Merge remote-tracking branch 'upstream/main'

pull/277/head
Steve Clement 2022-06-01 11:04:23 +02:00
commit 83775eed70
No known key found for this signature in database
GPG Key ID: 69A20F509BE4AEE9
13 changed files with 196 additions and 23 deletions

View File

@ -51,7 +51,7 @@ MISP can now extend an event (starting from version 2.4.90). This allows users t
## MISP feeds
MISP includes a set of public OSINT feeds in its default configuration. The feeds can be used as a source of correlations for all of your events and attributes without the need to import them directly into your system. The MISP feed system allows for fast correlation but also a for quick comparisons of the feeds against one another.
To get started with MISP we advise to enable the CIRCL OSINT feed withing your MISP instance. This feed is generated with the PyMISP [feed-generator](https://github.com/CIRCL/PyMISP/tree/master/examples/feed-generator).
To get started with MISP we advise to enable the CIRCL OSINT feed within your MISP instance. This feed is generated with the PyMISP [feed-generator](https://github.com/CIRCL/PyMISP/tree/master/examples/feed-generator).
[More](http://www.misp-project.org/feeds/)
## MISP format

View File

@ -212,7 +212,7 @@ canvas needs to be compiled and needs the following dependencies:
xcode-select --install
# If you have homebrew not installed yet:
## /usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
# For the more adventureous you can install a cask of calibre which gives you access to *ebook-convert*
# For the more adventurous you can install a cask of calibre which gives you access to *ebook-convert*
## brew cask install calibre
brew install pkg-config cairo pango libpng jpeg giflib
```

View File

@ -766,7 +766,7 @@ Warning: Scheduled tasks come with a lot of caveats and little in regards of cus
"""
The task scheduler is a sub-par component to enable minimal functionality in terms of automating certain MISP tasks.
If you have a dedicated and concious MISP Site Admin she can keep an eye on the Scheduler to make sure everything runs smoothly.
If you have a dedicated and conscious MISP Site Admin she can keep an eye on the Scheduler to make sure everything runs smoothly.
For better performance please use a real scheduler like your systems' crontab.
As a rule of thumb: If you can click on it, MISP can automate it.

View File

@ -666,4 +666,166 @@ Because LDAP and MISP users are paired by e-mail address, it is possible to migr
* When a user is disabled in LDAP and also in MISP and then enabled in LDAP, it will be enabled in MISP for next login just when `updateUser` is set to `true`.
* Currently it is not possible to log in with both LDAP and local (MISP) accounts.
* Admins can change users email address. But when `updateUser` is set to true, when the user will log in again, the e-mail address will be updated from LDAP.
* `Security.require_password_confirmation` setting currently doesnt work with LDAP authentication. But on the other hand, since user cannot change e-mail address and password, this setting is not important.
* `Security.require_password_confirmation` setting currently does not work with LDAP authentication. But on the other hand, since user cannot change e-mail address and password, this setting is not important.
# Appendix G: SimpleBackgroundJobs Migration guide
As of **MISP** version `2.4.151` we introduced a simpler way to handle background jobs without relying in CakeResque as this library is no longer mantained.
For the time being both background jobs backends will be supported, but we plan to phase out the CakeResque one in a near future.
The new backend requires [Supervisor](http://supervisord.org/) and some extra PHP packages.
**This guide is intended for Ubuntu/Debian systems**
## Install requirements
Run on your MISP instance the following commands.
1. Install **Supervisord**:
```
sudo apt install supervisor -y
```
2. Install required PHP packages:
```
cd /var/www/MISP/app
sudo -u www-data php composer.phar require --with-all-dependencies supervisorphp/supervisor:^4.0 \
guzzlehttp/guzzle \
php-http/message \
lstrojny/fxmlrpc
```
3. Add the following settings at the bottom of the **Supervisord** conf file, usually located in:
`/etc/supervisor/supervisord.conf`
```
[inet_http_server]
port=127.0.0.1:9001
username=supervisor
password=PWD_CHANGE_ME
```
4. Use the following configuration as a template for the services, usually located in:
`/etc/supervisor/conf.d/misp-workers.conf`
```
[group:misp-workers]
programs=default,email,cache,prio,update
[program:default]
directory=/var/www/MISP
command=/var/www/MISP/app/Console/cake start_worker default
process_name=%(program_name)s_%(process_num)02d
numprocs=5
autostart=true
autorestart=true
redirect_stderr=false
stderr_logfile=/var/www/MISP/app/tmp/logs/misp-workers-errors.log
stdout_logfile=/var/www/MISP/app/tmp/logs/misp-workers.log
directory=/var/www/MISP
user=www-data
[program:prio]
directory=/var/www/MISP
command=/var/www/MISP/app/Console/cake start_worker prio
process_name=%(program_name)s_%(process_num)02d
numprocs=5
autostart=true
autorestart=true
redirect_stderr=false
stderr_logfile=/var/www/MISP/app/tmp/logs/misp-workers-errors.log
stdout_logfile=/var/www/MISP/app/tmp/logs/misp-workers.log
directory=/var/www/MISP
user=www-data
[program:email]
directory=/var/www/MISP
command=/var/www/MISP/app/Console/cake start_worker email
process_name=%(program_name)s_%(process_num)02d
numprocs=5
autostart=true
autorestart=true
redirect_stderr=false
stderr_logfile=/var/www/MISP/app/tmp/logs/misp-workers-errors.log
stdout_logfile=/var/www/MISP/app/tmp/logs/misp-workers.log
directory=/var/www/MISP
user=www-data
[program:update]
directory=/var/www/MISP
command=/var/www/MISP/app/Console/cake start_worker update
process_name=%(program_name)s_%(process_num)02d
numprocs=1
autostart=true
autorestart=true
redirect_stderr=false
stderr_logfile=/var/www/MISP/app/tmp/logs/misp-workers-errors.log
stdout_logfile=/var/www/MISP/app/tmp/logs/misp-workers.log
directory=/var/www/MISP
user=www-data
[program:cache]
directory=/var/www/MISP
command=/var/www/MISP/app/Console/cake start_worker cache
process_name=%(program_name)s_%(process_num)02d
numprocs=5
autostart=true
autorestart=true
redirect_stderr=false
stderr_logfile=/var/www/MISP/app/tmp/logs/misp-workers-errors.log
stdout_logfile=/var/www/MISP/app/tmp/logs/misp-workers.log
user=www-data
```
5. Restart **Supervisord** to load the changes:
```
sudo service supervisor restart
```
6. Check **Supervisord** workers are running:
```
$ sudo supervisorctl status
misp-workers:cache_00 RUNNING pid 1673228, uptime 1:37:54
misp-workers:cache_01 RUNNING pid 1673225, uptime 1:37:54
misp-workers:cache_02 RUNNING pid 1673375, uptime 1:37:53
misp-workers:cache_03 RUNNING pid 1673398, uptime 1:37:52
misp-workers:cache_04 RUNNING pid 1673303, uptime 1:37:53
misp-workers:default_00 RUNNING pid 1673222, uptime 1:37:54
misp-workers:default_01 RUNNING pid 1673385, uptime 1:37:52
misp-workers:default_02 RUNNING pid 1673391, uptime 1:37:52
misp-workers:default_03 RUNNING pid 1673223, uptime 1:37:54
misp-workers:default_04 RUNNING pid 1673393, uptime 1:37:52
misp-workers:email_00 RUNNING pid 1673394, uptime 1:37:52
misp-workers:email_01 RUNNING pid 1673312, uptime 1:37:53
misp-workers:email_02 RUNNING pid 1673224, uptime 1:37:54
misp-workers:email_03 RUNNING pid 1673227, uptime 1:37:54
misp-workers:email_04 RUNNING pid 1673333, uptime 1:37:53
misp-workers:prio_00 RUNNING pid 1673279, uptime 1:37:54
misp-workers:prio_01 RUNNING pid 1673304, uptime 1:37:53
misp-workers:prio_02 RUNNING pid 1673305, uptime 1:37:53
misp-workers:prio_03 RUNNING pid 1673232, uptime 1:37:54
misp-workers:prio_04 RUNNING pid 1673319, uptime 1:37:53
misp-workers:update_00 RUNNING pid 1673327, uptime 1:37:53
```
## MISP Config
1. Go to your **MISP** instances `Server Settings & Maintenance` page, and then to the new [SimpleBackgroundJobs]((https://localhost/servers/serverSettings/SimpleBackgroundJobs)) tab.
2. Update the `SimpleBackgroundJobs.supervisor_password` with the password you set in the _Install requirements_ section 3.
3. Verify Redis and other settings are correct and then set `SimpleBackgroundJobs.enabled` to `true`.
4. Use **MISP** normally and visit [Administration -> Jobs](/jobs/index) to check Jobs are running correctly.
If there are any issues check the logs:
* /var/www/MISP/app/tmp/logs/misp-workers-errors.log
* /var/www/MISP/app/tmp/logs/misp-workers.log
5. Once the new workers are functioning as expected, you can remove the previous workers service:
```bash
$ sudo systemctl stop --now misp-workers
$ sudo systemctl disable --now misp-workers
```
### Notes
Scheduled tasks (TasksController) are not supported with the new backend, however this feature is going to be deprecated, it is recommended to use cron jobs instead.

