API Dokümantasyonu

Bu kılavuz, MISP API'nin etkili bir şekilde nasıl kullanılacağını adım adım açıklar ve farklı senaryolarda entegrasyon sağlamak için yönergeler sunar.

API Kullanımı

API Kullanımı

Başlangıç

MISP API, Tehdit İstihbaratı Paylaşım Platformu'nun (MISP), diğer sistemlerle entegrasyon için sağladığı güçlü bir araçtır. API, tehdit aktörlerinden zararlı yazılımlara kadar geniş bir yelpazedeki güvenlik verilerini paylaşmak için bir ortam sağlar. MISP API, otomatik veri alışverişi, analiz ve uyarı oluşturma gibi çeşitli güvenlik senaryolarında önemli rol oynar.

MISP API, uygulama geliştiricilerine, organizasyonların MISP platformunu kendi güvenlik altyapılarına entegre etmelerini sağlar. Bu entegrasyon, gerçek zamanlı tehdit bilgilerine erişim sağlayarak güvenlik operasyonlarını güçlendirir ve yanıt sürelerini iyileştirir. Ayrıca, MISP API, çeşitli güvenlik araçları ve sistemlerle etkileşim kurarak tehdit tespiti ve müdahale süreçlerini otomatikleştirmeyi kolaylaştırır. Bu sayede, kurumlar tehditlerle mücadele etmek için daha hızlı ve etkili bir şekilde hareket edebilirler.

OpenAPI Belgesi Kullanımı:

OpenAPI belgeleri, MISP API'nin kullanımını tanımlayan bir rehberdir. Bu belgeler, API endpoint'lerinin, parametrelerin ve kullanım yönergelerinin yanı sıra API'ye yapılan isteklerin nasıl yapılandırılacağı hakkında ayrıntılı bilgi sağlar. Özellikle, belgede her endpoint'in URL'si, desteklediği HTTP metotları (GET, POST, PUT, DELETE vb.), gerekli ve isteğe bağlı parametreler, yanıt formatı ve hata durumları gibi bilgiler bulunur.

OpenAPI belgeleri, MISP API'nin sağladığı işlevlerin ve servislerin ayrıntılı bir tanımını içerir. Bu belgeler, API'nin nasıl kullanılacağı hakkında kapsamlı bir rehber sağlar ve API'nin işlevselliğini tam olarak anlamak için önemlidir.

REST Client Arayüzü Kullanımı:

REST client arayüzü, kullanıcılara API'ye doğrudan erişim ve istek gönderme imkanı sağlar. Bu arayüz, API belgelerinde belirtilen parametreleri kullanarak istekler oluşturabilir ve cevapları alabilir. Kullanıcılar, API isteklerini kolayca yapılandırabilir, istenen parametreleri ekleyebilir ve istekleri göndererek API'den veri alabilirler.

REST client arayüzü genellikle bir web tabanlı uygulama veya bir masaüstü uygulama olarak sunulur. Kullanıcılar, bu arayüzü kullanarak belirli bir API endpoint'ine istek göndermek için gereken HTTP yöntemini (GET, POST, PUT, DELETE vb.) seçebilirler. Ardından, istek için gereken parametreleri ve verileri ekleyebilirler ve isteği göndererek API'den cevap alabilirler.

Bu arayüz, API'ye hızlı ve etkili bir şekilde erişmek için kullanışlı bir araçtır ve API'nin nasıl kullanılacağını anlamak için OpenAPI belgeleriyle birlikte kullanılabilir.

API Kullanımı

API Erişimi ve Yetkilendirme

MISP API'ye erişim, kullanıcıların güvenlik bilgilerini sağlamaları gereken yetkilendirme mekanizması üzerinden gerçekleşir. API'ye erişim için bir API anahtarı (Auth key) gereklidir ve bu anahtar, MISP kullanıcı arayüzünden ya da komut satırı aracılığı ile alınabilir.

API anahtarı, erişimin güvenliğini sağlamak için özenle saklanmalıdır, çünkü bu anahtar tüm veri tabanına erişim sağlar.

Kullanıcı Arayüzü:

  1. Profilim -> Kimlik Doğrulama Anahtarları Bölümü:
    • Bu adımlar, kullanıcının kendi API anahtarını oluşturmasını sağlar.
    • Kullanıcı, kendi hesabına giriş yaparak "Profilim" sekmesine gitmelidir.
    • Ardından, "Kimlik Doğrulama Anahtarları" bölümüne tıklamalı ve "Kimlik Doğrulama Anahtarı Ekle" seçeneğini seçmelidir.
    • Bu adımları takip ederek, kullanıcı kendi API anahtarını oluşturabilir ve kullanabilir.

image.png

Yönetici Arayüzü:

  1. Yönetici Olarak Başka Bir Kullanıcı İçin API Anahtarı Oluşturma:
    • Bu adımlar, yöneticinin başka bir kullanıcı adına API anahtarı oluşturmasını sağlar.
    • Yönetici, yönetici hesabına giriş yapmalı ve "Yönetim" sekmesine gitmelidir.
    • Ardından, "Kullanıcıları Listele" bölümüne tıklamalı ve istenen kullanıcının "Görünüm" sayfasına gitmelidir.
    • Kullanıcının sayfasında, "Kimlik Doğrulama Anahtarları" bölümünde "Kimlik Doğrulama Anahtarı Ekle" seçeneğini seçmelidir.
    • Bu adımları takip ederek, yönetici belirli bir kullanıcı adına API anahtarı oluşturabilir ve kullanıcıya iletebilir.

image.png

Ekran Görüntüsü - 2024-04-11 16-25-43.png

Kullanıcı Komut Satırı:

  1. Komut Satırı Kullanarak Kendi API Anahtarınızı Oluşturma:
    • Kullanıcı, MISP'in yüklemesinin yapıldığı dizindeki CLI (Command Line Interface) aracını kullanarak API anahtarı oluşturabilir.
    • CLI aracını çalıştırmak için aşağıdaki komutu kullanabilir:
      ./app/Console/cake user change_authkey [e-posta/kullanıcı_kimliği]
    • Bu komut, belirtilen kullanıcının API anahtarını değiştirir veya yeni bir API anahtarı oluşturur.

Yönetici Komut Satırı:

  1. Komut Satırı Kullanarak Başka Bir Kullanıcı İçin API Anahtarı Oluşturma:
    • API Yönetici düzeyinde bir API anahtarınız olması koşuluyla, başka bir kullanıcı adına API anahtarı oluşturabilirsiniz.
    • Bu işlem için [POST]/auth_keys/add/{{user_id}} uç noktasını kullanabilirsiniz. Burada {{user_id}}, API anahtarı oluşturmak istediğiniz kullanıcının kimliğini belirtir.
    • Bu istek, API yöneticisi tarafından yetkilendirilmiş olmalı ve belirtilen kullanıcının API anahtarını oluşturmak için gerekli izinlere sahip olmalısınız.
    • Bu şekilde, başka bir kullanıcı adına API anahtarı oluşturabilir ve belirli bir kullanıcıya iletebilirsiniz.

