MISP
/
misp-book
mirror of https://github.com/MISP/misp-book
2
0
Fork 0
Code Issues Releases Wiki Activity

fixing layout

pull/40/head
Déborah Servili 2017-02-20 08:44:13 +01:00
parent 7c3244e188
commit ce04309a80
1 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
managing-feeds/README.md
View File

@ -31,16 +31,16 @@ Here you will have access to a dynamic form. Let's check each field by order.
* Url: Url of the feed, where it is located
* The Source Format can be:
* The Source Format can be:
![Source Format](./figures/sourceformat.png)
* MISP Feed: The source points to a list of json formated like MISP events.
Example: https://www.circl.lu/doc/misp/feed-osint
* Freetext Parsed Feed:
* Freetext Parsed Feed:
![Freetext Parsed Feed](./figures/freetextparsedfeed.png)
* Target Event: Which will be the event getting updated with the data from the feed.
* New Event Each Pull: A new event will be created each time the feed is pulled
* Fixed Event: A unique event will be updated with the new data. This event is determined by the next field
* Fixed Event: A unique event will be updated with the new data. This event is determined by the next field
![Target Event](./figures/targetevent.png)
* Target Event ID: The id of the event where the data will be added (if not set, the field will be set the first time the feed is fetched)
* Exclusion Regex: Add a regex pattern for detecting iocs that should be skipped (this can be useful to exclude any references to the actual report / feed for example)
@ -48,7 +48,7 @@ Here you will have access to a dynamic form. Let's check each field by order.
* Override IDS Flag: If checked, the IDS flag will be set to false
* Delta Merge: If checked, only data coming from the last fetch are kept, the old ones are deleted.
* Simple CSV Parsed Feed:
* Simple CSV Parsed Feed:
![Simple CSV Parsed Feed](./figures/simplecsvparsedfeed.png)
* Target Event: Which will be the event getting updated with the data from the feed.
* New Event Each Pull: A new event will be created each time the feed is pulled
@ -65,12 +65,12 @@ Here you will have access to a dynamic form. Let's check each field by order.
* Default Tag: A default tag can be added to the created event(s)
* Filter rules: Here you can define which tags or organisations are allowed or blocked.
* Filter rules: Here you can define which tags or organisations are allowed or blocked.
![Filter rules](./figures/filterrules.png)
To add a tag (resp. organisation), first type it into the top middle (resp. bottom middle) text field . Then use the arrows that point to the outside to add it to the allowed or blocked tags (resp. organisations) list.
![Add Filter rules](./figures/addfilterrules.png)
To add a tag (resp. organisation), first type it into the top middle (resp. bottom middle) text field . Then use the arrows that point to the outside to add it to the allowed or blocked tags (resp. organisations) list.
![Add Filter rules](./figures/addfilterrules.png)
![Add Filter rules](./figures/addfilterrules2.png)
To remove a tag (resp. organisation), select it in the list and click on the arrow pointing to the inside.
![Remove Filter rules](./figures/removefilterrules.png)
To remove a tag (resp. organisation), select it in the list and click on the arrow pointing to the inside.
![Remove Filter rules](./figures/removefilterrules.png)
![Remove Filter rules](./figures/removefilterrules2.png)