zmq: update to the example and the self topic channel

misp-zmq/README.md

@@ -15,14 +15,14 @@ MISP ZeroMQ functionality can be used for various model of integration or to ext
 - continuous indexing
 - custom software or scripting
 
-The following notification types exist and can be included in the MISP ZeroMQ pub-sub:
-
-- `misp_json` - messages related to events published
-- `misp_json_attribute` - messages related to attribute updated or created
-- `misp_json_sighting` - messages related to sighting added to an attribute or an event
-- `misp_json_user` - messages related to user updates or creation
-- `misp_json_organisation` - messages related to organisation updates or creation
+The following notification topic channels exist and can be included in the MISP ZeroMQ pub-sub:
 
+- `misp_json` - events published
+- `misp_json_attribute` - attribute updated or created
+- `misp_json_sighting` - sighting added to an attribute or an event
+- `misp_json_user` - user updates or creation
+- `misp_json_organisation` - organisation updates or creation
+- `misp_json_self` -  keep-alive messages sent every minute
 
 ### MISP ZeroMQ configuration
 
@@ -65,3 +65,31 @@ optional arguments:
                         sleep time (default: 2)
 ~~~~
 
+The `sub.py` will output the JSON objects for the subscribed topic, by default, all the topic channels are dumped:
+
+~~~~
+misp@cpeb:/var/www/MISP/tools/misp-zmq$ python3 -u sub.py  | jq .
+....
+{
+  "Attribute": {
+    "id": "1044802",
+    "value2": "",
+    "value1": "1.2.3.4",
+    "uuid": "592d8494-7120-4760-b5e2-4858950d210f",
+    "batch_import": "0",
+    "comment": "",
+    "value": "1.2.3.4",
+    "type": "ip-dst",
+    "to_ids": 0,
+    "timestamp": 1496155284,
+    "distribution": "5",
+    "sharing_group_id": 0,
+    "deleted": "0",
+    "disable_correlation": "0",
+    "event_id": "8100",
+    "category": "Network activity"
+  }
+}
+....
+~~~~
+