MISP
/
misp-book
mirror of https://github.com/MISP/misp-book
2
0
Fork 0
Code Issues Releases Wiki Activity

Update README.md

pull/160/head
Sascha Rommelfangen 2019-05-15 13:28:02 +02:00 committed by GitHub
parent 50495041ba
commit f063e2e638
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
faq/README.md
View File

@ -374,6 +374,22 @@ SG Option 2 (b has to pull from C):
This is not possible yet. This is not possible yet.
What you can do at the moment: Create a new event and extend it with the other (foreign) event. What you can do at the moment: Create a new event and extend it with the other (foreign) event.
## How to use the enforceWarninglist parameter in REST search?
If you would like to export IoCs, for example into a suricata rule and exclude all values matching your warning lists, you can use the following:
```
{
"returnFormat": "suricata",
"eventid": "24344",
"published": 0,
"enforceWarninglist": 1
}
```
Keep in mind that unpublished events need the `"published": 0` parameter in order to be exported.
<!-- <!--
Comment Place Holder Comment Place Holder
--> -->