API Request ve Response Örnekleri

Analyst Data

Add analyst data:

POST

https://misp.local/analystData/add/{analystType}/{objectUUID}/{ObjectType}

Response:

200:

AnalystNote:

{
  "note": "Provide more context",
  "language": "fr-BE",
  "note_type_name": "Note",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "object_type": "Attribute",
  "authors": "john.doe@admin.test",
  "org_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "orgc_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "created": "2024-03-19 11:10:24",
  "modified": "2024-03-19 11:10:24",
  "distribution": "0",
  "sharing_group_id": "1",
  "locked": true
}

AnalystOpinion:

{
  "comment": "Provide more context",
  "opinion": 70,
  "note_type_name": "Opinion",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "object_type": "Attribute",
  "authors": "john.doe@admin.test",
  "org_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "orgc_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "created": "2024-03-19 11:10:24",
  "modified": "2024-03-19 11:10:24",
  "distribution": "0",
  "sharing_group_id": "1",
  "locked": true
}


AnalystRelationship:

{
  "related_object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "related_object_type": "Attribute",
  "relationship_type": "related-to",
  "note_type_name": "Relationship",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "object_type": "Attribute",
  "authors": "john.doe@admin.test",
  "org_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "orgc_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "created": "2024-03-19 11:10:24",
  "modified": "2024-03-19 11:10:24",
  "distribution": "0",
  "sharing_group_id": "1",
  "locked": true
}


403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Edit analyst data:

POST

https://misp.local/analystData/edit/{analystType}/{analystDataID}

Response:

200:

AnalystNote:

{
  "note": "Provide more context",
  "language": "fr-BE",
  "note_type_name": "Note",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "object_type": "Attribute",
  "authors": "john.doe@admin.test",
  "org_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "orgc_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "created": "2024-03-19 11:10:24",
  "modified": "2024-03-19 11:10:24",
  "distribution": "0",
  "sharing_group_id": "1",
  "locked": true
}


AnalystOpinion:

{
  "comment": "Provide more context",
  "opinion": 70,
  "note_type_name": "Opinion",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "object_type": "Attribute",
  "authors": "john.doe@admin.test",
  "org_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "orgc_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "created": "2024-03-19 11:10:24",
  "modified": "2024-03-19 11:10:24",
  "distribution": "0",
  "sharing_group_id": "1",
  "locked": true
}


AnalystRelationship:

{
  "related_object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "related_object_type": "Attribute",
  "relationship_type": "related-to",
  "note_type_name": "Relationship",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "object_type": "Attribute",
  "authors": "john.doe@admin.test",
  "org_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "orgc_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "created": "2024-03-19 11:10:24",
  "modified": "2024-03-19 11:10:24",
  "distribution": "0",
  "sharing_group_id": "1",
  "locked": true
}


403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}


Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Delete Analyst data:

DELETE

https://misp.local/analystData/delete/{analystType}/{analystDataID}

Response:

200:

{
  "message": "Analyst Note deleted."
}


403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

List Analyst data:

GET

https://misp.local/analystData/delete/{analystType}/{analystDataID}

Response:

200:

[
  {
    "note": "Provide more context",
    "language": "fr-BE",
    "note_type_name": "Note",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "object_type": "Attribute",
    "authors": "john.doe@admin.test",
    "org_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "orgc_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "created": "2024-03-19 11:10:24",
    "modified": "2024-03-19 11:10:24",
    "distribution": "0",
    "sharing_group_id": "1",
    "locked": true
  }
]


403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}}

Get Analyst Data by ID:

GET

https://misp.local/analystData/view/{analystType}/{analystDataID}

Response:

200:

AnalystNote:

{
  "note": "Provide more context",
  "language": "fr-BE",
  "note_type_name": "Note",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "object_type": "Attribute",
  "authors": "john.doe@admin.test",
  "org_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "orgc_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "created": "2024-03-19 11:10:24",
  "modified": "2024-03-19 11:10:24",
  "distribution": "0",
  "sharing_group_id": "1",
  "locked": true
}


AnalystOpinion:

{
  "comment": "Provide more context",
  "opinion": 70,
  "note_type_name": "Opinion",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "object_type": "Attribute",
  "authors": "john.doe@admin.test",
  "org_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "orgc_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "created": "2024-03-19 11:10:24",
  "modified": "2024-03-19 11:10:24",
  "distribution": "0",
  "sharing_group_id": "1",
  "locked": true
}


AnalystRelationship:

{
  "related_object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "related_object_type": "Attribute",
  "relationship_type": "related-to",
  "note_type_name": "Relationship",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "object_type": "Attribute",
  "authors": "john.doe@admin.test",
  "org_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "orgc_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "created": "2024-03-19 11:10:24",
  "modified": "2024-03-19 11:10:24",
  "distribution": "0",
  "sharing_group_id": "1",
  "locked": true
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

 

 


Attributes

[restSearch] Get a filtered and paginated list of attributes:

POST

https://misp.local/attributes/restSearch

Resquest:
{
  "page": 1,
  "limit": 0,
  "value": "127.0.0.1",
  "value1": "127.0.0.1",
  "value2": "127.0.0.1",
  "type": "md5",
  "category": "Internal reference",
  "org": "12345",
  "tags": [
    "tlp:amber"
  ],
  "from": "string",
  "to": "string",
  "last": 0,
  "eventid": "12345",
  "withAttachments": false,
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "publish_timestamp": "1617875568",
  "published": false,
  "timestamp": "1617875568",
  "attribute_timestamp": "1617875568",
  "enforceWarninglist": true,
  "to_ids": true,
  "deleted": false,
  "event_timestamp": "1617875568",
  "threat_level_id": "1",
  "eventinfo": "string",
  "sharinggroup": [
    "1"
  ],
  "decayingModel": "string",
  "score": "string",
  "first_seen": "string",
  "last_seen": "string",
  "includeEventUuid": false,
  "includeEventTags": false,
  "includeProposals": false,
  "requested_attributes": [
    "id"
  ],
  "includeContext": true,
  "headerless": true,
  "includeWarninglistHits": true,
  "attackGalaxy": "mitre-attack",
  "object_relation": "filepath",
  "includeSightings": true,
  "includeCorrelations": true,
  "modelOverrides": {
    "lifetime": 3,
    "decay_speed": 2.3,
    "threshold": 30,
    "default_base_score": 80,
    "base_score_config": {
      "estimative-language:confidence-in-analytic-judgment": 0.25,
      "estimative-language:likelihood-probability": 0.25,
      "phishing:psychological-acceptability": 0.25,
      "phishing:state": 0.2
    }
  },
  "includeDecayScore": false,
  "includeFullModel": false,
  "excludeDecayed": false,
  "returnFormat": "json"
}
Response: 

200: 

{
  "response": {
    "Attribute": [
      {
        "id": "12345",
        "event_id": "12345",
        "object_id": "12345",
        "object_relation": "sensor",
        "category": "Internal reference",
        "type": "md5",
        "value": "127.0.0.1",
        "to_ids": true,
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "timestamp": "1617875568",
        "distribution": "0",
        "sharing_group_id": "1",
        "comment": "logged source ip",
        "deleted": false,
        "disable_correlation": false,
        "first_seen": "1581984000000000",
        "last_seen": "1581984000000000",
        "data": "string",
        "event_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "decay_score": [
          {
            "score": 10.5,
            "base_score": 80,
            "decayed": true,
            "DecayingModel": {
              "id": "12345",
              "name": "Phishing model"
            }
          }
        ],
        "Event": {
          "id": "12345",
          "org_id": "12345",
          "distribution": "0",
          "info": "logged source ip",
          "orgc_id": "12345",
          "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
          "date": "1991-01-15",
          "published": false,
          "analysis": "0",
          "attribute_count": "321",
          "timestamp": "1617875568",
          "sharing_group_id": "1",
          "proposal_email_lock": true,
          "locked": true,
          "threat_level_id": "1",
          "publish_timestamp": "1617875568",
          "sighting_timestamp": "1617875568",
          "disable_correlation": false,
          "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
          "event_creator_email": "user@example.com"
        },
        "Object": {
          "id": "12345",
          "name": "ail-leak",
          "meta-category": "string",
          "description": "string",
          "template_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
          "template_version": "1",
          "event_id": "12345",
          "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
          "timestamp": "1617875568",
          "distribution": "0",
          "sharing_group_id": "1",
          "comment": "string",
          "deleted": true,
          "first_seen": "1581984000000000",
          "last_seen": "1581984000000000",
          "Attribute": [
            {
              "id": "12345",
              "event_id": "12345",
              "object_id": "12345",
              "object_relation": "sensor",
              "category": "Internal reference",
              "type": "md5",
              "value": "127.0.0.1",
              "to_ids": true,
              "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
              "timestamp": "1617875568",
              "distribution": "0",
              "sharing_group_id": "1",
              "comment": "logged source ip",
              "deleted": false,
              "disable_correlation": false,
              "first_seen": "1581984000000000",
              "last_seen": "1581984000000000"
            }
          ]
        },
        "Tag": [
          {
            "id": "12345",
            "name": "tlp:white",
            "colour": "#ffffff",
            "exportable": true,
            "org_id": "12345",
            "user_id": "12345",
            "hide_tag": false,
            "numerical_value": "12345",
            "is_galaxy": true,
            "is_custom_galaxy": true,
            "inherited": 1
          }
        ]
      }
    ]
  }
}

403: 

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default: 

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Add an attribute:

POST

https://misp.local/attributes/add/{eventId}

Resquest:
{
  "event_id": "12345",
  "object_id": "12345",
  "object_relation": "sensor",
  "category": "Internal reference",
  "type": "md5",
  "value": "127.0.0.1",
  "to_ids": true,
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "timestamp": "1617875568",
  "distribution": "0",
  "sharing_group_id": "1",
  "comment": "logged source ip",
  "deleted": false,
  "disable_correlation": false,
  "first_seen": "1581984000000000",
  "last_seen": "1581984000000000"
}
Response: 

200: 

{
  "Attribute": {
    "id": "12345",
    "event_id": "12345",
    "object_id": "12345",
    "object_relation": "sensor",
    "category": "Internal reference",
    "type": "md5",
    "value": "127.0.0.1",
    "to_ids": true,
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "timestamp": "1617875568",
    "distribution": "0",
    "sharing_group_id": "1",
    "comment": "logged source ip",
    "deleted": false,
    "disable_correlation": false,
    "first_seen": "1581984000000000",
    "last_seen": "1581984000000000"
  }
}

403: 

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default: 

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Edit an attribute:

PUT

https://misp.local/attributes/edit/{attributeId}

Resquest:
{
  "id": "12345",
  "event_id": "12345",
  "object_id": "12345",
  "object_relation": "sensor",
  "category": "Internal reference",
  "type": "md5",
  "value": "127.0.0.1",
  "to_ids": true,
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "timestamp": "1617875568",
  "distribution": "0",
  "sharing_group_id": "1",
  "comment": "logged source ip",
  "deleted": false,
  "disable_correlation": false,
  "first_seen": "1581984000000000",
  "last_seen": "1581984000000000"
}
Response: 

200: 

{
  "Attribute": {
    "id": "12345",
    "event_id": "12345",
    "object_id": "12345",
    "object_relation": "sensor",
    "category": "Internal reference",
    "type": "md5",
    "value": "127.0.0.1",
    "to_ids": true,
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "timestamp": "1617875568",
    "distribution": "0",
    "sharing_group_id": "1",
    "comment": "logged source ip",
    "deleted": false,
    "disable_correlation": false,
    "first_seen": "1581984000000000",
    "last_seen": "1581984000000000"
  }
}

403: 

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404: 

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default: 

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Delete an attribute:

DELETE

https://misp.local/attributes/delete/{attributeId}

Response: 

200: 

{
  "message": "Attribute deleted."
}

403: 

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404: 

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default: 

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Restore an attribute:

POST

https://misp.local/attributes/restore/{attributeId}

Response: 

200: 

{
  "Attribute": {
    "id": "12345",
    "event_id": "12345",
    "object_id": "12345",
    "object_relation": "sensor",
    "category": "Internal reference",
    "type": "md5",
    "value": "127.0.0.1",
    "to_ids": true,
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "timestamp": "1617875568",
    "distribution": "0",
    "sharing_group_id": "1",
    "comment": "logged source ip",
    "deleted": false,
    "disable_correlation": false,
    "first_seen": "1581984000000000",
    "last_seen": "1581984000000000"
  }
}

403: 

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404: 

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default: 

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Add a tag to an attribute:

POST

https://misp.local/attributes/addTag/{attributeId}/{tagId}/local:{local}

Response: 

200: 

{
  "saved": true,
  "success": "Tag added.",
  "check_publish": true,
  "errors": "Tag could not be added."
}

403: 

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404: 

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default: 

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Remove a tag from an attribute:

POST

https://misp.local/attributes/removeTag/{attributeId}/{tagId}

Response: 

200: 

{
  "saved": true,
  "success": "Tag removed.",
  "check_publish": true,
  "errors": "Tag could not be added."
}

403: 

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404: 

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default: 

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get a list of attributes:

GET

https://misp.local/attributes

Response: 

200: 

[
  {
    "id": "12345",
    "event_id": "12345",
    "object_id": "12345",
    "object_relation": "sensor",
    "category": "Internal reference",
    "type": "md5",
    "value": "127.0.0.1",
    "to_ids": true,
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "timestamp": "1617875568",
    "distribution": "0",
    "sharing_group_id": "1",
    "comment": "logged source ip",
    "deleted": false,
    "disable_correlation": false,
    "first_seen": "1581984000000000",
    "last_seen": "1581984000000000"
  }
]

403: 

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default: 

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get the count of attributes per category:

GET

https://misp.local/attributes/attributeStatistics/{context}/{percentage}

Response: 

200: 

[
  {
    "Antivirus detection": "10"
  },
  {
    "Artifacts dropped": "20"
  }
]

403: 

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default: 

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get a list of the available attribute types:

GET

https://misp.local/attributes/describeTypes

Response: 

200: 

{
  "sane_defaults": {
    "md5": {
      "default_category": "Payload delivery",
      "to_ids": 1
    },
    "pdb": {
      "default_category": "Artifacts dropped",
      "to_ids": 0
    }
  },
  "types": [
    "md5"
  ],
  "categories": [
    "Internal reference"
  ],
  "category_type_mappings": {
    "Internal reference": [
      "text",
      "link",
      "comment",
      "other"
    ],
    "Antivirus detection": [
      "link",
      "comment",
      "text",
      "hex",
      "other"
    ]
  }
}

403: 

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default: 

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

 

Events

[restSearch] Get a filtered and paginated list of events:

POST

https://misp.local/events/restSearch

Request:
{
  "page": 1,
  "limit": 0,
  "value": "127.0.0.1",
  "type": "md5",
  "category": "Internal reference",
  "org": "12345",
  "tags": [
    "tlp:amber"
  ],
  "event_tags": [
    "tlp:amber"
  ],
  "searchall": "malware",
  "from": "string",
  "to": "string",
  "last": 0,
  "eventid": "12345",
  "withAttachments": false,
  "sharinggroup": [
    "1"
  ],
  "metadata": true,
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "publish_timestamp": "1617875568",
  "timestamp": "1617875568",
  "published": false,
  "enforceWarninglist": true,
  "sgReferenceOnly": true,
  "requested_attributes": [
    "id"
  ],
  "includeContext": true,
  "headerless": true,
  "includeWarninglistHits": true,
  "attackGalaxy": "mitre-attack",
  "to_ids": true,
  "deleted": false,
  "excludeLocalTags": true,
  "date": "string",
  "includeSightingdb": true,
  "tag": "tlp:white",
  "object_relation": "filepath",
  "threat_level_id": "1",
  "returnFormat": "json"
}
Resquest:

200:

{
  "response": [
    {
      "Event": {
        "id": "12345",
        "org_id": "12345",
        "distribution": "0",
        "info": "logged source ip",
        "orgc_id": "12345",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "date": "1991-01-15",
        "published": false,
        "analysis": "0",
        "attribute_count": "321",
        "timestamp": "1617875568",
        "sharing_group_id": "1",
        "proposal_email_lock": true,
        "locked": true,
        "threat_level_id": "1",
        "publish_timestamp": "1617875568",
        "sighting_timestamp": "1617875568",
        "disable_correlation": false,
        "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "event_creator_email": "user@example.com",
        "Feed": {
          "id": "3",
          "name": "CIRCL OSINT Feed",
          "provider": "CIRCL",
          "url": "https://www.circl.lu/doc/misp/feed-osint",
          "rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
          "enabled": true,
          "distribution": "0",
          "sharing_group_id": "1",
          "tag_id": "12345",
          "default": true,
          "source_format": "1",
          "fixed_event": true,
          "delta_merge": true,
          "event_id": "12345",
          "publish": false,
          "override_ids": true,
          "settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\"\"},\"common\":{\"excluderegex\":\"\"},\"disable_correlation\":\"1\"}",
          "input_source": "local",
          "delete_local_file": true,
          "lookup_visible": true,
          "headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
          "caching_enabled": true,
          "force_to_ids": true,
          "orgc_id": "12345",
          "cache_timestamp": "1617875568"
        },
        "Org": {
          "id": "12345",
          "name": "ORGNAME",
          "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
        },
        "Orgc": {
          "id": "12345",
          "name": "ORGNAME",
          "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
        },
        "Attribute": [
          {
            "id": "12345",
            "event_id": "12345",
            "object_id": "12345",
            "object_relation": "sensor",
            "category": "Internal reference",
            "type": "md5",
            "value": "127.0.0.1",
            "to_ids": true,
            "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
            "timestamp": "1617875568",
            "distribution": "0",
            "sharing_group_id": "1",
            "comment": "logged source ip",
            "deleted": false,
            "disable_correlation": false,
            "first_seen": "1581984000000000",
            "last_seen": "1581984000000000"
          }
        ],
        "ShadowAttribute": [
          {
            "id": "12345",
            "event_id": "12345",
            "object_id": "12345",
            "object_relation": "sensor",
            "category": "Internal reference",
            "type": "md5",
            "value": "127.0.0.1",
            "to_ids": true,
            "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
            "timestamp": "1617875568",
            "distribution": "0",
            "sharing_group_id": "1",
            "comment": "logged source ip",
            "deleted": false,
            "disable_correlation": false,
            "first_seen": "1581984000000000",
            "last_seen": "1581984000000000"
          }
        ],
        "RelatedEvent": [
          {}
        ],
        "Galaxy": [
          {
            "id": "12345",
            "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
            "name": "Ransomware",
            "type": "ransomware",
            "description": "Ransomware galaxy based on ...",
            "version": "1",
            "icon": "globe",
            "namespace": "misp",
            "kill_chain_order": {
              "fraud-tactics": [
                "Initiation",
                "Target Compromise",
                "Perform Fraud",
                "Obtain Fraudulent Assets",
                "Assets Transfer",
                "Monetisation"
              ]
            }
          }
        ],
        "Object": [
          {
            "id": "12345",
            "name": "ail-leak",
            "meta-category": "string",
            "description": "string",
            "template_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
            "template_version": "1",
            "event_id": "12345",
            "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
            "timestamp": "1617875568",
            "distribution": "0",
            "sharing_group_id": "1",
            "comment": "string",
            "deleted": true,
            "first_seen": "1581984000000000",
            "last_seen": "1581984000000000",
            "Attribute": [
              {
                "id": "12345",
                "event_id": "12345",
                "object_id": "12345",
                "object_relation": "sensor",
                "category": "Internal reference",
                "type": "md5",
                "value": "127.0.0.1",
                "to_ids": true,
                "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
                "timestamp": "1617875568",
                "distribution": "0",
                "sharing_group_id": "1",
                "comment": "logged source ip",
                "deleted": false,
                "disable_correlation": false,
                "first_seen": "1581984000000000",
                "last_seen": "1581984000000000"
              }
            ]
          }
        ],
        "EventReport": [
          {
            "id": "12345",
            "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
            "event_id": "12345",
            "name": "Report of the incident",
            "content": "string",
            "distribution": "0",
            "sharing_group_id": "1",
            "timestamp": "1617875568",
            "deleted": false
          }
        ],
        "Tag": [
          {
            "id": "12345",
            "name": "tlp:white",
            "colour": "#ffffff",
            "exportable": true,
            "org_id": "12345",
            "user_id": "12345",
            "hide_tag": false,
            "numerical_value": "12345",
            "is_galaxy": true,
            "is_custom_galaxy": true,
            "inherited": 1
          }
        ],
        "Event": {
          "id": "12345",
          "timestamp": "1617875568",
          "sighting_timestamp": "1617875568",
          "published": false,
          "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
          "orgc_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
        }
      }
    }
  ]
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default: 

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Add event:

POST

https://misp.local/events/add

Request: 
{
  "org_id": "12345",
  "distribution": "0",
  "info": "logged source ip",
  "orgc_id": "12345",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "date": "1991-01-15",
  "published": false,
  "analysis": "0",
  "attribute_count": "321",
  "timestamp": "1617875568",
  "sharing_group_id": "1",
  "proposal_email_lock": true,
  "locked": true,
  "threat_level_id": "1",
  "publish_timestamp": "1617875568",
  "sighting_timestamp": "1617875568",
  "disable_correlation": false,
  "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "event_creator_email": "user@example.com"
}
Response:

200:

{
  "Event": {
    "id": "12345",
    "org_id": "12345",
    "distribution": "0",
    "info": "logged source ip",
    "orgc_id": "12345",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "date": "1991-01-15",
    "published": false,
    "analysis": "0",
    "attribute_count": "321",
    "timestamp": "1617875568",
    "sharing_group_id": "1",
    "proposal_email_lock": true,
    "locked": true,
    "threat_level_id": "1",
    "publish_timestamp": "1617875568",
    "sighting_timestamp": "1617875568",
    "disable_correlation": false,
    "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "event_creator_email": "user@example.com",
    "Feed": {
      "id": "3",
      "name": "CIRCL OSINT Feed",
      "provider": "CIRCL",
      "url": "https://www.circl.lu/doc/misp/feed-osint",
      "rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
      "enabled": true,
      "distribution": "0",
      "sharing_group_id": "1",
      "tag_id": "12345",
      "default": true,
      "source_format": "1",
      "fixed_event": true,
      "delta_merge": true,
      "event_id": "12345",
      "publish": false,
      "override_ids": true,
      "settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\"\"},\"common\":{\"excluderegex\":\"\"},\"disable_correlation\":\"1\"}",
      "input_source": "local",
      "delete_local_file": true,
      "lookup_visible": true,
      "headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
      "caching_enabled": true,
      "force_to_ids": true,
      "orgc_id": "12345",
      "cache_timestamp": "1617875568"
    },
    "Org": {
      "id": "12345",
      "name": "ORGNAME",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
    },
    "Orgc": {
      "id": "12345",
      "name": "ORGNAME",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
    },
    "Attribute": [
      {
        "id": "12345",
        "event_id": "12345",
        "object_id": "12345",
        "object_relation": "sensor",
        "category": "Internal reference",
        "type": "md5",
        "value": "127.0.0.1",
        "to_ids": true,
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "timestamp": "1617875568",
        "distribution": "0",
        "sharing_group_id": "1",
        "comment": "logged source ip",
        "deleted": false,
        "disable_correlation": false,
        "first_seen": "1581984000000000",
        "last_seen": "1581984000000000"
      }
    ],
    "ShadowAttribute": [
      {
        "id": "12345",
        "event_id": "12345",
        "object_id": "12345",
        "object_relation": "sensor",
        "category": "Internal reference",
        "type": "md5",
        "value": "127.0.0.1",
        "to_ids": true,
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "timestamp": "1617875568",
        "distribution": "0",
        "sharing_group_id": "1",
        "comment": "logged source ip",
        "deleted": false,
        "disable_correlation": false,
        "first_seen": "1581984000000000",
        "last_seen": "1581984000000000"
      }
    ],
    "RelatedEvent": [
      {}
    ],
    "Galaxy": [
      {
        "id": "12345",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "name": "Ransomware",
        "type": "ransomware",
        "description": "Ransomware galaxy based on ...",
        "version": "1",
        "icon": "globe",
        "namespace": "misp",
        "kill_chain_order": {
          "fraud-tactics": [
            "Initiation",
            "Target Compromise",
            "Perform Fraud",
            "Obtain Fraudulent Assets",
            "Assets Transfer",
            "Monetisation"
          ]
        }
      }
    ],
    "Object": [
      {
        "id": "12345",
        "name": "ail-leak",
        "meta-category": "string",
        "description": "string",
        "template_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "template_version": "1",
        "event_id": "12345",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "timestamp": "1617875568",
        "distribution": "0",
        "sharing_group_id": "1",
        "comment": "string",
        "deleted": true,
        "first_seen": "1581984000000000",
        "last_seen": "1581984000000000",
        "Attribute": [
          {
            "id": "12345",
            "event_id": "12345",
            "object_id": "12345",
            "object_relation": "sensor",
            "category": "Internal reference",
            "type": "md5",
            "value": "127.0.0.1",
            "to_ids": true,
            "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
            "timestamp": "1617875568",
            "distribution": "0",
            "sharing_group_id": "1",
            "comment": "logged source ip",
            "deleted": false,
            "disable_correlation": false,
            "first_seen": "1581984000000000",
            "last_seen": "1581984000000000"
          }
        ]
      }
    ],
    "EventReport": [
      {
        "id": "12345",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "event_id": "12345",
        "name": "Report of the incident",
        "content": "string",
        "distribution": "0",
        "sharing_group_id": "1",
        "timestamp": "1617875568",
        "deleted": false
      }
    ],
    "Tag": [
      {
        "id": "12345",
        "name": "tlp:white",
        "colour": "#ffffff",
        "exportable": true,
        "org_id": "12345",
        "user_id": "12345",
        "hide_tag": false,
        "numerical_value": "12345",
        "is_galaxy": true,
        "is_custom_galaxy": true,
        "inherited": 1
      }
    ]
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Edit event:

PUT

https://misp.local/events/edit/{eventId}

Request: 
{
  "org_id": "12345",
  "distribution": "0",
  "info": "logged source ip",
  "orgc_id": "12345",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "date": "1991-01-15",
  "published": false,
  "analysis": "0",
  "attribute_count": "321",
  "timestamp": "1617875568",
  "sharing_group_id": "1",
  "proposal_email_lock": true,
  "locked": true,
  "threat_level_id": "1",
  "publish_timestamp": "1617875568",
  "sighting_timestamp": "1617875568",
  "disable_correlation": false,
  "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "event_creator_email": "user@example.com"
}
Response:

200:

{
  "Event": {
    "id": "12345",
    "org_id": "12345",
    "distribution": "0",
    "info": "logged source ip",
    "orgc_id": "12345",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "date": "1991-01-15",
    "published": false,
    "analysis": "0",
    "attribute_count": "321",
    "timestamp": "1617875568",
    "sharing_group_id": "1",
    "proposal_email_lock": true,
    "locked": true,
    "threat_level_id": "1",
    "publish_timestamp": "1617875568",
    "sighting_timestamp": "1617875568",
    "disable_correlation": false,
    "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "event_creator_email": "user@example.com",
    "Feed": {
      "id": "3",
      "name": "CIRCL OSINT Feed",
      "provider": "CIRCL",
      "url": "https://www.circl.lu/doc/misp/feed-osint",
      "rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
      "enabled": true,
      "distribution": "0",
      "sharing_group_id": "1",
      "tag_id": "12345",
      "default": true,
      "source_format": "1",
      "fixed_event": true,
      "delta_merge": true,
      "event_id": "12345",
      "publish": false,
      "override_ids": true,
      "settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\"\"},\"common\":{\"excluderegex\":\"\"},\"disable_correlation\":\"1\"}",
      "input_source": "local",
      "delete_local_file": true,
      "lookup_visible": true,
      "headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
      "caching_enabled": true,
      "force_to_ids": true,
      "orgc_id": "12345",
      "cache_timestamp": "1617875568"
    },
    "Org": {
      "id": "12345",
      "name": "ORGNAME",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
    },
    "Orgc": {
      "id": "12345",
      "name": "ORGNAME",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
    },
    "Attribute": [
      {
        "id": "12345",
        "event_id": "12345",
        "object_id": "12345",
        "object_relation": "sensor",
        "category": "Internal reference",
        "type": "md5",
        "value": "127.0.0.1",
        "to_ids": true,
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "timestamp": "1617875568",
        "distribution": "0",
        "sharing_group_id": "1",
        "comment": "logged source ip",
        "deleted": false,
        "disable_correlation": false,
        "first_seen": "1581984000000000",
        "last_seen": "1581984000000000"
      }
    ],
    "ShadowAttribute": [
      {
        "id": "12345",
        "event_id": "12345",
        "object_id": "12345",
        "object_relation": "sensor",
        "category": "Internal reference",
        "type": "md5",
        "value": "127.0.0.1",
        "to_ids": true,
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "timestamp": "1617875568",
        "distribution": "0",
        "sharing_group_id": "1",
        "comment": "logged source ip",
        "deleted": false,
        "disable_correlation": false,
        "first_seen": "1581984000000000",
        "last_seen": "1581984000000000"
      }
    ],
    "RelatedEvent": [
      {}
    ],
    "Galaxy": [
      {
        "id": "12345",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "name": "Ransomware",
        "type": "ransomware",
        "description": "Ransomware galaxy based on ...",
        "version": "1",
        "icon": "globe",
        "namespace": "misp",
        "kill_chain_order": {
          "fraud-tactics": [
            "Initiation",
            "Target Compromise",
            "Perform Fraud",
            "Obtain Fraudulent Assets",
            "Assets Transfer",
            "Monetisation"
          ]
        }
      }
    ],
    "Object": [
      {
        "id": "12345",
        "name": "ail-leak",
        "meta-category": "string",
        "description": "string",
        "template_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "template_version": "1",
        "event_id": "12345",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "timestamp": "1617875568",
        "distribution": "0",
        "sharing_group_id": "1",
        "comment": "string",
        "deleted": true,
        "first_seen": "1581984000000000",
        "last_seen": "1581984000000000",
        "Attribute": [
          {
            "id": "12345",
            "event_id": "12345",
            "object_id": "12345",
            "object_relation": "sensor",
            "category": "Internal reference",
            "type": "md5",
            "value": "127.0.0.1",
            "to_ids": true,
            "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
            "timestamp": "1617875568",
            "distribution": "0",
            "sharing_group_id": "1",
            "comment": "logged source ip",
            "deleted": false,
            "disable_correlation": false,
            "first_seen": "1581984000000000",
            "last_seen": "1581984000000000"
          }
        ]
      }
    ],
    "EventReport": [
      {
        "id": "12345",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "event_id": "12345",
        "name": "Report of the incident",
        "content": "string",
        "distribution": "0",
        "sharing_group_id": "1",
        "timestamp": "1617875568",
        "deleted": false
      }
    ],
    "Tag": [
      {
        "id": "12345",
        "name": "tlp:white",
        "colour": "#ffffff",
        "exportable": true,
        "org_id": "12345",
        "user_id": "12345",
        "hide_tag": false,
        "numerical_value": "12345",
        "is_galaxy": true,
        "is_custom_galaxy": true,
        "inherited": 1
      }
    ]
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Delete event:

DELETE

https://misp.local/events/delete/{eventId}

Response:

200:

{
  "saved": true,
  "success": true,
  "name": "Event deleted.",
  "message": "Could not delete Event",
  "url": "/events/delete/1",
  "errors": "Event was not deleted."
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get a list of events:

GET

https://misp.local/events

Response:

200:

[
  {
    "id": "12345",
    "org_id": "12345",
    "distribution": "0",
    "info": "logged source ip",
    "orgc_id": "12345",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "date": "1991-01-15",
    "published": false,
    "analysis": "0",
    "attribute_count": "321",
    "timestamp": "1617875568",
    "sharing_group_id": "1",
    "proposal_email_lock": true,
    "locked": true,
    "threat_level_id": "1",
    "publish_timestamp": "1617875568",
    "sighting_timestamp": "1617875568",
    "disable_correlation": false,
    "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "event_creator_email": "user@example.com",
    "Feed": {
      "id": "3",
      "name": "CIRCL OSINT Feed",
      "provider": "CIRCL",
      "url": "https://www.circl.lu/doc/misp/feed-osint",
      "rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
      "enabled": true,
      "distribution": "0",
      "sharing_group_id": "1",
      "tag_id": "12345",
      "default": true,
      "source_format": "1",
      "fixed_event": true,
      "delta_merge": true,
      "event_id": "12345",
      "publish": false,
      "override_ids": true,
      "settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\"\"},\"common\":{\"excluderegex\":\"\"},\"disable_correlation\":\"1\"}",
      "input_source": "local",
      "delete_local_file": true,
      "lookup_visible": true,
      "headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
      "caching_enabled": true,
      "force_to_ids": true,
      "orgc_id": "12345",
      "cache_timestamp": "1617875568"
    },
    "Org": {
      "id": "12345",
      "name": "ORGNAME",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
    },
    "Orgc": {
      "id": "12345",
      "name": "ORGNAME",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
    },
    "Attribute": [
      {
        "id": "12345",
        "event_id": "12345",
        "object_id": "12345",
        "object_relation": "sensor",
        "category": "Internal reference",
        "type": "md5",
        "value": "127.0.0.1",
        "to_ids": true,
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "timestamp": "1617875568",
        "distribution": "0",
        "sharing_group_id": "1",
        "comment": "logged source ip",
        "deleted": false,
        "disable_correlation": false,
        "first_seen": "1581984000000000",
        "last_seen": "1581984000000000"
      }
    ],
    "ShadowAttribute": [
      {
        "id": "12345",
        "event_id": "12345",
        "object_id": "12345",
        "object_relation": "sensor",
        "category": "Internal reference",
        "type": "md5",
        "value": "127.0.0.1",
        "to_ids": true,
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "timestamp": "1617875568",
        "distribution": "0",
        "sharing_group_id": "1",
        "comment": "logged source ip",
        "deleted": false,
        "disable_correlation": false,
        "first_seen": "1581984000000000",
        "last_seen": "1581984000000000"
      }
    ],
    "RelatedEvent": [
      {}
    ],
    "Galaxy": [
      {
        "id": "12345",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "name": "Ransomware",
        "type": "ransomware",
        "description": "Ransomware galaxy based on ...",
        "version": "1",
        "icon": "globe",
        "namespace": "misp",
        "kill_chain_order": {
          "fraud-tactics": [
            "Initiation",
            "Target Compromise",
            "Perform Fraud",
            "Obtain Fraudulent Assets",
            "Assets Transfer",
            "Monetisation"
          ]
        }
      }
    ],
    "Object": [
      {
        "id": "12345",
        "name": "ail-leak",
        "meta-category": "string",
        "description": "string",
        "template_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "template_version": "1",
        "event_id": "12345",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "timestamp": "1617875568",
        "distribution": "0",
        "sharing_group_id": "1",
        "comment": "string",
        "deleted": true,
        "first_seen": "1581984000000000",
        "last_seen": "1581984000000000",
        "Attribute": [
          {
            "id": "12345",
            "event_id": "12345",
            "object_id": "12345",
            "object_relation": "sensor",
            "category": "Internal reference",
            "type": "md5",
            "value": "127.0.0.1",
            "to_ids": true,
            "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
            "timestamp": "1617875568",
            "distribution": "0",
            "sharing_group_id": "1",
            "comment": "logged source ip",
            "deleted": false,
            "disable_correlation": false,
            "first_seen": "1581984000000000",
            "last_seen": "1581984000000000"
          }
        ]
      }
    ],
    "EventReport": [
      {
        "id": "12345",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "event_id": "12345",
        "name": "Report of the incident",
        "content": "string",
        "distribution": "0",
        "sharing_group_id": "1",
        "timestamp": "1617875568",
        "deleted": false
      }
    ],
    "Tag": [
      {
        "id": "12345",
        "name": "tlp:white",
        "colour": "#ffffff",
        "exportable": true,
        "org_id": "12345",
        "user_id": "12345",
        "hide_tag": false,
        "numerical_value": "12345",
        "is_galaxy": true,
        "is_custom_galaxy": true,
        "inherited": 1
      }
    ]
  }
]

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}
Search events:

POST

https://misp.local/events/index

Request:
{
  "page": 1,
  "limit": 0,
  "sort": "timestamp",
  "direction": "asc",
  "minimal": false,
  "attribute": "covert channel",
  "eventid": "12345",
  "datefrom": "2021-03-05",
  "dateuntil": "2021-03-05",
  "org": "CIRCL",
  "eventinfo": "Phishing campaing",
  "tag": "tlp:white",
  "tags": [
    "tlp:amber",
    "cycat:scope=\"exploit\""
  ],
  "distribution": "0",
  "sharinggroup": "1",
  "analysis": "0",
  "threatlevel": "1",
  "email": "admin@admin.test",
  "hasproposal": "1",
  "timestamp": "1",
  "publish_timestamp": "1",
  "searchDatefrom": "2020-01-20",
  "searchDateuntil": "2020-01-20"
}

 

Response:

200:

[
  {
    "id": "12345",
    "org_id": "12345",
    "distribution": "0",
    "info": "logged source ip",
    "orgc_id": "12345",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "date": "1991-01-15",
    "published": false,
    "analysis": "0",
    "attribute_count": "321",
    "timestamp": "1617875568",
    "sharing_group_id": "1",
    "proposal_email_lock": true,
    "locked": true,
    "threat_level_id": "1",
    "publish_timestamp": "1617875568",
    "sighting_timestamp": "1617875568",
    "disable_correlation": false,
    "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "event_creator_email": "user@example.com",
    "Feed": {
      "id": "3",
      "name": "CIRCL OSINT Feed",
      "provider": "CIRCL",
      "url": "https://www.circl.lu/doc/misp/feed-osint",
      "rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
      "enabled": true,
      "distribution": "0",
      "sharing_group_id": "1",
      "tag_id": "12345",
      "default": true,
      "source_format": "1",
      "fixed_event": true,
      "delta_merge": true,
      "event_id": "12345",
      "publish": false,
      "override_ids": true,
      "settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\"\"},\"common\":{\"excluderegex\":\"\"},\"disable_correlation\":\"1\"}",
      "input_source": "local",
      "delete_local_file": true,
      "lookup_visible": true,
      "headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
      "caching_enabled": true,
      "force_to_ids": true,
      "orgc_id": "12345",
      "cache_timestamp": "1617875568"
    },
    "Org": {
      "id": "12345",
      "name": "ORGNAME",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
    },
    "Orgc": {
      "id": "12345",
      "name": "ORGNAME",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
    },
    "Attribute": [
      {
        "id": "12345",
        "event_id": "12345",
        "object_id": "12345",
        "object_relation": "sensor",
        "category": "Internal reference",
        "type": "md5",
        "value": "127.0.0.1",
        "to_ids": true,
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "timestamp": "1617875568",
        "distribution": "0",
        "sharing_group_id": "1",
        "comment": "logged source ip",
        "deleted": false,
        "disable_correlation": false,
        "first_seen": "1581984000000000",
        "last_seen": "1581984000000000"
      }
    ],
    "ShadowAttribute": [
      {
        "id": "12345",
        "event_id": "12345",
        "object_id": "12345",
        "object_relation": "sensor",
        "category": "Internal reference",
        "type": "md5",
        "value": "127.0.0.1",
        "to_ids": true,
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "timestamp": "1617875568",
        "distribution": "0",
        "sharing_group_id": "1",
        "comment": "logged source ip",
        "deleted": false,
        "disable_correlation": false,
        "first_seen": "1581984000000000",
        "last_seen": "1581984000000000"
      }
    ],
    "RelatedEvent": [
      {}
    ],
    "Galaxy": [
      {
        "id": "12345",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "name": "Ransomware",
        "type": "ransomware",
        "description": "Ransomware galaxy based on ...",
        "version": "1",
        "icon": "globe",
        "namespace": "misp",
        "kill_chain_order": {
          "fraud-tactics": [
            "Initiation",
            "Target Compromise",
            "Perform Fraud",
            "Obtain Fraudulent Assets",
            "Assets Transfer",
            "Monetisation"
          ]
        }
      }
    ],
    "Object": [
      {
        "id": "12345",
        "name": "ail-leak",
        "meta-category": "string",
        "description": "string",
        "template_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "template_version": "1",
        "event_id": "12345",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "timestamp": "1617875568",
        "distribution": "0",
        "sharing_group_id": "1",
        "comment": "string",
        "deleted": true,
        "first_seen": "1581984000000000",
        "last_seen": "1581984000000000",
        "Attribute": [
          {
            "id": "12345",
            "event_id": "12345",
            "object_id": "12345",
            "object_relation": "sensor",
            "category": "Internal reference",
            "type": "md5",
            "value": "127.0.0.1",
            "to_ids": true,
            "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
            "timestamp": "1617875568",
            "distribution": "0",
            "sharing_group_id": "1",
            "comment": "logged source ip",
            "deleted": false,
            "disable_correlation": false,
            "first_seen": "1581984000000000",
            "last_seen": "1581984000000000"
          }
        ]
      }
    ],
    "EventReport": [
      {
        "id": "12345",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "event_id": "12345",
        "name": "Report of the incident",
        "content": "string",
        "distribution": "0",
        "sharing_group_id": "1",
        "timestamp": "1617875568",
        "deleted": false
      }
    ],
    "Tag": [
      {
        "id": "12345",
        "name": "tlp:white",
        "colour": "#ffffff",
        "exportable": true,
        "org_id": "12345",
        "user_id": "12345",
        "hide_tag": false,
        "numerical_value": "12345",
        "is_galaxy": true,
        "is_custom_galaxy": true,
        "inherited": 1
      }
    ]
  }
]

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get event by ID:

GET

https://misp.local/events/view/{eventId}

Response:

200:

{
  "Event": {
    "id": "12345",
    "org_id": "12345",
    "distribution": "0",
    "info": "logged source ip",
    "orgc_id": "12345",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "date": "1991-01-15",
    "published": false,
    "analysis": "0",
    "attribute_count": "321",
    "timestamp": "1617875568",
    "sharing_group_id": "1",
    "proposal_email_lock": true,
    "locked": true,
    "threat_level_id": "1",
    "publish_timestamp": "1617875568",
    "sighting_timestamp": "1617875568",
    "disable_correlation": false,
    "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "event_creator_email": "user@example.com",
    "Feed": {
      "id": "3",
      "name": "CIRCL OSINT Feed",
      "provider": "CIRCL",
      "url": "https://www.circl.lu/doc/misp/feed-osint",
      "rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
      "enabled": true,
      "distribution": "0",
      "sharing_group_id": "1",
      "tag_id": "12345",
      "default": true,
      "source_format": "1",
      "fixed_event": true,
      "delta_merge": true,
      "event_id": "12345",
      "publish": false,
      "override_ids": true,
      "settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\"\"},\"common\":{\"excluderegex\":\"\"},\"disable_correlation\":\"1\"}",
      "input_source": "local",
      "delete_local_file": true,
      "lookup_visible": true,
      "headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
      "caching_enabled": true,
      "force_to_ids": true,
      "orgc_id": "12345",
      "cache_timestamp": "1617875568"
    },
    "Org": {
      "id": "12345",
      "name": "ORGNAME",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
    },
    "Orgc": {
      "id": "12345",
      "name": "ORGNAME",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
    },
    "Attribute": [
      {
        "id": "12345",
        "event_id": "12345",
        "object_id": "12345",
        "object_relation": "sensor",
        "category": "Internal reference",
        "type": "md5",
        "value": "127.0.0.1",
        "to_ids": true,
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "timestamp": "1617875568",
        "distribution": "0",
        "sharing_group_id": "1",
        "comment": "logged source ip",
        "deleted": false,
        "disable_correlation": false,
        "first_seen": "1581984000000000",
        "last_seen": "1581984000000000"
      }
    ],
    "ShadowAttribute": [
      {
        "id": "12345",
        "event_id": "12345",
        "object_id": "12345",
        "object_relation": "sensor",
        "category": "Internal reference",
        "type": "md5",
        "value": "127.0.0.1",
        "to_ids": true,
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "timestamp": "1617875568",
        "distribution": "0",
        "sharing_group_id": "1",
        "comment": "logged source ip",
        "deleted": false,
        "disable_correlation": false,
        "first_seen": "1581984000000000",
        "last_seen": "1581984000000000"
      }
    ],
    "RelatedEvent": [
      {}
    ],
    "Galaxy": [
      {
        "id": "12345",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "name": "Ransomware",
        "type": "ransomware",
        "description": "Ransomware galaxy based on ...",
        "version": "1",
        "icon": "globe",
        "namespace": "misp",
        "kill_chain_order": {
          "fraud-tactics": [
            "Initiation",
            "Target Compromise",
            "Perform Fraud",
            "Obtain Fraudulent Assets",
            "Assets Transfer",
            "Monetisation"
          ]
        }
      }
    ],
    "Object": [
      {
        "id": "12345",
        "name": "ail-leak",
        "meta-category": "string",
        "description": "string",
        "template_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "template_version": "1",
        "event_id": "12345",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "timestamp": "1617875568",
        "distribution": "0",
        "sharing_group_id": "1",
        "comment": "string",
        "deleted": true,
        "first_seen": "1581984000000000",
        "last_seen": "1581984000000000",
        "Attribute": [
          {
            "id": "12345",
            "event_id": "12345",
            "object_id": "12345",
            "object_relation": "sensor",
            "category": "Internal reference",
            "type": "md5",
            "value": "127.0.0.1",
            "to_ids": true,
            "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
            "timestamp": "1617875568",
            "distribution": "0",
            "sharing_group_id": "1",
            "comment": "logged source ip",
            "deleted": false,
            "disable_correlation": false,
            "first_seen": "1581984000000000",
            "last_seen": "1581984000000000"
          }
        ]
      }
    ],
    "EventReport": [
      {
        "id": "12345",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "event_id": "12345",
        "name": "Report of the incident",
        "content": "string",
        "distribution": "0",
        "sharing_group_id": "1",
        "timestamp": "1617875568",
        "deleted": false
      }
    ],
    "Tag": [
      {
        "id": "12345",
        "name": "tlp:white",
        "colour": "#ffffff",
        "exportable": true,
        "org_id": "12345",
        "user_id": "12345",
        "hide_tag": false,
        "numerical_value": "12345",
        "is_galaxy": true,
        "is_custom_galaxy": true,
        "inherited": 1
      }
    ]
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Publish an event:

POST

https://misp.local/events/publish/{eventId}

Response:

200:

{
  "name": "Publish",
  "message": "Job queued",
  "url": "https://misp.local/events/alert/1",
  "id": "string"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Unpublish an event:

POST

https://misp.local/events/addTag/{eventId}/{tagId}/local:{local}

Response:

200:

{
  "saved": true,
  "success": true,
  "name": "Event unpublished.",
  "message": "Event unpublished.",
  "url": "/events/unpublish/1"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Add event tag:

POST

https://misp.local/events/addTag/{eventId}/{tagId}/local:{local}

Response:

200:

{
  "saved": true,
  "success": "Tag added.",
  "check_publish": true,
  "errors": "Tag could not be added."
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Remove event tag:

POST

https://misp.local/events/removeTag/{eventId}/{tagId}

Response:

200:

{
  "saved": true,
  "success": "Tag removed.",
  "check_publish": true,
  "errors": "Tag could not be added."
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

 

 

Galaxies

Get galaxies:

GET

https://misp.local/galaxies

Response:

200:

[
  {
    "Galaxy": {
      "id": "12345",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "name": "Ransomware",
      "type": "ransomware",
      "description": "Ransomware galaxy based on ...",
      "version": "1",
      "icon": "globe",
      "namespace": "misp",
      "kill_chain_order": {
        "fraud-tactics": [
          "Initiation",
          "Target Compromise",
          "Perform Fraud",
          "Obtain Fraudulent Assets",
          "Assets Transfer",
          "Monetisation"
        ]
      }
    }
  }
]

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

 

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Search galaxies:

POST

https://misp.local/galaxies

Request:
{
  "value": "botnet"
}
Response:

200:

[
  {
    "Galaxy": {
      "id": "12345",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "name": "Ransomware",
      "type": "ransomware",
      "description": "Ransomware galaxy based on ...",
      "version": "1",
      "icon": "globe",
      "namespace": "misp",
      "kill_chain_order": {
        "fraud-tactics": [
          "Initiation",
          "Target Compromise",
          "Perform Fraud",
          "Obtain Fraudulent Assets",
          "Assets Transfer",
          "Monetisation"
        ]
      }
    }
  }
]

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get galaxy by ID:

POST

https://misp.local/galaxies

Response:

200:

{
  "Galaxy": {
    "id": "12345",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "name": "Ransomware",
    "type": "ransomware",
    "description": "Ransomware galaxy based on ...",
    "version": "1",
    "icon": "globe",
    "namespace": "misp",
    "kill_chain_order": {
      "fraud-tactics": [
        "Initiation",
        "Target Compromise",
        "Perform Fraud",
        "Obtain Fraudulent Assets",
        "Assets Transfer",
        "Monetisation"
      ]
    }
  },
  "GalaxyCluster": [
    {
      "id": "12345",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "collection_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "type": "mitre-enterprise-attack-attack-pattern",
      "value": "Brute Force - T1110",
      "tag_name": "tlp:white",
      "description": "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained...",
      "galaxy_id": "12345",
      "source": "https://github.com/mitre/cti",
      "authors": [
        "MITRE"
      ],
      "version": "1",
      "distribution": "0",
      "sharing_group_id": "1",
      "org_id": "12345",
      "orgc_id": "12345",
      "default": true,
      "locked": true,
      "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "extends_version": "1",
      "published": false,
      "deleted": false,
      "GalaxyElement": [
        {
          "id": "12345",
          "galaxy_cluster_id": "12345",
          "key": "categories",
          "value": "Military"
        }
      ]
    }
  ]
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Force update the galaxies with the galaxy json definitions:

POST

https://misp.local/galaxies/update

Response:

200:

{
  "saved": true,
  "success": true,
  "name": "Galaxies updated.",
  "message": "Galaxies updated.",
  "url": "/galaxies/update"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Delete a galaxy:

DELETE

https://misp.local/galaxies/delete/{galaxyId}

Response:

200:

{
  "saved": true,
  "success": true,
  "name": "Galaxy deleted",
  "message": "Galaxy deleted",
  "url": "/galaxies/delete"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Import a galaxy cluster:

POST

https://misp.local/galaxies/import

Request:
[
  {
    "GalaxyCluster": {
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "collection_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "type": "mitre-enterprise-attack-attack-pattern",
      "value": "Brute Force - T1110",
      "tag_name": "tlp:white",
      "description": "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained...",
      "galaxy_id": "12345",
      "source": "https://github.com/mitre/cti",
      "authors": [
        "MITRE"
      ],
      "version": "1",
      "distribution": "0",
      "sharing_group_id": "1",
      "org_id": "12345",
      "orgc_id": "12345",
      "default": true,
      "locked": true,
      "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "extends_version": "1",
      "published": false,
      "deleted": false,
      "GalaxyElement": [
        {
          "id": "12345",
          "galaxy_cluster_id": "12345",
          "key": "categories",
          "value": "Military"
        }
      ]
    },
    "Galaxy": {
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
    }
  }
]

 

Response:

200:

{
  "saved": true,
  "success": true,
  "name": "'Galaxy clusters imported. 1 imported, 0 ignored, 0 failed.",
  "message": "'Galaxy clusters imported. 1 imported, 0 ignored, 0 failed.",
  "url": "/galaxies/import"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Export galaxy clusters

POST

https://misp.local/galaxies/export/{galaxyId}

Request:
{
  "Galaxy": {
    "default": true,
    "custom": true,
    "distribution": "0",
    "format": "default",
    "download": true
  }
}

 

Response:

200:

GalaxyMispFormat:

{
  "name": "Ransomware",
  "type": "ransomware",
  "authors": [
    "MITRE"
  ],
  "version": true,
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "source": "https://github.com/mitre/cti",
  "values": [
    {
      "description": "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained...",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "value": "Brute Force - T1110",
      "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "extends_Version": "1",
      "meta": [
        {
          "categories": "botnet"
        },
        {
          "refs": "http://example.com"
        },
        {
          "aliases": [
            "malware",
            "win32",
            "windows"
          ]
        },
        {
          "topics": [
            "Windows",
            "Malware"
          ]
        }
      ]
    }
  ]
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Attach the galaxy cluster tag a given entity

POST

https://misp.local/galaxies/attachCluster/{attachTargetId}/{attachTargetType}/local:{local}

Request:
{
  "Galaxy": {
    "target_id": 1235
  }
}
Response:

200:

{
  "saved": true,
  "success": "Cluster attached.",
  "check_publish": true
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

 

 

Galaxy Cluster

Add galaxy cluster:

GET

https://misp.local/galaxies

Request: 
{
  "id": "12345",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "collection_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "type": "mitre-enterprise-attack-attack-pattern",
  "value": "Brute Force - T1110",
  "tag_name": "tlp:white",
  "description": "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained...",
  "galaxy_id": "12345",
  "source": "https://github.com/mitre/cti",
  "authors": [
    "MITRE"
  ],
  "version": "1",
  "distribution": "0",
  "sharing_group_id": "1",
  "org_id": "12345",
  "orgc_id": "12345",
  "default": true,
  "locked": true,
  "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "extends_version": "1",
  "published": false,
  "deleted": false,
  "GalaxyElement": [
    {
      "id": "12345",
      "galaxy_cluster_id": "12345",
      "key": "categories",
      "value": "Military"
    }
  ]
}
Response:

200:

{
  "GalaxyCluster": {
    "id": "12345",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "collection_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "type": "mitre-enterprise-attack-attack-pattern",
    "value": "Brute Force - T1110",
    "tag_name": "tlp:white",
    "description": "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained...",
    "galaxy_id": "12345",
    "source": "https://github.com/mitre/cti",
    "authors": [
      "MITRE"
    ],
    "version": "1",
    "distribution": "0",
    "sharing_group_id": "1",
    "org_id": "12345",
    "orgc_id": "12345",
    "default": true,
    "locked": true,
    "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "extends_version": "1",
    "published": false,
    "deleted": false,
    "GalaxyElement": [
      {
        "id": "12345",
        "galaxy_cluster_id": "12345",
        "key": "categories",
        "value": "Military"
      }
    ]
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Edit galaxy cluster

POST

https://misp.local/galaxy_clusters/add/{galaxyId}

Request: 
{
  "id": "12345",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "collection_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "type": "mitre-enterprise-attack-attack-pattern",
  "value": "Brute Force - T1110",
  "tag_name": "tlp:white",
  "description": "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained...",
  "galaxy_id": "12345",
  "source": "https://github.com/mitre/cti",
  "authors": [
    "MITRE"
  ],
  "version": "1",
  "distribution": "0",
  "sharing_group_id": "1",
  "org_id": "12345",
  "orgc_id": "12345",
  "default": true,
  "locked": true,
  "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "extends_version": "1",
  "published": false,
  "deleted": false,
  "GalaxyElement": [
    {
      "id": "12345",
      "galaxy_cluster_id": "12345",
      "key": "categories",
      "value": "Military"
    }
  ]
}
Response:

200:

{
  "GalaxyCluster": {
    "id": "12345",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "collection_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "type": "mitre-enterprise-attack-attack-pattern",
    "value": "Brute Force - T1110",
    "tag_name": "tlp:white",
    "description": "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained...",
    "galaxy_id": "12345",
    "source": "https://github.com/mitre/cti",
    "authors": [
      "MITRE"
    ],
    "version": "1",
    "distribution": "0",
    "sharing_group_id": "1",
    "org_id": "12345",
    "orgc_id": "12345",
    "default": true,
    "locked": true,
    "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "extends_version": "1",
    "published": false,
    "deleted": false,
    "GalaxyElement": [
      {
        "id": "12345",
        "galaxy_cluster_id": "12345",
        "key": "categories",
        "value": "Military"
      }
    ]
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get galaxy clusters:

GET

https://misp.local/galaxy_clusters/add/{galaxyId}

Response:

200:

[
  {
    "GalaxyCluster": {
      "id": "12345",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "collection_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "type": "mitre-enterprise-attack-attack-pattern",
      "value": "Brute Force - T1110",
      "tag_name": "tlp:white",
      "description": "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained...",
      "galaxy_id": "12345",
      "source": "https://github.com/mitre/cti",
      "authors": [
        "MITRE"
      ],
      "version": "1",
      "distribution": "0",
      "sharing_group_id": "1",
      "org_id": "12345",
      "orgc_id": "12345",
      "default": true,
      "locked": true,
      "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "extends_version": "1",
      "published": false,
      "deleted": false,
      "GalaxyElement": [
        {
          "id": "12345",
          "galaxy_cluster_id": "12345",
          "key": "categories",
          "value": "Military"
        }
      ]
    }
  }
]

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Search galaxy clusters:

POST

https://misp.local/galaxy_clusters/add/{galaxyId}

Request:
{
  "context": "all",
  "searchall": "botnet"
}
Response:

200:

[
  {
    "GalaxyCluster": {
      "id": "12345",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "collection_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "type": "mitre-enterprise-attack-attack-pattern",
      "value": "Brute Force - T1110",
      "tag_name": "tlp:white",
      "description": "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained...",
      "galaxy_id": "12345",
      "source": "https://github.com/mitre/cti",
      "authors": [
        "MITRE"
      ],
      "version": "1",
      "distribution": "0",
      "sharing_group_id": "1",
      "org_id": "12345",
      "orgc_id": "12345",
      "default": true,
      "locked": true,
      "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "extends_version": "1",
      "published": false,
      "deleted": false,
      "GalaxyElement": [
        {
          "id": "12345",
          "galaxy_cluster_id": "12345",
          "key": "categories",
          "value": "Military"
        }
      ]
    }
  }
]

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get galaxy cluster by ID:

Get

https://misp.local/galaxy_clusters/view/{galaxyClusterId}

Response:

200:

{
  "GalaxyCluster": {
    "id": "12345",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "collection_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "type": "mitre-enterprise-attack-attack-pattern",
    "value": "Brute Force - T1110",
    "tag_name": "tlp:white",
    "description": "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained...",
    "galaxy_id": "12345",
    "source": "https://github.com/mitre/cti",
    "authors": [
      "MITRE"
    ],
    "version": "1",
    "distribution": "0",
    "sharing_group_id": "1",
    "org_id": "12345",
    "orgc_id": "12345",
    "default": true,
    "locked": true,
    "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "extends_version": "1",
    "published": false,
    "deleted": false,
    "GalaxyElement": [
      {
        "id": "12345",
        "galaxy_cluster_id": "12345",
        "key": "categories",
        "value": "Military"
      }
    ],
    "Galaxy": {
      "id": "12345",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "name": "Ransomware",
      "type": "ransomware",
      "description": "Ransomware galaxy based on ...",
      "version": "1",
      "icon": "globe",
      "namespace": "misp",
      "kill_chain_order": {
        "fraud-tactics": [
          "Initiation",
          "Target Compromise",
          "Perform Fraud",
          "Obtain Fraudulent Assets",
          "Assets Transfer",
          "Monetisation"
        ]
      }
    },
    "GalaxyClusterRelation": [
      {
        "id": "12345",
        "galaxy_cluster_id": "12345",
        "key": "categories",
        "value": "Military"
      }
    ],
    "Org": {
      "id": "12345",
      "name": "ORGNAME",
      "date_created": "2021-06-14 14:29:19",
      "date_modified": "2021-06-14 14:29:19",
      "description": "string",
      "type": "ADMIN",
      "nationality": "string",
      "sector": "string",
      "created_by": "12345",
      "uuid": "string",
      "contacts": "string",
      "local": true,
      "restricted_to_domain": [
        "example.com"
      ],
      "landingpage": "string",
      "user_count": "3",
      "created_by_email": "string"
    },
    "Orgc": {
      "id": "12345",
      "name": "ORGNAME",
      "date_created": "2021-06-14 14:29:19",
      "date_modified": "2021-06-14 14:29:19",
      "description": "string",
      "type": "ADMIN",
      "nationality": "string",
      "sector": "string",
      "created_by": "12345",
      "uuid": "string",
      "contacts": "string",
      "local": true,
      "restricted_to_domain": [
        "example.com"
      ],
      "landingpage": "string",
      "user_count": "3",
      "created_by_email": "string"
    },
    "tag_count": 0,
    "tag_id": "12345"
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Publish galaxy cluster:

POST

https://misp.local/galaxy_clusters/publish/{galaxyClusterId}

Response:

200:

{
  "message": "Publish job queued. Job ID: 4e9d26c275a7b190fcab10029df8c6b6"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Unpublish galaxy cluster:

POST

https://misp.local/galaxy_clusters/unpublish/{galaxyClusterId}

Response:

200:

{
  "saved": true,
  "success": true,
  "name": "GalaxyCluster unpublished",
  "message": "GalaxyCluster unpublished",
  "url": "/galaxy_clusters/publish/1"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Delete galaxy cluster:

POST

https://misp.local/galaxy_clusters/unpublish/{galaxyClusterId}

Response:

200:

{
  "saved": true,
  "success": true,
  "name": "Galaxy cluster successfuly soft deleted.",
  "message": "Galaxy cluster successfuly soft deleted.",
  "url": "/galaxy_clusters/delete/1"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Restore galaxy cluster:

POST

https://misp.local/galaxy_clusters/unpublish/{galaxyClusterId}

Response:

200:

{
  "saved": true,
  "success": true,
  "name": "GalaxyCluster restored",
  "message": "GalaxyCluster restored",
  "url": "/galaxy_clusters/restore/1"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

 

Users

Reset user password:

POST

https://misp.local/users/initiatePasswordReset/{userId}/{firstTimeReset}

Response: 

200:

{
  "saved": true,
  "success": "New credentials sent."
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Add user:

POST

https://misp.local/users/initiatePasswordReset/{userId}/{firstTimeReset}

Request:
{
  "org_id": "12345",
  "server_id": "12345",
  "email": "user@example.com",
  "autoalert": true,
  "authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
  "invited_by": "12345",
  "gpgkey": "string",
  "certif_public": "string",
  "nids_sid": "4000000",
  "termsaccepted": true,
  "newsread": "1617875568",
  "role_id": "3",
  "change_pw": "0",
  "contactalert": true,
  "disabled": true,
  "expiration": "2019-08-24T14:15:22Z",
  "current_login": "1617875568",
  "last_login": "1617875568",
  "force_logout": true,
  "date_created": "1617875568",
  "date_modified": "1617875568"
}
Response: 

200:

{
  "id": "12345",
  "org_id": "12345",
  "server_id": "12345",
  "email": "user@example.com",
  "autoalert": true,
  "authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
  "invited_by": "12345",
  "gpgkey": "string",
  "certif_public": "string",
  "nids_sid": "4000000",
  "termsaccepted": true,
  "newsread": "1617875568",
  "role_id": "3",
  "change_pw": "0",
  "contactalert": true,
  "disabled": true,
  "expiration": "2019-08-24T14:15:22Z",
  "current_login": "1617875568",
  "last_login": "1617875568",
  "force_logout": true,
  "date_created": "1617875568",
  "date_modified": "1617875568"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Edit user:

PUT

https://misp.local/admin/users/edit/{userId}

Request:
{
  "id": "12345",
  "org_id": "12345",
  "server_id": "12345",
  "email": "user@example.com",
  "autoalert": true,
  "authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
  "invited_by": "12345",
  "gpgkey": "string",
  "certif_public": "string",
  "nids_sid": "4000000",
  "termsaccepted": true,
  "newsread": "1617875568",
  "role_id": "3",
  "change_pw": "0",
  "contactalert": true,
  "disabled": true,
  "expiration": "2019-08-24T14:15:22Z",
  "current_login": "1617875568",
  "last_login": "1617875568",
  "force_logout": true,
  "date_created": "1617875568",
  "date_modified": "1617875568"
}
Response: 

200:

{
  "id": "12345",
  "org_id": "12345",
  "server_id": "12345",
  "email": "user@example.com",
  "autoalert": true,
  "authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
  "invited_by": "12345",
  "gpgkey": "string",
  "certif_public": "string",
  "nids_sid": "4000000",
  "termsaccepted": true,
  "newsread": "1617875568",
  "role_id": "3",
  "change_pw": "0",
  "contactalert": true,
  "disabled": true,
  "expiration": "2019-08-24T14:15:22Z",
  "current_login": "1617875568",
  "last_login": "1617875568",
  "force_logout": true,
  "date_created": "1617875568",
  "date_modified": "1617875568"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Delete user:

DELETE

https://misp.local/admin/users/delete/{userId}

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "User deleted.",
  "message": "User deleted.",
  "url": "/admin/users/delete/1"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get users:

GET

https://misp.local/admin/users

Response: 

200:

[
  {
    "User": {
      "id": "12345",
      "org_id": "12345",
      "server_id": "12345",
      "email": "user@example.com",
      "autoalert": true,
      "authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
      "invited_by": "12345",
      "gpgkey": "string",
      "certif_public": "string",
      "nids_sid": "4000000",
      "termsaccepted": true,
      "newsread": "1617875568",
      "role_id": "3",
      "change_pw": "0",
      "contactalert": true,
      "disabled": true,
      "expiration": "2019-08-24T14:15:22Z",
      "current_login": "1617875568",
      "last_login": "1617875568",
      "force_logout": true,
      "date_created": "1617875568",
      "date_modified": "1617875568"
    },
    "Role": {
      "id": "3",
      "name": "ORGNAME",
      "perm_add": true,
      "perm_modify": true,
      "perm_modify_org": true,
      "perm_publish": true,
      "perm_delegate": true,
      "perm_sync": true,
      "perm_admin": true,
      "perm_audit": true,
      "perm_auth": true,
      "perm_site_admin": true,
      "perm_regexp_access": true,
      "perm_tagger": true,
      "perm_template": true,
      "perm_sharing_group": true,
      "perm_tag_editor": true,
      "perm_sighting": true,
      "perm_object_template": true,
      "perm_publish_zmq": true,
      "perm_publish_kafka": true,
      "perm_decaying": true,
      "perm_galaxy_editor": true,
      "default_role": true,
      "memory_limit": "string",
      "max_execution_time": "string",
      "restricted_to_site_admin": true,
      "enforce_rate_limit": true,
      "rate_limit_count": "string",
      "permission": "3",
      "permission_description": "publish"
    },
    "Organisation": {
      "id": "12345",
      "name": "ORGNAME"
    }
  }
]

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get user by ID:

GET

https://misp.local/admin/users/view/{userId}

Response: 

200:

{
  "id": "12345",
  "org_id": "12345",
  "server_id": "12345",
  "email": "user@example.com",
  "autoalert": true,
  "authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
  "invited_by": "12345",
  "gpgkey": "string",
  "certif_public": "string",
  "nids_sid": "4000000",
  "termsaccepted": true,
  "newsread": "1617875568",
  "role_id": "3",
  "change_pw": "0",
  "contactalert": true,
  "disabled": true,
  "expiration": "2019-08-24T14:15:22Z",
  "current_login": "1617875568",
  "last_login": "1617875568",
  "force_logout": true,
  "date_created": "1617875568",
  "date_modified": "1617875568",
  "User": {
    "id": "12345",
    "org_id": "12345",
    "server_id": "12345",
    "email": "user@example.com",
    "autoalert": true,
    "authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
    "invited_by": "12345",
    "gpgkey": "string",
    "certif_public": "string",
    "nids_sid": "4000000",
    "termsaccepted": true,
    "newsread": "1617875568",
    "role_id": "3",
    "change_pw": "0",
    "contactalert": true,
    "disabled": true,
    "expiration": "2019-08-24T14:15:22Z",
    "current_login": "1617875568",
    "last_login": "1617875568",
    "force_logout": true,
    "date_created": "1617875568",
    "date_modified": "1617875568"
  },
  "Role": {
    "id": "3",
    "name": "ORGNAME",
    "perm_add": true,
    "perm_modify": true,
    "perm_modify_org": true,
    "perm_publish": true,
    "perm_delegate": true,
    "perm_sync": true,
    "perm_admin": true,
    "perm_audit": true,
    "perm_auth": true,
    "perm_site_admin": true,
    "perm_regexp_access": true,
    "perm_tagger": true,
    "perm_template": true,
    "perm_sharing_group": true,
    "perm_tag_editor": true,
    "perm_sighting": true,
    "perm_object_template": true,
    "perm_publish_zmq": true,
    "perm_publish_kafka": true,
    "perm_decaying": true,
    "perm_galaxy_editor": true,
    "default_role": true,
    "memory_limit": "string",
    "max_execution_time": "string",
    "restricted_to_site_admin": true,
    "enforce_rate_limit": true,
    "rate_limit_count": "string",
    "permission": "3",
    "permission_description": "publish"
  },
  "UserSetting": {
    "publish_alert_filter": [
      {
        "AND": [
          {
            "NOT": [
              {
                "EventTag.name": [
                  "%osint%"
                ]
              }
            ]
          },
          {
            "OR": [
              {
                "Tag.name": [
                  "tlp:green",
                  "tlp:amber",
                  "tlp:red",
                  "%privint%"
                ]
              }
            ]
          }
        ]
      }
    ],
    "dashboard_access": true,
    "dashboard": [
      {
        "widget": "MispStatusWidget",
        "position": {
          "x": "0",
          "y": "0",
          "width": "2",
          "height": "2"
        }
      }
    ],
    "homepage": {
      "path": "/events/index"
    },
    "default_restsearch_parameters": [
      {
        "AND": [
          {
            "NOT": [
              {
                "EventTag.name": [
                  "%osint%"
                ]
              }
            ]
          },
          {
            "OR": [
              {
                "Tag.name": [
                  "tlp:green",
                  "tlp:amber",
                  "tlp:red",
                  "%privint%"
                ]
              }
            ]
          }
        ]
      }
    ],
    "tag_numerical_value_override": [
      {
        "false-positive:risk='medium'": 99
      }
    ],
    "event_index_hide_columns": [
      "clusters"
    ]
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Delete user TOTP:

DELETE

https://misp.local/users/totp_delete/{userId}

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "User TOTP deleted.",
  "message": "User TOTP deleted.",
  "url": "/users/totp_delete/1",
  "id": "1"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid user",
  "message": "Invalid user",
  "url": "/users/totp_delete/1"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Organisations

Add organisation:

POST

https://misp.local/admin/organisations/add

Request:
{
  "name": "ORGNAME",
  "date_created": "2021-06-14 14:29:19",
  "date_modified": "2021-06-14 14:29:19",
  "description": "string",
  "type": "ADMIN",
  "nationality": "string",
  "sector": "string",
  "created_by": "12345",
  "uuid": "string",
  "contacts": "string",
  "local": true,
  "restricted_to_domain": [
    "example.com"
  ],
  "landingpage": "string",
  "user_count": "3",
  "created_by_email": "string"
}
Response: 

200:

{
  "id": "12345",
  "name": "ORGNAME",
  "date_created": "2021-06-14 14:29:19",
  "date_modified": "2021-06-14 14:29:19",
  "description": "string",
  "type": "ADMIN",
  "nationality": "string",
  "sector": "string",
  "created_by": "12345",
  "uuid": "string",
  "contacts": "string",
  "local": true,
  "restricted_to_domain": [
    "example.com"
  ],
  "landingpage": "string",
  "user_count": "3",
  "created_by_email": "string"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Edit organisation:

PUT

https://misp.local/admin/organisations/edit/{organisationId}

Request:
{
  "name": "ORGNAME",
  "type": "ADMIN",
  "nationality": "string",
  "sector": "string",
  "contacts": "string",
  "description": "string",
  "local": true,
  "uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f",
  "restricted_to_domain": [
    "example.com"
  ]
}
Response: 

200:

{
  "id": "12345",
  "name": "ORGNAME",
  "date_created": "2021-06-14 14:29:19",
  "date_modified": "2021-06-14 14:29:19",
  "description": "string",
  "type": "ADMIN",
  "nationality": "string",
  "sector": "string",
  "created_by": "12345",
  "uuid": "string",
  "contacts": "string",
  "local": true,
  "restricted_to_domain": [
    "example.com"
  ],
  "landingpage": "string",
  "user_count": "3",
  "created_by_email": "string"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Delete organisation:

DELETE

https://misp.local/admin/organisations/delete/{organisationId}

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Organisation deleted",
  "message": "Organisation deleted",
  "url": "/admin/organisations/delete/1"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get organisations:

GET

https://misp.local/organisations

Response: 

200:

[
  {
    "Organisation": {
      "id": "12345",
      "name": "ORGNAME",
      "date_created": "2021-06-14 14:29:19",
      "date_modified": "2021-06-14 14:29:19",
      "description": "string",
      "type": "ADMIN",
      "nationality": "string",
      "sector": "string",
      "created_by": "12345",
      "uuid": "string",
      "contacts": "string",
      "local": true,
      "restricted_to_domain": [
        "example.com"
      ],
      "landingpage": "string",
      "user_count": "3",
      "created_by_email": "string"
    }
  }
]

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get organisation by ID:

GET

https://misp.local/organisations/view/{organisationId}

Response: 

200:

{
  "id": "12345",
  "name": "ORGNAME",
  "date_created": "2021-06-14 14:29:19",
  "date_modified": "2021-06-14 14:29:19",
  "description": "string",
  "type": "ADMIN",
  "nationality": "string",
  "sector": "string",
  "created_by": "12345",
  "uuid": "string",
  "contacts": "string",
  "local": true,
  "restricted_to_domain": [
    "example.com"
  ],
  "landingpage": "string",
  "user_count": "3",
  "created_by_email": "string"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Server

Add server:

POST

https://misp.local/servers/add

Request:
{
  "name": "Phising Server",
  "url": "https://misppriv.circl.lu",
  "authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
  "org_id": "12345",
  "push": true,
  "pull": true,
  "push_sightings": true,
  "push_galaxy_clusters": true,
  "pull_galaxy_clusters": true,
  "lastpulledid": "12345",
  "lastpushedid": "12345",
  "organization": "string",
  "remote_org_id": "12345",
  "publish_without_email": true,
  "unpublish_event": true,
  "self_signed": true,
  "pull_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
  "push_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]}}",
  "cert_file": "string",
  "client_cert_file": "string",
  "internal": true,
  "skip_proxy": true,
  "caching_enabled": true,
  "priority": "1",
  "cache_timestamp": true
}
Response: 

200:

{
  "Server": {
    "id": "12345",
    "name": "Phising Server",
    "url": "https://misppriv.circl.lu",
    "authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
    "org_id": "12345",
    "push": true,
    "pull": true,
    "push_sightings": true,
    "push_galaxy_clusters": true,
    "pull_galaxy_clusters": true,
    "lastpulledid": "12345",
    "lastpushedid": "12345",
    "organization": "string",
    "remote_org_id": "12345",
    "publish_without_email": true,
    "unpublish_event": true,
    "self_signed": true,
    "pull_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
    "push_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]}}",
    "cert_file": "string",
    "client_cert_file": "string",
    "internal": true,
    "skip_proxy": true,
    "caching_enabled": true,
    "priority": "1",
    "cache_timestamp": true
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Edit server:

PUT

https://misp.local/servers/edit/{serverId}

Request:
{
  "id": "12345",
  "name": "Phising Server",
  "url": "https://misppriv.circl.lu",
  "authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
  "org_id": "12345",
  "push": true,
  "pull": true,
  "push_sightings": true,
  "push_galaxy_clusters": true,
  "pull_galaxy_clusters": true,
  "lastpulledid": "12345",
  "lastpushedid": "12345",
  "organization": "string",
  "remote_org_id": "12345",
  "publish_without_email": true,
  "unpublish_event": true,
  "self_signed": true,
  "pull_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
  "push_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]}}",
  "cert_file": "string",
  "client_cert_file": "string",
  "internal": true,
  "skip_proxy": true,
  "caching_enabled": true,
  "priority": "1",
  "cache_timestamp": true
}
Response: 

200:

{
  "Server": {
    "id": "12345",
    "name": "Phising Server",
    "url": "https://misppriv.circl.lu",
    "authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
    "org_id": "12345",
    "push": true,
    "pull": true,
    "push_sightings": true,
    "push_galaxy_clusters": true,
    "pull_galaxy_clusters": true,
    "lastpulledid": "12345",
    "lastpushedid": "12345",
    "organization": "string",
    "remote_org_id": "12345",
    "publish_without_email": true,
    "unpublish_event": true,
    "self_signed": true,
    "pull_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
    "push_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]}}",
    "cert_file": "string",
    "client_cert_file": "string",
    "internal": true,
    "skip_proxy": true,
    "caching_enabled": true,
    "priority": "1",
    "cache_timestamp": true
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Delete server:

POST

https://misp.local/servers/delete/{serverId}

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Server deleted",
  "message": "Server deleted",
  "url": "/servers/delete/1"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get servers:

GET

https://misp.local/servers

Response: 

200:

[
  {
    "Server": {
      "id": "12345",
      "name": "Phising Server",
      "url": "https://misppriv.circl.lu",
      "authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
      "org_id": "12345",
      "push": true,
      "pull": true,
      "push_sightings": true,
      "push_galaxy_clusters": true,
      "pull_galaxy_clusters": true,
      "lastpulledid": "12345",
      "lastpushedid": "12345",
      "organization": "string",
      "remote_org_id": "12345",
      "publish_without_email": true,
      "unpublish_event": true,
      "self_signed": true,
      "pull_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
      "push_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]}}",
      "cert_file": "string",
      "client_cert_file": "string",
      "internal": true,
      "skip_proxy": true,
      "caching_enabled": true,
      "priority": "1",
      "cache_timestamp": true
    },
    "Organisation": {
      "id": "12345",
      "name": "ORGNAME",
      "date_created": "2021-06-14 14:29:19",
      "date_modified": "2021-06-14 14:29:19",
      "description": "string",
      "type": "ADMIN",
      "nationality": "string",
      "sector": "string",
      "created_by": "12345",
      "uuid": "string",
      "contacts": "string",
      "local": true,
      "restricted_to_domain": [
        "example.com"
      ],
      "landingpage": "string",
      "user_count": "3",
      "created_by_email": "string"
    },
    "RemoteOrg": {
      "id": "12345",
      "name": "ORGNAME",
      "date_created": "2021-06-14 14:29:19",
      "date_modified": "2021-06-14 14:29:19",
      "description": "string",
      "type": "ADMIN",
      "nationality": "string",
      "sector": "string",
      "created_by": "12345",
      "uuid": "string",
      "contacts": "string",
      "local": true,
      "restricted_to_domain": [
        "example.com"
      ],
      "landingpage": "string",
      "user_count": "3",
      "created_by_email": "string"
    },
    "User": [
      {
        "id": "12345",
        "org_id": "12345",
        "server_id": "12345",
        "email": "user@example.com",
        "autoalert": true,
        "authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
        "invited_by": "12345",
        "gpgkey": "string",
        "certif_public": "string",
        "nids_sid": "4000000",
        "termsaccepted": true,
        "newsread": "1617875568",
        "role_id": "3",
        "change_pw": "0",
        "contactalert": true,
        "disabled": true,
        "expiration": "2019-08-24T14:15:22Z",
        "current_login": "1617875568",
        "last_login": "1617875568",
        "force_logout": true,
        "date_created": "1617875568",
        "date_modified": "1617875568"
      }
    ]
  }
]

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Pull server:

GET

https://misp.local/servers/pull/{serverId}/{pullTechnique}

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Pull queued for background execution. Job ID: 1",
  "message": "Pull queued for background execution. Job ID: 1",
  "url": "/servers/pull/1"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Push server:

GET

https://misp.local/servers/push/{serverId}/{pushTechnique}

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Push queued for background execution. Job ID: 1",
  "message": "Push queued for background execution. Job ID: 1",
  "url": "/servers/push/1"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get current instance version:

GET

https://misp.local/servers/getVersion

Response: 

200:

{
  "version": "2.4.142",
  "perm_sync": true,
  "perm_sighting": true,
  "perm_galaxy_editor": true,
  "request_encoding": [
    "gzip"
  ]
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get current instance PyMISP version:

GET

https://misp.local/servers/getPyMISPVersion

Response: 

200:

{
  "version": "2.4.142"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get current instance settings and diagnostics:

GET

https://misp.local/servers/serverSettings

Response: 

200:

{
  "version": {
    "current": "v2.4.142",
    "newest": "v2.4.142",
    "upToDate": "same"
  },
  "phpSettings": {
    "max_execution_time": {
      "explanation": "The maximum duration that a script can run (does not affect the background workers). A too low number will break long running scripts like comprehensive API exports",
      "recommended": 300,
      "unit": "seconds",
      "value": 300
    },
    "memory_limit": {
      "explanation": "The maximum duration that a script can run (does not affect the background workers). A too low number will break long running scripts like comprehensive API exports",
      "recommended": 300,
      "unit": "seconds",
      "value": 300
    },
    "upload_max_filesize": {
      "explanation": "The maximum duration that a script can run (does not affect the background workers). A too low number will break long running scripts like comprehensive API exports",
      "recommended": 300,
      "unit": "seconds",
      "value": 300
    },
    "post_max_size": {
      "explanation": "The maximum duration that a script can run (does not affect the background workers). A too low number will break long running scripts like comprehensive API exports",
      "recommended": 300,
      "unit": "seconds",
      "value": 300
    }
  },
  "gpgStatus": "FAIL: Failed to load GnuPG",
  "proxyStatus": "not configured (so not tested)",
  "zmqStatus": 1,
  "stix": {
    "operational": 1,
    "stix": {
      "version": "1.2.0.11",
      "expected": ">1.2.0.9",
      "status": 1
    },
    "cybox": {
      "version": "1.2.0.11",
      "expected": ">1.2.0.9",
      "status": 1
    },
    "mixbox": {
      "version": "1.2.0.11",
      "expected": ">1.2.0.9",
      "status": 1
    },
    "maec": {
      "version": "1.2.0.11",
      "expected": ">1.2.0.9",
      "status": 1
    },
    "stix2": {
      "version": "1.2.0.11",
      "expected": ">1.2.0.9",
      "status": 1
    },
    "pymisp": {
      "version": "1.2.0.11",
      "expected": ">1.2.0.9",
      "status": 1
    }
  },
  "moduleStatus": {
    "Enrichment": 1,
    "Import": 1,
    "Export": 1,
    "Cortex": 1
  },
  "writeableDirs": {
    "/tmp": 0,
    "/var/www/MISP/app/tmp": 0,
    "/var/www/MISP/app/files": 0,
    "/var/www/MISP/app/files/scripts/tmp": 0
  },
  "writeableFiles": {
    "/var/www/MISP/app/Config/config.php": 0,
    "/var/www/MISP/.git/ORIG_HEAD": 2
  },
  "readableFiles": {
    "/var/www/MISP/app/files/scripts/stixtest.py": 0
  },
  "dbDiagnostics": {
    "admin_settings": {
      "table": "admin_settings",
      "used": "0.03 MB",
      "reclaimable": "0 MB",
      "data_in_bytes": 16384,
      "index_in_bytes": 16384,
      "reclaimable_in_bytes": 0
    },
    "allowedlist": {
      "table": "allowedlist",
      "used": "0.02 MB",
      "reclaimable": "0 MB",
      "data_in_bytes": 16384,
      "index_in_bytes": 0,
      "reclaimable_in_bytes": 0
    }
  },
  "dbSchemaDiagnostics": {
    "dataSource": "Database/Mysql",
    "actual_db_version": "68",
    "checked_table_column": [
      "column_name"
    ],
    "diagnostic": {},
    "diagnostic_index": {
      "event_reports": {
        "event_id": {
          "message": "Column `event_id` is indexed but should not",
          "sql": "DROP INDEX `event_id` ON event_reports;"
        }
      }
    },
    "expected_db_version": "70",
    "error": "string",
    "update_locked": true,
    "remaining_lock_time": 0,
    "update_fail_number_reached": true,
    "indexes": {
      "admin_settings": {
        "id": true,
        "setting": false
      }
    },
    "columnPerTable": {
      "admin_settings": [
        "id",
        "setting",
        "value"
      ]
    }
  },
  "redisInfo": {
    "extensionVersion": "5.1.1",
    "connection": true,
    "redis_version": "5.0.7",
    "redis_git_sha1": 0,
    "redis_git_dirty": 0,
    "redis_build_id": "636cde3b5c7a3923",
    "redis_mode": "standalone",
    "os": "Linux 5.8.0-50-generic x86_64",
    "arch_bits": 64,
    "multiplexing_api": "epoll",
    "atomicvar_api": "atomic-builtin",
    "gcc_version": "9.2.1",
    "process_id": 1051,
    "run_id": "f894944d92c978df93a18821fb5ebe30dfd0b257",
    "tcp_port": 6379,
    "uptime_in_seconds": 327116,
    "uptime_in_days": 3,
    "hz": 10,
    "configured_hz": 10,
    "lru_clock": 10365184,
    "executable": "/usr/bin/redis-server",
    "config_file": "/etc/redis/redis.conf",
    "connected_clients": 18,
    "client_recent_max_input_buffer": 2,
    "client_recent_max_output_buffer": 0,
    "blocked_clients": 0,
    "used_memory": 1309488,
    "used_memory_human": "1.25M",
    "used_memory_rss": 5541888,
    "used_memory_rss_human": "5.29M",
    "used_memory_peak": 1410464,
    "used_memory_peak_human": "1.35M",
    "used_memory_peak_perc": "92.84%",
    "used_memory_overhead": 1200800,
    "used_memory_startup": 796232,
    "used_memory_dataset": 108688,
    "used_memory_dataset_perc": "21.18%",
    "allocator_allocated": 1480176,
    "allocator_active": 1896448,
    "allocator_resident": 5890048,
    "total_system_memory": 33406590976,
    "total_system_memory_human": "31.11G",
    "used_memory_lua": 41984,
    "used_memory_lua_human": "41.00K",
    "used_memory_scripts": 0,
    "used_memory_scripts_human": "0B",
    "number_of_cached_scripts": 0,
    "maxmemory": 0,
    "maxmemory_human": "0B",
    "maxmemory_policy": "noeviction",
    "allocator_frag_ratio": 1.28,
    "allocator_frag_bytes": 416272,
    "allocator_rss_ratio": 3.11,
    "allocator_rss_bytes": 3993600,
    "rss_overhead_ratio": 0.94,
    "rss_overhead_bytes": -348160,
    "mem_fragmentation_ratio": 4.24,
    "mem_fragmentation_bytes": 4233432,
    "mem_not_counted_for_evict": 0,
    "mem_replication_backlog": 0,
    "mem_clients_slaves": 0,
    "mem_clients_normal": 402912,
    "mem_aof_buffer": 0,
    "mem_allocator": "jemalloc-5.2.1",
    "active_defrag_running": 0,
    "lazyfree_pending_objects": 0,
    "loading": 0,
    "rdb_changes_since_last_save": 0,
    "rdb_bgsave_in_progress": 0,
    "rdb_last_save_time": 1620977919,
    "rdb_last_bgsave_status": "ok",
    "rdb_last_bgsave_time_sec": 0,
    "rdb_current_bgsave_time_sec": -1,
    "rdb_last_cow_size": 446464,
    "aof_enabled": 0,
    "aof_rewrite_in_progress": 0,
    "aof_rewrite_scheduled": 0,
    "aof_last_rewrite_time_sec": -1,
    "aof_current_rewrite_time_sec": -1,
    "aof_last_bgrewrite_status": "ok",
    "aof_last_write_status": "ok",
    "aof_last_cow_size": 0,
    "total_connections_received": 289,
    "total_commands_processed": 252747,
    "instantaneous_ops_per_sec": 7,
    "total_net_input_bytes": 12111506,
    "total_net_output_bytes": 1232466,
    "instantaneous_input_kbps": 0.36,
    "instantaneous_output_kbps": 0.03,
    "rejected_connections": 0,
    "sync_full": 0,
    "sync_partial_ok": 0,
    "sync_partial_err": 0,
    "expired_keys": 17,
    "expired_stale_perc": 0,
    "expired_time_cap_reached_count": 0,
    "evicted_keys": 0,
    "keyspace_hits": 70,
    "keyspace_misses": 62805,
    "pubsub_channels": 0,
    "pubsub_patterns": 0,
    "latest_fork_usec": 168,
    "migrate_cached_sockets": 0,
    "slave_expires_tracked_keys": 0,
    "active_defrag_hits": 0,
    "active_defrag_misses": 0,
    "active_defrag_key_hits": 0,
    "active_defrag_key_misses": 0,
    "role": "master",
    "connected_slaves": 0,
    "master_replid": "d5e7afcf4fd1a31e539a4eadd5caf2a7da6d121c",
    "master_replid2": 0,
    "master_repl_offset": 0,
    "second_repl_offset": -1,
    "repl_backlog_active": 0,
    "repl_backlog_size": 1048576,
    "repl_backlog_first_byte_offset": 0,
    "repl_backlog_histlen": 0,
    "used_cpu_sys": 195.014281,
    "used_cpu_user": 217.352183,
    "used_cpu_sys_children": 0.050885,
    "used_cpu_user_children": 0.076436,
    "cluster_enabled": 0,
    "db0": "keys=15,expires=0,avg_ttl=0",
    "db13": "keys=12,expires=4,avg_ttl=21265731140"
  },
  "finalSettings": [
    {
      "level": 0,
      "value": "string",
      "errorMessage": "The currently set baseurl does not match the URL through which you have accessed the page. Disregard this if you are accessing the page via an alternate URL (for example via IP address).",
      "test": "testBaseURL",
      "type": "string",
      "null": true,
      "subGroup": "Enrichment",
      "cli_only": 1,
      "redacted": true,
      "optionsSource": {},
      "afterHook": "cleanCacheFiles",
      "error": 1,
      "tab": "MISP",
      "setting": "MISP.baseurl",
      "options": {}
    }
  ],
  "extensions": {
    "cli": {
      "phpversion": "7.4.3"
    },
    "extensions": {
      "json": {
        "web_version": "7.4.3",
        "web_version_outdated": false,
        "cli_version": "7.4.3",
        "cli_version_outdated": false,
        "required": true,
        "info": null
      }
    }
  },
  "workers": {
    "cache": {
      "ok": true,
      "workers": [
        {
          "pid": 1233,
          "user": "www-data",
          "alive": true,
          "correct_user": true,
          "ok": true
        }
      ],
      "jobCount": 0
    },
    "default": {
      "ok": true,
      "workers": [
        {
          "pid": 1233,
          "user": "www-data",
          "alive": true,
          "correct_user": true,
          "ok": true
        }
      ],
      "jobCount": 0
    },
    "email": {
      "ok": true,
      "workers": [
        {
          "pid": 1233,
          "user": "www-data",
          "alive": true,
          "correct_user": true,
          "ok": true
        }
      ],
      "jobCount": 0
    },
    "prio": {
      "ok": true,
      "workers": [
        {
          "pid": 1233,
          "user": "www-data",
          "alive": true,
          "correct_user": true,
          "ok": true
        }
      ],
      "jobCount": 0
    },
    "update": {
      "ok": true,
      "workers": [
        {
          "pid": 1233,
          "user": "www-data",
          "alive": true,
          "correct_user": true,
          "ok": true
        }
      ],
      "jobCount": 0
    },
    "scheduler": {
      "ok": true,
      "workers": [
        {
          "pid": 1233,
          "user": "www-data",
          "alive": true,
          "correct_user": true,
          "ok": true
        }
      ],
      "jobCount": 0
    },
    "proc_accessible": true,
    "controls": true
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get workers:

GET

https://misp.local/servers/getWorkers

Response: 

200:

{
  "cache": {
    "ok": true,
    "workers": [
      {
        "pid": 1233,
        "user": "www-data",
        "alive": true,
        "correct_user": true,
        "ok": true
      }
    ],
    "jobCount": 0
  },
  "default": {
    "ok": true,
    "workers": [
      {
        "pid": 1233,
        "user": "www-data",
        "alive": true,
        "correct_user": true,
        "ok": true
      }
    ],
    "jobCount": 0
  },
  "email": {
    "ok": true,
    "workers": [
      {
        "pid": 1233,
        "user": "www-data",
        "alive": true,
        "correct_user": true,
        "ok": true
      }
    ],
    "jobCount": 0
  },
  "prio": {
    "ok": true,
    "workers": [
      {
        "pid": 1233,
        "user": "www-data",
        "alive": true,
        "correct_user": true,
        "ok": true
      }
    ],
    "jobCount": 0
  },
  "update": {
    "ok": true,
    "workers": [
      {
        "pid": 1233,
        "user": "www-data",
        "alive": true,
        "correct_user": true,
        "ok": true
      }
    ],
    "jobCount": 0
  },
  "scheduler": {
    "ok": true,
    "workers": [
      {
        "pid": 1233,
        "user": "www-data",
        "alive": true,
        "correct_user": true,
        "ok": true
      }
    ],
    "jobCount": 0
  },
  "proc_accessible": true,
  "controls": true
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Start worker:

POST

https://misp.local/servers/startWorker/{workerType}

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Worker start signal sent",
  "message": "Worker start signal sent",
  "url": "/servers/startWorker/email"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Stop worker:

POST

https://misp.local/servers/stopWorker/{workerPid}

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Worker stop signal sent",
  "message": "Worker stop signal sent",
  "url": "/servers/startWorker/1234"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Kill all workers:

POST

https://misp.local/servers/killAllWorkers

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Killing workers.",
  "message": "Killing workers.",
  "url": "/servers/killAllWorkers"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Restart workers:

POST

https://misp.local/servers/restartWorkers

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Restarting workers.",
  "message": "Restarting workers.",
  "url": "/servers/restartWorkers"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Restart dead workers:

POST

https://misp.local/servers/restartDeadWorkers

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Restarting workers.",
  "message": "Restarting workers.",
  "url": "/servers/restartDeadWorkers"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Update server:

POST

https://misp.local/servers/update

Response: 

200:

{
  "results": [
    {
      "input": "cd $(git rev-parse --show-toplevel) && git checkout app/composer.json 2>&1",
      "output": [
        "Updated 1 path from the index"
      ],
      "status": 0
    }
  ]
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Cache server:

POST

https://misp.local/servers/cache

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Server caching job initiated.",
  "message": "Server caching job initiated.",
  "url": "/servers/cache"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Create sync:

POST

https://misp.local/servers/createSync

Response: 

200:

{
  "Server": {
    "url": "https://misppriv.circl.lu",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
    "Organisation": {
      "name": "ORGNAME",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
    }
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get instance UUID:

GET

https://misp.local/servers/getInstanceUUID

Response: 

200:

{
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get server setting by name:

GET

https://misp.local/servers/getSetting/{settingName}

Response: 

200:

{
  "level": 0,
  "value": "string",
  "errorMessage": "The currently set baseurl does not match the URL through which you have accessed the page. Disregard this if you are accessing the page via an alternate URL (for example via IP address).",
  "test": "testBaseURL",
  "type": "string",
  "null": true,
  "subGroup": "Enrichment",
  "cli_only": 1,
  "redacted": true,
  "optionsSource": {},
  "afterHook": "cleanCacheFiles",
  "error": 1,
  "tab": "MISP",
  "setting": "MISP.baseurl",
  "options": {}
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Edit server setting:

POST

https://misp.local/servers/serverSettingsEdit/{settingName}

Request: 
{
  "value": "string"
}
Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Field updated",
  "message": "Field updated",
  "url": "/servers/serverSettingsEdit"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Import server:

POST

https://misp.local/servers/import

Request: 
{
  "name": "Phising Server",
  "url": "https://misppriv.circl.lu",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
  "Organisation": {
    "name": "ORGNAME"
  }
}
Response: 

200:

{
  "Server": {
    "id": "12345",
    "name": "Phising Server",
    "url": "https://misppriv.circl.lu",
    "authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
    "org_id": "12345",
    "push": true,
    "pull": true,
    "push_sightings": true,
    "push_galaxy_clusters": true,
    "pull_galaxy_clusters": true,
    "lastpulledid": "12345",
    "lastpushedid": "12345",
    "organization": "string",
    "remote_org_id": "12345",
    "publish_without_email": true,
    "unpublish_event": true,
    "self_signed": true,
    "pull_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
    "push_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]}}",
    "cert_file": "string",
    "client_cert_file": "string",
    "internal": true,
    "skip_proxy": true,
    "caching_enabled": true,
    "priority": "1",
    "cache_timestamp": true
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Sharing Group

Add a sharing group:

POST

https://misp.local/sharing_groups/add

Request:
{
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "name": "Banking Sharing Group",
  "description": "Banking Institutions of X Sharing Group",
  "releasability": "string",
  "local": true,
  "active": true,
  "org_count": "6",
  "organisation_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "org_id": "12345",
  "sync_user_id": "12345",
  "created": "string",
  "modified": "string",
  "roaming": true
}
Response: 

200:

{
  "SharingGroup": {
    "id": "1",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "name": "Banking Sharing Group",
    "description": "Banking Institutions of X Sharing Group",
    "releasability": "string",
    "local": true,
    "active": true,
    "org_count": "6",
    "organisation_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "org_id": "12345",
    "sync_user_id": "12345",
    "created": "string",
    "modified": "string",
    "roaming": true
  },
  "Organisation": {
    "id": "12345",
    "name": "ORGNAME",
    "date_created": "2021-06-14 14:29:19",
    "date_modified": "2021-06-14 14:29:19",
    "description": "string",
    "type": "ADMIN",
    "nationality": "string",
    "sector": "string",
    "created_by": "12345",
    "uuid": "string",
    "contacts": "string",
    "local": true,
    "restricted_to_domain": [
      "example.com"
    ],
    "landingpage": "string",
    "user_count": "3",
    "created_by_email": "string"
  },
  "SharingGroupOrg": [
    {
      "id": "1",
      "sharing_group_id": "1",
      "org_id": "12345",
      "extend": true,
      "Organisation": {
        "id": "12345",
        "name": "ORGNAME",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
      }
    }
  ],
  "SharingGroupServer": [
    {
      "all_orgs": true,
      "server_id": "12345",
      "sharing_group_id": "1",
      "Server": {
        "id": "12345",
        "name": "Phising Server"
      }
    }
  ],
  "editable": true,
  "deletable": true
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Edit a sharing group:

POST

https://misp.local/sharing_groups/edit/{sharingGroupId}

Request:
{
  "id": "1",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "name": "Banking Sharing Group",
  "description": "Banking Institutions of X Sharing Group",
  "releasability": "string",
  "local": true,
  "active": true,
  "org_count": "6",
  "organisation_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "org_id": "12345",
  "sync_user_id": "12345",
  "created": "string",
  "modified": "string",
  "roaming": true
}
Response: 

200:

{
  "SharingGroup": {
    "id": "1",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "name": "Banking Sharing Group",
    "description": "Banking Institutions of X Sharing Group",
    "releasability": "string",
    "local": true,
    "active": true,
    "org_count": "6",
    "organisation_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "org_id": "12345",
    "sync_user_id": "12345",
    "created": "string",
    "modified": "string",
    "roaming": true
  },
  "Organisation": {
    "id": "12345",
    "name": "ORGNAME",
    "date_created": "2021-06-14 14:29:19",
    "date_modified": "2021-06-14 14:29:19",
    "description": "string",
    "type": "ADMIN",
    "nationality": "string",
    "sector": "string",
    "created_by": "12345",
    "uuid": "string",
    "contacts": "string",
    "local": true,
    "restricted_to_domain": [
      "example.com"
    ],
    "landingpage": "string",
    "user_count": "3",
    "created_by_email": "string"
  },
  "SharingGroupOrg": [
    {
      "id": "1",
      "sharing_group_id": "1",
      "org_id": "12345",
      "extend": true,
      "Organisation": {
        "id": "12345",
        "name": "ORGNAME",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
      }
    }
  ],
  "SharingGroupServer": [
    {
      "all_orgs": true,
      "server_id": "12345",
      "sharing_group_id": "1",
      "Server": {
        "id": "12345",
        "name": "Phising Server"
      }
    }
  ],
  "editable": true,
  "deletable": true
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Delete a sharing group:

DELETE

https://misp.local/sharing_groups/delete/{sharingGroupId}

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "SharingGroup deleted",
  "message": "SharingGroup deleted",
  "url": "/sharing_groups/delete/1"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get a list of sharing groups:

GET

https://misp.local/sharing_groups

Response: 

200:

{
  "response": [
    {
      "SharingGroup": {
        "id": "1",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "name": "Banking Sharing Group",
        "description": "Banking Institutions of X Sharing Group",
        "releasability": "string",
        "local": true,
        "active": true,
        "org_count": "6"
      },
      "Organisation": {
        "id": "12345",
        "name": "ORGNAME",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
      },
      "SharingGroupOrg": [
        {
          "id": "1",
          "sharing_group_id": "1",
          "org_id": "12345",
          "extend": true,
          "Organisation": {
            "id": "12345",
            "name": "ORGNAME",
            "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
          }
        }
      ],
      "SharingGroupServer": [
        {
          "all_orgs": true,
          "server_id": "12345",
          "sharing_group_id": "1",
          "Server": {
            "id": "12345",
            "name": "Phising Server"
          }
        }
      ],
      "editable": true,
      "deletable": true
    }
  ]
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get a sharing group by ID:

GET

https://misp.local/sharing_groups/view/{sharingGroupId}

Response: 

200:

{
  "SharingGroup": {
    "id": "1",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "name": "Banking Sharing Group",
    "description": "Banking Institutions of X Sharing Group",
    "releasability": "string",
    "local": true,
    "active": true,
    "org_count": "6",
    "organisation_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "org_id": "12345",
    "sync_user_id": "12345",
    "created": "string",
    "modified": "string",
    "roaming": true
  },
  "Organisation": {
    "id": "12345",
    "name": "ORGNAME",
    "date_created": "2021-06-14 14:29:19",
    "date_modified": "2021-06-14 14:29:19",
    "description": "string",
    "type": "ADMIN",
    "nationality": "string",
    "sector": "string",
    "created_by": "12345",
    "uuid": "string",
    "contacts": "string",
    "local": true,
    "restricted_to_domain": [
      "example.com"
    ],
    "landingpage": "string",
    "user_count": "3",
    "created_by_email": "string"
  },
  "SharingGroupOrg": [
    {
      "id": "1",
      "sharing_group_id": "1",
      "org_id": "12345",
      "extend": true,
      "Organisation": {
        "id": "12345",
        "name": "ORGNAME",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
      }
    }
  ],
  "SharingGroupServer": [
    {
      "all_orgs": true,
      "server_id": "12345",
      "sharing_group_id": "1",
      "Server": {
        "id": "12345",
        "name": "Phising Server"
      }
    }
  ],
  "editable": true,
  "deletable": true
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Add an organisation to a sharing group:

POST

https://misp.local/sharing_groups/addOrg/{sharingGroupId}/{organisationId}

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Organisation added to the sharing group.",
  "message": "Organisation added to the sharing group.",
  "url": "/sharing_groups/addOrg"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Remove an organisation from a sharing group:

POST

https://misp.local/sharing_groups/removeOrg/{sharingGroupId}/{organisationId}

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Organisation removed from the sharing group.",
  "message": "Organisation removed from the sharing group.",
  "url": "/sharing_groups/removeOrg"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Add a server to a sharing group:

POST

https://misp.local/sharing_groups/addServer/{sharingGroupId}/{serverId}

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Server added to the sharing group.",
  "message": "Server added to the sharing group.",
  "url": "/sharing_groups/addServer"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Remove a server from a sharing group:

POST

https://misp.local/sharing_groups/removeServer/{sharingGroupServerId}/{serverId}

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Server removed from the sharing group.",
  "message": "Server removed from the sharing group.",
  "url": "/sharing_groups/removeServer"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Feed

Get a list of feeds:

GET

https://misp.local/feeds

Response: 

200:

[
  {
    "Feed": {
      "id": "3",
      "name": "CIRCL OSINT Feed",
      "provider": "CIRCL",
      "url": "https://www.circl.lu/doc/misp/feed-osint",
      "rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
      "enabled": true,
      "distribution": "0",
      "sharing_group_id": "1",
      "tag_id": "12345",
      "default": true,
      "source_format": "1",
      "fixed_event": true,
      "delta_merge": true,
      "event_id": "12345",
      "publish": false,
      "override_ids": true,
      "settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\"\"},\"common\":{\"excluderegex\":\"\"},\"disable_correlation\":\"1\"}",
      "input_source": "local",
      "delete_local_file": true,
      "lookup_visible": true,
      "headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
      "caching_enabled": true,
      "force_to_ids": true,
      "orgc_id": "12345",
      "cache_timestamp": "1617875568"
    }
  }
]

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get a feed by ID:

GET

https://misp.local/feeds/view/{feedId}

Response: 

200:

{
  "Feed": {
    "id": "3",
    "name": "CIRCL OSINT Feed",
    "provider": "CIRCL",
    "url": "https://www.circl.lu/doc/misp/feed-osint",
    "rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
    "enabled": true,
    "distribution": "0",
    "sharing_group_id": "1",
    "tag_id": "12345",
    "default": true,
    "source_format": "1",
    "fixed_event": true,
    "delta_merge": true,
    "event_id": "12345",
    "publish": false,
    "override_ids": true,
    "settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\"\"},\"common\":{\"excluderegex\":\"\"},\"disable_correlation\":\"1\"}",
    "input_source": "local",
    "delete_local_file": true,
    "lookup_visible": true,
    "headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
    "caching_enabled": true,
    "force_to_ids": true,
    "orgc_id": "12345",
    "cache_timestamp": "1617875568"
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Add a feed:

POST

https://misp.local/feeds/view/{feedId}

Request:
{
  "name": "CIRCL OSINT Feed",
  "provider": "CIRCL",
  "url": "https://www.circl.lu/doc/misp/feed-osint",
  "rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
  "enabled": true,
  "distribution": "0",
  "sharing_group_id": "1",
  "tag_id": "12345",
  "source_format": "1",
  "fixed_event": true,
  "delta_merge": true,
  "event_id": "12345",
  "publish": false,
  "override_ids": true,
  "input_source": "local",
  "delete_local_file": true,
  "lookup_visible": true,
  "headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
  "caching_enabled": true,
  "force_to_ids": true,
  "orgc_id": "12345"
}
Response: 

200:

{
  "Feed": {
    "id": "3",
    "name": "CIRCL OSINT Feed",
    "provider": "CIRCL",
    "url": "https://www.circl.lu/doc/misp/feed-osint",
    "rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
    "enabled": true,
    "distribution": "0",
    "sharing_group_id": "1",
    "tag_id": "12345",
    "default": true,
    "source_format": "1",
    "fixed_event": true,
    "delta_merge": true,
    "event_id": "12345",
    "publish": false,
    "override_ids": true,
    "settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\"\"},\"common\":{\"excluderegex\":\"\"},\"disable_correlation\":\"1\"}",
    "input_source": "local",
    "delete_local_file": true,
    "lookup_visible": true,
    "headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
    "caching_enabled": true,
    "force_to_ids": true,
    "orgc_id": "12345",
    "cache_timestamp": "1617875568"
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Edit a feed:

PUT

https://misp.local/feeds/edit/{feedId}

Request:
{
  "id": "3",
  "name": "CIRCL OSINT Feed",
  "provider": "CIRCL",
  "url": "https://www.circl.lu/doc/misp/feed-osint",
  "rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
  "enabled": true,
  "distribution": "0",
  "sharing_group_id": "1",
  "tag_id": "12345",
  "source_format": "1",
  "fixed_event": true,
  "delta_merge": true,
  "event_id": "12345",
  "publish": false,
  "override_ids": true,
  "input_source": "local",
  "delete_local_file": true,
  "lookup_visible": true,
  "headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
  "caching_enabled": true,
  "force_to_ids": true,
  "orgc_id": "12345"
}
Response: 

200:

{
  "Feed": {
    "id": "3",
    "name": "CIRCL OSINT Feed",
    "provider": "CIRCL",
    "url": "https://www.circl.lu/doc/misp/feed-osint",
    "rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
    "enabled": true,
    "distribution": "0",
    "sharing_group_id": "1",
    "tag_id": "12345",
    "default": true,
    "source_format": "1",
    "fixed_event": true,
    "delta_merge": true,
    "event_id": "12345",
    "publish": false,
    "override_ids": true,
    "settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\"\"},\"common\":{\"excluderegex\":\"\"},\"disable_correlation\":\"1\"}",
    "input_source": "local",
    "delete_local_file": true,
    "lookup_visible": true,
    "headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
    "caching_enabled": true,
    "force_to_ids": true,
    "orgc_id": "12345",
    "cache_timestamp": "1617875568"
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Enable feed:

POST

https://misp.local/feeds/enable/{feedId}

Response: 

200:

{
  "name": "Feed enabled.",
  "message": "Feed enabled.",
  "url": "/feeds/enable/1"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Disable feed:

POST

https://misp.local/feeds/disable/{feedId}

Response: 

200:

{
  "name": "Feed disabled.",
  "message": "Feed disabled.",
  "url": "/feeds/disable/1"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Cache feeds:

POST

https://misp.local/feeds/cacheFeeds/{cacheFeedsScope}

Response: 

200:

{
  "name": "Feed caching job initiated.",
  "message": "Feed caching job initiated.",
  "url": "/feeds/cacheFeed"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Fetch from feed by ID:

POST

https://misp.local/feeds/fetchFromFeed/{feedId}

Response: 

200:

{
  "result": "Pull queued for background execution."
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Fetch from all feeds:

POST

https://misp.local/feeds/fetchFromAllFeeds

Response: 

200:

{
  "result": "Pull queued for background execution."
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Object

[restSearch] Get a filtered and paginated list of objects:

POST

https://misp.local/objects/restsearch

Request:
{
  "page": 1,
  "limit": 0,
  "quickFilter": "malware",
  "searchall": "malware",
  "timestamp": "1617875568",
  "object_name": "ail-leak",
  "object_template_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "object_template_version": "1",
  "eventid": "12345",
  "eventinfo": "logged source ip",
  "ignore": false,
  "from": "string",
  "to": "string",
  "date": "string",
  "tags": [
    "tlp:amber"
  ],
  "last": 0,
  "event_timestamp": "1617875568",
  "publish_timestamp": "1617875568",
  "org": "12345",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "value": "127.0.0.1",
  "type": "md5",
  "category": "Internal reference",
  "object_relation": "filepath",
  "attribute_timestamp": "1617875568",
  "first_seen": "1581984000000000",
  "last_seen": "1581984000000000",
  "comment": "logged source ip",
  "to_ids": true,
  "published": false,
  "deleted": false,
  "withAttachments": false,
  "enforceWarninglist": true,
  "includeAllTags": false,
  "includeEventUuid": false,
  "include_event_uuid": false,
  "includeEventTags": false,
  "includeProposals": false,
  "includeWarninglistHits": true,
  "includeContext": true,
  "includeSightings": true,
  "includeSightingdb": true,
  "includeCorrelations": true,
  "includeDecayScore": false,
  "includeFullModel": false,
  "allow_proposal_blocking": false,
  "metadata": true,
  "attackGalaxy": "mitre-attack",
  "excludeDecayed": false,
  "decayingModel": "string",
  "modelOverrides": {
    "lifetime": 3,
    "decay_speed": 2.3,
    "threshold": 30,
    "default_base_score": 80,
    "base_score_config": {
      "estimative-language:confidence-in-analytic-judgment": 0.25,
      "estimative-language:likelihood-probability": 0.25,
      "phishing:psychological-acceptability": 0.25,
      "phishing:state": 0.2
    }
  },
  "score": "string",
  "returnFormat": "json"
}

Response: 

200:

{
  "response": [
    {
      "Object": {
        "id": "12345",
        "name": "ail-leak",
        "meta-category": "string",
        "description": "string",
        "template_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "template_version": "1",
        "event_id": "12345",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "timestamp": "1617875568",
        "distribution": "0",
        "sharing_group_id": "1",
        "comment": "string",
        "deleted": true,
        "first_seen": "1581984000000000",
        "last_seen": "1581984000000000",
        "Attribute": [
          {
            "id": "12345",
            "event_id": "12345",
            "object_id": "12345",
            "object_relation": "sensor",
            "category": "Internal reference",
            "type": "md5",
            "value": "127.0.0.1",
            "to_ids": true,
            "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
            "timestamp": "1617875568",
            "distribution": "0",
            "sharing_group_id": "1",
            "comment": "logged source ip",
            "deleted": false,
            "disable_correlation": false,
            "first_seen": "1581984000000000",
            "last_seen": "1581984000000000"
          }
        ]
      }
    }
  ]
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Add an object to an event:

POST

https://misp.local/objects/add/{eventId}/{objectTemplateId}

Request:
{
  "Attribute": [
    {
      "category": "Internal reference",
      "value": "127.0.0.1",
      "to_ids": true,
      "disable_correlation": false,
      "distribution": "0",
      "comment": "logged source ip",
      "object_relation": "sensor"
    }
  ]
}

Response: 

200:

{
  "Object": {
    "id": "12345",
    "name": "ail-leak",
    "meta-category": "string",
    "description": "string",
    "template_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "template_version": "1",
    "event_id": "12345",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "timestamp": "1617875568",
    "distribution": "0",
    "sharing_group_id": "1",
    "comment": "string",
    "deleted": true,
    "first_seen": "1581984000000000",
    "last_seen": "1581984000000000",
    "Attribute": [
      {
        "id": "12345",
        "event_id": "12345",
        "object_id": "12345",
        "object_relation": "sensor",
        "category": "Internal reference",
        "type": "md5",
        "value": "127.0.0.1",
        "to_ids": true,
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "timestamp": "1617875568",
        "distribution": "0",
        "sharing_group_id": "1",
        "comment": "logged source ip",
        "deleted": false,
        "disable_correlation": false,
        "first_seen": "1581984000000000",
        "last_seen": "1581984000000000"
      }
    ]
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get object by ID:

GET

https://misp.local/objects/view/{objectId}

Response: 

200:

{
  "Object": {
    "id": "12345",
    "name": "ail-leak",
    "meta-category": "string",
    "description": "string",
    "template_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "template_version": "1",
    "event_id": "12345",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "timestamp": "1617875568",
    "distribution": "0",
    "sharing_group_id": "1",
    "comment": "string",
    "deleted": true,
    "first_seen": "1581984000000000",
    "last_seen": "1581984000000000",
    "Attribute": [
      {
        "id": "12345",
        "event_id": "12345",
        "object_id": "12345",
        "object_relation": "sensor",
        "category": "Internal reference",
        "type": "md5",
        "value": "127.0.0.1",
        "to_ids": true,
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "timestamp": "1617875568",
        "distribution": "0",
        "sharing_group_id": "1",
        "comment": "logged source ip",
        "deleted": false,
        "disable_correlation": false,
        "first_seen": "1581984000000000",
        "last_seen": "1581984000000000"
      }
    ],
    "Event": {
      "id": "12345",
      "info": "logged source ip",
      "org_id": "12345",
      "orgc_id": "12345"
    }
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Delete object:

DELETE

https://misp.local/objects/delete/{objectId}/{hardDelete}

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Object deleted",
  "message": "Object deleted",
  "url": "/objects/delete/1"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

TAG

Get tags:

GET

https://misp.local/tags

Response: 

200:

{
  "Tag": [
    {
      "id": "12345",
      "name": "tlp:white",
      "colour": "#ffffff",
      "exportable": true,
      "org_id": "12345",
      "user_id": "12345",
      "hide_tag": false,
      "numerical_value": "12345",
      "is_galaxy": true,
      "is_custom_galaxy": true,
      "inherited": 1
    }
  ]
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get tag by ID:

GET

https://misp.local/tags/view/{tagId}

Response: 

200:

{
  "id": "12345",
  "name": "tlp:white",
  "colour": "#ffffff",
  "exportable": true,
  "org_id": "12345",
  "user_id": "12345",
  "hide_tag": false,
  "numerical_value": "12345",
  "is_galaxy": true,
  "is_custom_galaxy": true,
  "inherited": 1
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Add tag:

POST

https://misp.local/tags/add

Response: 

200:

{
  "id": "12345",
  "name": "tlp:white",
  "colour": "#ffffff",
  "exportable": true,
  "org_id": "12345",
  "user_id": "12345",
  "hide_tag": false,
  "numerical_value": "12345",
  "is_galaxy": true,
  "is_custom_galaxy": true,
  "inherited": 1
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Delete tag:

POST

https://misp.local/tags/delete/{tagId}

Response: 

200:

{
  "name": "Tag deleted.",
  "message": "Tag deleted.",
  "url": "https://misppriv.circl.lu/tags/delete/1"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Edit tag:

POST

https://misp.local/tags/edit/{tagId}

Request:
{
  "name": "tlp:white",
  "colour": "#ffffff",
  "exportable": true,
  "org_id": "12345",
  "user_id": "12345",
  "hide_tag": false,
  "numerical_value": "12345",
  "is_galaxy": true,
  "is_custom_galaxy": true,
  "inherited": 1
}
Response: 

200:

{
  "Tag": {
    "id": "12345",
    "name": "tlp:white",
    "colour": "#ffffff",
    "exportable": true,
    "org_id": "12345",
    "user_id": "12345",
    "hide_tag": false,
    "numerical_value": "12345",
    "is_galaxy": true,
    "is_custom_galaxy": true,
    "inherited": 1
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Search tag:

GET

https://misp.local/tags/search/{tagSearchTerm}

Response: 

200:

[
  {
    "Tag": {
      "id": "12345",
      "name": "tlp:white",
      "colour": "#ffffff",
      "exportable": true,
      "org_id": "12345",
      "user_id": "12345",
      "hide_tag": false,
      "numerical_value": "12345",
      "is_galaxy": true,
      "is_custom_galaxy": true,
      "inherited": 1
    },
    "Taxonomy": {
      "id": "12345",
      "namespace": "tlp",
      "description": "Disclosure is not limited.  Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction.",
      "version": "5",
      "enabled": true,
      "exclusive": true,
      "required": true
    },
    "TaxonomyPredicate": {
      "id": "12345",
      "taxonomy_id": "12345",
      "value": "white",
      "expanded": "(TLP:WHITE) Information can be shared publicly in accordance with the law.",
      "colour": "#ffffff",
      "description": "Disclosure is not limited.  Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction.",
      "exclusive": true,
      "numerical_value": 0
    }
  }
]

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Sighting

Get sightings by event ID:

GET

https://misp.local/sightings/index/{eventId}

Response: 

200:

{
  "Tag": [
    {
      "id": "12345",
      "name": "tlp:white",
      "colour": "#ffffff",
      "exportable": true,
      "org_id": "12345",
      "user_id": "12345",
      "hide_tag": false,
      "numerical_value": "12345",
      "is_galaxy": true,
      "is_custom_galaxy": true,
      "inherited": 1
    }
  ]
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Add sightings of a list of values:

POST

https://misp.local/sightings/add

Request:
{
  "values": [
    "127.0.0.1"
  ],
  "timestamp": "1617875568",
  "filters": {
    "page": 1,
    "limit": 0,
    "value": "127.0.0.1",
    "value1": "127.0.0.1",
    "value2": "127.0.0.1",
    "type": "md5",
    "category": "Internal reference",
    "org": "12345",
    "tags": [
      "tlp:amber"
    ],
    "from": "string",
    "to": "string",
    "last": 0,
    "eventid": "12345",
    "withAttachments": false,
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "publish_timestamp": "1617875568",
    "published": false,
    "timestamp": "1617875568",
    "attribute_timestamp": "1617875568",
    "enforceWarninglist": true,
    "to_ids": true,
    "deleted": false,
    "event_timestamp": "1617875568",
    "threat_level_id": "1",
    "eventinfo": "string",
    "sharinggroup": [
      "1"
    ],
    "decayingModel": "string",
    "score": "string",
    "first_seen": "string",
    "last_seen": "string",
    "includeEventUuid": false,
    "includeEventTags": false,
    "includeProposals": false,
    "requested_attributes": [
      "id"
    ],
    "includeContext": true,
    "headerless": true,
    "includeWarninglistHits": true,
    "attackGalaxy": "mitre-attack",
    "object_relation": "filepath",
    "includeSightings": true,
    "includeCorrelations": true,
    "modelOverrides": {
      "lifetime": 3,
      "decay_speed": 2.3,
      "threshold": 30,
      "default_base_score": 80,
      "base_score_config": {
        "estimative-language:confidence-in-analytic-judgment": 0.25,
        "estimative-language:likelihood-probability": 0.25,
        "phishing:psychological-acceptability": 0.25,
        "phishing:state": 0.2
      }
    },
    "includeDecayScore": false,
    "includeFullModel": false,
    "excludeDecayed": false,
    "returnFormat": "json"
  }
}
Response: 

200:

{
  "id": "12345",
  "attribute_id": "12345",
  "event_id": "12345",
  "org_id": "12345",
  "date_sighting": "1617875568",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "source": "string",
  "type": "string",
  "attribute_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "Organisation": {
    "id": "12345",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "name": "ORGNAME"
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Add sighting of an attribute:

POST

https://misp.local/sightings/add/{attributeId}

Response: 

200:

{
  "id": "12345",
  "attribute_id": "12345",
  "event_id": "12345",
  "org_id": "12345",
  "date_sighting": "1617875568",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "source": "string",
  "type": "string",
  "attribute_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "Organisation": {
    "id": "12345",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "name": "ORGNAME"
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Delete sighting:

POST

https://misp.local/sightings/delete/{sightingId}

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Sighting successfully deleted.",
  "message": "Sighting successfully deleted.",
  "url": "/sightings/delete/1"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

 

Warninglist

Get a list of warninglists:

POST

https://misp.local/warninglists

Response: 

200:

{
  "Warninglists": [
    {
      "Warninglist": {
        "id": "3",
        "name": "List of known domains to know external IP",
        "type": "cidr",
        "description": "string",
        "version": "10",
        "enabled": true,
        "warninglist_entry_count": "1234",
        "valid_attributes": "domain, hostname, domain|ip, uri, url",
        "WarninglistEntry": [
          {
            "id": "1234",
            "value": "10.128.0.0/24",
            "warninglist_id": "3"
          }
        ]
      }
    }
  ]
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Search warninglists:

POST

https://misp.local/warninglists

Response: 

200:

{
  "Warninglists": [
    {
      "Warninglist": {
        "id": "3",
        "name": "List of known domains to know external IP",
        "type": "cidr",
        "description": "string",
        "version": "10",
        "enabled": true,
        "warninglist_entry_count": "1234",
        "valid_attributes": "domain, hostname, domain|ip, uri, url",
        "WarninglistEntry": [
          {
            "id": "1234",
            "value": "10.128.0.0/24",
            "warninglist_id": "3"
          }
        ]
      }
    }
  ]
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Enable/disable warninglists:

POST

https://misp.local/warninglists/toggleEnable

Response: 

200:

{
  "saved": true,
  "success": "1 warninglist(s) disabled"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get warninglist by ID:

GET

https://misp.local/warninglists/view/{warninglistId}

Response: 

200:

{
  "Warninglist": {
    "id": "3",
    "name": "List of known domains to know external IP",
    "type": "cidr",
    "description": "string",
    "version": "10",
    "enabled": true,
    "warninglist_entry_count": "1234",
    "valid_attributes": "domain, hostname, domain|ip, uri, url",
    "WarninglistEntry": [
      {
        "id": "1234",
        "value": "10.128.0.0/24",
        "warninglist_id": "3"
      }
    ]
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Check if a list of values matches any warninglists:

POST

https://misp.local/warninglists/checkValue

Request:
[
  "10.128.0.2"
]
Response: 

200:

{
  "10.128.0.2": [
    {
      "id": "10",
      "name": "List of known Wikimedia address ranges"
    }
  ]
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Update warninglists:

POST

https://misp.local/warninglists/update

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Successfully updated 1 warninglists.",
  "message": "Successfully updated 1 warninglists.",
  "url": "/warninglists/update"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Noticelist

Get a list of noticelists

GET

https://misp.local/warninglists

Response: 

200:

[
  {
    "Noticelist": {
      "id": "3",
      "name": "List of known domains to know external IP",
      "type": "cidr",
      "description": "string",
      "version": "10",
      "enabled": true,
      "warninglist_entry_count": "1234",
      "valid_attributes": "domain, hostname, domain|ip, uri, url",
      "NoticelistEntry": [
        {
          "id": "1234",
          "noticelist_id": "3",
          "data": {
            "scope": [
              "attribute"
            ],
            "field": [
              "category"
            ],
            "value": [
              "Person"
            ],
            "tags": [
              "tlp:white"
            ],
            "message": {
              "en": "This attribute is likely to contain personal data and the data subject is likely to be directly identifiable."
            }
          }
        }
      ]
    }
  }
]

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get a noticelist by ID:

GET

https://misp.local/warninglists

Response: 

200:

{
  "Noticelist": {
    "id": "3",
    "name": "List of known domains to know external IP",
    "type": "cidr",
    "description": "string",
    "version": "10",
    "enabled": true,
    "warninglist_entry_count": "1234",
    "valid_attributes": "domain, hostname, domain|ip, uri, url",
    "NoticelistEntry": [
      {
        "id": "1234",
        "noticelist_id": "3",
        "data": {
          "scope": [
            "attribute"
          ],
          "field": [
            "category"
          ],
          "value": [
            "Person"
          ],
          "tags": [
            "tlp:white"
          ],
          "message": {
            "en": "This attribute is likely to contain personal data and the data subject is likely to be directly identifiable."
          }
        }
      }
    ]
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Enable/disable noticelist:

POST

https://misp.local/warninglists

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Noticelist enabled.",
  "message": "Noticelist enabled.",
  "url": "/noticelists/toggleEnable/1"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Update noticelists:

POST

https://misp.local/noticelists/update

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Successfully updated 1 noticelists.",
  "message": "Successfully updated 1 noticelists.",
  "url": "/noticelists/update"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

 

 

 

Log

Get instance logs

POST

https://misp.local/admin/logs

Request:
{
  "page": 1,
  "limit": 0,
  "id": "12345",
  "title": "Attribute (448272) from Event (1): Other/text foo",
  "created": "string",
  "model": "AdminSetting",
  "model_id": "12345",
  "action": "accept",
  "user_id": "12345",
  "change": "%name () => (ORGNAME)%",
  "email": "user@example.com",
  "org": "ORG_%",
  "description": "%updated by User%",
  "ip": "string"
}
Response: 

200:

[
  {
    "Log": {
      "id": "12345",
      "title": "Attribute (448272) from Event (1): Other/text foo",
      "created": "string",
      "model": "AdminSetting",
      "model_id": "12345",
      "action": "accept",
      "user_id": "12345",
      "change": "name () => (ORGNAME)",
      "email": "user@example.com",
      "org": "ORGNAME",
      "description": "Organisation \"ORGNAME\" (1) added by User \"SYSTEM\" (0).",
      "ip": "10.0.0.10"
    }
  }
]

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Auth key

Get auth keys:

POST

https://misp.local/auth_keys

Request:
[
  {
    "AuthKey": {
      "id": "12345",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "authkey_start": "stri",
      "authkey_end": "stri",
      "created": "1617875568",
      "expiration": "1970-01-01 00:00:00",
      "read_only": true,
      "user_id": "12345",
      "comment": "string",
      "allowed_ips": [
        "127.0.0.1"
      ],
      "last_used": "1617875568"
    },
    "User": {
      "id": "12345",
      "email": "user@example.com"
    }
  }
]
Response: 

200:

[
  {
    "Log": {
      "id": "12345",
      "title": "Attribute (448272) from Event (1): Other/text foo",
      "created": "string",
      "model": "AdminSetting",
      "model_id": "12345",
      "action": "accept",
      "user_id": "12345",
      "change": "name () => (ORGNAME)",
      "email": "user@example.com",
      "org": "ORGNAME",
      "description": "Organisation \"ORGNAME\" (1) added by User \"SYSTEM\" (0).",
      "ip": "10.0.0.10"
    }
  }
]

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Search auth keys:

POST

https://misp.local/auth_keys

Request:
{
  "page": 1,
  "limit": 0,
  "id": "12345",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "authkey_start": "string",
  "authkey_end": "string",
  "created": "string",
  "expiration": "string",
  "read_only": true,
  "user_id": "12345",
  "comment": "string",
  "allowed_ips": "[\"127.0.0.1\",\"127.0.0.2\"]",
  "last_used": "string"
}
Response: 

200:

[
  {
    "AuthKey": {
      "id": "12345",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "authkey_start": "stri",
      "authkey_end": "stri",
      "created": "1617875568",
      "expiration": "1970-01-01 00:00:00",
      "read_only": true,
      "user_id": "12345",
      "comment": "string",
      "allowed_ips": [
        "127.0.0.1"
      ],
      "last_used": "1617875568"
    },
    "User": {
      "id": "12345",
      "email": "user@example.com"
    }
  }
]

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Add auth keys:

POST

https://misp.local/auth_keys/add/{userId}

Request:
{
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "read_only": true,
  "user_id": "12345",
  "comment": "string",
  "allowed_ips": [
    "127.0.0.1"
  ]
}
Response: 

200:

{
  "AuthKey": {
    "id": "12345",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "authkey_start": "stri",
    "authkey_end": "stri",
    "created": "1617875568",
    "expiration": "1970-01-01 00:00:00",
    "read_only": true,
    "user_id": "12345",
    "comment": "string",
    "allowed_ips": [
      "127.0.0.1"
    ],
    "last_used": "1617875568"
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

View auth key:

GET

https://misp.local/auth_keys/add/{userId}

Response: 

200:

{
  "AuthKey": {
    "id": "12345",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "authkey_start": "stri",
    "authkey_end": "stri",
    "created": "1617875568",
    "expiration": "1970-01-01 00:00:00",
    "read_only": true,
    "user_id": "12345",
    "comment": "string",
    "allowed_ips": [
      "127.0.0.1"
    ],
    "last_used": "1617875568"
  },
  "User": {
    "id": "12345",
    "org_id": "12345",
    "email": "user@example.com"
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Edit auth key:

POST

https://misp.local/auth_keys/add/{userId}

Request:
{
  "read_only": true,
  "comment": "string",
  "allowed_ips": [
    "127.0.0.1"
  ]
}
Response: 

200:

{
  "AuthKey": {
    "id": "12345",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "authkey_start": "stri",
    "authkey_end": "stri",
    "created": "1617875568",
    "expiration": "1970-01-01 00:00:00",
    "read_only": true,
    "user_id": "12345",
    "comment": "string",
    "allowed_ips": [
      "127.0.0.1"
    ],
    "last_used": "1617875568"
  },
  "User": {
    "id": "12345",
    "org_id": "12345",
    "email": "user@example.com"
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Delete auth key:

DELETE

https://misp.local/auth_keys/delete/{authKeyId}

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "AuthKey deleted.",
  "message": "AuthKey deleted.",
  "url": "/auth_keys/delete/1234"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

 

UserSettings

Get user settings:

GET

https://misp.local/user_settings

Response: 

200:

[
  {
    "UserSetting": {
      "id": "12345",
      "setting": "publish_alert_filter",
      "value": {
        "widget": "MispStatusWidget",
        "position": {
          "x": "0",
          "y": "0",
          "width": "2",
          "height": "2"
        }
      },
      "user_id": "12345",
      "timestamp": "1617875568"
    }
  }
]

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Search user settings:

POST

https://misp.local/user_settings

Request:
{
  "id": "12345",
  "setting": "publish_alert_filter",
  "user_id": "12345"
}
Response: 

200:

[
  {
    "UserSetting": {
      "id": "12345",
      "setting": "publish_alert_filter",
      "value": {
        "widget": "MispStatusWidget",
        "position": {
          "x": "0",
          "y": "0",
          "width": "2",
          "height": "2"
        }
      },
      "user_id": "12345",
      "timestamp": "1617875568"
    }
  }
]

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get user setting by id:

GET

https://misp.local/user_settings/view/{userSettingId}

Response: 

200:

{
  "UserSetting": {
    "id": "12345",
    "setting": "publish_alert_filter",
    "value": {
      "widget": "MispStatusWidget",
      "position": {
        "x": "0",
        "y": "0",
        "width": "2",
        "height": "2"
      }
    },
    "user_id": "12345",
    "timestamp": "1617875568"
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Set user setting:

POST

https://misp.local/user_settings/setSetting/{userId}/{userSettingName}

Request:
{
  "widget": "MispStatusWidget",
  "position": {
    "x": "0",
    "y": "0",
    "width": "2",
    "height": "2"
  }
}
Response: 

200:

{
  "UserSetting": {
    "id": "12345",
    "setting": "publish_alert_filter",
    "value": {
      "widget": "MispStatusWidget",
      "position": {
        "x": "0",
        "y": "0",
        "width": "2",
        "height": "2"
      }
    },
    "user_id": "12345",
    "timestamp": "1617875568"
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get user setting by id:

GET

https://misp.local/user_settings/getSetting/{userId}/{userSettingName}

Response: 

200:

{
  "UserSetting": {
    "id": "12345",
    "setting": "publish_alert_filter",
    "value": {
      "widget": "MispStatusWidget",
      "position": {
        "x": "0",
        "y": "0",
        "width": "2",
        "height": "2"
      }
    },
    "user_id": "12345",
    "timestamp": "1617875568"
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Delete user setting by id:

DELETE

https://misp.local/user_settings/delete/{userSettingId}

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Setting deleted.",
  "message": "Setting deleted.",
  "url": "/user_settings/delete/1234"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

 

Taxonomy

Get taxonomies:

GET

https://misp.local/taxonomies

Response: 

200:

[
  {
    "Taxonomy": {
      "id": "12345",
      "namespace": "tlp",
      "description": "Disclosure is not limited.  Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction.",
      "version": "5",
      "enabled": true,
      "exclusive": true,
      "required": true
    },
    "total_count": 0,
    "current_count": 0
  }
]

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get a taxonomy by ID:

GET

https://misp.local/taxonomies/view/{taxonomyIdParameter}

Response: 

200:

{
  "Taxonomy": {
    "id": "12345",
    "namespace": "tlp",
    "description": "Disclosure is not limited.  Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction.",
    "version": "5",
    "enabled": true,
    "exclusive": true,
    "required": true
  },
  "entries": [
    {
      "tag": "tlp:white",
      "expanded": "string",
      "description": "string",
      "exclusive_predicate": true,
      "existing_tag": true
    }
  ]
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Enable taxonomy:

POST

https://misp.local/taxonomies/enable/{taxonomyIdParameter}

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Taxonomy enabled",
  "message": "Taxonomy enabled",
  "url": "/taxonomies/enable/1234"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Disable taxonomy:

POST

https://misp.local/taxonomies/disable/{taxonomyIdParameter}

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Taxonomy disabled",
  "message": "Taxonomy disabled",
  "url": "/taxonomies/disabled/1234"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Update taxonomies:

POST

https://misp.local/taxonomies/update

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Successfully updated 120 taxonomy libraries.",
  "message": "Successfully updated 120 taxonomy libraries.",
  "url": "/taxonomies/update"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get a taxonomy extended with tags used in events and attributes:

GET

https://misp.local/taxonomies/taxonomy_tags/{taxonomyIdParameter}

Response: 

200:

{
  "Taxonomy": {
    "id": "12345",
    "namespace": "tlp",
    "description": "Disclosure is not limited.  Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction.",
    "version": "5",
    "enabled": true,
    "exclusive": true,
    "required": true
  },
  "entries": [
    {
      "org_id": "12345",
      "server_id": "12345",
      "email": "user@example.com",
      "autoalert": true,
      "authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
      "invited_by": "12345",
      "gpgkey": "string",
      "certif_public": "string",
      "nids_sid": "4000000",
      "termsaccepted": true,
      "newsread": "1617875568",
      "role_id": "3",
      "change_pw": "0",
      "contactalert": true,
      "disabled": true,
      "expiration": "2019-08-24T14:15:22Z",
      "current_login": "1617875568",
      "last_login": "1617875568",
      "force_logout": true,
      "date_created": "1617875568",
      "date_modified": "1617875568",
      "events": 0,
      "attributes": 0
    }
  ]
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Export taxonomy:

GET

https://misp.local/taxonomies/export/{taxonomyIdParameter}

Response: 

200:

{
  "namespace": "tlp",
  "description": "Disclosure is not limited.  Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction.",
  "version": 0,
  "exclusive": true,
  "predicates": [
    {
      "value": "white",
      "expanded": "(TLP:WHITE) Information can be shared publicly in accordance with the law."
    }
  ],
  "values": [
    {
      "predicate": "white",
      "entry": [
        {
          "value": "spam",
          "expanded": "spam",
          "description": "Spam or ‘unsolicited bulk e-mail’, meaning that the recipient has not granted verifiable permission for the message to be sent and that the message is sent as part of a larger collection of messages, all having identical content."
        }
      ]
    }
  ]
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}