Kimlik doğrulama anahtarınız yalnızca bir kez görüntülenecek ve daha sonra tekrar erişilemeyecektir. Bu nedenle, anahtarı güvenli bir şekilde saklamanız önemlidir. Not almak veya güvenli bir parola yöneticisinde saklamak gibi uygun önlemler almanızı öneririz.

Ekran Görüntüsü - 2024-04-11 17-00-40.png

Bu anahtarlar, API'ye yetkilendirilmiş istekler göndermek için kullanılır ve kullanıcılara belirli bir güvenlik kimliği sağlar. API anahtarları, kullanıcıların MISP üzerinde belirli işlemleri otomatize etmelerine ve entegrasyonlar oluşturmalarına olanak tanır.

API Kullanımı

Rest Client Nedir?

REST Client, MISP API'yi etkili bir şekilde kullanmak için tasarlanmış bir araçtır. Bu araç, MISP platformuyla etkileşim kurmak için REST (Representational State Transfer) protokolünü kullanır ve bu sayede çeşitli güvenlik senaryolarında veri alışverişi yapmak için bir arabirim sunar.

REST client, Representational State Transfer (REST) prensiplerine uygun bir şekilde çalışan bir istemcidir. Bu istemci, bir RESTful web servisiyle etkileşim kurmak için HTTP protokolünü kullanır. 

Kullanım senaryoları:

  1. Veri Alma: MISP REST Client, MISP platformundan güncel tehdit bilgilerini almak için kullanılabilir. Tehdit istihbaratı paylaşımını güncel tutmak ve kuruluşun güvenlik durumunu izlemek için önemlidir.

  2. Veri Gönderme: MISP REST Client, kuruluşun kendi tehdit istihbaratı verilerini MISP platformuna göndermesine olanak tanır. Kuruluşun kendi gözlemlerini diğer kuruluşlarla paylaşarak daha geniş bir tehdit görüşünü sağlamak için önemlidir.

  3. Otomatik Analiz ve Uyarı: MISP REST Client, MISP platformundan alınan verileri otomatik olarak analiz ederek ve belirlenen kriterlere göre uyarılar oluşturarak güvenlik operasyonlarını otomatikleştirmek için kullanılabilir.

  4. Entegrasyon: MISP REST Client, diğer güvenlik araçları ve sistemleriyle entegrasyon sağlamak için kullanılabilir. Bu, MISP platformunun güvenlik altyapısına kolayca entegre edilmesini ve çeşitli güvenlik araçlarının birlikte çalışmasını sağlar.

API Kullanımı

REST Client ile API İstekleri

Ekran Görüntüsü - 2024-04-11 17-42-18.png

image.png

Ekran Görüntüsü - 2024-04-11 18-07-20.png

Sorgu oluşturucu butonuna tıklandığı zaman yeni bir alan açılır.

Ekran Görüntüsü - 2024-04-11 18-27-28.png

Kullanıcının daha karmaşık ve özelleştirilmiş sorgular oluşturmasına olanak tanıyan bir araçtır. Bu alanda kullanıcılar, isteklerini daha fazla filtrelemek veya belirli koşulları karşılayan verileri sorgulamak için kapsamlı sorgu kuralları oluşturabilirler.

Örneğin, bir kullanıcı belirli bir tarihten sonra oluşturulan etkinlikleri veya belirli bir tehdit seviyesine sahip olanları filtrelemek istiyorsa, query builder aracını kullanarak bu koşulları belirtebilirler. Ayrıca, bu araç sayesinde birden fazla koşulu birleştirerek daha karmaşık sorgular da oluşturulabilir.

Bu yeni alan, kullanıcılara API isteklerini daha esnek ve özelleştirilmiş bir şekilde oluşturma imkanı sunar ve istenen verilere daha doğru bir şekilde erişmelerini sağlar.

API Kullanımı

PyMISP ile Otomasyon

PyMISP - MISP'e Erişmek İçin Python Kütüphanesi

PyMISP, MISP platformlarına Python programlama dili aracılığıyla REST API'leri kullanarak erişim sağlayan bir kütüphanedir. Bu kütüphane, MISP platformları ile etkileşimi kolaylaştırır ve otomasyon için bir arayüz sunar.

PyMISP'nin Sağladığı Yetenekler:

PyMISP, MISP platformlarındaki olaylara ve verilere erişimi sağlar ve çeşitli işlemleri gerçekleştirmenizi sağlar. Bu yetenekler arasında şunlar bulunur:

Kurulum:

PyMISP'yi pip kullanarak veya GitHub deposundan en son sürümü alarak yükleyebilirsiniz. Kurulum talimatlarına aşağıdaki şekillerde ulaşabilirsiniz:

PyMISP kütüphanesini kullanabilmek için MISP örneğinizde bir Kimlik Doğrulama Anahtarı'na ihtiyacınız olacaktır.

Başlarken:

PyMISP'yi kullanmaya başlamadan önce, MISP otomasyon anahtarınızı almanız gerekmektedir. Otomasyon anahtarınızı MISP web arayüzündeki otomasyon bölümünde veya profilinizde bulabilirsiniz.

PyMISP kütüphanesini kullanarak örnekler çalıştırmak için, git clone https://github.com/MISP/PyMISP.git komutunu kullanarak depoyu klonlayabilir ve örnekler klasöründeki keys.py dosyasını düzenleyerek MISP örneğinizin URL'sini ve otomasyon anahtarınızı belirtebilirsiniz.

PyMISP Kullanımı:

PyMISP'nin kullanımını daha iyi anlamak için mevcut örneklerden birine bakalım: add_named_attribute.py. Bu komut dosyası, sadece türünü bildiğiniz bir özniteliği mevcut bir etkinliğe eklemenizi sağlar (kategori varsayılan olarak belirlenir).

API Endpoint ve Parametreleri

API Endpoint ve Parametreleri

EndPoint ve Parametre Nedir?

Endpoint Nedir?

Endpointler, bir web servisinin belirli bir işlevselliğini veya kaynağını temsil eden URL'lerdir. MISP API'sindeki endpointler, MISP platformundaki verilere erişmek veya işlemleri gerçekleştirmek için kullanılır.

Örneğin, /events/get endpointi, MISP platformundaki belirli bir etkinliği almak için kullanılır.

Parametreler Nedir?

Parametreler, bir endpointin çalıştırılmasını etkileyen veya belirli bir işlem için gerekli olan verilerdir. Endpointlere gönderilen parametreler, istenen işlemi belirler veya filtreleme yapar.

