MISP
/
misp-book
mirror of https://github.com/MISP/misp-book
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #75 from Delta-Sierra/master 

update automation chapter
pull/77/head
Alexandre Dulaunoy 2017-11-30 15:35:40 +01:00 committed by GitHub
parent cb8d25444d ce84ea5c96
commit 1b88ee13dd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 49 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
automation/README.md
View File

@ -134,6 +134,14 @@ You can configure your tools to automatically download the following file:
https://<misp url>/events/csv/download
~~~~
This will download all the valid attributes in your MISP instance (might take some time).
You can also configure your tools to download the attributes from a specific event. Here is the old legacy CSV export that will work like exporting all attributes:
~~~~
https://<misp url>/events/csv/download/<event-id>
~~~~
You can specify additional flags for CSV exports as follows:
POST to:
@ -201,6 +209,32 @@ To export the attributes of all events that are of the type "domain", use the fo
https://<misp url>/events/csv/download/false/false/false/false/domain
~~~~
#### Update 2.4.82
Since version 2.4.82, the new export format allows to select more columns using the following query format:
~~~~
https://<misp-instance>/events/csv/download/<event-id>?attributes=timestamp,type,uuid,value
~~~~
The order of columns will be honoured including those related to object level information.
To select object level columns, simply pre-pend the given object columns name by object_, such as:
~~~~
https://<misp-instance>/events/csv/download/<event-id>?attributes=timestamp,type,uuid,value&object_attributes=uuid,name
~~~~
The following columns will be returned (all columns related to objects will be prefixed with object_):
~~~~
timestamp,type,uuid,value,object_uuid,object_name
~~~~
includeContext option includes the tags for the event for each line.
### NIDS rules export
Automatic export of all network related attributes is available under the Snort or Suricata rule format. Only published events and attributes marked as IDS Signature are exported.
@ -1413,4 +1447,3 @@ PyMISP is a Python library to access MISP platforms via their REST API.
PyMISP allows you to fetch events, add or update events/attributes, add or update samples or search for attributes.
[PyMISP is available](https://github.com/MISP/PyMISP) including a documentation with various examples.