From ce84ea5c96bcb9f9641cfff84fe731760012406a Mon Sep 17 00:00:00 2001 From: Deborah Servili Date: Thu, 30 Nov 2017 11:57:23 +0100 Subject: [PATCH] change order --- automation/README.md | 48 ++++++++++++++++++++++++-------------------- 1 file changed, 26 insertions(+), 22 deletions(-) diff --git a/automation/README.md b/automation/README.md index 4b3b557..5d497a4 100644 --- a/automation/README.md +++ b/automation/README.md @@ -142,28 +142,6 @@ You can also configure your tools to download the attributes from a specific eve https:///events/csv/download/ ~~~~ -Since version 2.4.82, the new export format allows to select more columns using the following query format: - -~~~~ -https:///events/csv/download/?attributes=timestamp,type,uuid,value -~~~~ - -The order of columns will be honoured including those related to object level information. - -To select object level columns, simply pre-pend the given object column’s name by object_, such as: - -~~~~ -https:///events/csv/download/?attributes=timestamp,type,uuid,value&object_attributes=uuid,name -~~~~ - -The following columns will be returned (all columns related to objects will be prefixed with object_): - -~~~~ -timestamp,type,uuid,value,object_uuid,object_name -~~~~ - -includeContext option includes the tags for the event for each line. - You can specify additional flags for CSV exports as follows: POST to: @@ -231,6 +209,32 @@ To export the attributes of all events that are of the type "domain", use the fo https:///events/csv/download/false/false/false/false/domain ~~~~ +#### Update 2.4.82 +Since version 2.4.82, the new export format allows to select more columns using the following query format: + +~~~~ +https:///events/csv/download/?attributes=timestamp,type,uuid,value +~~~~ + +The order of columns will be honoured including those related to object level information. + +To select object level columns, simply pre-pend the given object column’s name by object_, such as: + +~~~~ +https:///events/csv/download/?attributes=timestamp,type,uuid,value&object_attributes=uuid,name +~~~~ + +The following columns will be returned (all columns related to objects will be prefixed with object_): + +~~~~ +timestamp,type,uuid,value,object_uuid,object_name +~~~~ + +includeContext option includes the tags for the event for each line. + + + + ### NIDS rules export Automatic export of all network related attributes is available under the Snort or Suricata rule format. Only published events and attributes marked as IDS Signature are exported.