API Request ve Response Örnekleri
- Analyst Data
- Attributes
- Events
- Galaxies
- Galaxy Cluster
- Users
- Organisations
- Server
- Sharing Group
- Feed
- Object
- TAG
- Sighting
- Warninglist
- Noticelist
- Log
- Auth key
- UserSettings
- Taxonomy
Analyst Data
Add analyst data:
POST
https://misp.local/analystData/add/{analystType}/{objectUUID}/{ObjectType}
Response:
200:
AnalystNote:
{
"note": "Provide more context",
"language": "fr-BE",
"note_type_name": "Note",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"object_type": "Attribute",
"authors": "john.doe@admin.test",
"org_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"orgc_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"created": "2024-03-19 11:10:24",
"modified": "2024-03-19 11:10:24",
"distribution": "0",
"sharing_group_id": "1",
"locked": true
}
AnalystOpinion:
{
"comment": "Provide more context",
"opinion": 70,
"note_type_name": "Opinion",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"object_type": "Attribute",
"authors": "john.doe@admin.test",
"org_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"orgc_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"created": "2024-03-19 11:10:24",
"modified": "2024-03-19 11:10:24",
"distribution": "0",
"sharing_group_id": "1",
"locked": true
}
AnalystRelationship:
{
"related_object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"related_object_type": "Attribute",
"relationship_type": "related-to",
"note_type_name": "Relationship",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"object_type": "Attribute",
"authors": "john.doe@admin.test",
"org_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"orgc_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"created": "2024-03-19 11:10:24",
"modified": "2024-03-19 11:10:24",
"distribution": "0",
"sharing_group_id": "1",
"locked": true
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Edit analyst data:
POST
https://misp.local/analystData/edit/{analystType}/{analystDataID}
Response:
200:
AnalystNote:
{
"note": "Provide more context",
"language": "fr-BE",
"note_type_name": "Note",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"object_type": "Attribute",
"authors": "john.doe@admin.test",
"org_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"orgc_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"created": "2024-03-19 11:10:24",
"modified": "2024-03-19 11:10:24",
"distribution": "0",
"sharing_group_id": "1",
"locked": true
}
AnalystOpinion:
{
"comment": "Provide more context",
"opinion": 70,
"note_type_name": "Opinion",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"object_type": "Attribute",
"authors": "john.doe@admin.test",
"org_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"orgc_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"created": "2024-03-19 11:10:24",
"modified": "2024-03-19 11:10:24",
"distribution": "0",
"sharing_group_id": "1",
"locked": true
}
AnalystRelationship:
{
"related_object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"related_object_type": "Attribute",
"relationship_type": "related-to",
"note_type_name": "Relationship",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"object_type": "Attribute",
"authors": "john.doe@admin.test",
"org_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"orgc_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"created": "2024-03-19 11:10:24",
"modified": "2024-03-19 11:10:24",
"distribution": "0",
"sharing_group_id": "1",
"locked": true
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Delete Analyst data:
DELETE
https://misp.local/analystData/delete/{analystType}/{analystDataID}
Response:
200:
{
"message": "Analyst Note deleted."
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
List Analyst data:
GET
https://misp.local/analystData/delete/{analystType}/{analystDataID}
Response:
200:
[
{
"note": "Provide more context",
"language": "fr-BE",
"note_type_name": "Note",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"object_type": "Attribute",
"authors": "john.doe@admin.test",
"org_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"orgc_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"created": "2024-03-19 11:10:24",
"modified": "2024-03-19 11:10:24",
"distribution": "0",
"sharing_group_id": "1",
"locked": true
}
]
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}}
Get Analyst Data by ID:
GET
https://misp.local/analystData/view/{analystType}/{analystDataID}
Response:
200:
AnalystNote:
{
"note": "Provide more context",
"language": "fr-BE",
"note_type_name": "Note",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"object_type": "Attribute",
"authors": "john.doe@admin.test",
"org_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"orgc_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"created": "2024-03-19 11:10:24",
"modified": "2024-03-19 11:10:24",
"distribution": "0",
"sharing_group_id": "1",
"locked": true
}
AnalystOpinion:
{
"comment": "Provide more context",
"opinion": 70,
"note_type_name": "Opinion",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"object_type": "Attribute",
"authors": "john.doe@admin.test",
"org_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"orgc_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"created": "2024-03-19 11:10:24",
"modified": "2024-03-19 11:10:24",
"distribution": "0",
"sharing_group_id": "1",
"locked": true
}
AnalystRelationship:
{
"related_object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"related_object_type": "Attribute",
"relationship_type": "related-to",
"note_type_name": "Relationship",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"object_type": "Attribute",
"authors": "john.doe@admin.test",
"org_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"orgc_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"created": "2024-03-19 11:10:24",
"modified": "2024-03-19 11:10:24",
"distribution": "0",
"sharing_group_id": "1",
"locked": true
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Attributes
[restSearch] Get a filtered and paginated list of attributes:
POST
https://misp.local/attributes/restSearch
Resquest:
{
"page": 1,
"limit": 0,
"value": "127.0.0.1",
"value1": "127.0.0.1",
"value2": "127.0.0.1",
"type": "md5",
"category": "Internal reference",
"org": "12345",
"tags": [
"tlp:amber"
],
"from": "string",
"to": "string",
"last": 0,
"eventid": "12345",
"withAttachments": false,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"publish_timestamp": "1617875568",
"published": false,
"timestamp": "1617875568",
"attribute_timestamp": "1617875568",
"enforceWarninglist": true,
"to_ids": true,
"deleted": false,
"event_timestamp": "1617875568",
"threat_level_id": "1",
"eventinfo": "string",
"sharinggroup": [
"1"
],
"decayingModel": "string",
"score": "string",
"first_seen": "string",
"last_seen": "string",
"includeEventUuid": false,
"includeEventTags": false,
"includeProposals": false,
"requested_attributes": [
"id"
],
"includeContext": true,
"headerless": true,
"includeWarninglistHits": true,
"attackGalaxy": "mitre-attack",
"object_relation": "filepath",
"includeSightings": true,
"includeCorrelations": true,
"modelOverrides": {
"lifetime": 3,
"decay_speed": 2.3,
"threshold": 30,
"default_base_score": 80,
"base_score_config": {
"estimative-language:confidence-in-analytic-judgment": 0.25,
"estimative-language:likelihood-probability": 0.25,
"phishing:psychological-acceptability": 0.25,
"phishing:state": 0.2
}
},
"includeDecayScore": false,
"includeFullModel": false,
"excludeDecayed": false,
"returnFormat": "json"
}
Response:
200:
{
"response": {
"Attribute": [
{
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000",
"data": "string",
"event_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"decay_score": [
{
"score": 10.5,
"base_score": 80,
"decayed": true,
"DecayingModel": {
"id": "12345",
"name": "Phishing model"
}
}
],
"Event": {
"id": "12345",
"org_id": "12345",
"distribution": "0",
"info": "logged source ip",
"orgc_id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"date": "1991-01-15",
"published": false,
"analysis": "0",
"attribute_count": "321",
"timestamp": "1617875568",
"sharing_group_id": "1",
"proposal_email_lock": true,
"locked": true,
"threat_level_id": "1",
"publish_timestamp": "1617875568",
"sighting_timestamp": "1617875568",
"disable_correlation": false,
"extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"event_creator_email": "user@example.com"
},
"Object": {
"id": "12345",
"name": "ail-leak",
"meta-category": "string",
"description": "string",
"template_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"template_version": "1",
"event_id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "string",
"deleted": true,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000",
"Attribute": [
{
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
]
},
"Tag": [
{
"id": "12345",
"name": "tlp:white",
"colour": "#ffffff",
"exportable": true,
"org_id": "12345",
"user_id": "12345",
"hide_tag": false,
"numerical_value": "12345",
"is_galaxy": true,
"is_custom_galaxy": true,
"inherited": 1
}
]
}
]
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Add an attribute:
POST
https://misp.local/attributes/add/{eventId}
Resquest:
{
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
Response:
200:
{
"Attribute": {
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Edit an attribute:
PUT
https://misp.local/attributes/edit/{attributeId}
Resquest:
{
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
Response:
200:
{
"Attribute": {
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Delete an attribute:
DELETE
https://misp.local/attributes/delete/{attributeId}
Response:
200:
{
"message": "Attribute deleted."
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Restore an attribute:
POST
https://misp.local/attributes/restore/{attributeId}
Response:
200:
{
"Attribute": {
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Add a tag to an attribute:
POST
https://misp.local/attributes/addTag/{attributeId}/{tagId}/local:{local}
Response:
200:
{
"saved": true,
"success": "Tag added.",
"check_publish": true,
"errors": "Tag could not be added."
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Remove a tag from an attribute:
POST
https://misp.local/attributes/removeTag/{attributeId}/{tagId}
Response:
200:
{
"saved": true,
"success": "Tag removed.",
"check_publish": true,
"errors": "Tag could not be added."
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get a list of attributes:
GET
https://misp.local/attributes
Response:
200:
[
{
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
]
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get the count of attributes per category:
GET
https://misp.local/attributes/attributeStatistics/{context}/{percentage}
Response:
200:
[
{
"Antivirus detection": "10"
},
{
"Artifacts dropped": "20"
}
]
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get a list of the available attribute types:
GET
https://misp.local/attributes/describeTypes
Response:
200:
{
"sane_defaults": {
"md5": {
"default_category": "Payload delivery",
"to_ids": 1
},
"pdb": {
"default_category": "Artifacts dropped",
"to_ids": 0
}
},
"types": [
"md5"
],
"categories": [
"Internal reference"
],
"category_type_mappings": {
"Internal reference": [
"text",
"link",
"comment",
"other"
],
"Antivirus detection": [
"link",
"comment",
"text",
"hex",
"other"
]
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Events
[restSearch] Get a filtered and paginated list of events:
POST
https://misp.local/events/restSearch
Request:
{
"page": 1,
"limit": 0,
"value": "127.0.0.1",
"type": "md5",
"category": "Internal reference",
"org": "12345",
"tags": [
"tlp:amber"
],
"event_tags": [
"tlp:amber"
],
"searchall": "malware",
"from": "string",
"to": "string",
"last": 0,
"eventid": "12345",
"withAttachments": false,
"sharinggroup": [
"1"
],
"metadata": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"publish_timestamp": "1617875568",
"timestamp": "1617875568",
"published": false,
"enforceWarninglist": true,
"sgReferenceOnly": true,
"requested_attributes": [
"id"
],
"includeContext": true,
"headerless": true,
"includeWarninglistHits": true,
"attackGalaxy": "mitre-attack",
"to_ids": true,
"deleted": false,
"excludeLocalTags": true,
"date": "string",
"includeSightingdb": true,
"tag": "tlp:white",
"object_relation": "filepath",
"threat_level_id": "1",
"returnFormat": "json"
}
Resquest:
200:
{
"response": [
{
"Event": {
"id": "12345",
"org_id": "12345",
"distribution": "0",
"info": "logged source ip",
"orgc_id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"date": "1991-01-15",
"published": false,
"analysis": "0",
"attribute_count": "321",
"timestamp": "1617875568",
"sharing_group_id": "1",
"proposal_email_lock": true,
"locked": true,
"threat_level_id": "1",
"publish_timestamp": "1617875568",
"sighting_timestamp": "1617875568",
"disable_correlation": false,
"extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"event_creator_email": "user@example.com",
"Feed": {
"id": "3",
"name": "CIRCL OSINT Feed",
"provider": "CIRCL",
"url": "https://www.circl.lu/doc/misp/feed-osint",
"rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
"enabled": true,
"distribution": "0",
"sharing_group_id": "1",
"tag_id": "12345",
"default": true,
"source_format": "1",
"fixed_event": true,
"delta_merge": true,
"event_id": "12345",
"publish": false,
"override_ids": true,
"settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\"\"},\"common\":{\"excluderegex\":\"\"},\"disable_correlation\":\"1\"}",
"input_source": "local",
"delete_local_file": true,
"lookup_visible": true,
"headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
"caching_enabled": true,
"force_to_ids": true,
"orgc_id": "12345",
"cache_timestamp": "1617875568"
},
"Org": {
"id": "12345",
"name": "ORGNAME",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
},
"Orgc": {
"id": "12345",
"name": "ORGNAME",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
},
"Attribute": [
{
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
],
"ShadowAttribute": [
{
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
],
"RelatedEvent": [
{}
],
"Galaxy": [
{
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"name": "Ransomware",
"type": "ransomware",
"description": "Ransomware galaxy based on ...",
"version": "1",
"icon": "globe",
"namespace": "misp",
"kill_chain_order": {
"fraud-tactics": [
"Initiation",
"Target Compromise",
"Perform Fraud",
"Obtain Fraudulent Assets",
"Assets Transfer",
"Monetisation"
]
}
}
],
"Object": [
{
"id": "12345",
"name": "ail-leak",
"meta-category": "string",
"description": "string",
"template_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"template_version": "1",
"event_id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "string",
"deleted": true,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000",
"Attribute": [
{
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
]
}
],
"EventReport": [
{
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"event_id": "12345",
"name": "Report of the incident",
"content": "string",
"distribution": "0",
"sharing_group_id": "1",
"timestamp": "1617875568",
"deleted": false
}
],
"Tag": [
{
"id": "12345",
"name": "tlp:white",
"colour": "#ffffff",
"exportable": true,
"org_id": "12345",
"user_id": "12345",
"hide_tag": false,
"numerical_value": "12345",
"is_galaxy": true,
"is_custom_galaxy": true,
"inherited": 1
}
],
"Event": {
"id": "12345",
"timestamp": "1617875568",
"sighting_timestamp": "1617875568",
"published": false,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"orgc_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
}
}
}
]
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Add event:
POST
https://misp.local/events/add
Request:
{
"org_id": "12345",
"distribution": "0",
"info": "logged source ip",
"orgc_id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"date": "1991-01-15",
"published": false,
"analysis": "0",
"attribute_count": "321",
"timestamp": "1617875568",
"sharing_group_id": "1",
"proposal_email_lock": true,
"locked": true,
"threat_level_id": "1",
"publish_timestamp": "1617875568",
"sighting_timestamp": "1617875568",
"disable_correlation": false,
"extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"event_creator_email": "user@example.com"
}
Response:
200:
{
"Event": {
"id": "12345",
"org_id": "12345",
"distribution": "0",
"info": "logged source ip",
"orgc_id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"date": "1991-01-15",
"published": false,
"analysis": "0",
"attribute_count": "321",
"timestamp": "1617875568",
"sharing_group_id": "1",
"proposal_email_lock": true,
"locked": true,
"threat_level_id": "1",
"publish_timestamp": "1617875568",
"sighting_timestamp": "1617875568",
"disable_correlation": false,
"extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"event_creator_email": "user@example.com",
"Feed": {
"id": "3",
"name": "CIRCL OSINT Feed",
"provider": "CIRCL",
"url": "https://www.circl.lu/doc/misp/feed-osint",
"rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
"enabled": true,
"distribution": "0",
"sharing_group_id": "1",
"tag_id": "12345",
"default": true,
"source_format": "1",
"fixed_event": true,
"delta_merge": true,
"event_id": "12345",
"publish": false,
"override_ids": true,
"settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\"\"},\"common\":{\"excluderegex\":\"\"},\"disable_correlation\":\"1\"}",
"input_source": "local",
"delete_local_file": true,
"lookup_visible": true,
"headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
"caching_enabled": true,
"force_to_ids": true,
"orgc_id": "12345",
"cache_timestamp": "1617875568"
},
"Org": {
"id": "12345",
"name": "ORGNAME",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
},
"Orgc": {
"id": "12345",
"name": "ORGNAME",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
},
"Attribute": [
{
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
],
"ShadowAttribute": [
{
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
],
"RelatedEvent": [
{}
],
"Galaxy": [
{
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"name": "Ransomware",
"type": "ransomware",
"description": "Ransomware galaxy based on ...",
"version": "1",
"icon": "globe",
"namespace": "misp",
"kill_chain_order": {
"fraud-tactics": [
"Initiation",
"Target Compromise",
"Perform Fraud",
"Obtain Fraudulent Assets",
"Assets Transfer",
"Monetisation"
]
}
}
],
"Object": [
{
"id": "12345",
"name": "ail-leak",
"meta-category": "string",
"description": "string",
"template_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"template_version": "1",
"event_id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "string",
"deleted": true,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000",
"Attribute": [
{
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
]
}
],
"EventReport": [
{
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"event_id": "12345",
"name": "Report of the incident",
"content": "string",
"distribution": "0",
"sharing_group_id": "1",
"timestamp": "1617875568",
"deleted": false
}
],
"Tag": [
{
"id": "12345",
"name": "tlp:white",
"colour": "#ffffff",
"exportable": true,
"org_id": "12345",
"user_id": "12345",
"hide_tag": false,
"numerical_value": "12345",
"is_galaxy": true,
"is_custom_galaxy": true,
"inherited": 1
}
]
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Edit event:
PUT
https://misp.local/events/edit/{eventId}
Request:
{
"org_id": "12345",
"distribution": "0",
"info": "logged source ip",
"orgc_id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"date": "1991-01-15",
"published": false,
"analysis": "0",
"attribute_count": "321",
"timestamp": "1617875568",
"sharing_group_id": "1",
"proposal_email_lock": true,
"locked": true,
"threat_level_id": "1",
"publish_timestamp": "1617875568",
"sighting_timestamp": "1617875568",
"disable_correlation": false,
"extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"event_creator_email": "user@example.com"
}
Response:
200:
{
"Event": {
"id": "12345",
"org_id": "12345",
"distribution": "0",
"info": "logged source ip",
"orgc_id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"date": "1991-01-15",
"published": false,
"analysis": "0",
"attribute_count": "321",
"timestamp": "1617875568",
"sharing_group_id": "1",
"proposal_email_lock": true,
"locked": true,
"threat_level_id": "1",
"publish_timestamp": "1617875568",
"sighting_timestamp": "1617875568",
"disable_correlation": false,
"extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"event_creator_email": "user@example.com",
"Feed": {
"id": "3",
"name": "CIRCL OSINT Feed",
"provider": "CIRCL",
"url": "https://www.circl.lu/doc/misp/feed-osint",
"rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
"enabled": true,
"distribution": "0",
"sharing_group_id": "1",
"tag_id": "12345",
"default": true,
"source_format": "1",
"fixed_event": true,
"delta_merge": true,
"event_id": "12345",
"publish": false,
"override_ids": true,
"settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\"\"},\"common\":{\"excluderegex\":\"\"},\"disable_correlation\":\"1\"}",
"input_source": "local",
"delete_local_file": true,
"lookup_visible": true,
"headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
"caching_enabled": true,
"force_to_ids": true,
"orgc_id": "12345",
"cache_timestamp": "1617875568"
},
"Org": {
"id": "12345",
"name": "ORGNAME",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
},
"Orgc": {
"id": "12345",
"name": "ORGNAME",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
},
"Attribute": [
{
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
],
"ShadowAttribute": [
{
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
],
"RelatedEvent": [
{}
],
"Galaxy": [
{
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"name": "Ransomware",
"type": "ransomware",
"description": "Ransomware galaxy based on ...",
"version": "1",
"icon": "globe",
"namespace": "misp",
"kill_chain_order": {
"fraud-tactics": [
"Initiation",
"Target Compromise",
"Perform Fraud",
"Obtain Fraudulent Assets",
"Assets Transfer",
"Monetisation"
]
}
}
],
"Object": [
{
"id": "12345",
"name": "ail-leak",
"meta-category": "string",
"description": "string",
"template_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"template_version": "1",
"event_id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "string",
"deleted": true,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000",
"Attribute": [
{
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
]
}
],
"EventReport": [
{
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"event_id": "12345",
"name": "Report of the incident",
"content": "string",
"distribution": "0",
"sharing_group_id": "1",
"timestamp": "1617875568",
"deleted": false
}
],
"Tag": [
{
"id": "12345",
"name": "tlp:white",
"colour": "#ffffff",
"exportable": true,
"org_id": "12345",
"user_id": "12345",
"hide_tag": false,
"numerical_value": "12345",
"is_galaxy": true,
"is_custom_galaxy": true,
"inherited": 1
}
]
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Delete event:
DELETE
https://misp.local/events/delete/{eventId}
Response:
200:
{
"saved": true,
"success": true,
"name": "Event deleted.",
"message": "Could not delete Event",
"url": "/events/delete/1",
"errors": "Event was not deleted."
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get a list of events:
GET
https://misp.local/events
Response:
200:
[
{
"id": "12345",
"org_id": "12345",
"distribution": "0",
"info": "logged source ip",
"orgc_id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"date": "1991-01-15",
"published": false,
"analysis": "0",
"attribute_count": "321",
"timestamp": "1617875568",
"sharing_group_id": "1",
"proposal_email_lock": true,
"locked": true,
"threat_level_id": "1",
"publish_timestamp": "1617875568",
"sighting_timestamp": "1617875568",
"disable_correlation": false,
"extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"event_creator_email": "user@example.com",
"Feed": {
"id": "3",
"name": "CIRCL OSINT Feed",
"provider": "CIRCL",
"url": "https://www.circl.lu/doc/misp/feed-osint",
"rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
"enabled": true,
"distribution": "0",
"sharing_group_id": "1",
"tag_id": "12345",
"default": true,
"source_format": "1",
"fixed_event": true,
"delta_merge": true,
"event_id": "12345",
"publish": false,
"override_ids": true,
"settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\"\"},\"common\":{\"excluderegex\":\"\"},\"disable_correlation\":\"1\"}",
"input_source": "local",
"delete_local_file": true,
"lookup_visible": true,
"headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
"caching_enabled": true,
"force_to_ids": true,
"orgc_id": "12345",
"cache_timestamp": "1617875568"
},
"Org": {
"id": "12345",
"name": "ORGNAME",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
},
"Orgc": {
"id": "12345",
"name": "ORGNAME",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
},
"Attribute": [
{
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
],
"ShadowAttribute": [
{
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
],
"RelatedEvent": [
{}
],
"Galaxy": [
{
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"name": "Ransomware",
"type": "ransomware",
"description": "Ransomware galaxy based on ...",
"version": "1",
"icon": "globe",
"namespace": "misp",
"kill_chain_order": {
"fraud-tactics": [
"Initiation",
"Target Compromise",
"Perform Fraud",
"Obtain Fraudulent Assets",
"Assets Transfer",
"Monetisation"
]
}
}
],
"Object": [
{
"id": "12345",
"name": "ail-leak",
"meta-category": "string",
"description": "string",
"template_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"template_version": "1",
"event_id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "string",
"deleted": true,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000",
"Attribute": [
{
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
]
}
],
"EventReport": [
{
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"event_id": "12345",
"name": "Report of the incident",
"content": "string",
"distribution": "0",
"sharing_group_id": "1",
"timestamp": "1617875568",
"deleted": false
}
],
"Tag": [
{
"id": "12345",
"name": "tlp:white",
"colour": "#ffffff",
"exportable": true,
"org_id": "12345",
"user_id": "12345",
"hide_tag": false,
"numerical_value": "12345",
"is_galaxy": true,
"is_custom_galaxy": true,
"inherited": 1
}
]
}
]
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Search events:
POST
https://misp.local/events/index
Request:
{
"page": 1,
"limit": 0,
"sort": "timestamp",
"direction": "asc",
"minimal": false,
"attribute": "covert channel",
"eventid": "12345",
"datefrom": "2021-03-05",
"dateuntil": "2021-03-05",
"org": "CIRCL",
"eventinfo": "Phishing campaing",
"tag": "tlp:white",
"tags": [
"tlp:amber",
"cycat:scope=\"exploit\""
],
"distribution": "0",
"sharinggroup": "1",
"analysis": "0",
"threatlevel": "1",
"email": "admin@admin.test",
"hasproposal": "1",
"timestamp": "1",
"publish_timestamp": "1",
"searchDatefrom": "2020-01-20",
"searchDateuntil": "2020-01-20"
}
Response:
200:
[
{
"id": "12345",
"org_id": "12345",
"distribution": "0",
"info": "logged source ip",
"orgc_id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"date": "1991-01-15",
"published": false,
"analysis": "0",
"attribute_count": "321",
"timestamp": "1617875568",
"sharing_group_id": "1",
"proposal_email_lock": true,
"locked": true,
"threat_level_id": "1",
"publish_timestamp": "1617875568",
"sighting_timestamp": "1617875568",
"disable_correlation": false,
"extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"event_creator_email": "user@example.com",
"Feed": {
"id": "3",
"name": "CIRCL OSINT Feed",
"provider": "CIRCL",
"url": "https://www.circl.lu/doc/misp/feed-osint",
"rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
"enabled": true,
"distribution": "0",
"sharing_group_id": "1",
"tag_id": "12345",
"default": true,
"source_format": "1",
"fixed_event": true,
"delta_merge": true,
"event_id": "12345",
"publish": false,
"override_ids": true,
"settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\"\"},\"common\":{\"excluderegex\":\"\"},\"disable_correlation\":\"1\"}",
"input_source": "local",
"delete_local_file": true,
"lookup_visible": true,
"headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
"caching_enabled": true,
"force_to_ids": true,
"orgc_id": "12345",
"cache_timestamp": "1617875568"
},
"Org": {
"id": "12345",
"name": "ORGNAME",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
},
"Orgc": {
"id": "12345",
"name": "ORGNAME",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
},
"Attribute": [
{
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
],
"ShadowAttribute": [
{
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
],
"RelatedEvent": [
{}
],
"Galaxy": [
{
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"name": "Ransomware",
"type": "ransomware",
"description": "Ransomware galaxy based on ...",
"version": "1",
"icon": "globe",
"namespace": "misp",
"kill_chain_order": {
"fraud-tactics": [
"Initiation",
"Target Compromise",
"Perform Fraud",
"Obtain Fraudulent Assets",
"Assets Transfer",
"Monetisation"
]
}
}
],
"Object": [
{
"id": "12345",
"name": "ail-leak",
"meta-category": "string",
"description": "string",
"template_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"template_version": "1",
"event_id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "string",
"deleted": true,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000",
"Attribute": [
{
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
]
}
],
"EventReport": [
{
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"event_id": "12345",
"name": "Report of the incident",
"content": "string",
"distribution": "0",
"sharing_group_id": "1",
"timestamp": "1617875568",
"deleted": false
}
],
"Tag": [
{
"id": "12345",
"name": "tlp:white",
"colour": "#ffffff",
"exportable": true,
"org_id": "12345",
"user_id": "12345",
"hide_tag": false,
"numerical_value": "12345",
"is_galaxy": true,
"is_custom_galaxy": true,
"inherited": 1
}
]
}
]
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get event by ID:
GET
https://misp.local/events/view/{eventId}
Response:
200:
{
"Event": {
"id": "12345",
"org_id": "12345",
"distribution": "0",
"info": "logged source ip",
"orgc_id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"date": "1991-01-15",
"published": false,
"analysis": "0",
"attribute_count": "321",
"timestamp": "1617875568",
"sharing_group_id": "1",
"proposal_email_lock": true,
"locked": true,
"threat_level_id": "1",
"publish_timestamp": "1617875568",
"sighting_timestamp": "1617875568",
"disable_correlation": false,
"extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"event_creator_email": "user@example.com",
"Feed": {
"id": "3",
"name": "CIRCL OSINT Feed",
"provider": "CIRCL",
"url": "https://www.circl.lu/doc/misp/feed-osint",
"rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
"enabled": true,
"distribution": "0",
"sharing_group_id": "1",
"tag_id": "12345",
"default": true,
"source_format": "1",
"fixed_event": true,
"delta_merge": true,
"event_id": "12345",
"publish": false,
"override_ids": true,
"settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\"\"},\"common\":{\"excluderegex\":\"\"},\"disable_correlation\":\"1\"}",
"input_source": "local",
"delete_local_file": true,
"lookup_visible": true,
"headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
"caching_enabled": true,
"force_to_ids": true,
"orgc_id": "12345",
"cache_timestamp": "1617875568"
},
"Org": {
"id": "12345",
"name": "ORGNAME",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
},
"Orgc": {
"id": "12345",
"name": "ORGNAME",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
},
"Attribute": [
{
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
],
"ShadowAttribute": [
{
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
],
"RelatedEvent": [
{}
],
"Galaxy": [
{
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"name": "Ransomware",
"type": "ransomware",
"description": "Ransomware galaxy based on ...",
"version": "1",
"icon": "globe",
"namespace": "misp",
"kill_chain_order": {
"fraud-tactics": [
"Initiation",
"Target Compromise",
"Perform Fraud",
"Obtain Fraudulent Assets",
"Assets Transfer",
"Monetisation"
]
}
}
],
"Object": [
{
"id": "12345",
"name": "ail-leak",
"meta-category": "string",
"description": "string",
"template_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"template_version": "1",
"event_id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "string",
"deleted": true,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000",
"Attribute": [
{
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
]
}
],
"EventReport": [
{
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"event_id": "12345",
"name": "Report of the incident",
"content": "string",
"distribution": "0",
"sharing_group_id": "1",
"timestamp": "1617875568",
"deleted": false
}
],
"Tag": [
{
"id": "12345",
"name": "tlp:white",
"colour": "#ffffff",
"exportable": true,
"org_id": "12345",
"user_id": "12345",
"hide_tag": false,
"numerical_value": "12345",
"is_galaxy": true,
"is_custom_galaxy": true,
"inherited": 1
}
]
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Publish an event:
POST
https://misp.local/events/publish/{eventId}
Response:
200:
{
"name": "Publish",
"message": "Job queued",
"url": "https://misp.local/events/alert/1",
"id": "string"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Unpublish an event:
POST
https://misp.local/events/addTag/{eventId}/{tagId}/local:{local}
Response:
200:
{
"saved": true,
"success": true,
"name": "Event unpublished.",
"message": "Event unpublished.",
"url": "/events/unpublish/1"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Add event tag:
POST
https://misp.local/events/addTag/{eventId}/{tagId}/local:{local}
Response:
200:
{
"saved": true,
"success": "Tag added.",
"check_publish": true,
"errors": "Tag could not be added."
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Remove event tag:
POST
https://misp.local/events/removeTag/{eventId}/{tagId}
Response:
200:
{
"saved": true,
"success": "Tag removed.",
"check_publish": true,
"errors": "Tag could not be added."
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Galaxies
Get galaxies:
GET
https://misp.local/galaxies
Response:
200:
[
{
"Galaxy": {
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"name": "Ransomware",
"type": "ransomware",
"description": "Ransomware galaxy based on ...",
"version": "1",
"icon": "globe",
"namespace": "misp",
"kill_chain_order": {
"fraud-tactics": [
"Initiation",
"Target Compromise",
"Perform Fraud",
"Obtain Fraudulent Assets",
"Assets Transfer",
"Monetisation"
]
}
}
}
]
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Search galaxies:
POST
https://misp.local/galaxies
Request:
{
"value": "botnet"
}
Response:
200:
[
{
"Galaxy": {
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"name": "Ransomware",
"type": "ransomware",
"description": "Ransomware galaxy based on ...",
"version": "1",
"icon": "globe",
"namespace": "misp",
"kill_chain_order": {
"fraud-tactics": [
"Initiation",
"Target Compromise",
"Perform Fraud",
"Obtain Fraudulent Assets",
"Assets Transfer",
"Monetisation"
]
}
}
}
]
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get galaxy by ID:
POST
https://misp.local/galaxies
Response:
200:
{
"Galaxy": {
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"name": "Ransomware",
"type": "ransomware",
"description": "Ransomware galaxy based on ...",
"version": "1",
"icon": "globe",
"namespace": "misp",
"kill_chain_order": {
"fraud-tactics": [
"Initiation",
"Target Compromise",
"Perform Fraud",
"Obtain Fraudulent Assets",
"Assets Transfer",
"Monetisation"
]
}
},
"GalaxyCluster": [
{
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"collection_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"type": "mitre-enterprise-attack-attack-pattern",
"value": "Brute Force - T1110",
"tag_name": "tlp:white",
"description": "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained...",
"galaxy_id": "12345",
"source": "https://github.com/mitre/cti",
"authors": [
"MITRE"
],
"version": "1",
"distribution": "0",
"sharing_group_id": "1",
"org_id": "12345",
"orgc_id": "12345",
"default": true,
"locked": true,
"extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"extends_version": "1",
"published": false,
"deleted": false,
"GalaxyElement": [
{
"id": "12345",
"galaxy_cluster_id": "12345",
"key": "categories",
"value": "Military"
}
]
}
]
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Force update the galaxies with the galaxy json definitions:
POST
https://misp.local/galaxies/update
Response:
200:
{
"saved": true,
"success": true,
"name": "Galaxies updated.",
"message": "Galaxies updated.",
"url": "/galaxies/update"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Delete a galaxy:
DELETE
https://misp.local/galaxies/delete/{galaxyId}
Response:
200:
{
"saved": true,
"success": true,
"name": "Galaxy deleted",
"message": "Galaxy deleted",
"url": "/galaxies/delete"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Import a galaxy cluster:
POST
https://misp.local/galaxies/import
Request:
[
{
"GalaxyCluster": {
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"collection_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"type": "mitre-enterprise-attack-attack-pattern",
"value": "Brute Force - T1110",
"tag_name": "tlp:white",
"description": "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained...",
"galaxy_id": "12345",
"source": "https://github.com/mitre/cti",
"authors": [
"MITRE"
],
"version": "1",
"distribution": "0",
"sharing_group_id": "1",
"org_id": "12345",
"orgc_id": "12345",
"default": true,
"locked": true,
"extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"extends_version": "1",
"published": false,
"deleted": false,
"GalaxyElement": [
{
"id": "12345",
"galaxy_cluster_id": "12345",
"key": "categories",
"value": "Military"
}
]
},
"Galaxy": {
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
}
}
]
Response:
200:
{
"saved": true,
"success": true,
"name": "'Galaxy clusters imported. 1 imported, 0 ignored, 0 failed.",
"message": "'Galaxy clusters imported. 1 imported, 0 ignored, 0 failed.",
"url": "/galaxies/import"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Export galaxy clusters
POST
https://misp.local/galaxies/export/{galaxyId}
Request:
{
"Galaxy": {
"default": true,
"custom": true,
"distribution": "0",
"format": "default",
"download": true
}
}
Response:
200:
GalaxyMispFormat:
{
"name": "Ransomware",
"type": "ransomware",
"authors": [
"MITRE"
],
"version": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"source": "https://github.com/mitre/cti",
"values": [
{
"description": "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained...",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"value": "Brute Force - T1110",
"extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"extends_Version": "1",
"meta": [
{
"categories": "botnet"
},
{
"refs": "http://example.com"
},
{
"aliases": [
"malware",
"win32",
"windows"
]
},
{
"topics": [
"Windows",
"Malware"
]
}
]
}
]
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Attach the galaxy cluster tag a given entity
POST
https://misp.local/galaxies/attachCluster/{attachTargetId}/{attachTargetType}/local:{local}
Request:
{
"Galaxy": {
"target_id": 1235
}
}
Response:
200:
{
"saved": true,
"success": "Cluster attached.",
"check_publish": true
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Galaxy Cluster
Add galaxy cluster:
GET
https://misp.local/galaxies
Request:
{
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"collection_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"type": "mitre-enterprise-attack-attack-pattern",
"value": "Brute Force - T1110",
"tag_name": "tlp:white",
"description": "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained...",
"galaxy_id": "12345",
"source": "https://github.com/mitre/cti",
"authors": [
"MITRE"
],
"version": "1",
"distribution": "0",
"sharing_group_id": "1",
"org_id": "12345",
"orgc_id": "12345",
"default": true,
"locked": true,
"extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"extends_version": "1",
"published": false,
"deleted": false,
"GalaxyElement": [
{
"id": "12345",
"galaxy_cluster_id": "12345",
"key": "categories",
"value": "Military"
}
]
}
Response:
200:
{
"GalaxyCluster": {
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"collection_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"type": "mitre-enterprise-attack-attack-pattern",
"value": "Brute Force - T1110",
"tag_name": "tlp:white",
"description": "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained...",
"galaxy_id": "12345",
"source": "https://github.com/mitre/cti",
"authors": [
"MITRE"
],
"version": "1",
"distribution": "0",
"sharing_group_id": "1",
"org_id": "12345",
"orgc_id": "12345",
"default": true,
"locked": true,
"extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"extends_version": "1",
"published": false,
"deleted": false,
"GalaxyElement": [
{
"id": "12345",
"galaxy_cluster_id": "12345",
"key": "categories",
"value": "Military"
}
]
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Edit galaxy cluster
POST
https://misp.local/galaxy_clusters/add/{galaxyId}
Request:
{
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"collection_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"type": "mitre-enterprise-attack-attack-pattern",
"value": "Brute Force - T1110",
"tag_name": "tlp:white",
"description": "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained...",
"galaxy_id": "12345",
"source": "https://github.com/mitre/cti",
"authors": [
"MITRE"
],
"version": "1",
"distribution": "0",
"sharing_group_id": "1",
"org_id": "12345",
"orgc_id": "12345",
"default": true,
"locked": true,
"extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"extends_version": "1",
"published": false,
"deleted": false,
"GalaxyElement": [
{
"id": "12345",
"galaxy_cluster_id": "12345",
"key": "categories",
"value": "Military"
}
]
}
Response:
200:
{
"GalaxyCluster": {
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"collection_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"type": "mitre-enterprise-attack-attack-pattern",
"value": "Brute Force - T1110",
"tag_name": "tlp:white",
"description": "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained...",
"galaxy_id": "12345",
"source": "https://github.com/mitre/cti",
"authors": [
"MITRE"
],
"version": "1",
"distribution": "0",
"sharing_group_id": "1",
"org_id": "12345",
"orgc_id": "12345",
"default": true,
"locked": true,
"extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"extends_version": "1",
"published": false,
"deleted": false,
"GalaxyElement": [
{
"id": "12345",
"galaxy_cluster_id": "12345",
"key": "categories",
"value": "Military"
}
]
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get galaxy clusters:
GET
https://misp.local/galaxy_clusters/add/{galaxyId}
Response:
200:
[
{
"GalaxyCluster": {
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"collection_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"type": "mitre-enterprise-attack-attack-pattern",
"value": "Brute Force - T1110",
"tag_name": "tlp:white",
"description": "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained...",
"galaxy_id": "12345",
"source": "https://github.com/mitre/cti",
"authors": [
"MITRE"
],
"version": "1",
"distribution": "0",
"sharing_group_id": "1",
"org_id": "12345",
"orgc_id": "12345",
"default": true,
"locked": true,
"extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"extends_version": "1",
"published": false,
"deleted": false,
"GalaxyElement": [
{
"id": "12345",
"galaxy_cluster_id": "12345",
"key": "categories",
"value": "Military"
}
]
}
}
]
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Search galaxy clusters:
POST
https://misp.local/galaxy_clusters/add/{galaxyId}
Request:
{
"context": "all",
"searchall": "botnet"
}
Response:
200:
[
{
"GalaxyCluster": {
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"collection_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"type": "mitre-enterprise-attack-attack-pattern",
"value": "Brute Force - T1110",
"tag_name": "tlp:white",
"description": "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained...",
"galaxy_id": "12345",
"source": "https://github.com/mitre/cti",
"authors": [
"MITRE"
],
"version": "1",
"distribution": "0",
"sharing_group_id": "1",
"org_id": "12345",
"orgc_id": "12345",
"default": true,
"locked": true,
"extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"extends_version": "1",
"published": false,
"deleted": false,
"GalaxyElement": [
{
"id": "12345",
"galaxy_cluster_id": "12345",
"key": "categories",
"value": "Military"
}
]
}
}
]
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get galaxy cluster by ID:
Get
https://misp.local/galaxy_clusters/view/{galaxyClusterId}
Response:
200:
{
"GalaxyCluster": {
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"collection_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"type": "mitre-enterprise-attack-attack-pattern",
"value": "Brute Force - T1110",
"tag_name": "tlp:white",
"description": "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained...",
"galaxy_id": "12345",
"source": "https://github.com/mitre/cti",
"authors": [
"MITRE"
],
"version": "1",
"distribution": "0",
"sharing_group_id": "1",
"org_id": "12345",
"orgc_id": "12345",
"default": true,
"locked": true,
"extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"extends_version": "1",
"published": false,
"deleted": false,
"GalaxyElement": [
{
"id": "12345",
"galaxy_cluster_id": "12345",
"key": "categories",
"value": "Military"
}
],
"Galaxy": {
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"name": "Ransomware",
"type": "ransomware",
"description": "Ransomware galaxy based on ...",
"version": "1",
"icon": "globe",
"namespace": "misp",
"kill_chain_order": {
"fraud-tactics": [
"Initiation",
"Target Compromise",
"Perform Fraud",
"Obtain Fraudulent Assets",
"Assets Transfer",
"Monetisation"
]
}
},
"GalaxyClusterRelation": [
{
"id": "12345",
"galaxy_cluster_id": "12345",
"key": "categories",
"value": "Military"
}
],
"Org": {
"id": "12345",
"name": "ORGNAME",
"date_created": "2021-06-14 14:29:19",
"date_modified": "2021-06-14 14:29:19",
"description": "string",
"type": "ADMIN",
"nationality": "string",
"sector": "string",
"created_by": "12345",
"uuid": "string",
"contacts": "string",
"local": true,
"restricted_to_domain": [
"example.com"
],
"landingpage": "string",
"user_count": "3",
"created_by_email": "string"
},
"Orgc": {
"id": "12345",
"name": "ORGNAME",
"date_created": "2021-06-14 14:29:19",
"date_modified": "2021-06-14 14:29:19",
"description": "string",
"type": "ADMIN",
"nationality": "string",
"sector": "string",
"created_by": "12345",
"uuid": "string",
"contacts": "string",
"local": true,
"restricted_to_domain": [
"example.com"
],
"landingpage": "string",
"user_count": "3",
"created_by_email": "string"
},
"tag_count": 0,
"tag_id": "12345"
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Publish galaxy cluster:
POST
https://misp.local/galaxy_clusters/publish/{galaxyClusterId}
Response:
200:
{
"message": "Publish job queued. Job ID: 4e9d26c275a7b190fcab10029df8c6b6"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Unpublish galaxy cluster:
POST
https://misp.local/galaxy_clusters/unpublish/{galaxyClusterId}
Response:
200:
{
"saved": true,
"success": true,
"name": "GalaxyCluster unpublished",
"message": "GalaxyCluster unpublished",
"url": "/galaxy_clusters/publish/1"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Delete galaxy cluster:
POST
https://misp.local/galaxy_clusters/unpublish/{galaxyClusterId}
Response:
200:
{
"saved": true,
"success": true,
"name": "Galaxy cluster successfuly soft deleted.",
"message": "Galaxy cluster successfuly soft deleted.",
"url": "/galaxy_clusters/delete/1"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Restore galaxy cluster:
POST
https://misp.local/galaxy_clusters/unpublish/{galaxyClusterId}
Response:
200:
{
"saved": true,
"success": true,
"name": "GalaxyCluster restored",
"message": "GalaxyCluster restored",
"url": "/galaxy_clusters/restore/1"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Users
Reset user password:
POST
https://misp.local/users/initiatePasswordReset/{userId}/{firstTimeReset}
Response:
200:
{
"saved": true,
"success": "New credentials sent."
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Add user:
POST
https://misp.local/users/initiatePasswordReset/{userId}/{firstTimeReset}
Request:
{
"org_id": "12345",
"server_id": "12345",
"email": "user@example.com",
"autoalert": true,
"authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
"invited_by": "12345",
"gpgkey": "string",
"certif_public": "string",
"nids_sid": "4000000",
"termsaccepted": true,
"newsread": "1617875568",
"role_id": "3",
"change_pw": "0",
"contactalert": true,
"disabled": true,
"expiration": "2019-08-24T14:15:22Z",
"current_login": "1617875568",
"last_login": "1617875568",
"force_logout": true,
"date_created": "1617875568",
"date_modified": "1617875568"
}
Response:
200:
{
"id": "12345",
"org_id": "12345",
"server_id": "12345",
"email": "user@example.com",
"autoalert": true,
"authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
"invited_by": "12345",
"gpgkey": "string",
"certif_public": "string",
"nids_sid": "4000000",
"termsaccepted": true,
"newsread": "1617875568",
"role_id": "3",
"change_pw": "0",
"contactalert": true,
"disabled": true,
"expiration": "2019-08-24T14:15:22Z",
"current_login": "1617875568",
"last_login": "1617875568",
"force_logout": true,
"date_created": "1617875568",
"date_modified": "1617875568"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Edit user:
PUT
https://misp.local/admin/users/edit/{userId}
Request:
{
"id": "12345",
"org_id": "12345",
"server_id": "12345",
"email": "user@example.com",
"autoalert": true,
"authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
"invited_by": "12345",
"gpgkey": "string",
"certif_public": "string",
"nids_sid": "4000000",
"termsaccepted": true,
"newsread": "1617875568",
"role_id": "3",
"change_pw": "0",
"contactalert": true,
"disabled": true,
"expiration": "2019-08-24T14:15:22Z",
"current_login": "1617875568",
"last_login": "1617875568",
"force_logout": true,
"date_created": "1617875568",
"date_modified": "1617875568"
}
Response:
200:
{
"id": "12345",
"org_id": "12345",
"server_id": "12345",
"email": "user@example.com",
"autoalert": true,
"authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
"invited_by": "12345",
"gpgkey": "string",
"certif_public": "string",
"nids_sid": "4000000",
"termsaccepted": true,
"newsread": "1617875568",
"role_id": "3",
"change_pw": "0",
"contactalert": true,
"disabled": true,
"expiration": "2019-08-24T14:15:22Z",
"current_login": "1617875568",
"last_login": "1617875568",
"force_logout": true,
"date_created": "1617875568",
"date_modified": "1617875568"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Delete user:
DELETE
https://misp.local/admin/users/delete/{userId}
Response:
200:
{
"saved": true,
"success": true,
"name": "User deleted.",
"message": "User deleted.",
"url": "/admin/users/delete/1"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get users:
GET
https://misp.local/admin/users
Response:
200:
[
{
"User": {
"id": "12345",
"org_id": "12345",
"server_id": "12345",
"email": "user@example.com",
"autoalert": true,
"authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
"invited_by": "12345",
"gpgkey": "string",
"certif_public": "string",
"nids_sid": "4000000",
"termsaccepted": true,
"newsread": "1617875568",
"role_id": "3",
"change_pw": "0",
"contactalert": true,
"disabled": true,
"expiration": "2019-08-24T14:15:22Z",
"current_login": "1617875568",
"last_login": "1617875568",
"force_logout": true,
"date_created": "1617875568",
"date_modified": "1617875568"
},
"Role": {
"id": "3",
"name": "ORGNAME",
"perm_add": true,
"perm_modify": true,
"perm_modify_org": true,
"perm_publish": true,
"perm_delegate": true,
"perm_sync": true,
"perm_admin": true,
"perm_audit": true,
"perm_auth": true,
"perm_site_admin": true,
"perm_regexp_access": true,
"perm_tagger": true,
"perm_template": true,
"perm_sharing_group": true,
"perm_tag_editor": true,
"perm_sighting": true,
"perm_object_template": true,
"perm_publish_zmq": true,
"perm_publish_kafka": true,
"perm_decaying": true,
"perm_galaxy_editor": true,
"default_role": true,
"memory_limit": "string",
"max_execution_time": "string",
"restricted_to_site_admin": true,
"enforce_rate_limit": true,
"rate_limit_count": "string",
"permission": "3",
"permission_description": "publish"
},
"Organisation": {
"id": "12345",
"name": "ORGNAME"
}
}
]
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get user by ID:
GET
https://misp.local/admin/users/view/{userId}
Response:
200:
{
"id": "12345",
"org_id": "12345",
"server_id": "12345",
"email": "user@example.com",
"autoalert": true,
"authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
"invited_by": "12345",
"gpgkey": "string",
"certif_public": "string",
"nids_sid": "4000000",
"termsaccepted": true,
"newsread": "1617875568",
"role_id": "3",
"change_pw": "0",
"contactalert": true,
"disabled": true,
"expiration": "2019-08-24T14:15:22Z",
"current_login": "1617875568",
"last_login": "1617875568",
"force_logout": true,
"date_created": "1617875568",
"date_modified": "1617875568",
"User": {
"id": "12345",
"org_id": "12345",
"server_id": "12345",
"email": "user@example.com",
"autoalert": true,
"authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
"invited_by": "12345",
"gpgkey": "string",
"certif_public": "string",
"nids_sid": "4000000",
"termsaccepted": true,
"newsread": "1617875568",
"role_id": "3",
"change_pw": "0",
"contactalert": true,
"disabled": true,
"expiration": "2019-08-24T14:15:22Z",
"current_login": "1617875568",
"last_login": "1617875568",
"force_logout": true,
"date_created": "1617875568",
"date_modified": "1617875568"
},
"Role": {
"id": "3",
"name": "ORGNAME",
"perm_add": true,
"perm_modify": true,
"perm_modify_org": true,
"perm_publish": true,
"perm_delegate": true,
"perm_sync": true,
"perm_admin": true,
"perm_audit": true,
"perm_auth": true,
"perm_site_admin": true,
"perm_regexp_access": true,
"perm_tagger": true,
"perm_template": true,
"perm_sharing_group": true,
"perm_tag_editor": true,
"perm_sighting": true,
"perm_object_template": true,
"perm_publish_zmq": true,
"perm_publish_kafka": true,
"perm_decaying": true,
"perm_galaxy_editor": true,
"default_role": true,
"memory_limit": "string",
"max_execution_time": "string",
"restricted_to_site_admin": true,
"enforce_rate_limit": true,
"rate_limit_count": "string",
"permission": "3",
"permission_description": "publish"
},
"UserSetting": {
"publish_alert_filter": [
{
"AND": [
{
"NOT": [
{
"EventTag.name": [
"%osint%"
]
}
]
},
{
"OR": [
{
"Tag.name": [
"tlp:green",
"tlp:amber",
"tlp:red",
"%privint%"
]
}
]
}
]
}
],
"dashboard_access": true,
"dashboard": [
{
"widget": "MispStatusWidget",
"position": {
"x": "0",
"y": "0",
"width": "2",
"height": "2"
}
}
],
"homepage": {
"path": "/events/index"
},
"default_restsearch_parameters": [
{
"AND": [
{
"NOT": [
{
"EventTag.name": [
"%osint%"
]
}
]
},
{
"OR": [
{
"Tag.name": [
"tlp:green",
"tlp:amber",
"tlp:red",
"%privint%"
]
}
]
}
]
}
],
"tag_numerical_value_override": [
{
"false-positive:risk='medium'": 99
}
],
"event_index_hide_columns": [
"clusters"
]
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Delete user TOTP:
DELETE
https://misp.local/users/totp_delete/{userId}
Response:
200:
{
"saved": true,
"success": true,
"name": "User TOTP deleted.",
"message": "User TOTP deleted.",
"url": "/users/totp_delete/1",
"id": "1"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid user",
"message": "Invalid user",
"url": "/users/totp_delete/1"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Organisations
Add organisation:
POST
https://misp.local/admin/organisations/add
Request:
{
"name": "ORGNAME",
"date_created": "2021-06-14 14:29:19",
"date_modified": "2021-06-14 14:29:19",
"description": "string",
"type": "ADMIN",
"nationality": "string",
"sector": "string",
"created_by": "12345",
"uuid": "string",
"contacts": "string",
"local": true,
"restricted_to_domain": [
"example.com"
],
"landingpage": "string",
"user_count": "3",
"created_by_email": "string"
}
Response:
200:
{
"id": "12345",
"name": "ORGNAME",
"date_created": "2021-06-14 14:29:19",
"date_modified": "2021-06-14 14:29:19",
"description": "string",
"type": "ADMIN",
"nationality": "string",
"sector": "string",
"created_by": "12345",
"uuid": "string",
"contacts": "string",
"local": true,
"restricted_to_domain": [
"example.com"
],
"landingpage": "string",
"user_count": "3",
"created_by_email": "string"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Edit organisation:
PUT
https://misp.local/admin/organisations/edit/{organisationId}
Request:
{
"name": "ORGNAME",
"type": "ADMIN",
"nationality": "string",
"sector": "string",
"contacts": "string",
"description": "string",
"local": true,
"uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f",
"restricted_to_domain": [
"example.com"
]
}
Response:
200:
{
"id": "12345",
"name": "ORGNAME",
"date_created": "2021-06-14 14:29:19",
"date_modified": "2021-06-14 14:29:19",
"description": "string",
"type": "ADMIN",
"nationality": "string",
"sector": "string",
"created_by": "12345",
"uuid": "string",
"contacts": "string",
"local": true,
"restricted_to_domain": [
"example.com"
],
"landingpage": "string",
"user_count": "3",
"created_by_email": "string"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Delete organisation:
DELETE
https://misp.local/admin/organisations/delete/{organisationId}
Response:
200:
{
"saved": true,
"success": true,
"name": "Organisation deleted",
"message": "Organisation deleted",
"url": "/admin/organisations/delete/1"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get organisations:
GET
https://misp.local/organisations
Response:
200:
[
{
"Organisation": {
"id": "12345",
"name": "ORGNAME",
"date_created": "2021-06-14 14:29:19",
"date_modified": "2021-06-14 14:29:19",
"description": "string",
"type": "ADMIN",
"nationality": "string",
"sector": "string",
"created_by": "12345",
"uuid": "string",
"contacts": "string",
"local": true,
"restricted_to_domain": [
"example.com"
],
"landingpage": "string",
"user_count": "3",
"created_by_email": "string"
}
}
]
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get organisation by ID:
GET
https://misp.local/organisations/view/{organisationId}
Response:
200:
{
"id": "12345",
"name": "ORGNAME",
"date_created": "2021-06-14 14:29:19",
"date_modified": "2021-06-14 14:29:19",
"description": "string",
"type": "ADMIN",
"nationality": "string",
"sector": "string",
"created_by": "12345",
"uuid": "string",
"contacts": "string",
"local": true,
"restricted_to_domain": [
"example.com"
],
"landingpage": "string",
"user_count": "3",
"created_by_email": "string"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Server
Add server:
POST
https://misp.local/servers/add
Request:
{
"name": "Phising Server",
"url": "https://misppriv.circl.lu",
"authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
"org_id": "12345",
"push": true,
"pull": true,
"push_sightings": true,
"push_galaxy_clusters": true,
"pull_galaxy_clusters": true,
"lastpulledid": "12345",
"lastpushedid": "12345",
"organization": "string",
"remote_org_id": "12345",
"publish_without_email": true,
"unpublish_event": true,
"self_signed": true,
"pull_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
"push_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]}}",
"cert_file": "string",
"client_cert_file": "string",
"internal": true,
"skip_proxy": true,
"caching_enabled": true,
"priority": "1",
"cache_timestamp": true
}
Response:
200:
{
"Server": {
"id": "12345",
"name": "Phising Server",
"url": "https://misppriv.circl.lu",
"authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
"org_id": "12345",
"push": true,
"pull": true,
"push_sightings": true,
"push_galaxy_clusters": true,
"pull_galaxy_clusters": true,
"lastpulledid": "12345",
"lastpushedid": "12345",
"organization": "string",
"remote_org_id": "12345",
"publish_without_email": true,
"unpublish_event": true,
"self_signed": true,
"pull_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
"push_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]}}",
"cert_file": "string",
"client_cert_file": "string",
"internal": true,
"skip_proxy": true,
"caching_enabled": true,
"priority": "1",
"cache_timestamp": true
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Edit server:
PUT
https://misp.local/servers/edit/{serverId}
Request:
{
"id": "12345",
"name": "Phising Server",
"url": "https://misppriv.circl.lu",
"authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
"org_id": "12345",
"push": true,
"pull": true,
"push_sightings": true,
"push_galaxy_clusters": true,
"pull_galaxy_clusters": true,
"lastpulledid": "12345",
"lastpushedid": "12345",
"organization": "string",
"remote_org_id": "12345",
"publish_without_email": true,
"unpublish_event": true,
"self_signed": true,
"pull_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
"push_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]}}",
"cert_file": "string",
"client_cert_file": "string",
"internal": true,
"skip_proxy": true,
"caching_enabled": true,
"priority": "1",
"cache_timestamp": true
}
Response:
200:
{
"Server": {
"id": "12345",
"name": "Phising Server",
"url": "https://misppriv.circl.lu",
"authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
"org_id": "12345",
"push": true,
"pull": true,
"push_sightings": true,
"push_galaxy_clusters": true,
"pull_galaxy_clusters": true,
"lastpulledid": "12345",
"lastpushedid": "12345",
"organization": "string",
"remote_org_id": "12345",
"publish_without_email": true,
"unpublish_event": true,
"self_signed": true,
"pull_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
"push_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]}}",
"cert_file": "string",
"client_cert_file": "string",
"internal": true,
"skip_proxy": true,
"caching_enabled": true,
"priority": "1",
"cache_timestamp": true
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Delete server:
POST
https://misp.local/servers/delete/{serverId}
Response:
200:
{
"saved": true,
"success": true,
"name": "Server deleted",
"message": "Server deleted",
"url": "/servers/delete/1"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get servers:
GET
https://misp.local/servers
Response:
200:
[
{
"Server": {
"id": "12345",
"name": "Phising Server",
"url": "https://misppriv.circl.lu",
"authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
"org_id": "12345",
"push": true,
"pull": true,
"push_sightings": true,
"push_galaxy_clusters": true,
"pull_galaxy_clusters": true,
"lastpulledid": "12345",
"lastpushedid": "12345",
"organization": "string",
"remote_org_id": "12345",
"publish_without_email": true,
"unpublish_event": true,
"self_signed": true,
"pull_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
"push_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]}}",
"cert_file": "string",
"client_cert_file": "string",
"internal": true,
"skip_proxy": true,
"caching_enabled": true,
"priority": "1",
"cache_timestamp": true
},
"Organisation": {
"id": "12345",
"name": "ORGNAME",
"date_created": "2021-06-14 14:29:19",
"date_modified": "2021-06-14 14:29:19",
"description": "string",
"type": "ADMIN",
"nationality": "string",
"sector": "string",
"created_by": "12345",
"uuid": "string",
"contacts": "string",
"local": true,
"restricted_to_domain": [
"example.com"
],
"landingpage": "string",
"user_count": "3",
"created_by_email": "string"
},
"RemoteOrg": {
"id": "12345",
"name": "ORGNAME",
"date_created": "2021-06-14 14:29:19",
"date_modified": "2021-06-14 14:29:19",
"description": "string",
"type": "ADMIN",
"nationality": "string",
"sector": "string",
"created_by": "12345",
"uuid": "string",
"contacts": "string",
"local": true,
"restricted_to_domain": [
"example.com"
],
"landingpage": "string",
"user_count": "3",
"created_by_email": "string"
},
"User": [
{
"id": "12345",
"org_id": "12345",
"server_id": "12345",
"email": "user@example.com",
"autoalert": true,
"authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
"invited_by": "12345",
"gpgkey": "string",
"certif_public": "string",
"nids_sid": "4000000",
"termsaccepted": true,
"newsread": "1617875568",
"role_id": "3",
"change_pw": "0",
"contactalert": true,
"disabled": true,
"expiration": "2019-08-24T14:15:22Z",
"current_login": "1617875568",
"last_login": "1617875568",
"force_logout": true,
"date_created": "1617875568",
"date_modified": "1617875568"
}
]
}
]
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Pull server:
GET
https://misp.local/servers/pull/{serverId}/{pullTechnique}
Response:
200:
{
"saved": true,
"success": true,
"name": "Pull queued for background execution. Job ID: 1",
"message": "Pull queued for background execution. Job ID: 1",
"url": "/servers/pull/1"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Push server:
GET
https://misp.local/servers/push/{serverId}/{pushTechnique}
Response:
200:
{
"saved": true,
"success": true,
"name": "Push queued for background execution. Job ID: 1",
"message": "Push queued for background execution. Job ID: 1",
"url": "/servers/push/1"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get current instance version:
GET
https://misp.local/servers/getVersion
Response:
200:
{
"version": "2.4.142",
"perm_sync": true,
"perm_sighting": true,
"perm_galaxy_editor": true,
"request_encoding": [
"gzip"
]
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get current instance PyMISP version:
GET
https://misp.local/servers/getPyMISPVersion
Response:
200:
{
"version": "2.4.142"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get current instance settings and diagnostics:
GET
https://misp.local/servers/serverSettings
Response:
200:
{
"version": {
"current": "v2.4.142",
"newest": "v2.4.142",
"upToDate": "same"
},
"phpSettings": {
"max_execution_time": {
"explanation": "The maximum duration that a script can run (does not affect the background workers). A too low number will break long running scripts like comprehensive API exports",
"recommended": 300,
"unit": "seconds",
"value": 300
},
"memory_limit": {
"explanation": "The maximum duration that a script can run (does not affect the background workers). A too low number will break long running scripts like comprehensive API exports",
"recommended": 300,
"unit": "seconds",
"value": 300
},
"upload_max_filesize": {
"explanation": "The maximum duration that a script can run (does not affect the background workers). A too low number will break long running scripts like comprehensive API exports",
"recommended": 300,
"unit": "seconds",
"value": 300
},
"post_max_size": {
"explanation": "The maximum duration that a script can run (does not affect the background workers). A too low number will break long running scripts like comprehensive API exports",
"recommended": 300,
"unit": "seconds",
"value": 300
}
},
"gpgStatus": "FAIL: Failed to load GnuPG",
"proxyStatus": "not configured (so not tested)",
"zmqStatus": 1,
"stix": {
"operational": 1,
"stix": {
"version": "1.2.0.11",
"expected": ">1.2.0.9",
"status": 1
},
"cybox": {
"version": "1.2.0.11",
"expected": ">1.2.0.9",
"status": 1
},
"mixbox": {
"version": "1.2.0.11",
"expected": ">1.2.0.9",
"status": 1
},
"maec": {
"version": "1.2.0.11",
"expected": ">1.2.0.9",
"status": 1
},
"stix2": {
"version": "1.2.0.11",
"expected": ">1.2.0.9",
"status": 1
},
"pymisp": {
"version": "1.2.0.11",
"expected": ">1.2.0.9",
"status": 1
}
},
"moduleStatus": {
"Enrichment": 1,
"Import": 1,
"Export": 1,
"Cortex": 1
},
"writeableDirs": {
"/tmp": 0,
"/var/www/MISP/app/tmp": 0,
"/var/www/MISP/app/files": 0,
"/var/www/MISP/app/files/scripts/tmp": 0
},
"writeableFiles": {
"/var/www/MISP/app/Config/config.php": 0,
"/var/www/MISP/.git/ORIG_HEAD": 2
},
"readableFiles": {
"/var/www/MISP/app/files/scripts/stixtest.py": 0
},
"dbDiagnostics": {
"admin_settings": {
"table": "admin_settings",
"used": "0.03 MB",
"reclaimable": "0 MB",
"data_in_bytes": 16384,
"index_in_bytes": 16384,
"reclaimable_in_bytes": 0
},
"allowedlist": {
"table": "allowedlist",
"used": "0.02 MB",
"reclaimable": "0 MB",
"data_in_bytes": 16384,
"index_in_bytes": 0,
"reclaimable_in_bytes": 0
}
},
"dbSchemaDiagnostics": {
"dataSource": "Database/Mysql",
"actual_db_version": "68",
"checked_table_column": [
"column_name"
],
"diagnostic": {},
"diagnostic_index": {
"event_reports": {
"event_id": {
"message": "Column `event_id` is indexed but should not",
"sql": "DROP INDEX `event_id` ON event_reports;"
}
}
},
"expected_db_version": "70",
"error": "string",
"update_locked": true,
"remaining_lock_time": 0,
"update_fail_number_reached": true,
"indexes": {
"admin_settings": {
"id": true,
"setting": false
}
},
"columnPerTable": {
"admin_settings": [
"id",
"setting",
"value"
]
}
},
"redisInfo": {
"extensionVersion": "5.1.1",
"connection": true,
"redis_version": "5.0.7",
"redis_git_sha1": 0,
"redis_git_dirty": 0,
"redis_build_id": "636cde3b5c7a3923",
"redis_mode": "standalone",
"os": "Linux 5.8.0-50-generic x86_64",
"arch_bits": 64,
"multiplexing_api": "epoll",
"atomicvar_api": "atomic-builtin",
"gcc_version": "9.2.1",
"process_id": 1051,
"run_id": "f894944d92c978df93a18821fb5ebe30dfd0b257",
"tcp_port": 6379,
"uptime_in_seconds": 327116,
"uptime_in_days": 3,
"hz": 10,
"configured_hz": 10,
"lru_clock": 10365184,
"executable": "/usr/bin/redis-server",
"config_file": "/etc/redis/redis.conf",
"connected_clients": 18,
"client_recent_max_input_buffer": 2,
"client_recent_max_output_buffer": 0,
"blocked_clients": 0,
"used_memory": 1309488,
"used_memory_human": "1.25M",
"used_memory_rss": 5541888,
"used_memory_rss_human": "5.29M",
"used_memory_peak": 1410464,
"used_memory_peak_human": "1.35M",
"used_memory_peak_perc": "92.84%",
"used_memory_overhead": 1200800,
"used_memory_startup": 796232,
"used_memory_dataset": 108688,
"used_memory_dataset_perc": "21.18%",
"allocator_allocated": 1480176,
"allocator_active": 1896448,
"allocator_resident": 5890048,
"total_system_memory": 33406590976,
"total_system_memory_human": "31.11G",
"used_memory_lua": 41984,
"used_memory_lua_human": "41.00K",
"used_memory_scripts": 0,
"used_memory_scripts_human": "0B",
"number_of_cached_scripts": 0,
"maxmemory": 0,
"maxmemory_human": "0B",
"maxmemory_policy": "noeviction",
"allocator_frag_ratio": 1.28,
"allocator_frag_bytes": 416272,
"allocator_rss_ratio": 3.11,
"allocator_rss_bytes": 3993600,
"rss_overhead_ratio": 0.94,
"rss_overhead_bytes": -348160,
"mem_fragmentation_ratio": 4.24,
"mem_fragmentation_bytes": 4233432,
"mem_not_counted_for_evict": 0,
"mem_replication_backlog": 0,
"mem_clients_slaves": 0,
"mem_clients_normal": 402912,
"mem_aof_buffer": 0,
"mem_allocator": "jemalloc-5.2.1",
"active_defrag_running": 0,
"lazyfree_pending_objects": 0,
"loading": 0,
"rdb_changes_since_last_save": 0,
"rdb_bgsave_in_progress": 0,
"rdb_last_save_time": 1620977919,
"rdb_last_bgsave_status": "ok",
"rdb_last_bgsave_time_sec": 0,
"rdb_current_bgsave_time_sec": -1,
"rdb_last_cow_size": 446464,
"aof_enabled": 0,
"aof_rewrite_in_progress": 0,
"aof_rewrite_scheduled": 0,
"aof_last_rewrite_time_sec": -1,
"aof_current_rewrite_time_sec": -1,
"aof_last_bgrewrite_status": "ok",
"aof_last_write_status": "ok",
"aof_last_cow_size": 0,
"total_connections_received": 289,
"total_commands_processed": 252747,
"instantaneous_ops_per_sec": 7,
"total_net_input_bytes": 12111506,
"total_net_output_bytes": 1232466,
"instantaneous_input_kbps": 0.36,
"instantaneous_output_kbps": 0.03,
"rejected_connections": 0,
"sync_full": 0,
"sync_partial_ok": 0,
"sync_partial_err": 0,
"expired_keys": 17,
"expired_stale_perc": 0,
"expired_time_cap_reached_count": 0,
"evicted_keys": 0,
"keyspace_hits": 70,
"keyspace_misses": 62805,
"pubsub_channels": 0,
"pubsub_patterns": 0,
"latest_fork_usec": 168,
"migrate_cached_sockets": 0,
"slave_expires_tracked_keys": 0,
"active_defrag_hits": 0,
"active_defrag_misses": 0,
"active_defrag_key_hits": 0,
"active_defrag_key_misses": 0,
"role": "master",
"connected_slaves": 0,
"master_replid": "d5e7afcf4fd1a31e539a4eadd5caf2a7da6d121c",
"master_replid2": 0,
"master_repl_offset": 0,
"second_repl_offset": -1,
"repl_backlog_active": 0,
"repl_backlog_size": 1048576,
"repl_backlog_first_byte_offset": 0,
"repl_backlog_histlen": 0,
"used_cpu_sys": 195.014281,
"used_cpu_user": 217.352183,
"used_cpu_sys_children": 0.050885,
"used_cpu_user_children": 0.076436,
"cluster_enabled": 0,
"db0": "keys=15,expires=0,avg_ttl=0",
"db13": "keys=12,expires=4,avg_ttl=21265731140"
},
"finalSettings": [
{
"level": 0,
"value": "string",
"errorMessage": "The currently set baseurl does not match the URL through which you have accessed the page. Disregard this if you are accessing the page via an alternate URL (for example via IP address).",
"test": "testBaseURL",
"type": "string",
"null": true,
"subGroup": "Enrichment",
"cli_only": 1,
"redacted": true,
"optionsSource": {},
"afterHook": "cleanCacheFiles",
"error": 1,
"tab": "MISP",
"setting": "MISP.baseurl",
"options": {}
}
],
"extensions": {
"cli": {
"phpversion": "7.4.3"
},
"extensions": {
"json": {
"web_version": "7.4.3",
"web_version_outdated": false,
"cli_version": "7.4.3",
"cli_version_outdated": false,
"required": true,
"info": null
}
}
},
"workers": {
"cache": {
"ok": true,
"workers": [
{
"pid": 1233,
"user": "www-data",
"alive": true,
"correct_user": true,
"ok": true
}
],
"jobCount": 0
},
"default": {
"ok": true,
"workers": [
{
"pid": 1233,
"user": "www-data",
"alive": true,
"correct_user": true,
"ok": true
}
],
"jobCount": 0
},
"email": {
"ok": true,
"workers": [
{
"pid": 1233,
"user": "www-data",
"alive": true,
"correct_user": true,
"ok": true
}
],
"jobCount": 0
},
"prio": {
"ok": true,
"workers": [
{
"pid": 1233,
"user": "www-data",
"alive": true,
"correct_user": true,
"ok": true
}
],
"jobCount": 0
},
"update": {
"ok": true,
"workers": [
{
"pid": 1233,
"user": "www-data",
"alive": true,
"correct_user": true,
"ok": true
}
],
"jobCount": 0
},
"scheduler": {
"ok": true,
"workers": [
{
"pid": 1233,
"user": "www-data",
"alive": true,
"correct_user": true,
"ok": true
}
],
"jobCount": 0
},
"proc_accessible": true,
"controls": true
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get workers:
GET
https://misp.local/servers/getWorkers
Response:
200:
{
"cache": {
"ok": true,
"workers": [
{
"pid": 1233,
"user": "www-data",
"alive": true,
"correct_user": true,
"ok": true
}
],
"jobCount": 0
},
"default": {
"ok": true,
"workers": [
{
"pid": 1233,
"user": "www-data",
"alive": true,
"correct_user": true,
"ok": true
}
],
"jobCount": 0
},
"email": {
"ok": true,
"workers": [
{
"pid": 1233,
"user": "www-data",
"alive": true,
"correct_user": true,
"ok": true
}
],
"jobCount": 0
},
"prio": {
"ok": true,
"workers": [
{
"pid": 1233,
"user": "www-data",
"alive": true,
"correct_user": true,
"ok": true
}
],
"jobCount": 0
},
"update": {
"ok": true,
"workers": [
{
"pid": 1233,
"user": "www-data",
"alive": true,
"correct_user": true,
"ok": true
}
],
"jobCount": 0
},
"scheduler": {
"ok": true,
"workers": [
{
"pid": 1233,
"user": "www-data",
"alive": true,
"correct_user": true,
"ok": true
}
],
"jobCount": 0
},
"proc_accessible": true,
"controls": true
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Start worker:
POST
https://misp.local/servers/startWorker/{workerType}
Response:
200:
{
"saved": true,
"success": true,
"name": "Worker start signal sent",
"message": "Worker start signal sent",
"url": "/servers/startWorker/email"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Stop worker:
POST
https://misp.local/servers/stopWorker/{workerPid}
Response:
200:
{
"saved": true,
"success": true,
"name": "Worker stop signal sent",
"message": "Worker stop signal sent",
"url": "/servers/startWorker/1234"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Kill all workers:
POST
https://misp.local/servers/killAllWorkers
Response:
200:
{
"saved": true,
"success": true,
"name": "Killing workers.",
"message": "Killing workers.",
"url": "/servers/killAllWorkers"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Restart workers:
POST
https://misp.local/servers/restartWorkers
Response:
200:
{
"saved": true,
"success": true,
"name": "Restarting workers.",
"message": "Restarting workers.",
"url": "/servers/restartWorkers"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Restart dead workers:
POST
https://misp.local/servers/restartDeadWorkers
Response:
200:
{
"saved": true,
"success": true,
"name": "Restarting workers.",
"message": "Restarting workers.",
"url": "/servers/restartDeadWorkers"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Update server:
POST
https://misp.local/servers/update
Response:
200:
{
"results": [
{
"input": "cd $(git rev-parse --show-toplevel) && git checkout app/composer.json 2>&1",
"output": [
"Updated 1 path from the index"
],
"status": 0
}
]
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Cache server:
POST
https://misp.local/servers/cache
Response:
200:
{
"saved": true,
"success": true,
"name": "Server caching job initiated.",
"message": "Server caching job initiated.",
"url": "/servers/cache"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Create sync:
POST
https://misp.local/servers/createSync
Response:
200:
{
"Server": {
"url": "https://misppriv.circl.lu",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
"Organisation": {
"name": "ORGNAME",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
}
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get instance UUID:
GET
https://misp.local/servers/getInstanceUUID
Response:
200:
{
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get server setting by name:
GET
https://misp.local/servers/getSetting/{settingName}
Response:
200:
{
"level": 0,
"value": "string",
"errorMessage": "The currently set baseurl does not match the URL through which you have accessed the page. Disregard this if you are accessing the page via an alternate URL (for example via IP address).",
"test": "testBaseURL",
"type": "string",
"null": true,
"subGroup": "Enrichment",
"cli_only": 1,
"redacted": true,
"optionsSource": {},
"afterHook": "cleanCacheFiles",
"error": 1,
"tab": "MISP",
"setting": "MISP.baseurl",
"options": {}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Edit server setting:
POST
https://misp.local/servers/serverSettingsEdit/{settingName}
Request:
{
"value": "string"
}
Response:
200:
{
"saved": true,
"success": true,
"name": "Field updated",
"message": "Field updated",
"url": "/servers/serverSettingsEdit"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Import server:
POST
https://misp.local/servers/import
Request:
{
"name": "Phising Server",
"url": "https://misppriv.circl.lu",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
"Organisation": {
"name": "ORGNAME"
}
}
Response:
200:
{
"Server": {
"id": "12345",
"name": "Phising Server",
"url": "https://misppriv.circl.lu",
"authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
"org_id": "12345",
"push": true,
"pull": true,
"push_sightings": true,
"push_galaxy_clusters": true,
"pull_galaxy_clusters": true,
"lastpulledid": "12345",
"lastpushedid": "12345",
"organization": "string",
"remote_org_id": "12345",
"publish_without_email": true,
"unpublish_event": true,
"self_signed": true,
"pull_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
"push_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]}}",
"cert_file": "string",
"client_cert_file": "string",
"internal": true,
"skip_proxy": true,
"caching_enabled": true,
"priority": "1",
"cache_timestamp": true
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Sharing Group
Add a sharing group:
POST
https://misp.local/sharing_groups/add
Request:
{
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"name": "Banking Sharing Group",
"description": "Banking Institutions of X Sharing Group",
"releasability": "string",
"local": true,
"active": true,
"org_count": "6",
"organisation_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"org_id": "12345",
"sync_user_id": "12345",
"created": "string",
"modified": "string",
"roaming": true
}
Response:
200:
{
"SharingGroup": {
"id": "1",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"name": "Banking Sharing Group",
"description": "Banking Institutions of X Sharing Group",
"releasability": "string",
"local": true,
"active": true,
"org_count": "6",
"organisation_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"org_id": "12345",
"sync_user_id": "12345",
"created": "string",
"modified": "string",
"roaming": true
},
"Organisation": {
"id": "12345",
"name": "ORGNAME",
"date_created": "2021-06-14 14:29:19",
"date_modified": "2021-06-14 14:29:19",
"description": "string",
"type": "ADMIN",
"nationality": "string",
"sector": "string",
"created_by": "12345",
"uuid": "string",
"contacts": "string",
"local": true,
"restricted_to_domain": [
"example.com"
],
"landingpage": "string",
"user_count": "3",
"created_by_email": "string"
},
"SharingGroupOrg": [
{
"id": "1",
"sharing_group_id": "1",
"org_id": "12345",
"extend": true,
"Organisation": {
"id": "12345",
"name": "ORGNAME",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
}
}
],
"SharingGroupServer": [
{
"all_orgs": true,
"server_id": "12345",
"sharing_group_id": "1",
"Server": {
"id": "12345",
"name": "Phising Server"
}
}
],
"editable": true,
"deletable": true
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Edit a sharing group:
POST
https://misp.local/sharing_groups/edit/{sharingGroupId}
Request:
{
"id": "1",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"name": "Banking Sharing Group",
"description": "Banking Institutions of X Sharing Group",
"releasability": "string",
"local": true,
"active": true,
"org_count": "6",
"organisation_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"org_id": "12345",
"sync_user_id": "12345",
"created": "string",
"modified": "string",
"roaming": true
}
Response:
200:
{
"SharingGroup": {
"id": "1",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"name": "Banking Sharing Group",
"description": "Banking Institutions of X Sharing Group",
"releasability": "string",
"local": true,
"active": true,
"org_count": "6",
"organisation_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"org_id": "12345",
"sync_user_id": "12345",
"created": "string",
"modified": "string",
"roaming": true
},
"Organisation": {
"id": "12345",
"name": "ORGNAME",
"date_created": "2021-06-14 14:29:19",
"date_modified": "2021-06-14 14:29:19",
"description": "string",
"type": "ADMIN",
"nationality": "string",
"sector": "string",
"created_by": "12345",
"uuid": "string",
"contacts": "string",
"local": true,
"restricted_to_domain": [
"example.com"
],
"landingpage": "string",
"user_count": "3",
"created_by_email": "string"
},
"SharingGroupOrg": [
{
"id": "1",
"sharing_group_id": "1",
"org_id": "12345",
"extend": true,
"Organisation": {
"id": "12345",
"name": "ORGNAME",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
}
}
],
"SharingGroupServer": [
{
"all_orgs": true,
"server_id": "12345",
"sharing_group_id": "1",
"Server": {
"id": "12345",
"name": "Phising Server"
}
}
],
"editable": true,
"deletable": true
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Delete a sharing group:
DELETE
https://misp.local/sharing_groups/delete/{sharingGroupId}
Response:
200:
{
"saved": true,
"success": true,
"name": "SharingGroup deleted",
"message": "SharingGroup deleted",
"url": "/sharing_groups/delete/1"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get a list of sharing groups:
GET
https://misp.local/sharing_groups
Response:
200:
{
"response": [
{
"SharingGroup": {
"id": "1",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"name": "Banking Sharing Group",
"description": "Banking Institutions of X Sharing Group",
"releasability": "string",
"local": true,
"active": true,
"org_count": "6"
},
"Organisation": {
"id": "12345",
"name": "ORGNAME",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
},
"SharingGroupOrg": [
{
"id": "1",
"sharing_group_id": "1",
"org_id": "12345",
"extend": true,
"Organisation": {
"id": "12345",
"name": "ORGNAME",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
}
}
],
"SharingGroupServer": [
{
"all_orgs": true,
"server_id": "12345",
"sharing_group_id": "1",
"Server": {
"id": "12345",
"name": "Phising Server"
}
}
],
"editable": true,
"deletable": true
}
]
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get a sharing group by ID:
GET
https://misp.local/sharing_groups/view/{sharingGroupId}
Response:
200:
{
"SharingGroup": {
"id": "1",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"name": "Banking Sharing Group",
"description": "Banking Institutions of X Sharing Group",
"releasability": "string",
"local": true,
"active": true,
"org_count": "6",
"organisation_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"org_id": "12345",
"sync_user_id": "12345",
"created": "string",
"modified": "string",
"roaming": true
},
"Organisation": {
"id": "12345",
"name": "ORGNAME",
"date_created": "2021-06-14 14:29:19",
"date_modified": "2021-06-14 14:29:19",
"description": "string",
"type": "ADMIN",
"nationality": "string",
"sector": "string",
"created_by": "12345",
"uuid": "string",
"contacts": "string",
"local": true,
"restricted_to_domain": [
"example.com"
],
"landingpage": "string",
"user_count": "3",
"created_by_email": "string"
},
"SharingGroupOrg": [
{
"id": "1",
"sharing_group_id": "1",
"org_id": "12345",
"extend": true,
"Organisation": {
"id": "12345",
"name": "ORGNAME",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
}
}
],
"SharingGroupServer": [
{
"all_orgs": true,
"server_id": "12345",
"sharing_group_id": "1",
"Server": {
"id": "12345",
"name": "Phising Server"
}
}
],
"editable": true,
"deletable": true
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Add an organisation to a sharing group:
POST
https://misp.local/sharing_groups/addOrg/{sharingGroupId}/{organisationId}
Response:
200:
{
"saved": true,
"success": true,
"name": "Organisation added to the sharing group.",
"message": "Organisation added to the sharing group.",
"url": "/sharing_groups/addOrg"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Remove an organisation from a sharing group:
POST
https://misp.local/sharing_groups/removeOrg/{sharingGroupId}/{organisationId}
Response:
200:
{
"saved": true,
"success": true,
"name": "Organisation removed from the sharing group.",
"message": "Organisation removed from the sharing group.",
"url": "/sharing_groups/removeOrg"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Add a server to a sharing group:
POST
https://misp.local/sharing_groups/addServer/{sharingGroupId}/{serverId}
Response:
200:
{
"saved": true,
"success": true,
"name": "Server added to the sharing group.",
"message": "Server added to the sharing group.",
"url": "/sharing_groups/addServer"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Remove a server from a sharing group:
POST
https://misp.local/sharing_groups/removeServer/{sharingGroupServerId}/{serverId}
Response:
200:
{
"saved": true,
"success": true,
"name": "Server removed from the sharing group.",
"message": "Server removed from the sharing group.",
"url": "/sharing_groups/removeServer"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Feed
Get a list of feeds:
GET
https://misp.local/feeds
Response:
200:
[
{
"Feed": {
"id": "3",
"name": "CIRCL OSINT Feed",
"provider": "CIRCL",
"url": "https://www.circl.lu/doc/misp/feed-osint",
"rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
"enabled": true,
"distribution": "0",
"sharing_group_id": "1",
"tag_id": "12345",
"default": true,
"source_format": "1",
"fixed_event": true,
"delta_merge": true,
"event_id": "12345",
"publish": false,
"override_ids": true,
"settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\"\"},\"common\":{\"excluderegex\":\"\"},\"disable_correlation\":\"1\"}",
"input_source": "local",
"delete_local_file": true,
"lookup_visible": true,
"headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
"caching_enabled": true,
"force_to_ids": true,
"orgc_id": "12345",
"cache_timestamp": "1617875568"
}
}
]
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get a feed by ID:
GET
https://misp.local/feeds/view/{feedId}
Response:
200:
{
"Feed": {
"id": "3",
"name": "CIRCL OSINT Feed",
"provider": "CIRCL",
"url": "https://www.circl.lu/doc/misp/feed-osint",
"rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
"enabled": true,
"distribution": "0",
"sharing_group_id": "1",
"tag_id": "12345",
"default": true,
"source_format": "1",
"fixed_event": true,
"delta_merge": true,
"event_id": "12345",
"publish": false,
"override_ids": true,
"settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\"\"},\"common\":{\"excluderegex\":\"\"},\"disable_correlation\":\"1\"}",
"input_source": "local",
"delete_local_file": true,
"lookup_visible": true,
"headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
"caching_enabled": true,
"force_to_ids": true,
"orgc_id": "12345",
"cache_timestamp": "1617875568"
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Add a feed:
POST
https://misp.local/feeds/view/{feedId}
Request:
{
"name": "CIRCL OSINT Feed",
"provider": "CIRCL",
"url": "https://www.circl.lu/doc/misp/feed-osint",
"rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
"enabled": true,
"distribution": "0",
"sharing_group_id": "1",
"tag_id": "12345",
"source_format": "1",
"fixed_event": true,
"delta_merge": true,
"event_id": "12345",
"publish": false,
"override_ids": true,
"input_source": "local",
"delete_local_file": true,
"lookup_visible": true,
"headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
"caching_enabled": true,
"force_to_ids": true,
"orgc_id": "12345"
}
Response:
200:
{
"Feed": {
"id": "3",
"name": "CIRCL OSINT Feed",
"provider": "CIRCL",
"url": "https://www.circl.lu/doc/misp/feed-osint",
"rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
"enabled": true,
"distribution": "0",
"sharing_group_id": "1",
"tag_id": "12345",
"default": true,
"source_format": "1",
"fixed_event": true,
"delta_merge": true,
"event_id": "12345",
"publish": false,
"override_ids": true,
"settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\"\"},\"common\":{\"excluderegex\":\"\"},\"disable_correlation\":\"1\"}",
"input_source": "local",
"delete_local_file": true,
"lookup_visible": true,
"headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
"caching_enabled": true,
"force_to_ids": true,
"orgc_id": "12345",
"cache_timestamp": "1617875568"
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Edit a feed:
PUT
https://misp.local/feeds/edit/{feedId}
Request:
{
"id": "3",
"name": "CIRCL OSINT Feed",
"provider": "CIRCL",
"url": "https://www.circl.lu/doc/misp/feed-osint",
"rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
"enabled": true,
"distribution": "0",
"sharing_group_id": "1",
"tag_id": "12345",
"source_format": "1",
"fixed_event": true,
"delta_merge": true,
"event_id": "12345",
"publish": false,
"override_ids": true,
"input_source": "local",
"delete_local_file": true,
"lookup_visible": true,
"headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
"caching_enabled": true,
"force_to_ids": true,
"orgc_id": "12345"
}
Response:
200:
{
"Feed": {
"id": "3",
"name": "CIRCL OSINT Feed",
"provider": "CIRCL",
"url": "https://www.circl.lu/doc/misp/feed-osint",
"rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
"enabled": true,
"distribution": "0",
"sharing_group_id": "1",
"tag_id": "12345",
"default": true,
"source_format": "1",
"fixed_event": true,
"delta_merge": true,
"event_id": "12345",
"publish": false,
"override_ids": true,
"settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\"\"},\"common\":{\"excluderegex\":\"\"},\"disable_correlation\":\"1\"}",
"input_source": "local",
"delete_local_file": true,
"lookup_visible": true,
"headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
"caching_enabled": true,
"force_to_ids": true,
"orgc_id": "12345",
"cache_timestamp": "1617875568"
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Enable feed:
POST
https://misp.local/feeds/enable/{feedId}
Response:
200:
{
"name": "Feed enabled.",
"message": "Feed enabled.",
"url": "/feeds/enable/1"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Disable feed:
POST
https://misp.local/feeds/disable/{feedId}
Response:
200:
{
"name": "Feed disabled.",
"message": "Feed disabled.",
"url": "/feeds/disable/1"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Cache feeds:
POST
https://misp.local/feeds/cacheFeeds/{cacheFeedsScope}
Response:
200:
{
"name": "Feed caching job initiated.",
"message": "Feed caching job initiated.",
"url": "/feeds/cacheFeed"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Fetch from feed by ID:
POST
https://misp.local/feeds/fetchFromFeed/{feedId}
Response:
200:
{
"result": "Pull queued for background execution."
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Fetch from all feeds:
POST
https://misp.local/feeds/fetchFromAllFeeds
Response:
200:
{
"result": "Pull queued for background execution."
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Object
[restSearch] Get a filtered and paginated list of objects:
POST
https://misp.local/objects/restsearch
Request:
{
"page": 1,
"limit": 0,
"quickFilter": "malware",
"searchall": "malware",
"timestamp": "1617875568",
"object_name": "ail-leak",
"object_template_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"object_template_version": "1",
"eventid": "12345",
"eventinfo": "logged source ip",
"ignore": false,
"from": "string",
"to": "string",
"date": "string",
"tags": [
"tlp:amber"
],
"last": 0,
"event_timestamp": "1617875568",
"publish_timestamp": "1617875568",
"org": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"value": "127.0.0.1",
"type": "md5",
"category": "Internal reference",
"object_relation": "filepath",
"attribute_timestamp": "1617875568",
"first_seen": "1581984000000000",
"last_seen": "1581984000000000",
"comment": "logged source ip",
"to_ids": true,
"published": false,
"deleted": false,
"withAttachments": false,
"enforceWarninglist": true,
"includeAllTags": false,
"includeEventUuid": false,
"include_event_uuid": false,
"includeEventTags": false,
"includeProposals": false,
"includeWarninglistHits": true,
"includeContext": true,
"includeSightings": true,
"includeSightingdb": true,
"includeCorrelations": true,
"includeDecayScore": false,
"includeFullModel": false,
"allow_proposal_blocking": false,
"metadata": true,
"attackGalaxy": "mitre-attack",
"excludeDecayed": false,
"decayingModel": "string",
"modelOverrides": {
"lifetime": 3,
"decay_speed": 2.3,
"threshold": 30,
"default_base_score": 80,
"base_score_config": {
"estimative-language:confidence-in-analytic-judgment": 0.25,
"estimative-language:likelihood-probability": 0.25,
"phishing:psychological-acceptability": 0.25,
"phishing:state": 0.2
}
},
"score": "string",
"returnFormat": "json"
}
Response:
200:
{
"response": [
{
"Object": {
"id": "12345",
"name": "ail-leak",
"meta-category": "string",
"description": "string",
"template_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"template_version": "1",
"event_id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "string",
"deleted": true,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000",
"Attribute": [
{
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
]
}
}
]
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Add an object to an event:
POST
https://misp.local/objects/add/{eventId}/{objectTemplateId}
Request:
{
"Attribute": [
{
"category": "Internal reference",
"value": "127.0.0.1",
"to_ids": true,
"disable_correlation": false,
"distribution": "0",
"comment": "logged source ip",
"object_relation": "sensor"
}
]
}
Response:
200:
{
"Object": {
"id": "12345",
"name": "ail-leak",
"meta-category": "string",
"description": "string",
"template_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"template_version": "1",
"event_id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "string",
"deleted": true,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000",
"Attribute": [
{
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
]
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get object by ID:
GET
https://misp.local/objects/view/{objectId}
Response:
200:
{
"Object": {
"id": "12345",
"name": "ail-leak",
"meta-category": "string",
"description": "string",
"template_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"template_version": "1",
"event_id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "string",
"deleted": true,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000",
"Attribute": [
{
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
],
"Event": {
"id": "12345",
"info": "logged source ip",
"org_id": "12345",
"orgc_id": "12345"
}
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Delete object:
DELETE
https://misp.local/objects/delete/{objectId}/{hardDelete}
Response:
200:
{
"saved": true,
"success": true,
"name": "Object deleted",
"message": "Object deleted",
"url": "/objects/delete/1"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
TAG
Get tags:
GET
https://misp.local/tags
Response:
200:
{
"Tag": [
{
"id": "12345",
"name": "tlp:white",
"colour": "#ffffff",
"exportable": true,
"org_id": "12345",
"user_id": "12345",
"hide_tag": false,
"numerical_value": "12345",
"is_galaxy": true,
"is_custom_galaxy": true,
"inherited": 1
}
]
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get tag by ID:
GET
https://misp.local/tags/view/{tagId}
Response:
200:
{
"id": "12345",
"name": "tlp:white",
"colour": "#ffffff",
"exportable": true,
"org_id": "12345",
"user_id": "12345",
"hide_tag": false,
"numerical_value": "12345",
"is_galaxy": true,
"is_custom_galaxy": true,
"inherited": 1
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Add tag:
POST
https://misp.local/tags/add
Response:
200:
{
"id": "12345",
"name": "tlp:white",
"colour": "#ffffff",
"exportable": true,
"org_id": "12345",
"user_id": "12345",
"hide_tag": false,
"numerical_value": "12345",
"is_galaxy": true,
"is_custom_galaxy": true,
"inherited": 1
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Delete tag:
POST
https://misp.local/tags/delete/{tagId}
Response:
200:
{
"name": "Tag deleted.",
"message": "Tag deleted.",
"url": "https://misppriv.circl.lu/tags/delete/1"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Edit tag:
POST
https://misp.local/tags/edit/{tagId}
Request:
{
"name": "tlp:white",
"colour": "#ffffff",
"exportable": true,
"org_id": "12345",
"user_id": "12345",
"hide_tag": false,
"numerical_value": "12345",
"is_galaxy": true,
"is_custom_galaxy": true,
"inherited": 1
}
Response:
200:
{
"Tag": {
"id": "12345",
"name": "tlp:white",
"colour": "#ffffff",
"exportable": true,
"org_id": "12345",
"user_id": "12345",
"hide_tag": false,
"numerical_value": "12345",
"is_galaxy": true,
"is_custom_galaxy": true,
"inherited": 1
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Search tag:
GET
https://misp.local/tags/search/{tagSearchTerm}
Response:
200:
[
{
"Tag": {
"id": "12345",
"name": "tlp:white",
"colour": "#ffffff",
"exportable": true,
"org_id": "12345",
"user_id": "12345",
"hide_tag": false,
"numerical_value": "12345",
"is_galaxy": true,
"is_custom_galaxy": true,
"inherited": 1
},
"Taxonomy": {
"id": "12345",
"namespace": "tlp",
"description": "Disclosure is not limited. Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction.",
"version": "5",
"enabled": true,
"exclusive": true,
"required": true
},
"TaxonomyPredicate": {
"id": "12345",
"taxonomy_id": "12345",
"value": "white",
"expanded": "(TLP:WHITE) Information can be shared publicly in accordance with the law.",
"colour": "#ffffff",
"description": "Disclosure is not limited. Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction.",
"exclusive": true,
"numerical_value": 0
}
}
]
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Sighting
Get sightings by event ID:
GET
https://misp.local/sightings/index/{eventId}
Response:
200:
{
"Tag": [
{
"id": "12345",
"name": "tlp:white",
"colour": "#ffffff",
"exportable": true,
"org_id": "12345",
"user_id": "12345",
"hide_tag": false,
"numerical_value": "12345",
"is_galaxy": true,
"is_custom_galaxy": true,
"inherited": 1
}
]
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Add sightings of a list of values:
POST
https://misp.local/sightings/add
Request:
{
"values": [
"127.0.0.1"
],
"timestamp": "1617875568",
"filters": {
"page": 1,
"limit": 0,
"value": "127.0.0.1",
"value1": "127.0.0.1",
"value2": "127.0.0.1",
"type": "md5",
"category": "Internal reference",
"org": "12345",
"tags": [
"tlp:amber"
],
"from": "string",
"to": "string",
"last": 0,
"eventid": "12345",
"withAttachments": false,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"publish_timestamp": "1617875568",
"published": false,
"timestamp": "1617875568",
"attribute_timestamp": "1617875568",
"enforceWarninglist": true,
"to_ids": true,
"deleted": false,
"event_timestamp": "1617875568",
"threat_level_id": "1",
"eventinfo": "string",
"sharinggroup": [
"1"
],
"decayingModel": "string",
"score": "string",
"first_seen": "string",
"last_seen": "string",
"includeEventUuid": false,
"includeEventTags": false,
"includeProposals": false,
"requested_attributes": [
"id"
],
"includeContext": true,
"headerless": true,
"includeWarninglistHits": true,
"attackGalaxy": "mitre-attack",
"object_relation": "filepath",
"includeSightings": true,
"includeCorrelations": true,
"modelOverrides": {
"lifetime": 3,
"decay_speed": 2.3,
"threshold": 30,
"default_base_score": 80,
"base_score_config": {
"estimative-language:confidence-in-analytic-judgment": 0.25,
"estimative-language:likelihood-probability": 0.25,
"phishing:psychological-acceptability": 0.25,
"phishing:state": 0.2
}
},
"includeDecayScore": false,
"includeFullModel": false,
"excludeDecayed": false,
"returnFormat": "json"
}
}
Response:
200:
{
"id": "12345",
"attribute_id": "12345",
"event_id": "12345",
"org_id": "12345",
"date_sighting": "1617875568",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"source": "string",
"type": "string",
"attribute_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"Organisation": {
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"name": "ORGNAME"
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Add sighting of an attribute:
POST
https://misp.local/sightings/add/{attributeId}
Response:
200:
{
"id": "12345",
"attribute_id": "12345",
"event_id": "12345",
"org_id": "12345",
"date_sighting": "1617875568",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"source": "string",
"type": "string",
"attribute_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"Organisation": {
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"name": "ORGNAME"
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Delete sighting:
POST
https://misp.local/sightings/delete/{sightingId}
Response:
200:
{
"saved": true,
"success": true,
"name": "Sighting successfully deleted.",
"message": "Sighting successfully deleted.",
"url": "/sightings/delete/1"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Warninglist
Get a list of warninglists:
POST
https://misp.local/warninglists
Response:
200:
{
"Warninglists": [
{
"Warninglist": {
"id": "3",
"name": "List of known domains to know external IP",
"type": "cidr",
"description": "string",
"version": "10",
"enabled": true,
"warninglist_entry_count": "1234",
"valid_attributes": "domain, hostname, domain|ip, uri, url",
"WarninglistEntry": [
{
"id": "1234",
"value": "10.128.0.0/24",
"warninglist_id": "3"
}
]
}
}
]
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Search warninglists:
POST
https://misp.local/warninglists
Response:
200:
{
"Warninglists": [
{
"Warninglist": {
"id": "3",
"name": "List of known domains to know external IP",
"type": "cidr",
"description": "string",
"version": "10",
"enabled": true,
"warninglist_entry_count": "1234",
"valid_attributes": "domain, hostname, domain|ip, uri, url",
"WarninglistEntry": [
{
"id": "1234",
"value": "10.128.0.0/24",
"warninglist_id": "3"
}
]
}
}
]
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Enable/disable warninglists:
POST
https://misp.local/warninglists/toggleEnable
Response:
200:
{
"saved": true,
"success": "1 warninglist(s) disabled"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get warninglist by ID:
GET
https://misp.local/warninglists/view/{warninglistId}
Response:
200:
{
"Warninglist": {
"id": "3",
"name": "List of known domains to know external IP",
"type": "cidr",
"description": "string",
"version": "10",
"enabled": true,
"warninglist_entry_count": "1234",
"valid_attributes": "domain, hostname, domain|ip, uri, url",
"WarninglistEntry": [
{
"id": "1234",
"value": "10.128.0.0/24",
"warninglist_id": "3"
}
]
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Check if a list of values matches any warninglists:
POST
https://misp.local/warninglists/checkValue
Request:
[
"10.128.0.2"
]
Response:
200:
{
"10.128.0.2": [
{
"id": "10",
"name": "List of known Wikimedia address ranges"
}
]
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Update warninglists:
POST
https://misp.local/warninglists/update
Response:
200:
{
"saved": true,
"success": true,
"name": "Successfully updated 1 warninglists.",
"message": "Successfully updated 1 warninglists.",
"url": "/warninglists/update"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Noticelist
Get a list of noticelists
GET
https://misp.local/warninglists
Response:
200:
[
{
"Noticelist": {
"id": "3",
"name": "List of known domains to know external IP",
"type": "cidr",
"description": "string",
"version": "10",
"enabled": true,
"warninglist_entry_count": "1234",
"valid_attributes": "domain, hostname, domain|ip, uri, url",
"NoticelistEntry": [
{
"id": "1234",
"noticelist_id": "3",
"data": {
"scope": [
"attribute"
],
"field": [
"category"
],
"value": [
"Person"
],
"tags": [
"tlp:white"
],
"message": {
"en": "This attribute is likely to contain personal data and the data subject is likely to be directly identifiable."