View File

@ -84,7 +84,7 @@ curl --header "Authorization: YOUR API KEY " --header "Accept: application/json"
## Search
It is possible to search in the database for a list of attributes or events based on a list of criterias.
It is possible to search in the database for a list of attributes or events based on a list of criteria.
To return attributes or events in a desired format, use the following URL and header settings:
@ -144,7 +144,7 @@ Find below a non exhaustive list of parameters that can be used to filter data i
- **timestamp**: Restrict the results by the timestamp (last edit). Any event with a timestamp newer than the given timestamp will be returned. In case you are dealing with /attributes as scope, the attribute's timestamp will be used for the lookup. The input can be a timestamp or a short-hand time description (7d or 24h for example). You can also pass a list with two values to set a time range (for example ["14d", "7d"]).
- **published**: Set whether published or unpublished events should be returned. Do not set the parameter if you want both.
- **enforceWarninglist**: Remove any attributes from the result that would cause a hit on a warninglist entry.
- **to_ids**: By default (0) all attributes are returned that match the other filter parameters, irregardless of their to_ids setting. To restrict the returned data set to to_ids only attributes set this parameter to 1. You can only use the special "exclude" setting to only return attributes that have the to_ids flag disabled.
- **to_ids**: By default (0) all attributes are returned that match the other filter parameters, regardless of their to_ids setting. To restrict the returned data set to to_ids only attributes set this parameter to 1. You can only use the special "exclude" setting to only return attributes that have the to_ids flag disabled.
- **deleted**: Default value 0. If set to 1, only deleted attributes will be returned. If set to [0,1] , both deleted and non-deleted attributes wil be returned.
- **includeEventUuid**: Instead of just including the event ID, also include the event UUID in each of the attributes.
- **event_timestamp**: Only return attributes from events that have received a modification after the given timestamp. The input can be a timestamp or a short-hand time description (7d or 24h for example). You can also pass a list with two values to set a time range (for example ["14d", "7d"]).
@ -904,7 +904,7 @@ Do not use this function with GET!
- **published**: Set whether published or unpublished events should be returned. Do not set the parameter if you want both.
- **timestamp**: ***Deprecated!!!*** (synonym for attribute_timestamp) Restrict the results by the timestamp (last edit). Any attribute with a timestamp newer than the given timestamp will be returned. The input can be a timestamp or a short-hand time description (7d or 24h for example). You can also pass a list with two values to set a time range (for example ["14d", "7d"]).
- **enforceWarninglist**: Remove any attributes from the result that would cause a hit on a warninglist entry.
- **to_ids**: By default (0) all attributes are returned that match the other filter parameters, irregardless of their to_ids setting. To restrict the returned data set to to_ids only attributes set this parameter to 1. You can only use the special "exclude" setting to only return attributes that have the to_ids flag disabled.
- **to_ids**: By default (0) all attributes are returned that match the other filter parameters, regardless of their to_ids setting. To restrict the returned data set to to_ids only attributes set this parameter to 1. You can only use the special "exclude" setting to only return attributes that have the to_ids flag disabled.
- **deleted**: Default value 0. If set to 1, only deleted attributes will be returned. If set to [0,1] , both deleted and non-deleted attributes wil be returned.
- **includeEventUuid**: Instead of just including the event ID, also include the event UUID in each of the attributes.
- **event_timestamp**: Only return attributes from events that have received a modification after the given timestamp. The input can be a timestamp or a short-hand time description (7d or 24h for example). You can also pass a list with two values to set a time range (for example ["14d", "7d"]).
@ -1230,7 +1230,7 @@ Only the fields POSTed will be updated, the rest is left intact. To view all pos
