From 5ef80d3d0ec0bbf4bb6303c8c46b560da564f72a Mon Sep 17 00:00:00 2001
From: Stefano Ortolani <ortolanis@vmware.com>
Date: Tue, 6 Aug 2024 13:18:32 +0100
Subject: [PATCH] Add syncservers pull rules

---
 core/files/configure_misp.sh | 2 +-
 docker-compose.yml           | 1 +
 template.env                 | 4 ++++
 3 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/core/files/configure_misp.sh b/core/files/configure_misp.sh
index 9b006da..0ab9ef8 100755
--- a/core/files/configure_misp.sh
+++ b/core/files/configure_misp.sh
@@ -421,7 +421,7 @@ create_sync_servers() {
 
         # Add sync server
         echo "... adding new sync server ${NAME} with organization id ${ORG_ID}"
-        JSON_DATA=$(echo "${!DATA}" | jq --arg org_id ${ORG_ID} 'del(.remote_org_uuid) | . + {remote_org_id: $org_id}')
+        JSON_DATA=$(echo "${!DATA}" | jq --arg org_id ${ORG_ID} 'del(.remote_org_uuid) | . + {remote_org_id: $org_id} | del(..|select(. == ""))')
         add_server ${BASE_URL} ${ADMIN_KEY} "$JSON_DATA" > /dev/null
     done
 }
diff --git a/docker-compose.yml b/docker-compose.yml
index eb62c88..07816fc 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -148,6 +148,7 @@ services:
           "name": "${SYNCSERVERS_1_NAME}",
           "authkey": "${SYNCSERVERS_1_KEY}",
           "url": "${SYNCSERVERS_1_URL}",
+          "pull_rules": "${SYNCSERVERS_1_PULL_RULES}",
           "pull": true
         }
       # mysql settings
diff --git a/template.env b/template.env
index 3ff4bb6..ede3faf 100644
--- a/template.env
+++ b/template.env
@@ -63,6 +63,10 @@ SYNCSERVERS_1_URL=
 SYNCSERVERS_1_NAME=
 SYNCSERVERS_1_UUID=
 SYNCSERVERS_1_KEY=
+# pull rules are JSON encoded (and escaped) dictionaries
+# Example: only pull events where the analysis is complete
+# 	SYNCSERVERS_1_PULL_RULES='{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"{\\\"searchanalysis\\\": \\\"2\\\"}\"}'
+SYNCSERVERS_1_PULL_RULES=
 
 # optional and used to set mysql db and credentials
 # MYSQL_HOST=