MISP
/
misp-book
mirror of https://github.com/MISP/misp-book
2
0
Fork 0
Code Issues Releases Wiki Activity

change order

pull/75/head
Deborah Servili 2017-11-30 11:57:23 +01:00
parent 13e6d905ab
commit ce84ea5c96
1 changed files with 26 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
automation/README.md
View File

@ -142,28 +142,6 @@ You can also configure your tools to download the attributes from a specific eve
https://<misp url>/events/csv/download/<event-id> https://<misp url>/events/csv/download/<event-id>
~~~~ ~~~~
Since version 2.4.82, the new export format allows to select more columns using the following query format:
~~~~
https://<misp-instance>/events/csv/download/<event-id>?attributes=timestamp,type,uuid,value
~~~~
The order of columns will be honoured including those related to object level information.
To select object level columns, simply pre-pend the given object columns name by object_, such as:
~~~~
https://<misp-instance>/events/csv/download/<event-id>?attributes=timestamp,type,uuid,value&object_attributes=uuid,name
~~~~
The following columns will be returned (all columns related to objects will be prefixed with object_):
~~~~
timestamp,type,uuid,value,object_uuid,object_name
~~~~
includeContext option includes the tags for the event for each line.
You can specify additional flags for CSV exports as follows: You can specify additional flags for CSV exports as follows:
POST to: POST to:
@ -231,6 +209,32 @@ To export the attributes of all events that are of the type "domain", use the fo
https://<misp url>/events/csv/download/false/false/false/false/domain https://<misp url>/events/csv/download/false/false/false/false/domain
~~~~ ~~~~
#### Update 2.4.82
Since version 2.4.82, the new export format allows to select more columns using the following query format:
~~~~
https://<misp-instance>/events/csv/download/<event-id>?attributes=timestamp,type,uuid,value
~~~~
The order of columns will be honoured including those related to object level information.
To select object level columns, simply pre-pend the given object columns name by object_, such as:
~~~~
https://<misp-instance>/events/csv/download/<event-id>?attributes=timestamp,type,uuid,value&object_attributes=uuid,name
~~~~
The following columns will be returned (all columns related to objects will be prefixed with object_):
~~~~
timestamp,type,uuid,value,object_uuid,object_name
~~~~
includeContext option includes the tags for the event for each line.
### NIDS rules export ### NIDS rules export
Automatic export of all network related attributes is available under the Snort or Suricata rule format. Only published events and attributes marked as IDS Signature are exported. Automatic export of all network related attributes is available under the Snort or Suricata rule format. Only published events and attributes marked as IDS Signature are exported.