MISP
/
misp-book
mirror of https://github.com/MISP/misp-book
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #212 from Wachizungu/add-publish-alert-filter-valid-filters 

chg: [Administration] close #198 - document publish alert filter vali…
pull/214/head
Andras Iklody 2021-02-20 23:41:49 +01:00 committed by GitHub
parent f614e53289 ee64c5f8a8
commit b0cf4c06a4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
administration/README.md
View File

@ -447,7 +447,15 @@ A new screen appears. Make sure the “Setting” drop down box shows “publish
The text field “Value” contains the filter, which needs to be provided in JSON format. Important JSON-objects which can be used here go by the name AND”, “OR” and “NOT”. These should be structured in a logical tree.
The filtering can be applied to tags or to a publishing organization.
The filtering can be applied to tags, the publishing organization and the threat level. Valid filters:
- AttributeTag.name
- EventTag.name
- Tag.name (checks against both event and attribute tags)
- Orgc.uuid (creator org uuid)
- Orgc.name (creator org name)
- ThreatLevel.name
In the following example, all notifications will be filtered which carry tlp.white and tlp.green in the name of the tag: