'description'=>"POST a MISP Attribute JSON to this API to update an Attribute. If the timestamp is set, it has to be newer than the existing Attribute.",
'description'=>"POST a list of attribute IDs in JSON format to this API to delete the given attributes. This API also expects an event ID passed via the URL or via the event_id key. The id key also takes 'all' as a parameter for a wildcard search to mass delete attributes. If you want the function to also hard-delete already soft-deleted attributes, pass the allow_hard_delete key.",
'description'=>"Search MISP using a list of filter parameters and return the data in the selected format. The search is available on an event and an attribute level, just select the scope via the URL (/events/restSearch vs /attributes/restSearch). Besides the parameters listed, other, format specific ones can be passed along (for example: requested_attributes and includeContext for the CSV export). This API allows pagination via the page and limit parameters.",
'description'=>"POST a MISP Event JSON to this API to create an Event. Contained objects can also be included (such as attributes, objects, tags, etc).",
'description'=>"POST a MISP Event JSON to this API to update an Event. Contained objects can also be included (such as attributes, objects, tags, etc). If the timestamp is set, it has to be newer than the existing Attribute.",
'description'=>"Search MISP using a list of filter parameters and return the data in the selected format. The search is available on an event and an attribute level, just select the scope via the URL (/events/restSearch vs /attributes/restSearch). Besides the parameters listed, other, format specific ones can be passed along (for example: requested_attributes and includeContext for the CSV export). This API allows pagination via the page and limit parameters.",
'description'=>'Sending a GET request to this endpoint will show the parsed feed in JSON format.',
'mandatory'=>array(),
'optional'=>array(),
'params'=>array('feed_id'),
'http_method'=>'GET'
)
),
'Log'=>array(
'admin_index'=>array(
'description'=>"POST a filter object to receive a JSON with the log entries matching the query. A simple get request will return the entire DB. You can use the filter parameters as url parameters with a GET request such as: https://path.to.my.misp/admin/logs/page:1/limit:200 - to run substring queries simply append/prepend/encapsulate the search term with %. All restSearch rules apply.",
'description'=>"Simply run a get request on this endpoint to get the relevant log entries for a given event. This functionality is open to any user having access to a given event."
)
),
'Organisation'=>array(
'admin_add'=>array(
'description'=>"POST an Organisation object in JSON format to this API to create a new organsiation.",
'description'=>"POST a Role object in JSON format to this API to create a new role. 'permission' sets the data access permission (0 => read only, 1 => add/edit own, 2 => add/edit org, 3 => publish)",
'mandatory'=>array('name'),
'optional'=>array(
'perm_delegate',
'perm_sync',
'perm_admin',
'perm_audit',
'perm_auth',
'perm_site_admin',
'perm_regexp_access',
'perm_tagger',
'perm_template',
'perm_sharing_group',
'perm_tag_editor',
'default_role',
'perm_sighting',
'permission'
)
),
'admin_edit'=>array(
'description'=>"POST a Role object in JSON format to this API to edit a role. 'permission' sets the data access permission (0 => read only, 1 => add/edit own, 2 => add/edit org, 3 => publish)",
'mandatory'=>array('name'),
'optional'=>array(
'perm_delegate',
'perm_sync',
'perm_admin',
'perm_audit',
'perm_auth',
'perm_site_admin',
'perm_regexp_access',
'perm_tagger',
'perm_template',
'perm_sharing_group',
'perm_tag_editor',
'default_role',
'perm_sighting',
'permission'
)
)
),
'Server'=>array(
'add'=>array(
'description'=>"POST an Server object in JSON format to this API to add a server.",
'description'=>"Send a GET request to this endpoint to get a full diagnostic along with all currently set settings of the current instance. This will also include the worker status"
)
),
'Sighting'=>array(
'add'=>array(
'description'=>"POST a simplified sighting object in JSON format to this API to add a or a list of sightings. Pass either value(s) or attribute IDs (can be uuids) to identify the target sightings.",
'description'=>"Search MISP sightings using a list of filter parameters and return the data in the JSON format. The search is available on an event, attribute or instance level, just select the scope via the URL (/sighting/restSearch/event vs /sighting/restSearch/attribute vs /sighting/restSearch/). id MUST be provided if context is set.",
'description'=>"POST a Sharing Group object in JSON format to this API to add a Sharing Group. The API will also try to capture attached organisations and servers if applicable to the current user.",
'description'=>"POST a Sharing Group object in JSON format to this API to edit a Sharing Group. The API will also try to capture attached organisations and servers if applicable to the current user.",
'description'=>"POST a body and a subject in a JSON to send an e-mail through MISP to the user ID given in the URL",
'mandatory'=>array('subject','body')
),
'change_pw'=>array(
'description'=>"POST a password via a JSON object containing the password key to reset the given user\'s password.",
'mandatory'=>array('password')
),
'statistics'=>array(
'description'=>'Simply GET the url endpoint to view the API output of the statistics API. Additional statistics are available via the following tab-options similar to the UI: data, orgs, users, tags, attributehistogram, sightings, attackMatrix',
'params'=>array('tab'),
'http_method'=>'GET'
)
),
'UserSetting'=>array(
'setSetting'=>array(
'description'=>"POST a User setting object in JSON format to this API to create a new setting or update the equivalent existing setting. Admins/site admins can specify a user ID besides their own.",
'mandatory'=>array('setting','value'),
'optional'=>array('user_id')
),
'delete'=>array(
'description'=>"POST or DELETE to this API to delete an existing setting.",
'params'=>array('id')
)
),
'Warninglist'=>array(
'checkValue'=>array(
'description'=>"POST a JSON list with value(s) to check against the warninglists to get a JSON dictionary as a response with any hits, if there are any (with the key being the passed value triggering a warning).",
'mandatory'=>array('[]')
),
'toggleEnable'=>array(
'description'=>"POST a json object with a single or a list of warninglist IDsIDs, or alternatively a (list of) substring(s) that match the names of warninglist(s) to toggle whether they're enabled or disabled. Specify the optional enabled boolean flag if you would like to enforce the outcome state. Not setting this flag will just toggle the current state.",'mandatory'=>array('id'),
$response['name']=$this->__generateURL($actionArray,$controller,false).' API description';
$response['description']=isset($this->__descriptions[Inflector::singularize($controller)][$action]['description'])?$this->__descriptions[Inflector::singularize($controller)][$action]['description']:'This API is not accessible via GET requests.';
'help'=>__('Is the sharing group selectable (active) when chosing distribution')
),
'all'=>array(
'input'=>'text',
'type'=>'string',
'help'=>__('Search for a full or a substring (delimited by % for substrings) in the event info, event tags, attribute tags, attribute values or attribute comment fields')
),
'all_orgs'=>array(
'input'=>'radio',
'type'=>'integer',
'values'=>array(1=>'True',0=>'False'),
'help'=>__('All organisations contained on the instance will be part of the sharing group')
'help'=>__('Contact details for the organisation')
),
'contactalert'=>array(
'input'=>'radio',
'type'=>'integer',
'values'=>array(1=>'True',0=>'False'),
'help'=>__('The user receive alerts from `contact reporter` requests')
),
'created'=>array(
'type'=>'date',
'validation'=>array('format'=>'YYYY-MM-DD'),
'plugin'=>'datepicker',
'plugin_config'=>array(
'format'=>'yyyy/mm/dd',
'todayBtn'=>'linked',
'todayHighlight'=>true,
'autoclose'=>true
),
),
'data'=>array(
'input'=>'text',
'type'=>'string',
'operators'=>array('equal'),
'help'=>__('Base64 encoded file contents')
),
'date'=>array(
'type'=>'date',
'validation'=>array('format'=>'YYYY-MM-DD'),
'plugin'=>'datepicker',
'plugin_config'=>array(
'format'=>'yyyy/mm/dd',
'todayBtn'=>'linked',
'todayHighlight'=>true,
'autoclose'=>true
),
'help'=>__('The user set date field on the event level. If you are using restSearch, you can use any of the valid time related filters (examples: 7d, timestamps, [14d, 7d] for ranges, etc.)')
),
'datefrom'=>array(
'type'=>'date',
'validation'=>array('format'=>'YYYY-MM-DD'),
'plugin'=>'datepicker',
'plugin_config'=>array(
'format'=>'yyyy/mm/dd',
'todayBtn'=>'linked',
'todayHighlight'=>true,
'autoclose'=>true
),
),
'dateuntil'=>array(
'type'=>'date',
'validation'=>array('format'=>'YYYY-MM-DD'),
'plugin'=>'datepicker',
'plugin_config'=>array(
'format'=>'yyyy/mm/dd',
'todayBtn'=>'linked',
'todayHighlight'=>true,
'autoclose'=>true
),
),
'decayingModel'=>array(
'input'=>'select',
'type'=>'string',
'operators'=>array('equal','not_equal'),
'unique'=>true,
'help'=>'Specify the decaying model from which the decaying score should be calculated'
),
'default_role'=>array(
'input'=>'radio',
'type'=>'integer',
'values'=>array(1=>'True',0=>'False'),
'help'=>__('The role is a default role (selected by default)')
),
'delete_local_file'=>array(
'input'=>'radio',
'type'=>'integer',
'values'=>array(1=>'True',0=>'False'),
'help'=>__('Remove file after ingestion')
),
'deleted'=>array(
'input'=>'radio',
'type'=>'integer',
'values'=>array(1=>'True',0=>'False'),
'help'=>__('Include deleted elements')
),
'delta_merge'=>array(
'input'=>'radio',
'type'=>'integer',
'values'=>array(1=>'True',0=>'False'),
'help'=>__('Merge attributes (only add new attribute, remove revoked attributes)')
),
'description'=>array(
'input'=>'text',
'type'=>'string',
'operators'=>array('equal'),
),
'disabled'=>array(
'input'=>'radio',
'type'=>'integer',
'values'=>array(1=>'True',0=>'False'),
'help'=>__('Disable the user account')
),
'distribution'=>array(
'input'=>'select',
'type'=>'integer',
'operators'=>['equal','not_equal'],
'values'=>array(0=>'dist1'),
),
'email'=>array(
'input'=>'text',
'type'=>'string',
'operators'=>array('equal','not_equal'),
'help'=>__('Filter on user email')
),
'enable_password'=>array(
'input'=>'radio',
'type'=>'integer',
'values'=>array(1=>'True',0=>'False'),
'help'=>__('Set the password manually')
),
'enabled'=>array(
'input'=>'radio',
'type'=>'integer',
'values'=>array(1=>'True',0=>'False')
),
'encrypt'=>array(
'input'=>'radio',
'type'=>'integer',
'values'=>array(1=>'True',0=>'False'),
'help'=>__('When uploading malicious samples, set this flag to tell MISP to encrpyt the sample and extract the file hashes. This will create a MISP object with the appropriate attributes.')
