From cb8270e1bc5e388c05a721b09624219baf3c8bc2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?D=C3=A9borah=20Servili?= Date: Mon, 20 Feb 2017 10:23:16 +0100 Subject: [PATCH] improving layout --- managing-feeds/README.md | 18 ++++++------------ 1 file changed, 6 insertions(+), 12 deletions(-) diff --git a/managing-feeds/README.md b/managing-feeds/README.md index 59bc286..07cac18 100644 --- a/managing-feeds/README.md +++ b/managing-feeds/README.md @@ -2,7 +2,7 @@ ## Managing feeds -/!\ You need to be at least %ROLE% to perform these actions. +:warning: You need to be at least site admin to perform these actions. To do so, you first need to access the list of feeds, using the top menu. ![List feeds menu](./figures/listfeeds.png) @@ -20,10 +20,8 @@ Here you will have access to a dynamic form. Let's check each field by order. * Enabled: Is the feed active or not * Name: Just a name to identify the feed * Provider: Name of the content provider - -![Input Source](./figures/inputsource.png) - -* Input Source: Where does the input come from +* Input Source: Where does the input come from +![Input Source](./figures/inputsource.png) * Network: hosted somewhere outside the platform * Local: Hosted on the local server. On this case, a new choice will appear: * Remove input after ingestion: As implied, if checked, the source is deleted after usage @@ -33,14 +31,12 @@ Here you will have access to a dynamic form. Let's check each field by order. * The Source Format can be: ![Source Format](./figures/sourceformat.png) - * MISP Feed: The source points to a list of json formated like MISP events. + * MISP Feed: The source points to a list of json formated like MISP events. Example: https://www.circl.lu/doc/misp/feed-osint * Freetext Parsed Feed: ![Freetext Parsed Feed](./figures/freetextparsedfeed.png) - * Target Event: Which will be the event getting updated with the data from the feed. - * New Event Each Pull: A new event will be created each time the feed is pulled - * Fixed Event: A unique event will be updated with the new data. This event is determined by the next field + * Target Event: Which will be the event getting updated with the data from the feed. Can be either "New Event Each Pull" (A new event will be created each time the feed is pulled) or "Fixed Event" (A unique event will be updated with the new data. This event is determined by the next field) ![Target Event](./figures/targetevent.png) * Target Event ID: The id of the event where the data will be added (if not set, the field will be set the first time the feed is fetched) * Exclusion Regex: Add a regex pattern for detecting iocs that should be skipped (this can be useful to exclude any references to the actual report / feed for example) @@ -50,9 +46,7 @@ Here you will have access to a dynamic form. Let's check each field by order. * Simple CSV Parsed Feed: ![Simple CSV Parsed Feed](./figures/simplecsvparsedfeed.png) - * Target Event: Which will be the event getting updated with the data from the feed. - * New Event Each Pull: A new event will be created each time the feed is pulled - * Fixed Event: A unique event will be updated with the new data. This event is determined by the next field + * Target Event: Which will be the event getting updated with the data from the feed. Can be either "New Event Each Pull" (A new event will be created each time the feed is pulled) or "Fixed Event" (A unique event will be updated with the new data. This event is determined by the next field) * Target Event ID: The id of the event where the data will be added (if not set, the field will be set the first time the feed is fetched) * Exclusion Regex: Add a regex pattern for detecting iocs that should be skipped (this can be useful to exclude any references to the actual report / feed for example) * Value field(s) in the CSV: Select one or several fields that should be parsed by the CSV parser and converted into MISP attributes