&object_attributes=uuid,name
~~~~
The following columns will be returned (all columns related to objects will be prefixed with object_):
~~~~
timestamp,type,uuid,value,object_uuid,object_name
~~~~
includeContext option includes the tags for the event for each line.
### NIDS rules export ### NIDS rules export
Automatic export of all network related attributes is available under the Snort or Suricata rule format. Only published events and attributes marked as IDS Signature are exported. Automatic export of all network related attributes is available under the Snort or Suricata rule format. Only published events and attributes marked as IDS Signature are exported.
@ -1413,4 +1447,3 @@ PyMISP is a Python library to access MISP platforms via their REST API.
PyMISP allows you to fetch events, add or update events/attributes, add or update samples or search for attributes. PyMISP allows you to fetch events, add or update events/attributes, add or update samples or search for attributes.
[PyMISP is available](https://github.com/MISP/PyMISP) including a documentation with various examples. [PyMISP is available](https://github.com/MISP/PyMISP) including a documentation with various examples.