),
//'enforceWarningList' => array(
// 'input' => 'radio',
// 'type' => 'integer',
// 'values' => array(1 => 'True', 0 => 'False' )
//),
'enforceWarninglist'=>array(
'input'=>'radio',
'type'=>'integer',
'values'=>array(1=>'True',0=>'False'),
'help'=>__('Should the warning list be enforced. Adds `blocked` field for matching attributes')
),
'event_id'=>array(
'input'=>'number',
'type'=>'integer',
'operators'=>array('equal','not_equal'),
'validation'=>array('min'=>0,'step'=>1)
),
'event_timestamp'=>array(
'input'=>'number',
'type'=>'integer',
'operators'=>array('equal','not_equal'),
'validation'=>array('min'=>0,'step'=>1),
'help'=>__('The timestamp at which the event was last modified')
),
'attribute_timestamp'=>array(
'input'=>'number',
'type'=>'integer',
'operators'=>array('equal','not_equal'),
'validation'=>array('min'=>0,'step'=>1),
'help'=>__('The timestamp at which the attribute was last modified')
),
'eventid'=>array(
'input'=>'number',
'type'=>'integer',
'operators'=>array('equal','not_equal'),
'validation'=>array('min'=>0,'step'=>1)
),
'eventinfo'=>array(
'input'=>'text',
'type'=>'string',
'operators'=>array('equal','not_equal'),
'help'=>__('Quick event description')
),
'exportable'=>array(
'input'=>'radio',
'type'=>'integer',
'values'=>array(1=>'True',0=>'False'),
'help'=>__('The tag is exported when synchronising with other instances')
),
'excludeDecayed'=>array(
'input'=>'radio',
'type'=>'integer',
'values'=>array(1=>'True',0=>'False'),
'help'=>'Should the decayed elements by excluded'
),
'excludeLocalTags'=>array(
'input'=>'radio',
'type'=>'integer',
'values'=>array(1=>'True',0=>'False'),
'help'=>__('Exclude local tags from the export')
),
'extend'=>array(
'input'=>'radio',
'type'=>'integer',
'values'=>array(1=>'True',0=>'False'),
'help'=>__('The organisation have write access to this sharing group (they can add/remove other organisation)')
),
'external_auth_required'=>array(
'input'=>'radio',
'type'=>'integer',
'values'=>array(1=>'True',0=>'False'),
'help'=>__('An external authorisation is required for this user')
),
'external_auth_key'=>array(
'input'=>'text',
'type'=>'string',
'operators'=>array('equal'),
'help'=>__('A valid external auth key')
),
'first_seen'=>array(
'input'=>'text',
'type'=>'string',
'operators'=>array('equal'),
'help'=>'A valid ISO 8601 datetime format, up to milli-seconds. i.e.: 2019-06-13T15:56:56.856074+02:00'
),
'fixed_event'=>array(
'input'=>'select',
'type'=>'integer',
'operators'=>array('equal'),
'values'=>array(0=>'New Event Each Pull',1=>'Fixed Event'),
'help'=>__('target_event option might be considered')
),
'from'=>array(
'type'=>'date',
'validation'=>array('format'=>'YYYY-MM-DD'),
'plugin'=>'datepicker',
'plugin_config'=>array(
'format'=>'yyyy/mm/dd',
'todayBtn'=>'linked',
'todayHighlight'=>true,
'autoclose'=>true
),
'help'=>__('The date from which the event was published')
),
'gpgkey'=>array(
'input'=>'text',
'type'=>'string',
'operators'=>array('equal'),
'help'=>__('A valid GPG key')
),
'hasproposal'=>array(
'input'=>'radio',
'type'=>'integer',
'values'=>array(1=>'True',0=>'False'),
'help'=>__('The event contains proposals')
),
'headers'=>array(
'input'=>'text',
'type'=>'string',
'operators'=>array('equal'),
'help'=>__('Headers to be passed with the requests. All separated by `\n`')
),
'hide_tag'=>array(
'input'=>'radio',
'type'=>'integer',
'values'=>array(1=>'True',0=>'False'),
'help'=>__('The tag is hidden (not selectable)')
),
'id'=>array(
'input'=>'number',
'type'=>'integer',
'operators'=>array('equal','not_equal'),
'validation'=>array('min'=>0,'step'=>1)
),
'includeAttribute'=>array(
'input'=>'radio',
'type'=>'integer',
'values'=>array(1=>'True',0=>'False'),
'help'=>__('Include matching attributes in the response')
),
'includeDecayScore'=>array(
'input'=>'radio',
'type'=>'integer',
'values'=>array(1=>'True',0=>'False'),
'help'=>'Include all enabled decaying score'
),
'includeEvent'=>array(
'input'=>'radio',
'type'=>'integer',
