API Dokümantasyonu

Bu kılavuz, MISP API'nin etkili bir şekilde nasıl kullanılacağını adım adım açıklar ve farklı senaryolarda entegrasyon sağlamak için yönergeler sunar.

• API Kullanımı
• Başlangıç
• API Erişimi ve Yetkilendirme
• Rest Client Nedir?
• REST Client ile API İstekleri
• PyMISP ile Otomasyon
• API Endpoint ve Parametreleri
• EndPoint ve Parametre Nedir?
• Analyst Data Parametreleri
• Attribute Parametreleri
• Event Parametreleri
• Galaxy Parametreleri
• Galaxy Cluster Parametreleri
• User Parametreleri
• Organizasyon Parametreleri
• Server Parametreleri
• Sharing Group Parametreleri
• Feed Parametreleri
• Obje Parametreleri
• Tag Parametreleri
• Sighting Parametreleri
• Warninglist Parametreleri:
• Noticelist Parametreleri
• Log Parametreleri
• Kimlik Doğrulama Anahtarı Parametreleri
• Kullanıcı Ayarları Parametreleri
• EventReport Parametreleri
• API Request ve Response Örnekleri
• Analyst Data
• Attributes
• Events
• Galaxies
• Galaxy Cluster
• Users
• Organisations
• Server
• Sharing Group
• Feed
• Object
• TAG
• Sighting
• Warninglist
• Noticelist
• Log
• Auth key
• UserSettings
• Taxonomy

API Kullanımı

Başlangıç

MISP API, Tehdit İstihbaratı Paylaşım Platformu'nun (MISP), diğer sistemlerle entegrasyon için sağladığı güçlü bir araçtır. API, tehdit aktörlerinden zararlı yazılımlara kadar geniş bir yelpazedeki güvenlik verilerini paylaşmak için bir ortam sağlar. MISP API, otomatik veri alışverişi, analiz ve uyarı oluşturma gibi çeşitli güvenlik senaryolarında önemli rol oynar.

MISP API, uygulama geliştiricilerine, organizasyonların MISP platformunu kendi güvenlik altyapılarına entegre etmelerini sağlar. Bu entegrasyon, gerçek zamanlı tehdit bilgilerine erişim sağlayarak güvenlik operasyonlarını güçlendirir ve yanıt sürelerini iyileştirir. Ayrıca, MISP API, çeşitli güvenlik araçları ve sistemlerle etkileşim kurarak tehdit tespiti ve müdahale süreçlerini otomatikleştirmeyi kolaylaştırır. Bu sayede, kurumlar tehditlerle mücadele etmek için daha hızlı ve etkili bir şekilde hareket edebilirler.

OpenAPI Belgesi Kullanımı:

OpenAPI belgeleri, MISP API'nin kullanımını tanımlayan bir rehberdir. Bu belgeler, API endpoint'lerinin, parametrelerin ve kullanım yönergelerinin yanı sıra API'ye yapılan isteklerin nasıl yapılandırılacağı hakkında ayrıntılı bilgi sağlar. Özellikle, belgede her endpoint'in URL'si, desteklediği HTTP metotları (GET, POST, PUT, DELETE vb.), gerekli ve isteğe bağlı parametreler, yanıt formatı ve hata durumları gibi bilgiler bulunur.

OpenAPI belgeleri, MISP API'nin sağladığı işlevlerin ve servislerin ayrıntılı bir tanımını içerir. Bu belgeler, API'nin nasıl kullanılacağı hakkında kapsamlı bir rehber sağlar ve API'nin işlevselliğini tam olarak anlamak için önemlidir.

REST Client Arayüzü Kullanımı:

REST client arayüzü, kullanıcılara API'ye doğrudan erişim ve istek gönderme imkanı sağlar. Bu arayüz, API belgelerinde belirtilen parametreleri kullanarak istekler oluşturabilir ve cevapları alabilir. Kullanıcılar, API isteklerini kolayca yapılandırabilir, istenen parametreleri ekleyebilir ve istekleri göndererek API'den veri alabilirler.

REST client arayüzü genellikle bir web tabanlı uygulama veya bir masaüstü uygulama olarak sunulur. Kullanıcılar, bu arayüzü kullanarak belirli bir API endpoint'ine istek göndermek için gereken HTTP yöntemini (GET, POST, PUT, DELETE vb.) seçebilirler. Ardından, istek için gereken parametreleri ve verileri ekleyebilirler ve isteği göndererek API'den cevap alabilirler.

Bu arayüz, API'ye hızlı ve etkili bir şekilde erişmek için kullanışlı bir araçtır ve API'nin nasıl kullanılacağını anlamak için OpenAPI belgeleriyle birlikte kullanılabilir.

API Erişimi ve Yetkilendirme

MISP API'ye erişim, kullanıcıların güvenlik bilgilerini sağlamaları gereken yetkilendirme mekanizması üzerinden gerçekleşir. API'ye erişim için bir API anahtarı (Auth key) gereklidir ve bu anahtar, MISP kullanıcı arayüzünden ya da komut satırı aracılığı ile alınabilir.

API anahtarı, erişimin güvenliğini sağlamak için özenle saklanmalıdır, çünkü bu anahtar tüm veri tabanına erişim sağlar.

Kullanıcı Arayüzü:

1. Profilim -> Kimlik Doğrulama Anahtarları Bölümü:
   • Bu adımlar, kullanıcının kendi API anahtarını oluşturmasını sağlar.
   • Kullanıcı, kendi hesabına giriş yaparak "Profilim" sekmesine gitmelidir.
   • Ardından, "Kimlik Doğrulama Anahtarları" bölümüne tıklamalı ve "Kimlik Doğrulama Anahtarı Ekle" seçeneğini seçmelidir.
   • Bu adımları takip ederek, kullanıcı kendi API anahtarını oluşturabilir ve kullanabilir.

Yönetici Arayüzü:

2. Yönetici Olarak Başka Bir Kullanıcı İçin API Anahtarı Oluşturma:
   • Bu adımlar, yöneticinin başka bir kullanıcı adına API anahtarı oluşturmasını sağlar.
   • Yönetici, yönetici hesabına giriş yapmalı ve "Yönetim" sekmesine gitmelidir.
   • Ardından, "Kullanıcıları Listele" bölümüne tıklamalı ve istenen kullanıcının "Görünüm" sayfasına gitmelidir.
   • Kullanıcının sayfasında, "Kimlik Doğrulama Anahtarları" bölümünde "Kimlik Doğrulama Anahtarı Ekle" seçeneğini seçmelidir.
   • Bu adımları takip ederek, yönetici belirli bir kullanıcı adına API anahtarı oluşturabilir ve kullanıcıya iletebilir.

Kullanıcı Komut Satırı:

1. Komut Satırı Kullanarak Kendi API Anahtarınızı Oluşturma:
   • Kullanıcı, MISP'in yüklemesinin yapıldığı dizindeki CLI (Command Line Interface) aracını kullanarak API anahtarı oluşturabilir.
   • CLI aracını çalıştırmak için aşağıdaki komutu kullanabilir:
     ./app/Console/cake user change_authkey [e-posta/kullanıcı_kimliği]
   • Bu komut, belirtilen kullanıcının API anahtarını değiştirir veya yeni bir API anahtarı oluşturur.

Yönetici Komut Satırı:

2. Komut Satırı Kullanarak Başka Bir Kullanıcı İçin API Anahtarı Oluşturma:
   • API Yönetici düzeyinde bir API anahtarınız olması koşuluyla, başka bir kullanıcı adına API anahtarı oluşturabilirsiniz.
   • Bu işlem için [POST]/auth_keys/add/{{user_id}} uç noktasını kullanabilirsiniz. Burada {{user_id}}, API anahtarı oluşturmak istediğiniz kullanıcının kimliğini belirtir.
   • Bu istek, API yöneticisi tarafından yetkilendirilmiş olmalı ve belirtilen kullanıcının API anahtarını oluşturmak için gerekli izinlere sahip olmalısınız.
   • Bu şekilde, başka bir kullanıcı adına API anahtarı oluşturabilir ve belirli bir kullanıcıya iletebilirsiniz.

Kimlik doğrulama anahtarınız yalnızca bir kez görüntülenecek ve daha sonra tekrar erişilemeyecektir. Bu nedenle, anahtarı güvenli bir şekilde saklamanız önemlidir. Not almak veya güvenli bir parola yöneticisinde saklamak gibi uygun önlemler almanızı öneririz.

Bu anahtarlar, API'ye yetkilendirilmiş istekler göndermek için kullanılır ve kullanıcılara belirli bir güvenlik kimliği sağlar. API anahtarları, kullanıcıların MISP üzerinde belirli işlemleri otomatize etmelerine ve entegrasyonlar oluşturmalarına olanak tanır.

Rest Client Nedir?

REST Client, MISP API'yi etkili bir şekilde kullanmak için tasarlanmış bir araçtır. Bu araç, MISP platformuyla etkileşim kurmak için REST (Representational State Transfer) protokolünü kullanır ve bu sayede çeşitli güvenlik senaryolarında veri alışverişi yapmak için bir arabirim sunar.

REST client, Representational State Transfer (REST) prensiplerine uygun bir şekilde çalışan bir istemcidir. Bu istemci, bir RESTful web servisiyle etkileşim kurmak için HTTP protokolünü kullanır. 

Kullanım senaryoları:

1. Veri Alma: MISP REST Client, MISP platformundan güncel tehdit bilgilerini almak için kullanılabilir. Tehdit istihbaratı paylaşımını güncel tutmak ve kuruluşun güvenlik durumunu izlemek için önemlidir.

2. Veri Gönderme: MISP REST Client, kuruluşun kendi tehdit istihbaratı verilerini MISP platformuna göndermesine olanak tanır. Kuruluşun kendi gözlemlerini diğer kuruluşlarla paylaşarak daha geniş bir tehdit görüşünü sağlamak için önemlidir.

3. Otomatik Analiz ve Uyarı: MISP REST Client, MISP platformundan alınan verileri otomatik olarak analiz ederek ve belirlenen kriterlere göre uyarılar oluşturarak güvenlik operasyonlarını otomatikleştirmek için kullanılabilir.

4. Entegrasyon: MISP REST Client, diğer güvenlik araçları ve sistemleriyle entegrasyon sağlamak için kullanılabilir. Bu, MISP platformunun güvenlik altyapısına kolayca entegre edilmesini ve çeşitli güvenlik araçlarının birlikte çalışmasını sağlar.

REST Client ile API İstekleri

• Bookmarked Queries (Yer İmlenmiş Sorgular):

  • Bookmarked Queries bölümü, daha önceden yapılan ve kullanıcı tarafından kaydedilmiş API sorgularını görüntülemek için kullanılır. Bu özellik, sıkça kullanılan sorguları kolayca erişilebilir bir konumda tutmak için kullanışlıdır.

• Query History (Sorgu Geçmişi):

  • Query History bölümü, daha önceden yapılan tüm API sorgularının geçmişini görüntülemek için kullanılır. Bu özellik, geçmişte yapılan sorguların takibini sağlar ve hata ayıklama veya tekrar kullanım için kullanıcıya referans oluşturur.

• HTTP Method to Use (Kullanılacak HTTP Metodu):

  • Bir API isteğinin hangi HTTP metodu kullanılarak yapılacağını belirler. Örneğin, GET, POST, PUT, DELETE gibi metotlardan biri seçilir. Bu, isteğin amacına ve API'nin desteklediği operasyonlara bağlıdır.

• • • GET:

      • GET metodu, bir kaynağın okunması için kullanılır. Sunucudan belirtilen kaynağı almak için kullanılır. Örneğin, bir web sayfasını veya bir dosyayı almak için GET isteği yapılır.

    • POST:

      • POST metodu, bir kaynağa veri göndermek için kullanılır. Genellikle bir form gönderirken veya sunucuya veri kaydetmek için kullanılır. Örneğin, bir form doldurulduğunda ve gönderildiğinde, bu bilgiler POST isteğiyle sunucuya iletilir.

    • DELETE:

      • DELETE metodu, bir kaynağı silmek veya kaldırmak için kullanılır. Belirtilen kaynağın sunucu tarafından silinmesini istemek için kullanılır. Örneğin, bir dosyanın veya kaydın silinmesi için DELETE isteği yapılır.
• Relative Path to Query (Sorgulanacak İlgili Yol):
  • Bir isteğin gönderileceği URL'nin kök URL (Root URL)'ye göre konumunu belirten kısaltılmış bir yol ifadesidir. Bu, isteğin hangi endpoint'e yönlendirileceğini belirlemek için kullanılır. Göreceli yol (Relative Path), isteğin tam URL'sini oluşturmak için kök URL ile birleştirilir ve istenen endpoint veya kaynağın konumunu belirtir.

• Bookmark Query (Sorguyu Yer İmleri Ekle):

  • Bookmark Query özelliği, işaretlendiği takdirde oluşturulan bir sorgunun yer imlerine eklenmesini sağlar. Böylece, sıkça kullanılan veya önemli sorguların kolayca erişilebilir olmasını sağlar.

• Show Result (Sonucu Göster):

  • Show Result, API isteğinin sonucunun görüntülenmesini sağlar. işaretlendiği takdirde isteğin başarıyla tamamlanıp tamamlanmadığını ve alınan yanıtın içeriğini kullanıcıya gösterir.

• Skip SSL Validation (SSL Doğrulamasını Atla):

  • Skip SSL Validation özelliği, SSL sertifikası doğrulamasının atlanmasını sağlar. Bu, güvenli olmayan bir ortamda veya test amaçlı kullanımlarda gerekebilir, ancak genellikle tavsiye edilmez.
• HTTP Headers (HTTP Başlıkları):

  • HTTP headers, bir HTTP isteği veya yanıtı iletilirken kullanılan başlık alanlarıdır. Bu başlıklar, isteğin veya yanıtın  ne olduğunu, nasıl işlendiğini ve ne tür veri içerdiğini belirtir. RESTful API'lerde, HTTP başlıkları önemli bilgiler içerebilir ve belirli işlevlerin gerçekleştirilmesini sağlar.

• • "Authorization" başlığı, bir API'ye yetkilendirme bilgilerini eklemek için kullanılır. Bu başlık, isteği gönderenin kimliğini doğrulamak ve yetkilendirilmiş erişim sağlamak için kullanılır.

    Örneğin, bir API'ye erişmek için gereken API anahtarını (API key) belirtmek için kullanılır:

    Authorization: YOUR_API_KEY

  • "Accept" başlığı, istemci tarafından sunulan veri biçimini belirlemek için kullanılır. Sunucuya, istemcinin hangi medya türlerini kabul edebileceğini bildirmek için kullanılır. Bu, sunucunun yanıt olarak hangi medya türlerini gönderebileceğini belirler.

    Örneğin, istemci uygulama JSON formatında veri almak istiyorsa, aşağıdaki gibi bir başlık kullanır:

    Accept: application/json

  • "Content-Type" başlığı, istemcinin sunucuya gönderdiği verinin türünü belirtmek için kullanılır. Sunucuya gönderilen verinin hangi medya türünde olduğunu belirtir.

    Örneğin, istemci bir POST, PUT veya DELETE isteği gönderirken veriyi JSON formatında kodladıysa, aşağıdaki gibi bir başlık kullanır:

    Content-Type: application/json 
    
    
• HTTP Body (HTTP Gövdesi): 
  • HTTP Body, isteğin gövdesine eklenen veri veya bilgileri sunucuya iletmektir. Bu veri, genellikle istemcinin sunucuya iletmek istediği kaynakların detaylarını veya işlem yapılacak verileri içerir.

    Örneğin, bir tehdit istihbaratı raporu oluşturmak için MISP API'ye bir POST isteği gönderirken, HTTP gövdesi bu raporun içeriğini taşır.

    Rapor JSON formatında gönderilmek istenirse, HTTP gövdesi aşağıdaki gibi bir yapıda olabilir:

    {

    "title": "Örnek Rapor",

    "description": "Bu bir örnek rapordur.",

    "tags": ["tehdit", "analiz"], ...

    } 
    
    

    

• Templates (Şablonlar):
  • Şablonlar, daha önceden tanımlanmış ve genellikle yaygın olarak kullanılan API isteklerinin önceden yapılandırılmış formatlarını içerir. Kullanıcılar, belirli bir şablonu seçerek, istek için gereken parametreleri doldurarak hızlıca bir API isteği oluşturabilirler. Örneğin, "Event Search", "Attribute Creation" gibi şablonlar bulunabilir.
• Query Builder (Sorgu Oluşturucu):
  • Sorgu Oluşturucu, kullanıcıların bir API isteği için gerekli olan parametreleri adım adım seçmelerine olanak tanır. Kullanıcılar, belirli bir endpoint veya operasyon için gerekli olan parametreleri seçerek veya doldurarak isteklerini yapılandırabilirler. Kullanıcıların API'yi kullanırken gereken parametreleri hatırlamalarına veya manuel olarak yazmalarına gerek kalmadan kolayca istek oluşturmalarını sağlar.

Sorgu oluşturucu butonuna tıklandığı zaman yeni bir alan açılır.

Kullanıcının daha karmaşık ve özelleştirilmiş sorgular oluşturmasına olanak tanıyan bir araçtır. Bu alanda kullanıcılar, isteklerini daha fazla filtrelemek veya belirli koşulları karşılayan verileri sorgulamak için kapsamlı sorgu kuralları oluşturabilirler.

Örneğin, bir kullanıcı belirli bir tarihten sonra oluşturulan etkinlikleri veya belirli bir tehdit seviyesine sahip olanları filtrelemek istiyorsa, query builder aracını kullanarak bu koşulları belirtebilirler. Ayrıca, bu araç sayesinde birden fazla koşulu birleştirerek daha karmaşık sorgular da oluşturulabilir.

Bu yeni alan, kullanıcılara API isteklerini daha esnek ve özelleştirilmiş bir şekilde oluşturma imkanı sunar ve istenen verilere daha doğru bir şekilde erişmelerini sağlar.

PyMISP ile Otomasyon

PyMISP - MISP'e Erişmek İçin Python Kütüphanesi

PyMISP, MISP platformlarına Python programlama dili aracılığıyla REST API'leri kullanarak erişim sağlayan bir kütüphanedir. Bu kütüphane, MISP platformları ile etkileşimi kolaylaştırır ve otomasyon için bir arayüz sunar.

PyMISP'nin Sağladığı Yetenekler:

PyMISP, MISP platformlarındaki olaylara ve verilere erişimi sağlar ve çeşitli işlemleri gerçekleştirmenizi sağlar. Bu yetenekler arasında şunlar bulunur:

• Etkinliklerin eklenmesi, alınması, güncellenmesi, yayımlanması ve silinmesi
• Etiketlerin eklenmesi veya kaldırılması
• Dosya özniteliklerinin eklenmesi: karma, kayıt defteri anahtarı, desenler, kanal, muteks
• Ağ özniteliklerinin eklenmesi: IP hedefi/kaynağı, ana bilgisayar adı, etki alanı, URL, UA, ...
• E-posta özniteliklerinin eklenmesi: kaynak, hedef, konu, ek, ...
• Örneklerin yüklenmesi/indirilmesi
• Görüntülenmelerin güncellenmesi
• Tekliflerin eklenmesi, düzenlenmesi, kabul edilmesi ve silinmesi
• Tam metin araması ve niteliklere göre arama
• STIX etkinliklerinin alınması
• İstatistiklerin dışa aktarılması ve daha fazlası (api.py dosyasına bakınız)

Kurulum:

PyMISP'yi pip kullanarak veya GitHub deposundan en son sürümü alarak yükleyebilirsiniz. Kurulum talimatlarına aşağıdaki şekillerde ulaşabilirsiniz:

• Pip ile kurulum: pip install pymisp
• GitHub'dan en son sürümü yükleme: git clone https://github.com/MISP/PyMISP.git && cd PyMISP ve python setup.py install

PyMISP kütüphanesini kullanabilmek için MISP örneğinizde bir Kimlik Doğrulama Anahtarı'na ihtiyacınız olacaktır.

Başlarken:

PyMISP'yi kullanmaya başlamadan önce, MISP otomasyon anahtarınızı almanız gerekmektedir. Otomasyon anahtarınızı MISP web arayüzündeki otomasyon bölümünde veya profilinizde bulabilirsiniz.

PyMISP kütüphanesini kullanarak örnekler çalıştırmak için, git clone https://github.com/MISP/PyMISP.git komutunu kullanarak depoyu klonlayabilir ve örnekler klasöründeki keys.py dosyasını düzenleyerek MISP örneğinizin URL'sini ve otomasyon anahtarınızı belirtebilirsiniz.

PyMISP Kullanımı:

PyMISP'nin kullanımını daha iyi anlamak için mevcut örneklerden birine bakalım: add_named_attribute.py. Bu komut dosyası, sadece türünü bildiğiniz bir özniteliği mevcut bir etkinliğe eklemenizi sağlar (kategori varsayılan olarak belirlenir).

API Endpoint ve Parametreleri

EndPoint ve Parametre Nedir?

Endpoint Nedir?

Endpointler, bir web servisinin belirli bir işlevselliğini veya kaynağını temsil eden URL'lerdir. MISP API'sindeki endpointler, MISP platformundaki verilere erişmek veya işlemleri gerçekleştirmek için kullanılır.

Örneğin, /events/get endpointi, MISP platformundaki belirli bir etkinliği almak için kullanılır.

Parametreler Nedir?

Parametreler, bir endpointin çalıştırılmasını etkileyen veya belirli bir işlem için gerekli olan verilerdir. Endpointlere gönderilen parametreler, istenen işlemi belirler veya filtreleme yapar.

Örneğin, /events/get endpointine eventId parametresi göndererek, belirli bir etkinliği alabiliriz.

Analyst Data Parametreleri

Add Analyst Data:

Path Parametreleri:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
analystType	Evet	String (AnalystDataType)	Analist verisinin türünü belirtir.	"Note", "Opinion", "Relationship"
analystObjectUUID	Evet	String <uuid> (UUID)	Analist verisinin eklenmek istendiği nesnenin benzersiz kimliği.	"c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
analystObjectType	Evet	Herhangi bir veri türü	Analist verisinin eklenmek istendiği nesnenin türünü belirtir.	"Event", "Attribute", "Object" gibi değerle

Edit Analyst Data:

Path Parametreleri:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
analystType	Evet	String (AnalystDataType)	Analist verisinin türünü belirtir.	"Note", "Opinion", "Relationship"
analystID	Evet	AnalystDataID (string) or UUID (string)	Analist verisinin benzersiz kimliği (UUID) veya sayısal kimliği (AnalystDataID).	"c99506a6-1255-4b71-afa5-7b8ba48c3b1b" veya "12345"

Delete Analyst Data:

Path Parametreleri:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
analystType	Evet	String (AnalystDataType)	Analist verisinin türünü belirtir.	"Note", "Opinion", "Relationship"
analystID	Evet	AnalystDataID (string) or UUID (string)	Analist verisinin benzersiz kimliği (UUID) veya sayısal kimliği (AnalystDataID).	"c99506a6-1255-4b71-afa5-7b8ba48c3b1b" veya "12345"

List Analyst Data:

Path Parametreleri:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
analystType	Evet	String (AnalystDataType)	Analist verisinin türünü belirtir.	"Note", "Opinion", "Relationship"

Get Analyst Data by ID:

Path Parametreleri:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
analystType	Evet	String (AnalystDataType)	Analist verisinin türünü belirtir.	"Note", "Opinion", "Relationship"
analystID	Evet	AnalystDataID (string) or UUID (string)	Analist verisinin benzersiz kimliği (UUID) veya sayısal kimliği (AnalystDataID).	"c99506a6-1255-4b71-afa5-7b8ba48c3b1b" veya "12345"

Attribute Parametreleri

"Attribute" Kaynağını Aramak:

Request Body Şeması:

Parametre	Gerekli	Veri Türü	Maksimum Uzunluk	Açıklama	Örnek
page	-	integer or null <int32>	-	Sayfa numarası veya null	1
limit	-	integer or null <int32>	-	Sorgunun maksimum sonuç sayısı veya null	10
value	-	string (AttributeValue)	<= 131071	Değer	"example_value"
value1	-	string (AttributeValue)	<= 131071	Değer 1	"example_value1"
value2	-	string (AttributeValue)	<= 131071	Değer 2	"example_value2"
type	-	string (AttributeType)	<= 100	Tür	"md5", "sha1", "filename", vb.
category	-	string (AttributeCategory)	<= 255	Kategori	"Internal reference", "Targeting data", vb.
org	-	OrganisationId (string) or OrganisationName (string)	-	Kuruluş ID'si veya adı	"example_org_id" veya "example_org_name"
tags	-	Array of strings or null (TagsRestSearchFilter)	-	Etiketler veya null	["tag1", "tag2"]
from	-	string or null (DateRestSearchFilter)	-	Zaman damgası veya null	"2024-04-01T00:00:00Z"
to	-	string or null (DateRestSearchFilter)	-	Zaman damgası veya null	"2024-04-10T23:59:59Z"
last	-	(integer or null) or (string or null) (LastRestSearchFilter)	-	Son zaman dilimi	"5d", "12h", "2024-04-01T00:00:00Z"
eventid	-	string (EventId)	<= 10	Olay ID'si	"1234567890"
withAttachments	-	boolean (WithAttachmentsRestSearchFilter)	-	Ekleri içerir mi?	true, false
uuid	-	string <uuid> (UUID)	<= 36	UUID	"c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
publish_timestamp	-	string (Timestamp)	-	Yayımlanma zaman damgası	"1618234400" (UNIX zaman damgası)
published	-	boolean (PublishedFlag)	-	Yayımlandı mı?	true, false
timestamp	-	string (Timestamp)	-	Zaman damgası	"1618234400" (UNIX zaman damgası)
attribute_timestamp	-	string (Timestamp)	-	Nitelik zaman damgası	"1618234400" (UNIX zaman damgası)
enforceWarninglist	-	boolean or null (EnforceWarninglistRestSearchFilter)	-	Uyarı listesi zorunlu mu?	true, false, null
to_ids	-	boolean or null (ToIDSRestSearchFlag)	-	IDS'ye mi gönderilsin?	true, false, null
deleted	-	boolean (SoftDeletedFlagValuesToInclude)	-	Silinmiş öznitelikler içersin mi?	true, false
event_timestamp	-	string (Timestamp)	-	Olay zaman damgası	"1618234400" (UNIX zaman damgası)
threat_level_id	-	string (ThreatLevelId)	-	Tehdit seviyesi	"1", "2", "3", "4"
eventinfo	-	string	-	Olay hakkında hızlı açıklama	"example_event_info"
sharinggroup	-	Array of strings or null (SharingGroupIDRestSearchFilter)	-	Paylaşım grubu ID'leri veya null	["group_id1", "group_id2"]
decayingModel	-	string (DecayingModelRestSearchFilter)	-	Bozulma modeli	"example_decaying_model"
score	-	string (DecayingModelScoreRestSearchFilter)	-	Puan	"example_score"
first_seen	-	string	-	İlk görülme zamanı	"2024-04-01T00:00:00Z"
last_seen	-	string	-	Son görülme zamanı	"2024-04-10T23:59:59Z"
includeEventUuid	-	boolean (IncludeEventUUIDRestSearchFlag)	-	Etkinlik UUID'lerini içerir mi?	true, false
includeEventTags	-	boolean (IncludeEventTagsRestSearchFlag)	-	Etkinlik etiketlerini içerir mi?	true, false
includeProposals	-	boolean (IncludeProposalsRestSearchFlag)	-	Önerileri içerir mi?	true, false
requested_attributes	-	Array of strings (RequestedAttributesRestSearchFilter)	-	İstenen öznitelikler	["attribute1", "attribute2"]
includeContext	-	boolean or null (IncludeContextRestSearchFlag)	-	Bağlamı içerir mi?	true, false, null
headerless	-	boolean or null (HeaderlessRestSearchFlag)	-	Başlıksız olacak mı?	true, false, null
includeWarninglistHits	-	boolean or null (IncludeWarninglistHitsRestSearchFlag)	-	Uyarı listesi eşleşmeleri içerir mi?	true, false, null
attackGalaxy	-	string or null (AttackGalaxyRestSearchFilter)	-	Saldırı galaksisi	"example_attack_galaxy"
object_relation	-	string or null (ObjectRelationRestSearchFilter)	-	Nesne ilişkisi	"example_object_relation"
includeSightings	-	boolean or null (IncludeSightingDbRestSearchFlag)	-	Görüntülerle birlikte mi?	true, false, null
includeCorrelations	-	boolean or null (IncludeCorrelationsRestSearchFlag)	-	Korelasyonları içerir mi?	true, false, null
modelOverrides	-	object (ModelOverridesRestSearchFilter)	-	Model geçersiz kılma	"example_model_overrides"
includeDecayScore	-	boolean (IncludeDecayScoreRestSearchFlag)	-	Bozulma puanını içerir mi?	true, false
includeFullModel	-	boolean (IncludeFullModelRestSearchFlag)	-	Tam modeli içerir mi?	true, false
excludeDecayed	-	boolean (ExcludeDecayedRestSearchFlag)	-	Bozulmuş öğeleri hariç tutar mı?	true, false
returnFormat	-	string (AttributesRestSearchReturnFormat)	-	Yanıt biçimi	"json", "xml", "csv", vb.

Add an Attribute:

Path Parametreleri:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
eventId	Evet	EventId (string) or UUID (string)	Olayın benzersiz kimliği (UUID) veya sayısal kimliği (EventId)	"c99506a6-1255-4b71-afa5-7b8ba48c3b1b" veya "12345"

Request Body Şeması: 

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
event_id	Evet	string (EventId)	Olayın benzersiz kimliği (En fazla 10 karakter)	"1234567890"
object_id	Evet	string (ObjectId)	Nesne ID'si (En fazla 10 karakter)	"9876543210"
object_relation	-	string or null (NullableObjectRelation)	Nesne ilişkisi (En fazla 255 karakter)	"example_relation"
category	-	string (AttributeCategory)	Kategori (En fazla 255 karakter)	"Internal reference"
type	-	string (AttributeType)	Tür (En fazla 100 karakter)	"md5", "sha1", vb.
value	-	string (AttributeValue)	Değer (En fazla 131071 karakter)	"example_value"
to_ids	-	boolean (ToIDS)	IDS'ye gönderilsin mi? (Varsayılan: true)	true, false
uuid	-	string <uuid> (UUID)	UUID (En fazla 36 karakter)	"c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
timestamp	-	string or null (NullableTimestamp)	Zaman damgası (^\d+$	^$) (Varsayılan: "0")
distribution	-	string (DistributionLevelId)	Dağıtım seviyesi (Enum: "0" "1" "2" "3" "4" "5")	"3"
sharing_group_id	-	string or null (SharingGroupId)	Paylaşım grubu ID'si (^\d+$	^$) (En fazla 10 karakter)
comment	-	string (AttributeComment)	Yorum (En fazla 65535 karakter)	"example_comment"
deleted	-	boolean (SoftDeletedFlag)	Silinmiş mi? (Varsayılan: false)	true, false
disable_correlation	-	boolean (DisableCorrelationFlag)	Korelasyonu devre dışı bırak (Varsayılan: false)	true, false
first_seen	-	string or null (NullableMicroTimestamp)	İlk görülme zamanı (^\d+$	^$) (Varsayılan: null)
last_seen	-	string or null (NullableMicroTimestamp)	Son görülme zamanı (^\d+$	^$) (Varsayılan: null)

Edit an Attribute:

Path Parametreleri:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
attributeId	Evet	AttributeId (string) or UUID (string)	Özniteliğin benzersiz kimliği (UUID) veya sayısal kimliği (AttributeId)	"c99506a6-1255-4b71-afa5-7b8ba48c3b1b" veya "12345"

Request Body Şeması: 

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
id	Evet	string (AttributeId)	Öznitelik ID'si (En fazla 10 karakter, sadece sayılar içermeli)	"1234567890"
event_id	Evet	string (EventId)	Olay ID'si (En fazla 10 karakter, sadece sayılar içermeli)	"1234567890"
object_id	Evet	string (ObjectId)	Nesne ID'si (En fazla 10 karakter, sadece sayılar içermeli)	"1234567890"
object_relation	-	string or null (NullableObjectRelation)	Nesne ilişkisi (En fazla 255 karakter)	"example_relation"
category	-	string (AttributeCategory)	Kategori (En fazla 255 karakter)	"Internal reference"
type	-	string (AttributeType)	Tür (En fazla 100 karakter)	"md5", "sha1", vb.
value	-	string (AttributeValue)	Değer (En fazla 131071 karakter)	"example_value"
to_ids	-	boolean (ToIDS)	IDS'ye gönderilsin mi? (Varsayılan: true)	true, false
uuid	-	string <uuid> (UUID)	UUID (En fazla 36 karakter)	"c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
timestamp	-	string or null (NullableTimestamp)	Zaman damgası (^\d+$	^$) (Varsayılan: "0")
distribution	-	string (DistributionLevelId)	Dağıtım seviyesi (Enum: "0" "1" "2" "3" "4" "5")	"3"
sharing_group_id	-	string or null (SharingGroupId)	Paylaşım grubu ID'si (^\d+$	^$) (En fazla 10 karakter)
comment	-	string (AttributeComment)	Yorum (En fazla 65535 karakter)	"example_comment"
deleted	-	boolean (SoftDeletedFlag)	Silinmiş mi? (Varsayılan: false)	true, false
disable_correlation	-	boolean (DisableCorrelationFlag)	Korelasyonu devre dışı bırak (Varsayılan: false)	true, false
first_seen	-	string or null (NullableMicroTimestamp)	İlk görülme zamanı (^\d+$	^$) (Varsayılan: null)
last_seen	-	string or null (NullableMicroTimestamp)	Son görülme zamanı (^\d+$	^$) (Varsayılan: null)

Delete an Attribute:

Path Parametreleri:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
attributeId	Evet	AttributeId (string) or UUID (string)	Öznitelik ID'si (En fazla 10 karakter, sadece sayılar içermeli) veya benzersiz kimliği (UUID)	"c99506a6-1255-4b71-afa5-7b8ba48c3b1b" veya "12345"

Restore an Attribute:

Path Parametreleri:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
attributeId	Evet	AttributeId (string) or UUID (string)	Öznitelik kimliği (En fazla 10 karakter, sadece sayılar içermeli) veya benzersiz kimlik (UUID)	"c99506a6-1255-4b71-afa5-7b8ba48c3b1b" veya "12345"

Add a Tag to an Attribute:

Path Parametreleri:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
attributeId	Evet	AttributeId (string) or UUID (string)	Öznitelik kimliği (En fazla 10 karakter, sadece sayılar içermeli) veya benzersiz kimlik (UUID)	"c99506a6-1255-4b71-afa5-7b8ba48c3b1b" veya "12345"
tagId	Evet	string (TagId)	Etiket kimliği (En fazla 10 karakter, sadece sayılar içermeli)	"12345"
local	-	integer <int32>	Yerel ekleme (En fazla 1 karakter) (Varsayılan: 0)	0, 1

Remove a tag from an attribute:

Path Parametreleri:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
attributeId	Evet	AttributeId (string) or UUID (string)	Öznitelik kimliği (En fazla 10 karakter, sadece sayılar içermeli) veya benzersiz kimlik (UUID)	"c99506a6-1255-4b71-afa5-7b8ba48c3b1b" veya "12345"
tagId	Evet	string (TagId)	Etiket kimliği (En fazla 10 karakter, sadece sayılar içermeli)	"12345"

Get an attribute by ID:

Path Parametreleri:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
attributeId	Evet	AttributeId (string) or UUID (string)	Öznitelik kimliği (En fazla 10 karakter, sadece sayılar içermeli) veya benzersiz kimlik (UUID)	"c99506a6-1255-4b71-afa5-7b8ba48c3b1b" veya "12345"

Get the count of attributes per category:

Path Parametreleri:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
context	Evet	string	İstatistiklerin bağlamı.	"type" veya "category"
percentage	Evet	integer	Yüzdelik dilim. 0: Öznitelik sayısını göstermek için, 1: Yüzdeleri göstermek için.	0 veya 1

Event Parametreleri

"Event" Kaynağını Aramak:

Request Body Şeması:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
page	Opsiyonel	integer or null <int32>	1'den büyük bir tamsayı.	1 veya null
limit	Opsiyonel	integer or null <int32>	0'dan büyük veya null.	10 veya null
value	Opsiyonel	string	131071 karaktere kadar olan bir dize.	"sample_value"
type	Opsiyonel	string	100 karaktere kadar olan bir dize.	"md5"
category	Opsiyonel	string	255 karaktere kadar olan bir dize.	"Internal reference"
org	Opsiyonel	OrganisationId (string) or OrganisationName (string)	Organizasyon kimliği veya adı.	"org_id" veya "org_name"
tags	Opsiyonel	Array of strings or null	Dize dizisi veya null.	["tag1", "tag2"] veya null
event_tags	Opsiyonel	Array of strings or null	Dize dizisi veya null.	["event_tag1", "event_tag2"] veya null
searchall	Opsiyonel	string	Etiket adları, etkinlik açıklamaları, öznitelik değerleri veya öznitelik yorumlarıyla eşleşen olayları arama.	"search_value"
from	Opsiyonel	string or null	Geçerli zaman filtreleri kullanılabilir.	"2024-01-01" veya null
to	Opsiyonel	string or null	Geçerli zaman filtreleri kullanılabilir.	"2024-12-31" veya null
last	Opsiyonel	integer or string or null	Son x zaman içinde yayımlanan etkinlikler.	7 veya "7d" veya null
eventid	Opsiyonel	string	10 karakterden az olan bir dize.	"12345"
withAttachments	Opsiyonel	boolean	Varsa eklerin base64 temsiliyle genişletir.	true veya false
sharinggroup	Opsiyonel	Array of strings or null	Paylaşım grubu ID(ler)i.	["sg_id1", "sg_id2"] veya null
metadata	Opsiyonel	boolean or null	Belirtilen sorgu kapsamının metadatasını sadece döndürür, içerilen veri atlanır.	true, false veya null
uuid	Opsiyonel	string <uuid>	36 karakterden az olan bir dize.	"uuid_value"
publish_timestamp	Opsiyonel	string	^\d+$	"timestamp_value"
timestamp	Opsiyonel	string	^\d+$	"timestamp_value"
published	Opsiyonel	boolean	false	true veya false
enforceWarninglist	Opsiyonel	boolean or null	Uyarı listesinin zorunlu olup olmayacağını belirtir. Eşleşen öznitelikler için engellenmiş alan ekler.	true, false veya null
sgReferenceOnly	Opsiyonel	boolean	Yalnızca paylaşım grubu kimliğini döndürür.	true veya false
requested_attributes	Opsiyonel	Array of strings	CSV dışa aktarmada seçilecek özelliklerin listesi.	["attr1", "attr2"]
includeContext	Opsiyonel	boolean or null	CSV dışa aktarmada etkinliklerin bağlam alanlarını ekler.	true, false veya null
headerless	Opsiyonel	boolean or null	CSV dışa aktarmada başlığı kaldırır.	true, false veya null
includeWarninglistHits	Opsiyonel	boolean or null	true, false veya null	true, false veya null
attackGalaxy	Opsiyonel	string or null	true, false veya null	true, false veya null
to_ids	Opsiyonel	boolean	true	true veya false
deleted	Opsiyonel	boolean	false	true veya false
excludeLocalTags	Opsiyonel	boolean or null	true, false veya null	true, false veya null
date	Opsiyonel	string or null	true, false veya null	true, false veya null
includeSightingdb	Opsiyonel	boolean or null	true, false veya null	true, false veya null
tag	Opsiyonel	string	255 karakterden az olan bir dize.	"tag_name"
object_relation	Opsiyonel	string or null	Öznitelik nesne ilişki değerine göre filtreleme.	"relation_value" veya null
threat_level_id	Opsiyonel	string	Tehdit seviyesini temsil eder.	"1" "2" "3" "4"
returnFormat	Opsiyonel	string	Yanıt yükü biçimi.	"json" veya "csv"

Add event:

Request Body Şeması:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
org_id	Opsiyonel	string	10 karakterden az olan bir dize.	"org_id"
distribution	Opsiyonel	string	Dağıtım seviyesi kimin etkinliği görebileceğini belirtir.	"0" "1" "2" "3" "4" "5"
info	Opsiyonel	string	65535 karaktere kadar olan bir dize.	"event_info"
orgc_id	Opsiyonel	string	10 karakterden az olan bir dize.	"orgc_id"
uuid	Opsiyonel	string <uuid>	36 karakterden az olan bir dize.	"uuid_value"
date	Opsiyonel	string	Tarih dizesi.	"2024-01-01"
published	Opsiyonel	boolean	false	true veya false
analysis	Opsiyonel	string	Analiz olgunluk seviyesini temsil eder.	"0" "1" "2"
attribute_count	Opsiyonel	string	^\d+$	"10"
timestamp	Opsiyonel	string or null	^\d+$ veya null	"timestamp_value" veya null
sharing_group_id	Opsiyonel	string or null	10 karakterden az olan bir dize veya null.	"sg_id" veya null
proposal_email_lock	Opsiyonel	boolean	true veya false	true veya false
locked	Opsiyonel	boolean	true veya false	true veya false
threat_level_id	Opsiyonel	string	Tehdit seviyesini temsil eder.	"1" "2" "3" "4"
publish_timestamp	Opsiyonel	string	^\d+$	"timestamp_value"
sighting_timestamp	Opsiyonel	string	^\d+$	"timestamp_value"
disable_correlation	Opsiyonel	boolean	Default: false	true veya false
extends_uuid	Opsiyonel	string or null	36 karakterden az olan bir dize veya null.	"extends_uuid_value" veya null
event_creator_email	Opsiyonel	string <email>	Etkinlik oluşturucu e-posta adresi.	"example@example.com"

Edit event:

Path Parametreleri: 

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
eventId	Zorunlu	string	10 karakterden az olan bir dize.	"eventId"

Request Body Şeması:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
org_id	Opsiyonel	string (OrganisationId)	10 karakterden az olan bir dize, sadece rakamlar içerebilir.	"1234567890"
distribution	Opsiyonel	string (DistributionLevelId)	Dağıtım seviyesini belirten bir dize. 0 ile 5 arasında bir değer alabilir.	"2"
info	Opsiyonel	string	Olay hakkında bilgi içeren bir dize.	"Bu bir test olayıdır."
orgc_id	Opsiyonel	string (OrganisationId)	10 karakterden az olan bir dize, sadece rakamlar içerebilir.	"9876543210"
uuid	Opsiyonel	string <uuid>	En fazla 36 karakter içeren bir UUID dizesi.	"550e8400-e29b-41d4-a716-446655440000"
date	Opsiyonel	string	Tarih bilgisini içeren bir dize.	"2024-04-12"
published	Opsiyonel	boolean (PublishedFlag)	Olayın yayımlanıp yayımlanmadığını belirten bir boolean değer.	true
analysis	Opsiyonel	string (AnalysisLevelId)	Analiz olgunluk seviyesini belirten bir dize.	"1"
attribute_count	Opsiyonel	string (EventAttributeCount)	Olaya bağlı öznitelik sayısını belirten bir dize.	"5"
timestamp	Opsiyonel	string or null (NullableTimestamp)	Zaman damgasını içeren bir dize veya null değer.	"1649252400"
sharing_group_id	Opsiyonel	string or null (SharingGroupId)	10 karakterden az olan bir dize veya null değer, sadece rakamlar içerebilir.	"1234567890"
proposal_email_lock	Opsiyonel	boolean (EventProposalEmailLock)	Öneri e-postası kilidinin açık veya kapalı olup olmadığını belirten bir boolean değer.	false
locked	Opsiyonel	boolean (IsLocked)	Kilidin açık veya kapalı olup olmadığını belirten bir boolean değer.	true
threat_level_id	Opsiyonel	string (ThreatLevelId)	Tehdit seviyesini belirten bir dize.	"3"
publish_timestamp	Opsiyonel	string (Timestamp)	Yayımlama zaman damgasını içeren bir dize.	"1649252400"
sighting_timestamp	Opsiyonel	string (Timestamp)	Görünme zaman damgasını içeren bir dize.	"1649252400"
disable_correlation	Opsiyonel	boolean (DisableCorrelationFlag)	Korelasyonun etkin veya etkisiz olup olmadığını belirten bir boolean değer.	true
extends_uuid	Opsiyonel	string or null (ExtendsUUID)	En fazla 36 karakter içeren bir UUID dizesi veya null değer.	"550e8400-e29b-41d4-a716-446655440000"
event_creator_email	Opsiyonel	string <email>	Olayın oluşturulduğu e-posta adresi.	"example@example.com"

Delete event:

Path Parametreleri: 

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
eventId	Gerekli	string	Olayın benzersiz kimliği, ya bir dize ya da UUID olarak ifade edilebilir.	"123456" veya "550e8400-e29b-41d4-a716-446655440000"

Search events:

Request Body Şeması:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
page	Opsiyonel	integer or null	Sorgunun başlayacağı sayfa numarası. 1'den büyük olmalı.	1 veya null
limit	Opsiyonel	integer or null	Sayfa başına dönecek maksimum öğe sayısı. 0 veya daha büyük olmalı.	10 veya null
sort	Opsiyonel	string or null	Sonuçları sıralamak için kullanılacak alan.	"date" veya null
direction	Opsiyonel	string or null	Sıralama yönü. "asc" (artan) veya "desc" (azalan). Varsayılan: "asc".	"asc" veya null
minimal	Opsiyonel	boolean or null	Varsayılan: false. Sadece attributeCount > 0 olan olayların minimal bir sürümünü döndürür.	true veya null
attribute	Opsiyonel	string or null	Verilen dizeyle eşleşen öznitelik değerlerine göre olayları filtreler.	"vulnerability" veya null
eventid	Opsiyonel	string	Olay kimliği.	"123456"
datefrom	Opsiyonel	string or null	Olay oluşturulma tarihi belirtilen tarihten büyük veya eşit olmalıdır.	"2024-01-01" veya null
dateuntil	Opsiyonel	string or null	Olay oluşturulma tarihi belirtilen tarihten küçük veya eşit olmalıdır.	"2024-03-31" veya null
org	Opsiyonel	string or null	Olayı oluşturan kuruluş adına göre olayları filtreler.	"ABC Corp" veya null
eventinfo	Opsiyonel	string or null	Olay bilgisi metni ile eşleşen olayları filtreler.	"suspicious activity" veya null
tag	Opsiyonel	string	Belirtilen etiket adlarından herhangi biriyle eşleşen olayları filtreler.	"malware"
tags	Opsiyonel	array of strings or null	Belirtilen etiket adlarından herhangi biriyle eşleşen olayları filtreler.	["malware", "phishing"] veya null
distribution	Opsiyonel	string	Olayın yayımlanmasının ve sonunda çekilmesinin kimler tarafından görülebileceğini belirtir.	"1"
sharinggroup	Opsiyonel	string or null	Paylaşım grubu kimliği.	"123456" veya null
analysis	Opsiyonel	string	Analiz olgunluk seviyesini temsil eder.	"2"
threatlevel	Opsiyonel	string	Tehdit seviyesini temsil eder.	"1"
email	Opsiyonel	string or null	Olay oluşturan kullanıcı e-postasıyla eşleşen olayları filtreler.	"user@example.com" veya null
hasproposal	Opsiyonel	string or null	Değişiklik önerileri içeren özniteliklere sahip olayları kontrol eder. Olası değerler: 0, 1.	"1" veya null
timestamp	Opsiyonel	string or null	Olay zaman damgası belirtilen tarihten büyük veya eşit olmalıdır.	"1648860516" veya null
publish_timestamp	Opsiyonel	string or null	Olayın yayımlanma zaman damgası belirtilen tarihten büyük veya eşit olmalıdır.	"1648860516" veya null
searchDatefrom	Opsiyonel	string or null	Tarihe göre filtreler, belirtilen tarihten daha yeni her şey alınır. YYYY-MM-DD biçiminde.	"2024-01-01" veya null
searchDateuntil	Opsiyonel	string or null	Tarihe göre filtreler, belirtilen tarihten daha eski her şey alınır. YYYY-MM-DD biçiminde.	"2024-03-31" veya null

Get event by ID:

Path Parametreleri: 

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
eventId	Gerekli	string	Olayın benzersiz kimliği, ya bir dize ya da UUID olarak ifade edilebilir.	"123456" veya "550e8400-e29b-41d4-a716-446655440000"

Publish an event:

Path Parametreleri: 

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
eventId	Gerekli	string	Olayın benzersiz kimliği, ya bir dize ya da UUID olarak ifade edilebilir.	"123456" veya "550e8400-e29b-41d4-a716-446655440000"

Unpublish an event:

Path Parametreleri: 

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
eventId	Gerekli	string	Olayın benzersiz kimliği, ya bir dize ya da UUID olarak ifade edilebilir.	"123456" veya "550e8400-e29b-41d4-a716-446655440000"

Add event tag:

Path Parametreleri: 

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
eventId	Gerekli	string	Olayın benzersiz kimliği, ya bir dize ya da UUID olarak ifade edilebilir.	"123456" veya "550e8400-e29b-41d4-a716-446655440000"
tagId	Gerekli	string	Sayısal bir kimliği temsil eden etiket kimliği.	"12345"
local	Opsiyonel	integer	Hedefe yerel olarak eklenip eklenmeyeceğini belirler.	0 veya 1 (Varsayılan değer: 0)

Remove event tag:

Path Parametreleri:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
eventId	Gerekli	string	Olayın benzersiz kimliği, ya bir dize ya da UUID olarak ifade edilebilir.	"123456" veya "550e8400-e29b-41d4-a716-446655440000"
tagId	Gerekli	string	Etiketin sayısal bir kimliğini temsil eder.	"12345"

Galaxy Parametreleri

Get galaxy by ID:

Path Parametreleri:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
galaxyId	Gerekli	string	Galaksinin benzersiz kimliği, ya bir dize ya da UUID olarak ifade edilebilir.	"7890" veya "550e8400-e29b-41d4-a716-446655440000"

Delete a galaxy:

Path Parametreleri:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
galaxyId	Gerekli	string	Galaksinin benzersiz kimliği, ya bir dize ya da UUID olarak ifade edilebilir.	"7890" veya "550e8400-e29b-41d4-a716-446655440000"

Import a galaxy cluster:

Request Body Şeması:

GalaxyCluster:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
uuid		string <uuid> (UUID) <= 36 chars	Galaxy kümesi kimliği	"550e8400-e29b-41d4-a716-446655440000"
collection_uuid		string <uuid> (UUID) <= 36 chars	Toplama kimliği	"550e8400-e29b-41d4-a716-446655440000"
type		string (GalaxyClusterType) <= 255 chars	Galaxy kümesi türü	"Cluster Type"
value		string (GalaxyClusterValue) <= 65535 chars	Galaxy kümesi değeri	"Cluster Value"
tag_name		string (TagName) <= 255 chars	Etiket adı	"Tag Name"
description		string (GalaxyClusterDescription) <= 65535 chars	Galaxy kümesi açıklaması	"Cluster Description"
galaxy_id		string (GalaxyId) <= 10 chars	Galaxy kimliği	"123456"
source		string (GalaxyClusterSource) <= 255 chars	Kaynak bilgisi	"Cluster Source"
authors		Array of strings	Yazarlar	["Author 1", "Author 2"]
version		string or null	Sürüm bilgisi	"1.0.0"
distribution		string (DistributionLevelId)	Dağıtım düzeyi	"2"
sharing_group_id		string or null	Paylaşım grubu kimliği	"123456"
org_id		string (OrganisationId) <= 10 chars	Organizasyon kimliği	"123456"
orgc_id		string (OrganisationId) <= 10 chars	Organizasyon kategori kimliği	"123456"
default		boolean	Varsayılan mı?	true
locked		boolean	Kilitli mi?	false
extends_uuid		string or null	Genişletilmiş sürüm kimliği	"550e8400-e29b-41d4-a716-446655440000"
extends_version		string or null	Genişletilmiş sürüm bilgisi	"1.0.0"
published		boolean	Yayınlandı mı?	true
deleted		boolean	Silindi mi?	false
GalaxyElement		Array of objects	Galaxy öğeleri

Galaxy:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
uuid		string <uuid> (UUID) <= 36	Galaxy kimliği	"550e8400-e29b-41d4-a716-446655440000"

Export galaxy clusters:

Path Parametreleri:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
galaxyId	Evet	string or UUID	Galaksinin benzersiz kimliği	"12345" veya "550e8400-e29b-41d4-a716-446655440000"

Request Body Şeması:

Galaxy:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
default	Opsiyonel	boolean	true, default=true olan galaxy kümelerini filtrelemek için kullanılır.	true
custom	Opsiyonel	boolean	true, default=false olan galaxy kümelerini filtrelemek için kullanılır.	false
distribution	Opsiyonel	string	Dağıtım seviyesini belirler.	"0"
format	Opsiyonel	string	Sonucun formatını belirler. "misp-galaxy" formatında sonuç almak için kullanılır.	"default" veya "misp-galaxy"
download	Opsiyonel	boolean	true, yanıtı bir json dosyası olarak indirmek için kullanılır.	true veya false

Attach the galaxy cluster tag a given entity:

Path Parametreleri:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
attachTargetId	Gerekli	string	Hedef varlığın (Olay, Öznitelik veya Etiket Koleksiyonu) benzersiz kimliği.	"123456" veya "550e8400-e29b-41d4-a716-446655440000"
attachTargetType	Gerekli	string	Eklemek istediğiniz varlık türü.	"event", "attribute" veya "tag_collection"
local	Opsiyonel	integer	Hedefe yerel olarak eklenip eklenmeyeceğini belirler.	0 veya 1

Request Body Şeması:

Galaxy:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
target_id	Gerekli	integer	Eklemek istediğiniz hedef galaksi kümesi.	12345

 

Galaxy Cluster Parametreleri

Add galaxy cluster:

Path Parametreleri:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
galaxyId	Gerekli	string	Galaksinin benzersiz kimliği, ya bir dize ya da UUID olarak ifade edilebilir.	"123456" veya "550e8400-e29b-41d4-a716-446655440000"

Request Body Şeması:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
id	Evet	string (GalaxyClusterId)	Galaksi Kümesinin benzersiz kimliği. Maksimum 10 karakterdir ve yalnızca rakamlardan oluşabilir.	"12345"
uuid		string <uuid> (UUID)	Galaksi Kümesinin evrensel benzersiz kimliği. Maksimum 36 karakterdir.	"550e8400-e29b-41d4-a716-446655440000"
collection_uuid		string <uuid> (UUID)	Küme koleksiyonunun evrensel benzersiz kimliği. Maksimum 36 karakterdir.	"550e8400-e29b-41d4-a716-446655440001"
type		string	Galaksi Kümesinin türü. Maksimum 255 karakterdir.	"type"
value		string	Galaksi Kümesinin değeri. Maksimum 65535 karakterdir.	"value"
tag_name		string (TagName)	Etiketin adı. Maksimum 255 karakterdir.	"tag"
description		string	Galaksi Kümesinin açıklaması. Maksimum 65535 karakterdir.	"description"
galaxy_id	Evet	string (GalaxyId)	Galaksinin benzersiz kimliği. Maksimum 10 karakterdir ve yalnızca rakamlardan oluşabilir.	"123456"
source		string	Galaksi Kümesinin kaynağı. Maksimum 255 karakterdir.	"source"
authors		Array of strings	Galaksi Kümesinin yazarları.	["author1", "author2"]
version		string or null	Galaksi Kümesinin sürümü. Maksimum 255 karakterdir.	"1.0"
distribution		string (DistributionLevelId)	Olayın yayılma düzeyi. 0-5 arasında bir değer alabilir.	"0"
sharing_group_id		string or null (SharingGroupId)	Paylaşım grubunun benzersiz kimliği. Maksimum 10 karakterdir ve yalnızca rakamlardan oluşabilir.	"123"
org_id		string (OrganisationId)	Organizasyonun benzersiz kimliği. Maksimum 10 karakterdir ve yalnızca rakamlardan oluşabilir.	"456"
orgc_id		string (OrganisationId)	Organizasyonun benzersiz kimliği. Maksimum 10 karakterdir ve yalnızca rakamlardan oluşabilir.	"789"
default		boolean	Varsayılan olup olmadığını belirtir.	true
locked		boolean	Kilidin açık olup olmadığını belirtir.	false
extends_uuid		string or null	Genişletilen kümenin evrensel benzersiz kimliği. Maksimum 36 karakterdir.	"550e8400-e29b-41d4-a716-446655440002"
extends_version		string or null	Genişletilen kümenin sürümü. Maksimum 255 karakterdir.	"1.1"
published		boolean	Yayınlanıp yayınlanmadığını belirtir.	true
deleted		boolean	Silinip silinmediğini belirtir.	false
GalaxyElement		Array of objects	Galaksi öğeleri.	-

Edit galaxy cluster:

Path Parametreleri:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
galaxyClusterId	Evet	string (GalaxyClusterId)	Galaksi Kümesinin benzersiz kimliği.	"12345"

Request Body Şeması:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
id	Evet	string (GalaxyClusterId)	Galaksi Kümesinin benzersiz kimliği.	"123"
uuid		string <uuid> (UUID) <= 36 chars	Galaxy Kümesi için UUID.	"550e8400-e29b-41d4-a716-446655440000"
collection_uuid		string <uuid> (UUID) <= 36 chars	Küme UUID'si.	"550e8400-e29b-41d4-a716-446655440000"
type		string (GalaxyClusterType)	Galaxy Kümesi türü.	"type"
value		string (GalaxyClusterValue)	Galaxy Kümesinin değeri.	"value"
tag_name		string (TagName)	Etiket adı.	"tag"
description		string (GalaxyClusterDescription)	Galaxy Kümesinin açıklaması.	"description"
galaxy_id		string (GalaxyId) <= 10 chars	Galaxy kimliği.	"123"
source		string (GalaxyClusterSource)	Kaynak bilgisi.	"source"
authors		Array of strings	Yazarlar.	["author1", "author2"]
version		string or null	Versiyon numarası.	"1.0"
distribution		string (DistributionLevelId)	Dağıtım seviyesi.	"0"
sharing_group_id		string or null	Paylaşım grubu kimliği.	"123"
org_id		string (OrganisationId) <= 10 chars	Organizasyon kimliği.	"123"
orgc_id		string (OrganisationId) <= 10 chars	Organizasyonun bağlı olduğu kimlik.	"123"
default		boolean	Varsayılan mı?	true
locked		boolean	Kilitli mi?	true
extends_uuid		string or null	Uzatma UUID'si.	"550e8400-e29b-41d4-a716-446655440000"
extends_version		string or null	Uzatma sürümü.	"1.0"
published		boolean	Yayınlandı mı?	true
deleted		boolean	Silinmiş mi?	false
GalaxyElement		Array of objects	Galaxy Elemanları.	[{...}]

Get galaxy clusters:

Path Parametreleri:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
galaxyId	Evet	GalaxyId (string) veya UUID (string)	Galaksi kimliği veya UUID'si	"123" veya "550e8400-e29b-41d4-a716-446655440000"

Search galaxy clusters:

Path Parametreleri:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
galaxyId	Evet	string	Galaksi kimliği veya UUID'si	"123" veya "550e8400-e29b-41d4-a716-446655440000"

Request Body Şeması:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
context	Hayır	string	Enum: "all" "default" "org" "deleted"	"all"
searchall	Hayır	string	Galaksi kümelerini herhangi bir değer, açıklama, uuid veya galaksi öğeleri değerleriyle eşleştirerek arayın.	"example"

Get galaxy cluster by ID:

Path Parametreleri:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
galaxyClusterId	Evet	string	Galaxy kümesinin benzersiz kimliği, bir dize veya UUID olarak ifade edilebilir.	"123456" veya "550e8400-e29b-41d4-a716-446655440000"

Publish galaxy cluster:

Path Parametreleri:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
galaxyClusterId	Evet	string	Galaxy kümesinin benzersiz kimliği, bir dize veya UUID olarak ifade edilebilir.	"123456" veya "550e8400-e29b-41d4-a716-446655440000"

Unpublish galaxy cluster:

Path Parametreleri:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
galaxyClusterId	Evet	string	Galaxy kümesinin benzersiz kimliği, bir dize veya UUID olarak ifade edilebilir.	"123456" veya "550e8400-e29b-41d4-a716-446655440000"

Delete galaxy cluster:

Path Parametreleri:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
galaxyClusterId	Evet	string	Galaxy kümesinin benzersiz kimliği, bir dize veya UUID olarak ifade edilebilir.	"123456" veya "550e8400-e29b-41d4-a716-446655440000"

Restore galaxy cluster:

Path Parametreleri:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
galaxyClusterId	Evet	string	Galaxy kümesinin benzersiz kimliği, bir dize veya UUID olarak ifade edilebilir.	"123456" veya "550e8400-e29b-41d4-a716-446655440000"

 

User Parametreleri

Reset user password:

Path Parametreleri: 

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
userId	Evet	string	Kullanıcının benzersiz kimliği, bir dize olarak ifade edilir.	"12345"
firstTimeReset	Evet	string	İlk kez sıfırlama, yalnızca yeni kullanıcı kayıtları için 1 olarak ayarlanır.	"0" veya "1"

Add user:

Request Body Şeması:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
org_id	Hayır	string	Kuruluşun benzersiz kimliği, bir dize olarak ifade edilir.	"12345"
server_id	Hayır	string	Sunucunun benzersiz kimliği, bir dize olarak ifade edilir.	"67890"
email	Hayır	string	Kullanıcının e-posta adresi.	"example@example.com"
autoalert	Hayır	boolean	Otomatik bildirim ayarlarını belirtir.	true veya false
authkey	Hayır	string veya null	API'ye erişim için kullanılan API kimlik anahtarı.	"abcdef1234567890" veya null
invited_by	Hayır	string	Davet eden kullanıcının benzersiz kimliği.	"23456"
gpgkey	Hayır	string veya null	Kullanıcının GPG anahtarı.	"-----BEGIN PGP PUBLIC KEY BLOCK----- ..." veya null
certif_public	Hayır	string veya null	Kullanıcının genel sertifikası.	"-----BEGIN CERTIFICATE----- ..." veya null
nids_sid	Hayır	string	Ağ tabanlı bir sistemde, kullanıcının benzersiz kimliği.	"34567"
termsaccepted	Hayır	boolean	Kullanıcının kullanıcı sözleşmesini kabul edip etmediğini belirtir.	true veya false
newsread	Hayır	string	Haberlerin son okunma tarihi.	"1617598655"
role_id	Hayır	string	Kullanıcının rolünün benzersiz kimliği.	"45678"
change_pw	Hayır	string	Parola değiştirme gereksinimini belirtir.	"0" veya "1"
contactalert	Hayır	boolean	İletişim bildirimi ayarlarını belirtir.	true veya false
disabled	Hayır	boolean	Kullanıcının devre dışı bırakılıp bırakılmadığını belirtir.	true veya false
expiration	Hayır	string veya null	Kullanıcının hesap süresinin son kullanma tarihi.	"2024-12-31T23:59:59Z" veya null
current_login	Hayır	string	Kullanıcının son oturum açma tarihi.	"1617598655"
last_login	Hayır	string	Kullanıcının önceki oturum açma tarihi.	"1617598655"
force_logout	Hayır	boolean	Kullanıcının oturumunun kapatılmasını zorlar.	true veya false
date_created	Hayır	string	Kullanıcının hesabının oluşturulma tarihi.	"1617598655"
date_modified	Hayır	string	Kullanıcının hesabının son değiştirme tarihi.	"1617598655"

Edit user:

Path Parametleri: 

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
userId	Evet	string	Kullanıcının benzersiz kimliği.	"12345"

Request Body Şeması:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
id	Evet	string	Kullanıcının benzersiz kimliği.	"12345"
org_id	Evet	string	Kullanıcının bağlı olduğu kuruluşun benzersiz kimliği.	"67890"
server_id	Evet	string	Kullanıcının bağlı olduğu sunucunun benzersiz kimliği.	"98765"
email	Evet	string	Kullanıcının e-posta adresi.	"example@example.com"
autoalert		boolean	Otomatik bildirim ayarı.	true
authkey		string	API'ye erişim için kullanılan yetkilendirme anahtarı. MISP ayarı Security.advanced_authkeys false olarak ayarlanmışsa yalnızca ayarlanır.	"abcd1234"
invited_by		string	Davet eden kullanıcının benzersiz kimliği.	"54321"
gpgkey		string	GPG anahtar.	"gpg123"
certif_public		string	Genel sertifika.	"public_cert123"
nids_sid		string	NIDS SID (Network Intrusion Detection System Security ID).	"nids456"
termsaccepted		boolean	Kullanıcı tarafından koşulların kabul edilip edilmediği.	true
newsread		string	Haberlerin okunma tarihi.	"1635610000"
role_id		string	Kullanıcının rolünün benzersiz kimliği.	"78901"
change_pw		string	Şifre değişikliği gerekip gerekmediği.	"1"
contactalert		boolean	İletişim uyarısı ayarı.	false
disabled		boolean	Kullanıcının devre dışı bırakılıp bırakılmadığı.	false
expiration		string	Kullanıcının hesabının son kullanma tarihi.	"2024-12-31T23:59:59Z"
current_login		string	Kullanıcının son oturum açma tarihi.	"1635610000"
last_login		string	Kullanıcının son giriş tarihi.	"1635610000"
force_logout		boolean	Oturum kapatma zorlama ayarı.	true
date_created		string	Kullanıcının oluşturulma tarihi.	"1635610000"
date_modified		string	Kullanıcının son düzenlenme tarihi.	"1635610000"

Delete user:

Path Parametreleri: 

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
userId	Evet	string	Kullanıcının benzersiz kimliği.	"12345"

Get user by ID:

Path Parametreleri: 

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
userId	Evet	string	Kullanıcının benzersiz kimliği.	"12345"

Delete user TOTP:

Path Parametreleri:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
userId	Evet	string	Kullanıcının benzersiz sayısal kimliği (ID).	"12345"

 

 

 

Organizasyon Parametreleri

Add organisation:

Request Body Şeması:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
name	-	string	Kuruluşun adı	"XYZ Company"
date_created	-	string	Oluşturulma tarihi	"2024-04-12"
date_modified	-	string	Değiştirilme tarihi	"2024-04-12"
description	-	string	Kuruluşun açıklaması	"A software company specialized in AI"
type	-	string	Kuruluşun türü	"Private"
nationality	-	string	Kuruluşun ulusal kimliği	"US"
sector	-	string	Kuruluşun sektörü	"Technology"
created_by	-	string	Oluşturan kullanıcının sayısal kimliği (ID)	"12345"
uuid	-	string	Kuruluşun benzersiz tanımlayıcısı (UUID)	"550e8400-e29b-41d4-a716-446655440000"
contacts	-	string	İletişim bilgileri	"contact@xyz.com"
local	-	boolean	Yerel mi?	true
restricted_to_domain	-	Dizi	Alan adına sınırlı mı?	["xyz.com"]
landingpage	-	string	Kuruluşun web sayfası	"www.xyz.com"
user_count	-	string	Kullanıcı sayısı	"100"
created_by_email	-	string	Oluşturan kullanıcının e-posta adresi	"user@xyz.com"

Edit organisation:

Path Parametreleri:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
organisationId	-	string	Kuruluşun benzersiz kimliği (OrganisationId) veya tanımlayıcısı (UUID)	"12345" veya "550e8400-e29b-41d4-a716-446655440000"

Request Body Şeması:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
name	-	string (OrganisationName) <= 255 karakter	Kuruluşun adı	"ABC Company"
type	-	string or null (OrganisationType) <= 255 karakter	Kuruluşun türü	"Public"
nationality	-	string or null	Kuruluşun ülkesi	"USA"
sector	-	string or null	Kuruluşun sektörü	"Technology"
contacts	-	string or null	Kuruluşun iletişim bilgileri	"contact@abccompany.com"
description	-	string or null	Kuruluşun açıklaması	"Global technology company"
local	-	boolean or null	Kuruluşun yerel olup olmadığı	true
uuid	-	string or null <uuid>	Kuruluşun benzersiz kimliği (UUID)	"550e8400-e29b-41d4-a716-446655440000"
restricted_to_domain	-	Array of strings or null <hostname>	Kuruluşun alan adına kısıtlı olduğu durumlar	["example.com", "subdomain.example.com"]

Delete organisation:

Path Parameters:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
organisationId	Evet	string (OrganisationId) veya UUID (string)	Kuruluşun benzersiz kimliği (UUID) veya sayısal ID	"123456" veya "550e8400-e29b-41d4-a716-446655440000"

Get organisation by ID:

Path Parametreleri:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
organisationId	Evet	string (OrganisationId) veya UUID (string)	Kuruluşun benzersiz kimliği (UUID) veya sayısal ID	"123456" veya "550e8400-e29b-41d4-a716-446655440000"

 

Server Parametreleri

Add server:

Request Body Şeması:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
name	Hayır	string (ServerName)	Sunucunun adı	"MISP Server"
url	Hayır	string	Sunucunun URL'si	"https://misp.example.com"
authkey	Hayır	string (AuthKeyRaw) = 40 characters	Kimlik doğrulama anahtarı	"4d1f1fb8ed6d746150ca34f98258d12a7f3a24a3"
org_id	Hayır	string (OrganisationId) <= 10 characters ^\d+$	Kuruluşun benzersiz kimliği	"123456"
push	Hayır	boolean	Sunucunun olayları itme yeteneği var mı?	true
pull	Hayır	boolean	Sunucunun olayları çekme yeteneği var mı?	true
push_sightings	Hayır	boolean	Sunucunun görüşleri itme yeteneği var mı?	true
push_galaxy_clusters	Hayır	boolean	Sunucunun galaksi kümelerini itme yeteneği var mı?	true
pull_galaxy_clusters	Hayır	boolean	Sunucunun galaksi kümelerini çekme yeteneği var mı?	true
lastpulledid	Hayır	string or null <= 10 characters ^\d+$	Son çekilen olayın ID'si	"987654"
lastpushedid	Hayır	string or null <= 10 characters ^\d+$	Son itilen olayın ID'si	"654321"
organization	Hayır	string or null	Sunucunun bağlı olduğu organizasyonun adı	"Example Organization"
remote_org_id	Hayır	string (OrganisationId) <= 10 characters ^\d+$	Uzak organizasyonun benzersiz kimliği	"789012"
publish_without_email	Hayır	boolean	E-posta olmadan yayınlama izni	true
unpublish_event	Hayır	boolean	Etkinliği yayından kaldırma yeteneği	true
self_signed	Hayır	boolean	Kendi imzalı sertifikaları kabul eder mi?	true
pull_rules	Hayır	string	Bu sunucudan etkinlik çekmek için kural seti	"{ 'rule': 'value' }"
push_rules	Hayır	string	Bu sunuca olayları itmek için kural seti	"{ 'rule': 'value' }"
cert_file	Hayır	string or null <byte>	Base64 kodlanmış sertifika	"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArQQW"
client_cert_file	Hayır	string or null <byte>	Base64 kodlanmış istemci sertifikası	"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArQQW"
internal	Hayır	boolean	Dahili sunucu mu?	true
skip_proxy	Hayır	boolean	Proxy'yi atlamak için izin var mı?	true
caching_enabled	Hayır	boolean	Önbelleğe alma etkin mi?	true
priority	Hayır	string or null <= 10 characters ^\d+$	Öncelik sırası	"1"
cache_timestamp	Hayır	boolean	Önbellek zaman damgası	true

Edit server:

Path Parametreleri: 

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
serverId	Evet	string	Sunucunun benzersiz kimliği	"123456"

Request Body Şeması: 

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
id	Evet	string	Sunucunun benzersiz kimliği	"123456"
name	-	string	Sunucunun adı	"MISP Server 1"
url	-	string	Sunucunun URL'si	"https://example.com/misp"
authkey	-	string	API kimlik anahtarı	"a1b2c3d4e5f6..."
org_id	-	string	Kuruluşun benzersiz kimliği	"987654"
push	-	boolean	Sunucuya olay gönderme yeteneği	true
pull	-	boolean	Sunucudan olay alma yeteneği	true
push_sightings	-	boolean	Görüntülemeleri sunucuya gönderme yeteneği	false
push_galaxy_clusters	-	boolean	Galaksi kümelerini sunucuya gönderme yeteneği	true
pull_galaxy_clusters	-	boolean	Galaksi kümelerini sunucudan alma yeteneği	false
lastpulledid	-	string	Son alınan olayın benzersiz kimliği	"654321"
lastpushedid	-	string	Son gönderilen olayın benzersiz kimliği	"789012"
organization	-	string	Sunucunun bağlı olduğu kuruluşun adı	"Example Org"
remote_org_id	-	string	Uzak sunucunun bağlı olduğu kuruluşun kimliği	"456789"
publish_without_email	-	boolean	E-posta olmadan yayınlama yeteneği	false
unpublish_event	-	boolean	Olayları yayından kaldırma yeteneği	false
self_signed	-	boolean	Kendi kendine imzalama yeteneği	true
pull_rules	-	string	Sunucudan olay çekme kuralları	{...}
push_rules	-	string	Sunucuya olay gönderme kuralları	{...}
cert_file	-	string	Sertifika dosyası (Base64 kodlu)	"..."
client_cert_file	-	string	İstemci sertifika dosyası (Base64 kodlu)	"..."
internal	-	boolean	Dahili sunucu işareti	false
skip_proxy	-	boolean	Proxy'yi atlayma yeteneği	true
caching_enabled	-	boolean	Önbelleğe alma yeteneği	true
priority	-	string	Öncelik düzeyi	"1"
cache_timestamp	-	boolean	Önbellek zaman damgası	true

Delete server:

Path Parametreleri:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
serverId	Evet	string	Sunucunun benzersiz kimliği	"123456"

Pull server:

Path Parametreleri: 

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
serverId	Evet	string	Sunucunun benzersiz kimliği	"123456"
pullTechnique	Evet	string	Olayların bu sunucudan çekilmesi için kullanılacak çekme tekniği	"full" veya "incremental" veya "pull_relevant_clusters"

Push server:

Path Parametreleri: 

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
serverId	Evet	string	Sunucunun benzersiz kimliği	"123456"
pushTechnique	Evet	string	Bu sunucuya olayları itmek için kullanılacak itme tekniği	"full" veya "incremental"

Start worker:

Path Parametreleri: 

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
workerType	Evet	string	İşçi türü	"default", "email", "scheduler", "cache", "prio", "update"

Stop worker:

Path Parametreleri:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
workerPid	Evet	string	İşçi PID'si	"12345"

Get server setting by name:

Path Parameterleri: 

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
settingName	Evet	string	Ayarın adı	"MISP.background_jobs"

Edit server setting:

Path Parametreleri: 

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
settingName	Evet	string	Ayarın adı	"MISP.background_jobs"

Request Body Şeması: 

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
value	Evet	string	string, boolean, number veya object türlerinden biri.	"string"

Import server:

Path Paremetreleri: 

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
name	Evet	string	Sunucu adı	"example-server"
url	Evet	string	Sunucunun URLsi	"https://example.com"
uuid	Evet	string	Sunucunun benzersiz kimliği (UUID)	"550e8400-e29b-41d4-a716-446655440000"
authkey	Evet	string	Kimlik doğrulama anahtarı	"a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t"

Organisation:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
name	Evet	string	Kuruluşun adı	"example-org"

 

 

 

 

Sharing Group Parametreleri

Add a sharing group:

Request Body Şeması:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
uuid	Evet	string	Paylaşım grubunun benzersiz kimliği	"550e8400-e29b-41d4-a716-446655440000"
name	Evet	string	Paylaşım grubunun adı	"example-group"
description	Evet	string	Paylaşım grubunun açıklaması	"This is an example sharing group."
releasability	Evet	string	Paylaşım grubunun serbest bırakılabilirliği	"All"
local	Evet	boolean	Paylaşım grubunun yerel olup olmadığı	true
active	Evet	boolean	Paylaşım grubunun etkin olup olmadığı	true
org_count	Evet	string	Paylaşım grubundaki kuruluş sayısı	"5"
organisation_uuid	Evet	string	Paylaşım grubunun kuruluşunun benzersiz kimliği	"550e8400-e29b-41d4-a716-446655440001"
org_id	Evet	string	Kuruluşun ID'si	"12345"
sync_user_id	Evet	string	Senkronize kullanıcı ID'si	"67890"
created	Evet	string	Oluşturulma tarihi	"2024-04-12T12:00:00Z"
modified	Evet	string	Değiştirilme tarihi	"2024-04-12T12:00:00Z"
roaming	Evet	boolean	Paylaşım grubunun dolaşım modunda olup olmadığı	false

Edit a sharing group:

Path Parametreleri:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
sharingGroupId	Evet	string (or null) veya UUID	Paylaşım grubunun benzersiz kimliği veya boş olması	"550e8400-e29b-41d4-a716-446655440000" veya null

Request body Şeması: 

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
id	Opsiyonel	string (SharingGroupId) veya null	Paylaşım grubunun benzersiz kimliği veya boş olması	"123456" veya null
uuid	Gerekli	string <uuid> (UUID) <= 36 characters	Paylaşım grubunun benzersiz UUID'si	"550e8400-e29b-41d4-a716-446655440000"
name	Gerekli	string (SharingGroupName) <= 255 characters	Paylaşım grubunun adı	"Paylaşım Grubu 1"
description	Gerekli	string (SharingGroupDescription) <= 65535 characters	Paylaşım grubunun açıklaması	"Bu bir paylaşım grubu açıklamasıdır."
releasability	Gerekli	string (SharingGroupReleasability) <= 65535 characters	Paylaşım grubunun yayınlanabilirlik durumu	"Sınırlı" veya "Genel"
local	Gerekli	boolean	Yerel mi yoksa uzak mı olduğu	true veya false
active	Gerekli	boolean	Paylaşım grubunun etkin olup olmadığı	true veya false
org_count	Gerekli	string^\d+$	Paylaşım grubundaki kuruluş sayısı	"3" veya "10"
organisation_uuid	Gerekli	string <uuid> (UUID) <= 36 characters	Paylaşım grubunun ait olduğu kuruluşun UUID'si	"550e8400-e29b-41d4-a716-446655440001"
org_id	Gerekli	string (OrganisationId) <= 10 characters ^\d+$	Paylaşım grubunun ait olduğu kuruluşun ID'si	"123456"
sync_user_id	Gerekli	string (UserId) <= 10 characters ^\d+$	Paylaşım grubunun senkronizasyon kullanıcısının ID'si	"789012"
created	Gerekli	string <datetime>	Paylaşım grubunun oluşturulma tarihi	"2024-04-17 15:30:00"
modified	Gerekli	string <datetime>	Paylaşım grubunun son değiştirilme tarihi	"2024-04-17 15:30:00"
roaming	Gerekli	boolean	Paylaşım grubunun gezinti modunda olup olmadığı	true veya false

Delete a sharing group:

Path Parametreleri: 

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
sharingGroupId	Opsiyonel	(SharingGroupId (string or null)) or UUID (string)	Paylaşım grubunun benzersiz kimliği veya boş olması	"123456" veya null

Get a sharing group by ID:

Path Parametreleri:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
sharingGroupId	Gerekli	(SharingGroupId (string or null)) or UUID (string)	Paylaşım grubunun benzersiz kimliği veya boş olması	"123456" veya null

Add an organisation to a sharing group:

Path Parametreleri: 

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
sharingGroupId	Gerekli	(SharingGroupId (string or null)) or UUID (string)	Paylaşım grubunun benzersiz kimliği veya boş olması	"123456"
organisationId	Gerekli	OrganisationId (string) or UUID (string)	Organizasyonun benzersiz kimliği	"789012"

Remove an organisation from a sharing group:

Path Parametreleri:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
sharingGroupId	Gerekli	(SharingGroupId (string veya null)) veya UUID (string)	Paylaşım grubunun benzersiz kimliği veya boş olması	"123456"
organisationId	Gerekli	OrganisationId (string) veya UUID (string)	Organizasyonun benzersiz kimliği	"789012"

Add a server to a sharing group:

Path Parametreleri: 

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
sharingGroupId	Gerekli	(SharingGroupId (string veya null)) veya UUID (string)	Paylaşım grubunun benzersiz kimliği veya boş olması	"123456"
serverId	Gerekli	ServerId (string) veya UUID (string)	Sunucunun benzersiz kimliği	"789012"

Remove a server from a sharing group:

Path Parametreleri: 

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
sharingGroupServerId	Gerekli	string veya null	Paylaşım grubu sunucusunun benzersiz kimliği veya boş olması	"123456"
serverId	Gerekli	ServerId (string veya UUID)	Sunucunun benzersiz kimliği	"789012"

 

Feed Parametreleri

Get a feed by ID:

Path Parametreleri: 

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
feedId	Gerekli	FeedId (string veya UUID)	Kaynağın benzersiz kimliği	"456789"

Add a feed:

Request Body Şeması:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
name	-	string (FeedName) <= 255	Beslenmenin adı	"Example Feed"
provider	-	string (FeedProvider)	Beslemenin sağlayıcısı	"Example Provider"
url	-	string (FeedUrl)	Beslemenin URL'si	"https://example.com/feed"
rules	-	string or null (FeedRules)	Dizeye dönüştürülmüş JSON filtre kuralları	{ "filter": "value" }
enabled	-	boolean (FeedEnabledFlag)	Beslemenin etkin olup olmadığı	true
distribution	-	string (DistributionLevelId)	Yayınlandığında ve sonradan çekildiğinde bu etkinlikleri kimin görebileceği:	"0"
sharing_group_id	-	string or null (SharingGroupId)	Paylaşım grubunun UUID'si veya sayısal ID'si	"123456"
tag_id	-	string (TagId) <= 10	Atfedilecek etiketin ID'si	"789"
source_format	-	string (FeedSourceFormat)	Besleme kaynağının biçimi	"csv"
fixed_event	-	boolean (FeedFixedEvent)	Hedef etkinlik seçeneği düşünülebilir	true
delta_merge	-	boolean (FeedDeltaMergeFlag)	Öznitelikleri birleştir (yalnızca yeni öznitelik ekle, iptal edilen öznitelikleri kaldır)	true
event_id	-	string (EventId) <= 10	Yayınlanan etkinliklerin ID'si	"987654"
publish	-	boolean (PublishedFlag)	Varsayılan: false	true
override_ids	-	boolean (FeedOverrideIDSFlag)	IDS bayrakları bu besleme için Kapatılacaktır	true
input_source	-	string (FeedInputSource)	Kaynağın (url alanı) bir dizin (yerel) veya gerçek bir URL (ağ) olup olmadığını belirtin.	"network"
delete_local_file	-	boolean (FeedDeleteLocalFileFlag)	IDS bayrakları bu besleme için Kapatılacaktır	true
lookup_visible	-	boolean (FeedLookupVisibleFlag)	Araştırma, beslemeye karşılık gelmeyecek	true
headers	-	string or null (FeedHeaders)	İsteklerle birlikte iletilmesi gereken başlıklar. Her biriyle ayrılmış.	"Content-Type: application/json"
caching_enabled	-	boolean (FeedCachingEnabledFlag)	Besleme önbelleğe alınır	true
force_to_ids	-	boolean (FeedForceToIDSFlag)	IDS bayrakları bu besleme için Açılacaktır	true
orgc_id	-	string (OrganisationId) <= 10	Organizasyonun UUID'si veya sayısal ID'si	"123456"

Edit a feed:

Path Parametreleri: 

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
feedId	zorunlu	string	Beslemenin UUID'si veya sayısal ID'si	"123456"

Request Body Şeması: 

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
id	zorunlu	string (FeedId)	Besleme ID'si	"123456"
name		string (FeedName)	Besleme adı	"Örnek Besleme"
provider		string (FeedProvider)	Sağlayıcı	"Sağlayıcı A"
url		string (FeedUrl)	URL	"http://example.com/feed"
rules		string veya null (FeedRules)	Dizeleştirilmiş JSON filtre kuralları	{"type": "malware"}
enabled		boolean (FeedEnabledFlag)	Etkin mi?	true
distribution		string (DistributionLevelId)	Dağıtım Seviyesi Enum: "0" "1" "2" "3" "4" "5" Kimler etkinlikleri görebilecek, yayımlandığında ve sonunda çekildiğinde: 0 - Sadece kuruluşunuz 1 - Yalnızca bu topluluk 2 - Bağlı topluluklar 3 - Tüm topluluklar 4 - Paylaşım grubu 5 - Miras Olayı	"0"
sharing_group_id		string veya null (SharingGroupId)	Paylaşım Grubu ID'si	"789012"
tag_id		string (TagId)	Etiket ID'si	"345678"
source_format		string (FeedSourceFormat)	Kaynak Formatı Enum: "1" "csv" "freetext" "misp"	"csv"
fixed_event		boolean (FeedFixedEvent)	Sabit Olay	true
delta_merge		boolean (FeedDeltaMergeFlag)	Delta Birleştirme	false
event_id		string (EventId)	Olay ID'si	"234567"
publish		boolean (PublishedFlag)	Yayımla	false
override_ids		boolean (FeedOverrideIDSFlag)	IDS bayrakları bu besleme için kapatılacak	true
input_source		string (FeedInputSource)	Kaynak Türü Enum: "local" "network"	"local"
delete_local_file		boolean (FeedDeleteLocalFileFlag)	Yerel dosya silinsin mi?	false
lookup_visible		boolean (FeedLookupVisibleFlag)	Arama, besleme uyumu içinde görünür olacak mı?	true
headers		string veya null (FeedHeaders)	İsteklerle geçilecek başlıklar. Tümü virgülle ayrılmış	"Content-Type: application/json, Authorization: Bearer token"
caching_enabled		boolean (FeedCachingEnabledFlag)	Besleme önbelleğe alınıyor mu?	true
force_to_ids		boolean (FeedForceToIDSFlag)	IDS bayrakları bu besleme için açılacak	true
orgc_id		string (OrganisationId)	Kuruluş ID'si	"456789"

Enable feed:

Path Parametreleri: 

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
feedId	zorunlu	FeedId (string)	Besleme ID'si	"123456"

Disable feed:

Path Parametreleri: 

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
feedId	zorunlu	FeedId (string) veya UUID (string)	Besleme ID'si	"123456"

Cache feeds:

Path Parametreleri: 

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
cacheFeedsScope	zorunlu	string	Önbellek besleme kapsamı	"all"

Fetch from feed by ID:

Path Parametreleri: 

Parametre	Gerekli	Veri Türü	Açıklama
feedId	zorunlu	string	Besleme Kimliği (String veya UUID)

 

Obje Parametreleri

[restSearch] Get a filtered and paginated list of objects:

Request Body Şeması:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
page	null	integer (int32)	>= 1	1
limit	null	integer (int32)	>= 0	10
quickFilter		string	Olayları herhangi bir etiket adı, olay açıklamaları, öznitelik değerleri veya öznitelik yorumlarıyla eşleştirmek için arama yapar.	"malware"
searchall		string	Olayları herhangi bir etiket adı, olay açıklamaları, öznitelik değerleri veya öznitelik yorumlarıyla eşleştirmek için arama yapar.	"ransomware"
timestamp		string (Timestamp)	^\d+$	"1617613315"
object_name		string	<= 131071 karakter	"malicious_file.exe"
object_template_uuid		string <uuid>	<= 36 karakter	"6f3c0d71-5b7a-46a9-a78b-29a146b5e3c7"
object_template_version		string	^\d+$	"1"
eventid		string	<= 10 karakter ^\d+$	"12345"
eventinfo		string	<= 65535 karakter	"Malware infection"
ignore		boolean	false	true
from		string veya null (DateRestSearchFilter)
to		string veya null (DateRestSearchFilter)
date		string veya null (DateRestSearchFilter)
tags		Array of strings	veya null (TagsRestSearchFilter)
last		integer veya string	veya null (LastRestSearchFilter)
event_timestamp		string (Timestamp)	^\d+$	"1617613315"
publish_timestamp		string (Timestamp)	^\d+$	"1617613315"
org		OrganisationId veya OrganisationName
uuid		string <uuid>	<= 36 karakter	"6f3c0d71-5b7a-46a9-a78b-29a146b5e3c7"
value		string	<= 131071 karakter	"1.2.3.4"
type		string	<= 100 karakter	"ip-src"
category		string	<= 255 karakter	"Network activity"
object_relation		string	veya null (ObjectRelationRestSearchFilter)
attribute_timestamp		string (Timestamp)	^\d+$	"1617613315"
first_seen		string veya null (NullableMicroTimestamp)	^\d+$ veya null	"1617613315"
last_seen		string veya null (NullableMicroTimestamp)	^\d+$ veya null	"1617613315"
comment		string	<= 65535 karakter	"Malicious activity"
to_ids		boolean veya null (ToIDSRestSearchFlag)
published		boolean	false	true
deleted		boolean	false	false
withAttachments		boolean	false	true
enforceWarninglist		boolean veya null (EnforceWarninglistRestSearchFilter)
includeAllTags		boolean	false	true
includeEventUuid		boolean	false	true
include_event_uuid		boolean	false	true
includeEventTags		boolean	false	true
includeProposals		boolean	false	true
includeWarninglistHits		boolean veya null	false	true
includeContext		boolean veya null (IncludeContextRestSearchFlag)
includeSightings		boolean veya null (IncludeContextRestSearchFlag)
includeSightingdb		boolean veya null (IncludeSightingDbRestSearchFlag)
includeCorrelations		boolean veya null (IncludeCorrelationsRestSearchFlag)
includeDecayScore		boolean	false	true
includeFullModel		boolean	false	true
allow_proposal_blocking		boolean	false	true
metadata		boolean veya null (MetadataRestSearchFilter)
attackGalaxy		string veya null (AttackGalaxyRestSearchFilter)
excludeDecayed		boolean	false	true
decayingModel		string
modelOverrides		object
returnFormat		string	"json"	"json"

Add an object to an event:

Path Parametreleri:

Request Body Şeması:

Attribute:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
category	-	string	Öznitelik kategorisi.	"Network activity"
value	-	string	Öznitelik değeri.	"192.168.1.1"
to_ids	-	boolean	IDS'ye rapor edilsin mi?	true
disable_correlation	-	boolean	Korelasyonu devre dışı bırak.	false
distribution	-	string	Yayımlanan etkinliği kimler görebilir?	"0"
comment	-	string	Özniteliğe yapılan yorum.	"Possible malware"
object_relation	-	string	Nesne ilişkisi.	"Related to incident"

Get object by ID:

Path Parametreleri: 

Delete object:

Path Parametreleri:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
objectId	Gerekli	string	Nesnenin UUID veya sayısal kimliği.	"1234"
hardDelete	Gerekli	string	Varlığın silinme yöntemi.	"0"

 

 

 

 

Tag Parametreleri

Get tag by ID:

Path Parametreleri:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
tagId	Gerekli	string	Özniteliğin sayısal kimliği.	"12345"

Add tag:

Request Body Şeması:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
name	Gerekli	string	Etiketin adı	"Example Tag"
colour	Gerekli	string	Etiket rengi	"#FF0000"
exportable	Opsiyonel	boolean	Etiketin dışa aktarılabilir olup olmadığı	true
org_id	Opsiyonel	string	Kuruluşun kimliği	"12345"
user_id	Opsiyonel	string	Kullanıcının kimliği	"67890"
hide_tag	Opsiyonel	boolean	Etiketin gizlenip gizlenmeyeceği	false
numerical_value	Opsiyonel	string veya null	Sayısal değer	"100"
is_galaxy	Opsiyonel	boolean	Galaksi olup olmadığı	true
is_custom_galaxy	Opsiyonel	boolean	Özel bir galaksi olup olmadığı	true
inherited	Opsiyonel	integer	Miras alınıp alınmadığı	1

Delete tag:

Path Parametreleri:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
tagId	Gerekli	string	Etiketin sayısal kimliği	"12345"

Edit tag:

Path Parametreleri:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
tagId	Gerekli	string	Etiketin sayısal kimliği	12345

Request Body Şeması:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
name	Gerekli	string	Etiket adı	"ABC"
colour	Gerekli	string	Etiket rengi	"#FF0000"
exportable	Opsiyonel	boolean	Dışa aktarılabilir mi? (Varsayılan: true)	true
org_id	Gerekli	string	Organizasyonun kimliği	"12345"
user_id	Gerekli	string	Kullanıcının kimliği	"54321"
hide_tag	Opsiyonel	boolean	Etiket gizli mi? (Varsayılan: false)	false
numerical_value	Opsiyonel	string veya null	Sayısal değer	"10"
is_galaxy	Opsiyonel	boolean	Galaxy etiketi mi? (Varsayılan: true)	true
is_custom_galaxy	Opsiyonel	boolean	Özel galaxy etiketi mi? (Varsayılan: true)	true
inherited	Opsiyonel	integer	Miras alınan mı? (Varsayılan: 1)	1

Search tag:

Path Parametreleri:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
tagSearchTerm	Gerekli	string	Etiket arama terimi	"%tlp%"

 

 

Sighting Parametreleri

Get sightings by event ID:

Path Parametreleri:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
eventId	Gerekli	string	Olayın UUID veya sayısal kimliği	"1234"

Add sightings of a list of values:

Request Body Şemas:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
values	Gerekli	Dize Dizisi	Değerlerin listesi	["value1", "value2"]
timestamp	Opsiyonel	Dize veya null	Zaman damgası (isteğe bağlı)	"1630458921"
filters	Opsiyonel	Nesne (Object)	Arama filtreleri	{ ... }

Add sighting of an attribute:

Path Parametreleri:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
attributeId	Gerekli	Dize (String)	Özniteliğin UUID veya sayısal ID'si	"12345"

Delete sighting:

Path Parametreleri:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
sightingId	Gerekli	Dize (String)	Görme ID'si (UUID veya sayısal)	"12345"

 

Warninglist Parametreleri:

Search warninglists:

Request Body Şeması:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
value	Opsiyonel	Dize (String) veya null	Uyarı listelerinin adı, açıklaması veya türü ile eşleşmek için kullanılacak arama terimi	"malware"
enabled	Opsiyonel	Boolean veya null	Arama sonuçlarında yalnızca etkin uyarı listelerini filtrelemek için kullanılır	true

Enable/disable warninglists:

Request Body Şeması:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
id	Opsiyonel	Dize (String) veya Dize Dizisi (Array of strings)	Filtrelenecek uyarı listesi kimlikleri	"12345" veya ["12345", "67890"]
name	Opsiyonel	Dize veya Dize Dizisi	Filtrelenecek uyarı listesi adı veya adları	"Malware" veya ["Malware", "Phishing"]
enabled	Opsiyonel	Boolean	Filtrelenecek uyarı listesi durumu (etkin veya devre dışı)	true

Get warninglist by ID:

Path Parametreleri:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
warninglistId	Gerekli	Dize (String)	Uyarı listesinin sayısal kimliği	"3"

 

 

 

Noticelist Parametreleri

Get a noticelist by ID:

Path Parametreleri:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
noticelistId	Gerekli	Dize (String)	Bildirim listesinin sayısal kimliği	"3"

Enable/disable noticelist:

Path Parametreleri:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
noticelistId	Gerekli	Dize (String)	Bildirim listesinin sayısal kimliği	"3"

 

Log Parametreleri

Get instance logs:

Request Body Şeması:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
page	Opsiyonel	Tam sayı	Sayfa numarası (1 veya daha büyük)	1
limit	Opsiyonel	Tam sayı	Sonuç limiti (0 veya daha büyük)	10
id	Opsiyonel	Dize (String)	Günlük kimliği	"12345"
title	Opsiyonel	Dize (String)	Günlük başlığı	"login"
created	Opsiyonel	Tarih veya tarih aralığı	Oluşturma tarihi veya aralığı	"2024-04-01T00:00:00Z"
model	Opsiyonel	Dize (String)	Günlüğün modele göre aranması	"User"
model_id	Opsiyonel	Dize (String)	Günlüğün model kimliği	"54321"
action	Opsiyonel	Dize (String)	Eylem türü	"add"
user_id	Opsiyonel	Dize (String)	Kullanıcı kimliği	"67890"
change	Opsiyonel	Dize (String)	Günlük değişikliği metni	"password"
email	Opsiyonel	E-posta	E-posta adresi	"example@example.com"
org	Opsiyonel	Dize (String)	Kuruluş adı	"ACME"
description	Opsiyonel	Dize (String)	Açıklama	"User login"
ip	Opsiyonel	Dize (String)	IP adresi	"192.0.2.0"

 

Kimlik Doğrulama Anahtarı Parametreleri

Search auth keys:

Request Body Şeması:

Add auth keys:

Path Parametreleri:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
userId	Gerekli	Dize (String)	Kullanıcı kimliği	"12345"

Request Body Şeması:

View auth key:

Path Parametreleri:

Parametre	Gerekli	Veri Türü	Açıklama
authKeyId	Evet	AuthKeyId (Dize) veya UUID (Dize) <= 36 Karakter	Yetkilendirme anahtarının benzersiz kimliği veya sayısal ID'si

Edit auth key:

Path Parametreleri:

Parametre	Gerekli	Veri Türü	Açıklama
authKeyId	Evet	AuthKeyId (Dize) veya UUID (Dize) <= 36 Karakter	Yetkilendirme anahtarının benzersiz kimliği veya sayısal ID'si

Request Body Şeması:

Delete auth key:

Path Parametreleri:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
authKeyId	Evet	AuthKeyId (string)	Auth anahtarının UUID veya sayısal ID'si	"12345" veya "a1b2c3d4"

 

 

Kullanıcı Ayarları Parametreleri

Search user settings:

Request Body Şeması:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
id	Evet	UserSettingId (string)	Kullanıcı ayarlarının sayısal ID'si	"12345"
setting	Evet	UserSettingName (string)	Kullanıcı ayarı adı	"publish_alert_filter"
user_id	Evet	UserId (string)	Kullanıcının sayısal ID'si	"54321"

Get user setting by id:

Path Parametreleri:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
userSettingId	Evet	UserSettingId (string)	Kullanıcı ayarlarının sayısal ID'si	"12345"

Set user setting:

Path Parametreleri:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
userId	Evet	UserId (string)	Kullanıcının sayısal ID'si	"12345"
userSettingName	Evet	UserSettingName (string)	Kullanıcı ayarının adı	"publish_alert_filter"

Request Body Şeması:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
widget	-	string	Widget'ın türü	"example_widget"
position	-	object	Widget'ın konumu	{ "x": 10, "y": 20 }

Get user setting by id:

Path Parametreleri: 

Tabloyu güncelledim:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
userId	Evet	string	Kullanıcının sayısal kimliği	"12345"
userSettingName	Evet	string	Kullanıcı ayarlarının adı	"publish_alert_filter"

Delete user setting by id:

Path Parametreleri:

Parametre	Gerekli	Veri Türü	Açıklama	Örnek
userSettingId	Evet	string	Kullanıcı ayarlarının kimliği	"12345"

 

EventReport Parametreleri

Get event report by ID:

Path Parametreleri:

Add Event Report:

Path Parametreleri:

Request Body Şeması:

Edit Event Report:

Path Parametreleri:

Delete Event Report:

Path Parametreleri:

Import Report From URL:

Path Parametreleri:

Request Body Şeması:

Parametre	Gerekli	Veri Türü	Açıklama
url	Evet	string	Kaynak URL veya adresi

 

 

API Request ve Response Örnekleri

Analyst Data

Add analyst data:

POST

https://misp.local/analystData/add/{analystType}/{objectUUID}/{ObjectType}

Response:

200:

AnalystNote:

{
  "note": "Provide more context",
  "language": "fr-BE",
  "note_type_name": "Note",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "object_type": "Attribute",
  "authors": "john.doe@admin.test",
  "org_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "orgc_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "created": "2024-03-19 11:10:24",
  "modified": "2024-03-19 11:10:24",
  "distribution": "0",
  "sharing_group_id": "1",
  "locked": true
}

AnalystOpinion:

{
  "comment": "Provide more context",
  "opinion": 70,
  "note_type_name": "Opinion",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "object_type": "Attribute",
  "authors": "john.doe@admin.test",
  "org_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "orgc_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "created": "2024-03-19 11:10:24",
  "modified": "2024-03-19 11:10:24",
  "distribution": "0",
  "sharing_group_id": "1",
  "locked": true
}

AnalystRelationship:

{
  "related_object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "related_object_type": "Attribute",
  "relationship_type": "related-to",
  "note_type_name": "Relationship",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "object_type": "Attribute",
  "authors": "john.doe@admin.test",
  "org_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "orgc_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "created": "2024-03-19 11:10:24",
  "modified": "2024-03-19 11:10:24",
  "distribution": "0",
  "sharing_group_id": "1",
  "locked": true
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Edit analyst data:

POST

https://misp.local/analystData/edit/{analystType}/{analystDataID}

Response:

200:

AnalystNote:

{
  "note": "Provide more context",
  "language": "fr-BE",
  "note_type_name": "Note",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "object_type": "Attribute",
  "authors": "john.doe@admin.test",
  "org_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "orgc_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "created": "2024-03-19 11:10:24",
  "modified": "2024-03-19 11:10:24",
  "distribution": "0",
  "sharing_group_id": "1",
  "locked": true
}

AnalystOpinion:

{
  "comment": "Provide more context",
  "opinion": 70,
  "note_type_name": "Opinion",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "object_type": "Attribute",
  "authors": "john.doe@admin.test",
  "org_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "orgc_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "created": "2024-03-19 11:10:24",
  "modified": "2024-03-19 11:10:24",
  "distribution": "0",
  "sharing_group_id": "1",
  "locked": true
}

AnalystRelationship:

{
  "related_object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "related_object_type": "Attribute",
  "relationship_type": "related-to",
  "note_type_name": "Relationship",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "object_type": "Attribute",
  "authors": "john.doe@admin.test",
  "org_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "orgc_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "created": "2024-03-19 11:10:24",
  "modified": "2024-03-19 11:10:24",
  "distribution": "0",
  "sharing_group_id": "1",
  "locked": true
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Delete Analyst data:

DELETE

https://misp.local/analystData/delete/{analystType}/{analystDataID}

Response:

200:

{
  "message": "Analyst Note deleted."
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

List Analyst data:

GET

https://misp.local/analystData/delete/{analystType}/{analystDataID}

Response:

200:

[
  {
    "note": "Provide more context",
    "language": "fr-BE",
    "note_type_name": "Note",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "object_type": "Attribute",
    "authors": "john.doe@admin.test",
    "org_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "orgc_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "created": "2024-03-19 11:10:24",
    "modified": "2024-03-19 11:10:24",
    "distribution": "0",
    "sharing_group_id": "1",
    "locked": true
  }
]

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}}

Get Analyst Data by ID:

GET

https://misp.local/analystData/view/{analystType}/{analystDataID}

Response:

200:

AnalystNote:

{
  "note": "Provide more context",
  "language": "fr-BE",
  "note_type_name": "Note",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "object_type": "Attribute",
  "authors": "john.doe@admin.test",
  "org_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "orgc_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "created": "2024-03-19 11:10:24",
  "modified": "2024-03-19 11:10:24",
  "distribution": "0",
  "sharing_group_id": "1",
  "locked": true
}

AnalystOpinion:

{
  "comment": "Provide more context",
  "opinion": 70,
  "note_type_name": "Opinion",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "object_type": "Attribute",
  "authors": "john.doe@admin.test",
  "org_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "orgc_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "created": "2024-03-19 11:10:24",
  "modified": "2024-03-19 11:10:24",
  "distribution": "0",
  "sharing_group_id": "1",
  "locked": true
}

AnalystRelationship:

{
  "related_object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "related_object_type": "Attribute",
  "relationship_type": "related-to",
  "note_type_name": "Relationship",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "object_type": "Attribute",
  "authors": "john.doe@admin.test",
  "org_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "orgc_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "created": "2024-03-19 11:10:24",
  "modified": "2024-03-19 11:10:24",
  "distribution": "0",
  "sharing_group_id": "1",
  "locked": true
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

 

 

Attributes

[restSearch] Get a filtered and paginated list of attributes:

POST

https://misp.local/attributes/restSearch

Resquest:

{
  "page": 1,
  "limit": 0,
  "value": "127.0.0.1",
  "value1": "127.0.0.1",
  "value2": "127.0.0.1",
  "type": "md5",
  "category": "Internal reference",
  "org": "12345",
  "tags": [
    "tlp:amber"
  ],
  "from": "string",
  "to": "string",
  "last": 0,
  "eventid": "12345",
  "withAttachments": false,
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "publish_timestamp": "1617875568",
  "published": false,
  "timestamp": "1617875568",
  "attribute_timestamp": "1617875568",
  "enforceWarninglist": true,
  "to_ids": true,
  "deleted": false,
  "event_timestamp": "1617875568",
  "threat_level_id": "1",
  "eventinfo": "string",
  "sharinggroup": [
    "1"
  ],
  "decayingModel": "string",
  "score": "string",
  "first_seen": "string",
  "last_seen": "string",
  "includeEventUuid": false,
  "includeEventTags": false,
  "includeProposals": false,
  "requested_attributes": [
    "id"
  ],
  "includeContext": true,
  "headerless": true,
  "includeWarninglistHits": true,
  "attackGalaxy": "mitre-attack",
  "object_relation": "filepath",
  "includeSightings": true,
  "includeCorrelations": true,
  "modelOverrides": {
    "lifetime": 3,
    "decay_speed": 2.3,
    "threshold": 30,
    "default_base_score": 80,
    "base_score_config": {
      "estimative-language:confidence-in-analytic-judgment": 0.25,
      "estimative-language:likelihood-probability": 0.25,
      "phishing:psychological-acceptability": 0.25,
      "phishing:state": 0.2
    }
  },
  "includeDecayScore": false,
  "includeFullModel": false,
  "excludeDecayed": false,
  "returnFormat": "json"
}

Response: 

200: 

{
  "response": {
    "Attribute": [
      {
        "id": "12345",
        "event_id": "12345",
        "object_id": "12345",
        "object_relation": "sensor",
        "category": "Internal reference",
        "type": "md5",
        "value": "127.0.0.1",
        "to_ids": true,
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "timestamp": "1617875568",
        "distribution": "0",
        "sharing_group_id": "1",
        "comment": "logged source ip",
        "deleted": false,
        "disable_correlation": false,
        "first_seen": "1581984000000000",
        "last_seen": "1581984000000000",
        "data": "string",
        "event_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "decay_score": [
          {
            "score": 10.5,
            "base_score": 80,
            "decayed": true,
            "DecayingModel": {
              "id": "12345",
              "name": "Phishing model"
            }
          }
        ],
        "Event": {
          "id": "12345",
          "org_id": "12345",
          "distribution": "0",
          "info": "logged source ip",
          "orgc_id": "12345",
          "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
          "date": "1991-01-15",
          "published": false,
          "analysis": "0",
          "attribute_count": "321",
          "timestamp": "1617875568",
          "sharing_group_id": "1",
          "proposal_email_lock": true,
          "locked": true,
          "threat_level_id": "1",
          "publish_timestamp": "1617875568",
          "sighting_timestamp": "1617875568",
          "disable_correlation": false,
          "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
          "event_creator_email": "user@example.com"
        },
        "Object": {
          "id": "12345",
          "name": "ail-leak",
          "meta-category": "string",
          "description": "string",
          "template_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
          "template_version": "1",
          "event_id": "12345",
          "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
          "timestamp": "1617875568",
          "distribution": "0",
          "sharing_group_id": "1",
          "comment": "string",
          "deleted": true,
          "first_seen": "1581984000000000",
          "last_seen": "1581984000000000",
          "Attribute": [
            {
              "id": "12345",
              "event_id": "12345",
              "object_id": "12345",
              "object_relation": "sensor",
              "category": "Internal reference",
              "type": "md5",
              "value": "127.0.0.1",
              "to_ids": true,
              "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
              "timestamp": "1617875568",
              "distribution": "0",
              "sharing_group_id": "1",
              "comment": "logged source ip",
              "deleted": false,
              "disable_correlation": false,
              "first_seen": "1581984000000000",
              "last_seen": "1581984000000000"
            }
          ]
        },
        "Tag": [
          {
            "id": "12345",
            "name": "tlp:white",
            "colour": "#ffffff",
            "exportable": true,
            "org_id": "12345",
            "user_id": "12345",
            "hide_tag": false,
            "numerical_value": "12345",
            "is_galaxy": true,
            "is_custom_galaxy": true,
            "inherited": 1
          }
        ]
      }
    ]
  }
}

403: 

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default: 

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Add an attribute:

POST

https://misp.local/attributes/add/{eventId}

Resquest:

{
  "event_id": "12345",
  "object_id": "12345",
  "object_relation": "sensor",
  "category": "Internal reference",
  "type": "md5",
  "value": "127.0.0.1",
  "to_ids": true,
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "timestamp": "1617875568",
  "distribution": "0",
  "sharing_group_id": "1",
  "comment": "logged source ip",
  "deleted": false,
  "disable_correlation": false,
  "first_seen": "1581984000000000",
  "last_seen": "1581984000000000"
}

Response: 

200: 

{
  "Attribute": {
    "id": "12345",
    "event_id": "12345",
    "object_id": "12345",
    "object_relation": "sensor",
    "category": "Internal reference",
    "type": "md5",
    "value": "127.0.0.1",
    "to_ids": true,
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "timestamp": "1617875568",
    "distribution": "0",
    "sharing_group_id": "1",
    "comment": "logged source ip",
    "deleted": false,
    "disable_correlation": false,
    "first_seen": "1581984000000000",
    "last_seen": "1581984000000000"
  }
}

403: 

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default: 

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Edit an attribute:

PUT

https://misp.local/attributes/edit/{attributeId}

Resquest:

{
  "id": "12345",
  "event_id": "12345",
  "object_id": "12345",
  "object_relation": "sensor",
  "category": "Internal reference",
  "type": "md5",
  "value": "127.0.0.1",
  "to_ids": true,
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "timestamp": "1617875568",
  "distribution": "0",
  "sharing_group_id": "1",
  "comment": "logged source ip",
  "deleted": false,
  "disable_correlation": false,
  "first_seen": "1581984000000000",
  "last_seen": "1581984000000000"
}

Response: 

200: 

{
  "Attribute": {
    "id": "12345",
    "event_id": "12345",
    "object_id": "12345",
    "object_relation": "sensor",
    "category": "Internal reference",
    "type": "md5",
    "value": "127.0.0.1",
    "to_ids": true,
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "timestamp": "1617875568",
    "distribution": "0",
    "sharing_group_id": "1",
    "comment": "logged source ip",
    "deleted": false,
    "disable_correlation": false,
    "first_seen": "1581984000000000",
    "last_seen": "1581984000000000"
  }
}

403: 

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404: 

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default: 

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Delete an attribute:

DELETE

https://misp.local/attributes/delete/{attributeId}

Response: 

200: 

{
  "message": "Attribute deleted."
}

403: 

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404: 

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default: 

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Restore an attribute:

POST

https://misp.local/attributes/restore/{attributeId}

Response: 

200: 

{
  "Attribute": {
    "id": "12345",
    "event_id": "12345",
    "object_id": "12345",
    "object_relation": "sensor",
    "category": "Internal reference",
    "type": "md5",
    "value": "127.0.0.1",
    "to_ids": true,
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "timestamp": "1617875568",
    "distribution": "0",
    "sharing_group_id": "1",
    "comment": "logged source ip",
    "deleted": false,
    "disable_correlation": false,
    "first_seen": "1581984000000000",
    "last_seen": "1581984000000000"
  }
}

403: 

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404: 

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default: 

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Add a tag to an attribute:

POST

https://misp.local/attributes/addTag/{attributeId}/{tagId}/local:{local}

Response: 

200: 

{
  "saved": true,
  "success": "Tag added.",
  "check_publish": true,
  "errors": "Tag could not be added."
}

403: 

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404: 

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default: 

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Remove a tag from an attribute:

POST

https://misp.local/attributes/removeTag/{attributeId}/{tagId}

Response: 

200: 

{
  "saved": true,
  "success": "Tag removed.",
  "check_publish": true,
  "errors": "Tag could not be added."
}

403: 

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404: 

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default: 

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get a list of attributes:

GET

https://misp.local/attributes

Response: 

200: 

[
  {
    "id": "12345",
    "event_id": "12345",
    "object_id": "12345",
    "object_relation": "sensor",
    "category": "Internal reference",
    "type": "md5",
    "value": "127.0.0.1",
    "to_ids": true,
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "timestamp": "1617875568",
    "distribution": "0",
    "sharing_group_id": "1",
    "comment": "logged source ip",
    "deleted": false,
    "disable_correlation": false,
    "first_seen": "1581984000000000",
    "last_seen": "1581984000000000"
  }
]

403: 

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default: 

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get the count of attributes per category:

GET

https://misp.local/attributes/attributeStatistics/{context}/{percentage}

Response: 

200: 

[
  {
    "Antivirus detection": "10"
  },
  {
    "Artifacts dropped": "20"
  }
]

403: 

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default: 

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get a list of the available attribute types:

GET

https://misp.local/attributes/describeTypes

Response: 

200: 

{
  "sane_defaults": {
    "md5": {
      "default_category": "Payload delivery",
      "to_ids": 1
    },
    "pdb": {
      "default_category": "Artifacts dropped",
      "to_ids": 0
    }
  },
  "types": [
    "md5"
  ],
  "categories": [
    "Internal reference"
  ],
  "category_type_mappings": {
    "Internal reference": [
      "text",
      "link",
      "comment",
      "other"
    ],
    "Antivirus detection": [
      "link",
      "comment",
      "text",
      "hex",
      "other"
    ]
  }
}

403: 

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default: 

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

 

Events

[restSearch] Get a filtered and paginated list of events:

POST

https://misp.local/events/restSearch

Request:

{
  "page": 1,
  "limit": 0,
  "value": "127.0.0.1",
  "type": "md5",
  "category": "Internal reference",
  "org": "12345",
  "tags": [
    "tlp:amber"
  ],
  "event_tags": [
    "tlp:amber"
  ],
  "searchall": "malware",
  "from": "string",
  "to": "string",
  "last": 0,
  "eventid": "12345",
  "withAttachments": false,
  "sharinggroup": [
    "1"
  ],
  "metadata": true,
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "publish_timestamp": "1617875568",
  "timestamp": "1617875568",
  "published": false,
  "enforceWarninglist": true,
  "sgReferenceOnly": true,
  "requested_attributes": [
    "id"
  ],
  "includeContext": true,
  "headerless": true,
  "includeWarninglistHits": true,
  "attackGalaxy": "mitre-attack",
  "to_ids": true,
  "deleted": false,
  "excludeLocalTags": true,
  "date": "string",
  "includeSightingdb": true,
  "tag": "tlp:white",
  "object_relation": "filepath",
  "threat_level_id": "1",
  "returnFormat": "json"
}

Resquest:

200:

{
  "response": [
    {
      "Event": {
        "id": "12345",
        "org_id": "12345",
        "distribution": "0",
        "info": "logged source ip",
        "orgc_id": "12345",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "date": "1991-01-15",
        "published": false,
        "analysis": "0",
        "attribute_count": "321",
        "timestamp": "1617875568",
        "sharing_group_id": "1",
        "proposal_email_lock": true,
        "locked": true,
        "threat_level_id": "1",
        "publish_timestamp": "1617875568",
        "sighting_timestamp": "1617875568",
        "disable_correlation": false,
        "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "event_creator_email": "user@example.com",
        "Feed": {
          "id": "3",
          "name": "CIRCL OSINT Feed",
          "provider": "CIRCL",
          "url": "https://www.circl.lu/doc/misp/feed-osint",
          "rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
          "enabled": true,
          "distribution": "0",
          "sharing_group_id": "1",
          "tag_id": "12345",
          "default": true,
          "source_format": "1",
          "fixed_event": true,
          "delta_merge": true,
          "event_id": "12345",
          "publish": false,
          "override_ids": true,
          "settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\"\"},\"common\":{\"excluderegex\":\"\"},\"disable_correlation\":\"1\"}",
          "input_source": "local",
          "delete_local_file": true,
          "lookup_visible": true,
          "headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
          "caching_enabled": true,
          "force_to_ids": true,
          "orgc_id": "12345",
          "cache_timestamp": "1617875568"
        },
        "Org": {
          "id": "12345",
          "name": "ORGNAME",
          "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
        },
        "Orgc": {
          "id": "12345",
          "name": "ORGNAME",
          "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
        },
        "Attribute": [
          {
            "id": "12345",
            "event_id": "12345",
            "object_id": "12345",
            "object_relation": "sensor",
            "category": "Internal reference",
            "type": "md5",
            "value": "127.0.0.1",
            "to_ids": true,
            "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
            "timestamp": "1617875568",
            "distribution": "0",
            "sharing_group_id": "1",
            "comment": "logged source ip",
            "deleted": false,
            "disable_correlation": false,
            "first_seen": "1581984000000000",
            "last_seen": "1581984000000000"
          }
        ],
        "ShadowAttribute": [
          {
            "id": "12345",
            "event_id": "12345",
            "object_id": "12345",
            "object_relation": "sensor",
            "category": "Internal reference",
            "type": "md5",
            "value": "127.0.0.1",
            "to_ids": true,
            "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
            "timestamp": "1617875568",
            "distribution": "0",
            "sharing_group_id": "1",
            "comment": "logged source ip",
            "deleted": false,
            "disable_correlation": false,
            "first_seen": "1581984000000000",
            "last_seen": "1581984000000000"
          }
        ],
        "RelatedEvent": [
          {}
        ],
        "Galaxy": [
          {
            "id": "12345",
            "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
            "name": "Ransomware",
            "type": "ransomware",
            "description": "Ransomware galaxy based on ...",
            "version": "1",
            "icon": "globe",
            "namespace": "misp",
            "kill_chain_order": {
              "fraud-tactics": [
                "Initiation",
                "Target Compromise",
                "Perform Fraud",
                "Obtain Fraudulent Assets",
                "Assets Transfer",
                "Monetisation"
              ]
            }
          }
        ],
        "Object": [
          {
            "id": "12345",
            "name": "ail-leak",
            "meta-category": "string",
            "description": "string",
            "template_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
            "template_version": "1",
            "event_id": "12345",
            "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
            "timestamp": "1617875568",
            "distribution": "0",
            "sharing_group_id": "1",
            "comment": "string",
            "deleted": true,
            "first_seen": "1581984000000000",
            "last_seen": "1581984000000000",
            "Attribute": [
              {
                "id": "12345",
                "event_id": "12345",
                "object_id": "12345",
                "object_relation": "sensor",
                "category": "Internal reference",
                "type": "md5",
                "value": "127.0.0.1",
                "to_ids": true,
                "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
                "timestamp": "1617875568",
                "distribution": "0",
                "sharing_group_id": "1",
                "comment": "logged source ip",
                "deleted": false,
                "disable_correlation": false,
                "first_seen": "1581984000000000",
                "last_seen": "1581984000000000"
              }
            ]
          }
        ],
        "EventReport": [
          {
            "id": "12345",
            "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
            "event_id": "12345",
            "name": "Report of the incident",
            "content": "string",
            "distribution": "0",
            "sharing_group_id": "1",
            "timestamp": "1617875568",
            "deleted": false
          }
        ],
        "Tag": [
          {
            "id": "12345",
            "name": "tlp:white",
            "colour": "#ffffff",
            "exportable": true,
            "org_id": "12345",
            "user_id": "12345",
            "hide_tag": false,
            "numerical_value": "12345",
            "is_galaxy": true,
            "is_custom_galaxy": true,
            "inherited": 1
          }
        ],
        "Event": {
          "id": "12345",
          "timestamp": "1617875568",
          "sighting_timestamp": "1617875568",
          "published": false,
          "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
          "orgc_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
        }
      }
    }
  ]
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default: 

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Add event:

POST

https://misp.local/events/add

Request: 

{
  "org_id": "12345",
  "distribution": "0",
  "info": "logged source ip",
  "orgc_id": "12345",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "date": "1991-01-15",
  "published": false,
  "analysis": "0",
  "attribute_count": "321",
  "timestamp": "1617875568",
  "sharing_group_id": "1",
  "proposal_email_lock": true,
  "locked": true,
  "threat_level_id": "1",
  "publish_timestamp": "1617875568",
  "sighting_timestamp": "1617875568",
  "disable_correlation": false,
  "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "event_creator_email": "user@example.com"
}

Response:

200:

{
  "Event": {
    "id": "12345",
    "org_id": "12345",
    "distribution": "0",
    "info": "logged source ip",
    "orgc_id": "12345",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "date": "1991-01-15",
    "published": false,
    "analysis": "0",
    "attribute_count": "321",
    "timestamp": "1617875568",
    "sharing_group_id": "1",
    "proposal_email_lock": true,
    "locked": true,
    "threat_level_id": "1",
    "publish_timestamp": "1617875568",
    "sighting_timestamp": "1617875568",
    "disable_correlation": false,
    "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "event_creator_email": "user@example.com",
    "Feed": {
      "id": "3",
      "name": "CIRCL OSINT Feed",
      "provider": "CIRCL",
      "url": "https://www.circl.lu/doc/misp/feed-osint",
      "rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
      "enabled": true,
      "distribution": "0",
      "sharing_group_id": "1",
      "tag_id": "12345",
      "default": true,
      "source_format": "1",
      "fixed_event": true,
      "delta_merge": true,
      "event_id": "12345",
      "publish": false,
      "override_ids": true,
      "settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\"\"},\"common\":{\"excluderegex\":\"\"},\"disable_correlation\":\"1\"}",
      "input_source": "local",
      "delete_local_file": true,
      "lookup_visible": true,
      "headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
      "caching_enabled": true,
      "force_to_ids": true,
      "orgc_id": "12345",
      "cache_timestamp": "1617875568"
    },
    "Org": {
      "id": "12345",
      "name": "ORGNAME",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
    },
    "Orgc": {
      "id": "12345",
      "name": "ORGNAME",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
    },
    "Attribute": [
      {
        "id": "12345",
        "event_id": "12345",
        "object_id": "12345",
        "object_relation": "sensor",
        "category": "Internal reference",
        "type": "md5",
        "value": "127.0.0.1",
        "to_ids": true,
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "timestamp": "1617875568",
        "distribution": "0",
        "sharing_group_id": "1",
        "comment": "logged source ip",
        "deleted": false,
        "disable_correlation": false,
        "first_seen": "1581984000000000",
        "last_seen": "1581984000000000"
      }
    ],
    "ShadowAttribute": [
      {
        "id": "12345",
        "event_id": "12345",
        "object_id": "12345",
        "object_relation": "sensor",
        "category": "Internal reference",
        "type": "md5",
        "value": "127.0.0.1",
        "to_ids": true,
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "timestamp": "1617875568",
        "distribution": "0",
        "sharing_group_id": "1",
        "comment": "logged source ip",
        "deleted": false,
        "disable_correlation": false,
        "first_seen": "1581984000000000",
        "last_seen": "1581984000000000"
      }
    ],
    "RelatedEvent": [
      {}
    ],
    "Galaxy": [
      {
        "id": "12345",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "name": "Ransomware",
        "type": "ransomware",
        "description": "Ransomware galaxy based on ...",
        "version": "1",
        "icon": "globe",
        "namespace": "misp",
        "kill_chain_order": {
          "fraud-tactics": [
            "Initiation",
            "Target Compromise",
            "Perform Fraud",
            "Obtain Fraudulent Assets",
            "Assets Transfer",
            "Monetisation"
          ]
        }
      }
    ],
    "Object": [
      {
        "id": "12345",
        "name": "ail-leak",
        "meta-category": "string",
        "description": "string",
        "template_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "template_version": "1",
        "event_id": "12345",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "timestamp": "1617875568",
        "distribution": "0",
        "sharing_group_id": "1",
        "comment": "string",
        "deleted": true,
        "first_seen": "1581984000000000",
        "last_seen": "1581984000000000",
        "Attribute": [
          {
            "id": "12345",
            "event_id": "12345",
            "object_id": "12345",
            "object_relation": "sensor",
            "category": "Internal reference",
            "type": "md5",
            "value": "127.0.0.1",
            "to_ids": true,
            "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
            "timestamp": "1617875568",
            "distribution": "0",
            "sharing_group_id": "1",
            "comment": "logged source ip",
            "deleted": false,
            "disable_correlation": false,
            "first_seen": "1581984000000000",
            "last_seen": "1581984000000000"
          }
        ]
      }
    ],
    "EventReport": [
      {
        "id": "12345",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "event_id": "12345",
        "name": "Report of the incident",
        "content": "string",
        "distribution": "0",
        "sharing_group_id": "1",
        "timestamp": "1617875568",
        "deleted": false
      }
    ],
    "Tag": [
      {
        "id": "12345",
        "name": "tlp:white",
        "colour": "#ffffff",
        "exportable": true,
        "org_id": "12345",
        "user_id": "12345",
        "hide_tag": false,
        "numerical_value": "12345",
        "is_galaxy": true,
        "is_custom_galaxy": true,
        "inherited": 1
      }
    ]
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Edit event:

PUT

https://misp.local/events/edit/{eventId}

Request: 

{
  "org_id": "12345",
  "distribution": "0",
  "info": "logged source ip",
  "orgc_id": "12345",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "date": "1991-01-15",
  "published": false,
  "analysis": "0",
  "attribute_count": "321",
  "timestamp": "1617875568",
  "sharing_group_id": "1",
  "proposal_email_lock": true,
  "locked": true,
  "threat_level_id": "1",
  "publish_timestamp": "1617875568",
  "sighting_timestamp": "1617875568",
  "disable_correlation": false,
  "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "event_creator_email": "user@example.com"
}

Response:

200:

{
  "Event": {
    "id": "12345",
    "org_id": "12345",
    "distribution": "0",
    "info": "logged source ip",
    "orgc_id": "12345",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "date": "1991-01-15",
    "published": false,
    "analysis": "0",
    "attribute_count": "321",
    "timestamp": "1617875568",
    "sharing_group_id": "1",
    "proposal_email_lock": true,
    "locked": true,
    "threat_level_id": "1",
    "publish_timestamp": "1617875568",
    "sighting_timestamp": "1617875568",
    "disable_correlation": false,
    "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "event_creator_email": "user@example.com",
    "Feed": {
      "id": "3",
      "name": "CIRCL OSINT Feed",
      "provider": "CIRCL",
      "url": "https://www.circl.lu/doc/misp/feed-osint",
      "rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
      "enabled": true,
      "distribution": "0",
      "sharing_group_id": "1",
      "tag_id": "12345",
      "default": true,
      "source_format": "1",
      "fixed_event": true,
      "delta_merge": true,
      "event_id": "12345",
      "publish": false,
      "override_ids": true,
      "settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\"\"},\"common\":{\"excluderegex\":\"\"},\"disable_correlation\":\"1\"}",
      "input_source": "local",
      "delete_local_file": true,
      "lookup_visible": true,
      "headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
      "caching_enabled": true,
      "force_to_ids": true,
      "orgc_id": "12345",
      "cache_timestamp": "1617875568"
    },
    "Org": {
      "id": "12345",
      "name": "ORGNAME",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
    },
    "Orgc": {
      "id": "12345",
      "name": "ORGNAME",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
    },
    "Attribute": [
      {
        "id": "12345",
        "event_id": "12345",
        "object_id": "12345",
        "object_relation": "sensor",
        "category": "Internal reference",
        "type": "md5",
        "value": "127.0.0.1",
        "to_ids": true,
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "timestamp": "1617875568",
        "distribution": "0",
        "sharing_group_id": "1",
        "comment": "logged source ip",
        "deleted": false,
        "disable_correlation": false,
        "first_seen": "1581984000000000",
        "last_seen": "1581984000000000"
      }
    ],
    "ShadowAttribute": [
      {
        "id": "12345",
        "event_id": "12345",
        "object_id": "12345",
        "object_relation": "sensor",
        "category": "Internal reference",
        "type": "md5",
        "value": "127.0.0.1",
        "to_ids": true,
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "timestamp": "1617875568",
        "distribution": "0",
        "sharing_group_id": "1",
        "comment": "logged source ip",
        "deleted": false,
        "disable_correlation": false,
        "first_seen": "1581984000000000",
        "last_seen": "1581984000000000"
      }
    ],
    "RelatedEvent": [
      {}
    ],
    "Galaxy": [
      {
        "id": "12345",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "name": "Ransomware",
        "type": "ransomware",
        "description": "Ransomware galaxy based on ...",
        "version": "1",
        "icon": "globe",
        "namespace": "misp",
        "kill_chain_order": {
          "fraud-tactics": [
            "Initiation",
            "Target Compromise",
            "Perform Fraud",
            "Obtain Fraudulent Assets",
            "Assets Transfer",
            "Monetisation"
          ]
        }
      }
    ],
    "Object": [
      {
        "id": "12345",
        "name": "ail-leak",
        "meta-category": "string",
        "description": "string",
        "template_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "template_version": "1",
        "event_id": "12345",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "timestamp": "1617875568",
        "distribution": "0",
        "sharing_group_id": "1",
        "comment": "string",
        "deleted": true,
        "first_seen": "1581984000000000",
        "last_seen": "1581984000000000",
        "Attribute": [
          {
            "id": "12345",
            "event_id": "12345",
            "object_id": "12345",
            "object_relation": "sensor",
            "category": "Internal reference",
            "type": "md5",
            "value": "127.0.0.1",
            "to_ids": true,
            "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
            "timestamp": "1617875568",
            "distribution": "0",
            "sharing_group_id": "1",
            "comment": "logged source ip",
            "deleted": false,
            "disable_correlation": false,
            "first_seen": "1581984000000000",
            "last_seen": "1581984000000000"
          }
        ]
      }
    ],
    "EventReport": [
      {
        "id": "12345",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "event_id": "12345",
        "name": "Report of the incident",
        "content": "string",
        "distribution": "0",
        "sharing_group_id": "1",
        "timestamp": "1617875568",
        "deleted": false
      }
    ],
    "Tag": [
      {
        "id": "12345",
        "name": "tlp:white",
        "colour": "#ffffff",
        "exportable": true,
        "org_id": "12345",
        "user_id": "12345",
        "hide_tag": false,
        "numerical_value": "12345",
        "is_galaxy": true,
        "is_custom_galaxy": true,
        "inherited": 1
      }
    ]
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Delete event:

DELETE

https://misp.local/events/delete/{eventId}

Response:

200:

{
  "saved": true,
  "success": true,
  "name": "Event deleted.",
  "message": "Could not delete Event",
  "url": "/events/delete/1",
  "errors": "Event was not deleted."
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get a list of events:

GET

https://misp.local/events

Response:

200:

[
  {
    "id": "12345",
    "org_id": "12345",
    "distribution": "0",
    "info": "logged source ip",
    "orgc_id": "12345",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "date": "1991-01-15",
    "published": false,
    "analysis": "0",
    "attribute_count": "321",
    "timestamp": "1617875568",
    "sharing_group_id": "1",
    "proposal_email_lock": true,
    "locked": true,
    "threat_level_id": "1",
    "publish_timestamp": "1617875568",
    "sighting_timestamp": "1617875568",
    "disable_correlation": false,
    "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "event_creator_email": "user@example.com",
    "Feed": {
      "id": "3",
      "name": "CIRCL OSINT Feed",
      "provider": "CIRCL",
      "url": "https://www.circl.lu/doc/misp/feed-osint",
      "rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
      "enabled": true,
      "distribution": "0",
      "sharing_group_id": "1",
      "tag_id": "12345",
      "default": true,
      "source_format": "1",
      "fixed_event": true,
      "delta_merge": true,
      "event_id": "12345",
      "publish": false,
      "override_ids": true,
      "settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\"\"},\"common\":{\"excluderegex\":\"\"},\"disable_correlation\":\"1\"}",
      "input_source": "local",
      "delete_local_file": true,
      "lookup_visible": true,
      "headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
      "caching_enabled": true,
      "force_to_ids": true,
      "orgc_id": "12345",
      "cache_timestamp": "1617875568"
    },
    "Org": {
      "id": "12345",
      "name": "ORGNAME",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
    },
    "Orgc": {
      "id": "12345",
      "name": "ORGNAME",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
    },
    "Attribute": [
      {
        "id": "12345",
        "event_id": "12345",
        "object_id": "12345",
        "object_relation": "sensor",
        "category": "Internal reference",
        "type": "md5",
        "value": "127.0.0.1",
        "to_ids": true,
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "timestamp": "1617875568",
        "distribution": "0",
        "sharing_group_id": "1",
        "comment": "logged source ip",
        "deleted": false,
        "disable_correlation": false,
        "first_seen": "1581984000000000",
        "last_seen": "1581984000000000"
      }
    ],
    "ShadowAttribute": [
      {
        "id": "12345",
        "event_id": "12345",
        "object_id": "12345",
        "object_relation": "sensor",
        "category": "Internal reference",
        "type": "md5",
        "value": "127.0.0.1",
        "to_ids": true,
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "timestamp": "1617875568",
        "distribution": "0",
        "sharing_group_id": "1",
        "comment": "logged source ip",
        "deleted": false,
        "disable_correlation": false,
        "first_seen": "1581984000000000",
        "last_seen": "1581984000000000"
      }
    ],
    "RelatedEvent": [
      {}
    ],
    "Galaxy": [
      {
        "id": "12345",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "name": "Ransomware",
        "type": "ransomware",
        "description": "Ransomware galaxy based on ...",
        "version": "1",
        "icon": "globe",
        "namespace": "misp",
        "kill_chain_order": {
          "fraud-tactics": [
            "Initiation",
            "Target Compromise",
            "Perform Fraud",
            "Obtain Fraudulent Assets",
            "Assets Transfer",
            "Monetisation"
          ]
        }
      }
    ],
    "Object": [
      {
        "id": "12345",
        "name": "ail-leak",
        "meta-category": "string",
        "description": "string",
        "template_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "template_version": "1",
        "event_id": "12345",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "timestamp": "1617875568",
        "distribution": "0",
        "sharing_group_id": "1",
        "comment": "string",
        "deleted": true,
        "first_seen": "1581984000000000",
        "last_seen": "1581984000000000",
        "Attribute": [
          {
            "id": "12345",
            "event_id": "12345",
            "object_id": "12345",
            "object_relation": "sensor",
            "category": "Internal reference",
            "type": "md5",
            "value": "127.0.0.1",
            "to_ids": true,
            "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
            "timestamp": "1617875568",
            "distribution": "0",
            "sharing_group_id": "1",
            "comment": "logged source ip",
            "deleted": false,
            "disable_correlation": false,
            "first_seen": "1581984000000000",
            "last_seen": "1581984000000000"
          }
        ]
      }
    ],
    "EventReport": [
      {
        "id": "12345",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "event_id": "12345",
        "name": "Report of the incident",
        "content": "string",
        "distribution": "0",
        "sharing_group_id": "1",
        "timestamp": "1617875568",
        "deleted": false
      }
    ],
    "Tag": [
      {
        "id": "12345",
        "name": "tlp:white",
        "colour": "#ffffff",
        "exportable": true,
        "org_id": "12345",
        "user_id": "12345",
        "hide_tag": false,
        "numerical_value": "12345",
        "is_galaxy": true,
        "is_custom_galaxy": true,
        "inherited": 1
      }
    ]
  }
]

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Search events:

POST

https://misp.local/events/index

Request:

{
  "page": 1,
  "limit": 0,
  "sort": "timestamp",
  "direction": "asc",
  "minimal": false,
  "attribute": "covert channel",
  "eventid": "12345",
  "datefrom": "2021-03-05",
  "dateuntil": "2021-03-05",
  "org": "CIRCL",
  "eventinfo": "Phishing campaing",
  "tag": "tlp:white",
  "tags": [
    "tlp:amber",
    "cycat:scope=\"exploit\""
  ],
  "distribution": "0",
  "sharinggroup": "1",
  "analysis": "0",
  "threatlevel": "1",
  "email": "admin@admin.test",
  "hasproposal": "1",
  "timestamp": "1",
  "publish_timestamp": "1",
  "searchDatefrom": "2020-01-20",
  "searchDateuntil": "2020-01-20"
}

 

Response:

200:

[
  {
    "id": "12345",
    "org_id": "12345",
    "distribution": "0",
    "info": "logged source ip",
    "orgc_id": "12345",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "date": "1991-01-15",
    "published": false,
    "analysis": "0",
    "attribute_count": "321",
    "timestamp": "1617875568",
    "sharing_group_id": "1",
    "proposal_email_lock": true,
    "locked": true,
    "threat_level_id": "1",
    "publish_timestamp": "1617875568",
    "sighting_timestamp": "1617875568",
    "disable_correlation": false,
    "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "event_creator_email": "user@example.com",
    "Feed": {
      "id": "3",
      "name": "CIRCL OSINT Feed",
      "provider": "CIRCL",
      "url": "https://www.circl.lu/doc/misp/feed-osint",
      "rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
      "enabled": true,
      "distribution": "0",
      "sharing_group_id": "1",
      "tag_id": "12345",
      "default": true,
      "source_format": "1",
      "fixed_event": true,
      "delta_merge": true,
      "event_id": "12345",
      "publish": false,
      "override_ids": true,
      "settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\"\"},\"common\":{\"excluderegex\":\"\"},\"disable_correlation\":\"1\"}",
      "input_source": "local",
      "delete_local_file": true,
      "lookup_visible": true,
      "headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
      "caching_enabled": true,
      "force_to_ids": true,
      "orgc_id": "12345",
      "cache_timestamp": "1617875568"
    },
    "Org": {
      "id": "12345",
      "name": "ORGNAME",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
    },
    "Orgc": {
      "id": "12345",
      "name": "ORGNAME",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
    },
    "Attribute": [
      {
        "id": "12345",
        "event_id": "12345",
        "object_id": "12345",
        "object_relation": "sensor",
        "category": "Internal reference",
        "type": "md5",
        "value": "127.0.0.1",
        "to_ids": true,
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "timestamp": "1617875568",
        "distribution": "0",
        "sharing_group_id": "1",
        "comment": "logged source ip",
        "deleted": false,
        "disable_correlation": false,
        "first_seen": "1581984000000000",
        "last_seen": "1581984000000000"
      }
    ],
    "ShadowAttribute": [
      {
        "id": "12345",
        "event_id": "12345",
        "object_id": "12345",
        "object_relation": "sensor",
        "category": "Internal reference",
        "type": "md5",
        "value": "127.0.0.1",
        "to_ids": true,
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "timestamp": "1617875568",
        "distribution": "0",
        "sharing_group_id": "1",
        "comment": "logged source ip",
        "deleted": false,
        "disable_correlation": false,
        "first_seen": "1581984000000000",
        "last_seen": "1581984000000000"
      }
    ],
    "RelatedEvent": [
      {}
    ],
    "Galaxy": [
      {
        "id": "12345",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "name": "Ransomware",
        "type": "ransomware",
        "description": "Ransomware galaxy based on ...",
        "version": "1",
        "icon": "globe",
        "namespace": "misp",
        "kill_chain_order": {
          "fraud-tactics": [
            "Initiation",
            "Target Compromise",
            "Perform Fraud",
            "Obtain Fraudulent Assets",
            "Assets Transfer",
            "Monetisation"
          ]
        }
      }
    ],
    "Object": [
      {
        "id": "12345",
        "name": "ail-leak",
        "meta-category": "string",
        "description": "string",
        "template_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "template_version": "1",
        "event_id": "12345",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "timestamp": "1617875568",
        "distribution": "0",
        "sharing_group_id": "1",
        "comment": "string",
        "deleted": true,
        "first_seen": "1581984000000000",
        "last_seen": "1581984000000000",
        "Attribute": [
          {
            "id": "12345",
            "event_id": "12345",
            "object_id": "12345",
            "object_relation": "sensor",
            "category": "Internal reference",
            "type": "md5",
            "value": "127.0.0.1",
            "to_ids": true,
            "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
            "timestamp": "1617875568",
            "distribution": "0",
            "sharing_group_id": "1",
            "comment": "logged source ip",
            "deleted": false,
            "disable_correlation": false,
            "first_seen": "1581984000000000",
            "last_seen": "1581984000000000"
          }
        ]
      }
    ],
    "EventReport": [
      {
        "id": "12345",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "event_id": "12345",
        "name": "Report of the incident",
        "content": "string",
        "distribution": "0",
        "sharing_group_id": "1",
        "timestamp": "1617875568",
        "deleted": false
      }
    ],
    "Tag": [
      {
        "id": "12345",
        "name": "tlp:white",
        "colour": "#ffffff",
        "exportable": true,
        "org_id": "12345",
        "user_id": "12345",
        "hide_tag": false,
        "numerical_value": "12345",
        "is_galaxy": true,
        "is_custom_galaxy": true,
        "inherited": 1
      }
    ]
  }
]

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get event by ID:

GET

https://misp.local/events/view/{eventId}

Response:

200:

{
  "Event": {
    "id": "12345",
    "org_id": "12345",
    "distribution": "0",
    "info": "logged source ip",
    "orgc_id": "12345",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "date": "1991-01-15",
    "published": false,
    "analysis": "0",
    "attribute_count": "321",
    "timestamp": "1617875568",
    "sharing_group_id": "1",
    "proposal_email_lock": true,
    "locked": true,
    "threat_level_id": "1",
    "publish_timestamp": "1617875568",
    "sighting_timestamp": "1617875568",
    "disable_correlation": false,
    "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "event_creator_email": "user@example.com",
    "Feed": {
      "id": "3",
      "name": "CIRCL OSINT Feed",
      "provider": "CIRCL",
      "url": "https://www.circl.lu/doc/misp/feed-osint",
      "rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
      "enabled": true,
      "distribution": "0",
      "sharing_group_id": "1",
      "tag_id": "12345",
      "default": true,
      "source_format": "1",
      "fixed_event": true,
      "delta_merge": true,
      "event_id": "12345",
      "publish": false,
      "override_ids": true,
      "settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\"\"},\"common\":{\"excluderegex\":\"\"},\"disable_correlation\":\"1\"}",
      "input_source": "local",
      "delete_local_file": true,
      "lookup_visible": true,
      "headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
      "caching_enabled": true,
      "force_to_ids": true,
      "orgc_id": "12345",
      "cache_timestamp": "1617875568"
    },
    "Org": {
      "id": "12345",
      "name": "ORGNAME",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
    },
    "Orgc": {
      "id": "12345",
      "name": "ORGNAME",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
    },
    "Attribute": [
      {
        "id": "12345",
        "event_id": "12345",
        "object_id": "12345",
        "object_relation": "sensor",
        "category": "Internal reference",
        "type": "md5",
        "value": "127.0.0.1",
        "to_ids": true,
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "timestamp": "1617875568",
        "distribution": "0",
        "sharing_group_id": "1",
        "comment": "logged source ip",
        "deleted": false,
        "disable_correlation": false,
        "first_seen": "1581984000000000",
        "last_seen": "1581984000000000"
      }
    ],
    "ShadowAttribute": [
      {
        "id": "12345",
        "event_id": "12345",
        "object_id": "12345",
        "object_relation": "sensor",
        "category": "Internal reference",
        "type": "md5",
        "value": "127.0.0.1",
        "to_ids": true,
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "timestamp": "1617875568",
        "distribution": "0",
        "sharing_group_id": "1",
        "comment": "logged source ip",
        "deleted": false,
        "disable_correlation": false,
        "first_seen": "1581984000000000",
        "last_seen": "1581984000000000"
      }
    ],
    "RelatedEvent": [
      {}
    ],
    "Galaxy": [
      {
        "id": "12345",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "name": "Ransomware",
        "type": "ransomware",
        "description": "Ransomware galaxy based on ...",
        "version": "1",
        "icon": "globe",
        "namespace": "misp",
        "kill_chain_order": {
          "fraud-tactics": [
            "Initiation",
            "Target Compromise",
            "Perform Fraud",
            "Obtain Fraudulent Assets",
            "Assets Transfer",
            "Monetisation"
          ]
        }
      }
    ],
    "Object": [
      {
        "id": "12345",
        "name": "ail-leak",
        "meta-category": "string",
        "description": "string",
        "template_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "template_version": "1",
        "event_id": "12345",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "timestamp": "1617875568",
        "distribution": "0",
        "sharing_group_id": "1",
        "comment": "string",
        "deleted": true,
        "first_seen": "1581984000000000",
        "last_seen": "1581984000000000",
        "Attribute": [
          {
            "id": "12345",
            "event_id": "12345",
            "object_id": "12345",
            "object_relation": "sensor",
            "category": "Internal reference",
            "type": "md5",
            "value": "127.0.0.1",
            "to_ids": true,
            "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
            "timestamp": "1617875568",
            "distribution": "0",
            "sharing_group_id": "1",
            "comment": "logged source ip",
            "deleted": false,
            "disable_correlation": false,
            "first_seen": "1581984000000000",
            "last_seen": "1581984000000000"
          }
        ]
      }
    ],
    "EventReport": [
      {
        "id": "12345",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "event_id": "12345",
        "name": "Report of the incident",
        "content": "string",
        "distribution": "0",
        "sharing_group_id": "1",
        "timestamp": "1617875568",
        "deleted": false
      }
    ],
    "Tag": [
      {
        "id": "12345",
        "name": "tlp:white",
        "colour": "#ffffff",
        "exportable": true,
        "org_id": "12345",
        "user_id": "12345",
        "hide_tag": false,
        "numerical_value": "12345",
        "is_galaxy": true,
        "is_custom_galaxy": true,
        "inherited": 1
      }
    ]
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Publish an event:

POST

https://misp.local/events/publish/{eventId}

Response:

200:

{
  "name": "Publish",
  "message": "Job queued",
  "url": "https://misp.local/events/alert/1",
  "id": "string"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Unpublish an event:

POST

https://misp.local/events/addTag/{eventId}/{tagId}/local:{local}

Response:

200:

{
  "saved": true,
  "success": true,
  "name": "Event unpublished.",
  "message": "Event unpublished.",
  "url": "/events/unpublish/1"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Add event tag:

POST

https://misp.local/events/addTag/{eventId}/{tagId}/local:{local}

Response:

200:

{
  "saved": true,
  "success": "Tag added.",
  "check_publish": true,
  "errors": "Tag could not be added."
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Remove event tag:

POST

https://misp.local/events/removeTag/{eventId}/{tagId}

Response:

200:

{
  "saved": true,
  "success": "Tag removed.",
  "check_publish": true,
  "errors": "Tag could not be added."
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

 

 

Galaxies

Get galaxies:

GET

https://misp.local/galaxies

Response:

200:

[
  {
    "Galaxy": {
      "id": "12345",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "name": "Ransomware",
      "type": "ransomware",
      "description": "Ransomware galaxy based on ...",
      "version": "1",
      "icon": "globe",
      "namespace": "misp",
      "kill_chain_order": {
        "fraud-tactics": [
          "Initiation",
          "Target Compromise",
          "Perform Fraud",
          "Obtain Fraudulent Assets",
          "Assets Transfer",
          "Monetisation"
        ]
      }
    }
  }
]

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

 

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Search galaxies:

POST

https://misp.local/galaxies

Request:

{
  "value": "botnet"
}

Response:

200:

[
  {
    "Galaxy": {
      "id": "12345",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "name": "Ransomware",
      "type": "ransomware",
      "description": "Ransomware galaxy based on ...",
      "version": "1",
      "icon": "globe",
      "namespace": "misp",
      "kill_chain_order": {
        "fraud-tactics": [
          "Initiation",
          "Target Compromise",
          "Perform Fraud",
          "Obtain Fraudulent Assets",
          "Assets Transfer",
          "Monetisation"
        ]
      }
    }
  }
]

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get galaxy by ID:

POST

https://misp.local/galaxies

Response:

200:

{
  "Galaxy": {
    "id": "12345",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "name": "Ransomware",
    "type": "ransomware",
    "description": "Ransomware galaxy based on ...",
    "version": "1",
    "icon": "globe",
    "namespace": "misp",
    "kill_chain_order": {
      "fraud-tactics": [
        "Initiation",
        "Target Compromise",
        "Perform Fraud",
        "Obtain Fraudulent Assets",
        "Assets Transfer",
        "Monetisation"
      ]
    }
  },
  "GalaxyCluster": [
    {
      "id": "12345",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "collection_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "type": "mitre-enterprise-attack-attack-pattern",
      "value": "Brute Force - T1110",
      "tag_name": "tlp:white",
      "description": "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained...",
      "galaxy_id": "12345",
      "source": "https://github.com/mitre/cti",
      "authors": [
        "MITRE"
      ],
      "version": "1",
      "distribution": "0",
      "sharing_group_id": "1",
      "org_id": "12345",
      "orgc_id": "12345",
      "default": true,
      "locked": true,
      "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "extends_version": "1",
      "published": false,
      "deleted": false,
      "GalaxyElement": [
        {
          "id": "12345",
          "galaxy_cluster_id": "12345",
          "key": "categories",
          "value": "Military"
        }
      ]
    }
  ]
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Force update the galaxies with the galaxy json definitions:

POST

https://misp.local/galaxies/update

Response:

200:

{
  "saved": true,
  "success": true,
  "name": "Galaxies updated.",
  "message": "Galaxies updated.",
  "url": "/galaxies/update"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Delete a galaxy:

DELETE

https://misp.local/galaxies/delete/{galaxyId}

Response:

200:

{
  "saved": true,
  "success": true,
  "name": "Galaxy deleted",
  "message": "Galaxy deleted",
  "url": "/galaxies/delete"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Import a galaxy cluster:

POST

https://misp.local/galaxies/import

Request:

[
  {
    "GalaxyCluster": {
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "collection_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "type": "mitre-enterprise-attack-attack-pattern",
      "value": "Brute Force - T1110",
      "tag_name": "tlp:white",
      "description": "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained...",
      "galaxy_id": "12345",
      "source": "https://github.com/mitre/cti",
      "authors": [
        "MITRE"
      ],
      "version": "1",
      "distribution": "0",
      "sharing_group_id": "1",
      "org_id": "12345",
      "orgc_id": "12345",
      "default": true,
      "locked": true,
      "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "extends_version": "1",
      "published": false,
      "deleted": false,
      "GalaxyElement": [
        {
          "id": "12345",
          "galaxy_cluster_id": "12345",
          "key": "categories",
          "value": "Military"
        }
      ]
    },
    "Galaxy": {
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
    }
  }
]

 

Response:

200:

{
  "saved": true,
  "success": true,
  "name": "'Galaxy clusters imported. 1 imported, 0 ignored, 0 failed.",
  "message": "'Galaxy clusters imported. 1 imported, 0 ignored, 0 failed.",
  "url": "/galaxies/import"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Export galaxy clusters

POST

https://misp.local/galaxies/export/{galaxyId}

Request:

{
  "Galaxy": {
    "default": true,
    "custom": true,
    "distribution": "0",
    "format": "default",
    "download": true
  }
}

 

Response:

200:

GalaxyMispFormat:

{
  "name": "Ransomware",
  "type": "ransomware",
  "authors": [
    "MITRE"
  ],
  "version": true,
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "source": "https://github.com/mitre/cti",
  "values": [
    {
      "description": "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained...",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "value": "Brute Force - T1110",
      "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "extends_Version": "1",
      "meta": [
        {
          "categories": "botnet"
        },
        {
          "refs": "http://example.com"
        },
        {
          "aliases": [
            "malware",
            "win32",
            "windows"
          ]
        },
        {
          "topics": [
            "Windows",
            "Malware"
          ]
        }
      ]
    }
  ]
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Attach the galaxy cluster tag a given entity

POST

https://misp.local/galaxies/attachCluster/{attachTargetId}/{attachTargetType}/local:{local}

Request:

{
  "Galaxy": {
    "target_id": 1235
  }
}

Response:

200:

{
  "saved": true,
  "success": "Cluster attached.",
  "check_publish": true
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

 

 

Galaxy Cluster

Add galaxy cluster:

GET

https://misp.local/galaxies

Request: 

{
  "id": "12345",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "collection_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "type": "mitre-enterprise-attack-attack-pattern",
  "value": "Brute Force - T1110",
  "tag_name": "tlp:white",
  "description": "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained...",
  "galaxy_id": "12345",
  "source": "https://github.com/mitre/cti",
  "authors": [
    "MITRE"
  ],
  "version": "1",
  "distribution": "0",
  "sharing_group_id": "1",
  "org_id": "12345",
  "orgc_id": "12345",
  "default": true,
  "locked": true,
  "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "extends_version": "1",
  "published": false,
  "deleted": false,
  "GalaxyElement": [
    {
      "id": "12345",
      "galaxy_cluster_id": "12345",
      "key": "categories",
      "value": "Military"
    }
  ]
}

Response:

200:

{
  "GalaxyCluster": {
    "id": "12345",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "collection_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "type": "mitre-enterprise-attack-attack-pattern",
    "value": "Brute Force - T1110",
    "tag_name": "tlp:white",
    "description": "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained...",
    "galaxy_id": "12345",
    "source": "https://github.com/mitre/cti",
    "authors": [
      "MITRE"
    ],
    "version": "1",
    "distribution": "0",
    "sharing_group_id": "1",
    "org_id": "12345",
    "orgc_id": "12345",
    "default": true,
    "locked": true,
    "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "extends_version": "1",
    "published": false,
    "deleted": false,
    "GalaxyElement": [
      {
        "id": "12345",
        "galaxy_cluster_id": "12345",
        "key": "categories",
        "value": "Military"
      }
    ]
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Edit galaxy cluster

POST

https://misp.local/galaxy_clusters/add/{galaxyId}

Request: 

{
  "id": "12345",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "collection_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "type": "mitre-enterprise-attack-attack-pattern",
  "value": "Brute Force - T1110",
  "tag_name": "tlp:white",
  "description": "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained...",
  "galaxy_id": "12345",
  "source": "https://github.com/mitre/cti",
  "authors": [
    "MITRE"
  ],
  "version": "1",
  "distribution": "0",
  "sharing_group_id": "1",
  "org_id": "12345",
  "orgc_id": "12345",
  "default": true,
  "locked": true,
  "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "extends_version": "1",
  "published": false,
  "deleted": false,
  "GalaxyElement": [
    {
      "id": "12345",
      "galaxy_cluster_id": "12345",
      "key": "categories",
      "value": "Military"
    }
  ]
}

Response:

200:

{
  "GalaxyCluster": {
    "id": "12345",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "collection_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "type": "mitre-enterprise-attack-attack-pattern",
    "value": "Brute Force - T1110",
    "tag_name": "tlp:white",
    "description": "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained...",
    "galaxy_id": "12345",
    "source": "https://github.com/mitre/cti",
    "authors": [
      "MITRE"
    ],
    "version": "1",
    "distribution": "0",
    "sharing_group_id": "1",
    "org_id": "12345",
    "orgc_id": "12345",
    "default": true,
    "locked": true,
    "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "extends_version": "1",
    "published": false,
    "deleted": false,
    "GalaxyElement": [
      {
        "id": "12345",
        "galaxy_cluster_id": "12345",
        "key": "categories",
        "value": "Military"
      }
    ]
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get galaxy clusters:

GET

https://misp.local/galaxy_clusters/add/{galaxyId}

Response:

200:

[
  {
    "GalaxyCluster": {
      "id": "12345",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "collection_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "type": "mitre-enterprise-attack-attack-pattern",
      "value": "Brute Force - T1110",
      "tag_name": "tlp:white",
      "description": "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained...",
      "galaxy_id": "12345",
      "source": "https://github.com/mitre/cti",
      "authors": [
        "MITRE"
      ],
      "version": "1",
      "distribution": "0",
      "sharing_group_id": "1",
      "org_id": "12345",
      "orgc_id": "12345",
      "default": true,
      "locked": true,
      "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "extends_version": "1",
      "published": false,
      "deleted": false,
      "GalaxyElement": [
        {
          "id": "12345",
          "galaxy_cluster_id": "12345",
          "key": "categories",
          "value": "Military"
        }
      ]
    }
  }
]

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Search galaxy clusters:

POST

https://misp.local/galaxy_clusters/add/{galaxyId}

Request:

{
  "context": "all",
  "searchall": "botnet"
}

Response:

200:

[
  {
    "GalaxyCluster": {
      "id": "12345",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "collection_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "type": "mitre-enterprise-attack-attack-pattern",
      "value": "Brute Force - T1110",
      "tag_name": "tlp:white",
      "description": "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained...",
      "galaxy_id": "12345",
      "source": "https://github.com/mitre/cti",
      "authors": [
        "MITRE"
      ],
      "version": "1",
      "distribution": "0",
      "sharing_group_id": "1",
      "org_id": "12345",
      "orgc_id": "12345",
      "default": true,
      "locked": true,
      "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "extends_version": "1",
      "published": false,
      "deleted": false,
      "GalaxyElement": [
        {
          "id": "12345",
          "galaxy_cluster_id": "12345",
          "key": "categories",
          "value": "Military"
        }
      ]
    }
  }
]

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get galaxy cluster by ID:

Get

https://misp.local/galaxy_clusters/view/{galaxyClusterId}

Response:

200:

{
  "GalaxyCluster": {
    "id": "12345",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "collection_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "type": "mitre-enterprise-attack-attack-pattern",
    "value": "Brute Force - T1110",
    "tag_name": "tlp:white",
    "description": "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained...",
    "galaxy_id": "12345",
    "source": "https://github.com/mitre/cti",
    "authors": [
      "MITRE"
    ],
    "version": "1",
    "distribution": "0",
    "sharing_group_id": "1",
    "org_id": "12345",
    "orgc_id": "12345",
    "default": true,
    "locked": true,
    "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "extends_version": "1",
    "published": false,
    "deleted": false,
    "GalaxyElement": [
      {
        "id": "12345",
        "galaxy_cluster_id": "12345",
        "key": "categories",
        "value": "Military"
      }
    ],
    "Galaxy": {
      "id": "12345",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "name": "Ransomware",
      "type": "ransomware",
      "description": "Ransomware galaxy based on ...",
      "version": "1",
      "icon": "globe",
      "namespace": "misp",
      "kill_chain_order": {
        "fraud-tactics": [
          "Initiation",
          "Target Compromise",
          "Perform Fraud",
          "Obtain Fraudulent Assets",
          "Assets Transfer",
          "Monetisation"
        ]
      }
    },
    "GalaxyClusterRelation": [
      {
        "id": "12345",
        "galaxy_cluster_id": "12345",
        "key": "categories",
        "value": "Military"
      }
    ],
    "Org": {
      "id": "12345",
      "name": "ORGNAME",
      "date_created": "2021-06-14 14:29:19",
      "date_modified": "2021-06-14 14:29:19",
      "description": "string",
      "type": "ADMIN",
      "nationality": "string",
      "sector": "string",
      "created_by": "12345",
      "uuid": "string",
      "contacts": "string",
      "local": true,
      "restricted_to_domain": [
        "example.com"
      ],
      "landingpage": "string",
      "user_count": "3",
      "created_by_email": "string"
    },
    "Orgc": {
      "id": "12345",
      "name": "ORGNAME",
      "date_created": "2021-06-14 14:29:19",
      "date_modified": "2021-06-14 14:29:19",
      "description": "string",
      "type": "ADMIN",
      "nationality": "string",
      "sector": "string",
      "created_by": "12345",
      "uuid": "string",
      "contacts": "string",
      "local": true,
      "restricted_to_domain": [
        "example.com"
      ],
      "landingpage": "string",
      "user_count": "3",
      "created_by_email": "string"
    },
    "tag_count": 0,
    "tag_id": "12345"
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Publish galaxy cluster:

POST

https://misp.local/galaxy_clusters/publish/{galaxyClusterId}

Response:

200:

{
  "message": "Publish job queued. Job ID: 4e9d26c275a7b190fcab10029df8c6b6"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Unpublish galaxy cluster:

POST

https://misp.local/galaxy_clusters/unpublish/{galaxyClusterId}

Response:

200:

{
  "saved": true,
  "success": true,
  "name": "GalaxyCluster unpublished",
  "message": "GalaxyCluster unpublished",
  "url": "/galaxy_clusters/publish/1"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Delete galaxy cluster:

POST

https://misp.local/galaxy_clusters/unpublish/{galaxyClusterId}

Response:

200:

{
  "saved": true,
  "success": true,
  "name": "Galaxy cluster successfuly soft deleted.",
  "message": "Galaxy cluster successfuly soft deleted.",
  "url": "/galaxy_clusters/delete/1"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Restore galaxy cluster:

POST

https://misp.local/galaxy_clusters/unpublish/{galaxyClusterId}

Response:

200:

{
  "saved": true,
  "success": true,
  "name": "GalaxyCluster restored",
  "message": "GalaxyCluster restored",
  "url": "/galaxy_clusters/restore/1"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

 

Users

Reset user password:

POST

https://misp.local/users/initiatePasswordReset/{userId}/{firstTimeReset}

Response: 

200:

{
  "saved": true,
  "success": "New credentials sent."
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Add user:

POST

https://misp.local/users/initiatePasswordReset/{userId}/{firstTimeReset}

Request:

{
  "org_id": "12345",
  "server_id": "12345",
  "email": "user@example.com",
  "autoalert": true,
  "authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
  "invited_by": "12345",
  "gpgkey": "string",
  "certif_public": "string",
  "nids_sid": "4000000",
  "termsaccepted": true,
  "newsread": "1617875568",
  "role_id": "3",
  "change_pw": "0",
  "contactalert": true,
  "disabled": true,
  "expiration": "2019-08-24T14:15:22Z",
  "current_login": "1617875568",
  "last_login": "1617875568",
  "force_logout": true,
  "date_created": "1617875568",
  "date_modified": "1617875568"
}

Response: 

200:

{
  "id": "12345",
  "org_id": "12345",
  "server_id": "12345",
  "email": "user@example.com",
  "autoalert": true,
  "authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
  "invited_by": "12345",
  "gpgkey": "string",
  "certif_public": "string",
  "nids_sid": "4000000",
  "termsaccepted": true,
  "newsread": "1617875568",
  "role_id": "3",
  "change_pw": "0",
  "contactalert": true,
  "disabled": true,
  "expiration": "2019-08-24T14:15:22Z",
  "current_login": "1617875568",
  "last_login": "1617875568",
  "force_logout": true,
  "date_created": "1617875568",
  "date_modified": "1617875568"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Edit user:

PUT

https://misp.local/admin/users/edit/{userId}

Request:

{
  "id": "12345",
  "org_id": "12345",
  "server_id": "12345",
  "email": "user@example.com",
  "autoalert": true,
  "authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
  "invited_by": "12345",
  "gpgkey": "string",
  "certif_public": "string",
  "nids_sid": "4000000",
  "termsaccepted": true,
  "newsread": "1617875568",
  "role_id": "3",
  "change_pw": "0",
  "contactalert": true,
  "disabled": true,
  "expiration": "2019-08-24T14:15:22Z",
  "current_login": "1617875568",
  "last_login": "1617875568",
  "force_logout": true,
  "date_created": "1617875568",
  "date_modified": "1617875568"
}

Response: 

200:

{
  "id": "12345",
  "org_id": "12345",
  "server_id": "12345",
  "email": "user@example.com",
  "autoalert": true,
  "authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
  "invited_by": "12345",
  "gpgkey": "string",
  "certif_public": "string",
  "nids_sid": "4000000",
  "termsaccepted": true,
  "newsread": "1617875568",
  "role_id": "3",
  "change_pw": "0",
  "contactalert": true,
  "disabled": true,
  "expiration": "2019-08-24T14:15:22Z",
  "current_login": "1617875568",
  "last_login": "1617875568",
  "force_logout": true,
  "date_created": "1617875568",
  "date_modified": "1617875568"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Delete user:

DELETE

https://misp.local/admin/users/delete/{userId}

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "User deleted.",
  "message": "User deleted.",
  "url": "/admin/users/delete/1"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get users:

GET

https://misp.local/admin/users

Response: 

200:

[
  {
    "User": {
      "id": "12345",
      "org_id": "12345",
      "server_id": "12345",
      "email": "user@example.com",
      "autoalert": true,
      "authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
      "invited_by": "12345",
      "gpgkey": "string",
      "certif_public": "string",
      "nids_sid": "4000000",
      "termsaccepted": true,
      "newsread": "1617875568",
      "role_id": "3",
      "change_pw": "0",
      "contactalert": true,
      "disabled": true,
      "expiration": "2019-08-24T14:15:22Z",
      "current_login": "1617875568",
      "last_login": "1617875568",
      "force_logout": true,
      "date_created": "1617875568",
      "date_modified": "1617875568"
    },
    "Role": {
      "id": "3",
      "name": "ORGNAME",
      "perm_add": true,
      "perm_modify": true,
      "perm_modify_org": true,
      "perm_publish": true,
      "perm_delegate": true,
      "perm_sync": true,
      "perm_admin": true,
      "perm_audit": true,
      "perm_auth": true,
      "perm_site_admin": true,
      "perm_regexp_access": true,
      "perm_tagger": true,
      "perm_template": true,
      "perm_sharing_group": true,
      "perm_tag_editor": true,
      "perm_sighting": true,
      "perm_object_template": true,
      "perm_publish_zmq": true,
      "perm_publish_kafka": true,
      "perm_decaying": true,
      "perm_galaxy_editor": true,
      "default_role": true,
      "memory_limit": "string",
      "max_execution_time": "string",
      "restricted_to_site_admin": true,
      "enforce_rate_limit": true,
      "rate_limit_count": "string",
      "permission": "3",
      "permission_description": "publish"
    },
    "Organisation": {
      "id": "12345",
      "name": "ORGNAME"
    }
  }
]

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get user by ID:

GET

https://misp.local/admin/users/view/{userId}

Response: 

200:

{
  "id": "12345",
  "org_id": "12345",
  "server_id": "12345",
  "email": "user@example.com",
  "autoalert": true,
  "authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
  "invited_by": "12345",
  "gpgkey": "string",
  "certif_public": "string",
  "nids_sid": "4000000",
  "termsaccepted": true,
  "newsread": "1617875568",
  "role_id": "3",
  "change_pw": "0",
  "contactalert": true,
  "disabled": true,
  "expiration": "2019-08-24T14:15:22Z",
  "current_login": "1617875568",
  "last_login": "1617875568",
  "force_logout": true,
  "date_created": "1617875568",
  "date_modified": "1617875568",
  "User": {
    "id": "12345",
    "org_id": "12345",
    "server_id": "12345",
    "email": "user@example.com",
    "autoalert": true,
    "authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
    "invited_by": "12345",
    "gpgkey": "string",
    "certif_public": "string",
    "nids_sid": "4000000",
    "termsaccepted": true,
    "newsread": "1617875568",
    "role_id": "3",
    "change_pw": "0",
    "contactalert": true,
    "disabled": true,
    "expiration": "2019-08-24T14:15:22Z",
    "current_login": "1617875568",
    "last_login": "1617875568",
    "force_logout": true,
    "date_created": "1617875568",
    "date_modified": "1617875568"
  },
  "Role": {
    "id": "3",
    "name": "ORGNAME",
    "perm_add": true,
    "perm_modify": true,
    "perm_modify_org": true,
    "perm_publish": true,
    "perm_delegate": true,
    "perm_sync": true,
    "perm_admin": true,
    "perm_audit": true,
    "perm_auth": true,
    "perm_site_admin": true,
    "perm_regexp_access": true,
    "perm_tagger": true,
    "perm_template": true,
    "perm_sharing_group": true,
    "perm_tag_editor": true,
    "perm_sighting": true,
    "perm_object_template": true,
    "perm_publish_zmq": true,
    "perm_publish_kafka": true,
    "perm_decaying": true,
    "perm_galaxy_editor": true,
    "default_role": true,
    "memory_limit": "string",
    "max_execution_time": "string",
    "restricted_to_site_admin": true,
    "enforce_rate_limit": true,
    "rate_limit_count": "string",
    "permission": "3",
    "permission_description": "publish"
  },
  "UserSetting": {
    "publish_alert_filter": [
      {
        "AND": [
          {
            "NOT": [
              {
                "EventTag.name": [
                  "%osint%"
                ]
              }
            ]
          },
          {
            "OR": [
              {
                "Tag.name": [
                  "tlp:green",
                  "tlp:amber",
                  "tlp:red",
                  "%privint%"
                ]
              }
            ]
          }
        ]
      }
    ],
    "dashboard_access": true,
    "dashboard": [
      {
        "widget": "MispStatusWidget",
        "position": {
          "x": "0",
          "y": "0",
          "width": "2",
          "height": "2"
        }
      }
    ],
    "homepage": {
      "path": "/events/index"
    },
    "default_restsearch_parameters": [
      {
        "AND": [
          {
            "NOT": [
              {
                "EventTag.name": [
                  "%osint%"
                ]
              }
            ]
          },
          {
            "OR": [
              {
                "Tag.name": [
                  "tlp:green",
                  "tlp:amber",
                  "tlp:red",
                  "%privint%"
                ]
              }
            ]
          }
        ]
      }
    ],
    "tag_numerical_value_override": [
      {
        "false-positive:risk='medium'": 99
      }
    ],
    "event_index_hide_columns": [
      "clusters"
    ]
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Delete user TOTP:

DELETE

https://misp.local/users/totp_delete/{userId}

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "User TOTP deleted.",
  "message": "User TOTP deleted.",
  "url": "/users/totp_delete/1",
  "id": "1"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid user",
  "message": "Invalid user",
  "url": "/users/totp_delete/1"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Organisations

Add organisation:

POST

https://misp.local/admin/organisations/add

Request:

{
  "name": "ORGNAME",
  "date_created": "2021-06-14 14:29:19",
  "date_modified": "2021-06-14 14:29:19",
  "description": "string",
  "type": "ADMIN",
  "nationality": "string",
  "sector": "string",
  "created_by": "12345",
  "uuid": "string",
  "contacts": "string",
  "local": true,
  "restricted_to_domain": [
    "example.com"
  ],
  "landingpage": "string",
  "user_count": "3",
  "created_by_email": "string"
}

Response: 

200:

{
  "id": "12345",
  "name": "ORGNAME",
  "date_created": "2021-06-14 14:29:19",
  "date_modified": "2021-06-14 14:29:19",
  "description": "string",
  "type": "ADMIN",
  "nationality": "string",
  "sector": "string",
  "created_by": "12345",
  "uuid": "string",
  "contacts": "string",
  "local": true,
  "restricted_to_domain": [
    "example.com"
  ],
  "landingpage": "string",
  "user_count": "3",
  "created_by_email": "string"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Edit organisation:

PUT

https://misp.local/admin/organisations/edit/{organisationId}

Request:

{
  "name": "ORGNAME",
  "type": "ADMIN",
  "nationality": "string",
  "sector": "string",
  "contacts": "string",
  "description": "string",
  "local": true,
  "uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f",
  "restricted_to_domain": [
    "example.com"
  ]
}

Response: 

200:

{
  "id": "12345",
  "name": "ORGNAME",
  "date_created": "2021-06-14 14:29:19",
  "date_modified": "2021-06-14 14:29:19",
  "description": "string",
  "type": "ADMIN",
  "nationality": "string",
  "sector": "string",
  "created_by": "12345",
  "uuid": "string",
  "contacts": "string",
  "local": true,
  "restricted_to_domain": [
    "example.com"
  ],
  "landingpage": "string",
  "user_count": "3",
  "created_by_email": "string"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Delete organisation:

DELETE

https://misp.local/admin/organisations/delete/{organisationId}

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Organisation deleted",
  "message": "Organisation deleted",
  "url": "/admin/organisations/delete/1"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get organisations:

GET

https://misp.local/organisations

Response: 

200:

[
  {
    "Organisation": {
      "id": "12345",
      "name": "ORGNAME",
      "date_created": "2021-06-14 14:29:19",
      "date_modified": "2021-06-14 14:29:19",
      "description": "string",
      "type": "ADMIN",
      "nationality": "string",
      "sector": "string",
      "created_by": "12345",
      "uuid": "string",
      "contacts": "string",
      "local": true,
      "restricted_to_domain": [
        "example.com"
      ],
      "landingpage": "string",
      "user_count": "3",
      "created_by_email": "string"
    }
  }
]

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get organisation by ID:

GET

https://misp.local/organisations/view/{organisationId}

Response: 

200:

{
  "id": "12345",
  "name": "ORGNAME",
  "date_created": "2021-06-14 14:29:19",
  "date_modified": "2021-06-14 14:29:19",
  "description": "string",
  "type": "ADMIN",
  "nationality": "string",
  "sector": "string",
  "created_by": "12345",
  "uuid": "string",
  "contacts": "string",
  "local": true,
  "restricted_to_domain": [
    "example.com"
  ],
  "landingpage": "string",
  "user_count": "3",
  "created_by_email": "string"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Server

Add server:

POST

https://misp.local/servers/add

Request:

{
  "name": "Phising Server",
  "url": "https://misppriv.circl.lu",
  "authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
  "org_id": "12345",
  "push": true,
  "pull": true,
  "push_sightings": true,
  "push_galaxy_clusters": true,
  "pull_galaxy_clusters": true,
  "lastpulledid": "12345",
  "lastpushedid": "12345",
  "organization": "string",
  "remote_org_id": "12345",
  "publish_without_email": true,
  "unpublish_event": true,
  "self_signed": true,
  "pull_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
  "push_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]}}",
  "cert_file": "string",
  "client_cert_file": "string",
  "internal": true,
  "skip_proxy": true,
  "caching_enabled": true,
  "priority": "1",
  "cache_timestamp": true
}

Response: 

200:

{
  "Server": {
    "id": "12345",
    "name": "Phising Server",
    "url": "https://misppriv.circl.lu",
    "authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
    "org_id": "12345",
    "push": true,
    "pull": true,
    "push_sightings": true,
    "push_galaxy_clusters": true,
    "pull_galaxy_clusters": true,
    "lastpulledid": "12345",
    "lastpushedid": "12345",
    "organization": "string",
    "remote_org_id": "12345",
    "publish_without_email": true,
    "unpublish_event": true,
    "self_signed": true,
    "pull_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
    "push_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]}}",
    "cert_file": "string",
    "client_cert_file": "string",
    "internal": true,
    "skip_proxy": true,
    "caching_enabled": true,
    "priority": "1",
    "cache_timestamp": true
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Edit server:

PUT

https://misp.local/servers/edit/{serverId}

Request:

{
  "id": "12345",
  "name": "Phising Server",
  "url": "https://misppriv.circl.lu",
  "authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
  "org_id": "12345",
  "push": true,
  "pull": true,
  "push_sightings": true,
  "push_galaxy_clusters": true,
  "pull_galaxy_clusters": true,
  "lastpulledid": "12345",
  "lastpushedid": "12345",
  "organization": "string",
  "remote_org_id": "12345",
  "publish_without_email": true,
  "unpublish_event": true,
  "self_signed": true,
  "pull_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
  "push_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]}}",
  "cert_file": "string",
  "client_cert_file": "string",
  "internal": true,
  "skip_proxy": true,
  "caching_enabled": true,
  "priority": "1",
  "cache_timestamp": true
}

Response: 

200:

{
  "Server": {
    "id": "12345",
    "name": "Phising Server",
    "url": "https://misppriv.circl.lu",
    "authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
    "org_id": "12345",
    "push": true,
    "pull": true,
    "push_sightings": true,
    "push_galaxy_clusters": true,
    "pull_galaxy_clusters": true,
    "lastpulledid": "12345",
    "lastpushedid": "12345",
    "organization": "string",
    "remote_org_id": "12345",
    "publish_without_email": true,
    "unpublish_event": true,
    "self_signed": true,
    "pull_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
    "push_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]}}",
    "cert_file": "string",
    "client_cert_file": "string",
    "internal": true,
    "skip_proxy": true,
    "caching_enabled": true,
    "priority": "1",
    "cache_timestamp": true
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Delete server:

POST

https://misp.local/servers/delete/{serverId}

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Server deleted",
  "message": "Server deleted",
  "url": "/servers/delete/1"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get servers:

GET

https://misp.local/servers

Response: 

200:

[
  {
    "Server": {
      "id": "12345",
      "name": "Phising Server",
      "url": "https://misppriv.circl.lu",
      "authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
      "org_id": "12345",
      "push": true,
      "pull": true,
      "push_sightings": true,
      "push_galaxy_clusters": true,
      "pull_galaxy_clusters": true,
      "lastpulledid": "12345",
      "lastpushedid": "12345",
      "organization": "string",
      "remote_org_id": "12345",
      "publish_without_email": true,
      "unpublish_event": true,
      "self_signed": true,
      "pull_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
      "push_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]}}",
      "cert_file": "string",
      "client_cert_file": "string",
      "internal": true,
      "skip_proxy": true,
      "caching_enabled": true,
      "priority": "1",
      "cache_timestamp": true
    },
    "Organisation": {
      "id": "12345",
      "name": "ORGNAME",
      "date_created": "2021-06-14 14:29:19",
      "date_modified": "2021-06-14 14:29:19",
      "description": "string",
      "type": "ADMIN",
      "nationality": "string",
      "sector": "string",
      "created_by": "12345",
      "uuid": "string",
      "contacts": "string",
      "local": true,
      "restricted_to_domain": [
        "example.com"
      ],
      "landingpage": "string",
      "user_count": "3",
      "created_by_email": "string"
    },
    "RemoteOrg": {
      "id": "12345",
      "name": "ORGNAME",
      "date_created": "2021-06-14 14:29:19",
      "date_modified": "2021-06-14 14:29:19",
      "description": "string",
      "type": "ADMIN",
      "nationality": "string",
      "sector": "string",
      "created_by": "12345",
      "uuid": "string",
      "contacts": "string",
      "local": true,
      "restricted_to_domain": [
        "example.com"
      ],
      "landingpage": "string",
      "user_count": "3",
      "created_by_email": "string"
    },
    "User": [
      {
        "id": "12345",
        "org_id": "12345",
        "server_id": "12345",
        "email": "user@example.com",
        "autoalert": true,
        "authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
        "invited_by": "12345",
        "gpgkey": "string",
        "certif_public": "string",
        "nids_sid": "4000000",
        "termsaccepted": true,
        "newsread": "1617875568",
        "role_id": "3",
        "change_pw": "0",
        "contactalert": true,
        "disabled": true,
        "expiration": "2019-08-24T14:15:22Z",
        "current_login": "1617875568",
        "last_login": "1617875568",
        "force_logout": true,
        "date_created": "1617875568",
        "date_modified": "1617875568"
      }
    ]
  }
]

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Pull server:

GET

https://misp.local/servers/pull/{serverId}/{pullTechnique}

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Pull queued for background execution. Job ID: 1",
  "message": "Pull queued for background execution. Job ID: 1",
  "url": "/servers/pull/1"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Push server:

GET

https://misp.local/servers/push/{serverId}/{pushTechnique}

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Push queued for background execution. Job ID: 1",
  "message": "Push queued for background execution. Job ID: 1",
  "url": "/servers/push/1"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get current instance version:

GET

https://misp.local/servers/getVersion

Response: 

200:

{
  "version": "2.4.142",
  "perm_sync": true,
  "perm_sighting": true,
  "perm_galaxy_editor": true,
  "request_encoding": [
    "gzip"
  ]
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get current instance PyMISP version:

GET

https://misp.local/servers/getPyMISPVersion

Response: 

200:

{
  "version": "2.4.142"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get current instance settings and diagnostics:

GET

https://misp.local/servers/serverSettings

Response: 

200:

{
  "version": {
    "current": "v2.4.142",
    "newest": "v2.4.142",
    "upToDate": "same"
  },
  "phpSettings": {
    "max_execution_time": {
      "explanation": "The maximum duration that a script can run (does not affect the background workers). A too low number will break long running scripts like comprehensive API exports",
      "recommended": 300,
      "unit": "seconds",
      "value": 300
    },
    "memory_limit": {
      "explanation": "The maximum duration that a script can run (does not affect the background workers). A too low number will break long running scripts like comprehensive API exports",
      "recommended": 300,
      "unit": "seconds",
      "value": 300
    },
    "upload_max_filesize": {
      "explanation": "The maximum duration that a script can run (does not affect the background workers). A too low number will break long running scripts like comprehensive API exports",
      "recommended": 300,
      "unit": "seconds",
      "value": 300
    },
    "post_max_size": {
      "explanation": "The maximum duration that a script can run (does not affect the background workers). A too low number will break long running scripts like comprehensive API exports",
      "recommended": 300,
      "unit": "seconds",
      "value": 300
    }
  },
  "gpgStatus": "FAIL: Failed to load GnuPG",
  "proxyStatus": "not configured (so not tested)",
  "zmqStatus": 1,
  "stix": {
    "operational": 1,
    "stix": {
      "version": "1.2.0.11",
      "expected": ">1.2.0.9",
      "status": 1
    },
    "cybox": {
      "version": "1.2.0.11",
      "expected": ">1.2.0.9",
      "status": 1
    },
    "mixbox": {
      "version": "1.2.0.11",
      "expected": ">1.2.0.9",
      "status": 1
    },
    "maec": {
      "version": "1.2.0.11",
      "expected": ">1.2.0.9",
      "status": 1
    },
    "stix2": {
      "version": "1.2.0.11",
      "expected": ">1.2.0.9",
      "status": 1
    },
    "pymisp": {
      "version": "1.2.0.11",
      "expected": ">1.2.0.9",
      "status": 1
    }
  },
  "moduleStatus": {
    "Enrichment": 1,
    "Import": 1,
    "Export": 1,
    "Cortex": 1
  },
  "writeableDirs": {
    "/tmp": 0,
    "/var/www/MISP/app/tmp": 0,
    "/var/www/MISP/app/files": 0,
    "/var/www/MISP/app/files/scripts/tmp": 0
  },
  "writeableFiles": {
    "/var/www/MISP/app/Config/config.php": 0,
    "/var/www/MISP/.git/ORIG_HEAD": 2
  },
  "readableFiles": {
    "/var/www/MISP/app/files/scripts/stixtest.py": 0
  },
  "dbDiagnostics": {
    "admin_settings": {
      "table": "admin_settings",
      "used": "0.03 MB",
      "reclaimable": "0 MB",
      "data_in_bytes": 16384,
      "index_in_bytes": 16384,
      "reclaimable_in_bytes": 0
    },
    "allowedlist": {
      "table": "allowedlist",
      "used": "0.02 MB",
      "reclaimable": "0 MB",
      "data_in_bytes": 16384,
      "index_in_bytes": 0,
      "reclaimable_in_bytes": 0
    }
  },
  "dbSchemaDiagnostics": {
    "dataSource": "Database/Mysql",
    "actual_db_version": "68",
    "checked_table_column": [
      "column_name"
    ],
    "diagnostic": {},
    "diagnostic_index": {
      "event_reports": {
        "event_id": {
          "message": "Column `event_id` is indexed but should not",
          "sql": "DROP INDEX `event_id` ON event_reports;"
        }
      }
    },
    "expected_db_version": "70",
    "error": "string",
    "update_locked": true,
    "remaining_lock_time": 0,
    "update_fail_number_reached": true,
    "indexes": {
      "admin_settings": {
        "id": true,
        "setting": false
      }
    },
    "columnPerTable": {
      "admin_settings": [
        "id",
        "setting",
        "value"
      ]
    }
  },
  "redisInfo": {
    "extensionVersion": "5.1.1",
    "connection": true,
    "redis_version": "5.0.7",
    "redis_git_sha1": 0,
    "redis_git_dirty": 0,
    "redis_build_id": "636cde3b5c7a3923",
    "redis_mode": "standalone",
    "os": "Linux 5.8.0-50-generic x86_64",
    "arch_bits": 64,
    "multiplexing_api": "epoll",
    "atomicvar_api": "atomic-builtin",
    "gcc_version": "9.2.1",
    "process_id": 1051,
    "run_id": "f894944d92c978df93a18821fb5ebe30dfd0b257",
    "tcp_port": 6379,
    "uptime_in_seconds": 327116,
    "uptime_in_days": 3,
    "hz": 10,
    "configured_hz": 10,
    "lru_clock": 10365184,
    "executable": "/usr/bin/redis-server",
    "config_file": "/etc/redis/redis.conf",
    "connected_clients": 18,
    "client_recent_max_input_buffer": 2,
    "client_recent_max_output_buffer": 0,
    "blocked_clients": 0,
    "used_memory": 1309488,
    "used_memory_human": "1.25M",
    "used_memory_rss": 5541888,
    "used_memory_rss_human": "5.29M",
    "used_memory_peak": 1410464,
    "used_memory_peak_human": "1.35M",
    "used_memory_peak_perc": "92.84%",
    "used_memory_overhead": 1200800,
    "used_memory_startup": 796232,
    "used_memory_dataset": 108688,
    "used_memory_dataset_perc": "21.18%",
    "allocator_allocated": 1480176,
    "allocator_active": 1896448,
    "allocator_resident": 5890048,
    "total_system_memory": 33406590976,
    "total_system_memory_human": "31.11G",
    "used_memory_lua": 41984,
    "used_memory_lua_human": "41.00K",
    "used_memory_scripts": 0,
    "used_memory_scripts_human": "0B",
    "number_of_cached_scripts": 0,
    "maxmemory": 0,
    "maxmemory_human": "0B",
    "maxmemory_policy": "noeviction",
    "allocator_frag_ratio": 1.28,
    "allocator_frag_bytes": 416272,
    "allocator_rss_ratio": 3.11,
    "allocator_rss_bytes": 3993600,
    "rss_overhead_ratio": 0.94,
    "rss_overhead_bytes": -348160,
    "mem_fragmentation_ratio": 4.24,
    "mem_fragmentation_bytes": 4233432,
    "mem_not_counted_for_evict": 0,
    "mem_replication_backlog": 0,
    "mem_clients_slaves": 0,
    "mem_clients_normal": 402912,
    "mem_aof_buffer": 0,
    "mem_allocator": "jemalloc-5.2.1",
    "active_defrag_running": 0,
    "lazyfree_pending_objects": 0,
    "loading": 0,
    "rdb_changes_since_last_save": 0,
    "rdb_bgsave_in_progress": 0,
    "rdb_last_save_time": 1620977919,
    "rdb_last_bgsave_status": "ok",
    "rdb_last_bgsave_time_sec": 0,
    "rdb_current_bgsave_time_sec": -1,
    "rdb_last_cow_size": 446464,
    "aof_enabled": 0,
    "aof_rewrite_in_progress": 0,
    "aof_rewrite_scheduled": 0,
    "aof_last_rewrite_time_sec": -1,
    "aof_current_rewrite_time_sec": -1,
    "aof_last_bgrewrite_status": "ok",
    "aof_last_write_status": "ok",
    "aof_last_cow_size": 0,
    "total_connections_received": 289,
    "total_commands_processed": 252747,
    "instantaneous_ops_per_sec": 7,
    "total_net_input_bytes": 12111506,
    "total_net_output_bytes": 1232466,
    "instantaneous_input_kbps": 0.36,
    "instantaneous_output_kbps": 0.03,
    "rejected_connections": 0,
    "sync_full": 0,
    "sync_partial_ok": 0,
    "sync_partial_err": 0,
    "expired_keys": 17,
    "expired_stale_perc": 0,
    "expired_time_cap_reached_count": 0,
    "evicted_keys": 0,
    "keyspace_hits": 70,
    "keyspace_misses": 62805,
    "pubsub_channels": 0,
    "pubsub_patterns": 0,
    "latest_fork_usec": 168,
    "migrate_cached_sockets": 0,
    "slave_expires_tracked_keys": 0,
    "active_defrag_hits": 0,
    "active_defrag_misses": 0,
    "active_defrag_key_hits": 0,
    "active_defrag_key_misses": 0,
    "role": "master",
    "connected_slaves": 0,
    "master_replid": "d5e7afcf4fd1a31e539a4eadd5caf2a7da6d121c",
    "master_replid2": 0,
    "master_repl_offset": 0,
    "second_repl_offset": -1,
    "repl_backlog_active": 0,
    "repl_backlog_size": 1048576,
    "repl_backlog_first_byte_offset": 0,
    "repl_backlog_histlen": 0,
    "used_cpu_sys": 195.014281,
    "used_cpu_user": 217.352183,
    "used_cpu_sys_children": 0.050885,
    "used_cpu_user_children": 0.076436,
    "cluster_enabled": 0,
    "db0": "keys=15,expires=0,avg_ttl=0",
    "db13": "keys=12,expires=4,avg_ttl=21265731140"
  },
  "finalSettings": [
    {
      "level": 0,
      "value": "string",
      "errorMessage": "The currently set baseurl does not match the URL through which you have accessed the page. Disregard this if you are accessing the page via an alternate URL (for example via IP address).",
      "test": "testBaseURL",
      "type": "string",
      "null": true,
      "subGroup": "Enrichment",
      "cli_only": 1,
      "redacted": true,
      "optionsSource": {},
      "afterHook": "cleanCacheFiles",
      "error": 1,
      "tab": "MISP",
      "setting": "MISP.baseurl",
      "options": {}
    }
  ],
  "extensions": {
    "cli": {
      "phpversion": "7.4.3"
    },
    "extensions": {
      "json": {
        "web_version": "7.4.3",
        "web_version_outdated": false,
        "cli_version": "7.4.3",
        "cli_version_outdated": false,
        "required": true,
        "info": null
      }
    }
  },
  "workers": {
    "cache": {
      "ok": true,
      "workers": [
        {
          "pid": 1233,
          "user": "www-data",
          "alive": true,
          "correct_user": true,
          "ok": true
        }
      ],
      "jobCount": 0
    },
    "default": {
      "ok": true,
      "workers": [
        {
          "pid": 1233,
          "user": "www-data",
          "alive": true,
          "correct_user": true,
          "ok": true
        }
      ],
      "jobCount": 0
    },
    "email": {
      "ok": true,
      "workers": [
        {
          "pid": 1233,
          "user": "www-data",
          "alive": true,
          "correct_user": true,
          "ok": true
        }
      ],
      "jobCount": 0
    },
    "prio": {
      "ok": true,
      "workers": [
        {
          "pid": 1233,
          "user": "www-data",
          "alive": true,
          "correct_user": true,
          "ok": true
        }
      ],
      "jobCount": 0
    },
    "update": {
      "ok": true,
      "workers": [
        {
          "pid": 1233,
          "user": "www-data",
          "alive": true,
          "correct_user": true,
          "ok": true
        }
      ],
      "jobCount": 0
    },
    "scheduler": {
      "ok": true,
      "workers": [
        {
          "pid": 1233,
          "user": "www-data",
          "alive": true,
          "correct_user": true,
          "ok": true
        }
      ],
      "jobCount": 0
    },
    "proc_accessible": true,
    "controls": true
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get workers:

GET

https://misp.local/servers/getWorkers

Response: 

200:

{
  "cache": {
    "ok": true,
    "workers": [
      {
        "pid": 1233,
        "user": "www-data",
        "alive": true,
        "correct_user": true,
        "ok": true
      }
    ],
    "jobCount": 0
  },
  "default": {
    "ok": true,
    "workers": [
      {
        "pid": 1233,
        "user": "www-data",
        "alive": true,
        "correct_user": true,
        "ok": true
      }
    ],
    "jobCount": 0
  },
  "email": {
    "ok": true,
    "workers": [
      {
        "pid": 1233,
        "user": "www-data",
        "alive": true,
        "correct_user": true,
        "ok": true
      }
    ],
    "jobCount": 0
  },
  "prio": {
    "ok": true,
    "workers": [
      {
        "pid": 1233,
        "user": "www-data",
        "alive": true,
        "correct_user": true,
        "ok": true
      }
    ],
    "jobCount": 0
  },
  "update": {
    "ok": true,
    "workers": [
      {
        "pid": 1233,
        "user": "www-data",
        "alive": true,
        "correct_user": true,
        "ok": true
      }
    ],
    "jobCount": 0
  },
  "scheduler": {
    "ok": true,
    "workers": [
      {
        "pid": 1233,
        "user": "www-data",
        "alive": true,
        "correct_user": true,
        "ok": true
      }
    ],
    "jobCount": 0
  },
  "proc_accessible": true,
  "controls": true
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Start worker:

POST

https://misp.local/servers/startWorker/{workerType}

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Worker start signal sent",
  "message": "Worker start signal sent",
  "url": "/servers/startWorker/email"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Stop worker:

POST

https://misp.local/servers/stopWorker/{workerPid}

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Worker stop signal sent",
  "message": "Worker stop signal sent",
  "url": "/servers/startWorker/1234"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Kill all workers:

POST

https://misp.local/servers/killAllWorkers

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Killing workers.",
  "message": "Killing workers.",
  "url": "/servers/killAllWorkers"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Restart workers:

POST

https://misp.local/servers/restartWorkers

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Restarting workers.",
  "message": "Restarting workers.",
  "url": "/servers/restartWorkers"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Restart dead workers:

POST

https://misp.local/servers/restartDeadWorkers

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Restarting workers.",
  "message": "Restarting workers.",
  "url": "/servers/restartDeadWorkers"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Update server:

POST

https://misp.local/servers/update

Response: 

200:

{
  "results": [
    {
      "input": "cd $(git rev-parse --show-toplevel) && git checkout app/composer.json 2>&1",
      "output": [
        "Updated 1 path from the index"
      ],
      "status": 0
    }
  ]
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Cache server:

POST

https://misp.local/servers/cache

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Server caching job initiated.",
  "message": "Server caching job initiated.",
  "url": "/servers/cache"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Create sync:

POST

https://misp.local/servers/createSync

Response: 

200:

{
  "Server": {
    "url": "https://misppriv.circl.lu",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
    "Organisation": {
      "name": "ORGNAME",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
    }
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get instance UUID:

GET

https://misp.local/servers/getInstanceUUID

Response: 

200:

{
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get server setting by name:

GET

https://misp.local/servers/getSetting/{settingName}

Response: 

200:

{
  "level": 0,
  "value": "string",
  "errorMessage": "The currently set baseurl does not match the URL through which you have accessed the page. Disregard this if you are accessing the page via an alternate URL (for example via IP address).",
  "test": "testBaseURL",
  "type": "string",
  "null": true,
  "subGroup": "Enrichment",
  "cli_only": 1,
  "redacted": true,
  "optionsSource": {},
  "afterHook": "cleanCacheFiles",
  "error": 1,
  "tab": "MISP",
  "setting": "MISP.baseurl",
  "options": {}
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Edit server setting:

POST

https://misp.local/servers/serverSettingsEdit/{settingName}

Request: 

{
  "value": "string"
}

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Field updated",
  "message": "Field updated",
  "url": "/servers/serverSettingsEdit"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Import server:

POST

https://misp.local/servers/import

Request: 

{
  "name": "Phising Server",
  "url": "https://misppriv.circl.lu",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
  "Organisation": {
    "name": "ORGNAME"
  }
}

Response: 

200:

{
  "Server": {
    "id": "12345",
    "name": "Phising Server",
    "url": "https://misppriv.circl.lu",
    "authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
    "org_id": "12345",
    "push": true,
    "pull": true,
    "push_sightings": true,
    "push_galaxy_clusters": true,
    "pull_galaxy_clusters": true,
    "lastpulledid": "12345",
    "lastpushedid": "12345",
    "organization": "string",
    "remote_org_id": "12345",
    "publish_without_email": true,
    "unpublish_event": true,
    "self_signed": true,
    "pull_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
    "push_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]}}",
    "cert_file": "string",
    "client_cert_file": "string",
    "internal": true,
    "skip_proxy": true,
    "caching_enabled": true,
    "priority": "1",
    "cache_timestamp": true
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Sharing Group

Add a sharing group:

POST

https://misp.local/sharing_groups/add

Request:

{
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "name": "Banking Sharing Group",
  "description": "Banking Institutions of X Sharing Group",
  "releasability": "string",
  "local": true,
  "active": true,
  "org_count": "6",
  "organisation_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "org_id": "12345",
  "sync_user_id": "12345",
  "created": "string",
  "modified": "string",
  "roaming": true
}

Response: 

200:

{
  "SharingGroup": {
    "id": "1",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "name": "Banking Sharing Group",
    "description": "Banking Institutions of X Sharing Group",
    "releasability": "string",
    "local": true,
    "active": true,
    "org_count": "6",
    "organisation_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "org_id": "12345",
    "sync_user_id": "12345",
    "created": "string",
    "modified": "string",
    "roaming": true
  },
  "Organisation": {
    "id": "12345",
    "name": "ORGNAME",
    "date_created": "2021-06-14 14:29:19",
    "date_modified": "2021-06-14 14:29:19",
    "description": "string",
    "type": "ADMIN",
    "nationality": "string",
    "sector": "string",
    "created_by": "12345",
    "uuid": "string",
    "contacts": "string",
    "local": true,
    "restricted_to_domain": [
      "example.com"
    ],
    "landingpage": "string",
    "user_count": "3",
    "created_by_email": "string"
  },
  "SharingGroupOrg": [
    {
      "id": "1",
      "sharing_group_id": "1",
      "org_id": "12345",
      "extend": true,
      "Organisation": {
        "id": "12345",
        "name": "ORGNAME",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
      }
    }
  ],
  "SharingGroupServer": [
    {
      "all_orgs": true,
      "server_id": "12345",
      "sharing_group_id": "1",
      "Server": {
        "id": "12345",
        "name": "Phising Server"
      }
    }
  ],
  "editable": true,
  "deletable": true
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Edit a sharing group:

POST

https://misp.local/sharing_groups/edit/{sharingGroupId}

Request:

{
  "id": "1",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "name": "Banking Sharing Group",
  "description": "Banking Institutions of X Sharing Group",
  "releasability": "string",
  "local": true,
  "active": true,
  "org_count": "6",
  "organisation_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "org_id": "12345",
  "sync_user_id": "12345",
  "created": "string",
  "modified": "string",
  "roaming": true
}

Response: 

200:

{
  "SharingGroup": {
    "id": "1",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "name": "Banking Sharing Group",
    "description": "Banking Institutions of X Sharing Group",
    "releasability": "string",
    "local": true,
    "active": true,
    "org_count": "6",
    "organisation_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "org_id": "12345",
    "sync_user_id": "12345",
    "created": "string",
    "modified": "string",
    "roaming": true
  },
  "Organisation": {
    "id": "12345",
    "name": "ORGNAME",
    "date_created": "2021-06-14 14:29:19",
    "date_modified": "2021-06-14 14:29:19",
    "description": "string",
    "type": "ADMIN",
    "nationality": "string",
    "sector": "string",
    "created_by": "12345",
    "uuid": "string",
    "contacts": "string",
    "local": true,
    "restricted_to_domain": [
      "example.com"
    ],
    "landingpage": "string",
    "user_count": "3",
    "created_by_email": "string"
  },
  "SharingGroupOrg": [
    {
      "id": "1",
      "sharing_group_id": "1",
      "org_id": "12345",
      "extend": true,
      "Organisation": {
        "id": "12345",
        "name": "ORGNAME",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
      }
    }
  ],
  "SharingGroupServer": [
    {
      "all_orgs": true,
      "server_id": "12345",
      "sharing_group_id": "1",
      "Server": {
        "id": "12345",
        "name": "Phising Server"
      }
    }
  ],
  "editable": true,
  "deletable": true
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Delete a sharing group:

DELETE

https://misp.local/sharing_groups/delete/{sharingGroupId}

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "SharingGroup deleted",
  "message": "SharingGroup deleted",
  "url": "/sharing_groups/delete/1"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get a list of sharing groups:

GET

https://misp.local/sharing_groups

Response: 

200:

{
  "response": [
    {
      "SharingGroup": {
        "id": "1",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "name": "Banking Sharing Group",
        "description": "Banking Institutions of X Sharing Group",
        "releasability": "string",
        "local": true,
        "active": true,
        "org_count": "6"
      },
      "Organisation": {
        "id": "12345",
        "name": "ORGNAME",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
      },
      "SharingGroupOrg": [
        {
          "id": "1",
          "sharing_group_id": "1",
          "org_id": "12345",
          "extend": true,
          "Organisation": {
            "id": "12345",
            "name": "ORGNAME",
            "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
          }
        }
      ],
      "SharingGroupServer": [
        {
          "all_orgs": true,
          "server_id": "12345",
          "sharing_group_id": "1",
          "Server": {
            "id": "12345",
            "name": "Phising Server"
          }
        }
      ],
      "editable": true,
      "deletable": true
    }
  ]
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get a sharing group by ID:

GET

https://misp.local/sharing_groups/view/{sharingGroupId}

Response: 

200:

{
  "SharingGroup": {
    "id": "1",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "name": "Banking Sharing Group",
    "description": "Banking Institutions of X Sharing Group",
    "releasability": "string",
    "local": true,
    "active": true,
    "org_count": "6",
    "organisation_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "org_id": "12345",
    "sync_user_id": "12345",
    "created": "string",
    "modified": "string",
    "roaming": true
  },
  "Organisation": {
    "id": "12345",
    "name": "ORGNAME",
    "date_created": "2021-06-14 14:29:19",
    "date_modified": "2021-06-14 14:29:19",
    "description": "string",
    "type": "ADMIN",
    "nationality": "string",
    "sector": "string",
    "created_by": "12345",
    "uuid": "string",
    "contacts": "string",
    "local": true,
    "restricted_to_domain": [
      "example.com"
    ],
    "landingpage": "string",
    "user_count": "3",
    "created_by_email": "string"
  },
  "SharingGroupOrg": [
    {
      "id": "1",
      "sharing_group_id": "1",
      "org_id": "12345",
      "extend": true,
      "Organisation": {
        "id": "12345",
        "name": "ORGNAME",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
      }
    }
  ],
  "SharingGroupServer": [
    {
      "all_orgs": true,
      "server_id": "12345",
      "sharing_group_id": "1",
      "Server": {
        "id": "12345",
        "name": "Phising Server"
      }
    }
  ],
  "editable": true,
  "deletable": true
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Add an organisation to a sharing group:

POST

https://misp.local/sharing_groups/addOrg/{sharingGroupId}/{organisationId}

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Organisation added to the sharing group.",
  "message": "Organisation added to the sharing group.",
  "url": "/sharing_groups/addOrg"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Remove an organisation from a sharing group:

POST

https://misp.local/sharing_groups/removeOrg/{sharingGroupId}/{organisationId}

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Organisation removed from the sharing group.",
  "message": "Organisation removed from the sharing group.",
  "url": "/sharing_groups/removeOrg"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Add a server to a sharing group:

POST

https://misp.local/sharing_groups/addServer/{sharingGroupId}/{serverId}

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Server added to the sharing group.",
  "message": "Server added to the sharing group.",
  "url": "/sharing_groups/addServer"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Remove a server from a sharing group:

POST

https://misp.local/sharing_groups/removeServer/{sharingGroupServerId}/{serverId}

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Server removed from the sharing group.",
  "message": "Server removed from the sharing group.",
  "url": "/sharing_groups/removeServer"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Feed

Get a list of feeds:

GET

https://misp.local/feeds

Response: 

200:

[
  {
    "Feed": {
      "id": "3",
      "name": "CIRCL OSINT Feed",
      "provider": "CIRCL",
      "url": "https://www.circl.lu/doc/misp/feed-osint",
      "rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
      "enabled": true,
      "distribution": "0",
      "sharing_group_id": "1",
      "tag_id": "12345",
      "default": true,
      "source_format": "1",
      "fixed_event": true,
      "delta_merge": true,
      "event_id": "12345",
      "publish": false,
      "override_ids": true,
      "settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\"\"},\"common\":{\"excluderegex\":\"\"},\"disable_correlation\":\"1\"}",
      "input_source": "local",
      "delete_local_file": true,
      "lookup_visible": true,
      "headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
      "caching_enabled": true,
      "force_to_ids": true,
      "orgc_id": "12345",
      "cache_timestamp": "1617875568"
    }
  }
]

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get a feed by ID:

GET

https://misp.local/feeds/view/{feedId}

Response: 

200:

{
  "Feed": {
    "id": "3",
    "name": "CIRCL OSINT Feed",
    "provider": "CIRCL",
    "url": "https://www.circl.lu/doc/misp/feed-osint",
    "rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
    "enabled": true,
    "distribution": "0",
    "sharing_group_id": "1",
    "tag_id": "12345",
    "default": true,
    "source_format": "1",
    "fixed_event": true,
    "delta_merge": true,
    "event_id": "12345",
    "publish": false,
    "override_ids": true,
    "settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\"\"},\"common\":{\"excluderegex\":\"\"},\"disable_correlation\":\"1\"}",
    "input_source": "local",
    "delete_local_file": true,
    "lookup_visible": true,
    "headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
    "caching_enabled": true,
    "force_to_ids": true,
    "orgc_id": "12345",
    "cache_timestamp": "1617875568"
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Add a feed:

POST

https://misp.local/feeds/view/{feedId}

Request:

{
  "name": "CIRCL OSINT Feed",
  "provider": "CIRCL",
  "url": "https://www.circl.lu/doc/misp/feed-osint",
  "rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
  "enabled": true,
  "distribution": "0",
  "sharing_group_id": "1",
  "tag_id": "12345",
  "source_format": "1",
  "fixed_event": true,
  "delta_merge": true,
  "event_id": "12345",
  "publish": false,
  "override_ids": true,
  "input_source": "local",
  "delete_local_file": true,
  "lookup_visible": true,
  "headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
  "caching_enabled": true,
  "force_to_ids": true,
  "orgc_id": "12345"
}

Response: 

200:

{
  "Feed": {
    "id": "3",
    "name": "CIRCL OSINT Feed",
    "provider": "CIRCL",
    "url": "https://www.circl.lu/doc/misp/feed-osint",
    "rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
    "enabled": true,
    "distribution": "0",
    "sharing_group_id": "1",
    "tag_id": "12345",
    "default": true,
    "source_format": "1",
    "fixed_event": true,
    "delta_merge": true,
    "event_id": "12345",
    "publish": false,
    "override_ids": true,
    "settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\"\"},\"common\":{\"excluderegex\":\"\"},\"disable_correlation\":\"1\"}",
    "input_source": "local",
    "delete_local_file": true,
    "lookup_visible": true,
    "headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
    "caching_enabled": true,
    "force_to_ids": true,
    "orgc_id": "12345",
    "cache_timestamp": "1617875568"
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Edit a feed:

PUT

https://misp.local/feeds/edit/{feedId}

Request:

{
  "id": "3",
  "name": "CIRCL OSINT Feed",
  "provider": "CIRCL",
  "url": "https://www.circl.lu/doc/misp/feed-osint",
  "rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
  "enabled": true,
  "distribution": "0",
  "sharing_group_id": "1",
  "tag_id": "12345",
  "source_format": "1",
  "fixed_event": true,
  "delta_merge": true,
  "event_id": "12345",
  "publish": false,
  "override_ids": true,
  "input_source": "local",
  "delete_local_file": true,
  "lookup_visible": true,
  "headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
  "caching_enabled": true,
  "force_to_ids": true,
  "orgc_id": "12345"
}

Response: 

200:

{
  "Feed": {
    "id": "3",
    "name": "CIRCL OSINT Feed",
    "provider": "CIRCL",
    "url": "https://www.circl.lu/doc/misp/feed-osint",
    "rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
    "enabled": true,
    "distribution": "0",
    "sharing_group_id": "1",
    "tag_id": "12345",
    "default": true,
    "source_format": "1",
    "fixed_event": true,
    "delta_merge": true,
    "event_id": "12345",
    "publish": false,
    "override_ids": true,
    "settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\"\"},\"common\":{\"excluderegex\":\"\"},\"disable_correlation\":\"1\"}",
    "input_source": "local",
    "delete_local_file": true,
    "lookup_visible": true,
    "headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
    "caching_enabled": true,
    "force_to_ids": true,
    "orgc_id": "12345",
    "cache_timestamp": "1617875568"
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Enable feed:

POST

https://misp.local/feeds/enable/{feedId}

Response: 

200:

{
  "name": "Feed enabled.",
  "message": "Feed enabled.",
  "url": "/feeds/enable/1"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Disable feed:

POST

https://misp.local/feeds/disable/{feedId}

Response: 

200:

{
  "name": "Feed disabled.",
  "message": "Feed disabled.",
  "url": "/feeds/disable/1"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Cache feeds:

POST

https://misp.local/feeds/cacheFeeds/{cacheFeedsScope}

Response: 

200:

{
  "name": "Feed caching job initiated.",
  "message": "Feed caching job initiated.",
  "url": "/feeds/cacheFeed"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Fetch from feed by ID:

POST

https://misp.local/feeds/fetchFromFeed/{feedId}

Response: 

200:

{
  "result": "Pull queued for background execution."
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Fetch from all feeds:

POST

https://misp.local/feeds/fetchFromAllFeeds

Response: 

200:

{
  "result": "Pull queued for background execution."
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Object

[restSearch] Get a filtered and paginated list of objects:

POST

https://misp.local/objects/restsearch

Request:

{
  "page": 1,
  "limit": 0,
  "quickFilter": "malware",
  "searchall": "malware",
  "timestamp": "1617875568",
  "object_name": "ail-leak",
  "object_template_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "object_template_version": "1",
  "eventid": "12345",
  "eventinfo": "logged source ip",
  "ignore": false,
  "from": "string",
  "to": "string",
  "date": "string",
  "tags": [
    "tlp:amber"
  ],
  "last": 0,
  "event_timestamp": "1617875568",
  "publish_timestamp": "1617875568",
  "org": "12345",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "value": "127.0.0.1",
  "type": "md5",
  "category": "Internal reference",
  "object_relation": "filepath",
  "attribute_timestamp": "1617875568",
  "first_seen": "1581984000000000",
  "last_seen": "1581984000000000",
  "comment": "logged source ip",
  "to_ids": true,
  "published": false,
  "deleted": false,
  "withAttachments": false,
  "enforceWarninglist": true,
  "includeAllTags": false,
  "includeEventUuid": false,
  "include_event_uuid": false,
  "includeEventTags": false,
  "includeProposals": false,
  "includeWarninglistHits": true,
  "includeContext": true,
  "includeSightings": true,
  "includeSightingdb": true,
  "includeCorrelations": true,
  "includeDecayScore": false,
  "includeFullModel": false,
  "allow_proposal_blocking": false,
  "metadata": true,
  "attackGalaxy": "mitre-attack",
  "excludeDecayed": false,
  "decayingModel": "string",
  "modelOverrides": {
    "lifetime": 3,
    "decay_speed": 2.3,
    "threshold": 30,
    "default_base_score": 80,
    "base_score_config": {
      "estimative-language:confidence-in-analytic-judgment": 0.25,
      "estimative-language:likelihood-probability": 0.25,
      "phishing:psychological-acceptability": 0.25,
      "phishing:state": 0.2
    }
  },
  "score": "string",
  "returnFormat": "json"
}

Response: 

200:

{
  "response": [
    {
      "Object": {
        "id": "12345",
        "name": "ail-leak",
        "meta-category": "string",
        "description": "string",
        "template_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "template_version": "1",
        "event_id": "12345",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "timestamp": "1617875568",
        "distribution": "0",
        "sharing_group_id": "1",
        "comment": "string",
        "deleted": true,
        "first_seen": "1581984000000000",
        "last_seen": "1581984000000000",
        "Attribute": [
          {
            "id": "12345",
            "event_id": "12345",
            "object_id": "12345",
            "object_relation": "sensor",
            "category": "Internal reference",
            "type": "md5",
            "value": "127.0.0.1",
            "to_ids": true,
            "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
            "timestamp": "1617875568",
            "distribution": "0",
            "sharing_group_id": "1",
            "comment": "logged source ip",
            "deleted": false,
            "disable_correlation": false,
            "first_seen": "1581984000000000",
            "last_seen": "1581984000000000"
          }
        ]
      }
    }
  ]
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Add an object to an event:

POST

https://misp.local/objects/add/{eventId}/{objectTemplateId}

Request:

{
  "Attribute": [
    {
      "category": "Internal reference",
      "value": "127.0.0.1",
      "to_ids": true,
      "disable_correlation": false,
      "distribution": "0",
      "comment": "logged source ip",
      "object_relation": "sensor"
    }
  ]
}

Response: 

200:

{
  "Object": {
    "id": "12345",
    "name": "ail-leak",
    "meta-category": "string",
    "description": "string",
    "template_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "template_version": "1",
    "event_id": "12345",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "timestamp": "1617875568",
    "distribution": "0",
    "sharing_group_id": "1",
    "comment": "string",
    "deleted": true,
    "first_seen": "1581984000000000",
    "last_seen": "1581984000000000",
    "Attribute": [
      {
        "id": "12345",
        "event_id": "12345",
        "object_id": "12345",
        "object_relation": "sensor",
        "category": "Internal reference",
        "type": "md5",
        "value": "127.0.0.1",
        "to_ids": true,
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "timestamp": "1617875568",
        "distribution": "0",
        "sharing_group_id": "1",
        "comment": "logged source ip",
        "deleted": false,
        "disable_correlation": false,
        "first_seen": "1581984000000000",
        "last_seen": "1581984000000000"
      }
    ]
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get object by ID:

GET

https://misp.local/objects/view/{objectId}

Response: 

200:

{
  "Object": {
    "id": "12345",
    "name": "ail-leak",
    "meta-category": "string",
    "description": "string",
    "template_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "template_version": "1",
    "event_id": "12345",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "timestamp": "1617875568",
    "distribution": "0",
    "sharing_group_id": "1",
    "comment": "string",
    "deleted": true,
    "first_seen": "1581984000000000",
    "last_seen": "1581984000000000",
    "Attribute": [
      {
        "id": "12345",
        "event_id": "12345",
        "object_id": "12345",
        "object_relation": "sensor",
        "category": "Internal reference",
        "type": "md5",
        "value": "127.0.0.1",
        "to_ids": true,
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "timestamp": "1617875568",
        "distribution": "0",
        "sharing_group_id": "1",
        "comment": "logged source ip",
        "deleted": false,
        "disable_correlation": false,
        "first_seen": "1581984000000000",
        "last_seen": "1581984000000000"
      }
    ],
    "Event": {
      "id": "12345",
      "info": "logged source ip",
      "org_id": "12345",
      "orgc_id": "12345"
    }
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Delete object:

DELETE

https://misp.local/objects/delete/{objectId}/{hardDelete}

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Object deleted",
  "message": "Object deleted",
  "url": "/objects/delete/1"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

TAG

Get tags:

GET

https://misp.local/tags

Response: 

200:

{
  "Tag": [
    {
      "id": "12345",
      "name": "tlp:white",
      "colour": "#ffffff",
      "exportable": true,
      "org_id": "12345",
      "user_id": "12345",
      "hide_tag": false,
      "numerical_value": "12345",
      "is_galaxy": true,
      "is_custom_galaxy": true,
      "inherited": 1
    }
  ]
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get tag by ID:

GET

https://misp.local/tags/view/{tagId}

Response: 

200:

{
  "id": "12345",
  "name": "tlp:white",
  "colour": "#ffffff",
  "exportable": true,
  "org_id": "12345",
  "user_id": "12345",
  "hide_tag": false,
  "numerical_value": "12345",
  "is_galaxy": true,
  "is_custom_galaxy": true,
  "inherited": 1
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Add tag:

POST

https://misp.local/tags/add

Response: 

200:

{
  "id": "12345",
  "name": "tlp:white",
  "colour": "#ffffff",
  "exportable": true,
  "org_id": "12345",
  "user_id": "12345",
  "hide_tag": false,
  "numerical_value": "12345",
  "is_galaxy": true,
  "is_custom_galaxy": true,
  "inherited": 1
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Delete tag:

POST

https://misp.local/tags/delete/{tagId}

Response: 

200:

{
  "name": "Tag deleted.",
  "message": "Tag deleted.",
  "url": "https://misppriv.circl.lu/tags/delete/1"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Edit tag:

POST

https://misp.local/tags/edit/{tagId}

Request:

{
  "name": "tlp:white",
  "colour": "#ffffff",
  "exportable": true,
  "org_id": "12345",
  "user_id": "12345",
  "hide_tag": false,
  "numerical_value": "12345",
  "is_galaxy": true,
  "is_custom_galaxy": true,
  "inherited": 1
}

Response: 

200:

{
  "Tag": {
    "id": "12345",
    "name": "tlp:white",
    "colour": "#ffffff",
    "exportable": true,
    "org_id": "12345",
    "user_id": "12345",
    "hide_tag": false,
    "numerical_value": "12345",
    "is_galaxy": true,
    "is_custom_galaxy": true,
    "inherited": 1
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Search tag:

GET

https://misp.local/tags/search/{tagSearchTerm}

Response: 

200:

[
  {
    "Tag": {
      "id": "12345",
      "name": "tlp:white",
      "colour": "#ffffff",
      "exportable": true,
      "org_id": "12345",
      "user_id": "12345",
      "hide_tag": false,
      "numerical_value": "12345",
      "is_galaxy": true,
      "is_custom_galaxy": true,
      "inherited": 1
    },
    "Taxonomy": {
      "id": "12345",
      "namespace": "tlp",
      "description": "Disclosure is not limited.  Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction.",
      "version": "5",
      "enabled": true,
      "exclusive": true,
      "required": true
    },
    "TaxonomyPredicate": {
      "id": "12345",
      "taxonomy_id": "12345",
      "value": "white",
      "expanded": "(TLP:WHITE) Information can be shared publicly in accordance with the law.",
      "colour": "#ffffff",
      "description": "Disclosure is not limited.  Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction.",
      "exclusive": true,
      "numerical_value": 0
    }
  }
]

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Sighting

Get sightings by event ID:

GET

https://misp.local/sightings/index/{eventId}

Response: 

200:

{
  "Tag": [
    {
      "id": "12345",
      "name": "tlp:white",
      "colour": "#ffffff",
      "exportable": true,
      "org_id": "12345",
      "user_id": "12345",
      "hide_tag": false,
      "numerical_value": "12345",
      "is_galaxy": true,
      "is_custom_galaxy": true,
      "inherited": 1
    }
  ]
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Add sightings of a list of values:

POST

https://misp.local/sightings/add

Request:

{
  "values": [
    "127.0.0.1"
  ],
  "timestamp": "1617875568",
  "filters": {
    "page": 1,
    "limit": 0,
    "value": "127.0.0.1",
    "value1": "127.0.0.1",
    "value2": "127.0.0.1",
    "type": "md5",
    "category": "Internal reference",
    "org": "12345",
    "tags": [
      "tlp:amber"
    ],
    "from": "string",
    "to": "string",
    "last": 0,
    "eventid": "12345",
    "withAttachments": false,
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "publish_timestamp": "1617875568",
    "published": false,
    "timestamp": "1617875568",
    "attribute_timestamp": "1617875568",
    "enforceWarninglist": true,
    "to_ids": true,
    "deleted": false,
    "event_timestamp": "1617875568",
    "threat_level_id": "1",
    "eventinfo": "string",
    "sharinggroup": [
      "1"
    ],
    "decayingModel": "string",
    "score": "string",
    "first_seen": "string",
    "last_seen": "string",
    "includeEventUuid": false,
    "includeEventTags": false,
    "includeProposals": false,
    "requested_attributes": [
      "id"
    ],
    "includeContext": true,
    "headerless": true,
    "includeWarninglistHits": true,
    "attackGalaxy": "mitre-attack",
    "object_relation": "filepath",
    "includeSightings": true,
    "includeCorrelations": true,
    "modelOverrides": {
      "lifetime": 3,
      "decay_speed": 2.3,
      "threshold": 30,
      "default_base_score": 80,
      "base_score_config": {
        "estimative-language:confidence-in-analytic-judgment": 0.25,
        "estimative-language:likelihood-probability": 0.25,
        "phishing:psychological-acceptability": 0.25,
        "phishing:state": 0.2
      }
    },
    "includeDecayScore": false,
    "includeFullModel": false,
    "excludeDecayed": false,
    "returnFormat": "json"
  }
}

Response: 

200:

{
  "id": "12345",
  "attribute_id": "12345",
  "event_id": "12345",
  "org_id": "12345",
  "date_sighting": "1617875568",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "source": "string",
  "type": "string",
  "attribute_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "Organisation": {
    "id": "12345",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "name": "ORGNAME"
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Add sighting of an attribute:

POST

https://misp.local/sightings/add/{attributeId}

Response: 

200:

{
  "id": "12345",
  "attribute_id": "12345",
  "event_id": "12345",
  "org_id": "12345",
  "date_sighting": "1617875568",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "source": "string",
  "type": "string",
  "attribute_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "Organisation": {
    "id": "12345",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "name": "ORGNAME"
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Delete sighting:

POST

https://misp.local/sightings/delete/{sightingId}

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Sighting successfully deleted.",
  "message": "Sighting successfully deleted.",
  "url": "/sightings/delete/1"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

 

Warninglist

Get a list of warninglists:

POST

https://misp.local/warninglists

Response: 

200:

{
  "Warninglists": [
    {
      "Warninglist": {
        "id": "3",
        "name": "List of known domains to know external IP",
        "type": "cidr",
        "description": "string",
        "version": "10",
        "enabled": true,
        "warninglist_entry_count": "1234",
        "valid_attributes": "domain, hostname, domain|ip, uri, url",
        "WarninglistEntry": [
          {
            "id": "1234",
            "value": "10.128.0.0/24",
            "warninglist_id": "3"
          }
        ]
      }
    }
  ]
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Search warninglists:

POST

https://misp.local/warninglists

Response: 

200:

{
  "Warninglists": [
    {
      "Warninglist": {
        "id": "3",
        "name": "List of known domains to know external IP",
        "type": "cidr",
        "description": "string",
        "version": "10",
        "enabled": true,
        "warninglist_entry_count": "1234",
        "valid_attributes": "domain, hostname, domain|ip, uri, url",
        "WarninglistEntry": [
          {
            "id": "1234",
            "value": "10.128.0.0/24",
            "warninglist_id": "3"
          }
        ]
      }
    }
  ]
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Enable/disable warninglists:

POST

https://misp.local/warninglists/toggleEnable

Response: 

200:

{
  "saved": true,
  "success": "1 warninglist(s) disabled"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get warninglist by ID:

GET

https://misp.local/warninglists/view/{warninglistId}

Response: 

200:

{
  "Warninglist": {
    "id": "3",
    "name": "List of known domains to know external IP",
    "type": "cidr",
    "description": "string",
    "version": "10",
    "enabled": true,
    "warninglist_entry_count": "1234",
    "valid_attributes": "domain, hostname, domain|ip, uri, url",
    "WarninglistEntry": [
      {
        "id": "1234",
        "value": "10.128.0.0/24",
        "warninglist_id": "3"
      }
    ]
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Check if a list of values matches any warninglists:

POST

https://misp.local/warninglists/checkValue

Request:

[
  "10.128.0.2"
]

Response: 

200:

{
  "10.128.0.2": [
    {
      "id": "10",
      "name": "List of known Wikimedia address ranges"
    }
  ]
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Update warninglists:

POST

https://misp.local/warninglists/update

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Successfully updated 1 warninglists.",
  "message": "Successfully updated 1 warninglists.",
  "url": "/warninglists/update"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Noticelist

Get a list of noticelists

GET

https://misp.local/warninglists

Response: 

200:

[
  {
    "Noticelist": {
      "id": "3",
      "name": "List of known domains to know external IP",
      "type": "cidr",
      "description": "string",
      "version": "10",
      "enabled": true,
      "warninglist_entry_count": "1234",
      "valid_attributes": "domain, hostname, domain|ip, uri, url",
      "NoticelistEntry": [
        {
          "id": "1234",
          "noticelist_id": "3",
          "data": {
            "scope": [
              "attribute"
            ],
            "field": [
              "category"
            ],
            "value": [
              "Person"
            ],
            "tags": [
              "tlp:white"
            ],
            "message": {
              "en": "This attribute is likely to contain personal data and the data subject is likely to be directly identifiable."
            }
          }
        }
      ]
    }
  }
]

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get a noticelist by ID:

GET

https://misp.local/warninglists

Response: 

200:

{
  "Noticelist": {
    "id": "3",
    "name": "List of known domains to know external IP",
    "type": "cidr",
    "description": "string",
    "version": "10",
    "enabled": true,
    "warninglist_entry_count": "1234",
    "valid_attributes": "domain, hostname, domain|ip, uri, url",
    "NoticelistEntry": [
      {
        "id": "1234",
        "noticelist_id": "3",
        "data": {
          "scope": [
            "attribute"
          ],
          "field": [
            "category"
          ],
          "value": [
            "Person"
          ],
          "tags": [
            "tlp:white"
          ],
          "message": {
            "en": "This attribute is likely to contain personal data and the data subject is likely to be directly identifiable."
          }
        }
      }
    ]
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Enable/disable noticelist:

POST

https://misp.local/warninglists

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Noticelist enabled.",
  "message": "Noticelist enabled.",
  "url": "/noticelists/toggleEnable/1"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Update noticelists:

POST

https://misp.local/noticelists/update

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Successfully updated 1 noticelists.",
  "message": "Successfully updated 1 noticelists.",
  "url": "/noticelists/update"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

 

 

 

Log

Get instance logs

POST

https://misp.local/admin/logs

Request:

{
  "page": 1,
  "limit": 0,
  "id": "12345",
  "title": "Attribute (448272) from Event (1): Other/text foo",
  "created": "string",
  "model": "AdminSetting",
  "model_id": "12345",
  "action": "accept",
  "user_id": "12345",
  "change": "%name () => (ORGNAME)%",
  "email": "user@example.com",
  "org": "ORG_%",
  "description": "%updated by User%",
  "ip": "string"
}

Response: 

200:

[
  {
    "Log": {
      "id": "12345",
      "title": "Attribute (448272) from Event (1): Other/text foo",
      "created": "string",
      "model": "AdminSetting",
      "model_id": "12345",
      "action": "accept",
      "user_id": "12345",
      "change": "name () => (ORGNAME)",
      "email": "user@example.com",
      "org": "ORGNAME",
      "description": "Organisation \"ORGNAME\" (1) added by User \"SYSTEM\" (0).",
      "ip": "10.0.0.10"
    }
  }
]

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Auth key

Get auth keys:

POST

https://misp.local/auth_keys

Request:

[
  {
    "AuthKey": {
      "id": "12345",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "authkey_start": "stri",
      "authkey_end": "stri",
      "created": "1617875568",
      "expiration": "1970-01-01 00:00:00",
      "read_only": true,
      "user_id": "12345",
      "comment": "string",
      "allowed_ips": [
        "127.0.0.1"
      ],
      "last_used": "1617875568"
    },
    "User": {
      "id": "12345",
      "email": "user@example.com"
    }
  }
]

Response: 

200:

[
  {
    "Log": {
      "id": "12345",
      "title": "Attribute (448272) from Event (1): Other/text foo",
      "created": "string",
      "model": "AdminSetting",
      "model_id": "12345",
      "action": "accept",
      "user_id": "12345",
      "change": "name () => (ORGNAME)",
      "email": "user@example.com",
      "org": "ORGNAME",
      "description": "Organisation \"ORGNAME\" (1) added by User \"SYSTEM\" (0).",
      "ip": "10.0.0.10"
    }
  }
]

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Search auth keys:

POST

https://misp.local/auth_keys

Request:

{
  "page": 1,
  "limit": 0,
  "id": "12345",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "authkey_start": "string",
  "authkey_end": "string",
  "created": "string",
  "expiration": "string",
  "read_only": true,
  "user_id": "12345",
  "comment": "string",
  "allowed_ips": "[\"127.0.0.1\",\"127.0.0.2\"]",
  "last_used": "string"
}

Response: 

200:

[
  {
    "AuthKey": {
      "id": "12345",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "authkey_start": "stri",
      "authkey_end": "stri",
      "created": "1617875568",
      "expiration": "1970-01-01 00:00:00",
      "read_only": true,
      "user_id": "12345",
      "comment": "string",
      "allowed_ips": [
        "127.0.0.1"
      ],
      "last_used": "1617875568"
    },
    "User": {
      "id": "12345",
      "email": "user@example.com"
    }
  }
]

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Add auth keys:

POST

https://misp.local/auth_keys/add/{userId}

Request:

{
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "read_only": true,
  "user_id": "12345",
  "comment": "string",
  "allowed_ips": [
    "127.0.0.1"
  ]
}

Response: 

200:

{
  "AuthKey": {
    "id": "12345",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "authkey_start": "stri",
    "authkey_end": "stri",
    "created": "1617875568",
    "expiration": "1970-01-01 00:00:00",
    "read_only": true,
    "user_id": "12345",
    "comment": "string",
    "allowed_ips": [
      "127.0.0.1"
    ],
    "last_used": "1617875568"
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

View auth key:

GET

https://misp.local/auth_keys/add/{userId}

Response: 

200:

{
  "AuthKey": {
    "id": "12345",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "authkey_start": "stri",
    "authkey_end": "stri",
    "created": "1617875568",
    "expiration": "1970-01-01 00:00:00",
    "read_only": true,
    "user_id": "12345",
    "comment": "string",
    "allowed_ips": [
      "127.0.0.1"
    ],
    "last_used": "1617875568"
  },
  "User": {
    "id": "12345",
    "org_id": "12345",
    "email": "user@example.com"
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Edit auth key:

POST

https://misp.local/auth_keys/add/{userId}

Request:

{
  "read_only": true,
  "comment": "string",
  "allowed_ips": [
    "127.0.0.1"
  ]
}

Response: 

200:

{
  "AuthKey": {
    "id": "12345",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "authkey_start": "stri",
    "authkey_end": "stri",
    "created": "1617875568",
    "expiration": "1970-01-01 00:00:00",
    "read_only": true,
    "user_id": "12345",
    "comment": "string",
    "allowed_ips": [
      "127.0.0.1"
    ],
    "last_used": "1617875568"
  },
  "User": {
    "id": "12345",
    "org_id": "12345",
    "email": "user@example.com"
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Delete auth key:

DELETE

https://misp.local/auth_keys/delete/{authKeyId}

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "AuthKey deleted.",
  "message": "AuthKey deleted.",
  "url": "/auth_keys/delete/1234"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

 

UserSettings

Get user settings:

GET

https://misp.local/user_settings

Response: 

200:

[
  {
    "UserSetting": {
      "id": "12345",
      "setting": "publish_alert_filter",
      "value": {
        "widget": "MispStatusWidget",
        "position": {
          "x": "0",
          "y": "0",
          "width": "2",
          "height": "2"
        }
      },
      "user_id": "12345",
      "timestamp": "1617875568"
    }
  }
]

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Search user settings:

POST

https://misp.local/user_settings

Request:

{
  "id": "12345",
  "setting": "publish_alert_filter",
  "user_id": "12345"
}

Response: 

200:

[
  {
    "UserSetting": {
      "id": "12345",
      "setting": "publish_alert_filter",
      "value": {
        "widget": "MispStatusWidget",
        "position": {
          "x": "0",
          "y": "0",
          "width": "2",
          "height": "2"
        }
      },
      "user_id": "12345",
      "timestamp": "1617875568"
    }
  }
]

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get user setting by id:

GET

https://misp.local/user_settings/view/{userSettingId}

Response: 

200:

{
  "UserSetting": {
    "id": "12345",
    "setting": "publish_alert_filter",
    "value": {
      "widget": "MispStatusWidget",
      "position": {
        "x": "0",
        "y": "0",
        "width": "2",
        "height": "2"
      }
    },
    "user_id": "12345",
    "timestamp": "1617875568"
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Set user setting:

POST

https://misp.local/user_settings/setSetting/{userId}/{userSettingName}

Request:

{
  "widget": "MispStatusWidget",
  "position": {
    "x": "0",
    "y": "0",
    "width": "2",
    "height": "2"
  }
}

Response: 

200:

{
  "UserSetting": {
    "id": "12345",
    "setting": "publish_alert_filter",
    "value": {
      "widget": "MispStatusWidget",
      "position": {
        "x": "0",
        "y": "0",
        "width": "2",
        "height": "2"
      }
    },
    "user_id": "12345",
    "timestamp": "1617875568"
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get user setting by id:

GET

https://misp.local/user_settings/getSetting/{userId}/{userSettingName}

Response: 

200:

{
  "UserSetting": {
    "id": "12345",
    "setting": "publish_alert_filter",
    "value": {
      "widget": "MispStatusWidget",
      "position": {
        "x": "0",
        "y": "0",
        "width": "2",
        "height": "2"
      }
    },
    "user_id": "12345",
    "timestamp": "1617875568"
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Delete user setting by id:

DELETE

https://misp.local/user_settings/delete/{userSettingId}

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Setting deleted.",
  "message": "Setting deleted.",
  "url": "/user_settings/delete/1234"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

 

Taxonomy

Get taxonomies:

GET

https://misp.local/taxonomies

Response: 

200:

[
  {
    "Taxonomy": {
      "id": "12345",
      "namespace": "tlp",
      "description": "Disclosure is not limited.  Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction.",
      "version": "5",
      "enabled": true,
      "exclusive": true,
      "required": true
    },
    "total_count": 0,
    "current_count": 0
  }
]

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get a taxonomy by ID:

GET

https://misp.local/taxonomies/view/{taxonomyIdParameter}

Response: 

200:

{
  "Taxonomy": {
    "id": "12345",
    "namespace": "tlp",
    "description": "Disclosure is not limited.  Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction.",
    "version": "5",
    "enabled": true,
    "exclusive": true,
    "required": true
  },
  "entries": [
    {
      "tag": "tlp:white",
      "expanded": "string",
      "description": "string",
      "exclusive_predicate": true,
      "existing_tag": true
    }
  ]
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Enable taxonomy:

POST

https://misp.local/taxonomies/enable/{taxonomyIdParameter}

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Taxonomy enabled",
  "message": "Taxonomy enabled",
  "url": "/taxonomies/enable/1234"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Disable taxonomy:

POST

https://misp.local/taxonomies/disable/{taxonomyIdParameter}

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Taxonomy disabled",
  "message": "Taxonomy disabled",
  "url": "/taxonomies/disabled/1234"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Update taxonomies:

POST

https://misp.local/taxonomies/update

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Successfully updated 120 taxonomy libraries.",
  "message": "Successfully updated 120 taxonomy libraries.",
  "url": "/taxonomies/update"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get a taxonomy extended with tags used in events and attributes:

GET

https://misp.local/taxonomies/taxonomy_tags/{taxonomyIdParameter}

Response: 

200:

{
  "Taxonomy": {
    "id": "12345",
    "namespace": "tlp",
    "description": "Disclosure is not limited.  Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction.",
    "version": "5",
    "enabled": true,
    "exclusive": true,
    "required": true
  },
  "entries": [
    {
      "org_id": "12345",
      "server_id": "12345",
      "email": "user@example.com",
      "autoalert": true,
      "authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
      "invited_by": "12345",
      "gpgkey": "string",
      "certif_public": "string",
      "nids_sid": "4000000",
      "termsaccepted": true,
      "newsread": "1617875568",
      "role_id": "3",
      "change_pw": "0",
      "contactalert": true,
      "disabled": true,
      "expiration": "2019-08-24T14:15:22Z",
      "current_login": "1617875568",
      "last_login": "1617875568",
      "force_logout": true,
      "date_created": "1617875568",
      "date_modified": "1617875568",
      "events": 0,
      "attributes": 0
    }
  ]
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Export taxonomy:

GET

https://misp.local/taxonomies/export/{taxonomyIdParameter}

Response: 

200:

{
  "namespace": "tlp",
  "description": "Disclosure is not limited.  Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction.",
  "version": 0,
  "exclusive": true,
  "predicates": [
    {
      "value": "white",
      "expanded": "(TLP:WHITE) Information can be shared publicly in accordance with the law."
    }
  ],
  "values": [
    {
      "predicate": "white",
      "entry": [
        {
          "value": "spam",
          "expanded": "spam",
          "description": "Spam or ‘unsolicited bulk e-mail’, meaning that the recipient has not granted verifiable permission for the message to be sent and that the message is sent as part of a larger collection of messages, all having identical content."
        }
      ]
    }
  ]
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}