### POST admin/users/delete/
You can also delete users by POSTing to the below URL, but keep in mind that disabling users (by setting the disabled flag via an edit) is always prefered to keep user associations to events intact.
You can also delete users by POSTing to the below URL, but keep in mind that disabling users (by setting the disabled flag via an edit) is always preferred to keep user associations to events intact.
#### Parameters

View File

@ -52,6 +52,7 @@
|eppn| | | | | | |
|favicon-mmh3| | | | | | |
|filename| | X | | X | | |
|filename-pattern| | X | | X | | |
|filename|authentihash| | X | | | | |
|filename|impfuzzy| | X | | | | |
|filename|imphash| | X | | | | |
@ -155,6 +156,7 @@
|snort| | | | X | | |
|special-service-request| | | | | | |
|ssdeep| | X | | | | |
|ssh-fingerprint| | | | | | |
|stix2-pattern| | X | | | | |
|target-email| | | | | | |
|target-external| | | | | | |
@ -241,6 +243,7 @@
|eppn| X | | | | | |
|favicon-mmh3| X | | | | | |
|filename| | | X | X | | X |
|filename-pattern| X | | X | X | | |
|filename|authentihash| | | X | X | | |
|filename|impfuzzy| | | X | X | | |
|filename|imphash| | | X | X | | |
@ -344,6 +347,7 @@
|snort| X | | | | | |
|special-service-request| | | | | | |
|ssdeep| | | X | X | | |
|ssh-fingerprint| X | | | | | |
|stix2-pattern| X | | X | X | | |
|target-email| | | | | | |
|target-external| | | | | | |
@ -430,6 +434,7 @@
|eppn| | X | | |
|favicon-mmh3| | | | |
|filename| | | | |
|filename-pattern| | | | |
|filename|authentihash| | | | |
|filename|impfuzzy| | | | |
|filename|imphash| | | | |
@ -533,6 +538,7 @@
|snort| | | | |
|special-service-request| X | | | |
|ssdeep| | | | |
|ssh-fingerprint| | | | |
|stix2-pattern| | | | |
|target-email| | | | X |
|target-external| | | | X |
@ -639,6 +645,7 @@
* **eppn**: eduPersonPrincipalName - eppn - the NetId of the person for the purposes of inter-institutional authentication. Should be stored in the form of user@univ.edu, where univ.edu is the name of the local security domain.
* **favicon-mmh3**: favicon-mmh3 is the murmur3 hash of a favicon as used in Shodan.
* **filename**: Filename
* **filename-pattern**: A pattern in the name of a file
* **filename|authentihash**: A checksum in md5 format
* **filename|impfuzzy**: Import fuzzy hash - a fuzzy hash created based on the imports in the sample.
* **filename|imphash**: Import hash - a hash created based on the imports in the sample.
@ -742,6 +749,7 @@
* **snort**: An IDS rule in Snort rule-format
* **special-service-request**: A Special Service Request is a function to an airline to provide a particular facility for A Passenger or passengers.
* **ssdeep**: A checksum in ssdeep format
* **ssh-fingerprint**: A fingerprint of SSH key material
* **stix2-pattern**: STIX 2 pattern
* **target-email**: Attack Targets Email(s)
* **target-external**: External Target Organizations Affected by this Attack

View File

@ -24,7 +24,7 @@ Before installing the sample:
## Getting Started
After the prerequisites are installed or met, perform the following steps to use these scripts:
1. Download or clone this repository.
1. Download or clone [this repository](https://github.com/microsoftgraph/security-api-solutions/tree/master/Samples/MISP).
1. Go to directory `security-api-solutions/Samples/MISP`
1. Install dependencies. In the command line, run `pip3 install requests requests-futures pymisp`
1. To run script, go to the root directory of misp-graph-script and enter `PYTHONHASHSEED=0 python3 script.py` in the command line.
@ -159,7 +159,7 @@ Configure a sync user.
### Verify Cert
This gives you the option to choose if python should validate the certificate of the misp instance. (This allows ease within testing environments)
`misp_verifycert = False` IT IS RECOMENDED TO USE A VALID SSL CERT IN PRODUCTION AND CHANGE THIS TO TRUE
`misp_verifycert = False` IT IS RECOMMENDED TO USE A VALID SSL CERT IN PRODUCTION AND CHANGE THIS TO TRUE
## Instructions on Reading TiIndicators That Have Been Pushed
In the command line, run `python3 script.py -r`

View File

@ -18,7 +18,7 @@ Then we get the add event form.
Let's fill it with the data we already have:
* Date: Here we will put the date of the report, so 2016-11-14
* Distribution: Depending on the event, we might want it to be more or less spread accross the MISP instances. For this one, since it is a public report, there is no reason to limit the diffusion so "All communities".