'values'=>array(1=>'True',0=>'False'),
'help'=>__('Include matching events in the response')
),
'includeEventUuid'=>array(
'input'=>'radio',
'type'=>'integer',
'values'=>array(1=>'True',0=>'False'),
'help'=>__('Include matching eventUuids in the response')
),
'includeEventTags'=>array(
'input'=>'radio',
'type'=>'integer',
'values'=>array(1=>'True',0=>'False'),
'help'=>__('Include tags of matching events in the response')
),
'includeFullModel'=>array(
'input'=>'radio',
'type'=>'integer',
'values'=>array(1=>'True',0=>'False'),
'help'=>'Include all model information of matching events in the response'
),
'includeProposals'=>array(
'input'=>'radio',
'type'=>'integer',
'values'=>array(1=>'True',0=>'False'),
'help'=>__('Include proposals of matching events in the response')
'help'=>__('Specify whether the source (url field) is a directory (local) or an geniun url (network)')
),
'ip'=>array(
'input'=>'text',
'type'=>'string',
'operators'=>array('equal'),
'help'=>__('The IP of a login attempt')
),
'json'=>array(
'input'=>'text',
'type'=>'string',
'operators'=>array('equal'),
'help'=>__('JSON containing ID, UUID and name')
),
'last'=>array(
'input'=>'text',
'type'=>'string',
'operators'=>array('equal','not_equal'),
'help'=>__('Events published within the last x amount of time, where x can be defined in days, hours, minutes (for example 5d or 12h or 30m)')
),
'last_seen'=>array(
'input'=>'text',
'type'=>'string',
'operators'=>array('equal'),
'help'=>'A valid ISO 8601 datetime format, up to milli-seconds. i.e.: 2019-06-13T15:56:56.856074+02:00'
),
'limit'=>array(
'input'=>'number',
'type'=>'integer',
'operators'=>array('equal'),
'validation'=>array('min'=>0,'step'=>1),
'help'=>__('Limit on the pagination')
),
'local'=>array(
'input'=>'radio',
'type'=>'integer',
'values'=>array(1=>'True',0=>'False'),
'help'=>__('If the organisation should have access to this instance, make sure that the Local organisation setting is checked. If you would only like to add a known external organisation for inclusion in sharing groups, uncheck the Local organisation setting.')
),
'lookup_visible'=>array(
'input'=>'radio',
'type'=>'integer',
'values'=>array(1=>'True',0=>'False'),
'help'=>__('The lookup will not be visible in the feed correlation')
),
'message'=>array(
'input'=>'text',
'type'=>'string',
'operators'=>array('equal','not_equal'),
'help'=>__('Message to be included')
),
'metadata'=>array(
'input'=>'radio',
'type'=>'integer',
'values'=>array(1=>'True',0=>'False'),
'help'=>__('Will only return the metadata of the given query scope, contained data is omitted.')
),
'minimal'=>array(
'input'=>'radio',
'type'=>'integer',
'values'=>array(1=>'True',0=>'False'),
'help'=>__('Will only return id, timestamp, published and uuid')
'help'=>'An alias to override on-the-fly the threshold of the decaying model'
),
'searchall'=>array(
'input'=>'radio',
'type'=>'integer',
'values'=>array(1=>'True',0=>'False'),
'help'=>__('Search for a full or a substring (delimited by % for substrings) in the event info, event tags, attribute tags, attribute values or attribute comment fields')
),
'sector'=>array(
'input'=>'text',
'type'=>'string',
'operators'=>array('equal'),
'help'=>__('The sector of the organisation')
),
'server_id'=>array(
'input'=>'number',
'type'=>'integer',
'operators'=>array('equal'),
'validation'=>array('min'=>0,'step'=>1),
),
'sgReferenceOnly'=>array(
'input'=>'radio',
'type'=>'integer',
'values'=>array(1=>'True',0=>'False'),
'help'=>__('Will only return the sharing group ID')
),
'sharing_group_id'=>array(
'input'=>'number',
'type'=>'integer',
'operators'=>array('equal','not_equal'),
'validation'=>array('min'=>0,'step'=>1)
),
'sharinggroup'=>array(
'input'=>'number',
'type'=>'integer',
'operators'=>array('equal','not_equal'),
'validation'=>array('min'=>0,'step'=>1),
'help'=>__('Sharing group ID')
),
'source'=>array(
'input'=>'text',
'type'=>'string',
'operators'=>array('equal'),
'help'=>__('The source of the Sighting (e.g. honeypot_1)')