new: [Automation] add advanced authkey creation and authkey allowed IP pinning section

pull/294/head
Jeroen Pinoy 2023-08-03 15:35:11 +02:00
parent 17bf2b8be4
commit fd50912b79
No known key found for this signature in database
GPG Key ID: DF33A50B8E4EE081
8 changed files with 34 additions and 1 deletions

View File

@ -27,6 +27,39 @@ The authorization is performed by using the following header:
~~~~ ~~~~
Authorization: YOUR API KEY Authorization: YOUR API KEY
~~~~ ~~~~
#### Creating an automation key (using advanced authkeys)
Using the menu, go to Global Actions > My Profile and click "Auth keys" to show the auth keys view.
![Screenshot of My Profile view with Auth keys expanded](./figures/create-authkey-1.png)
The following form will be displayed:
![Screenshot of add authkey form](./figures/create-authkey-2-fill-form.png)
You can add an optional comment to indicate what the key will be used for.
You can also limit the usage of the key to specific IPs or subnets (one per line), by adding them in the Allowed IPs field. On some instances it is mandatory to set an IP allowlist. When adding subnets, please note that you need to use the format network_ip/subnet_mask .
You can optionally set an expiration time for the key.
Finally, it is also possible to make this key read-only, meaning that it will not be possible to do any changes on this instance using this automation key.
After clicking submit you will get a confirmation that the auth key was created, the key will be shown only one time.
![Screenshot showing success message that is displayed when an ip was successfully pinned for an authkey](./figures/create-authkey-3-authkey-displayed.png)
The same fields are available when editing an automation key.
#### Pinning an allowed IP for an automation key (using advanced authkeys)
MISP will keep track of the unique IPs that were seen for a specific automation key.
You can easily limit future usage of an automation key to one of the IPs that was seen in the past. To do so, using the menu, go to Global Actions > My Profile and click "Auth keys" to show the auth keys view. If the automation key was used in the past, you will see the "Seen IPs" listed per key. Click on the pin button next to the IP you want to limit usage to.
![Screenshot showing auth keys view with the pin button available for seen IPs](./figures/pin-step-1.png)
You will get a pop up requesting confirmation that you want to pin this IP for the key:
![Screenshot showing pop up which is displayed, requesting user confirmation after clicking the pin IP button](./figures/pin-step-2-confirm.png)
After confirmation, if all goes well, you will get a confirmation that the allowed IP was set for the automation key:
![Screenshot showing success message that is displayed when an ip was successfully pinned for an authkey](./figures/pin-step-3-success-message.png)
### Accept and Content-Type headers ### Accept and Content-Type headers
When performing your request, depending on the type of request, you might need to explicitly specify in what content type you want to get your results. This is done by setting one of the below Accept headers: When performing your request, depending on the type of request, you might need to explicitly specify in what content type you want to get your results. This is done by setting one of the below Accept headers:

Binary file not shown.

After

Width:  |  Height:  |  Size: 352 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 116 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 97 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 492 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 32 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 278 KiB

View File

@ -85,7 +85,7 @@ MISP has several organisation "pools", one for local and one for known external
Choose the organisation from the selected pool that defines the host organisation on the remote side. Make sure that the remote instance is actually run by the organisation you select. When selecting data to push, this organisation will be used to determine membership of sharing groups. As a result, this setting is very important, since selecting the wrong organisation can lead to leaking confidential data (oversharing) or sharing less than intended. Choose the organisation from the selected pool that defines the host organisation on the remote side. Make sure that the remote instance is actually run by the organisation you select. When selecting data to push, this organisation will be used to determine membership of sharing groups. As a result, this setting is very important, since selecting the wrong organisation can lead to leaking confidential data (oversharing) or sharing less than intended.
6. **Authkey** 6. **Authkey**
You can find the authentication key on your profile on the external server. If advanced auth keys is enabled you might have to create an auth key manually. This can be done on your profile view as well. You can find the authentication key on your profile on the external server. If advanced auth keys is enabled you might have to create an auth key manually. This can be done on your profile view as well. Please refer to the [automation](../automation/README.md) section for more information about creating an automation key.
7. **Push** 7. **Push**
Allow the upload of events and their attributes. Only Events that match the given push rules (see 19) will be pushed to the server. Sightings and relevant galaxy clusters will not be pushed unless 'Push Sightings' and 'Push Galaxy Clusters' are enabled as well. Allow the upload of events and their attributes. Only Events that match the given push rules (see 19) will be pushed to the server. Sightings and relevant galaxy clusters will not be pushed unless 'Push Sightings' and 'Push Galaxy Clusters' are enabled as well.