}
}
}
]
}
}
]
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get a noticelist by ID:
GET
https://misp.local/warninglists
Response:
200:
{
"Noticelist": {
"id": "3",
"name": "List of known domains to know external IP",
"type": "cidr",
"description": "string",
"version": "10",
"enabled": true,
"warninglist_entry_count": "1234",
"valid_attributes": "domain, hostname, domain|ip, uri, url",
"NoticelistEntry": [
{
"id": "1234",
"noticelist_id": "3",
"data": {
"scope": [
"attribute"
],
"field": [
"category"
],
"value": [
"Person"
],
"tags": [
"tlp:white"
],
"message": {
"en": "This attribute is likely to contain personal data and the data subject is likely to be directly identifiable."
}
}
}
]
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Enable/disable noticelist:
POST
https://misp.local/warninglists
Response:
200:
{
"saved": true,
"success": true,
"name": "Noticelist enabled.",
"message": "Noticelist enabled.",
"url": "/noticelists/toggleEnable/1"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Update noticelists:
POST
https://misp.local/noticelists/update
Response:
200:
{
"saved": true,
"success": true,
"name": "Successfully updated 1 noticelists.",
"message": "Successfully updated 1 noticelists.",
"url": "/noticelists/update"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Log
Get instance logs
POST
https://misp.local/admin/logs
Request:
{
"page": 1,
"limit": 0,
"id": "12345",
"title": "Attribute (448272) from Event (1): Other/text foo",
"created": "string",
"model": "AdminSetting",
"model_id": "12345",
"action": "accept",
"user_id": "12345",
"change": "%name () => (ORGNAME)%",
"email": "user@example.com",
"org": "ORG_%",
"description": "%updated by User%",
"ip": "string"
}
Response:
200:
[
{
"Log": {
"id": "12345",
"title": "Attribute (448272) from Event (1): Other/text foo",
"created": "string",
"model": "AdminSetting",
"model_id": "12345",
"action": "accept",
"user_id": "12345",
"change": "name () => (ORGNAME)",
"email": "user@example.com",
"org": "ORGNAME",
"description": "Organisation \"ORGNAME\" (1) added by User \"SYSTEM\" (0).",
"ip": "10.0.0.10"
}
}
]
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Auth key
Get auth keys:
POST
https://misp.local/auth_keys
Request:
[
{
"AuthKey": {
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"authkey_start": "stri",
"authkey_end": "stri",
"created": "1617875568",
"expiration": "1970-01-01 00:00:00",
"read_only": true,
"user_id": "12345",
"comment": "string",
"allowed_ips": [
"127.0.0.1"
],
"last_used": "1617875568"
},
"User": {
"id": "12345",
"email": "user@example.com"
}
}
]
Response:
200:
[
{
"Log": {
"id": "12345",
"title": "Attribute (448272) from Event (1): Other/text foo",
"created": "string",
"model": "AdminSetting",
"model_id": "12345",
"action": "accept",
"user_id": "12345",
"change": "name () => (ORGNAME)",
"email": "user@example.com",
"org": "ORGNAME",
"description": "Organisation \"ORGNAME\" (1) added by User \"SYSTEM\" (0).",
"ip": "10.0.0.10"
}
}
]
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Search auth keys:
POST
https://misp.local/auth_keys
Request:
{
"page": 1,
"limit": 0,
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"authkey_start": "string",
"authkey_end": "string",
"created": "string",
"expiration": "string",
"read_only": true,
"user_id": "12345",
"comment": "string",
"allowed_ips": "[\"127.0.0.1\",\"127.0.0.2\"]",
"last_used": "string"
}
Response:
200:
[
{
"AuthKey": {
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"authkey_start": "stri",
"authkey_end": "stri",
"created": "1617875568",
"expiration": "1970-01-01 00:00:00",
"read_only": true,
"user_id": "12345",
"comment": "string",
"allowed_ips": [
"127.0.0.1"
],
"last_used": "1617875568"
},
"User": {
"id": "12345",
"email": "user@example.com"
}
}
]
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Add auth keys:
POST
https://misp.local/auth_keys/add/{userId}
Request:
{
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"read_only": true,
"user_id": "12345",
"comment": "string",
"allowed_ips": [
"127.0.0.1"
]
}
Response:
200:
{
"AuthKey": {
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"authkey_start": "stri",
"authkey_end": "stri",
"created": "1617875568",
"expiration": "1970-01-01 00:00:00",
"read_only": true,
"user_id": "12345",
"comment": "string",
"allowed_ips": [
"127.0.0.1"
],
"last_used": "1617875568"
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
View auth key:
GET
https://misp.local/auth_keys/add/{userId}
Response:
200:
{
"AuthKey": {
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"authkey_start": "stri",
"authkey_end": "stri",
"created": "1617875568",
"expiration": "1970-01-01 00:00:00",
"read_only": true,
"user_id": "12345",
"comment": "string",
"allowed_ips": [
"127.0.0.1"
],
"last_used": "1617875568"
},
"User": {
"id": "12345",
"org_id": "12345",
"email": "user@example.com"
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Edit auth key:
POST
https://misp.local/auth_keys/add/{userId}
Request:
{
"read_only": true,
"comment": "string",
"allowed_ips": [
"127.0.0.1"
]
}
Response:
200:
{
"AuthKey": {
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"authkey_start": "stri",
"authkey_end": "stri",
"created": "1617875568",
"expiration": "1970-01-01 00:00:00",
"read_only": true,
"user_id": "12345",
"comment": "string",
"allowed_ips": [
"127.0.0.1"
],
"last_used": "1617875568"
},
"User": {
"id": "12345",
"org_id": "12345",
"email": "user@example.com"
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Delete auth key:
DELETE
https://misp.local/auth_keys/delete/{authKeyId}
Response:
200:
{
"saved": true,
"success": true,
"name": "AuthKey deleted.",
"message": "AuthKey deleted.",
"url": "/auth_keys/delete/1234"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
UserSettings
Get user settings:
GET
https://misp.local/user_settings
Response:
200:
[
{
"UserSetting": {
"id": "12345",
"setting": "publish_alert_filter",
"value": {
"widget": "MispStatusWidget",
"position": {
"x": "0",
"y": "0",
"width": "2",
"height": "2"
}
},
"user_id": "12345",
"timestamp": "1617875568"
}
}
]
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Search user settings:
POST
https://misp.local/user_settings
Request:
{
"id": "12345",
"setting": "publish_alert_filter",
"user_id": "12345"
}
Response:
200:
[
{
"UserSetting": {
"id": "12345",
"setting": "publish_alert_filter",
"value": {
"widget": "MispStatusWidget",
"position": {
"x": "0",
"y": "0",
"width": "2",
"height": "2"
}
},
"user_id": "12345",
"timestamp": "1617875568"
}
}
]
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get user setting by id:
GET
https://misp.local/user_settings/view/{userSettingId}
Response:
200:
{
"UserSetting": {
"id": "12345",
"setting": "publish_alert_filter",
"value": {
"widget": "MispStatusWidget",
"position": {
"x": "0",
"y": "0",
"width": "2",
"height": "2"
}
},
"user_id": "12345",
"timestamp": "1617875568"
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Set user setting:
POST
https://misp.local/user_settings/setSetting/{userId}/{userSettingName}
Request:
{
"widget": "MispStatusWidget",
"position": {
"x": "0",
"y": "0",
"width": "2",
"height": "2"
}
}
Response:
200:
{
"UserSetting": {
"id": "12345",
"setting": "publish_alert_filter",
"value": {
"widget": "MispStatusWidget",
"position": {
"x": "0",
"y": "0",
"width": "2",
"height": "2"
}
},
"user_id": "12345",
"timestamp": "1617875568"
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get user setting by id:
GET
https://misp.local/user_settings/getSetting/{userId}/{userSettingName}
Response:
200:
{
"UserSetting": {
"id": "12345",
"setting": "publish_alert_filter",
"value": {
"widget": "MispStatusWidget",
"position": {
"x": "0",
"y": "0",
"width": "2",
"height": "2"
}
},
"user_id": "12345",
"timestamp": "1617875568"
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Delete user setting by id:
DELETE
https://misp.local/user_settings/delete/{userSettingId}
Response:
200:
{
"saved": true,
"success": true,
"name": "Setting deleted.",
"message": "Setting deleted.",
"url": "/user_settings/delete/1234"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Taxonomy
Get taxonomies:
GET
https://misp.local/taxonomies
Response:
200:
[
{
"Taxonomy": {
"id": "12345",
"namespace": "tlp",
"description": "Disclosure is not limited. Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction.",
"version": "5",
"enabled": true,
"exclusive": true,
"required": true
},
"total_count": 0,
"current_count": 0
}
]
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get a taxonomy by ID:
GET
https://misp.local/taxonomies/view/{taxonomyIdParameter}
Response:
200:
{
"Taxonomy": {
"id": "12345",
"namespace": "tlp",
"description": "Disclosure is not limited. Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction.",
"version": "5",
"enabled": true,
"exclusive": true,
"required": true
},
"entries": [
{
"tag": "tlp:white",
"expanded": "string",
"description": "string",
"exclusive_predicate": true,
"existing_tag": true
}
]
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Enable taxonomy:
POST
https://misp.local/taxonomies/enable/{taxonomyIdParameter}
Response:
200:
{
"saved": true,
"success": true,
"name": "Taxonomy enabled",
"message": "Taxonomy enabled",
"url": "/taxonomies/enable/1234"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Disable taxonomy:
POST
https://misp.local/taxonomies/disable/{taxonomyIdParameter}
Response:
200:
{
"saved": true,
"success": true,
"name": "Taxonomy disabled",
"message": "Taxonomy disabled",
"url": "/taxonomies/disabled/1234"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Update taxonomies:
POST
https://misp.local/taxonomies/update
Response:
200:
{
"saved": true,
"success": true,
"name": "Successfully updated 120 taxonomy libraries.",
"message": "Successfully updated 120 taxonomy libraries.",
"url": "/taxonomies/update"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get a taxonomy extended with tags used in events and attributes:
GET
https://misp.local/taxonomies/taxonomy_tags/{taxonomyIdParameter}
Response:
200:
{
"Taxonomy": {
"id": "12345",
"namespace": "tlp",
"description": "Disclosure is not limited. Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction.",
"version": "5",
"enabled": true,
"exclusive": true,
"required": true
},
"entries": [
{
"org_id": "12345",
"server_id": "12345",
"email": "user@example.com",
"autoalert": true,
"authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
"invited_by": "12345",
"gpgkey": "string",
"certif_public": "string",
"nids_sid": "4000000",
"termsaccepted": true,
"newsread": "1617875568",
"role_id": "3",
"change_pw": "0",
"contactalert": true,
"disabled": true,
"expiration": "2019-08-24T14:15:22Z",
"current_login": "1617875568",
"last_login": "1617875568",
"force_logout": true,
"date_created": "1617875568",
"date_modified": "1617875568",
"events": 0,
"attributes": 0
}
]
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Export taxonomy:
GET
https://misp.local/taxonomies/export/{taxonomyIdParameter}
Response:
200:
{
"namespace": "tlp",
"description": "Disclosure is not limited. Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction.",
"version": 0,
"exclusive": true,
"predicates": [
{
"value": "white",
"expanded": "(TLP:WHITE) Information can be shared publicly in accordance with the law."
}
],
"values": [
{
"predicate": "white",
"entry": [
{
"value": "spam",
"expanded": "spam",
"description": "Spam or ‘unsolicited bulk e-mail’, meaning that the recipient has not granted verifiable permission for the message to be sent and that the message is sent as part of a larger collection of messages, all having identical content."
}
]
}
]
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}