* Distribution: Depending on the event, we might want it to be more or less spread across the MISP instances. For this one, since it is a public report, there is no reason to limit the diffusion so "All communities".
* Threat Level: Self explainatory. Since the ransomware in the report is not using a huge exploit, we can use low, or undefined as we don't really know. we'll go for the latter since it can be edited.
* Analysis: Give the current stage of the analysis. Since the report is published, we can assume that the analysis is completed.
* Event Info: The event's info is in fact the name or title of the event, so it seems legit to put the title of the report here as well. Since it is public information, we also prefix it with "OSINT".
@ -113,7 +113,7 @@ We only have the network indicators left, and as said before, we will let MISP d
![type recognition fail](figures/surprise.png)
Oh well, that was unexpected. In fact, it is not that surprising regarding the format of the tor address that look more like a filename than like a url but it is still a problem, since we can't change the type nor the category to a more consistant one. This is indeed one of the limitation of freetext import. To solve this issue, we will use a simple trick: we will add a slash at the end of the tor address so it won't be confused for a filename.
Oh well, that was unexpected. In fact, it is not that surprising regarding the format of the tor address that look more like a filename than like a url but it is still a problem, since we can't change the type nor the category to a more consistent one. This is indeed one of the limitation of freetext import. To solve this issue, we will use a simple trick: we will add a slash at the end of the tor address so it won't be confused for a filename.
![freetext import network](figures/free_network2.png)

View File

@ -34,7 +34,7 @@ for different monitoring tools:
- Using [Cacti](https://www.cacti.net/), a blog post with the [instruction](https://www.misp-project.org/2020/08/22/MISP-Monitoring-with-Cacti.html) is available.
- Using [Munin](http://munin-monitoring.org/), [misp-monitor](https://github.com/SteveClement/misp-monitor) for instructions.
- Using [Nagios](https://www.nagios.org/), [Monitoring MISP with Nagios](https://blog.rootshell.be/2020/08/25/monitoring-misp-with-nagios/)
- Using [OpenNMS](https://www.opennms.com/), a blog post with the [instructions](https://www.misp-project.org/2020/08/18/MISP-Monitoring-with-OpenNMS.html) is availabe.
- Using [OpenNMS](https://www.opennms.com/), a blog post with the [instructions](https://www.misp-project.org/2020/08/18/MISP-Monitoring-with-OpenNMS.html) is available.
- [Live monitoring of MISP usage](https://github.com/MISP/misp-monitoring) via the httpd logs.
***
@ -129,7 +129,7 @@ Source: [Getting started with MISP](http://www.vanimpe.eu/2015/05/31/getting-sta
MISP can be made more appealing to the eye by adding some graphics.
As Org.- or Site-admin navigate to *Administration* -> *List organisations* and edit the corresponding organization.
Withing this editor you will be able to update the logo.
Within this editor you will be able to update the logo.
Other ways to achieve this, would be:
@ -627,7 +627,7 @@ OR if you were foolish enough to not install in a Python virtualenv:
sudo -u www-data misp-modules -l 127.0.0.1 -s &
```
> [warning] Running misp-modules like this will certainly kill it once you quit the session. Make sure it is in your **/etc/rc.local** or some ther init script that gets run on boot.
> [warning] Running misp-modules like this will certainly kill it once you quit the session. Make sure it is in your **/etc/rc.local** or some other init script that gets run on boot.
## Uninstalling MISP
@ -1025,7 +1025,7 @@ sudo sudo systemctl restart apache2
### What are the required steps after a MISP installation to have a properly running instance?
- First login with the installation credentials and change the password immediatly (especially if your instance is publicly accessible)
- First login with the installation credentials and change the password immediately (especially if your instance is publicly accessible)
- Set the base_url to the hostname of your machine (apache virtualhost name)
- Create a new organisation which will be the host organisation running the MISP instance
- Set the new organisation in `MISP.host_org_id` to replace the default one

