MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [covid-19] script generation added

pull/21/head
Alexandre Dulaunoy 2020-04-09 09:40:24 +02:00
parent 0155088a3a
commit 67318967d2
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 36 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
_pages/covid-19-misp.md
View File

@ -46,6 +46,42 @@ Two public feeds are automatically generated from COVID-19 MISP. A filtered feed
- [covid_misp_filtered_ioc_list.csv](https://covid-19.iglocska.eu/public/covid_misp_filtered_ioc_list.csv)
- [covid_misp_full_ioc_list.csv](https://covid-19.iglocska.eu/public/covid_misp_full_ioc_list.csv)
## How are the public feeds generated
As the MISP API is quite versatile, the script to generate the public feeds is described below:
~~~~shell
curl \
-d '{"returnFormat":"csv","tags":["pandemic:covid-19=\"cyber\""],"enforceWarninglist":1,"requested_attributes":["value","type","event_info"]}' \
-H "Authorization: [API KEY]" \
-H "Accept: application/json" \
-H "Content-type: application/json" \
-X POST https://covid-19.iglocska.eu/events/restSearch \
> /var/www/MISP/app/webroot/public/covid_misp_full_ioc_list.csv
chown www-data:www-data /var/www/MISP/app/webroot/public/covid_misp_full_ioc_list.csv
curl \
-d '{"returnFormat":"csv","org":["CIRCL"], "enforceWarninglist":1,"requested_attributes":["value","type","event_info"], "tags":["pandemic:covid-19=\"cyber\""]
}' \
-H "Authorization: [API KEY]" \
-H "Accept: application/json" \
-H "Content-type: application/json" \
-X POST https://covid-19.iglocska.eu/events/restSearch \
> /var/www/MISP/app/webroot/public/covid_misp_filtered_ioc_list.csv
curl \
-d '{"returnFormat":"csv","eventid":[262, 372, 269],"enforceWarninglist":1,"requested_attributes":["value","type","event_info"],"tags":["pandemic:covid-19=\"c
yber\""], "headerless": 1}' \
-H "Authorization: [API KEY]" \
-H "Accept: application/json" \
-H "Content-type: application/json" \
-X POST https://covid-19.iglocska.eu/events/restSearch \
>> /var/www/MISP/app/webroot/public/covid_misp_filtered_ioc_list.csv
chown www-data:www-data /var/www/MISP/app/webroot/public/covid_misp_filtered_ioc_list.csv
~~~~
## How to access the COVID-19 MISP
- The url of COVID-19 MISP is the following [https://covid-19.iglocska.eu](https://covid-19.iglocska.eu).