API Dokümantasyonu
Bu kılavuz, MISP API'nin etkili bir şekilde nasıl kullanılacağını adım adım açıklar ve farklı senaryolarda entegrasyon sağlamak için yönergeler sunar.
- API Kullanımı
- Başlangıç
- API Erişimi ve Yetkilendirme
- Rest Client Nedir?
- REST Client ile API İstekleri
- PyMISP ile Otomasyon
- API Endpoint ve Parametreleri
- EndPoint ve Parametre Nedir?
- Analyst Data Parametreleri
- Attribute Parametreleri
- Event Parametreleri
- Galaxy Parametreleri
- Galaxy Cluster Parametreleri
- User Parametreleri
- Organizasyon Parametreleri
- Server Parametreleri
- Sharing Group Parametreleri
- Feed Parametreleri
- Obje Parametreleri
- Tag Parametreleri
- Sighting Parametreleri
- Warninglist Parametreleri:
- Noticelist Parametreleri
- Log Parametreleri
- Kimlik Doğrulama Anahtarı Parametreleri
- Kullanıcı Ayarları Parametreleri
- EventReport Parametreleri
- API Request ve Response Örnekleri
API Kullanımı
Başlangıç
MISP API, Tehdit İstihbaratı Paylaşım Platformu'nun (MISP), diğer sistemlerle entegrasyon için sağladığı güçlü bir araçtır. API, tehdit aktörlerinden zararlı yazılımlara kadar geniş bir yelpazedeki güvenlik verilerini paylaşmak için bir ortam sağlar. MISP API, otomatik veri alışverişi, analiz ve uyarı oluşturma gibi çeşitli güvenlik senaryolarında önemli rol oynar.
MISP API, uygulama geliştiricilerine, organizasyonların MISP platformunu kendi güvenlik altyapılarına entegre etmelerini sağlar. Bu entegrasyon, gerçek zamanlı tehdit bilgilerine erişim sağlayarak güvenlik operasyonlarını güçlendirir ve yanıt sürelerini iyileştirir. Ayrıca, MISP API, çeşitli güvenlik araçları ve sistemlerle etkileşim kurarak tehdit tespiti ve müdahale süreçlerini otomatikleştirmeyi kolaylaştırır. Bu sayede, kurumlar tehditlerle mücadele etmek için daha hızlı ve etkili bir şekilde hareket edebilirler.
OpenAPI Belgesi Kullanımı:
OpenAPI belgeleri, MISP API'nin kullanımını tanımlayan bir rehberdir. Bu belgeler, API endpoint'lerinin, parametrelerin ve kullanım yönergelerinin yanı sıra API'ye yapılan isteklerin nasıl yapılandırılacağı hakkında ayrıntılı bilgi sağlar. Özellikle, belgede her endpoint'in URL'si, desteklediği HTTP metotları (GET, POST, PUT, DELETE vb.), gerekli ve isteğe bağlı parametreler, yanıt formatı ve hata durumları gibi bilgiler bulunur.
OpenAPI belgeleri, MISP API'nin sağladığı işlevlerin ve servislerin ayrıntılı bir tanımını içerir. Bu belgeler, API'nin nasıl kullanılacağı hakkında kapsamlı bir rehber sağlar ve API'nin işlevselliğini tam olarak anlamak için önemlidir.
REST Client Arayüzü Kullanımı:
REST client arayüzü, kullanıcılara API'ye doğrudan erişim ve istek gönderme imkanı sağlar. Bu arayüz, API belgelerinde belirtilen parametreleri kullanarak istekler oluşturabilir ve cevapları alabilir. Kullanıcılar, API isteklerini kolayca yapılandırabilir, istenen parametreleri ekleyebilir ve istekleri göndererek API'den veri alabilirler.
REST client arayüzü genellikle bir web tabanlı uygulama veya bir masaüstü uygulama olarak sunulur. Kullanıcılar, bu arayüzü kullanarak belirli bir API endpoint'ine istek göndermek için gereken HTTP yöntemini (GET, POST, PUT, DELETE vb.) seçebilirler. Ardından, istek için gereken parametreleri ve verileri ekleyebilirler ve isteği göndererek API'den cevap alabilirler.
Bu arayüz, API'ye hızlı ve etkili bir şekilde erişmek için kullanışlı bir araçtır ve API'nin nasıl kullanılacağını anlamak için OpenAPI belgeleriyle birlikte kullanılabilir.
API Erişimi ve Yetkilendirme
MISP API'ye erişim, kullanıcıların güvenlik bilgilerini sağlamaları gereken yetkilendirme mekanizması üzerinden gerçekleşir. API'ye erişim için bir API anahtarı (Auth key) gereklidir ve bu anahtar, MISP kullanıcı arayüzünden ya da komut satırı aracılığı ile alınabilir.
API anahtarı, erişimin güvenliğini sağlamak için özenle saklanmalıdır, çünkü bu anahtar tüm veri tabanına erişim sağlar.
Kullanıcı Arayüzü:
- Profilim -> Kimlik Doğrulama Anahtarları Bölümü:
- Bu adımlar, kullanıcının kendi API anahtarını oluşturmasını sağlar.
- Kullanıcı, kendi hesabına giriş yaparak "Profilim" sekmesine gitmelidir.
- Ardından, "Kimlik Doğrulama Anahtarları" bölümüne tıklamalı ve "Kimlik Doğrulama Anahtarı Ekle" seçeneğini seçmelidir.
- Bu adımları takip ederek, kullanıcı kendi API anahtarını oluşturabilir ve kullanabilir.
Yönetici Arayüzü:
- Yönetici Olarak Başka Bir Kullanıcı İçin API Anahtarı Oluşturma:
- Bu adımlar, yöneticinin başka bir kullanıcı adına API anahtarı oluşturmasını sağlar.
- Yönetici, yönetici hesabına giriş yapmalı ve "Yönetim" sekmesine gitmelidir.
- Ardından, "Kullanıcıları Listele" bölümüne tıklamalı ve istenen kullanıcının "Görünüm" sayfasına gitmelidir.
- Kullanıcının sayfasında, "Kimlik Doğrulama Anahtarları" bölümünde "Kimlik Doğrulama Anahtarı Ekle" seçeneğini seçmelidir.
- Bu adımları takip ederek, yönetici belirli bir kullanıcı adına API anahtarı oluşturabilir ve kullanıcıya iletebilir.
Kullanıcı Komut Satırı:
- Komut Satırı Kullanarak Kendi API Anahtarınızı Oluşturma:
- Kullanıcı, MISP'in yüklemesinin yapıldığı dizindeki CLI (Command Line Interface) aracını kullanarak API anahtarı oluşturabilir.
- CLI aracını çalıştırmak için aşağıdaki komutu kullanabilir:
./app/Console/cake user change_authkey [e-posta/kullanıcı_kimliği]
- Bu komut, belirtilen kullanıcının API anahtarını değiştirir veya yeni bir API anahtarı oluşturur.
Yönetici Komut Satırı:
- Komut Satırı Kullanarak Başka Bir Kullanıcı İçin API Anahtarı Oluşturma:
- API Yönetici düzeyinde bir API anahtarınız olması koşuluyla, başka bir kullanıcı adına API anahtarı oluşturabilirsiniz.
- Bu işlem için [POST]/auth_keys/add/{{user_id}} uç noktasını kullanabilirsiniz. Burada {{user_id}}, API anahtarı oluşturmak istediğiniz kullanıcının kimliğini belirtir.
- Bu istek, API yöneticisi tarafından yetkilendirilmiş olmalı ve belirtilen kullanıcının API anahtarını oluşturmak için gerekli izinlere sahip olmalısınız.
- Bu şekilde, başka bir kullanıcı adına API anahtarı oluşturabilir ve belirli bir kullanıcıya iletebilirsiniz.
Kimlik doğrulama anahtarınız yalnızca bir kez görüntülenecek ve daha sonra tekrar erişilemeyecektir. Bu nedenle, anahtarı güvenli bir şekilde saklamanız önemlidir. Not almak veya güvenli bir parola yöneticisinde saklamak gibi uygun önlemler almanızı öneririz.
Bu anahtarlar, API'ye yetkilendirilmiş istekler göndermek için kullanılır ve kullanıcılara belirli bir güvenlik kimliği sağlar. API anahtarları, kullanıcıların MISP üzerinde belirli işlemleri otomatize etmelerine ve entegrasyonlar oluşturmalarına olanak tanır.
Rest Client Nedir?
REST Client, MISP API'yi etkili bir şekilde kullanmak için tasarlanmış bir araçtır. Bu araç, MISP platformuyla etkileşim kurmak için REST (Representational State Transfer) protokolünü kullanır ve bu sayede çeşitli güvenlik senaryolarında veri alışverişi yapmak için bir arabirim sunar.
REST client, Representational State Transfer (REST) prensiplerine uygun bir şekilde çalışan bir istemcidir. Bu istemci, bir RESTful web servisiyle etkileşim kurmak için HTTP protokolünü kullanır.
Kullanım senaryoları:
-
Veri Alma: MISP REST Client, MISP platformundan güncel tehdit bilgilerini almak için kullanılabilir. Tehdit istihbaratı paylaşımını güncel tutmak ve kuruluşun güvenlik durumunu izlemek için önemlidir.
-
Veri Gönderme: MISP REST Client, kuruluşun kendi tehdit istihbaratı verilerini MISP platformuna göndermesine olanak tanır. Kuruluşun kendi gözlemlerini diğer kuruluşlarla paylaşarak daha geniş bir tehdit görüşünü sağlamak için önemlidir.
-
Otomatik Analiz ve Uyarı: MISP REST Client, MISP platformundan alınan verileri otomatik olarak analiz ederek ve belirlenen kriterlere göre uyarılar oluşturarak güvenlik operasyonlarını otomatikleştirmek için kullanılabilir.
-
Entegrasyon: MISP REST Client, diğer güvenlik araçları ve sistemleriyle entegrasyon sağlamak için kullanılabilir. Bu, MISP platformunun güvenlik altyapısına kolayca entegre edilmesini ve çeşitli güvenlik araçlarının birlikte çalışmasını sağlar.
REST Client ile API İstekleri
-
Bookmarked Queries (Yer İmlenmiş Sorgular):
- Bookmarked Queries bölümü, daha önceden yapılan ve kullanıcı tarafından kaydedilmiş API sorgularını görüntülemek için kullanılır. Bu özellik, sıkça kullanılan sorguları kolayca erişilebilir bir konumda tutmak için kullanışlıdır.
-
Query History (Sorgu Geçmişi):
- Query History bölümü, daha önceden yapılan tüm API sorgularının geçmişini görüntülemek için kullanılır. Bu özellik, geçmişte yapılan sorguların takibini sağlar ve hata ayıklama veya tekrar kullanım için kullanıcıya referans oluşturur.
-
HTTP Method to Use (Kullanılacak HTTP Metodu):
- Bir API isteğinin hangi HTTP metodu kullanılarak yapılacağını belirler. Örneğin, GET, POST, PUT, DELETE gibi metotlardan biri seçilir. Bu, isteğin amacına ve API'nin desteklediği operasyonlara bağlıdır.
-
-
-
GET:
- GET metodu, bir kaynağın okunması için kullanılır. Sunucudan belirtilen kaynağı almak için kullanılır. Örneğin, bir web sayfasını veya bir dosyayı almak için GET isteği yapılır.
-
POST:
- POST metodu, bir kaynağa veri göndermek için kullanılır. Genellikle bir form gönderirken veya sunucuya veri kaydetmek için kullanılır. Örneğin, bir form doldurulduğunda ve gönderildiğinde, bu bilgiler POST isteğiyle sunucuya iletilir.
-
DELETE:
- DELETE metodu, bir kaynağı silmek veya kaldırmak için kullanılır. Belirtilen kaynağın sunucu tarafından silinmesini istemek için kullanılır. Örneğin, bir dosyanın veya kaydın silinmesi için DELETE isteği yapılır.
-
-
- Relative Path to Query (Sorgulanacak İlgili Yol):
- Bir isteğin gönderileceği URL'nin kök URL (Root URL)'ye göre konumunu belirten kısaltılmış bir yol ifadesidir. Bu, isteğin hangi endpoint'e yönlendirileceğini belirlemek için kullanılır. Göreceli yol (Relative Path), isteğin tam URL'sini oluşturmak için kök URL ile birleştirilir ve istenen endpoint veya kaynağın konumunu belirtir.
-
Bookmark Query (Sorguyu Yer İmleri Ekle):
- Bookmark Query özelliği, işaretlendiği takdirde oluşturulan bir sorgunun yer imlerine eklenmesini sağlar. Böylece, sıkça kullanılan veya önemli sorguların kolayca erişilebilir olmasını sağlar.
-
Show Result (Sonucu Göster):
- Show Result, API isteğinin sonucunun görüntülenmesini sağlar. işaretlendiği takdirde isteğin başarıyla tamamlanıp tamamlanmadığını ve alınan yanıtın içeriğini kullanıcıya gösterir.
-
Skip SSL Validation (SSL Doğrulamasını Atla):
- Skip SSL Validation özelliği, SSL sertifikası doğrulamasının atlanmasını sağlar. Bu, güvenli olmayan bir ortamda veya test amaçlı kullanımlarda gerekebilir, ancak genellikle tavsiye edilmez.
- HTTP Headers (HTTP Başlıkları):
-
HTTP headers, bir HTTP isteği veya yanıtı iletilirken kullanılan başlık alanlarıdır. Bu başlıklar, isteğin veya yanıtın ne olduğunu, nasıl işlendiğini ve ne tür veri içerdiğini belirtir. RESTful API'lerde, HTTP başlıkları önemli bilgiler içerebilir ve belirli işlevlerin gerçekleştirilmesini sağlar.
-
Sorgu oluşturucu butonuna tıklandığı zaman yeni bir alan açılır.
Kullanıcının daha karmaşık ve özelleştirilmiş sorgular oluşturmasına olanak tanıyan bir araçtır. Bu alanda kullanıcılar, isteklerini daha fazla filtrelemek veya belirli koşulları karşılayan verileri sorgulamak için kapsamlı sorgu kuralları oluşturabilirler.
Örneğin, bir kullanıcı belirli bir tarihten sonra oluşturulan etkinlikleri veya belirli bir tehdit seviyesine sahip olanları filtrelemek istiyorsa, query builder aracını kullanarak bu koşulları belirtebilirler. Ayrıca, bu araç sayesinde birden fazla koşulu birleştirerek daha karmaşık sorgular da oluşturulabilir.
Bu yeni alan, kullanıcılara API isteklerini daha esnek ve özelleştirilmiş bir şekilde oluşturma imkanı sunar ve istenen verilere daha doğru bir şekilde erişmelerini sağlar.
PyMISP ile Otomasyon
PyMISP - MISP'e Erişmek İçin Python Kütüphanesi
PyMISP, MISP platformlarına Python programlama dili aracılığıyla REST API'leri kullanarak erişim sağlayan bir kütüphanedir. Bu kütüphane, MISP platformları ile etkileşimi kolaylaştırır ve otomasyon için bir arayüz sunar.
PyMISP'nin Sağladığı Yetenekler:
PyMISP, MISP platformlarındaki olaylara ve verilere erişimi sağlar ve çeşitli işlemleri gerçekleştirmenizi sağlar. Bu yetenekler arasında şunlar bulunur:
- Etkinliklerin eklenmesi, alınması, güncellenmesi, yayımlanması ve silinmesi
- Etiketlerin eklenmesi veya kaldırılması
- Dosya özniteliklerinin eklenmesi: karma, kayıt defteri anahtarı, desenler, kanal, muteks
- Ağ özniteliklerinin eklenmesi: IP hedefi/kaynağı, ana bilgisayar adı, etki alanı, URL, UA, ...
- E-posta özniteliklerinin eklenmesi: kaynak, hedef, konu, ek, ...
- Örneklerin yüklenmesi/indirilmesi
- Görüntülenmelerin güncellenmesi
- Tekliflerin eklenmesi, düzenlenmesi, kabul edilmesi ve silinmesi
- Tam metin araması ve niteliklere göre arama
- STIX etkinliklerinin alınması
- İstatistiklerin dışa aktarılması ve daha fazlası (api.py dosyasına bakınız)
Kurulum:
PyMISP'yi pip kullanarak veya GitHub deposundan en son sürümü alarak yükleyebilirsiniz. Kurulum talimatlarına aşağıdaki şekillerde ulaşabilirsiniz:
- Pip ile kurulum:
pip install pymisp
- GitHub'dan en son sürümü yükleme:
git clone https://github.com/MISP/PyMISP.git && cd PyMISP
vepython setup.py install
PyMISP kütüphanesini kullanabilmek için MISP örneğinizde bir Kimlik Doğrulama Anahtarı'na ihtiyacınız olacaktır.
Başlarken:
PyMISP'yi kullanmaya başlamadan önce, MISP otomasyon anahtarınızı almanız gerekmektedir. Otomasyon anahtarınızı MISP web arayüzündeki otomasyon bölümünde veya profilinizde bulabilirsiniz.
PyMISP kütüphanesini kullanarak örnekler çalıştırmak için, git clone https://github.com/MISP/PyMISP.git
komutunu kullanarak depoyu klonlayabilir ve örnekler klasöründeki keys.py
dosyasını düzenleyerek MISP örneğinizin URL'sini ve otomasyon anahtarınızı belirtebilirsiniz.
PyMISP Kullanımı:
PyMISP'nin kullanımını daha iyi anlamak için mevcut örneklerden birine bakalım: add_named_attribute.py
. Bu komut dosyası, sadece türünü bildiğiniz bir özniteliği mevcut bir etkinliğe eklemenizi sağlar (kategori varsayılan olarak belirlenir).
API Endpoint ve Parametreleri
EndPoint ve Parametre Nedir?
Endpoint Nedir?
Endpointler, bir web servisinin belirli bir işlevselliğini veya kaynağını temsil eden URL'lerdir. MISP API'sindeki endpointler, MISP platformundaki verilere erişmek veya işlemleri gerçekleştirmek için kullanılır.
Örneğin, /events/get
endpointi, MISP platformundaki belirli bir etkinliği almak için kullanılır.
Parametreler Nedir?
Parametreler, bir endpointin çalıştırılmasını etkileyen veya belirli bir işlem için gerekli olan verilerdir. Endpointlere gönderilen parametreler, istenen işlemi belirler veya filtreleme yapar.
Örneğin, /events/get
endpointine eventId
parametresi göndererek, belirli bir etkinliği alabiliriz.
Analyst Data Parametreleri
Add Analyst Data:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
analystType | Evet | String (AnalystDataType) | Analist verisinin türünü belirtir. | "Note", "Opinion", "Relationship" |
analystObjectUUID | Evet | String <uuid> (UUID) | Analist verisinin eklenmek istendiği nesnenin benzersiz kimliği. | "c99506a6-1255-4b71-afa5-7b8ba48c3b1b" |
analystObjectType | Evet | Herhangi bir veri türü | Analist verisinin eklenmek istendiği nesnenin türünü belirtir. | "Event", "Attribute", "Object" gibi değerle |
Edit Analyst Data:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
analystType | Evet | String (AnalystDataType) | Analist verisinin türünü belirtir. | "Note", "Opinion", "Relationship" |
analystID | Evet | AnalystDataID (string) or UUID (string) | Analist verisinin benzersiz kimliği (UUID) veya sayısal kimliği (AnalystDataID). | "c99506a6-1255-4b71-afa5-7b8ba48c3b1b" veya "12345" |
Delete Analyst Data:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
analystType | Evet | String (AnalystDataType) | Analist verisinin türünü belirtir. | "Note", "Opinion", "Relationship" |
analystID | Evet | AnalystDataID (string) or UUID (string) | Analist verisinin benzersiz kimliği (UUID) veya sayısal kimliği (AnalystDataID). | "c99506a6-1255-4b71-afa5-7b8ba48c3b1b" veya "12345" |
List Analyst Data:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
analystType | Evet | String (AnalystDataType) | Analist verisinin türünü belirtir. | "Note", "Opinion", "Relationship" |
Get Analyst Data by ID:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
analystType | Evet | String (AnalystDataType) | Analist verisinin türünü belirtir. | "Note", "Opinion", "Relationship" |
analystID | Evet | AnalystDataID (string) or UUID (string) | Analist verisinin benzersiz kimliği (UUID) veya sayısal kimliği (AnalystDataID). | "c99506a6-1255-4b71-afa5-7b8ba48c3b1b" veya "12345" |
Attribute Parametreleri
"Attribute" Kaynağını Aramak:
Request Body Şeması:
Parametre | Gerekli | Veri Türü | Maksimum Uzunluk | Açıklama | Örnek |
---|---|---|---|---|---|
page | - | integer or null <int32> | - | Sayfa numarası veya null | 1 |
limit | - | integer or null <int32> | - | Sorgunun maksimum sonuç sayısı veya null | 10 |
value | - | string (AttributeValue) | <= 131071 | Değer | "example_value" |
value1 | - | string (AttributeValue) | <= 131071 | Değer 1 | "example_value1" |
value2 | - | string (AttributeValue) | <= 131071 | Değer 2 | "example_value2" |
type | - | string (AttributeType) | <= 100 | Tür | "md5", "sha1", "filename", vb. |
category | - | string (AttributeCategory) | <= 255 | Kategori | "Internal reference", "Targeting data", vb. |
org | - | OrganisationId (string) or OrganisationName (string) | - | Kuruluş ID'si veya adı | "example_org_id" veya "example_org_name" |
tags | - | Array of strings or null (TagsRestSearchFilter) | - | Etiketler veya null | ["tag1", "tag2"] |
from | - | string or null (DateRestSearchFilter) | - | Zaman damgası veya null | "2024-04-01T00:00:00Z" |
to | - | string or null (DateRestSearchFilter) | - | Zaman damgası veya null | "2024-04-10T23:59:59Z" |
last | - | (integer or null) or (string or null) (LastRestSearchFilter) | - | Son zaman dilimi | "5d", "12h", "2024-04-01T00:00:00Z" |
eventid | - | string (EventId) | <= 10 | Olay ID'si | "1234567890" |
withAttachments | - | boolean (WithAttachmentsRestSearchFilter) | - | Ekleri içerir mi? | true, false |
uuid | - | string <uuid> (UUID) | <= 36 | UUID | "c99506a6-1255-4b71-afa5-7b8ba48c3b1b" |
publish_timestamp | - | string (Timestamp) | - | Yayımlanma zaman damgası | "1618234400" (UNIX zaman damgası) |
published | - | boolean (PublishedFlag) | - | Yayımlandı mı? | true, false |
timestamp | - | string (Timestamp) | - | Zaman damgası | "1618234400" (UNIX zaman damgası) |
attribute_timestamp | - | string (Timestamp) | - | Nitelik zaman damgası | "1618234400" (UNIX zaman damgası) |
enforceWarninglist | - | boolean or null (EnforceWarninglistRestSearchFilter) | - | Uyarı listesi zorunlu mu? | true, false, null |
to_ids | - | boolean or null (ToIDSRestSearchFlag) | - | IDS'ye mi gönderilsin? | true, false, null |
deleted | - | boolean (SoftDeletedFlagValuesToInclude) | - | Silinmiş öznitelikler içersin mi? | true, false |
event_timestamp | - | string (Timestamp) | - | Olay zaman damgası | "1618234400" (UNIX zaman damgası) |
threat_level_id | - | string (ThreatLevelId) | - | Tehdit seviyesi | "1", "2", "3", "4" |
eventinfo | - | string | - | Olay hakkında hızlı açıklama | "example_event_info" |
sharinggroup | - | Array of strings or null (SharingGroupIDRestSearchFilter) | - | Paylaşım grubu ID'leri veya null | ["group_id1", "group_id2"] |
decayingModel | - | string (DecayingModelRestSearchFilter) | - | Bozulma modeli | "example_decaying_model" |
score | - | string (DecayingModelScoreRestSearchFilter) | - | Puan | "example_score" |
first_seen | - | string | - | İlk görülme zamanı | "2024-04-01T00:00:00Z" |
last_seen | - | string | - | Son görülme zamanı | "2024-04-10T23:59:59Z" |
includeEventUuid | - | boolean (IncludeEventUUIDRestSearchFlag) | - | Etkinlik UUID'lerini içerir mi? | true, false |
includeEventTags | - | boolean (IncludeEventTagsRestSearchFlag) | - | Etkinlik etiketlerini içerir mi? | true, false |
includeProposals | - | boolean (IncludeProposalsRestSearchFlag) | - | Önerileri içerir mi? | true, false |
requested_attributes | - | Array of strings (RequestedAttributesRestSearchFilter) | - | İstenen öznitelikler | ["attribute1", "attribute2"] |
includeContext | - | boolean or null (IncludeContextRestSearchFlag) | - | Bağlamı içerir mi? | true, false, null |
headerless | - | boolean or null (HeaderlessRestSearchFlag) | - | Başlıksız olacak mı? | true, false, null |
includeWarninglistHits | - | boolean or null (IncludeWarninglistHitsRestSearchFlag) | - | Uyarı listesi eşleşmeleri içerir mi? | true, false, null |
attackGalaxy | - | string or null (AttackGalaxyRestSearchFilter) | - | Saldırı galaksisi | "example_attack_galaxy" |
object_relation | - | string or null (ObjectRelationRestSearchFilter) | - | Nesne ilişkisi | "example_object_relation" |
includeSightings | - | boolean or null (IncludeSightingDbRestSearchFlag) | - | Görüntülerle birlikte mi? | true, false, null |
includeCorrelations | - | boolean or null (IncludeCorrelationsRestSearchFlag) | - | Korelasyonları içerir mi? | true, false, null |
modelOverrides | - | object (ModelOverridesRestSearchFilter) | - | Model geçersiz kılma | "example_model_overrides" |
includeDecayScore | - | boolean (IncludeDecayScoreRestSearchFlag) | - | Bozulma puanını içerir mi? | true, false |
includeFullModel | - | boolean (IncludeFullModelRestSearchFlag) | - | Tam modeli içerir mi? | true, false |
excludeDecayed | - | boolean (ExcludeDecayedRestSearchFlag) | - | Bozulmuş öğeleri hariç tutar mı? | true, false |
returnFormat | - | string (AttributesRestSearchReturnFormat) | - | Yanıt biçimi | "json", "xml", "csv", vb. |
Add an Attribute:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
eventId | Evet | EventId (string) or UUID (string) | Olayın benzersiz kimliği (UUID) veya sayısal kimliği (EventId) | "c99506a6-1255-4b71-afa5-7b8ba48c3b1b" veya "12345" |
Request Body Şeması:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
event_id | Evet | string (EventId) | Olayın benzersiz kimliği (En fazla 10 karakter) | "1234567890" |
object_id | Evet | string (ObjectId) | Nesne ID'si (En fazla 10 karakter) | "9876543210" |
object_relation | - | string or null (NullableObjectRelation) | Nesne ilişkisi (En fazla 255 karakter) | "example_relation" |
category | - | string (AttributeCategory) | Kategori (En fazla 255 karakter) | "Internal reference" |
type | - | string (AttributeType) | Tür (En fazla 100 karakter) | "md5", "sha1", vb. |
value | - | string (AttributeValue) | Değer (En fazla 131071 karakter) | "example_value" |
to_ids | - | boolean (ToIDS) | IDS'ye gönderilsin mi? (Varsayılan: true) | true, false |
uuid | - | string <uuid> (UUID) | UUID (En fazla 36 karakter) | "c99506a6-1255-4b71-afa5-7b8ba48c3b1b" |
timestamp | - | string or null (NullableTimestamp) | Zaman damgası (^\d+$ | ^$) (Varsayılan: "0") |
distribution | - | string (DistributionLevelId) | Dağıtım seviyesi (Enum: "0" "1" "2" "3" "4" "5") | "3" |
sharing_group_id | - | string or null (SharingGroupId) | Paylaşım grubu ID'si (^\d+$ | ^$) (En fazla 10 karakter) |
comment | - | string (AttributeComment) | Yorum (En fazla 65535 karakter) | "example_comment" |
deleted | - | boolean (SoftDeletedFlag) | Silinmiş mi? (Varsayılan: false) | true, false |
disable_correlation | - | boolean (DisableCorrelationFlag) | Korelasyonu devre dışı bırak (Varsayılan: false) | true, false |
first_seen | - | string or null (NullableMicroTimestamp) | İlk görülme zamanı (^\d+$ | ^$) (Varsayılan: null) |
last_seen | - | string or null (NullableMicroTimestamp) | Son görülme zamanı (^\d+$ | ^$) (Varsayılan: null) |
Edit an Attribute:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
attributeId | Evet | AttributeId (string) or UUID (string) | Özniteliğin benzersiz kimliği (UUID) veya sayısal kimliği (AttributeId) | "c99506a6-1255-4b71-afa5-7b8ba48c3b1b" veya "12345" |
Request Body Şeması:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
id | Evet | string (AttributeId) | Öznitelik ID'si (En fazla 10 karakter, sadece sayılar içermeli) | "1234567890" |
event_id | Evet | string (EventId) | Olay ID'si (En fazla 10 karakter, sadece sayılar içermeli) | "1234567890" |
object_id | Evet | string (ObjectId) | Nesne ID'si (En fazla 10 karakter, sadece sayılar içermeli) | "1234567890" |
object_relation | - | string or null (NullableObjectRelation) | Nesne ilişkisi (En fazla 255 karakter) | "example_relation" |
category | - | string (AttributeCategory) | Kategori (En fazla 255 karakter) | "Internal reference" |
type | - | string (AttributeType) | Tür (En fazla 100 karakter) | "md5", "sha1", vb. |
value | - | string (AttributeValue) | Değer (En fazla 131071 karakter) | "example_value" |
to_ids | - | boolean (ToIDS) | IDS'ye gönderilsin mi? (Varsayılan: true) | true, false |
uuid | - | string <uuid> (UUID) | UUID (En fazla 36 karakter) | "c99506a6-1255-4b71-afa5-7b8ba48c3b1b" |
timestamp | - | string or null (NullableTimestamp) | Zaman damgası (^\d+$ | ^$) (Varsayılan: "0") |
distribution | - | string (DistributionLevelId) | Dağıtım seviyesi (Enum: "0" "1" "2" "3" "4" "5") | "3" |
sharing_group_id | - | string or null (SharingGroupId) | Paylaşım grubu ID'si (^\d+$ | ^$) (En fazla 10 karakter) |
comment | - | string (AttributeComment) | Yorum (En fazla 65535 karakter) | "example_comment" |
deleted | - | boolean (SoftDeletedFlag) | Silinmiş mi? (Varsayılan: false) | true, false |
disable_correlation | - | boolean (DisableCorrelationFlag) | Korelasyonu devre dışı bırak (Varsayılan: false) | true, false |
first_seen | - | string or null (NullableMicroTimestamp) | İlk görülme zamanı (^\d+$ | ^$) (Varsayılan: null) |
last_seen | - | string or null (NullableMicroTimestamp) | Son görülme zamanı (^\d+$ | ^$) (Varsayılan: null) |
Delete an Attribute:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
attributeId | Evet | AttributeId (string) or UUID (string) | Öznitelik ID'si (En fazla 10 karakter, sadece sayılar içermeli) veya benzersiz kimliği (UUID) | "c99506a6-1255-4b71-afa5-7b8ba48c3b1b" veya "12345" |
Restore an Attribute:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
attributeId | Evet | AttributeId (string) or UUID (string) | Öznitelik kimliği (En fazla 10 karakter, sadece sayılar içermeli) veya benzersiz kimlik (UUID) | "c99506a6-1255-4b71-afa5-7b8ba48c3b1b" veya "12345" |
Add a Tag to an Attribute:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
attributeId | Evet | AttributeId (string) or UUID (string) | Öznitelik kimliği (En fazla 10 karakter, sadece sayılar içermeli) veya benzersiz kimlik (UUID) | "c99506a6-1255-4b71-afa5-7b8ba48c3b1b" veya "12345" |
tagId | Evet | string (TagId) | Etiket kimliği (En fazla 10 karakter, sadece sayılar içermeli) | "12345" |
local | - | integer <int32> | Yerel ekleme (En fazla 1 karakter) (Varsayılan: 0) | 0, 1 |
Remove a tag from an attribute:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
attributeId | Evet | AttributeId (string) or UUID (string) | Öznitelik kimliği (En fazla 10 karakter, sadece sayılar içermeli) veya benzersiz kimlik (UUID) | "c99506a6-1255-4b71-afa5-7b8ba48c3b1b" veya "12345" |
tagId | Evet | string (TagId) | Etiket kimliği (En fazla 10 karakter, sadece sayılar içermeli) | "12345" |
Get an attribute by ID:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
attributeId | Evet | AttributeId (string) or UUID (string) | Öznitelik kimliği (En fazla 10 karakter, sadece sayılar içermeli) veya benzersiz kimlik (UUID) | "c99506a6-1255-4b71-afa5-7b8ba48c3b1b" veya "12345" |
Get the count of attributes per category:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
context | Evet | string | İstatistiklerin bağlamı. | "type" veya "category" |
percentage | Evet | integer | Yüzdelik dilim. 0: Öznitelik sayısını göstermek için, 1: Yüzdeleri göstermek için. | 0 veya 1 |
Event Parametreleri
"Event" Kaynağını Aramak:
Request Body Şeması:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
page | Opsiyonel | integer or null <int32> | 1'den büyük bir tamsayı. | 1 veya null |
limit | Opsiyonel | integer or null <int32> | 0'dan büyük veya null. | 10 veya null |
value | Opsiyonel | string | 131071 karaktere kadar olan bir dize. | "sample_value" |
type | Opsiyonel | string | 100 karaktere kadar olan bir dize. | "md5" |
category | Opsiyonel | string | 255 karaktere kadar olan bir dize. | "Internal reference" |
org | Opsiyonel | OrganisationId (string) or OrganisationName (string) | Organizasyon kimliği veya adı. | "org_id" veya "org_name" |
tags | Opsiyonel | Array of strings or null | Dize dizisi veya null. | ["tag1", "tag2"] veya null |
event_tags | Opsiyonel | Array of strings or null | Dize dizisi veya null. | ["event_tag1", "event_tag2"] veya null |
searchall | Opsiyonel | string | Etiket adları, etkinlik açıklamaları, öznitelik değerleri veya öznitelik yorumlarıyla eşleşen olayları arama. | "search_value" |
from | Opsiyonel | string or null | Geçerli zaman filtreleri kullanılabilir. | "2024-01-01" veya null |
to | Opsiyonel | string or null | Geçerli zaman filtreleri kullanılabilir. | "2024-12-31" veya null |
last | Opsiyonel | integer or string or null | Son x zaman içinde yayımlanan etkinlikler. | 7 veya "7d" veya null |
eventid | Opsiyonel | string | 10 karakterden az olan bir dize. | "12345" |
withAttachments | Opsiyonel | boolean | Varsa eklerin base64 temsiliyle genişletir. | true veya false |
sharinggroup | Opsiyonel | Array of strings or null | Paylaşım grubu ID(ler)i. | ["sg_id1", "sg_id2"] veya null |
metadata | Opsiyonel | boolean or null | Belirtilen sorgu kapsamının metadatasını sadece döndürür, içerilen veri atlanır. | true, false veya null |
uuid | Opsiyonel | string <uuid> | 36 karakterden az olan bir dize. | "uuid_value" |
publish_timestamp | Opsiyonel | string | ^\d+$ | "timestamp_value" |
timestamp | Opsiyonel | string | ^\d+$ | "timestamp_value" |
published | Opsiyonel | boolean | false | true veya false |
enforceWarninglist | Opsiyonel | boolean or null | Uyarı listesinin zorunlu olup olmayacağını belirtir. Eşleşen öznitelikler için engellenmiş alan ekler. | true, false veya null |
sgReferenceOnly | Opsiyonel | boolean | Yalnızca paylaşım grubu kimliğini döndürür. | true veya false |
requested_attributes | Opsiyonel | Array of strings | CSV dışa aktarmada seçilecek özelliklerin listesi. | ["attr1", "attr2"] |
includeContext | Opsiyonel | boolean or null | CSV dışa aktarmada etkinliklerin bağlam alanlarını ekler. | true, false veya null |
headerless | Opsiyonel | boolean or null | CSV dışa aktarmada başlığı kaldırır. | true, false veya null |
includeWarninglistHits | Opsiyonel | boolean or null | true, false veya null | true, false veya null |
attackGalaxy | Opsiyonel | string or null | true, false veya null | true, false veya null |
to_ids | Opsiyonel | boolean | true | true veya false |
deleted | Opsiyonel | boolean | false | true veya false |
excludeLocalTags | Opsiyonel | boolean or null | true, false veya null | true, false veya null |
date | Opsiyonel | string or null | true, false veya null | true, false veya null |
includeSightingdb | Opsiyonel | boolean or null | true, false veya null | true, false veya null |
tag | Opsiyonel | string | 255 karakterden az olan bir dize. | "tag_name" |
object_relation | Opsiyonel | string or null | Öznitelik nesne ilişki değerine göre filtreleme. | "relation_value" veya null |
threat_level_id | Opsiyonel | string | Tehdit seviyesini temsil eder. | "1" "2" "3" "4" |
returnFormat | Opsiyonel | string | Yanıt yükü biçimi. | "json" veya "csv" |
Add event:
Request Body Şeması:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
org_id | Opsiyonel | string | 10 karakterden az olan bir dize. | "org_id" |
distribution | Opsiyonel | string | Dağıtım seviyesi kimin etkinliği görebileceğini belirtir. | "0" "1" "2" "3" "4" "5" |
info | Opsiyonel | string | 65535 karaktere kadar olan bir dize. | "event_info" |
orgc_id | Opsiyonel | string | 10 karakterden az olan bir dize. | "orgc_id" |
uuid | Opsiyonel | string <uuid> | 36 karakterden az olan bir dize. | "uuid_value" |
date | Opsiyonel | string | Tarih dizesi. | "2024-01-01" |
published | Opsiyonel | boolean | false | true veya false |
analysis | Opsiyonel | string | Analiz olgunluk seviyesini temsil eder. | "0" "1" "2" |
attribute_count | Opsiyonel | string | ^\d+$ | "10" |
timestamp | Opsiyonel | string or null | ^\d+$ veya null | "timestamp_value" veya null |
sharing_group_id | Opsiyonel | string or null | 10 karakterden az olan bir dize veya null. | "sg_id" veya null |
proposal_email_lock | Opsiyonel | boolean | true veya false | true veya false |
locked | Opsiyonel | boolean | true veya false | true veya false |
threat_level_id | Opsiyonel | string | Tehdit seviyesini temsil eder. | "1" "2" "3" "4" |
publish_timestamp | Opsiyonel | string | ^\d+$ | "timestamp_value" |
sighting_timestamp | Opsiyonel | string | ^\d+$ | "timestamp_value" |
disable_correlation | Opsiyonel | boolean | Default: false | true veya false |
extends_uuid | Opsiyonel | string or null | 36 karakterden az olan bir dize veya null. | "extends_uuid_value" veya null |
event_creator_email | Opsiyonel | string <email> | Etkinlik oluşturucu e-posta adresi. | "example@example.com" |
Edit event:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
eventId | Zorunlu | string | 10 karakterden az olan bir dize. | "eventId" |
Request Body Şeması:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
org_id | Opsiyonel | string (OrganisationId) | 10 karakterden az olan bir dize, sadece rakamlar içerebilir. | "1234567890" |
distribution | Opsiyonel | string (DistributionLevelId) | Dağıtım seviyesini belirten bir dize. 0 ile 5 arasında bir değer alabilir. | "2" |
info | Opsiyonel | string | Olay hakkında bilgi içeren bir dize. | "Bu bir test olayıdır." |
orgc_id | Opsiyonel | string (OrganisationId) | 10 karakterden az olan bir dize, sadece rakamlar içerebilir. | "9876543210" |
uuid | Opsiyonel | string <uuid> | En fazla 36 karakter içeren bir UUID dizesi. | "550e8400-e29b-41d4-a716-446655440000" |
date | Opsiyonel | string | Tarih bilgisini içeren bir dize. | "2024-04-12" |
published | Opsiyonel | boolean (PublishedFlag) | Olayın yayımlanıp yayımlanmadığını belirten bir boolean değer. | true |
analysis | Opsiyonel | string (AnalysisLevelId) | Analiz olgunluk seviyesini belirten bir dize. | "1" |
attribute_count | Opsiyonel | string (EventAttributeCount) | Olaya bağlı öznitelik sayısını belirten bir dize. | "5" |
timestamp | Opsiyonel | string or null (NullableTimestamp) | Zaman damgasını içeren bir dize veya null değer. | "1649252400" |
sharing_group_id | Opsiyonel | string or null (SharingGroupId) | 10 karakterden az olan bir dize veya null değer, sadece rakamlar içerebilir. | "1234567890" |
proposal_email_lock | Opsiyonel | boolean (EventProposalEmailLock) | Öneri e-postası kilidinin açık veya kapalı olup olmadığını belirten bir boolean değer. | false |
locked | Opsiyonel | boolean (IsLocked) | Kilidin açık veya kapalı olup olmadığını belirten bir boolean değer. | true |
threat_level_id | Opsiyonel | string (ThreatLevelId) | Tehdit seviyesini belirten bir dize. | "3" |
publish_timestamp | Opsiyonel | string (Timestamp) | Yayımlama zaman damgasını içeren bir dize. | "1649252400" |
sighting_timestamp | Opsiyonel | string (Timestamp) | Görünme zaman damgasını içeren bir dize. | "1649252400" |
disable_correlation | Opsiyonel | boolean (DisableCorrelationFlag) | Korelasyonun etkin veya etkisiz olup olmadığını belirten bir boolean değer. | true |
extends_uuid | Opsiyonel | string or null (ExtendsUUID) | En fazla 36 karakter içeren bir UUID dizesi veya null değer. | "550e8400-e29b-41d4-a716-446655440000" |
event_creator_email | Opsiyonel | string <email> | Olayın oluşturulduğu e-posta adresi. | "example@example.com" |
Delete event:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
eventId | Gerekli | string | Olayın benzersiz kimliği, ya bir dize ya da UUID olarak ifade edilebilir. | "123456" veya "550e8400-e29b-41d4-a716-446655440000" |
Search events:
Request Body Şeması:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
page | Opsiyonel | integer or null | Sorgunun başlayacağı sayfa numarası. 1'den büyük olmalı. | 1 veya null |
limit | Opsiyonel | integer or null | Sayfa başına dönecek maksimum öğe sayısı. 0 veya daha büyük olmalı. | 10 veya null |
sort | Opsiyonel | string or null | Sonuçları sıralamak için kullanılacak alan. | "date" veya null |
direction | Opsiyonel | string or null | Sıralama yönü. "asc" (artan) veya "desc" (azalan). Varsayılan: "asc". | "asc" veya null |
minimal | Opsiyonel | boolean or null | Varsayılan: false. Sadece attributeCount > 0 olan olayların minimal bir sürümünü döndürür. | true veya null |
attribute | Opsiyonel | string or null | Verilen dizeyle eşleşen öznitelik değerlerine göre olayları filtreler. | "vulnerability" veya null |
eventid | Opsiyonel | string | Olay kimliği. | "123456" |
datefrom | Opsiyonel | string or null | Olay oluşturulma tarihi belirtilen tarihten büyük veya eşit olmalıdır. | "2024-01-01" veya null |
dateuntil | Opsiyonel | string or null | Olay oluşturulma tarihi belirtilen tarihten küçük veya eşit olmalıdır. | "2024-03-31" veya null |
org | Opsiyonel | string or null | Olayı oluşturan kuruluş adına göre olayları filtreler. | "ABC Corp" veya null |
eventinfo | Opsiyonel | string or null | Olay bilgisi metni ile eşleşen olayları filtreler. | "suspicious activity" veya null |
tag | Opsiyonel | string | Belirtilen etiket adlarından herhangi biriyle eşleşen olayları filtreler. | "malware" |
tags | Opsiyonel | array of strings or null | Belirtilen etiket adlarından herhangi biriyle eşleşen olayları filtreler. | ["malware", "phishing"] veya null |
distribution | Opsiyonel | string | Olayın yayımlanmasının ve sonunda çekilmesinin kimler tarafından görülebileceğini belirtir. | "1" |
sharinggroup | Opsiyonel | string or null | Paylaşım grubu kimliği. | "123456" veya null |
analysis | Opsiyonel | string | Analiz olgunluk seviyesini temsil eder. | "2" |
threatlevel | Opsiyonel | string | Tehdit seviyesini temsil eder. | "1" |
Opsiyonel | string or null | Olay oluşturan kullanıcı e-postasıyla eşleşen olayları filtreler. | "user@example.com" veya null | |
hasproposal | Opsiyonel | string or null | Değişiklik önerileri içeren özniteliklere sahip olayları kontrol eder. Olası değerler: 0, 1. | "1" veya null |
timestamp | Opsiyonel | string or null | Olay zaman damgası belirtilen tarihten büyük veya eşit olmalıdır. | "1648860516" veya null |
publish_timestamp | Opsiyonel | string or null | Olayın yayımlanma zaman damgası belirtilen tarihten büyük veya eşit olmalıdır. | "1648860516" veya null |
searchDatefrom | Opsiyonel | string or null | Tarihe göre filtreler, belirtilen tarihten daha yeni her şey alınır. YYYY-MM-DD biçiminde. | "2024-01-01" veya null |
searchDateuntil | Opsiyonel | string or null | Tarihe göre filtreler, belirtilen tarihten daha eski her şey alınır. YYYY-MM-DD biçiminde. | "2024-03-31" veya null |
Get event by ID:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
eventId | Gerekli | string | Olayın benzersiz kimliği, ya bir dize ya da UUID olarak ifade edilebilir. | "123456" veya "550e8400-e29b-41d4-a716-446655440000" |
Publish an event:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
eventId | Gerekli | string | Olayın benzersiz kimliği, ya bir dize ya da UUID olarak ifade edilebilir. | "123456" veya "550e8400-e29b-41d4-a716-446655440000" |
Unpublish an event:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
eventId | Gerekli | string | Olayın benzersiz kimliği, ya bir dize ya da UUID olarak ifade edilebilir. | "123456" veya "550e8400-e29b-41d4-a716-446655440000" |
Add event tag:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
eventId | Gerekli | string | Olayın benzersiz kimliği, ya bir dize ya da UUID olarak ifade edilebilir. | "123456" veya "550e8400-e29b-41d4-a716-446655440000" |
tagId | Gerekli | string | Sayısal bir kimliği temsil eden etiket kimliği. | "12345" |
local | Opsiyonel | integer | Hedefe yerel olarak eklenip eklenmeyeceğini belirler. | 0 veya 1 (Varsayılan değer: 0) |
Remove event tag:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
eventId | Gerekli | string | Olayın benzersiz kimliği, ya bir dize ya da UUID olarak ifade edilebilir. | "123456" veya "550e8400-e29b-41d4-a716-446655440000" |
tagId | Gerekli | string | Etiketin sayısal bir kimliğini temsil eder. | "12345" |
Galaxy Parametreleri
Get galaxy by ID:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
galaxyId | Gerekli | string | Galaksinin benzersiz kimliği, ya bir dize ya da UUID olarak ifade edilebilir. | "7890" veya "550e8400-e29b-41d4-a716-446655440000" |
Delete a galaxy:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
galaxyId | Gerekli | string | Galaksinin benzersiz kimliği, ya bir dize ya da UUID olarak ifade edilebilir. | "7890" veya "550e8400-e29b-41d4-a716-446655440000" |
Import a galaxy cluster:
Request Body Şeması:
GalaxyCluster:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
uuid | string <uuid> (UUID) <= 36 chars | Galaxy kümesi kimliği | "550e8400-e29b-41d4-a716-446655440000" | |
collection_uuid | string <uuid> (UUID) <= 36 chars | Toplama kimliği | "550e8400-e29b-41d4-a716-446655440000" | |
type | string (GalaxyClusterType) <= 255 chars | Galaxy kümesi türü | "Cluster Type" | |
value | string (GalaxyClusterValue) <= 65535 chars | Galaxy kümesi değeri | "Cluster Value" | |
tag_name | string (TagName) <= 255 chars | Etiket adı | "Tag Name" | |
description | string (GalaxyClusterDescription) <= 65535 chars | Galaxy kümesi açıklaması | "Cluster Description" | |
galaxy_id | string (GalaxyId) <= 10 chars | Galaxy kimliği | "123456" | |
source | string (GalaxyClusterSource) <= 255 chars | Kaynak bilgisi | "Cluster Source" | |
authors | Array of strings | Yazarlar | ["Author 1", "Author 2"] | |
version | string or null | Sürüm bilgisi | "1.0.0" | |
distribution | string (DistributionLevelId) | Dağıtım düzeyi | "2" | |
sharing_group_id | string or null | Paylaşım grubu kimliği | "123456" | |
org_id | string (OrganisationId) <= 10 chars | Organizasyon kimliği | "123456" | |
orgc_id | string (OrganisationId) <= 10 chars | Organizasyon kategori kimliği | "123456" | |
default | boolean | Varsayılan mı? | true | |
locked | boolean | Kilitli mi? | false | |
extends_uuid | string or null | Genişletilmiş sürüm kimliği | "550e8400-e29b-41d4-a716-446655440000" | |
extends_version | string or null | Genişletilmiş sürüm bilgisi | "1.0.0" | |
published | boolean | Yayınlandı mı? | true | |
deleted | boolean | Silindi mi? | false | |
GalaxyElement | Array of objects | Galaxy öğeleri |
Galaxy:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
uuid | string <uuid> (UUID) <= 36 | Galaxy kimliği | "550e8400-e29b-41d4-a716-446655440000" |
Export galaxy clusters:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
galaxyId | Evet | string or UUID | Galaksinin benzersiz kimliği | "12345" veya "550e8400-e29b-41d4-a716-446655440000" |
Request Body Şeması:
Galaxy:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
default | Opsiyonel | boolean | true, default=true olan galaxy kümelerini filtrelemek için kullanılır. | true |
custom | Opsiyonel | boolean | true, default=false olan galaxy kümelerini filtrelemek için kullanılır. | false |
distribution | Opsiyonel | string | Dağıtım seviyesini belirler. | "0" |
format | Opsiyonel | string | Sonucun formatını belirler. "misp-galaxy" formatında sonuç almak için kullanılır. | "default" veya "misp-galaxy" |
download | Opsiyonel | boolean | true, yanıtı bir json dosyası olarak indirmek için kullanılır. | true veya false |
Attach the galaxy cluster tag a given entity:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
attachTargetId | Gerekli | string | Hedef varlığın (Olay, Öznitelik veya Etiket Koleksiyonu) benzersiz kimliği. | "123456" veya "550e8400-e29b-41d4-a716-446655440000" |
attachTargetType | Gerekli | string | Eklemek istediğiniz varlık türü. | "event", "attribute" veya "tag_collection" |
local | Opsiyonel | integer | Hedefe yerel olarak eklenip eklenmeyeceğini belirler. | 0 veya 1 |
Request Body Şeması:
Galaxy:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
target_id | Gerekli | integer | Eklemek istediğiniz hedef galaksi kümesi. | 12345 |
Galaxy Cluster Parametreleri
Add galaxy cluster:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
galaxyId | Gerekli | string | Galaksinin benzersiz kimliği, ya bir dize ya da UUID olarak ifade edilebilir. | "123456" veya "550e8400-e29b-41d4-a716-446655440000" |
Request Body Şeması:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
id | Evet | string (GalaxyClusterId) | Galaksi Kümesinin benzersiz kimliği. Maksimum 10 karakterdir ve yalnızca rakamlardan oluşabilir. | "12345" |
uuid | string <uuid> (UUID) | Galaksi Kümesinin evrensel benzersiz kimliği. Maksimum 36 karakterdir. | "550e8400-e29b-41d4-a716-446655440000" | |
collection_uuid | string <uuid> (UUID) | Küme koleksiyonunun evrensel benzersiz kimliği. Maksimum 36 karakterdir. | "550e8400-e29b-41d4-a716-446655440001" | |
type | string | Galaksi Kümesinin türü. Maksimum 255 karakterdir. | "type" | |
value | string | Galaksi Kümesinin değeri. Maksimum 65535 karakterdir. | "value" | |
tag_name | string (TagName) | Etiketin adı. Maksimum 255 karakterdir. | "tag" | |
description | string | Galaksi Kümesinin açıklaması. Maksimum 65535 karakterdir. | "description" | |
galaxy_id | Evet | string (GalaxyId) | Galaksinin benzersiz kimliği. Maksimum 10 karakterdir ve yalnızca rakamlardan oluşabilir. | "123456" |
source | string | Galaksi Kümesinin kaynağı. Maksimum 255 karakterdir. | "source" | |
authors | Array of strings | Galaksi Kümesinin yazarları. | ["author1", "author2"] | |
version | string or null | Galaksi Kümesinin sürümü. Maksimum 255 karakterdir. | "1.0" | |
distribution | string (DistributionLevelId) | Olayın yayılma düzeyi. 0-5 arasında bir değer alabilir. | "0" | |
sharing_group_id | string or null (SharingGroupId) | Paylaşım grubunun benzersiz kimliği. Maksimum 10 karakterdir ve yalnızca rakamlardan oluşabilir. | "123" | |
org_id | string (OrganisationId) | Organizasyonun benzersiz kimliği. Maksimum 10 karakterdir ve yalnızca rakamlardan oluşabilir. | "456" | |
orgc_id | string (OrganisationId) | Organizasyonun benzersiz kimliği. Maksimum 10 karakterdir ve yalnızca rakamlardan oluşabilir. | "789" | |
default | boolean | Varsayılan olup olmadığını belirtir. | true | |
locked | boolean | Kilidin açık olup olmadığını belirtir. | false | |
extends_uuid | string or null | Genişletilen kümenin evrensel benzersiz kimliği. Maksimum 36 karakterdir. | "550e8400-e29b-41d4-a716-446655440002" | |
extends_version | string or null | Genişletilen kümenin sürümü. Maksimum 255 karakterdir. | "1.1" | |
published | boolean | Yayınlanıp yayınlanmadığını belirtir. | true | |
deleted | boolean | Silinip silinmediğini belirtir. | false | |
GalaxyElement | Array of objects | Galaksi öğeleri. | - |
Edit galaxy cluster:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
galaxyClusterId | Evet | string (GalaxyClusterId) | Galaksi Kümesinin benzersiz kimliği. | "12345" |
Request Body Şeması:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
id | Evet | string (GalaxyClusterId) | Galaksi Kümesinin benzersiz kimliği. | "123" |
uuid | string <uuid> (UUID) <= 36 chars | Galaxy Kümesi için UUID. | "550e8400-e29b-41d4-a716-446655440000" | |
collection_uuid | string <uuid> (UUID) <= 36 chars | Küme UUID'si. | "550e8400-e29b-41d4-a716-446655440000" | |
type | string (GalaxyClusterType) | Galaxy Kümesi türü. | "type" | |
value | string (GalaxyClusterValue) | Galaxy Kümesinin değeri. | "value" | |
tag_name | string (TagName) | Etiket adı. | "tag" | |
description | string (GalaxyClusterDescription) | Galaxy Kümesinin açıklaması. | "description" | |
galaxy_id | string (GalaxyId) <= 10 chars | Galaxy kimliği. | "123" | |
source | string (GalaxyClusterSource) | Kaynak bilgisi. | "source" | |
authors | Array of strings | Yazarlar. | ["author1", "author2"] | |
version | string or null | Versiyon numarası. | "1.0" | |
distribution | string (DistributionLevelId) | Dağıtım seviyesi. | "0" | |
sharing_group_id | string or null | Paylaşım grubu kimliği. | "123" | |
org_id | string (OrganisationId) <= 10 chars | Organizasyon kimliği. | "123" | |
orgc_id | string (OrganisationId) <= 10 chars | Organizasyonun bağlı olduğu kimlik. | "123" | |
default | boolean | Varsayılan mı? | true | |
locked | boolean | Kilitli mi? | true | |
extends_uuid | string or null | Uzatma UUID'si. | "550e8400-e29b-41d4-a716-446655440000" | |
extends_version | string or null | Uzatma sürümü. | "1.0" | |
published | boolean | Yayınlandı mı? | true | |
deleted | boolean | Silinmiş mi? | false | |
GalaxyElement | Array of objects | Galaxy Elemanları. | [{...}] |
Get galaxy clusters:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
galaxyId | Evet | GalaxyId (string) veya UUID (string) | Galaksi kimliği veya UUID'si | "123" veya "550e8400-e29b-41d4-a716-446655440000" |
Search galaxy clusters:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
galaxyId | Evet | string | Galaksi kimliği veya UUID'si | "123" veya "550e8400-e29b-41d4-a716-446655440000" |
Request Body Şeması:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
context | Hayır | string | Enum: "all" "default" "org" "deleted" | "all" |
searchall | Hayır | string | Galaksi kümelerini herhangi bir değer, açıklama, uuid veya galaksi öğeleri değerleriyle eşleştirerek arayın. | "example" |
Get galaxy cluster by ID:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
galaxyClusterId | Evet | string | Galaxy kümesinin benzersiz kimliği, bir dize veya UUID olarak ifade edilebilir. | "123456" veya "550e8400-e29b-41d4-a716-446655440000" |
Publish galaxy cluster:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
galaxyClusterId | Evet | string | Galaxy kümesinin benzersiz kimliği, bir dize veya UUID olarak ifade edilebilir. | "123456" veya "550e8400-e29b-41d4-a716-446655440000" |
Unpublish galaxy cluster:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
galaxyClusterId | Evet | string | Galaxy kümesinin benzersiz kimliği, bir dize veya UUID olarak ifade edilebilir. | "123456" veya "550e8400-e29b-41d4-a716-446655440000" |
Delete galaxy cluster:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
galaxyClusterId | Evet | string | Galaxy kümesinin benzersiz kimliği, bir dize veya UUID olarak ifade edilebilir. | "123456" veya "550e8400-e29b-41d4-a716-446655440000" |
Restore galaxy cluster:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
galaxyClusterId | Evet | string | Galaxy kümesinin benzersiz kimliği, bir dize veya UUID olarak ifade edilebilir. | "123456" veya "550e8400-e29b-41d4-a716-446655440000" |
User Parametreleri
Reset user password:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
userId | Evet | string | Kullanıcının benzersiz kimliği, bir dize olarak ifade edilir. | "12345" |
firstTimeReset | Evet | string | İlk kez sıfırlama, yalnızca yeni kullanıcı kayıtları için 1 olarak ayarlanır. | "0" veya "1" |
Add user:
Request Body Şeması:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
org_id | Hayır | string | Kuruluşun benzersiz kimliği, bir dize olarak ifade edilir. | "12345" |
server_id | Hayır | string | Sunucunun benzersiz kimliği, bir dize olarak ifade edilir. | "67890" |
Hayır | string | Kullanıcının e-posta adresi. | "example@example.com" | |
autoalert | Hayır | boolean | Otomatik bildirim ayarlarını belirtir. | true veya false |
authkey | Hayır | string veya null | API'ye erişim için kullanılan API kimlik anahtarı. | "abcdef1234567890" veya null |
invited_by | Hayır | string | Davet eden kullanıcının benzersiz kimliği. | "23456" |
gpgkey | Hayır | string veya null | Kullanıcının GPG anahtarı. | "-----BEGIN PGP PUBLIC KEY BLOCK----- ..." veya null |
certif_public | Hayır | string veya null | Kullanıcının genel sertifikası. | "-----BEGIN CERTIFICATE----- ..." veya null |
nids_sid | Hayır | string | Ağ tabanlı bir sistemde, kullanıcının benzersiz kimliği. | "34567" |
termsaccepted | Hayır | boolean | Kullanıcının kullanıcı sözleşmesini kabul edip etmediğini belirtir. | true veya false |
newsread | Hayır | string | Haberlerin son okunma tarihi. | "1617598655" |
role_id | Hayır | string | Kullanıcının rolünün benzersiz kimliği. | "45678" |
change_pw | Hayır | string | Parola değiştirme gereksinimini belirtir. | "0" veya "1" |
contactalert | Hayır | boolean | İletişim bildirimi ayarlarını belirtir. | true veya false |
disabled | Hayır | boolean | Kullanıcının devre dışı bırakılıp bırakılmadığını belirtir. | true veya false |
expiration | Hayır | string veya null | Kullanıcının hesap süresinin son kullanma tarihi. | "2024-12-31T23:59:59Z" veya null |
current_login | Hayır | string | Kullanıcının son oturum açma tarihi. | "1617598655" |
last_login | Hayır | string | Kullanıcının önceki oturum açma tarihi. | "1617598655" |
force_logout | Hayır | boolean | Kullanıcının oturumunun kapatılmasını zorlar. | true veya false |
date_created | Hayır | string | Kullanıcının hesabının oluşturulma tarihi. | "1617598655" |
date_modified | Hayır | string | Kullanıcının hesabının son değiştirme tarihi. | "1617598655" |
Edit user:
Path Parametleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
userId | Evet | string | Kullanıcının benzersiz kimliği. | "12345" |
Request Body Şeması:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
id | Evet | string | Kullanıcının benzersiz kimliği. | "12345" |
org_id | Evet | string | Kullanıcının bağlı olduğu kuruluşun benzersiz kimliği. | "67890" |
server_id | Evet | string | Kullanıcının bağlı olduğu sunucunun benzersiz kimliği. | "98765" |
Evet | string | Kullanıcının e-posta adresi. | "example@example.com" | |
autoalert | boolean | Otomatik bildirim ayarı. | true | |
authkey | string | API'ye erişim için kullanılan yetkilendirme anahtarı. MISP ayarı Security.advanced_authkeys false olarak ayarlanmışsa yalnızca ayarlanır. | "abcd1234" | |
invited_by | string | Davet eden kullanıcının benzersiz kimliği. | "54321" | |
gpgkey | string | GPG anahtar. | "gpg123" | |
certif_public | string | Genel sertifika. | "public_cert123" | |
nids_sid | string | NIDS SID (Network Intrusion Detection System Security ID). | "nids456" | |
termsaccepted | boolean | Kullanıcı tarafından koşulların kabul edilip edilmediği. | true | |
newsread | string | Haberlerin okunma tarihi. | "1635610000" | |
role_id | string | Kullanıcının rolünün benzersiz kimliği. | "78901" | |
change_pw | string | Şifre değişikliği gerekip gerekmediği. | "1" | |
contactalert | boolean | İletişim uyarısı ayarı. | false | |
disabled | boolean | Kullanıcının devre dışı bırakılıp bırakılmadığı. | false | |
expiration | string | Kullanıcının hesabının son kullanma tarihi. | "2024-12-31T23:59:59Z" | |
current_login | string | Kullanıcının son oturum açma tarihi. | "1635610000" | |
last_login | string | Kullanıcının son giriş tarihi. | "1635610000" | |
force_logout | boolean | Oturum kapatma zorlama ayarı. | true | |
date_created | string | Kullanıcının oluşturulma tarihi. | "1635610000" | |
date_modified | string | Kullanıcının son düzenlenme tarihi. | "1635610000" |
Delete user:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
userId | Evet | string | Kullanıcının benzersiz kimliği. | "12345" |
Get user by ID:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
userId | Evet | string | Kullanıcının benzersiz kimliği. | "12345" |
Delete user TOTP:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
userId | Evet | string | Kullanıcının benzersiz sayısal kimliği (ID). | "12345" |
Organizasyon Parametreleri
Add organisation:
Request Body Şeması:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
name | - | string | Kuruluşun adı | "XYZ Company" |
date_created | - | string | Oluşturulma tarihi | "2024-04-12" |
date_modified | - | string | Değiştirilme tarihi | "2024-04-12" |
description | - | string | Kuruluşun açıklaması | "A software company specialized in AI" |
type | - | string | Kuruluşun türü | "Private" |
nationality | - | string | Kuruluşun ulusal kimliği | "US" |
sector | - | string | Kuruluşun sektörü | "Technology" |
created_by | - | string | Oluşturan kullanıcının sayısal kimliği (ID) | "12345" |
uuid | - | string | Kuruluşun benzersiz tanımlayıcısı (UUID) | "550e8400-e29b-41d4-a716-446655440000" |
contacts | - | string | İletişim bilgileri | "contact@xyz.com" |
local | - | boolean | Yerel mi? | true |
restricted_to_domain | - | Dizi | Alan adına sınırlı mı? | ["xyz.com"] |
landingpage | - | string | Kuruluşun web sayfası | "www.xyz.com" |
user_count | - | string | Kullanıcı sayısı | "100" |
created_by_email | - | string | Oluşturan kullanıcının e-posta adresi | "user@xyz.com" |
Edit organisation:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
organisationId | - | string | Kuruluşun benzersiz kimliği (OrganisationId) veya tanımlayıcısı (UUID) | "12345" veya "550e8400-e29b-41d4-a716-446655440000" |
Request Body Şeması:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
name | - | string (OrganisationName) <= 255 karakter | Kuruluşun adı | "ABC Company" |
type | - | string or null (OrganisationType) <= 255 karakter | Kuruluşun türü | "Public" |
nationality | - | string or null | Kuruluşun ülkesi | "USA" |
sector | - | string or null | Kuruluşun sektörü | "Technology" |
contacts | - | string or null | Kuruluşun iletişim bilgileri | "contact@abccompany.com" |
description | - | string or null | Kuruluşun açıklaması | "Global technology company" |
local | - | boolean or null | Kuruluşun yerel olup olmadığı | true |
uuid | - | string or null <uuid> | Kuruluşun benzersiz kimliği (UUID) | "550e8400-e29b-41d4-a716-446655440000" |
restricted_to_domain | - | Array of strings or null <hostname> | Kuruluşun alan adına kısıtlı olduğu durumlar | ["example.com", "subdomain.example.com"] |
Delete organisation:
Path Parameters:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
organisationId | Evet | string (OrganisationId) veya UUID (string) | Kuruluşun benzersiz kimliği (UUID) veya sayısal ID | "123456" veya "550e8400-e29b-41d4-a716-446655440000" |
Get organisation by ID:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
organisationId | Evet | string (OrganisationId) veya UUID (string) | Kuruluşun benzersiz kimliği (UUID) veya sayısal ID | "123456" veya "550e8400-e29b-41d4-a716-446655440000" |
Server Parametreleri
Add server:
Request Body Şeması:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
name | Hayır | string (ServerName) | Sunucunun adı | "MISP Server" |
url | Hayır | string | Sunucunun URL'si | "https://misp.example.com" |
authkey | Hayır | string (AuthKeyRaw) = 40 characters | Kimlik doğrulama anahtarı | "4d1f1fb8ed6d746150ca34f98258d12a7f3a24a3" |
org_id | Hayır | string (OrganisationId) <= 10 characters ^\d+$ | Kuruluşun benzersiz kimliği | "123456" |
push | Hayır | boolean | Sunucunun olayları itme yeteneği var mı? | true |
pull | Hayır | boolean | Sunucunun olayları çekme yeteneği var mı? | true |
push_sightings | Hayır | boolean | Sunucunun görüşleri itme yeteneği var mı? | true |
push_galaxy_clusters | Hayır | boolean | Sunucunun galaksi kümelerini itme yeteneği var mı? | true |
pull_galaxy_clusters | Hayır | boolean | Sunucunun galaksi kümelerini çekme yeteneği var mı? | true |
lastpulledid | Hayır | string or null <= 10 characters ^\d+$ | Son çekilen olayın ID'si | "987654" |
lastpushedid | Hayır | string or null <= 10 characters ^\d+$ | Son itilen olayın ID'si | "654321" |
organization | Hayır | string or null | Sunucunun bağlı olduğu organizasyonun adı | "Example Organization" |
remote_org_id | Hayır | string (OrganisationId) <= 10 characters ^\d+$ | Uzak organizasyonun benzersiz kimliği | "789012" |
publish_without_email | Hayır | boolean | E-posta olmadan yayınlama izni | true |
unpublish_event | Hayır | boolean | Etkinliği yayından kaldırma yeteneği | true |
self_signed | Hayır | boolean | Kendi imzalı sertifikaları kabul eder mi? | true |
pull_rules | Hayır | string | Bu sunucudan etkinlik çekmek için kural seti | "{ 'rule': 'value' }" |
push_rules | Hayır | string | Bu sunuca olayları itmek için kural seti | "{ 'rule': 'value' }" |
cert_file | Hayır | string or null <byte> | Base64 kodlanmış sertifika | "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArQQW" |
client_cert_file | Hayır | string or null <byte> | Base64 kodlanmış istemci sertifikası | "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArQQW" |
internal | Hayır | boolean | Dahili sunucu mu? | true |
skip_proxy | Hayır | boolean | Proxy'yi atlamak için izin var mı? | true |
caching_enabled | Hayır | boolean | Önbelleğe alma etkin mi? | true |
priority | Hayır | string or null <= 10 characters ^\d+$ | Öncelik sırası | "1" |
cache_timestamp | Hayır | boolean | Önbellek zaman damgası | true |
Edit server:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
serverId | Evet | string | Sunucunun benzersiz kimliği | "123456" |
Request Body Şeması:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
id | Evet | string | Sunucunun benzersiz kimliği | "123456" |
name | - | string | Sunucunun adı | "MISP Server 1" |
url | - | string | Sunucunun URL'si | "https://example.com/misp" |
authkey | - | string | API kimlik anahtarı | "a1b2c3d4e5f6..." |
org_id | - | string | Kuruluşun benzersiz kimliği | "987654" |
push | - | boolean | Sunucuya olay gönderme yeteneği | true |
pull | - | boolean | Sunucudan olay alma yeteneği | true |
push_sightings | - | boolean | Görüntülemeleri sunucuya gönderme yeteneği | false |
push_galaxy_clusters | - | boolean | Galaksi kümelerini sunucuya gönderme yeteneği | true |
pull_galaxy_clusters | - | boolean | Galaksi kümelerini sunucudan alma yeteneği | false |
lastpulledid | - | string | Son alınan olayın benzersiz kimliği | "654321" |
lastpushedid | - | string | Son gönderilen olayın benzersiz kimliği | "789012" |
organization | - | string | Sunucunun bağlı olduğu kuruluşun adı | "Example Org" |
remote_org_id | - | string | Uzak sunucunun bağlı olduğu kuruluşun kimliği | "456789" |
publish_without_email | - | boolean | E-posta olmadan yayınlama yeteneği | false |
unpublish_event | - | boolean | Olayları yayından kaldırma yeteneği | false |
self_signed | - | boolean | Kendi kendine imzalama yeteneği | true |
pull_rules | - | string | Sunucudan olay çekme kuralları | {...} |
push_rules | - | string | Sunucuya olay gönderme kuralları | {...} |
cert_file | - | string | Sertifika dosyası (Base64 kodlu) | "..." |
client_cert_file | - | string | İstemci sertifika dosyası (Base64 kodlu) | "..." |
internal | - | boolean | Dahili sunucu işareti | false |
skip_proxy | - | boolean | Proxy'yi atlayma yeteneği | true |
caching_enabled | - | boolean | Önbelleğe alma yeteneği | true |
priority | - | string | Öncelik düzeyi | "1" |
cache_timestamp | - | boolean | Önbellek zaman damgası | true |
Delete server:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
serverId | Evet | string | Sunucunun benzersiz kimliği | "123456" |
Pull server:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
serverId | Evet | string | Sunucunun benzersiz kimliği | "123456" |
pullTechnique | Evet | string | Olayların bu sunucudan çekilmesi için kullanılacak çekme tekniği | "full" veya "incremental" veya "pull_relevant_clusters" |
Push server:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
serverId | Evet | string | Sunucunun benzersiz kimliği | "123456" |
pushTechnique | Evet | string | Bu sunucuya olayları itmek için kullanılacak itme tekniği | "full" veya "incremental" |
Start worker:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
workerType | Evet | string | İşçi türü | "default", "email", "scheduler", "cache", "prio", "update" |
Stop worker:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
workerPid | Evet | string | İşçi PID'si | "12345" |
Get server setting by name:
Path Parameterleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
settingName | Evet | string | Ayarın adı | "MISP.background_jobs" |
Edit server setting:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
settingName | Evet | string | Ayarın adı | "MISP.background_jobs" |
Request Body Şeması:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
value | Evet | string | string, boolean, number veya object türlerinden biri. | "string" |
Import server:
Path Paremetreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
name | Evet | string | Sunucu adı | "example-server" |
url | Evet | string | Sunucunun URLsi | "https://example.com" |
uuid | Evet | string | Sunucunun benzersiz kimliği (UUID) | "550e8400-e29b-41d4-a716-446655440000" |
authkey | Evet | string | Kimlik doğrulama anahtarı | "a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t" |
Organisation:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
name | Evet | string | Kuruluşun adı | "example-org" |
Sharing Group Parametreleri
Add a sharing group:
Request Body Şeması:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
uuid | Evet | string | Paylaşım grubunun benzersiz kimliği | "550e8400-e29b-41d4-a716-446655440000" |
name | Evet | string | Paylaşım grubunun adı | "example-group" |
description | Evet | string | Paylaşım grubunun açıklaması | "This is an example sharing group." |
releasability | Evet | string | Paylaşım grubunun serbest bırakılabilirliği | "All" |
local | Evet | boolean | Paylaşım grubunun yerel olup olmadığı | true |
active | Evet | boolean | Paylaşım grubunun etkin olup olmadığı | true |
org_count | Evet | string | Paylaşım grubundaki kuruluş sayısı | "5" |
organisation_uuid | Evet | string | Paylaşım grubunun kuruluşunun benzersiz kimliği | "550e8400-e29b-41d4-a716-446655440001" |
org_id | Evet | string | Kuruluşun ID'si | "12345" |
sync_user_id | Evet | string | Senkronize kullanıcı ID'si | "67890" |
created | Evet | string | Oluşturulma tarihi | "2024-04-12T12:00:00Z" |
modified | Evet | string | Değiştirilme tarihi | "2024-04-12T12:00:00Z" |
roaming | Evet | boolean | Paylaşım grubunun dolaşım modunda olup olmadığı | false |
Edit a sharing group:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
sharingGroupId | Evet | string (or null) veya UUID | Paylaşım grubunun benzersiz kimliği veya boş olması | "550e8400-e29b-41d4-a716-446655440000" veya null |
Request body Şeması:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
id | Opsiyonel | string (SharingGroupId) veya null | Paylaşım grubunun benzersiz kimliği veya boş olması | "123456" veya null |
uuid | Gerekli | string <uuid> (UUID) <= 36 characters | Paylaşım grubunun benzersiz UUID'si | "550e8400-e29b-41d4-a716-446655440000" |
name | Gerekli | string (SharingGroupName) <= 255 characters | Paylaşım grubunun adı | "Paylaşım Grubu 1" |
description | Gerekli | string (SharingGroupDescription) <= 65535 characters | Paylaşım grubunun açıklaması | "Bu bir paylaşım grubu açıklamasıdır." |
releasability | Gerekli | string (SharingGroupReleasability) <= 65535 characters | Paylaşım grubunun yayınlanabilirlik durumu | "Sınırlı" veya "Genel" |
local | Gerekli | boolean | Yerel mi yoksa uzak mı olduğu | true veya false |
active | Gerekli | boolean | Paylaşım grubunun etkin olup olmadığı | true veya false |
org_count | Gerekli | string^\d+$ | Paylaşım grubundaki kuruluş sayısı | "3" veya "10" |
organisation_uuid | Gerekli | string <uuid> (UUID) <= 36 characters | Paylaşım grubunun ait olduğu kuruluşun UUID'si | "550e8400-e29b-41d4-a716-446655440001" |
org_id | Gerekli | string (OrganisationId) <= 10 characters ^\d+$ | Paylaşım grubunun ait olduğu kuruluşun ID'si | "123456" |
sync_user_id | Gerekli | string (UserId) <= 10 characters ^\d+$ | Paylaşım grubunun senkronizasyon kullanıcısının ID'si | "789012" |
created | Gerekli | string <datetime> | Paylaşım grubunun oluşturulma tarihi | "2024-04-17 15:30:00" |
modified | Gerekli | string <datetime> | Paylaşım grubunun son değiştirilme tarihi | "2024-04-17 15:30:00" |
roaming | Gerekli | boolean | Paylaşım grubunun gezinti modunda olup olmadığı | true veya false |
Delete a sharing group:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
sharingGroupId | Opsiyonel | (SharingGroupId (string or null)) or UUID (string) | Paylaşım grubunun benzersiz kimliği veya boş olması | "123456" veya null |
Get a sharing group by ID:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
sharingGroupId | Gerekli | (SharingGroupId (string or null)) or UUID (string) | Paylaşım grubunun benzersiz kimliği veya boş olması | "123456" veya null |
Add an organisation to a sharing group:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
sharingGroupId | Gerekli | (SharingGroupId (string or null)) or UUID (string) | Paylaşım grubunun benzersiz kimliği veya boş olması | "123456" |
organisationId | Gerekli | OrganisationId (string) or UUID (string) | Organizasyonun benzersiz kimliği | "789012" |
Remove an organisation from a sharing group:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
sharingGroupId | Gerekli | (SharingGroupId (string veya null)) veya UUID (string) | Paylaşım grubunun benzersiz kimliği veya boş olması | "123456" |
organisationId | Gerekli | OrganisationId (string) veya UUID (string) | Organizasyonun benzersiz kimliği | "789012" |
Add a server to a sharing group:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
sharingGroupId | Gerekli | (SharingGroupId (string veya null)) veya UUID (string) | Paylaşım grubunun benzersiz kimliği veya boş olması | "123456" |
serverId | Gerekli | ServerId (string) veya UUID (string) | Sunucunun benzersiz kimliği | "789012" |
Remove a server from a sharing group:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
sharingGroupServerId | Gerekli | string veya null | Paylaşım grubu sunucusunun benzersiz kimliği veya boş olması | "123456" |
serverId | Gerekli | ServerId (string veya UUID) | Sunucunun benzersiz kimliği | "789012" |
Feed Parametreleri
Get a feed by ID:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
feedId | Gerekli | FeedId (string veya UUID) | Kaynağın benzersiz kimliği | "456789" |
Add a feed:
Request Body Şeması:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
name | - | string (FeedName) <= 255 | Beslenmenin adı | "Example Feed" |
provider | - | string (FeedProvider) | Beslemenin sağlayıcısı | "Example Provider" |
url | - | string (FeedUrl) | Beslemenin URL'si | "https://example.com/feed" |
rules | - | string or null (FeedRules) | Dizeye dönüştürülmüş JSON filtre kuralları | { "filter": "value" } |
enabled | - | boolean (FeedEnabledFlag) | Beslemenin etkin olup olmadığı | true |
distribution | - | string (DistributionLevelId) | Yayınlandığında ve sonradan çekildiğinde bu etkinlikleri kimin görebileceği: | "0" |
sharing_group_id | - | string or null (SharingGroupId) | Paylaşım grubunun UUID'si veya sayısal ID'si | "123456" |
tag_id | - | string (TagId) <= 10 | Atfedilecek etiketin ID'si | "789" |
source_format | - | string (FeedSourceFormat) | Besleme kaynağının biçimi | "csv" |
fixed_event | - | boolean (FeedFixedEvent) | Hedef etkinlik seçeneği düşünülebilir | true |
delta_merge | - | boolean (FeedDeltaMergeFlag) | Öznitelikleri birleştir (yalnızca yeni öznitelik ekle, iptal edilen öznitelikleri kaldır) | true |
event_id | - | string (EventId) <= 10 | Yayınlanan etkinliklerin ID'si | "987654" |
publish | - | boolean (PublishedFlag) | Varsayılan: false | true |
override_ids | - | boolean (FeedOverrideIDSFlag) | IDS bayrakları bu besleme için Kapatılacaktır | true |
input_source | - | string (FeedInputSource) | Kaynağın (url alanı) bir dizin (yerel) veya gerçek bir URL (ağ) olup olmadığını belirtin. | "network" |
delete_local_file | - | boolean (FeedDeleteLocalFileFlag) | IDS bayrakları bu besleme için Kapatılacaktır | true |
lookup_visible | - | boolean (FeedLookupVisibleFlag) | Araştırma, beslemeye karşılık gelmeyecek | true |
headers | - | string or null (FeedHeaders) | İsteklerle birlikte iletilmesi gereken başlıklar. Her biriyle ayrılmış. | "Content-Type: application/json" |
caching_enabled | - | boolean (FeedCachingEnabledFlag) | Besleme önbelleğe alınır | true |
force_to_ids | - | boolean (FeedForceToIDSFlag) | IDS bayrakları bu besleme için Açılacaktır | true |
orgc_id | - | string (OrganisationId) <= 10 | Organizasyonun UUID'si veya sayısal ID'si | "123456" |
Edit a feed:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
feedId | zorunlu | string | Beslemenin UUID'si veya sayısal ID'si | "123456" |
Request Body Şeması:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
id | zorunlu | string (FeedId) | Besleme ID'si | "123456" |
name | string (FeedName) | Besleme adı | "Örnek Besleme" | |
provider | string (FeedProvider) | Sağlayıcı | "Sağlayıcı A" | |
url | string (FeedUrl) | URL | "http://example.com/feed" | |
rules | string veya null (FeedRules) | Dizeleştirilmiş JSON filtre kuralları | {"type": "malware"} | |
enabled | boolean (FeedEnabledFlag) | Etkin mi? | true | |
distribution | string (DistributionLevelId) | Dağıtım Seviyesi Enum: "0" "1" "2" "3" "4" "5" Kimler etkinlikleri görebilecek, yayımlandığında ve sonunda çekildiğinde: 0 - Sadece kuruluşunuz 1 - Yalnızca bu topluluk 2 - Bağlı topluluklar 3 - Tüm topluluklar 4 - Paylaşım grubu 5 - Miras Olayı | "0" | |
sharing_group_id | string veya null (SharingGroupId) | Paylaşım Grubu ID'si | "789012" | |
tag_id | string (TagId) | Etiket ID'si | "345678" | |
source_format | string (FeedSourceFormat) | Kaynak Formatı Enum: "1" "csv" "freetext" "misp" | "csv" | |
fixed_event | boolean (FeedFixedEvent) | Sabit Olay | true | |
delta_merge | boolean (FeedDeltaMergeFlag) | Delta Birleştirme | false | |
event_id | string (EventId) | Olay ID'si | "234567" | |
publish | boolean (PublishedFlag) | Yayımla | false | |
override_ids | boolean (FeedOverrideIDSFlag) | IDS bayrakları bu besleme için kapatılacak | true | |
input_source | string (FeedInputSource) | Kaynak Türü Enum: "local" "network" | "local" | |
delete_local_file | boolean (FeedDeleteLocalFileFlag) | Yerel dosya silinsin mi? | false | |
lookup_visible | boolean (FeedLookupVisibleFlag) | Arama, besleme uyumu içinde görünür olacak mı? | true | |
headers | string veya null (FeedHeaders) | İsteklerle geçilecek başlıklar. Tümü virgülle ayrılmış | "Content-Type: application/json, Authorization: Bearer token" | |
caching_enabled | boolean (FeedCachingEnabledFlag) | Besleme önbelleğe alınıyor mu? | true | |
force_to_ids | boolean (FeedForceToIDSFlag) | IDS bayrakları bu besleme için açılacak | true | |
orgc_id | string (OrganisationId) | Kuruluş ID'si | "456789" |
Enable feed:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
feedId | zorunlu | FeedId (string) | Besleme ID'si | "123456" |
Disable feed:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
feedId | zorunlu | FeedId (string) veya UUID (string) | Besleme ID'si | "123456" |
Cache feeds:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
cacheFeedsScope | zorunlu | string | Önbellek besleme kapsamı | "all" |
Fetch from feed by ID:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama |
---|---|---|---|
feedId | zorunlu | string | Besleme Kimliği (String veya UUID) |
Obje Parametreleri
[restSearch] Get a filtered and paginated list of objects:
Request Body Şeması:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
page | null | integer (int32) | >= 1 | 1 |
limit | null | integer (int32) | >= 0 | 10 |
quickFilter | string | Olayları herhangi bir etiket adı, olay açıklamaları, öznitelik değerleri veya öznitelik yorumlarıyla eşleştirmek için arama yapar. | "malware" | |
searchall | string | Olayları herhangi bir etiket adı, olay açıklamaları, öznitelik değerleri veya öznitelik yorumlarıyla eşleştirmek için arama yapar. | "ransomware" | |
timestamp | string (Timestamp) | ^\d+$ | "1617613315" | |
object_name | string | <= 131071 karakter | "malicious_file.exe" | |
object_template_uuid | string <uuid> | <= 36 karakter | "6f3c0d71-5b7a-46a9-a78b-29a146b5e3c7" | |
object_template_version | string | ^\d+$ | "1" | |
eventid | string | <= 10 karakter ^\d+$ | "12345" | |
eventinfo | string | <= 65535 karakter | "Malware infection" | |
ignore | boolean | false | true | |
from | string veya null (DateRestSearchFilter) | |||
to | string veya null (DateRestSearchFilter) | |||
date | string veya null (DateRestSearchFilter) | |||
tags | Array of strings | veya null (TagsRestSearchFilter) | ||
last | integer veya string | veya null (LastRestSearchFilter) | ||
event_timestamp | string (Timestamp) | ^\d+$ | "1617613315" | |
publish_timestamp | string (Timestamp) | ^\d+$ | "1617613315" | |
org | OrganisationId veya OrganisationName | |||
uuid | string <uuid> | <= 36 karakter | "6f3c0d71-5b7a-46a9-a78b-29a146b5e3c7" | |
value | string | <= 131071 karakter | "1.2.3.4" | |
type | string | <= 100 karakter | "ip-src" | |
category | string | <= 255 karakter | "Network activity" | |
object_relation | string | veya null (ObjectRelationRestSearchFilter) | ||
attribute_timestamp | string (Timestamp) | ^\d+$ | "1617613315" | |
first_seen | string veya null (NullableMicroTimestamp) | ^\d+$ veya null | "1617613315" | |
last_seen | string veya null (NullableMicroTimestamp) | ^\d+$ veya null | "1617613315" | |
comment | string | <= 65535 karakter | "Malicious activity" | |
to_ids | boolean veya null (ToIDSRestSearchFlag) | |||
published | boolean | false | true | |
deleted | boolean | false | false | |
withAttachments | boolean | false | true | |
enforceWarninglist | boolean veya null (EnforceWarninglistRestSearchFilter) | |||
includeAllTags | boolean | false | true | |
includeEventUuid | boolean | false | true | |
include_event_uuid | boolean | false | true | |
includeEventTags | boolean | false | true | |
includeProposals | boolean | false | true | |
includeWarninglistHits | boolean veya null | false | true | |
includeContext | boolean veya null (IncludeContextRestSearchFlag) | |||
includeSightings | boolean veya null (IncludeContextRestSearchFlag) | |||
includeSightingdb | boolean veya null (IncludeSightingDbRestSearchFlag) | |||
includeCorrelations | boolean veya null (IncludeCorrelationsRestSearchFlag) | |||
includeDecayScore | boolean | false | true | |
includeFullModel | boolean | false | true | |
allow_proposal_blocking | boolean | false | true | |
metadata | boolean veya null (MetadataRestSearchFilter) | |||
attackGalaxy | string veya null (AttackGalaxyRestSearchFilter) | |||
excludeDecayed | boolean | false | true | |
decayingModel | string | |||
modelOverrides | object | |||
returnFormat | string | "json" | "json" |
Add an object to an event:
Path Parametreleri:
Request Body Şeması:
Attribute:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
category | - | string | Öznitelik kategorisi. | "Network activity" |
value | - | string | Öznitelik değeri. | "192.168.1.1" |
to_ids | - | boolean | IDS'ye rapor edilsin mi? | true |
disable_correlation | - | boolean | Korelasyonu devre dışı bırak. | false |
distribution | - | string | Yayımlanan etkinliği kimler görebilir? | "0" |
comment | - | string | Özniteliğe yapılan yorum. | "Possible malware" |
object_relation | - | string | Nesne ilişkisi. | "Related to incident" |
Get object by ID:
Path Parametreleri:
Delete object:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
objectId | Gerekli | string | Nesnenin UUID veya sayısal kimliği. | "1234" |
hardDelete | Gerekli | string | Varlığın silinme yöntemi. | "0" |
Tag Parametreleri
Get tag by ID:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
tagId | Gerekli | string | Özniteliğin sayısal kimliği. | "12345" |
Add tag:
Request Body Şeması:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
name | Gerekli | string | Etiketin adı | "Example Tag" |
colour | Gerekli | string | Etiket rengi | "#FF0000" |
exportable | Opsiyonel | boolean | Etiketin dışa aktarılabilir olup olmadığı | true |
org_id | Opsiyonel | string | Kuruluşun kimliği | "12345" |
user_id | Opsiyonel | string | Kullanıcının kimliği | "67890" |
hide_tag | Opsiyonel | boolean | Etiketin gizlenip gizlenmeyeceği | false |
numerical_value | Opsiyonel | string veya null | Sayısal değer | "100" |
is_galaxy | Opsiyonel | boolean | Galaksi olup olmadığı | true |
is_custom_galaxy | Opsiyonel | boolean | Özel bir galaksi olup olmadığı | true |
inherited | Opsiyonel | integer | Miras alınıp alınmadığı | 1 |
Delete tag:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
tagId | Gerekli | string | Etiketin sayısal kimliği | "12345" |
Edit tag:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
tagId | Gerekli | string | Etiketin sayısal kimliği | 12345 |
Request Body Şeması:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
name | Gerekli | string | Etiket adı | "ABC" |
colour | Gerekli | string | Etiket rengi | "#FF0000" |
exportable | Opsiyonel | boolean | Dışa aktarılabilir mi? (Varsayılan: true) | true |
org_id | Gerekli | string | Organizasyonun kimliği | "12345" |
user_id | Gerekli | string | Kullanıcının kimliği | "54321" |
hide_tag | Opsiyonel | boolean | Etiket gizli mi? (Varsayılan: false) | false |
numerical_value | Opsiyonel | string veya null | Sayısal değer | "10" |
is_galaxy | Opsiyonel | boolean | Galaxy etiketi mi? (Varsayılan: true) | true |
is_custom_galaxy | Opsiyonel | boolean | Özel galaxy etiketi mi? (Varsayılan: true) | true |
inherited | Opsiyonel | integer | Miras alınan mı? (Varsayılan: 1) | 1 |
Search tag:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
tagSearchTerm | Gerekli | string | Etiket arama terimi | "%tlp%" |
Sighting Parametreleri
Get sightings by event ID:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
eventId | Gerekli | string | Olayın UUID veya sayısal kimliği | "1234" |
Add sightings of a list of values:
Request Body Şemas:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
values | Gerekli | Dize Dizisi | Değerlerin listesi | ["value1", "value2"] |
timestamp | Opsiyonel | Dize veya null | Zaman damgası (isteğe bağlı) | "1630458921" |
filters | Opsiyonel | Nesne (Object) | Arama filtreleri | { ... } |
Add sighting of an attribute:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
attributeId | Gerekli | Dize (String) | Özniteliğin UUID veya sayısal ID'si | "12345" |
Delete sighting:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
sightingId | Gerekli | Dize (String) | Görme ID'si (UUID veya sayısal) | "12345" |
Warninglist Parametreleri:
Search warninglists:
Request Body Şeması:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
value | Opsiyonel | Dize (String) veya null | Uyarı listelerinin adı, açıklaması veya türü ile eşleşmek için kullanılacak arama terimi | "malware" |
enabled | Opsiyonel | Boolean veya null | Arama sonuçlarında yalnızca etkin uyarı listelerini filtrelemek için kullanılır | true |
Enable/disable warninglists:
Request Body Şeması:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
id | Opsiyonel | Dize (String) veya Dize Dizisi (Array of strings) | Filtrelenecek uyarı listesi kimlikleri | "12345" veya ["12345", "67890"] |
name | Opsiyonel | Dize veya Dize Dizisi | Filtrelenecek uyarı listesi adı veya adları | "Malware" veya ["Malware", "Phishing"] |
enabled | Opsiyonel | Boolean | Filtrelenecek uyarı listesi durumu (etkin veya devre dışı) | true |
Get warninglist by ID:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
warninglistId | Gerekli | Dize (String) | Uyarı listesinin sayısal kimliği | "3" |
Noticelist Parametreleri
Get a noticelist by ID:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
noticelistId | Gerekli | Dize (String) | Bildirim listesinin sayısal kimliği | "3" |
Enable/disable noticelist:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
noticelistId | Gerekli | Dize (String) | Bildirim listesinin sayısal kimliği | "3" |
Log Parametreleri
Get instance logs:
Request Body Şeması:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
page | Opsiyonel | Tam sayı | Sayfa numarası (1 veya daha büyük) | 1 |
limit | Opsiyonel | Tam sayı | Sonuç limiti (0 veya daha büyük) | 10 |
id | Opsiyonel | Dize (String) | Günlük kimliği | "12345" |
title | Opsiyonel | Dize (String) | Günlük başlığı | "login" |
created | Opsiyonel | Tarih veya tarih aralığı | Oluşturma tarihi veya aralığı | "2024-04-01T00:00:00Z" |
model | Opsiyonel | Dize (String) | Günlüğün modele göre aranması | "User" |
model_id | Opsiyonel | Dize (String) | Günlüğün model kimliği | "54321" |
action | Opsiyonel | Dize (String) | Eylem türü | "add" |
user_id | Opsiyonel | Dize (String) | Kullanıcı kimliği | "67890" |
change | Opsiyonel | Dize (String) | Günlük değişikliği metni | "password" |
Opsiyonel | E-posta | E-posta adresi | "example@example.com" | |
org | Opsiyonel | Dize (String) | Kuruluş adı | "ACME" |
description | Opsiyonel | Dize (String) | Açıklama | "User login" |
ip | Opsiyonel | Dize (String) | IP adresi | "192.0.2.0" |
Kimlik Doğrulama Anahtarı Parametreleri
Search auth keys:
Request Body Şeması:
Add auth keys:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
userId | Gerekli | Dize (String) | Kullanıcı kimliği | "12345" |
Request Body Şeması:
View auth key:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama |
---|---|---|---|
authKeyId | Evet | AuthKeyId (Dize) veya UUID (Dize) <= 36 Karakter | Yetkilendirme anahtarının benzersiz kimliği veya sayısal ID'si |
Edit auth key:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama |
---|---|---|---|
authKeyId | Evet | AuthKeyId (Dize) veya UUID (Dize) <= 36 Karakter | Yetkilendirme anahtarının benzersiz kimliği veya sayısal ID'si |
Request Body Şeması:
Delete auth key:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
authKeyId | Evet | AuthKeyId (string) | Auth anahtarının UUID veya sayısal ID'si | "12345" veya "a1b2c3d4" |
Kullanıcı Ayarları Parametreleri
Search user settings:
Request Body Şeması:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
id | Evet | UserSettingId (string) | Kullanıcı ayarlarının sayısal ID'si | "12345" |
setting | Evet | UserSettingName (string) | Kullanıcı ayarı adı | "publish_alert_filter" |
user_id | Evet | UserId (string) | Kullanıcının sayısal ID'si | "54321" |
Get user setting by id:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
userSettingId | Evet | UserSettingId (string) | Kullanıcı ayarlarının sayısal ID'si | "12345" |
Set user setting:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
userId | Evet | UserId (string) | Kullanıcının sayısal ID'si | "12345" |
userSettingName | Evet | UserSettingName (string) | Kullanıcı ayarının adı | "publish_alert_filter" |
Request Body Şeması:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
widget | - | string | Widget'ın türü | "example_widget" |
position | - | object | Widget'ın konumu | { "x": 10, "y": 20 } |
Get user setting by id:
Path Parametreleri:
Tabloyu güncelledim:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
userId | Evet | string | Kullanıcının sayısal kimliği | "12345" |
userSettingName | Evet | string | Kullanıcı ayarlarının adı | "publish_alert_filter" |
Delete user setting by id:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
userSettingId | Evet | string | Kullanıcı ayarlarının kimliği | "12345" |
EventReport Parametreleri
Get event report by ID:
Path Parametreleri:
Add Event Report:
Path Parametreleri:
Request Body Şeması:
Edit Event Report:
Path Parametreleri:
Delete Event Report:
Path Parametreleri:
Parametre | Gerekli | Veri Türü | Açıklama | Örnek |
---|---|---|---|---|
eventReportId | Evet | string (EventReportId) | Olay raporunun kimliği | "123" |
Import Report From URL:
Path Parametreleri:
Request Body Şeması:
Parametre | Gerekli | Veri Türü | Açıklama |
---|---|---|---|
url | Evet | string | Kaynak URL veya adresi |
API Request ve Response Örnekleri
Analyst Data
Add analyst data:
POST
https://misp.local/analystData/add/{analystType}/{objectUUID}/{ObjectType}
Response:
200:
AnalystNote:
{
"note": "Provide more context",
"language": "fr-BE",
"note_type_name": "Note",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"object_type": "Attribute",
"authors": "john.doe@admin.test",
"org_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"orgc_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"created": "2024-03-19 11:10:24",
"modified": "2024-03-19 11:10:24",
"distribution": "0",
"sharing_group_id": "1",
"locked": true
}
AnalystOpinion:
{
"comment": "Provide more context",
"opinion": 70,
"note_type_name": "Opinion",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"object_type": "Attribute",
"authors": "john.doe@admin.test",
"org_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"orgc_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"created": "2024-03-19 11:10:24",
"modified": "2024-03-19 11:10:24",
"distribution": "0",
"sharing_group_id": "1",
"locked": true
}
AnalystRelationship:
{
"related_object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"related_object_type": "Attribute",
"relationship_type": "related-to",
"note_type_name": "Relationship",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"object_type": "Attribute",
"authors": "john.doe@admin.test",
"org_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"orgc_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"created": "2024-03-19 11:10:24",
"modified": "2024-03-19 11:10:24",
"distribution": "0",
"sharing_group_id": "1",
"locked": true
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Edit analyst data:
POST
https://misp.local/analystData/edit/{analystType}/{analystDataID}
Response:
200:
AnalystNote:
{
"note": "Provide more context",
"language": "fr-BE",
"note_type_name": "Note",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"object_type": "Attribute",
"authors": "john.doe@admin.test",
"org_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"orgc_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"created": "2024-03-19 11:10:24",
"modified": "2024-03-19 11:10:24",
"distribution": "0",
"sharing_group_id": "1",
"locked": true
}
AnalystOpinion:
{
"comment": "Provide more context",
"opinion": 70,
"note_type_name": "Opinion",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"object_type": "Attribute",
"authors": "john.doe@admin.test",
"org_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"orgc_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"created": "2024-03-19 11:10:24",
"modified": "2024-03-19 11:10:24",
"distribution": "0",
"sharing_group_id": "1",
"locked": true
}
AnalystRelationship:
{
"related_object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"related_object_type": "Attribute",
"relationship_type": "related-to",
"note_type_name": "Relationship",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"object_type": "Attribute",
"authors": "john.doe@admin.test",
"org_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"orgc_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"created": "2024-03-19 11:10:24",
"modified": "2024-03-19 11:10:24",
"distribution": "0",
"sharing_group_id": "1",
"locked": true
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Delete Analyst data:
DELETE
https://misp.local/analystData/delete/{analystType}/{analystDataID}
Response:
200:
{
"message": "Analyst Note deleted."
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
List Analyst data:
GET
https://misp.local/analystData/delete/{analystType}/{analystDataID}
Response:
200:
[
{
"note": "Provide more context",
"language": "fr-BE",
"note_type_name": "Note",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"object_type": "Attribute",
"authors": "john.doe@admin.test",
"org_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"orgc_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"created": "2024-03-19 11:10:24",
"modified": "2024-03-19 11:10:24",
"distribution": "0",
"sharing_group_id": "1",
"locked": true
}
]
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}}
Get Analyst Data by ID:
GET
https://misp.local/analystData/view/{analystType}/{analystDataID}
Response:
200:
AnalystNote:
{
"note": "Provide more context",
"language": "fr-BE",
"note_type_name": "Note",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"object_type": "Attribute",
"authors": "john.doe@admin.test",
"org_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"orgc_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"created": "2024-03-19 11:10:24",
"modified": "2024-03-19 11:10:24",
"distribution": "0",
"sharing_group_id": "1",
"locked": true
}
AnalystOpinion:
{
"comment": "Provide more context",
"opinion": 70,
"note_type_name": "Opinion",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"object_type": "Attribute",
"authors": "john.doe@admin.test",
"org_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"orgc_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"created": "2024-03-19 11:10:24",
"modified": "2024-03-19 11:10:24",
"distribution": "0",
"sharing_group_id": "1",
"locked": true
}
AnalystRelationship:
{
"related_object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"related_object_type": "Attribute",
"relationship_type": "related-to",
"note_type_name": "Relationship",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"object_type": "Attribute",
"authors": "john.doe@admin.test",
"org_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"orgc_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"created": "2024-03-19 11:10:24",
"modified": "2024-03-19 11:10:24",
"distribution": "0",
"sharing_group_id": "1",
"locked": true
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Attributes
[restSearch] Get a filtered and paginated list of attributes:
POST
https://misp.local/attributes/restSearch
Resquest:
{
"page": 1,
"limit": 0,
"value": "127.0.0.1",
"value1": "127.0.0.1",
"value2": "127.0.0.1",
"type": "md5",
"category": "Internal reference",
"org": "12345",
"tags": [
"tlp:amber"
],
"from": "string",
"to": "string",
"last": 0,
"eventid": "12345",
"withAttachments": false,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"publish_timestamp": "1617875568",
"published": false,
"timestamp": "1617875568",
"attribute_timestamp": "1617875568",
"enforceWarninglist": true,
"to_ids": true,
"deleted": false,
"event_timestamp": "1617875568",
"threat_level_id": "1",
"eventinfo": "string",
"sharinggroup": [
"1"
],
"decayingModel": "string",
"score": "string",
"first_seen": "string",
"last_seen": "string",
"includeEventUuid": false,
"includeEventTags": false,
"includeProposals": false,
"requested_attributes": [
"id"
],
"includeContext": true,
"headerless": true,
"includeWarninglistHits": true,
"attackGalaxy": "mitre-attack",
"object_relation": "filepath",
"includeSightings": true,
"includeCorrelations": true,
"modelOverrides": {
"lifetime": 3,
"decay_speed": 2.3,
"threshold": 30,
"default_base_score": 80,
"base_score_config": {
"estimative-language:confidence-in-analytic-judgment": 0.25,
"estimative-language:likelihood-probability": 0.25,
"phishing:psychological-acceptability": 0.25,
"phishing:state": 0.2
}
},
"includeDecayScore": false,
"includeFullModel": false,
"excludeDecayed": false,
"returnFormat": "json"
}
Response:
200:
{
"response": {
"Attribute": [
{
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000",
"data": "string",
"event_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"decay_score": [
{
"score": 10.5,
"base_score": 80,
"decayed": true,
"DecayingModel": {
"id": "12345",
"name": "Phishing model"
}
}
],
"Event": {
"id": "12345",
"org_id": "12345",
"distribution": "0",
"info": "logged source ip",
"orgc_id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"date": "1991-01-15",
"published": false,
"analysis": "0",
"attribute_count": "321",
"timestamp": "1617875568",
"sharing_group_id": "1",
"proposal_email_lock": true,
"locked": true,
"threat_level_id": "1",
"publish_timestamp": "1617875568",
"sighting_timestamp": "1617875568",
"disable_correlation": false,
"extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"event_creator_email": "user@example.com"
},
"Object": {
"id": "12345",
"name": "ail-leak",
"meta-category": "string",
"description": "string",
"template_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"template_version": "1",
"event_id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "string",
"deleted": true,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000",
"Attribute": [
{
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
]
},
"Tag": [
{
"id": "12345",
"name": "tlp:white",
"colour": "#ffffff",
"exportable": true,
"org_id": "12345",
"user_id": "12345",
"hide_tag": false,
"numerical_value": "12345",
"is_galaxy": true,
"is_custom_galaxy": true,
"inherited": 1
}
]
}
]
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Add an attribute:
POST
https://misp.local/attributes/add/{eventId}
Resquest:
{
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
Response:
200:
{
"Attribute": {
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Edit an attribute:
PUT
https://misp.local/attributes/edit/{attributeId}
Resquest:
{
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
Response:
200:
{
"Attribute": {
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Delete an attribute:
DELETE
https://misp.local/attributes/delete/{attributeId}
Response:
200:
{
"message": "Attribute deleted."
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Restore an attribute:
POST
https://misp.local/attributes/restore/{attributeId}
Response:
200:
{
"Attribute": {
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Add a tag to an attribute:
POST
https://misp.local/attributes/addTag/{attributeId}/{tagId}/local:{local}
Response:
200:
{
"saved": true,
"success": "Tag added.",
"check_publish": true,
"errors": "Tag could not be added."
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Remove a tag from an attribute:
POST
https://misp.local/attributes/removeTag/{attributeId}/{tagId}
Response:
200:
{
"saved": true,
"success": "Tag removed.",
"check_publish": true,
"errors": "Tag could not be added."
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get a list of attributes:
GET
https://misp.local/attributes
Response:
200:
[
{
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
]
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get the count of attributes per category:
GET
https://misp.local/attributes/attributeStatistics/{context}/{percentage}
Response:
200:
[
{
"Antivirus detection": "10"
},
{
"Artifacts dropped": "20"
}
]
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get a list of the available attribute types:
GET
https://misp.local/attributes/describeTypes
Response:
200:
{
"sane_defaults": {
"md5": {
"default_category": "Payload delivery",
"to_ids": 1
},
"pdb": {
"default_category": "Artifacts dropped",
"to_ids": 0
}
},
"types": [
"md5"
],
"categories": [
"Internal reference"
],
"category_type_mappings": {
"Internal reference": [
"text",
"link",
"comment",
"other"
],
"Antivirus detection": [
"link",
"comment",
"text",
"hex",
"other"
]
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Events
[restSearch] Get a filtered and paginated list of events:
POST
https://misp.local/events/restSearch
Request:
{
"page": 1,
"limit": 0,
"value": "127.0.0.1",
"type": "md5",
"category": "Internal reference",
"org": "12345",
"tags": [
"tlp:amber"
],
"event_tags": [
"tlp:amber"
],
"searchall": "malware",
"from": "string",
"to": "string",
"last": 0,
"eventid": "12345",
"withAttachments": false,
"sharinggroup": [
"1"
],
"metadata": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"publish_timestamp": "1617875568",
"timestamp": "1617875568",
"published": false,
"enforceWarninglist": true,
"sgReferenceOnly": true,
"requested_attributes": [
"id"
],
"includeContext": true,
"headerless": true,
"includeWarninglistHits": true,
"attackGalaxy": "mitre-attack",
"to_ids": true,
"deleted": false,
"excludeLocalTags": true,
"date": "string",
"includeSightingdb": true,
"tag": "tlp:white",
"object_relation": "filepath",
"threat_level_id": "1",
"returnFormat": "json"
}
Resquest:
200:
{
"response": [
{
"Event": {
"id": "12345",
"org_id": "12345",
"distribution": "0",
"info": "logged source ip",
"orgc_id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"date": "1991-01-15",
"published": false,
"analysis": "0",
"attribute_count": "321",
"timestamp": "1617875568",
"sharing_group_id": "1",
"proposal_email_lock": true,
"locked": true,
"threat_level_id": "1",
"publish_timestamp": "1617875568",
"sighting_timestamp": "1617875568",
"disable_correlation": false,
"extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"event_creator_email": "user@example.com",
"Feed": {
"id": "3",
"name": "CIRCL OSINT Feed",
"provider": "CIRCL",
"url": "https://www.circl.lu/doc/misp/feed-osint",
"rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
"enabled": true,
"distribution": "0",
"sharing_group_id": "1",
"tag_id": "12345",
"default": true,
"source_format": "1",
"fixed_event": true,
"delta_merge": true,
"event_id": "12345",
"publish": false,
"override_ids": true,
"settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\"\"},\"common\":{\"excluderegex\":\"\"},\"disable_correlation\":\"1\"}",
"input_source": "local",
"delete_local_file": true,
"lookup_visible": true,
"headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
"caching_enabled": true,
"force_to_ids": true,
"orgc_id": "12345",
"cache_timestamp": "1617875568"
},
"Org": {
"id": "12345",
"name": "ORGNAME",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
},
"Orgc": {
"id": "12345",
"name": "ORGNAME",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
},
"Attribute": [
{
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
],
"ShadowAttribute": [
{
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
],
"RelatedEvent": [
{}
],
"Galaxy": [
{
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"name": "Ransomware",
"type": "ransomware",
"description": "Ransomware galaxy based on ...",
"version": "1",
"icon": "globe",
"namespace": "misp",
"kill_chain_order": {
"fraud-tactics": [
"Initiation",
"Target Compromise",
"Perform Fraud",
"Obtain Fraudulent Assets",
"Assets Transfer",
"Monetisation"
]
}
}
],
"Object": [
{
"id": "12345",
"name": "ail-leak",
"meta-category": "string",
"description": "string",
"template_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"template_version": "1",
"event_id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "string",
"deleted": true,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000",
"Attribute": [
{
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
]
}
],
"EventReport": [
{
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"event_id": "12345",
"name": "Report of the incident",
"content": "string",
"distribution": "0",
"sharing_group_id": "1",
"timestamp": "1617875568",
"deleted": false
}
],
"Tag": [
{
"id": "12345",
"name": "tlp:white",
"colour": "#ffffff",
"exportable": true,
"org_id": "12345",
"user_id": "12345",
"hide_tag": false,
"numerical_value": "12345",
"is_galaxy": true,
"is_custom_galaxy": true,
"inherited": 1
}
],
"Event": {
"id": "12345",
"timestamp": "1617875568",
"sighting_timestamp": "1617875568",
"published": false,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"orgc_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
}
}
}
]
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Add event:
POST
https://misp.local/events/add
Request:
{
"org_id": "12345",
"distribution": "0",
"info": "logged source ip",
"orgc_id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"date": "1991-01-15",
"published": false,
"analysis": "0",
"attribute_count": "321",
"timestamp": "1617875568",
"sharing_group_id": "1",
"proposal_email_lock": true,
"locked": true,
"threat_level_id": "1",
"publish_timestamp": "1617875568",
"sighting_timestamp": "1617875568",
"disable_correlation": false,
"extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"event_creator_email": "user@example.com"
}
Response:
200:
{
"Event": {
"id": "12345",
"org_id": "12345",
"distribution": "0",
"info": "logged source ip",
"orgc_id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"date": "1991-01-15",
"published": false,
"analysis": "0",
"attribute_count": "321",
"timestamp": "1617875568",
"sharing_group_id": "1",
"proposal_email_lock": true,
"locked": true,
"threat_level_id": "1",
"publish_timestamp": "1617875568",
"sighting_timestamp": "1617875568",
"disable_correlation": false,
"extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"event_creator_email": "user@example.com",
"Feed": {
"id": "3",
"name": "CIRCL OSINT Feed",
"provider": "CIRCL",
"url": "https://www.circl.lu/doc/misp/feed-osint",
"rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
"enabled": true,
"distribution": "0",
"sharing_group_id": "1",
"tag_id": "12345",
"default": true,
"source_format": "1",
"fixed_event": true,
"delta_merge": true,
"event_id": "12345",
"publish": false,
"override_ids": true,
"settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\"\"},\"common\":{\"excluderegex\":\"\"},\"disable_correlation\":\"1\"}",
"input_source": "local",
"delete_local_file": true,
"lookup_visible": true,
"headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
"caching_enabled": true,
"force_to_ids": true,
"orgc_id": "12345",
"cache_timestamp": "1617875568"
},
"Org": {
"id": "12345",
"name": "ORGNAME",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
},
"Orgc": {
"id": "12345",
"name": "ORGNAME",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
},
"Attribute": [
{
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
],
"ShadowAttribute": [
{
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
],
"RelatedEvent": [
{}
],
"Galaxy": [
{
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"name": "Ransomware",
"type": "ransomware",
"description": "Ransomware galaxy based on ...",
"version": "1",
"icon": "globe",
"namespace": "misp",
"kill_chain_order": {
"fraud-tactics": [
"Initiation",
"Target Compromise",
"Perform Fraud",
"Obtain Fraudulent Assets",
"Assets Transfer",
"Monetisation"
]
}
}
],
"Object": [
{
"id": "12345",
"name": "ail-leak",
"meta-category": "string",
"description": "string",
"template_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"template_version": "1",
"event_id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "string",
"deleted": true,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000",
"Attribute": [
{
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
]
}
],
"EventReport": [
{
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"event_id": "12345",
"name": "Report of the incident",
"content": "string",
"distribution": "0",
"sharing_group_id": "1",
"timestamp": "1617875568",
"deleted": false
}
],
"Tag": [
{
"id": "12345",
"name": "tlp:white",
"colour": "#ffffff",
"exportable": true,
"org_id": "12345",
"user_id": "12345",
"hide_tag": false,
"numerical_value": "12345",
"is_galaxy": true,
"is_custom_galaxy": true,
"inherited": 1
}
]
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Edit event:
PUT
https://misp.local/events/edit/{eventId}
Request:
{
"org_id": "12345",
"distribution": "0",
"info": "logged source ip",
"orgc_id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"date": "1991-01-15",
"published": false,
"analysis": "0",
"attribute_count": "321",
"timestamp": "1617875568",
"sharing_group_id": "1",
"proposal_email_lock": true,
"locked": true,
"threat_level_id": "1",
"publish_timestamp": "1617875568",
"sighting_timestamp": "1617875568",
"disable_correlation": false,
"extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"event_creator_email": "user@example.com"
}
Response:
200:
{
"Event": {
"id": "12345",
"org_id": "12345",
"distribution": "0",
"info": "logged source ip",
"orgc_id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"date": "1991-01-15",
"published": false,
"analysis": "0",
"attribute_count": "321",
"timestamp": "1617875568",
"sharing_group_id": "1",
"proposal_email_lock": true,
"locked": true,
"threat_level_id": "1",
"publish_timestamp": "1617875568",
"sighting_timestamp": "1617875568",
"disable_correlation": false,
"extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"event_creator_email": "user@example.com",
"Feed": {
"id": "3",
"name": "CIRCL OSINT Feed",
"provider": "CIRCL",
"url": "https://www.circl.lu/doc/misp/feed-osint",
"rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
"enabled": true,
"distribution": "0",
"sharing_group_id": "1",
"tag_id": "12345",
"default": true,
"source_format": "1",
"fixed_event": true,
"delta_merge": true,
"event_id": "12345",
"publish": false,
"override_ids": true,
"settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\"\"},\"common\":{\"excluderegex\":\"\"},\"disable_correlation\":\"1\"}",
"input_source": "local",
"delete_local_file": true,
"lookup_visible": true,
"headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
"caching_enabled": true,
"force_to_ids": true,
"orgc_id": "12345",
"cache_timestamp": "1617875568"
},
"Org": {
"id": "12345",
"name": "ORGNAME",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
},
"Orgc": {
"id": "12345",
"name": "ORGNAME",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
},
"Attribute": [
{
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
],
"ShadowAttribute": [
{
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
],
"RelatedEvent": [
{}
],
"Galaxy": [
{
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"name": "Ransomware",
"type": "ransomware",
"description": "Ransomware galaxy based on ...",
"version": "1",
"icon": "globe",
"namespace": "misp",
"kill_chain_order": {
"fraud-tactics": [
"Initiation",
"Target Compromise",
"Perform Fraud",
"Obtain Fraudulent Assets",
"Assets Transfer",
"Monetisation"
]
}
}
],
"Object": [
{
"id": "12345",
"name": "ail-leak",
"meta-category": "string",
"description": "string",
"template_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"template_version": "1",
"event_id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "string",
"deleted": true,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000",
"Attribute": [
{
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
]
}
],
"EventReport": [
{
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"event_id": "12345",
"name": "Report of the incident",
"content": "string",
"distribution": "0",
"sharing_group_id": "1",
"timestamp": "1617875568",
"deleted": false
}
],
"Tag": [
{
"id": "12345",
"name": "tlp:white",
"colour": "#ffffff",
"exportable": true,
"org_id": "12345",
"user_id": "12345",
"hide_tag": false,
"numerical_value": "12345",
"is_galaxy": true,
"is_custom_galaxy": true,
"inherited": 1
}
]
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Delete event:
DELETE
https://misp.local/events/delete/{eventId}
Response:
200:
{
"saved": true,
"success": true,
"name": "Event deleted.",
"message": "Could not delete Event",
"url": "/events/delete/1",
"errors": "Event was not deleted."
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get a list of events:
GET
https://misp.local/events
Response:
200:
[
{
"id": "12345",
"org_id": "12345",
"distribution": "0",
"info": "logged source ip",
"orgc_id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"date": "1991-01-15",
"published": false,
"analysis": "0",
"attribute_count": "321",
"timestamp": "1617875568",
"sharing_group_id": "1",
"proposal_email_lock": true,
"locked": true,
"threat_level_id": "1",
"publish_timestamp": "1617875568",
"sighting_timestamp": "1617875568",
"disable_correlation": false,
"extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"event_creator_email": "user@example.com",
"Feed": {
"id": "3",
"name": "CIRCL OSINT Feed",
"provider": "CIRCL",
"url": "https://www.circl.lu/doc/misp/feed-osint",
"rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
"enabled": true,
"distribution": "0",
"sharing_group_id": "1",
"tag_id": "12345",
"default": true,
"source_format": "1",
"fixed_event": true,
"delta_merge": true,
"event_id": "12345",
"publish": false,
"override_ids": true,
"settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\"\"},\"common\":{\"excluderegex\":\"\"},\"disable_correlation\":\"1\"}",
"input_source": "local",
"delete_local_file": true,
"lookup_visible": true,
"headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
"caching_enabled": true,
"force_to_ids": true,
"orgc_id": "12345",
"cache_timestamp": "1617875568"
},
"Org": {
"id": "12345",
"name": "ORGNAME",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
},
"Orgc": {
"id": "12345",
"name": "ORGNAME",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
},
"Attribute": [
{
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
],
"ShadowAttribute": [
{
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
],
"RelatedEvent": [
{}
],
"Galaxy": [
{
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"name": "Ransomware",
"type": "ransomware",
"description": "Ransomware galaxy based on ...",
"version": "1",
"icon": "globe",
"namespace": "misp",
"kill_chain_order": {
"fraud-tactics": [
"Initiation",
"Target Compromise",
"Perform Fraud",
"Obtain Fraudulent Assets",
"Assets Transfer",
"Monetisation"
]
}
}
],
"Object": [
{
"id": "12345",
"name": "ail-leak",
"meta-category": "string",
"description": "string",
"template_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"template_version": "1",
"event_id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "string",
"deleted": true,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000",
"Attribute": [
{
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
]
}
],
"EventReport": [
{
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"event_id": "12345",
"name": "Report of the incident",
"content": "string",
"distribution": "0",
"sharing_group_id": "1",
"timestamp": "1617875568",
"deleted": false
}
],
"Tag": [
{
"id": "12345",
"name": "tlp:white",
"colour": "#ffffff",
"exportable": true,
"org_id": "12345",
"user_id": "12345",
"hide_tag": false,
"numerical_value": "12345",
"is_galaxy": true,
"is_custom_galaxy": true,
"inherited": 1
}
]
}
]
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Search events:
POST
https://misp.local/events/index
Request:
{
"page": 1,
"limit": 0,
"sort": "timestamp",
"direction": "asc",
"minimal": false,
"attribute": "covert channel",
"eventid": "12345",
"datefrom": "2021-03-05",
"dateuntil": "2021-03-05",
"org": "CIRCL",
"eventinfo": "Phishing campaing",
"tag": "tlp:white",
"tags": [
"tlp:amber",
"cycat:scope=\"exploit\""
],
"distribution": "0",
"sharinggroup": "1",
"analysis": "0",
"threatlevel": "1",
"email": "admin@admin.test",
"hasproposal": "1",
"timestamp": "1",
"publish_timestamp": "1",
"searchDatefrom": "2020-01-20",
"searchDateuntil": "2020-01-20"
}
Response:
200:
[
{
"id": "12345",
"org_id": "12345",
"distribution": "0",
"info": "logged source ip",
"orgc_id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"date": "1991-01-15",
"published": false,
"analysis": "0",
"attribute_count": "321",
"timestamp": "1617875568",
"sharing_group_id": "1",
"proposal_email_lock": true,
"locked": true,
"threat_level_id": "1",
"publish_timestamp": "1617875568",
"sighting_timestamp": "1617875568",
"disable_correlation": false,
"extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"event_creator_email": "user@example.com",
"Feed": {
"id": "3",
"name": "CIRCL OSINT Feed",
"provider": "CIRCL",
"url": "https://www.circl.lu/doc/misp/feed-osint",
"rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
"enabled": true,
"distribution": "0",
"sharing_group_id": "1",
"tag_id": "12345",
"default": true,
"source_format": "1",
"fixed_event": true,
"delta_merge": true,
"event_id": "12345",
"publish": false,
"override_ids": true,
"settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\"\"},\"common\":{\"excluderegex\":\"\"},\"disable_correlation\":\"1\"}",
"input_source": "local",
"delete_local_file": true,
"lookup_visible": true,
"headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
"caching_enabled": true,
"force_to_ids": true,
"orgc_id": "12345",
"cache_timestamp": "1617875568"
},
"Org": {
"id": "12345",
"name": "ORGNAME",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
},
"Orgc": {
"id": "12345",
"name": "ORGNAME",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
},
"Attribute": [
{
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
],
"ShadowAttribute": [
{
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
],
"RelatedEvent": [
{}
],
"Galaxy": [
{
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"name": "Ransomware",
"type": "ransomware",
"description": "Ransomware galaxy based on ...",
"version": "1",
"icon": "globe",
"namespace": "misp",
"kill_chain_order": {
"fraud-tactics": [
"Initiation",
"Target Compromise",
"Perform Fraud",
"Obtain Fraudulent Assets",
"Assets Transfer",
"Monetisation"
]
}
}
],
"Object": [
{
"id": "12345",
"name": "ail-leak",
"meta-category": "string",
"description": "string",
"template_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"template_version": "1",
"event_id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "string",
"deleted": true,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000",
"Attribute": [
{
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
]
}
],
"EventReport": [
{
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"event_id": "12345",
"name": "Report of the incident",
"content": "string",
"distribution": "0",
"sharing_group_id": "1",
"timestamp": "1617875568",
"deleted": false
}
],
"Tag": [
{
"id": "12345",
"name": "tlp:white",
"colour": "#ffffff",
"exportable": true,
"org_id": "12345",
"user_id": "12345",
"hide_tag": false,
"numerical_value": "12345",
"is_galaxy": true,
"is_custom_galaxy": true,
"inherited": 1
}
]
}
]
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get event by ID:
GET
https://misp.local/events/view/{eventId}
Response:
200:
{
"Event": {
"id": "12345",
"org_id": "12345",
"distribution": "0",
"info": "logged source ip",
"orgc_id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"date": "1991-01-15",
"published": false,
"analysis": "0",
"attribute_count": "321",
"timestamp": "1617875568",
"sharing_group_id": "1",
"proposal_email_lock": true,
"locked": true,
"threat_level_id": "1",
"publish_timestamp": "1617875568",
"sighting_timestamp": "1617875568",
"disable_correlation": false,
"extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"event_creator_email": "user@example.com",
"Feed": {
"id": "3",
"name": "CIRCL OSINT Feed",
"provider": "CIRCL",
"url": "https://www.circl.lu/doc/misp/feed-osint",
"rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
"enabled": true,
"distribution": "0",
"sharing_group_id": "1",
"tag_id": "12345",
"default": true,
"source_format": "1",
"fixed_event": true,
"delta_merge": true,
"event_id": "12345",
"publish": false,
"override_ids": true,
"settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\"\"},\"common\":{\"excluderegex\":\"\"},\"disable_correlation\":\"1\"}",
"input_source": "local",
"delete_local_file": true,
"lookup_visible": true,
"headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
"caching_enabled": true,
"force_to_ids": true,
"orgc_id": "12345",
"cache_timestamp": "1617875568"
},
"Org": {
"id": "12345",
"name": "ORGNAME",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
},
"Orgc": {
"id": "12345",
"name": "ORGNAME",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
},
"Attribute": [
{
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
],
"ShadowAttribute": [
{
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
],
"RelatedEvent": [
{}
],
"Galaxy": [
{
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"name": "Ransomware",
"type": "ransomware",
"description": "Ransomware galaxy based on ...",
"version": "1",
"icon": "globe",
"namespace": "misp",
"kill_chain_order": {
"fraud-tactics": [
"Initiation",
"Target Compromise",
"Perform Fraud",
"Obtain Fraudulent Assets",
"Assets Transfer",
"Monetisation"
]
}
}
],
"Object": [
{
"id": "12345",
"name": "ail-leak",
"meta-category": "string",
"description": "string",
"template_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"template_version": "1",
"event_id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "string",
"deleted": true,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000",
"Attribute": [
{
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
]
}
],
"EventReport": [
{
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"event_id": "12345",
"name": "Report of the incident",
"content": "string",
"distribution": "0",
"sharing_group_id": "1",
"timestamp": "1617875568",
"deleted": false
}
],
"Tag": [
{
"id": "12345",
"name": "tlp:white",
"colour": "#ffffff",
"exportable": true,
"org_id": "12345",
"user_id": "12345",
"hide_tag": false,
"numerical_value": "12345",
"is_galaxy": true,
"is_custom_galaxy": true,
"inherited": 1
}
]
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Publish an event:
POST
https://misp.local/events/publish/{eventId}
Response:
200:
{
"name": "Publish",
"message": "Job queued",
"url": "https://misp.local/events/alert/1",
"id": "string"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Unpublish an event:
POST
https://misp.local/events/addTag/{eventId}/{tagId}/local:{local}
Response:
200:
{
"saved": true,
"success": true,
"name": "Event unpublished.",
"message": "Event unpublished.",
"url": "/events/unpublish/1"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Add event tag:
POST
https://misp.local/events/addTag/{eventId}/{tagId}/local:{local}
Response:
200:
{
"saved": true,
"success": "Tag added.",
"check_publish": true,
"errors": "Tag could not be added."
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Remove event tag:
POST
https://misp.local/events/removeTag/{eventId}/{tagId}
Response:
200:
{
"saved": true,
"success": "Tag removed.",
"check_publish": true,
"errors": "Tag could not be added."
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Galaxies
Get galaxies:
GET
https://misp.local/galaxies
Response:
200:
[
{
"Galaxy": {
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"name": "Ransomware",
"type": "ransomware",
"description": "Ransomware galaxy based on ...",
"version": "1",
"icon": "globe",
"namespace": "misp",
"kill_chain_order": {
"fraud-tactics": [
"Initiation",
"Target Compromise",
"Perform Fraud",
"Obtain Fraudulent Assets",
"Assets Transfer",
"Monetisation"
]
}
}
}
]
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Search galaxies:
POST
https://misp.local/galaxies
Request:
{
"value": "botnet"
}
Response:
200:
[
{
"Galaxy": {
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"name": "Ransomware",
"type": "ransomware",
"description": "Ransomware galaxy based on ...",
"version": "1",
"icon": "globe",
"namespace": "misp",
"kill_chain_order": {
"fraud-tactics": [
"Initiation",
"Target Compromise",
"Perform Fraud",
"Obtain Fraudulent Assets",
"Assets Transfer",
"Monetisation"
]
}
}
}
]
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get galaxy by ID:
POST
https://misp.local/galaxies
Response:
200:
{
"Galaxy": {
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"name": "Ransomware",
"type": "ransomware",
"description": "Ransomware galaxy based on ...",
"version": "1",
"icon": "globe",
"namespace": "misp",
"kill_chain_order": {
"fraud-tactics": [
"Initiation",
"Target Compromise",
"Perform Fraud",
"Obtain Fraudulent Assets",
"Assets Transfer",
"Monetisation"
]
}
},
"GalaxyCluster": [
{
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"collection_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"type": "mitre-enterprise-attack-attack-pattern",
"value": "Brute Force - T1110",
"tag_name": "tlp:white",
"description": "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained...",
"galaxy_id": "12345",
"source": "https://github.com/mitre/cti",
"authors": [
"MITRE"
],
"version": "1",
"distribution": "0",
"sharing_group_id": "1",
"org_id": "12345",
"orgc_id": "12345",
"default": true,
"locked": true,
"extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"extends_version": "1",
"published": false,
"deleted": false,
"GalaxyElement": [
{
"id": "12345",
"galaxy_cluster_id": "12345",
"key": "categories",
"value": "Military"
}
]
}
]
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Force update the galaxies with the galaxy json definitions:
POST
https://misp.local/galaxies/update
Response:
200:
{
"saved": true,
"success": true,
"name": "Galaxies updated.",
"message": "Galaxies updated.",
"url": "/galaxies/update"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Delete a galaxy:
DELETE
https://misp.local/galaxies/delete/{galaxyId}
Response:
200:
{
"saved": true,
"success": true,
"name": "Galaxy deleted",
"message": "Galaxy deleted",
"url": "/galaxies/delete"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Import a galaxy cluster:
POST
https://misp.local/galaxies/import
Request:
[
{
"GalaxyCluster": {
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"collection_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"type": "mitre-enterprise-attack-attack-pattern",
"value": "Brute Force - T1110",
"tag_name": "tlp:white",
"description": "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained...",
"galaxy_id": "12345",
"source": "https://github.com/mitre/cti",
"authors": [
"MITRE"
],
"version": "1",
"distribution": "0",
"sharing_group_id": "1",
"org_id": "12345",
"orgc_id": "12345",
"default": true,
"locked": true,
"extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"extends_version": "1",
"published": false,
"deleted": false,
"GalaxyElement": [
{
"id": "12345",
"galaxy_cluster_id": "12345",
"key": "categories",
"value": "Military"
}
]
},
"Galaxy": {
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
}
}
]
Response:
200:
{
"saved": true,
"success": true,
"name": "'Galaxy clusters imported. 1 imported, 0 ignored, 0 failed.",
"message": "'Galaxy clusters imported. 1 imported, 0 ignored, 0 failed.",
"url": "/galaxies/import"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Export galaxy clusters
POST
https://misp.local/galaxies/export/{galaxyId}
Request:
{
"Galaxy": {
"default": true,
"custom": true,
"distribution": "0",
"format": "default",
"download": true
}
}
Response:
200:
GalaxyMispFormat:
{
"name": "Ransomware",
"type": "ransomware",
"authors": [
"MITRE"
],
"version": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"source": "https://github.com/mitre/cti",
"values": [
{
"description": "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained...",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"value": "Brute Force - T1110",
"extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"extends_Version": "1",
"meta": [
{
"categories": "botnet"
},
{
"refs": "http://example.com"
},
{
"aliases": [
"malware",
"win32",
"windows"
]
},
{
"topics": [
"Windows",
"Malware"
]
}
]
}
]
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Attach the galaxy cluster tag a given entity
POST
https://misp.local/galaxies/attachCluster/{attachTargetId}/{attachTargetType}/local:{local}
Request:
{
"Galaxy": {
"target_id": 1235
}
}
Response:
200:
{
"saved": true,
"success": "Cluster attached.",
"check_publish": true
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Galaxy Cluster
Add galaxy cluster:
GET
https://misp.local/galaxies
Request:
{
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"collection_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"type": "mitre-enterprise-attack-attack-pattern",
"value": "Brute Force - T1110",
"tag_name": "tlp:white",
"description": "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained...",
"galaxy_id": "12345",
"source": "https://github.com/mitre/cti",
"authors": [
"MITRE"
],
"version": "1",
"distribution": "0",
"sharing_group_id": "1",
"org_id": "12345",
"orgc_id": "12345",
"default": true,
"locked": true,
"extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"extends_version": "1",
"published": false,
"deleted": false,
"GalaxyElement": [
{
"id": "12345",
"galaxy_cluster_id": "12345",
"key": "categories",
"value": "Military"
}
]
}
Response:
200:
{
"GalaxyCluster": {
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"collection_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"type": "mitre-enterprise-attack-attack-pattern",
"value": "Brute Force - T1110",
"tag_name": "tlp:white",
"description": "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained...",
"galaxy_id": "12345",
"source": "https://github.com/mitre/cti",
"authors": [
"MITRE"
],
"version": "1",
"distribution": "0",
"sharing_group_id": "1",
"org_id": "12345",
"orgc_id": "12345",
"default": true,
"locked": true,
"extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"extends_version": "1",
"published": false,
"deleted": false,
"GalaxyElement": [
{
"id": "12345",
"galaxy_cluster_id": "12345",
"key": "categories",
"value": "Military"
}
]
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Edit galaxy cluster
POST
https://misp.local/galaxy_clusters/add/{galaxyId}
Request:
{
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"collection_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"type": "mitre-enterprise-attack-attack-pattern",
"value": "Brute Force - T1110",
"tag_name": "tlp:white",
"description": "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained...",
"galaxy_id": "12345",
"source": "https://github.com/mitre/cti",
"authors": [
"MITRE"
],
"version": "1",
"distribution": "0",
"sharing_group_id": "1",
"org_id": "12345",
"orgc_id": "12345",
"default": true,
"locked": true,
"extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"extends_version": "1",
"published": false,
"deleted": false,
"GalaxyElement": [
{
"id": "12345",
"galaxy_cluster_id": "12345",
"key": "categories",
"value": "Military"
}
]
}
Response:
200:
{
"GalaxyCluster": {
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"collection_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"type": "mitre-enterprise-attack-attack-pattern",
"value": "Brute Force - T1110",
"tag_name": "tlp:white",
"description": "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained...",
"galaxy_id": "12345",
"source": "https://github.com/mitre/cti",
"authors": [
"MITRE"
],
"version": "1",
"distribution": "0",
"sharing_group_id": "1",
"org_id": "12345",
"orgc_id": "12345",
"default": true,
"locked": true,
"extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"extends_version": "1",
"published": false,
"deleted": false,
"GalaxyElement": [
{
"id": "12345",
"galaxy_cluster_id": "12345",
"key": "categories",
"value": "Military"
}
]
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get galaxy clusters:
GET
https://misp.local/galaxy_clusters/add/{galaxyId}
Response:
200:
[
{
"GalaxyCluster": {
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"collection_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"type": "mitre-enterprise-attack-attack-pattern",
"value": "Brute Force - T1110",
"tag_name": "tlp:white",
"description": "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained...",
"galaxy_id": "12345",
"source": "https://github.com/mitre/cti",
"authors": [
"MITRE"
],
"version": "1",
"distribution": "0",
"sharing_group_id": "1",
"org_id": "12345",
"orgc_id": "12345",
"default": true,
"locked": true,
"extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"extends_version": "1",
"published": false,
"deleted": false,
"GalaxyElement": [
{
"id": "12345",
"galaxy_cluster_id": "12345",
"key": "categories",
"value": "Military"
}
]
}
}
]
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Search galaxy clusters:
POST
https://misp.local/galaxy_clusters/add/{galaxyId}
Request:
{
"context": "all",
"searchall": "botnet"
}
Response:
200:
[
{
"GalaxyCluster": {
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"collection_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"type": "mitre-enterprise-attack-attack-pattern",
"value": "Brute Force - T1110",
"tag_name": "tlp:white",
"description": "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained...",
"galaxy_id": "12345",
"source": "https://github.com/mitre/cti",
"authors": [
"MITRE"
],
"version": "1",
"distribution": "0",
"sharing_group_id": "1",
"org_id": "12345",
"orgc_id": "12345",
"default": true,
"locked": true,
"extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"extends_version": "1",
"published": false,
"deleted": false,
"GalaxyElement": [
{
"id": "12345",
"galaxy_cluster_id": "12345",
"key": "categories",
"value": "Military"
}
]
}
}
]
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get galaxy cluster by ID:
Get
https://misp.local/galaxy_clusters/view/{galaxyClusterId}
Response:
200:
{
"GalaxyCluster": {
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"collection_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"type": "mitre-enterprise-attack-attack-pattern",
"value": "Brute Force - T1110",
"tag_name": "tlp:white",
"description": "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained...",
"galaxy_id": "12345",
"source": "https://github.com/mitre/cti",
"authors": [
"MITRE"
],
"version": "1",
"distribution": "0",
"sharing_group_id": "1",
"org_id": "12345",
"orgc_id": "12345",
"default": true,
"locked": true,
"extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"extends_version": "1",
"published": false,
"deleted": false,
"GalaxyElement": [
{
"id": "12345",
"galaxy_cluster_id": "12345",
"key": "categories",
"value": "Military"
}
],
"Galaxy": {
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"name": "Ransomware",
"type": "ransomware",
"description": "Ransomware galaxy based on ...",
"version": "1",
"icon": "globe",
"namespace": "misp",
"kill_chain_order": {
"fraud-tactics": [
"Initiation",
"Target Compromise",
"Perform Fraud",
"Obtain Fraudulent Assets",
"Assets Transfer",
"Monetisation"
]
}
},
"GalaxyClusterRelation": [
{
"id": "12345",
"galaxy_cluster_id": "12345",
"key": "categories",
"value": "Military"
}
],
"Org": {
"id": "12345",
"name": "ORGNAME",
"date_created": "2021-06-14 14:29:19",
"date_modified": "2021-06-14 14:29:19",
"description": "string",
"type": "ADMIN",
"nationality": "string",
"sector": "string",
"created_by": "12345",
"uuid": "string",
"contacts": "string",
"local": true,
"restricted_to_domain": [
"example.com"
],
"landingpage": "string",
"user_count": "3",
"created_by_email": "string"
},
"Orgc": {
"id": "12345",
"name": "ORGNAME",
"date_created": "2021-06-14 14:29:19",
"date_modified": "2021-06-14 14:29:19",
"description": "string",
"type": "ADMIN",
"nationality": "string",
"sector": "string",
"created_by": "12345",
"uuid": "string",
"contacts": "string",
"local": true,
"restricted_to_domain": [
"example.com"
],
"landingpage": "string",
"user_count": "3",
"created_by_email": "string"
},
"tag_count": 0,
"tag_id": "12345"
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Publish galaxy cluster:
POST
https://misp.local/galaxy_clusters/publish/{galaxyClusterId}
Response:
200:
{
"message": "Publish job queued. Job ID: 4e9d26c275a7b190fcab10029df8c6b6"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Unpublish galaxy cluster:
POST
https://misp.local/galaxy_clusters/unpublish/{galaxyClusterId}
Response:
200:
{
"saved": true,
"success": true,
"name": "GalaxyCluster unpublished",
"message": "GalaxyCluster unpublished",
"url": "/galaxy_clusters/publish/1"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Delete galaxy cluster:
POST
https://misp.local/galaxy_clusters/unpublish/{galaxyClusterId}
Response:
200:
{
"saved": true,
"success": true,
"name": "Galaxy cluster successfuly soft deleted.",
"message": "Galaxy cluster successfuly soft deleted.",
"url": "/galaxy_clusters/delete/1"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Restore galaxy cluster:
POST
https://misp.local/galaxy_clusters/unpublish/{galaxyClusterId}
Response:
200:
{
"saved": true,
"success": true,
"name": "GalaxyCluster restored",
"message": "GalaxyCluster restored",
"url": "/galaxy_clusters/restore/1"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Users
Reset user password:
POST
https://misp.local/users/initiatePasswordReset/{userId}/{firstTimeReset}
Response:
200:
{
"saved": true,
"success": "New credentials sent."
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Add user:
POST
https://misp.local/users/initiatePasswordReset/{userId}/{firstTimeReset}
Request:
{
"org_id": "12345",
"server_id": "12345",
"email": "user@example.com",
"autoalert": true,
"authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
"invited_by": "12345",
"gpgkey": "string",
"certif_public": "string",
"nids_sid": "4000000",
"termsaccepted": true,
"newsread": "1617875568",
"role_id": "3",
"change_pw": "0",
"contactalert": true,
"disabled": true,
"expiration": "2019-08-24T14:15:22Z",
"current_login": "1617875568",
"last_login": "1617875568",
"force_logout": true,
"date_created": "1617875568",
"date_modified": "1617875568"
}
Response:
200:
{
"id": "12345",
"org_id": "12345",
"server_id": "12345",
"email": "user@example.com",
"autoalert": true,
"authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
"invited_by": "12345",
"gpgkey": "string",
"certif_public": "string",
"nids_sid": "4000000",
"termsaccepted": true,
"newsread": "1617875568",
"role_id": "3",
"change_pw": "0",
"contactalert": true,
"disabled": true,
"expiration": "2019-08-24T14:15:22Z",
"current_login": "1617875568",
"last_login": "1617875568",
"force_logout": true,
"date_created": "1617875568",
"date_modified": "1617875568"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Edit user:
PUT
https://misp.local/admin/users/edit/{userId}
Request:
{
"id": "12345",
"org_id": "12345",
"server_id": "12345",
"email": "user@example.com",
"autoalert": true,
"authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
"invited_by": "12345",
"gpgkey": "string",
"certif_public": "string",
"nids_sid": "4000000",
"termsaccepted": true,
"newsread": "1617875568",
"role_id": "3",
"change_pw": "0",
"contactalert": true,
"disabled": true,
"expiration": "2019-08-24T14:15:22Z",
"current_login": "1617875568",
"last_login": "1617875568",
"force_logout": true,
"date_created": "1617875568",
"date_modified": "1617875568"
}
Response:
200:
{
"id": "12345",
"org_id": "12345",
"server_id": "12345",
"email": "user@example.com",
"autoalert": true,
"authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
"invited_by": "12345",
"gpgkey": "string",
"certif_public": "string",
"nids_sid": "4000000",
"termsaccepted": true,
"newsread": "1617875568",
"role_id": "3",
"change_pw": "0",
"contactalert": true,
"disabled": true,
"expiration": "2019-08-24T14:15:22Z",
"current_login": "1617875568",
"last_login": "1617875568",
"force_logout": true,
"date_created": "1617875568",
"date_modified": "1617875568"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Delete user:
DELETE
https://misp.local/admin/users/delete/{userId}
Response:
200:
{
"saved": true,
"success": true,
"name": "User deleted.",
"message": "User deleted.",
"url": "/admin/users/delete/1"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get users:
GET
https://misp.local/admin/users
Response:
200:
[
{
"User": {
"id": "12345",
"org_id": "12345",
"server_id": "12345",
"email": "user@example.com",
"autoalert": true,
"authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
"invited_by": "12345",
"gpgkey": "string",
"certif_public": "string",
"nids_sid": "4000000",
"termsaccepted": true,
"newsread": "1617875568",
"role_id": "3",
"change_pw": "0",
"contactalert": true,
"disabled": true,
"expiration": "2019-08-24T14:15:22Z",
"current_login": "1617875568",
"last_login": "1617875568",
"force_logout": true,
"date_created": "1617875568",
"date_modified": "1617875568"
},
"Role": {
"id": "3",
"name": "ORGNAME",
"perm_add": true,
"perm_modify": true,
"perm_modify_org": true,
"perm_publish": true,
"perm_delegate": true,
"perm_sync": true,
"perm_admin": true,
"perm_audit": true,
"perm_auth": true,
"perm_site_admin": true,
"perm_regexp_access": true,
"perm_tagger": true,
"perm_template": true,
"perm_sharing_group": true,
"perm_tag_editor": true,
"perm_sighting": true,
"perm_object_template": true,
"perm_publish_zmq": true,
"perm_publish_kafka": true,
"perm_decaying": true,
"perm_galaxy_editor": true,
"default_role": true,
"memory_limit": "string",
"max_execution_time": "string",
"restricted_to_site_admin": true,
"enforce_rate_limit": true,
"rate_limit_count": "string",
"permission": "3",
"permission_description": "publish"
},
"Organisation": {
"id": "12345",
"name": "ORGNAME"
}
}
]
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get user by ID:
GET
https://misp.local/admin/users/view/{userId}
Response:
200:
{
"id": "12345",
"org_id": "12345",
"server_id": "12345",
"email": "user@example.com",
"autoalert": true,
"authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
"invited_by": "12345",
"gpgkey": "string",
"certif_public": "string",
"nids_sid": "4000000",
"termsaccepted": true,
"newsread": "1617875568",
"role_id": "3",
"change_pw": "0",
"contactalert": true,
"disabled": true,
"expiration": "2019-08-24T14:15:22Z",
"current_login": "1617875568",
"last_login": "1617875568",
"force_logout": true,
"date_created": "1617875568",
"date_modified": "1617875568",
"User": {
"id": "12345",
"org_id": "12345",
"server_id": "12345",
"email": "user@example.com",
"autoalert": true,
"authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
"invited_by": "12345",
"gpgkey": "string",
"certif_public": "string",
"nids_sid": "4000000",
"termsaccepted": true,
"newsread": "1617875568",
"role_id": "3",
"change_pw": "0",
"contactalert": true,
"disabled": true,
"expiration": "2019-08-24T14:15:22Z",
"current_login": "1617875568",
"last_login": "1617875568",
"force_logout": true,
"date_created": "1617875568",
"date_modified": "1617875568"
},
"Role": {
"id": "3",
"name": "ORGNAME",
"perm_add": true,
"perm_modify": true,
"perm_modify_org": true,
"perm_publish": true,
"perm_delegate": true,
"perm_sync": true,
"perm_admin": true,
"perm_audit": true,
"perm_auth": true,
"perm_site_admin": true,
"perm_regexp_access": true,
"perm_tagger": true,
"perm_template": true,
"perm_sharing_group": true,
"perm_tag_editor": true,
"perm_sighting": true,
"perm_object_template": true,
"perm_publish_zmq": true,
"perm_publish_kafka": true,
"perm_decaying": true,
"perm_galaxy_editor": true,
"default_role": true,
"memory_limit": "string",
"max_execution_time": "string",
"restricted_to_site_admin": true,
"enforce_rate_limit": true,
"rate_limit_count": "string",
"permission": "3",
"permission_description": "publish"
},
"UserSetting": {
"publish_alert_filter": [
{
"AND": [
{
"NOT": [
{
"EventTag.name": [
"%osint%"
]
}
]
},
{
"OR": [
{
"Tag.name": [
"tlp:green",
"tlp:amber",
"tlp:red",
"%privint%"
]
}
]
}
]
}
],
"dashboard_access": true,
"dashboard": [
{
"widget": "MispStatusWidget",
"position": {
"x": "0",
"y": "0",
"width": "2",
"height": "2"
}
}
],
"homepage": {
"path": "/events/index"
},
"default_restsearch_parameters": [
{
"AND": [
{
"NOT": [
{
"EventTag.name": [
"%osint%"
]
}
]
},
{
"OR": [
{
"Tag.name": [
"tlp:green",
"tlp:amber",
"tlp:red",
"%privint%"
]
}
]
}
]
}
],
"tag_numerical_value_override": [
{
"false-positive:risk='medium'": 99
}
],
"event_index_hide_columns": [
"clusters"
]
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Delete user TOTP:
DELETE
https://misp.local/users/totp_delete/{userId}
Response:
200:
{
"saved": true,
"success": true,
"name": "User TOTP deleted.",
"message": "User TOTP deleted.",
"url": "/users/totp_delete/1",
"id": "1"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid user",
"message": "Invalid user",
"url": "/users/totp_delete/1"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Organisations
Add organisation:
POST
https://misp.local/admin/organisations/add
Request:
{
"name": "ORGNAME",
"date_created": "2021-06-14 14:29:19",
"date_modified": "2021-06-14 14:29:19",
"description": "string",
"type": "ADMIN",
"nationality": "string",
"sector": "string",
"created_by": "12345",
"uuid": "string",
"contacts": "string",
"local": true,
"restricted_to_domain": [
"example.com"
],
"landingpage": "string",
"user_count": "3",
"created_by_email": "string"
}
Response:
200:
{
"id": "12345",
"name": "ORGNAME",
"date_created": "2021-06-14 14:29:19",
"date_modified": "2021-06-14 14:29:19",
"description": "string",
"type": "ADMIN",
"nationality": "string",
"sector": "string",
"created_by": "12345",
"uuid": "string",
"contacts": "string",
"local": true,
"restricted_to_domain": [
"example.com"
],
"landingpage": "string",
"user_count": "3",
"created_by_email": "string"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Edit organisation:
PUT
https://misp.local/admin/organisations/edit/{organisationId}
Request:
{
"name": "ORGNAME",
"type": "ADMIN",
"nationality": "string",
"sector": "string",
"contacts": "string",
"description": "string",
"local": true,
"uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f",
"restricted_to_domain": [
"example.com"
]
}
Response:
200:
{
"id": "12345",
"name": "ORGNAME",
"date_created": "2021-06-14 14:29:19",
"date_modified": "2021-06-14 14:29:19",
"description": "string",
"type": "ADMIN",
"nationality": "string",
"sector": "string",
"created_by": "12345",
"uuid": "string",
"contacts": "string",
"local": true,
"restricted_to_domain": [
"example.com"
],
"landingpage": "string",
"user_count": "3",
"created_by_email": "string"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Delete organisation:
DELETE
https://misp.local/admin/organisations/delete/{organisationId}
Response:
200:
{
"saved": true,
"success": true,
"name": "Organisation deleted",
"message": "Organisation deleted",
"url": "/admin/organisations/delete/1"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get organisations:
GET
https://misp.local/organisations
Response:
200:
[
{
"Organisation": {
"id": "12345",
"name": "ORGNAME",
"date_created": "2021-06-14 14:29:19",
"date_modified": "2021-06-14 14:29:19",
"description": "string",
"type": "ADMIN",
"nationality": "string",
"sector": "string",
"created_by": "12345",
"uuid": "string",
"contacts": "string",
"local": true,
"restricted_to_domain": [
"example.com"
],
"landingpage": "string",
"user_count": "3",
"created_by_email": "string"
}
}
]
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get organisation by ID:
GET
https://misp.local/organisations/view/{organisationId}
Response:
200:
{
"id": "12345",
"name": "ORGNAME",
"date_created": "2021-06-14 14:29:19",
"date_modified": "2021-06-14 14:29:19",
"description": "string",
"type": "ADMIN",
"nationality": "string",
"sector": "string",
"created_by": "12345",
"uuid": "string",
"contacts": "string",
"local": true,
"restricted_to_domain": [
"example.com"
],
"landingpage": "string",
"user_count": "3",
"created_by_email": "string"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Server
Add server:
POST
https://misp.local/servers/add
Request:
{
"name": "Phising Server",
"url": "https://misppriv.circl.lu",
"authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
"org_id": "12345",
"push": true,
"pull": true,
"push_sightings": true,
"push_galaxy_clusters": true,
"pull_galaxy_clusters": true,
"lastpulledid": "12345",
"lastpushedid": "12345",
"organization": "string",
"remote_org_id": "12345",
"publish_without_email": true,
"unpublish_event": true,
"self_signed": true,
"pull_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
"push_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]}}",
"cert_file": "string",
"client_cert_file": "string",
"internal": true,
"skip_proxy": true,
"caching_enabled": true,
"priority": "1",
"cache_timestamp": true
}
Response:
200:
{
"Server": {
"id": "12345",
"name": "Phising Server",
"url": "https://misppriv.circl.lu",
"authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
"org_id": "12345",
"push": true,
"pull": true,
"push_sightings": true,
"push_galaxy_clusters": true,
"pull_galaxy_clusters": true,
"lastpulledid": "12345",
"lastpushedid": "12345",
"organization": "string",
"remote_org_id": "12345",
"publish_without_email": true,
"unpublish_event": true,
"self_signed": true,
"pull_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
"push_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]}}",
"cert_file": "string",
"client_cert_file": "string",
"internal": true,
"skip_proxy": true,
"caching_enabled": true,
"priority": "1",
"cache_timestamp": true
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Edit server:
PUT
https://misp.local/servers/edit/{serverId}
Request:
{
"id": "12345",
"name": "Phising Server",
"url": "https://misppriv.circl.lu",
"authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
"org_id": "12345",
"push": true,
"pull": true,
"push_sightings": true,
"push_galaxy_clusters": true,
"pull_galaxy_clusters": true,
"lastpulledid": "12345",
"lastpushedid": "12345",
"organization": "string",
"remote_org_id": "12345",
"publish_without_email": true,
"unpublish_event": true,
"self_signed": true,
"pull_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
"push_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]}}",
"cert_file": "string",
"client_cert_file": "string",
"internal": true,
"skip_proxy": true,
"caching_enabled": true,
"priority": "1",
"cache_timestamp": true
}
Response:
200:
{
"Server": {
"id": "12345",
"name": "Phising Server",
"url": "https://misppriv.circl.lu",
"authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
"org_id": "12345",
"push": true,
"pull": true,
"push_sightings": true,
"push_galaxy_clusters": true,
"pull_galaxy_clusters": true,
"lastpulledid": "12345",
"lastpushedid": "12345",
"organization": "string",
"remote_org_id": "12345",
"publish_without_email": true,
"unpublish_event": true,
"self_signed": true,
"pull_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
"push_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]}}",
"cert_file": "string",
"client_cert_file": "string",
"internal": true,
"skip_proxy": true,
"caching_enabled": true,
"priority": "1",
"cache_timestamp": true
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Delete server:
POST
https://misp.local/servers/delete/{serverId}
Response:
200:
{
"saved": true,
"success": true,
"name": "Server deleted",
"message": "Server deleted",
"url": "/servers/delete/1"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get servers:
GET
https://misp.local/servers
Response:
200:
[
{
"Server": {
"id": "12345",
"name": "Phising Server",
"url": "https://misppriv.circl.lu",
"authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
"org_id": "12345",
"push": true,
"pull": true,
"push_sightings": true,
"push_galaxy_clusters": true,
"pull_galaxy_clusters": true,
"lastpulledid": "12345",
"lastpushedid": "12345",
"organization": "string",
"remote_org_id": "12345",
"publish_without_email": true,
"unpublish_event": true,
"self_signed": true,
"pull_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
"push_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]}}",
"cert_file": "string",
"client_cert_file": "string",
"internal": true,
"skip_proxy": true,
"caching_enabled": true,
"priority": "1",
"cache_timestamp": true
},
"Organisation": {
"id": "12345",
"name": "ORGNAME",
"date_created": "2021-06-14 14:29:19",
"date_modified": "2021-06-14 14:29:19",
"description": "string",
"type": "ADMIN",
"nationality": "string",
"sector": "string",
"created_by": "12345",
"uuid": "string",
"contacts": "string",
"local": true,
"restricted_to_domain": [
"example.com"
],
"landingpage": "string",
"user_count": "3",
"created_by_email": "string"
},
"RemoteOrg": {
"id": "12345",
"name": "ORGNAME",
"date_created": "2021-06-14 14:29:19",
"date_modified": "2021-06-14 14:29:19",
"description": "string",
"type": "ADMIN",
"nationality": "string",
"sector": "string",
"created_by": "12345",
"uuid": "string",
"contacts": "string",
"local": true,
"restricted_to_domain": [
"example.com"
],
"landingpage": "string",
"user_count": "3",
"created_by_email": "string"
},
"User": [
{
"id": "12345",
"org_id": "12345",
"server_id": "12345",
"email": "user@example.com",
"autoalert": true,
"authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
"invited_by": "12345",
"gpgkey": "string",
"certif_public": "string",
"nids_sid": "4000000",
"termsaccepted": true,
"newsread": "1617875568",
"role_id": "3",
"change_pw": "0",
"contactalert": true,
"disabled": true,
"expiration": "2019-08-24T14:15:22Z",
"current_login": "1617875568",
"last_login": "1617875568",
"force_logout": true,
"date_created": "1617875568",
"date_modified": "1617875568"
}
]
}
]
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Pull server:
GET
https://misp.local/servers/pull/{serverId}/{pullTechnique}
Response:
200:
{
"saved": true,
"success": true,
"name": "Pull queued for background execution. Job ID: 1",
"message": "Pull queued for background execution. Job ID: 1",
"url": "/servers/pull/1"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Push server:
GET
https://misp.local/servers/push/{serverId}/{pushTechnique}
Response:
200:
{
"saved": true,
"success": true,
"name": "Push queued for background execution. Job ID: 1",
"message": "Push queued for background execution. Job ID: 1",
"url": "/servers/push/1"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get current instance version:
GET
https://misp.local/servers/getVersion
Response:
200:
{
"version": "2.4.142",
"perm_sync": true,
"perm_sighting": true,
"perm_galaxy_editor": true,
"request_encoding": [
"gzip"
]
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get current instance PyMISP version:
GET
https://misp.local/servers/getPyMISPVersion
Response:
200:
{
"version": "2.4.142"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get current instance settings and diagnostics:
GET
https://misp.local/servers/serverSettings
Response:
200:
{
"version": {
"current": "v2.4.142",
"newest": "v2.4.142",
"upToDate": "same"
},
"phpSettings": {
"max_execution_time": {
"explanation": "The maximum duration that a script can run (does not affect the background workers). A too low number will break long running scripts like comprehensive API exports",
"recommended": 300,
"unit": "seconds",
"value": 300
},
"memory_limit": {
"explanation": "The maximum duration that a script can run (does not affect the background workers). A too low number will break long running scripts like comprehensive API exports",
"recommended": 300,
"unit": "seconds",
"value": 300
},
"upload_max_filesize": {
"explanation": "The maximum duration that a script can run (does not affect the background workers). A too low number will break long running scripts like comprehensive API exports",
"recommended": 300,
"unit": "seconds",
"value": 300
},
"post_max_size": {
"explanation": "The maximum duration that a script can run (does not affect the background workers). A too low number will break long running scripts like comprehensive API exports",
"recommended": 300,
"unit": "seconds",
"value": 300
}
},
"gpgStatus": "FAIL: Failed to load GnuPG",
"proxyStatus": "not configured (so not tested)",
"zmqStatus": 1,
"stix": {
"operational": 1,
"stix": {
"version": "1.2.0.11",
"expected": ">1.2.0.9",
"status": 1
},
"cybox": {
"version": "1.2.0.11",
"expected": ">1.2.0.9",
"status": 1
},
"mixbox": {
"version": "1.2.0.11",
"expected": ">1.2.0.9",
"status": 1
},
"maec": {
"version": "1.2.0.11",
"expected": ">1.2.0.9",
"status": 1
},
"stix2": {
"version": "1.2.0.11",
"expected": ">1.2.0.9",
"status": 1
},
"pymisp": {
"version": "1.2.0.11",
"expected": ">1.2.0.9",
"status": 1
}
},
"moduleStatus": {
"Enrichment": 1,
"Import": 1,
"Export": 1,
"Cortex": 1
},
"writeableDirs": {
"/tmp": 0,
"/var/www/MISP/app/tmp": 0,
"/var/www/MISP/app/files": 0,
"/var/www/MISP/app/files/scripts/tmp": 0
},
"writeableFiles": {
"/var/www/MISP/app/Config/config.php": 0,
"/var/www/MISP/.git/ORIG_HEAD": 2
},
"readableFiles": {
"/var/www/MISP/app/files/scripts/stixtest.py": 0
},
"dbDiagnostics": {
"admin_settings": {
"table": "admin_settings",
"used": "0.03 MB",
"reclaimable": "0 MB",
"data_in_bytes": 16384,
"index_in_bytes": 16384,
"reclaimable_in_bytes": 0
},
"allowedlist": {
"table": "allowedlist",
"used": "0.02 MB",
"reclaimable": "0 MB",
"data_in_bytes": 16384,
"index_in_bytes": 0,
"reclaimable_in_bytes": 0
}
},
"dbSchemaDiagnostics": {
"dataSource": "Database/Mysql",
"actual_db_version": "68",
"checked_table_column": [
"column_name"
],
"diagnostic": {},
"diagnostic_index": {
"event_reports": {
"event_id": {
"message": "Column `event_id` is indexed but should not",
"sql": "DROP INDEX `event_id` ON event_reports;"
}
}
},
"expected_db_version": "70",
"error": "string",
"update_locked": true,
"remaining_lock_time": 0,
"update_fail_number_reached": true,
"indexes": {
"admin_settings": {
"id": true,
"setting": false
}
},
"columnPerTable": {
"admin_settings": [
"id",
"setting",
"value"
]
}
},
"redisInfo": {
"extensionVersion": "5.1.1",
"connection": true,
"redis_version": "5.0.7",
"redis_git_sha1": 0,
"redis_git_dirty": 0,
"redis_build_id": "636cde3b5c7a3923",
"redis_mode": "standalone",
"os": "Linux 5.8.0-50-generic x86_64",
"arch_bits": 64,
"multiplexing_api": "epoll",
"atomicvar_api": "atomic-builtin",
"gcc_version": "9.2.1",
"process_id": 1051,
"run_id": "f894944d92c978df93a18821fb5ebe30dfd0b257",
"tcp_port": 6379,
"uptime_in_seconds": 327116,
"uptime_in_days": 3,
"hz": 10,
"configured_hz": 10,
"lru_clock": 10365184,
"executable": "/usr/bin/redis-server",
"config_file": "/etc/redis/redis.conf",
"connected_clients": 18,
"client_recent_max_input_buffer": 2,
"client_recent_max_output_buffer": 0,
"blocked_clients": 0,
"used_memory": 1309488,
"used_memory_human": "1.25M",
"used_memory_rss": 5541888,
"used_memory_rss_human": "5.29M",
"used_memory_peak": 1410464,
"used_memory_peak_human": "1.35M",
"used_memory_peak_perc": "92.84%",
"used_memory_overhead": 1200800,
"used_memory_startup": 796232,
"used_memory_dataset": 108688,
"used_memory_dataset_perc": "21.18%",
"allocator_allocated": 1480176,
"allocator_active": 1896448,
"allocator_resident": 5890048,
"total_system_memory": 33406590976,
"total_system_memory_human": "31.11G",
"used_memory_lua": 41984,
"used_memory_lua_human": "41.00K",
"used_memory_scripts": 0,
"used_memory_scripts_human": "0B",
"number_of_cached_scripts": 0,
"maxmemory": 0,
"maxmemory_human": "0B",
"maxmemory_policy": "noeviction",
"allocator_frag_ratio": 1.28,
"allocator_frag_bytes": 416272,
"allocator_rss_ratio": 3.11,
"allocator_rss_bytes": 3993600,
"rss_overhead_ratio": 0.94,
"rss_overhead_bytes": -348160,
"mem_fragmentation_ratio": 4.24,
"mem_fragmentation_bytes": 4233432,
"mem_not_counted_for_evict": 0,
"mem_replication_backlog": 0,
"mem_clients_slaves": 0,
"mem_clients_normal": 402912,
"mem_aof_buffer": 0,
"mem_allocator": "jemalloc-5.2.1",
"active_defrag_running": 0,
"lazyfree_pending_objects": 0,
"loading": 0,
"rdb_changes_since_last_save": 0,
"rdb_bgsave_in_progress": 0,
"rdb_last_save_time": 1620977919,
"rdb_last_bgsave_status": "ok",
"rdb_last_bgsave_time_sec": 0,
"rdb_current_bgsave_time_sec": -1,
"rdb_last_cow_size": 446464,
"aof_enabled": 0,
"aof_rewrite_in_progress": 0,
"aof_rewrite_scheduled": 0,
"aof_last_rewrite_time_sec": -1,
"aof_current_rewrite_time_sec": -1,
"aof_last_bgrewrite_status": "ok",
"aof_last_write_status": "ok",
"aof_last_cow_size": 0,
"total_connections_received": 289,
"total_commands_processed": 252747,
"instantaneous_ops_per_sec": 7,
"total_net_input_bytes": 12111506,
"total_net_output_bytes": 1232466,
"instantaneous_input_kbps": 0.36,
"instantaneous_output_kbps": 0.03,
"rejected_connections": 0,
"sync_full": 0,
"sync_partial_ok": 0,
"sync_partial_err": 0,
"expired_keys": 17,
"expired_stale_perc": 0,
"expired_time_cap_reached_count": 0,
"evicted_keys": 0,
"keyspace_hits": 70,
"keyspace_misses": 62805,
"pubsub_channels": 0,
"pubsub_patterns": 0,
"latest_fork_usec": 168,
"migrate_cached_sockets": 0,
"slave_expires_tracked_keys": 0,
"active_defrag_hits": 0,
"active_defrag_misses": 0,
"active_defrag_key_hits": 0,
"active_defrag_key_misses": 0,
"role": "master",
"connected_slaves": 0,
"master_replid": "d5e7afcf4fd1a31e539a4eadd5caf2a7da6d121c",
"master_replid2": 0,
"master_repl_offset": 0,
"second_repl_offset": -1,
"repl_backlog_active": 0,
"repl_backlog_size": 1048576,
"repl_backlog_first_byte_offset": 0,
"repl_backlog_histlen": 0,
"used_cpu_sys": 195.014281,
"used_cpu_user": 217.352183,
"used_cpu_sys_children": 0.050885,
"used_cpu_user_children": 0.076436,
"cluster_enabled": 0,
"db0": "keys=15,expires=0,avg_ttl=0",
"db13": "keys=12,expires=4,avg_ttl=21265731140"
},
"finalSettings": [
{
"level": 0,
"value": "string",
"errorMessage": "The currently set baseurl does not match the URL through which you have accessed the page. Disregard this if you are accessing the page via an alternate URL (for example via IP address).",
"test": "testBaseURL",
"type": "string",
"null": true,
"subGroup": "Enrichment",
"cli_only": 1,
"redacted": true,
"optionsSource": {},
"afterHook": "cleanCacheFiles",
"error": 1,
"tab": "MISP",
"setting": "MISP.baseurl",
"options": {}
}
],
"extensions": {
"cli": {
"phpversion": "7.4.3"
},
"extensions": {
"json": {
"web_version": "7.4.3",
"web_version_outdated": false,
"cli_version": "7.4.3",
"cli_version_outdated": false,
"required": true,
"info": null
}
}
},
"workers": {
"cache": {
"ok": true,
"workers": [
{
"pid": 1233,
"user": "www-data",
"alive": true,
"correct_user": true,
"ok": true
}
],
"jobCount": 0
},
"default": {
"ok": true,
"workers": [
{
"pid": 1233,
"user": "www-data",
"alive": true,
"correct_user": true,
"ok": true
}
],
"jobCount": 0
},
"email": {
"ok": true,
"workers": [
{
"pid": 1233,
"user": "www-data",
"alive": true,
"correct_user": true,
"ok": true
}
],
"jobCount": 0
},
"prio": {
"ok": true,
"workers": [
{
"pid": 1233,
"user": "www-data",
"alive": true,
"correct_user": true,
"ok": true
}
],
"jobCount": 0
},
"update": {
"ok": true,
"workers": [
{
"pid": 1233,
"user": "www-data",
"alive": true,
"correct_user": true,
"ok": true
}
],
"jobCount": 0
},
"scheduler": {
"ok": true,
"workers": [
{
"pid": 1233,
"user": "www-data",
"alive": true,
"correct_user": true,
"ok": true
}
],
"jobCount": 0
},
"proc_accessible": true,
"controls": true
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get workers:
GET
https://misp.local/servers/getWorkers
Response:
200:
{
"cache": {
"ok": true,
"workers": [
{
"pid": 1233,
"user": "www-data",
"alive": true,
"correct_user": true,
"ok": true
}
],
"jobCount": 0
},
"default": {
"ok": true,
"workers": [
{
"pid": 1233,
"user": "www-data",
"alive": true,
"correct_user": true,
"ok": true
}
],
"jobCount": 0
},
"email": {
"ok": true,
"workers": [
{
"pid": 1233,
"user": "www-data",
"alive": true,
"correct_user": true,
"ok": true
}
],
"jobCount": 0
},
"prio": {
"ok": true,
"workers": [
{
"pid": 1233,
"user": "www-data",
"alive": true,
"correct_user": true,
"ok": true
}
],
"jobCount": 0
},
"update": {
"ok": true,
"workers": [
{
"pid": 1233,
"user": "www-data",
"alive": true,
"correct_user": true,
"ok": true
}
],
"jobCount": 0
},
"scheduler": {
"ok": true,
"workers": [
{
"pid": 1233,
"user": "www-data",
"alive": true,
"correct_user": true,
"ok": true
}
],
"jobCount": 0
},
"proc_accessible": true,
"controls": true
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Start worker:
POST
https://misp.local/servers/startWorker/{workerType}
Response:
200:
{
"saved": true,
"success": true,
"name": "Worker start signal sent",
"message": "Worker start signal sent",
"url": "/servers/startWorker/email"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Stop worker:
POST
https://misp.local/servers/stopWorker/{workerPid}
Response:
200:
{
"saved": true,
"success": true,
"name": "Worker stop signal sent",
"message": "Worker stop signal sent",
"url": "/servers/startWorker/1234"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Kill all workers:
POST
https://misp.local/servers/killAllWorkers
Response:
200:
{
"saved": true,
"success": true,
"name": "Killing workers.",
"message": "Killing workers.",
"url": "/servers/killAllWorkers"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Restart workers:
POST
https://misp.local/servers/restartWorkers
Response:
200:
{
"saved": true,
"success": true,
"name": "Restarting workers.",
"message": "Restarting workers.",
"url": "/servers/restartWorkers"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Restart dead workers:
POST
https://misp.local/servers/restartDeadWorkers
Response:
200:
{
"saved": true,
"success": true,
"name": "Restarting workers.",
"message": "Restarting workers.",
"url": "/servers/restartDeadWorkers"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Update server:
POST
https://misp.local/servers/update
Response:
200:
{
"results": [
{
"input": "cd $(git rev-parse --show-toplevel) && git checkout app/composer.json 2>&1",
"output": [
"Updated 1 path from the index"
],
"status": 0
}
]
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Cache server:
POST
https://misp.local/servers/cache
Response:
200:
{
"saved": true,
"success": true,
"name": "Server caching job initiated.",
"message": "Server caching job initiated.",
"url": "/servers/cache"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Create sync:
POST
https://misp.local/servers/createSync
Response:
200:
{
"Server": {
"url": "https://misppriv.circl.lu",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
"Organisation": {
"name": "ORGNAME",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
}
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get instance UUID:
GET
https://misp.local/servers/getInstanceUUID
Response:
200:
{
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get server setting by name:
GET
https://misp.local/servers/getSetting/{settingName}
Response:
200:
{
"level": 0,
"value": "string",
"errorMessage": "The currently set baseurl does not match the URL through which you have accessed the page. Disregard this if you are accessing the page via an alternate URL (for example via IP address).",
"test": "testBaseURL",
"type": "string",
"null": true,
"subGroup": "Enrichment",
"cli_only": 1,
"redacted": true,
"optionsSource": {},
"afterHook": "cleanCacheFiles",
"error": 1,
"tab": "MISP",
"setting": "MISP.baseurl",
"options": {}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Edit server setting:
POST
https://misp.local/servers/serverSettingsEdit/{settingName}
Request:
{
"value": "string"
}
Response:
200:
{
"saved": true,
"success": true,
"name": "Field updated",
"message": "Field updated",
"url": "/servers/serverSettingsEdit"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Import server:
POST
https://misp.local/servers/import
Request:
{
"name": "Phising Server",
"url": "https://misppriv.circl.lu",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
"Organisation": {
"name": "ORGNAME"
}
}
Response:
200:
{
"Server": {
"id": "12345",
"name": "Phising Server",
"url": "https://misppriv.circl.lu",
"authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
"org_id": "12345",
"push": true,
"pull": true,
"push_sightings": true,
"push_galaxy_clusters": true,
"pull_galaxy_clusters": true,
"lastpulledid": "12345",
"lastpushedid": "12345",
"organization": "string",
"remote_org_id": "12345",
"publish_without_email": true,
"unpublish_event": true,
"self_signed": true,
"pull_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
"push_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]}}",
"cert_file": "string",
"client_cert_file": "string",
"internal": true,
"skip_proxy": true,
"caching_enabled": true,
"priority": "1",
"cache_timestamp": true
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Sharing Group
Add a sharing group:
POST
https://misp.local/sharing_groups/add
Request:
{
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"name": "Banking Sharing Group",
"description": "Banking Institutions of X Sharing Group",
"releasability": "string",
"local": true,
"active": true,
"org_count": "6",
"organisation_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"org_id": "12345",
"sync_user_id": "12345",
"created": "string",
"modified": "string",
"roaming": true
}
Response:
200:
{
"SharingGroup": {
"id": "1",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"name": "Banking Sharing Group",
"description": "Banking Institutions of X Sharing Group",
"releasability": "string",
"local": true,
"active": true,
"org_count": "6",
"organisation_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"org_id": "12345",
"sync_user_id": "12345",
"created": "string",
"modified": "string",
"roaming": true
},
"Organisation": {
"id": "12345",
"name": "ORGNAME",
"date_created": "2021-06-14 14:29:19",
"date_modified": "2021-06-14 14:29:19",
"description": "string",
"type": "ADMIN",
"nationality": "string",
"sector": "string",
"created_by": "12345",
"uuid": "string",
"contacts": "string",
"local": true,
"restricted_to_domain": [
"example.com"
],
"landingpage": "string",
"user_count": "3",
"created_by_email": "string"
},
"SharingGroupOrg": [
{
"id": "1",
"sharing_group_id": "1",
"org_id": "12345",
"extend": true,
"Organisation": {
"id": "12345",
"name": "ORGNAME",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
}
}
],
"SharingGroupServer": [
{
"all_orgs": true,
"server_id": "12345",
"sharing_group_id": "1",
"Server": {
"id": "12345",
"name": "Phising Server"
}
}
],
"editable": true,
"deletable": true
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Edit a sharing group:
POST
https://misp.local/sharing_groups/edit/{sharingGroupId}
Request:
{
"id": "1",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"name": "Banking Sharing Group",
"description": "Banking Institutions of X Sharing Group",
"releasability": "string",
"local": true,
"active": true,
"org_count": "6",
"organisation_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"org_id": "12345",
"sync_user_id": "12345",
"created": "string",
"modified": "string",
"roaming": true
}
Response:
200:
{
"SharingGroup": {
"id": "1",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"name": "Banking Sharing Group",
"description": "Banking Institutions of X Sharing Group",
"releasability": "string",
"local": true,
"active": true,
"org_count": "6",
"organisation_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"org_id": "12345",
"sync_user_id": "12345",
"created": "string",
"modified": "string",
"roaming": true
},
"Organisation": {
"id": "12345",
"name": "ORGNAME",
"date_created": "2021-06-14 14:29:19",
"date_modified": "2021-06-14 14:29:19",
"description": "string",
"type": "ADMIN",
"nationality": "string",
"sector": "string",
"created_by": "12345",
"uuid": "string",
"contacts": "string",
"local": true,
"restricted_to_domain": [
"example.com"
],
"landingpage": "string",
"user_count": "3",
"created_by_email": "string"
},
"SharingGroupOrg": [
{
"id": "1",
"sharing_group_id": "1",
"org_id": "12345",
"extend": true,
"Organisation": {
"id": "12345",
"name": "ORGNAME",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
}
}
],
"SharingGroupServer": [
{
"all_orgs": true,
"server_id": "12345",
"sharing_group_id": "1",
"Server": {
"id": "12345",
"name": "Phising Server"
}
}
],
"editable": true,
"deletable": true
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Delete a sharing group:
DELETE
https://misp.local/sharing_groups/delete/{sharingGroupId}
Response:
200:
{
"saved": true,
"success": true,
"name": "SharingGroup deleted",
"message": "SharingGroup deleted",
"url": "/sharing_groups/delete/1"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get a list of sharing groups:
GET
https://misp.local/sharing_groups
Response:
200:
{
"response": [
{
"SharingGroup": {
"id": "1",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"name": "Banking Sharing Group",
"description": "Banking Institutions of X Sharing Group",
"releasability": "string",
"local": true,
"active": true,
"org_count": "6"
},
"Organisation": {
"id": "12345",
"name": "ORGNAME",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
},
"SharingGroupOrg": [
{
"id": "1",
"sharing_group_id": "1",
"org_id": "12345",
"extend": true,
"Organisation": {
"id": "12345",
"name": "ORGNAME",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
}
}
],
"SharingGroupServer": [
{
"all_orgs": true,
"server_id": "12345",
"sharing_group_id": "1",
"Server": {
"id": "12345",
"name": "Phising Server"
}
}
],
"editable": true,
"deletable": true
}
]
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get a sharing group by ID:
GET
https://misp.local/sharing_groups/view/{sharingGroupId}
Response:
200:
{
"SharingGroup": {
"id": "1",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"name": "Banking Sharing Group",
"description": "Banking Institutions of X Sharing Group",
"releasability": "string",
"local": true,
"active": true,
"org_count": "6",
"organisation_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"org_id": "12345",
"sync_user_id": "12345",
"created": "string",
"modified": "string",
"roaming": true
},
"Organisation": {
"id": "12345",
"name": "ORGNAME",
"date_created": "2021-06-14 14:29:19",
"date_modified": "2021-06-14 14:29:19",
"description": "string",
"type": "ADMIN",
"nationality": "string",
"sector": "string",
"created_by": "12345",
"uuid": "string",
"contacts": "string",
"local": true,
"restricted_to_domain": [
"example.com"
],
"landingpage": "string",
"user_count": "3",
"created_by_email": "string"
},
"SharingGroupOrg": [
{
"id": "1",
"sharing_group_id": "1",
"org_id": "12345",
"extend": true,
"Organisation": {
"id": "12345",
"name": "ORGNAME",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
}
}
],
"SharingGroupServer": [
{
"all_orgs": true,
"server_id": "12345",
"sharing_group_id": "1",
"Server": {
"id": "12345",
"name": "Phising Server"
}
}
],
"editable": true,
"deletable": true
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Add an organisation to a sharing group:
POST
https://misp.local/sharing_groups/addOrg/{sharingGroupId}/{organisationId}
Response:
200:
{
"saved": true,
"success": true,
"name": "Organisation added to the sharing group.",
"message": "Organisation added to the sharing group.",
"url": "/sharing_groups/addOrg"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Remove an organisation from a sharing group:
POST
https://misp.local/sharing_groups/removeOrg/{sharingGroupId}/{organisationId}
Response:
200:
{
"saved": true,
"success": true,
"name": "Organisation removed from the sharing group.",
"message": "Organisation removed from the sharing group.",
"url": "/sharing_groups/removeOrg"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Add a server to a sharing group:
POST
https://misp.local/sharing_groups/addServer/{sharingGroupId}/{serverId}
Response:
200:
{
"saved": true,
"success": true,
"name": "Server added to the sharing group.",
"message": "Server added to the sharing group.",
"url": "/sharing_groups/addServer"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Remove a server from a sharing group:
POST
https://misp.local/sharing_groups/removeServer/{sharingGroupServerId}/{serverId}
Response:
200:
{
"saved": true,
"success": true,
"name": "Server removed from the sharing group.",
"message": "Server removed from the sharing group.",
"url": "/sharing_groups/removeServer"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Feed
Get a list of feeds:
GET
https://misp.local/feeds
Response:
200:
[
{
"Feed": {
"id": "3",
"name": "CIRCL OSINT Feed",
"provider": "CIRCL",
"url": "https://www.circl.lu/doc/misp/feed-osint",
"rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
"enabled": true,
"distribution": "0",
"sharing_group_id": "1",
"tag_id": "12345",
"default": true,
"source_format": "1",
"fixed_event": true,
"delta_merge": true,
"event_id": "12345",
"publish": false,
"override_ids": true,
"settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\"\"},\"common\":{\"excluderegex\":\"\"},\"disable_correlation\":\"1\"}",
"input_source": "local",
"delete_local_file": true,
"lookup_visible": true,
"headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
"caching_enabled": true,
"force_to_ids": true,
"orgc_id": "12345",
"cache_timestamp": "1617875568"
}
}
]
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get a feed by ID:
GET
https://misp.local/feeds/view/{feedId}
Response:
200:
{
"Feed": {
"id": "3",
"name": "CIRCL OSINT Feed",
"provider": "CIRCL",
"url": "https://www.circl.lu/doc/misp/feed-osint",
"rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
"enabled": true,
"distribution": "0",
"sharing_group_id": "1",
"tag_id": "12345",
"default": true,
"source_format": "1",
"fixed_event": true,
"delta_merge": true,
"event_id": "12345",
"publish": false,
"override_ids": true,
"settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\"\"},\"common\":{\"excluderegex\":\"\"},\"disable_correlation\":\"1\"}",
"input_source": "local",
"delete_local_file": true,
"lookup_visible": true,
"headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
"caching_enabled": true,
"force_to_ids": true,
"orgc_id": "12345",
"cache_timestamp": "1617875568"
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Add a feed:
POST
https://misp.local/feeds/view/{feedId}
Request:
{
"name": "CIRCL OSINT Feed",
"provider": "CIRCL",
"url": "https://www.circl.lu/doc/misp/feed-osint",
"rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
"enabled": true,
"distribution": "0",
"sharing_group_id": "1",
"tag_id": "12345",
"source_format": "1",
"fixed_event": true,
"delta_merge": true,
"event_id": "12345",
"publish": false,
"override_ids": true,
"input_source": "local",
"delete_local_file": true,
"lookup_visible": true,
"headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
"caching_enabled": true,
"force_to_ids": true,
"orgc_id": "12345"
}
Response:
200:
{
"Feed": {
"id": "3",
"name": "CIRCL OSINT Feed",
"provider": "CIRCL",
"url": "https://www.circl.lu/doc/misp/feed-osint",
"rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
"enabled": true,
"distribution": "0",
"sharing_group_id": "1",
"tag_id": "12345",
"default": true,
"source_format": "1",
"fixed_event": true,
"delta_merge": true,
"event_id": "12345",
"publish": false,
"override_ids": true,
"settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\"\"},\"common\":{\"excluderegex\":\"\"},\"disable_correlation\":\"1\"}",
"input_source": "local",
"delete_local_file": true,
"lookup_visible": true,
"headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
"caching_enabled": true,
"force_to_ids": true,
"orgc_id": "12345",
"cache_timestamp": "1617875568"
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Edit a feed:
PUT
https://misp.local/feeds/edit/{feedId}
Request:
{
"id": "3",
"name": "CIRCL OSINT Feed",
"provider": "CIRCL",
"url": "https://www.circl.lu/doc/misp/feed-osint",
"rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
"enabled": true,
"distribution": "0",
"sharing_group_id": "1",
"tag_id": "12345",
"source_format": "1",
"fixed_event": true,
"delta_merge": true,
"event_id": "12345",
"publish": false,
"override_ids": true,
"input_source": "local",
"delete_local_file": true,
"lookup_visible": true,
"headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
"caching_enabled": true,
"force_to_ids": true,
"orgc_id": "12345"
}
Response:
200:
{
"Feed": {
"id": "3",
"name": "CIRCL OSINT Feed",
"provider": "CIRCL",
"url": "https://www.circl.lu/doc/misp/feed-osint",
"rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
"enabled": true,
"distribution": "0",
"sharing_group_id": "1",
"tag_id": "12345",
"default": true,
"source_format": "1",
"fixed_event": true,
"delta_merge": true,
"event_id": "12345",
"publish": false,
"override_ids": true,
"settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\"\"},\"common\":{\"excluderegex\":\"\"},\"disable_correlation\":\"1\"}",
"input_source": "local",
"delete_local_file": true,
"lookup_visible": true,
"headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
"caching_enabled": true,
"force_to_ids": true,
"orgc_id": "12345",
"cache_timestamp": "1617875568"
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Enable feed:
POST
https://misp.local/feeds/enable/{feedId}
Response:
200:
{
"name": "Feed enabled.",
"message": "Feed enabled.",
"url": "/feeds/enable/1"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Disable feed:
POST
https://misp.local/feeds/disable/{feedId}
Response:
200:
{
"name": "Feed disabled.",
"message": "Feed disabled.",
"url": "/feeds/disable/1"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Cache feeds:
POST
https://misp.local/feeds/cacheFeeds/{cacheFeedsScope}
Response:
200:
{
"name": "Feed caching job initiated.",
"message": "Feed caching job initiated.",
"url": "/feeds/cacheFeed"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Fetch from feed by ID:
POST
https://misp.local/feeds/fetchFromFeed/{feedId}
Response:
200:
{
"result": "Pull queued for background execution."
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Fetch from all feeds:
POST
https://misp.local/feeds/fetchFromAllFeeds
Response:
200:
{
"result": "Pull queued for background execution."
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Object
[restSearch] Get a filtered and paginated list of objects:
POST
https://misp.local/objects/restsearch
Request:
{
"page": 1,
"limit": 0,
"quickFilter": "malware",
"searchall": "malware",
"timestamp": "1617875568",
"object_name": "ail-leak",
"object_template_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"object_template_version": "1",
"eventid": "12345",
"eventinfo": "logged source ip",
"ignore": false,
"from": "string",
"to": "string",
"date": "string",
"tags": [
"tlp:amber"
],
"last": 0,
"event_timestamp": "1617875568",
"publish_timestamp": "1617875568",
"org": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"value": "127.0.0.1",
"type": "md5",
"category": "Internal reference",
"object_relation": "filepath",
"attribute_timestamp": "1617875568",
"first_seen": "1581984000000000",
"last_seen": "1581984000000000",
"comment": "logged source ip",
"to_ids": true,
"published": false,
"deleted": false,
"withAttachments": false,
"enforceWarninglist": true,
"includeAllTags": false,
"includeEventUuid": false,
"include_event_uuid": false,
"includeEventTags": false,
"includeProposals": false,
"includeWarninglistHits": true,
"includeContext": true,
"includeSightings": true,
"includeSightingdb": true,
"includeCorrelations": true,
"includeDecayScore": false,
"includeFullModel": false,
"allow_proposal_blocking": false,
"metadata": true,
"attackGalaxy": "mitre-attack",
"excludeDecayed": false,
"decayingModel": "string",
"modelOverrides": {
"lifetime": 3,
"decay_speed": 2.3,
"threshold": 30,
"default_base_score": 80,
"base_score_config": {
"estimative-language:confidence-in-analytic-judgment": 0.25,
"estimative-language:likelihood-probability": 0.25,
"phishing:psychological-acceptability": 0.25,
"phishing:state": 0.2
}
},
"score": "string",
"returnFormat": "json"
}
Response:
200:
{
"response": [
{
"Object": {
"id": "12345",
"name": "ail-leak",
"meta-category": "string",
"description": "string",
"template_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"template_version": "1",
"event_id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "string",
"deleted": true,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000",
"Attribute": [
{
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
]
}
}
]
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Add an object to an event:
POST
https://misp.local/objects/add/{eventId}/{objectTemplateId}
Request:
{
"Attribute": [
{
"category": "Internal reference",
"value": "127.0.0.1",
"to_ids": true,
"disable_correlation": false,
"distribution": "0",
"comment": "logged source ip",
"object_relation": "sensor"
}
]
}
Response:
200:
{
"Object": {
"id": "12345",
"name": "ail-leak",
"meta-category": "string",
"description": "string",
"template_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"template_version": "1",
"event_id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "string",
"deleted": true,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000",
"Attribute": [
{
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
]
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get object by ID:
GET
https://misp.local/objects/view/{objectId}
Response:
200:
{
"Object": {
"id": "12345",
"name": "ail-leak",
"meta-category": "string",
"description": "string",
"template_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"template_version": "1",
"event_id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "string",
"deleted": true,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000",
"Attribute": [
{
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
],
"Event": {
"id": "12345",
"info": "logged source ip",
"org_id": "12345",
"orgc_id": "12345"
}
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Delete object:
DELETE
https://misp.local/objects/delete/{objectId}/{hardDelete}
Response:
200:
{
"saved": true,
"success": true,
"name": "Object deleted",
"message": "Object deleted",
"url": "/objects/delete/1"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
TAG
Get tags:
GET
https://misp.local/tags
Response:
200:
{
"Tag": [
{
"id": "12345",
"name": "tlp:white",
"colour": "#ffffff",
"exportable": true,
"org_id": "12345",
"user_id": "12345",
"hide_tag": false,
"numerical_value": "12345",
"is_galaxy": true,
"is_custom_galaxy": true,
"inherited": 1
}
]
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get tag by ID:
GET
https://misp.local/tags/view/{tagId}
Response:
200:
{
"id": "12345",
"name": "tlp:white",
"colour": "#ffffff",
"exportable": true,
"org_id": "12345",
"user_id": "12345",
"hide_tag": false,
"numerical_value": "12345",
"is_galaxy": true,
"is_custom_galaxy": true,
"inherited": 1
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Add tag:
POST
https://misp.local/tags/add
Response:
200:
{
"id": "12345",
"name": "tlp:white",
"colour": "#ffffff",
"exportable": true,
"org_id": "12345",
"user_id": "12345",
"hide_tag": false,
"numerical_value": "12345",
"is_galaxy": true,
"is_custom_galaxy": true,
"inherited": 1
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Delete tag:
POST
https://misp.local/tags/delete/{tagId}
Response:
200:
{
"name": "Tag deleted.",
"message": "Tag deleted.",
"url": "https://misppriv.circl.lu/tags/delete/1"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Edit tag:
POST
https://misp.local/tags/edit/{tagId}
Request:
{
"name": "tlp:white",
"colour": "#ffffff",
"exportable": true,
"org_id": "12345",
"user_id": "12345",
"hide_tag": false,
"numerical_value": "12345",
"is_galaxy": true,
"is_custom_galaxy": true,
"inherited": 1
}
Response:
200:
{
"Tag": {
"id": "12345",
"name": "tlp:white",
"colour": "#ffffff",
"exportable": true,
"org_id": "12345",
"user_id": "12345",
"hide_tag": false,
"numerical_value": "12345",
"is_galaxy": true,
"is_custom_galaxy": true,
"inherited": 1
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Search tag:
GET
https://misp.local/tags/search/{tagSearchTerm}
Response:
200:
[
{
"Tag": {
"id": "12345",
"name": "tlp:white",
"colour": "#ffffff",
"exportable": true,
"org_id": "12345",
"user_id": "12345",
"hide_tag": false,
"numerical_value": "12345",
"is_galaxy": true,
"is_custom_galaxy": true,
"inherited": 1
},
"Taxonomy": {
"id": "12345",
"namespace": "tlp",
"description": "Disclosure is not limited. Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction.",
"version": "5",
"enabled": true,
"exclusive": true,
"required": true
},
"TaxonomyPredicate": {
"id": "12345",
"taxonomy_id": "12345",
"value": "white",
"expanded": "(TLP:WHITE) Information can be shared publicly in accordance with the law.",
"colour": "#ffffff",
"description": "Disclosure is not limited. Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction.",
"exclusive": true,
"numerical_value": 0
}
}
]
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Sighting
Get sightings by event ID:
GET
https://misp.local/sightings/index/{eventId}
Response:
200:
{
"Tag": [
{
"id": "12345",
"name": "tlp:white",
"colour": "#ffffff",
"exportable": true,
"org_id": "12345",
"user_id": "12345",
"hide_tag": false,
"numerical_value": "12345",
"is_galaxy": true,
"is_custom_galaxy": true,
"inherited": 1
}
]
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Add sightings of a list of values:
POST
https://misp.local/sightings/add
Request:
{
"values": [
"127.0.0.1"
],
"timestamp": "1617875568",
"filters": {
"page": 1,
"limit": 0,
"value": "127.0.0.1",
"value1": "127.0.0.1",
"value2": "127.0.0.1",
"type": "md5",
"category": "Internal reference",
"org": "12345",
"tags": [
"tlp:amber"
],
"from": "string",
"to": "string",
"last": 0,
"eventid": "12345",
"withAttachments": false,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"publish_timestamp": "1617875568",
"published": false,
"timestamp": "1617875568",
"attribute_timestamp": "1617875568",
"enforceWarninglist": true,
"to_ids": true,
"deleted": false,
"event_timestamp": "1617875568",
"threat_level_id": "1",
"eventinfo": "string",
"sharinggroup": [
"1"
],
"decayingModel": "string",
"score": "string",
"first_seen": "string",
"last_seen": "string",
"includeEventUuid": false,
"includeEventTags": false,
"includeProposals": false,
"requested_attributes": [
"id"
],
"includeContext": true,
"headerless": true,
"includeWarninglistHits": true,
"attackGalaxy": "mitre-attack",
"object_relation": "filepath",
"includeSightings": true,
"includeCorrelations": true,
"modelOverrides": {
"lifetime": 3,
"decay_speed": 2.3,
"threshold": 30,
"default_base_score": 80,
"base_score_config": {
"estimative-language:confidence-in-analytic-judgment": 0.25,
"estimative-language:likelihood-probability": 0.25,
"phishing:psychological-acceptability": 0.25,
"phishing:state": 0.2
}
},
"includeDecayScore": false,
"includeFullModel": false,
"excludeDecayed": false,
"returnFormat": "json"
}
}
Response:
200:
{
"id": "12345",
"attribute_id": "12345",
"event_id": "12345",
"org_id": "12345",
"date_sighting": "1617875568",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"source": "string",
"type": "string",
"attribute_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"Organisation": {
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"name": "ORGNAME"
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Add sighting of an attribute:
POST
https://misp.local/sightings/add/{attributeId}
Response:
200:
{
"id": "12345",
"attribute_id": "12345",
"event_id": "12345",
"org_id": "12345",
"date_sighting": "1617875568",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"source": "string",
"type": "string",
"attribute_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"Organisation": {
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"name": "ORGNAME"
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Delete sighting:
POST
https://misp.local/sightings/delete/{sightingId}
Response:
200:
{
"saved": true,
"success": true,
"name": "Sighting successfully deleted.",
"message": "Sighting successfully deleted.",
"url": "/sightings/delete/1"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Warninglist
Get a list of warninglists:
POST
https://misp.local/warninglists
Response:
200:
{
"Warninglists": [
{
"Warninglist": {
"id": "3",
"name": "List of known domains to know external IP",
"type": "cidr",
"description": "string",
"version": "10",
"enabled": true,
"warninglist_entry_count": "1234",
"valid_attributes": "domain, hostname, domain|ip, uri, url",
"WarninglistEntry": [
{
"id": "1234",
"value": "10.128.0.0/24",
"warninglist_id": "3"
}
]
}
}
]
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Search warninglists:
POST
https://misp.local/warninglists
Response:
200:
{
"Warninglists": [
{
"Warninglist": {
"id": "3",
"name": "List of known domains to know external IP",
"type": "cidr",
"description": "string",
"version": "10",
"enabled": true,
"warninglist_entry_count": "1234",
"valid_attributes": "domain, hostname, domain|ip, uri, url",
"WarninglistEntry": [
{
"id": "1234",
"value": "10.128.0.0/24",
"warninglist_id": "3"
}
]
}
}
]
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Enable/disable warninglists:
POST
https://misp.local/warninglists/toggleEnable
Response:
200:
{
"saved": true,
"success": "1 warninglist(s) disabled"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get warninglist by ID:
GET
https://misp.local/warninglists/view/{warninglistId}
Response:
200:
{
"Warninglist": {
"id": "3",
"name": "List of known domains to know external IP",
"type": "cidr",
"description": "string",
"version": "10",
"enabled": true,
"warninglist_entry_count": "1234",
"valid_attributes": "domain, hostname, domain|ip, uri, url",
"WarninglistEntry": [
{
"id": "1234",
"value": "10.128.0.0/24",
"warninglist_id": "3"
}
]
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Check if a list of values matches any warninglists:
POST
https://misp.local/warninglists/checkValue
Request:
[
"10.128.0.2"
]
Response:
200:
{
"10.128.0.2": [
{
"id": "10",
"name": "List of known Wikimedia address ranges"
}
]
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Update warninglists:
POST
https://misp.local/warninglists/update
Response:
200:
{
"saved": true,
"success": true,
"name": "Successfully updated 1 warninglists.",
"message": "Successfully updated 1 warninglists.",
"url": "/warninglists/update"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Noticelist
Get a list of noticelists
GET
https://misp.local/warninglists
Response:
200:
[
{
"Noticelist": {
"id": "3",
"name": "List of known domains to know external IP",
"type": "cidr",
"description": "string",
"version": "10",
"enabled": true,
"warninglist_entry_count": "1234",
"valid_attributes": "domain, hostname, domain|ip, uri, url",
"NoticelistEntry": [
{
"id": "1234",
"noticelist_id": "3",
"data": {
"scope": [
"attribute"
],
"field": [
"category"
],
"value": [
"Person"
],
"tags": [
"tlp:white"
],
"message": {
"en": "This attribute is likely to contain personal data and the data subject is likely to be directly identifiable."
}
}
}
]
}
}
]
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get a noticelist by ID:
GET
https://misp.local/warninglists
Response:
200:
{
"Noticelist": {
"id": "3",
"name": "List of known domains to know external IP",
"type": "cidr",
"description": "string",
"version": "10",
"enabled": true,
"warninglist_entry_count": "1234",
"valid_attributes": "domain, hostname, domain|ip, uri, url",
"NoticelistEntry": [
{
"id": "1234",
"noticelist_id": "3",
"data": {
"scope": [
"attribute"
],
"field": [
"category"
],
"value": [
"Person"
],
"tags": [
"tlp:white"
],
"message": {
"en": "This attribute is likely to contain personal data and the data subject is likely to be directly identifiable."
}
}
}
]
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Enable/disable noticelist:
POST
https://misp.local/warninglists
Response:
200:
{
"saved": true,
"success": true,
"name": "Noticelist enabled.",
"message": "Noticelist enabled.",
"url": "/noticelists/toggleEnable/1"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Update noticelists:
POST
https://misp.local/noticelists/update
Response:
200:
{
"saved": true,
"success": true,
"name": "Successfully updated 1 noticelists.",
"message": "Successfully updated 1 noticelists.",
"url": "/noticelists/update"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Log
Get instance logs
POST
https://misp.local/admin/logs
Request:
{
"page": 1,
"limit": 0,
"id": "12345",
"title": "Attribute (448272) from Event (1): Other/text foo",
"created": "string",
"model": "AdminSetting",
"model_id": "12345",
"action": "accept",
"user_id": "12345",
"change": "%name () => (ORGNAME)%",
"email": "user@example.com",
"org": "ORG_%",
"description": "%updated by User%",
"ip": "string"
}
Response:
200:
[
{
"Log": {
"id": "12345",
"title": "Attribute (448272) from Event (1): Other/text foo",
"created": "string",
"model": "AdminSetting",
"model_id": "12345",
"action": "accept",
"user_id": "12345",
"change": "name () => (ORGNAME)",
"email": "user@example.com",
"org": "ORGNAME",
"description": "Organisation \"ORGNAME\" (1) added by User \"SYSTEM\" (0).",
"ip": "10.0.0.10"
}
}
]
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Auth key
Get auth keys:
POST
https://misp.local/auth_keys
Request:
[
{
"AuthKey": {
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"authkey_start": "stri",
"authkey_end": "stri",
"created": "1617875568",
"expiration": "1970-01-01 00:00:00",
"read_only": true,
"user_id": "12345",
"comment": "string",
"allowed_ips": [
"127.0.0.1"
],
"last_used": "1617875568"
},
"User": {
"id": "12345",
"email": "user@example.com"
}
}
]
Response:
200:
[
{
"Log": {
"id": "12345",
"title": "Attribute (448272) from Event (1): Other/text foo",
"created": "string",
"model": "AdminSetting",
"model_id": "12345",
"action": "accept",
"user_id": "12345",
"change": "name () => (ORGNAME)",
"email": "user@example.com",
"org": "ORGNAME",
"description": "Organisation \"ORGNAME\" (1) added by User \"SYSTEM\" (0).",
"ip": "10.0.0.10"
}
}
]
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Search auth keys:
POST
https://misp.local/auth_keys
Request:
{
"page": 1,
"limit": 0,
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"authkey_start": "string",
"authkey_end": "string",
"created": "string",
"expiration": "string",
"read_only": true,
"user_id": "12345",
"comment": "string",
"allowed_ips": "[\"127.0.0.1\",\"127.0.0.2\"]",
"last_used": "string"
}
Response:
200:
[
{
"AuthKey": {
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"authkey_start": "stri",
"authkey_end": "stri",
"created": "1617875568",
"expiration": "1970-01-01 00:00:00",
"read_only": true,
"user_id": "12345",
"comment": "string",
"allowed_ips": [
"127.0.0.1"
],
"last_used": "1617875568"
},
"User": {
"id": "12345",
"email": "user@example.com"
}
}
]
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Add auth keys:
POST
https://misp.local/auth_keys/add/{userId}
Request:
{
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"read_only": true,
"user_id": "12345",
"comment": "string",
"allowed_ips": [
"127.0.0.1"
]
}
Response:
200:
{
"AuthKey": {
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"authkey_start": "stri",
"authkey_end": "stri",
"created": "1617875568",
"expiration": "1970-01-01 00:00:00",
"read_only": true,
"user_id": "12345",
"comment": "string",
"allowed_ips": [
"127.0.0.1"
],
"last_used": "1617875568"
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
View auth key:
GET
https://misp.local/auth_keys/add/{userId}
Response:
200:
{
"AuthKey": {
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"authkey_start": "stri",
"authkey_end": "stri",
"created": "1617875568",
"expiration": "1970-01-01 00:00:00",
"read_only": true,
"user_id": "12345",
"comment": "string",
"allowed_ips": [
"127.0.0.1"
],
"last_used": "1617875568"
},
"User": {
"id": "12345",
"org_id": "12345",
"email": "user@example.com"
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Edit auth key:
POST
https://misp.local/auth_keys/add/{userId}
Request:
{
"read_only": true,
"comment": "string",
"allowed_ips": [
"127.0.0.1"
]
}
Response:
200:
{
"AuthKey": {
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"authkey_start": "stri",
"authkey_end": "stri",
"created": "1617875568",
"expiration": "1970-01-01 00:00:00",
"read_only": true,
"user_id": "12345",
"comment": "string",
"allowed_ips": [
"127.0.0.1"
],
"last_used": "1617875568"
},
"User": {
"id": "12345",
"org_id": "12345",
"email": "user@example.com"
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Delete auth key:
DELETE
https://misp.local/auth_keys/delete/{authKeyId}
Response:
200:
{
"saved": true,
"success": true,
"name": "AuthKey deleted.",
"message": "AuthKey deleted.",
"url": "/auth_keys/delete/1234"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
UserSettings
Get user settings:
GET
https://misp.local/user_settings
Response:
200:
[
{
"UserSetting": {
"id": "12345",
"setting": "publish_alert_filter",
"value": {
"widget": "MispStatusWidget",
"position": {
"x": "0",
"y": "0",
"width": "2",
"height": "2"
}
},
"user_id": "12345",
"timestamp": "1617875568"
}
}
]
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Search user settings:
POST
https://misp.local/user_settings
Request:
{
"id": "12345",
"setting": "publish_alert_filter",
"user_id": "12345"
}
Response:
200:
[
{
"UserSetting": {
"id": "12345",
"setting": "publish_alert_filter",
"value": {
"widget": "MispStatusWidget",
"position": {
"x": "0",
"y": "0",
"width": "2",
"height": "2"
}
},
"user_id": "12345",
"timestamp": "1617875568"
}
}
]
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get user setting by id:
GET
https://misp.local/user_settings/view/{userSettingId}
Response:
200:
{
"UserSetting": {
"id": "12345",
"setting": "publish_alert_filter",
"value": {
"widget": "MispStatusWidget",
"position": {
"x": "0",
"y": "0",
"width": "2",
"height": "2"
}
},
"user_id": "12345",
"timestamp": "1617875568"
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Set user setting:
POST
https://misp.local/user_settings/setSetting/{userId}/{userSettingName}
Request:
{
"widget": "MispStatusWidget",
"position": {
"x": "0",
"y": "0",
"width": "2",
"height": "2"
}
}
Response:
200:
{
"UserSetting": {
"id": "12345",
"setting": "publish_alert_filter",
"value": {
"widget": "MispStatusWidget",
"position": {
"x": "0",
"y": "0",
"width": "2",
"height": "2"
}
},
"user_id": "12345",
"timestamp": "1617875568"
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get user setting by id:
GET
https://misp.local/user_settings/getSetting/{userId}/{userSettingName}
Response:
200:
{
"UserSetting": {
"id": "12345",
"setting": "publish_alert_filter",
"value": {
"widget": "MispStatusWidget",
"position": {
"x": "0",
"y": "0",
"width": "2",
"height": "2"
}
},
"user_id": "12345",
"timestamp": "1617875568"
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Delete user setting by id:
DELETE
https://misp.local/user_settings/delete/{userSettingId}
Response:
200:
{
"saved": true,
"success": true,
"name": "Setting deleted.",
"message": "Setting deleted.",
"url": "/user_settings/delete/1234"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Taxonomy
Get taxonomies:
GET
https://misp.local/taxonomies
Response:
200:
[
{
"Taxonomy": {
"id": "12345",
"namespace": "tlp",
"description": "Disclosure is not limited. Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction.",
"version": "5",
"enabled": true,
"exclusive": true,
"required": true
},
"total_count": 0,
"current_count": 0
}
]
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get a taxonomy by ID:
GET
https://misp.local/taxonomies/view/{taxonomyIdParameter}
Response:
200:
{
"Taxonomy": {
"id": "12345",
"namespace": "tlp",
"description": "Disclosure is not limited. Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction.",
"version": "5",
"enabled": true,
"exclusive": true,
"required": true
},
"entries": [
{
"tag": "tlp:white",
"expanded": "string",
"description": "string",
"exclusive_predicate": true,
"existing_tag": true
}
]
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Enable taxonomy:
POST
https://misp.local/taxonomies/enable/{taxonomyIdParameter}
Response:
200:
{
"saved": true,
"success": true,
"name": "Taxonomy enabled",
"message": "Taxonomy enabled",
"url": "/taxonomies/enable/1234"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Disable taxonomy:
POST
https://misp.local/taxonomies/disable/{taxonomyIdParameter}
Response:
200:
{
"saved": true,
"success": true,
"name": "Taxonomy disabled",
"message": "Taxonomy disabled",
"url": "/taxonomies/disabled/1234"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Update taxonomies:
POST
https://misp.local/taxonomies/update
Response:
200:
{
"saved": true,
"success": true,
"name": "Successfully updated 120 taxonomy libraries.",
"message": "Successfully updated 120 taxonomy libraries.",
"url": "/taxonomies/update"
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get a taxonomy extended with tags used in events and attributes:
GET
https://misp.local/taxonomies/taxonomy_tags/{taxonomyIdParameter}
Response:
200:
{
"Taxonomy": {
"id": "12345",
"namespace": "tlp",
"description": "Disclosure is not limited. Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction.",
"version": "5",
"enabled": true,
"exclusive": true,
"required": true
},
"entries": [
{
"org_id": "12345",
"server_id": "12345",
"email": "user@example.com",
"autoalert": true,
"authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
"invited_by": "12345",
"gpgkey": "string",
"certif_public": "string",
"nids_sid": "4000000",
"termsaccepted": true,
"newsread": "1617875568",
"role_id": "3",
"change_pw": "0",
"contactalert": true,
"disabled": true,
"expiration": "2019-08-24T14:15:22Z",
"current_login": "1617875568",
"last_login": "1617875568",
"force_logout": true,
"date_created": "1617875568",
"date_modified": "1617875568",
"events": 0,
"attributes": 0
}
]
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Export taxonomy:
GET
https://misp.local/taxonomies/export/{taxonomyIdParameter}
Response:
200:
{
"namespace": "tlp",
"description": "Disclosure is not limited. Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction.",
"version": 0,
"exclusive": true,
"predicates": [
{
"value": "white",
"expanded": "(TLP:WHITE) Information can be shared publicly in accordance with the law."
}
],
"values": [
{
"predicate": "white",
"entry": [
{
"value": "spam",
"expanded": "spam",
"description": "Spam or ‘unsolicited bulk e-mail’, meaning that the recipient has not granted verifiable permission for the message to be sent and that the message is sent as part of a larger collection of messages, all having identical content."
}
]
}
]
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}