View File

@ -74,7 +74,7 @@ The __/galaxies__ file contains metatdatas and galaxy structure.
The __/clusters__ file contains actual data.
#### The galaxy managment GUI
#### The galaxy management GUI
![GalaxyManagment](./figures/GalaxyManagmentGui.png)

View File

@ -1,3 +1,4 @@
<!-- toc -->
# Feeds
@ -53,6 +54,7 @@ Here you will have access to a dynamic form. Let's check each field by order. Th
* Enabled: Is the feed active or not
* Caching enabled: Should the feed data be cached
* Lookup visible: If this is not checked, correlations will only show up for you; if checked, correlations are visible for other users as well
* Disable correlation: If this is checked, correlations will be disabled for all events coming from this Feed
* Name: Name to identify the feed; not required to be unique
* Provider: Name of the content provider
* Input Source: Where does the input come from
@ -97,6 +99,7 @@ Here you will have access to a dynamic form. Let's check each field by order. Th
* Connected communities
* All communities
* Sharing Group. In this case, a new field Sharing Group appears where you must select a group.
* Inherit from Feed (only for MISP feeds). In this case the original distribution and Sharing Group from the feed will be used. Note that the `feed_generator.py` needs to be configured with `with_distribution = True`. Data will be imported as "Your organisation only" if the distribution is not present in the feed.
* Default Tag: A default tag can be added to the created event(s)

Binary file not shown.

Before

Width:  |  Height:  |  Size: 152 KiB

After

Width:  |  Height:  |  Size: 164 KiB

View File

@ -68,7 +68,7 @@ Sharing groups in MISP are a more granular way to create re-usable distribution
The most general use-cases for sharing groups are creating re-usable topical subgroups in MISP that share events or for ad-hoc sharing scenarios (such as several organisations involved in a specific incident wanting to work together). Generally sharing groups add a level of complexity for the users involved as well as a performance overhead on the data marked with it.
As a best-practice recommendation, using traditional distribution methods is prefered unless they cannot cover the given use-case. Also, whilst sharing groups can be assigned to both events and attributes, it is highly recommended to use the special "inherit" distribution setting on attributes whenever the attribute's sharing group would match the event's.
As a best-practice recommendation, using traditional distribution methods is preferred unless they cannot cover the given use-case. Also, whilst sharing groups can be assigned to both events and attributes, it is highly recommended to use the special "inherit" distribution setting on attributes whenever the attribute's sharing group would match the event's.
Sharing groups consist of the following elements, each of which has its own page in the sharing group creator/editor tool (accessed via the Global actions -> List Sharing Groups and Add Sharing Group functionalities):
@ -105,7 +105,7 @@ For users trying to populate an event, after clicking on the populate from templ
![Choose the most appropriate template for your event.](figures/template_choice.png)
Once you have chosen a template, you'll be presented with the actual form contained within. Make sure you fill out as many fields as possible with the mandatory fields - marked by a star in a bracket such as this: (*) - are filled out.
Templates are devided into sections, with each section having a title and a description in addition to a series of fields. Each field can be an attribute or a file attachment field. An attribute field has the following components:
Templates are divided into sections, with each section having a title and a description in addition to a series of fields. Each field can be an attribute or a file attachment field. An attribute field has the following components:
![MISP will generate attributes based on the field's settings and the data that you provide.](figures/template_field.png)
@ -467,7 +467,7 @@ If you ever need to change the data about the linked servers or remove any conne
![Apart from editing / deleting the link to the remote server, you can issue a push all or pull all command from here.](figures/list_servers.png)
* **Editing the connection to the:** By clicking edit a view, [that is identical to the new instance view](#setting-up-a-connection-to-another-server), is loaded, with all the current information of the instance pre-entered.
* **Editing the connection to the instance:** By clicking edit a view, [that is identical to the new instance view](#setting-up-a-connection-to-another-server), is loaded, with all the current information of the instance pre-entered.
* **Deleting the connection to the instance:** Clicking the delete button will delete the link to the instance.
* **Push all:** By clicking this button, all events that are eligible to be pushed on the instance you are on will start to be pushed to the remote instance. Events and attributes that exist on the far end will be updated.
* **Pull all:** By clicking this button, all events that are set to be pull-able or full access on the remote server will be copied to this instance. Existing events will not be updated.
@ -481,12 +481,12 @@ The platform is also [RESTfull](http://en.wikipedia.org/wiki/Representational_st
Use any HTTP compliant library to perform requests.
You can choose which format you would like to use as input/output for the REST calls by specifying the Accept and Content-Type headers.
The following headers are required if you wish to recieve / push XML data:
The following headers are required if you wish to receive / push XML data:
**Authorization**: _your authorisation key_
**Accept**: _application/xml_
**Content-Type**: _application/xml_
The following headers are required if you wish to recieve / push JSON data:
The following headers are required if you wish to receive / push JSON data:
**Authorization**: _your authorisation key_
**Accept**: _application/json_
**Content-Type**: _application/json_
@ -658,7 +658,7 @@ Content-Type: application/xml
</response>
```
The respone from requesting an invalid page
The response from requesting an invalid page
```xml
<?xml version = "1.0" encoding = "UTF-8"?>