diff --git a/automation/README.md b/automation/README.md index b641724..ec95b98 100644 --- a/automation/README.md +++ b/automation/README.md @@ -27,6 +27,39 @@ The authorization is performed by using the following header: ~~~~ Authorization: YOUR API KEY ~~~~ + +#### Creating an automation key (using advanced authkeys) +Using the menu, go to Global Actions > My Profile and click "Auth keys" to show the auth keys view. + +![Screenshot of My Profile view with Auth keys expanded](./figures/create-authkey-1.png) + +The following form will be displayed: +![Screenshot of add authkey form](./figures/create-authkey-2-fill-form.png) + +You can add an optional comment to indicate what the key will be used for. + +You can also limit the usage of the key to specific IPs or subnets (one per line), by adding them in the Allowed IPs field. On some instances it is mandatory to set an IP allowlist. When adding subnets, please note that you need to use the format network_ip/subnet_mask . + +You can optionally set an expiration time for the key. + +Finally, it is also possible to make this key read-only, meaning that it will not be possible to do any changes on this instance using this automation key. + +After clicking submit you will get a confirmation that the auth key was created, the key will be shown only one time. +![Screenshot showing success message that is displayed when an ip was successfully pinned for an authkey](./figures/create-authkey-3-authkey-displayed.png) + +The same fields are available when editing an automation key. + +#### Pinning an allowed IP for an automation key (using advanced authkeys) +MISP will keep track of the unique IPs that were seen for a specific automation key. +You can easily limit future usage of an automation key to one of the IPs that was seen in the past. To do so, using the menu, go to Global Actions > My Profile and click "Auth keys" to show the auth keys view. If the automation key was used in the past, you will see the "Seen IPs" listed per key. Click on the pin button next to the IP you want to limit usage to. + +![Screenshot showing auth keys view with the pin button available for seen IPs](./figures/pin-step-1.png) +You will get a pop up requesting confirmation that you want to pin this IP for the key: + +![Screenshot showing pop up which is displayed, requesting user confirmation after clicking the pin IP button](./figures/pin-step-2-confirm.png) +After confirmation, if all goes well, you will get a confirmation that the allowed IP was set for the automation key: +![Screenshot showing success message that is displayed when an ip was successfully pinned for an authkey](./figures/pin-step-3-success-message.png) + ### Accept and Content-Type headers When performing your request, depending on the type of request, you might need to explicitly specify in what content type you want to get your results. This is done by setting one of the below Accept headers: diff --git a/automation/figures/create-authkey-1.png b/automation/figures/create-authkey-1.png new file mode 100644 index 0000000..45dd761 Binary files /dev/null and b/automation/figures/create-authkey-1.png differ diff --git a/automation/figures/create-authkey-2-fill-form.png b/automation/figures/create-authkey-2-fill-form.png new file mode 100644 index 0000000..a961798 Binary files /dev/null and b/automation/figures/create-authkey-2-fill-form.png differ diff --git a/automation/figures/create-authkey-3-authkey-displayed.png b/automation/figures/create-authkey-3-authkey-displayed.png new file mode 100644 index 0000000..bfafce6 Binary files /dev/null and b/automation/figures/create-authkey-3-authkey-displayed.png differ diff --git a/automation/figures/pin-step-1.png b/automation/figures/pin-step-1.png new file mode 100644 index 0000000..bf76e30 Binary files /dev/null and b/automation/figures/pin-step-1.png differ diff --git a/automation/figures/pin-step-2-confirm.png b/automation/figures/pin-step-2-confirm.png new file mode 100644 index 0000000..d598bf1 Binary files /dev/null and b/automation/figures/pin-step-2-confirm.png differ diff --git a/automation/figures/pin-step-3-success-message.png b/automation/figures/pin-step-3-success-message.png new file mode 100644 index 0000000..076da7f Binary files /dev/null and b/automation/figures/pin-step-3-success-message.png differ diff --git a/sharing/README.md b/sharing/README.md index 569aa53..662c0af 100644 --- a/sharing/README.md +++ b/sharing/README.md @@ -85,7 +85,7 @@ MISP has several organisation "pools", one for local and one for known external Choose the organisation from the selected pool that defines the host organisation on the remote side. Make sure that the remote instance is actually run by the organisation you select. When selecting data to push, this organisation will be used to determine membership of sharing groups. As a result, this setting is very important, since selecting the wrong organisation can lead to leaking confidential data (oversharing) or sharing less than intended. 6. **Authkey** -You can find the authentication key on your profile on the external server. If advanced auth keys is enabled you might have to create an auth key manually. This can be done on your profile view as well. +You can find the authentication key on your profile on the external server. If advanced auth keys is enabled you might have to create an auth key manually. This can be done on your profile view as well. Please refer to the [automation](../automation/README.md) section for more information about creating an automation key. 7. **Push** Allow the upload of events and their attributes. Only Events that match the given push rules (see 19) will be pushed to the server. Sightings and relevant galaxy clusters will not be pushed unless 'Push Sightings' and 'Push Galaxy Clusters' are enabled as well.