Örneğin, /events/get endpointine eventId parametresi göndererek, belirli bir etkinliği alabiliriz.

API Endpoint ve Parametreleri

Analyst Data Parametreleri

Add Analyst Data:

Path Parametreleri:

Parametre Gerekli Veri Türü Açıklama Örnek
analystType Evet String (AnalystDataType) Analist verisinin türünü belirtir. "Note", "Opinion", "Relationship"
analystObjectUUID Evet String <uuid> (UUID) Analist verisinin eklenmek istendiği nesnenin benzersiz kimliği. "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
analystObjectType Evet Herhangi bir veri türü Analist verisinin eklenmek istendiği nesnenin türünü belirtir. "Event", "Attribute", "Object" gibi değerle

Edit Analyst Data:

Path Parametreleri:

Parametre Gerekli Veri Türü Açıklama Örnek
analystType Evet String (AnalystDataType) Analist verisinin türünü belirtir. "Note", "Opinion", "Relationship"
analystID Evet AnalystDataID (string) or UUID (string) Analist verisinin benzersiz kimliği (UUID) veya sayısal kimliği (AnalystDataID). "c99506a6-1255-4b71-afa5-7b8ba48c3b1b" veya "12345"

Delete Analyst Data:

Path Parametreleri:

Parametre Gerekli Veri Türü Açıklama Örnek
analystType Evet String (AnalystDataType) Analist verisinin türünü belirtir. "Note", "Opinion", "Relationship"
analystID Evet AnalystDataID (string) or UUID (string) Analist verisinin benzersiz kimliği (UUID) veya sayısal kimliği (AnalystDataID). "c99506a6-1255-4b71-afa5-7b8ba48c3b1b" veya "12345"

List Analyst Data:

Path Parametreleri:

Parametre Gerekli Veri Türü Açıklama Örnek
analystType Evet String (AnalystDataType) Analist verisinin türünü belirtir. "Note", "Opinion", "Relationship"

Get Analyst Data by ID:

Path Parametreleri:

Parametre Gerekli Veri Türü Açıklama Örnek
analystType Evet String (AnalystDataType) Analist verisinin türünü belirtir. "Note", "Opinion", "Relationship"
analystID Evet AnalystDataID (string) or UUID (string) Analist verisinin benzersiz kimliği (UUID) veya sayısal kimliği (AnalystDataID). "c99506a6-1255-4b71-afa5-7b8ba48c3b1b" veya "12345"
API Endpoint ve Parametreleri

Attribute Parametreleri

"Attribute" Kaynağını Aramak:

Request Body Şeması:

Parametre Gerekli Veri Türü Maksimum Uzunluk Açıklama Örnek
page - integer or null <int32> - Sayfa numarası veya null 1
limit - integer or null <int32> - Sorgunun maksimum sonuç sayısı veya null 10
value - string (AttributeValue) <= 131071 Değer "example_value"
value1 - string (AttributeValue) <= 131071 Değer 1 "example_value1"
value2 - string (AttributeValue) <= 131071 Değer 2 "example_value2"
type - string (AttributeType) <= 100 Tür "md5", "sha1", "filename", vb.
category - string (AttributeCategory) <= 255 Kategori "Internal reference", "Targeting data", vb.
org - OrganisationId (string) or OrganisationName (string) - Kuruluş ID'si veya adı "example_org_id" veya "example_org_name"
tags - Array of strings or null (TagsRestSearchFilter) - Etiketler veya null ["tag1", "tag2"]
from - string or null (DateRestSearchFilter) - Zaman damgası veya null "2024-04-01T00:00:00Z"
to - string or null (DateRestSearchFilter) - Zaman damgası veya null "2024-04-10T23:59:59Z"
last - (integer or null) or (string or null) (LastRestSearchFilter) - Son zaman dilimi "5d", "12h", "2024-04-01T00:00:00Z"
eventid - string (EventId) <= 10 Olay ID'si "1234567890"
withAttachments - boolean (WithAttachmentsRestSearchFilter) - Ekleri içerir mi? true, false
uuid - string <uuid> (UUID) <= 36 UUID "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
publish_timestamp - string (Timestamp) - Yayımlanma zaman damgası "1618234400" (UNIX zaman damgası)
published - boolean (PublishedFlag) - Yayımlandı mı? true, false
timestamp - string (Timestamp) - Zaman damgası "1618234400" (UNIX zaman damgası)
attribute_timestamp - string (Timestamp) - Nitelik zaman damgası "1618234400" (UNIX zaman damgası)
enforceWarninglist - boolean or null (EnforceWarninglistRestSearchFilter) - Uyarı listesi zorunlu mu? true, false, null
to_ids - boolean or null (ToIDSRestSearchFlag) - IDS'ye mi gönderilsin? true, false, null
deleted - boolean (SoftDeletedFlagValuesToInclude) - Silinmiş öznitelikler içersin mi? true, false
event_timestamp - string (Timestamp) - Olay zaman damgası "1618234400" (UNIX zaman damgası)
threat_level_id - string (ThreatLevelId) - Tehdit seviyesi "1", "2", "3", "4"
eventinfo - string - Olay hakkında hızlı açıklama "example_event_info"
sharinggroup - Array of strings or null (SharingGroupIDRestSearchFilter) - Paylaşım grubu ID'leri veya null ["group_id1", "group_id2"]
decayingModel - string (DecayingModelRestSearchFilter) - Bozulma modeli "example_decaying_model"
score - string (DecayingModelScoreRestSearchFilter) - Puan "example_score"
first_seen - string - İlk görülme zamanı "2024-04-01T00:00:00Z"
last_seen - string - Son görülme zamanı "2024-04-10T23:59:59Z"
includeEventUuid - boolean (IncludeEventUUIDRestSearchFlag) - Etkinlik UUID'lerini içerir mi? true, false
includeEventTags - boolean (IncludeEventTagsRestSearchFlag) - Etkinlik etiketlerini içerir mi? true, false
includeProposals - boolean (IncludeProposalsRestSearchFlag) - Önerileri içerir mi? true, false
requested_attributes - Array of strings (RequestedAttributesRestSearchFilter) - İstenen öznitelikler ["attribute1", "attribute2"]
includeContext - boolean or null (IncludeContextRestSearchFlag) - Bağlamı içerir mi? true, false, null
headerless - boolean or null (HeaderlessRestSearchFlag) - Başlıksız olacak mı? true, false, null
includeWarninglistHits - boolean or null (IncludeWarninglistHitsRestSearchFlag) - Uyarı listesi eşleşmeleri içerir mi? true, false, null
attackGalaxy - string or null (AttackGalaxyRestSearchFilter) - Saldırı galaksisi "example_attack_galaxy"
object_relation - string or null (ObjectRelationRestSearchFilter) - Nesne ilişkisi "example_object_relation"
includeSightings - boolean or null (IncludeSightingDbRestSearchFlag) - Görüntülerle birlikte mi? true, false, null
includeCorrelations - boolean or null (IncludeCorrelationsRestSearchFlag) - Korelasyonları içerir mi? true, false, null
modelOverrides - object (ModelOverridesRestSearchFilter) - Model geçersiz kılma "example_model_overrides"
includeDecayScore - boolean (IncludeDecayScoreRestSearchFlag) - Bozulma puanını içerir mi? true, false
includeFullModel - boolean (IncludeFullModelRestSearchFlag) - Tam modeli içerir mi? true, false
excludeDecayed - boolean (ExcludeDecayedRestSearchFlag) - Bozulmuş öğeleri hariç tutar mı? true, false
returnFormat - string (AttributesRestSearchReturnFormat) - Yanıt biçimi "json", "xml", "csv", vb.

Add an Attribute:

Path Parametreleri:

Parametre Gerekli Veri Türü Açıklama Örnek
eventId Evet EventId (string) or UUID (string) Olayın benzersiz kimliği (UUID) veya sayısal kimliği (EventId) "c99506a6-1255-4b71-afa5-7b8ba48c3b1b" veya "12345"

Request Body Şeması: 

Parametre Gerekli Veri Türü Açıklama Örnek
event_id Evet string (EventId) Olayın benzersiz kimliği (En fazla 10 karakter) "1234567890"
object_id Evet string (ObjectId) Nesne ID'si (En fazla 10 karakter) "9876543210"
object_relation - string or null (NullableObjectRelation) Nesne ilişkisi (En fazla 255 karakter) "example_relation"
category - string (AttributeCategory) Kategori (En fazla 255 karakter) "Internal reference"
type - string (AttributeType) Tür (En fazla 100 karakter) "md5", "sha1", vb.
value - string (AttributeValue) Değer (En fazla 131071 karakter) "example_value"
to_ids - boolean (ToIDS) IDS'ye gönderilsin mi? (Varsayılan: true) true, false
uuid - string <uuid> (UUID) UUID (En fazla 36 karakter) "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
timestamp - string or null (NullableTimestamp) Zaman damgası (^\d+$ ^$) (Varsayılan: "0")
distribution - string (DistributionLevelId) Dağıtım seviyesi (Enum: "0" "1" "2" "3" "4" "5") "3"
sharing_group_id - string or null (SharingGroupId) Paylaşım grubu ID'si (^\d+$ ^$) (En fazla 10 karakter)
comment - string (AttributeComment) Yorum (En fazla 65535 karakter) "example_comment"
deleted - boolean (SoftDeletedFlag) Silinmiş mi? (Varsayılan: false) true, false
disable_correlation - boolean (DisableCorrelationFlag) Korelasyonu devre dışı bırak (Varsayılan: false) true, false
first_seen - string or null (NullableMicroTimestamp) İlk görülme zamanı (^\d+$ ^$) (Varsayılan: null)
last_seen - string or null (NullableMicroTimestamp) Son görülme zamanı (^\d+$ ^$) (Varsayılan: null)

Edit an Attribute:

Path Parametreleri:

Parametre Gerekli Veri Türü Açıklama Örnek
attributeId Evet AttributeId (string) or UUID (string) Özniteliğin benzersiz kimliği (UUID) veya sayısal kimliği (AttributeId) "c99506a6-1255-4b71-afa5-7b8ba48c3b1b" veya "12345"

Request Body Şeması: 

Parametre Gerekli Veri Türü Açıklama Örnek
id Evet string (AttributeId) Öznitelik ID'si (En fazla 10 karakter, sadece sayılar içermeli) "1234567890"
event_id Evet string (EventId) Olay ID'si (En fazla 10 karakter, sadece sayılar içermeli) "1234567890"
object_id Evet string (ObjectId) Nesne ID'si (En fazla 10 karakter, sadece sayılar içermeli) "1234567890"
object_relation - string or null (NullableObjectRelation) Nesne ilişkisi (En fazla 255 karakter) "example_relation"
category - string (AttributeCategory) Kategori (En fazla 255 karakter) "Internal reference"
type - string (AttributeType) Tür (En fazla 100 karakter) "md5", "sha1", vb.
value - string (AttributeValue) Değer (En fazla 131071 karakter) "example_value"
to_ids - boolean (ToIDS) IDS'ye gönderilsin mi? (Varsayılan: true) true, false
uuid - string <uuid> (UUID) UUID (En fazla 36 karakter) "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
timestamp - string or null (NullableTimestamp) Zaman damgası (^\d+$ ^$) (Varsayılan: "0")
distribution - string (DistributionLevelId) Dağıtım seviyesi (Enum: "0" "1" "2" "3" "4" "5") "3"
sharing_group_id - string or null (SharingGroupId) Paylaşım grubu ID'si (^\d+$ ^$) (En fazla 10 karakter)
comment - string (AttributeComment) Yorum (En fazla 65535 karakter) "example_comment"
deleted - boolean (SoftDeletedFlag) Silinmiş mi? (Varsayılan: false) true, false
disable_correlation - boolean (DisableCorrelationFlag) Korelasyonu devre dışı bırak (Varsayılan: false) true, false
first_seen - string or null (NullableMicroTimestamp) İlk görülme zamanı (^\d+$ ^$) (Varsayılan: null)
last_seen - string or null (NullableMicroTimestamp) Son görülme zamanı (^\d+$ ^$) (Varsayılan: null)

Delete an Attribute:

Path Parametreleri:

Parametre Gerekli Veri Türü Açıklama Örnek
attributeId Evet AttributeId (string) or UUID (string) Öznitelik ID'si (En fazla 10 karakter, sadece sayılar içermeli) veya benzersiz kimliği (UUID) "c99506a6-1255-4b71-afa5-7b8ba48c3b1b" veya "12345"

Restore an Attribute:

Path Parametreleri:

Parametre Gerekli Veri Türü Açıklama Örnek
attributeId Evet AttributeId (string) or UUID (string) Öznitelik kimliği (En fazla 10 karakter, sadece sayılar içermeli) veya benzersiz kimlik (UUID) "c99506a6-1255-4b71-afa5-7b8ba48c3b1b" veya "12345"

Add a Tag to an Attribute:

Path Parametreleri:

Parametre Gerekli Veri Türü Açıklama Örnek
attributeId Evet AttributeId (string) or UUID (string) Öznitelik kimliği (En fazla 10 karakter, sadece sayılar içermeli) veya benzersiz kimlik (UUID) "c99506a6-1255-4b71-afa5-7b8ba48c3b1b" veya "12345"
tagId Evet string (TagId) Etiket kimliği (En fazla 10 karakter, sadece sayılar içermeli) "12345"
local - integer <int32> Yerel ekleme (En fazla 1 karakter) (Varsayılan: 0) 0, 1

Remove a tag from an attribute:

Path Parametreleri:

Parametre Gerekli Veri Türü Açıklama Örnek
attributeId Evet AttributeId (string) or UUID (string) Öznitelik kimliği (En fazla 10 karakter, sadece sayılar içermeli) veya benzersiz kimlik (UUID) "c99506a6-1255-4b71-afa5-7b8ba48c3b1b" veya "12345"
tagId Evet string (TagId) Etiket kimliği (En fazla 10 karakter, sadece sayılar içermeli) "12345"

Get an attribute by ID:

Path Parametreleri:

Parametre Gerekli Veri Türü Açıklama Örnek
attributeId Evet AttributeId (string) or UUID (string) Öznitelik kimliği (En fazla 10 karakter, sadece sayılar içermeli) veya benzersiz kimlik (UUID) "c99506a6-1255-4b71-afa5-7b8ba48c3b1b" veya "12345"

Get the count of attributes per category:

Path Parametreleri:

Parametre Gerekli Veri Türü Açıklama Örnek
context Evet string İstatistiklerin bağlamı. "type" veya "category"
percentage Evet integer Yüzdelik dilim. 0: Öznitelik sayısını göstermek için, 1: Yüzdeleri göstermek için. 0 veya 1


API Endpoint ve Parametreleri

Event Parametreleri

"Event" Kaynağını Aramak:

Request Body Şeması:

Parametre Gerekli Veri Türü Açıklama Örnek
page Opsiyonel integer or null <int32> 1'den büyük bir tamsayı. 1 veya null
limit Opsiyonel integer or null <int32> 0'dan büyük veya null. 10 veya null
value Opsiyonel string 131071 karaktere kadar olan bir dize. "sample_value"
type Opsiyonel string 100 karaktere kadar olan bir dize. "md5"
category Opsiyonel string 255 karaktere kadar olan bir dize. "Internal reference"
org Opsiyonel OrganisationId (string) or OrganisationName (string) Organizasyon kimliği veya adı. "org_id" veya "org_name"
tags Opsiyonel Array of strings or null Dize dizisi veya null. ["tag1", "tag2"] veya null
event_tags Opsiyonel Array of strings or null Dize dizisi veya null. ["event_tag1", "event_tag2"] veya null
searchall Opsiyonel string Etiket adları, etkinlik açıklamaları, öznitelik değerleri veya öznitelik yorumlarıyla eşleşen olayları arama. "search_value"
from Opsiyonel string or null Geçerli zaman filtreleri kullanılabilir. "2024-01-01" veya null
to Opsiyonel string or null Geçerli zaman filtreleri kullanılabilir. "2024-12-31" veya null
last Opsiyonel integer or string or null Son x zaman içinde yayımlanan etkinlikler. 7 veya "7d" veya null
eventid Opsiyonel string 10 karakterden az olan bir dize. "12345"
withAttachments Opsiyonel boolean Varsa eklerin base64 temsiliyle genişletir. true veya false
sharinggroup Opsiyonel Array of strings or null Paylaşım grubu ID(ler)i. ["sg_id1", "sg_id2"] veya null
metadata Opsiyonel boolean or null Belirtilen sorgu kapsamının metadatasını sadece döndürür, içerilen veri atlanır. true, false veya null
uuid Opsiyonel string <uuid> 36 karakterden az olan bir dize. "uuid_value"
publish_timestamp Opsiyonel string ^\d+$ "timestamp_value"
timestamp Opsiyonel string ^\d+$ "timestamp_value"
published Opsiyonel boolean false true veya false
enforceWarninglist Opsiyonel boolean or null Uyarı listesinin zorunlu olup olmayacağını belirtir. Eşleşen öznitelikler için engellenmiş alan ekler. true, false veya null
sgReferenceOnly Opsiyonel boolean Yalnızca paylaşım grubu kimliğini döndürür. true veya false
requested_attributes Opsiyonel Array of strings CSV dışa aktarmada seçilecek özelliklerin listesi. ["attr1", "attr2"]
includeContext Opsiyonel boolean or null CSV dışa aktarmada etkinliklerin bağlam alanlarını ekler. true, false veya null
headerless Opsiyonel boolean or null CSV dışa aktarmada başlığı kaldırır. true, false veya null
includeWarninglistHits Opsiyonel boolean or null true, false veya null true, false veya null
attackGalaxy Opsiyonel string or null true, false veya null true, false veya null
to_ids Opsiyonel boolean true true veya false
deleted Opsiyonel boolean false true veya false
excludeLocalTags Opsiyonel boolean or null true, false veya null true, false veya null
date Opsiyonel string or null true, false veya null true, false veya null
includeSightingdb Opsiyonel boolean or null true, false veya null true, false veya null
tag Opsiyonel string 255 karakterden az olan bir dize. "tag_name"
object_relation Opsiyonel string or null Öznitelik nesne ilişki değerine göre filtreleme. "relation_value" veya null
threat_level_id Opsiyonel string Tehdit seviyesini temsil eder. "1" "2" "3" "4"
returnFormat Opsiyonel string Yanıt yükü biçimi. "json" veya "csv"

Add event:

Request Body Şeması:

Parametre Gerekli Veri Türü Açıklama Örnek
org_id Opsiyonel string 10 karakterden az olan bir dize. "org_id"
distribution Opsiyonel string Dağıtım seviyesi kimin etkinliği görebileceğini belirtir. "0" "1" "2" "3" "4" "5"
info Opsiyonel string 65535 karaktere kadar olan bir dize. "event_info"
orgc_id Opsiyonel string 10 karakterden az olan bir dize. "orgc_id"
uuid Opsiyonel string <uuid> 36 karakterden az olan bir dize. "uuid_value"
date Opsiyonel string Tarih dizesi. "2024-01-01"
published Opsiyonel boolean false true veya false
analysis Opsiyonel string Analiz olgunluk seviyesini temsil eder. "0" "1" "2"
attribute_count Opsiyonel string ^\d+$ "10"
timestamp Opsiyonel string or null ^\d+$ veya null "timestamp_value" veya null
sharing_group_id Opsiyonel string or null 10 karakterden az olan bir dize veya null. "sg_id" veya null
proposal_email_lock Opsiyonel boolean true veya false true veya false
locked Opsiyonel boolean true veya false true veya false
threat_level_id Opsiyonel string Tehdit seviyesini temsil eder. "1" "2" "3" "4"
publish_timestamp Opsiyonel string ^\d+$ "timestamp_value"
sighting_timestamp Opsiyonel string ^\d+$ "timestamp_value"
disable_correlation Opsiyonel boolean Default: false true veya false
extends_uuid Opsiyonel string or null 36 karakterden az olan bir dize veya null. "extends_uuid_value" veya null
event_creator_email Opsiyonel string <email> Etkinlik oluşturucu e-posta adresi. "example@example.com"

Edit event:

Path Parametreleri: 

Parametre Gerekli Veri Türü Açıklama Örnek
eventId Zorunlu string 10 karakterden az olan bir dize. "eventId"

Request Body Şeması:

Parametre Gerekli Veri Türü Açıklama Örnek
org_id Opsiyonel string (OrganisationId) 10 karakterden az olan bir dize, sadece rakamlar içerebilir. "1234567890"
distribution Opsiyonel string (DistributionLevelId) Dağıtım seviyesini belirten bir dize. 0 ile 5 arasında bir değer alabilir. "2"
info Opsiyonel string Olay hakkında bilgi içeren bir dize. "Bu bir test olayıdır."
orgc_id Opsiyonel string (OrganisationId) 10 karakterden az olan bir dize, sadece rakamlar içerebilir. "9876543210"
uuid Opsiyonel string <uuid> En fazla 36 karakter içeren bir UUID dizesi. "550e8400-e29b-41d4-a716-446655440000"
date Opsiyonel string Tarih bilgisini içeren bir dize. "2024-04-12"
published Opsiyonel boolean (PublishedFlag) Olayın yayımlanıp yayımlanmadığını belirten bir boolean değer. true
analysis Opsiyonel string (AnalysisLevelId) Analiz olgunluk seviyesini belirten bir dize. "1"
attribute_count Opsiyonel string (EventAttributeCount) Olaya bağlı öznitelik sayısını belirten bir dize. "5"
timestamp Opsiyonel string or null (NullableTimestamp) Zaman damgasını içeren bir dize veya null değer. "1649252400"
sharing_group_id Opsiyonel string or null (SharingGroupId) 10 karakterden az olan bir dize veya null değer, sadece rakamlar içerebilir. "1234567890"
proposal_email_lock Opsiyonel boolean (EventProposalEmailLock) Öneri e-postası kilidinin açık veya kapalı olup olmadığını belirten bir boolean değer. false
locked Opsiyonel boolean (IsLocked) Kilidin açık veya kapalı olup olmadığını belirten bir boolean değer. true
threat_level_id Opsiyonel string (ThreatLevelId) Tehdit seviyesini belirten bir dize. "3"
publish_timestamp Opsiyonel string (Timestamp) Yayımlama zaman damgasını içeren bir dize. "1649252400"
sighting_timestamp Opsiyonel string (Timestamp) Görünme zaman damgasını içeren bir dize. "1649252400"
disable_correlation Opsiyonel boolean (DisableCorrelationFlag) Korelasyonun etkin veya etkisiz olup olmadığını belirten bir boolean değer. true
extends_uuid Opsiyonel string or null (ExtendsUUID) En fazla 36 karakter içeren bir UUID dizesi veya null değer. "550e8400-e29b-41d4-a716-446655440000"
event_creator_email Opsiyonel string <email> Olayın oluşturulduğu e-posta adresi. "example@example.com"

Delete event:

Path Parametreleri: 

Parametre Gerekli Veri Türü Açıklama Örnek
eventId Gerekli string Olayın benzersiz kimliği, ya bir dize ya da UUID olarak ifade edilebilir. "123456" veya "550e8400-e29b-41d4-a716-446655440000"

Search events:

Request Body Şeması:

Parametre Gerekli Veri Türü Açıklama Örnek
page Opsiyonel integer or null Sorgunun başlayacağı sayfa numarası. 1'den büyük olmalı. 1 veya null
limit Opsiyonel integer or null Sayfa başına dönecek maksimum öğe sayısı. 0 veya daha büyük olmalı. 10 veya null
sort Opsiyonel string or null Sonuçları sıralamak için kullanılacak alan. "date" veya null
direction Opsiyonel string or null Sıralama yönü. "asc" (artan) veya "desc" (azalan). Varsayılan: "asc". "asc" veya null
minimal Opsiyonel boolean or null Varsayılan: false. Sadece attributeCount > 0 olan olayların minimal bir sürümünü döndürür. true veya null
attribute Opsiyonel string or null Verilen dizeyle eşleşen öznitelik değerlerine göre olayları filtreler. "vulnerability" veya null
eventid Opsiyonel string Olay kimliği. "123456"
datefrom Opsiyonel string or null Olay oluşturulma tarihi belirtilen tarihten büyük veya eşit olmalıdır. "2024-01-01" veya null
dateuntil Opsiyonel string or null Olay oluşturulma tarihi belirtilen tarihten küçük veya eşit olmalıdır. "2024-03-31" veya null
org Opsiyonel string or null Olayı oluşturan kuruluş adına göre olayları filtreler. "ABC Corp" veya null
eventinfo Opsiyonel string or null Olay bilgisi metni ile eşleşen olayları filtreler. "suspicious activity" veya null
tag Opsiyonel string Belirtilen etiket adlarından herhangi biriyle eşleşen olayları filtreler. "malware"
tags Opsiyonel array of strings or null Belirtilen etiket adlarından herhangi biriyle eşleşen olayları filtreler. ["malware", "phishing"] veya null
distribution Opsiyonel string Olayın yayımlanmasının ve sonunda çekilmesinin kimler tarafından görülebileceğini belirtir. "1"
sharinggroup Opsiyonel string or null Paylaşım grubu kimliği. "123456" veya null
analysis Opsiyonel string Analiz olgunluk seviyesini temsil eder. "2"
threatlevel Opsiyonel string Tehdit seviyesini temsil eder. "1"
email Opsiyonel string or null Olay oluşturan kullanıcı e-postasıyla eşleşen olayları filtreler. "user@example.com" veya null
hasproposal Opsiyonel string or null Değişiklik önerileri içeren özniteliklere sahip olayları kontrol eder. Olası değerler: 0, 1. "1" veya null
timestamp Opsiyonel string or null Olay zaman damgası belirtilen tarihten büyük veya eşit olmalıdır. "1648860516" veya null
publish_timestamp Opsiyonel string or null Olayın yayımlanma zaman damgası belirtilen tarihten büyük veya eşit olmalıdır. "1648860516" veya null
searchDatefrom Opsiyonel string or null Tarihe göre filtreler, belirtilen tarihten daha yeni her şey alınır. YYYY-MM-DD biçiminde. "2024-01-01" veya null
searchDateuntil Opsiyonel string or null Tarihe göre filtreler, belirtilen tarihten daha eski her şey alınır. YYYY-MM-DD biçiminde. "2024-03-31" veya null

Get event by ID:

Path Parametreleri: 

Parametre Gerekli Veri Türü Açıklama Örnek
eventId Gerekli string Olayın benzersiz kimliği, ya bir dize ya da UUID olarak ifade edilebilir. "123456" veya "550e8400-e29b-41d4-a716-446655440000"

Publish an event:

Path Parametreleri: 

Parametre Gerekli Veri Türü Açıklama Örnek
eventId Gerekli string Olayın benzersiz kimliği, ya bir dize ya da UUID olarak ifade edilebilir. "123456" veya "550e8400-e29b-41d4-a716-446655440000"

Unpublish an event:

Path Parametreleri: 

Parametre Gerekli Veri Türü Açıklama Örnek
eventId Gerekli string Olayın benzersiz kimliği, ya bir dize ya da UUID olarak ifade edilebilir. "123456" veya "550e8400-e29b-41d4-a716-446655440000"

Add event tag:

Path Parametreleri: 

Parametre Gerekli Veri Türü Açıklama Örnek
eventId Gerekli string Olayın benzersiz kimliği, ya bir dize ya da UUID olarak ifade edilebilir. "123456" veya "550e8400-e29b-41d4-a716-446655440000"
tagId Gerekli string Sayısal bir kimliği temsil eden etiket kimliği. "12345"
local Opsiyonel integer Hedefe yerel olarak eklenip eklenmeyeceğini belirler. 0 veya 1 (Varsayılan değer: 0)

Remove event tag:

Path Parametreleri:

Parametre Gerekli Veri Türü Açıklama Örnek
eventId Gerekli string Olayın benzersiz kimliği, ya bir dize ya da UUID olarak ifade edilebilir. "123456" veya "550e8400-e29b-41d4-a716-446655440000"
tagId Gerekli string Etiketin sayısal bir kimliğini temsil eder. "12345"

API Endpoint ve Parametreleri

Galaxy Parametreleri

Get galaxy by ID:

Path Parametreleri:

Parametre Gerekli Veri Türü Açıklama Örnek
galaxyId Gerekli string Galaksinin benzersiz kimliği, ya bir dize ya da UUID olarak ifade edilebilir. "7890" veya "550e8400-e29b-41d4-a716-446655440000"

Delete a galaxy:

Path Parametreleri:

Parametre Gerekli Veri Türü Açıklama Örnek
galaxyId Gerekli string Galaksinin benzersiz kimliği, ya bir dize ya da UUID olarak ifade edilebilir. "7890" veya "550e8400-e29b-41d4-a716-446655440000"

Import a galaxy cluster:

Request Body Şeması:

GalaxyCluster:

Parametre Gerekli Veri Türü Açıklama Örnek
uuid   string <uuid> (UUID) <= 36 chars Galaxy kümesi kimliği "550e8400-e29b-41d4-a716-446655440000"
collection_uuid   string <uuid> (UUID) <= 36 chars Toplama kimliği "550e8400-e29b-41d4-a716-446655440000"
type   string (GalaxyClusterType) <= 255 chars Galaxy kümesi türü "Cluster Type"
value   string (GalaxyClusterValue) <= 65535 chars Galaxy kümesi değeri "Cluster Value"
tag_name   string (TagName) <= 255 chars Etiket adı "Tag Name"
description   string (GalaxyClusterDescription) <= 65535 chars Galaxy kümesi açıklaması "Cluster Description"
galaxy_id   string (GalaxyId) <= 10 chars Galaxy kimliği "123456"
source   string (GalaxyClusterSource) <= 255 chars Kaynak bilgisi "Cluster Source"
authors   Array of strings Yazarlar ["Author 1", "Author 2"]
version   string or null Sürüm bilgisi "1.0.0"
distribution   string (DistributionLevelId) Dağıtım düzeyi "2"
sharing_group_id   string or null Paylaşım grubu kimliği "123456"
org_id   string (OrganisationId) <= 10 chars Organizasyon kimliği "123456"
orgc_id   string (OrganisationId) <= 10 chars Organizasyon kategori kimliği "123456"
default   boolean Varsayılan mı? true
locked   boolean Kilitli mi? false
extends_uuid   string or null Genişletilmiş sürüm kimliği "550e8400-e29b-41d4-a716-446655440000"
extends_version   string or null Genişletilmiş sürüm bilgisi "1.0.0"
published   boolean Yayınlandı mı? true
deleted   boolean Silindi mi? false
GalaxyElement   Array of objects Galaxy öğeleri

Galaxy:

Parametre Gerekli Veri Türü Açıklama Örnek
uuid   string <uuid> (UUID) <= 36 Galaxy kimliği "550e8400-e29b-41d4-a716-446655440000"

Export galaxy clusters:

Path Parametreleri:

Parametre Gerekli Veri Türü Açıklama Örnek
galaxyId Evet string or UUID Galaksinin benzersiz kimliği "12345" veya "550e8400-e29b-41d4-a716-446655440000"

Request Body Şeması:

Galaxy:

Parametre Gerekli Veri Türü Açıklama Örnek
default Opsiyonel boolean true, default=true olan galaxy kümelerini filtrelemek için kullanılır. true
custom Opsiyonel boolean true, default=false olan galaxy kümelerini filtrelemek için kullanılır. false
distribution Opsiyonel string Dağıtım seviyesini belirler. "0"
format Opsiyonel string Sonucun formatını belirler. "misp-galaxy" formatında sonuç almak için kullanılır. "default" veya "misp-galaxy"
download Opsiyonel boolean true, yanıtı bir json dosyası olarak indirmek için kullanılır. true veya false

Attach the galaxy cluster tag a given entity:

Path Parametreleri:

Parametre Gerekli Veri Türü Açıklama Örnek
attachTargetId Gerekli string Hedef varlığın (Olay, Öznitelik veya Etiket Koleksiyonu) benzersiz kimliği. "123456" veya "550e8400-e29b-41d4-a716-446655440000"
attachTargetType Gerekli string Eklemek istediğiniz varlık türü. "event", "attribute" veya "tag_collection"
local Opsiyonel integer Hedefe yerel olarak eklenip eklenmeyeceğini belirler. 0 veya 1

Request Body Şeması:

Galaxy:

Parametre Gerekli Veri Türü Açıklama Örnek
target_id Gerekli integer Eklemek istediğiniz hedef galaksi kümesi. 12345

 

API Endpoint ve Parametreleri

Galaxy Cluster Parametreleri

Add galaxy cluster:

Path Parametreleri:

Parametre Gerekli Veri Türü Açıklama Örnek
galaxyId Gerekli string Galaksinin benzersiz kimliği, ya bir dize ya da UUID olarak ifade edilebilir. "123456" veya "550e8400-e29b-41d4-a716-446655440000"

Request Body Şeması:

Parametre Gerekli Veri Türü Açıklama Örnek
id Evet string (GalaxyClusterId) Galaksi Kümesinin benzersiz kimliği. Maksimum 10 karakterdir ve yalnızca rakamlardan oluşabilir. "12345"
uuid   string <uuid> (UUID) Galaksi Kümesinin evrensel benzersiz kimliği. Maksimum 36 karakterdir. "550e8400-e29b-41d4-a716-446655440000"
collection_uuid   string <uuid> (UUID) Küme koleksiyonunun evrensel benzersiz kimliği. Maksimum 36 karakterdir. "550e8400-e29b-41d4-a716-446655440001"
type   string Galaksi Kümesinin türü. Maksimum 255 karakterdir. "type"
value   string Galaksi Kümesinin değeri. Maksimum 65535 karakterdir. "value"
tag_name   string (TagName) Etiketin adı. Maksimum 255 karakterdir. "tag"
description   string Galaksi Kümesinin açıklaması. Maksimum 65535 karakterdir. "description"
galaxy_id Evet string (GalaxyId) Galaksinin benzersiz kimliği. Maksimum 10 karakterdir ve yalnızca rakamlardan oluşabilir. "123456"
source   string Galaksi Kümesinin kaynağı. Maksimum 255 karakterdir. "source"
authors   Array of strings Galaksi Kümesinin yazarları. ["author1", "author2"]
version   string or null Galaksi Kümesinin sürümü. Maksimum 255 karakterdir. "1.0"
distribution   string (DistributionLevelId) Olayın yayılma düzeyi. 0-5 arasında bir değer alabilir. "0"
sharing_group_id   string or null (SharingGroupId) Paylaşım grubunun benzersiz kimliği. Maksimum 10 karakterdir ve yalnızca rakamlardan oluşabilir. "123"
org_id   string (OrganisationId) Organizasyonun benzersiz kimliği. Maksimum 10 karakterdir ve yalnızca rakamlardan oluşabilir. "456"
orgc_id   string (OrganisationId) Organizasyonun benzersiz kimliği. Maksimum 10 karakterdir ve yalnızca rakamlardan oluşabilir. "789"
default   boolean Varsayılan olup olmadığını belirtir. true
locked   boolean Kilidin açık olup olmadığını belirtir. false
extends_uuid   string or null Genişletilen kümenin evrensel benzersiz kimliği. Maksimum 36 karakterdir. "550e8400-e29b-41d4-a716-446655440002"
extends_version   string or null Genişletilen kümenin sürümü. Maksimum 255 karakterdir. "1.1"
published   boolean Yayınlanıp yayınlanmadığını belirtir. true
deleted   boolean Silinip silinmediğini belirtir. false
GalaxyElement   Array of objects Galaksi öğeleri. -

Edit galaxy cluster:

Path Parametreleri:

Parametre Gerekli Veri Türü Açıklama Örnek
galaxyClusterId Evet string (GalaxyClusterId) Galaksi Kümesinin benzersiz kimliği. "12345"

Request Body Şeması:

Parametre Gerekli Veri Türü Açıklama Örnek
id Evet string (GalaxyClusterId) Galaksi Kümesinin benzersiz kimliği. "123"
uuid   string <uuid> (UUID) <= 36 chars Galaxy Kümesi için UUID. "550e8400-e29b-41d4-a716-446655440000"
collection_uuid   string <uuid> (UUID) <= 36 chars Küme UUID'si. "550e8400-e29b-41d4-a716-446655440000"
type   string (GalaxyClusterType) Galaxy Kümesi türü. "type"
value   string (GalaxyClusterValue) Galaxy Kümesinin değeri. "value"
tag_name   string (TagName) Etiket adı. "tag"
description   string (GalaxyClusterDescription) Galaxy Kümesinin açıklaması. "description"
galaxy_id   string (GalaxyId) <= 10 chars Galaxy kimliği. "123"
source   string (GalaxyClusterSource) Kaynak bilgisi. "source"
authors   Array of strings Yazarlar. ["author1", "author2"]
version   string or null Versiyon numarası. "1.0"
distribution   string (DistributionLevelId) Dağıtım seviyesi. "0"
sharing_group_id   string or null Paylaşım grubu kimliği. "123"
org_id   string (OrganisationId) <= 10 chars Organizasyon kimliği. "123"
orgc_id   string (OrganisationId) <= 10 chars Organizasyonun bağlı olduğu kimlik. "123"
default   boolean Varsayılan mı? true
locked   boolean Kilitli mi? true
extends_uuid   string or null Uzatma UUID'si. "550e8400-e29b-41d4-a716-446655440000"
extends_version   string or null Uzatma sürümü. "1.0"
published   boolean Yayınlandı mı? true
deleted   boolean Silinmiş mi? false
GalaxyElement   Array of objects Galaxy Elemanları. [{...}]

Get galaxy clusters:

Path Parametreleri:

Parametre Gerekli Veri Türü Açıklama Örnek
galaxyId Evet GalaxyId (string) veya UUID (string) Galaksi kimliği veya UUID'si "123" veya "550e8400-e29b-41d4-a716-446655440000"

Search galaxy clusters:

Path Parametreleri:

Parametre Gerekli Veri Türü Açıklama Örnek
galaxyId Evet string Galaksi kimliği veya UUID'si "123" veya "550e8400-e29b-41d4-a716-446655440000"

Request Body Şeması:

Parametre Gerekli Veri Türü Açıklama Örnek
context Hayır string Enum: "all" "default" "org" "deleted" "all"
searchall Hayır string Galaksi kümelerini herhangi bir değer, açıklama, uuid veya galaksi öğeleri değerleriyle eşleştirerek arayın. "example"

Get galaxy cluster by ID:

Path Parametreleri:

Parametre Gerekli Veri Türü Açıklama Örnek
galaxyClusterId Evet string Galaxy kümesinin benzersiz kimliği, bir dize veya UUID olarak ifade edilebilir. "123456" veya "550e8400-e29b-41d4-a716-446655440000"

Publish galaxy cluster:

Path Parametreleri:

Parametre Gerekli Veri Türü Açıklama Örnek
galaxyClusterId Evet string Galaxy kümesinin benzersiz kimliği, bir dize veya UUID olarak ifade edilebilir. "123456" veya "550e8400-e29b-41d4-a716-446655440000"

Unpublish galaxy cluster:

Path Parametreleri:

Parametre Gerekli Veri Türü Açıklama Örnek
galaxyClusterId Evet string Galaxy kümesinin benzersiz kimliği, bir dize veya UUID olarak ifade edilebilir. "123456" veya "550e8400-e29b-41d4-a716-446655440000"

Delete galaxy cluster:

Path Parametreleri:

Parametre Gerekli Veri Türü Açıklama Örnek
galaxyClusterId Evet string Galaxy kümesinin benzersiz kimliği, bir dize veya UUID olarak ifade edilebilir. "123456" veya "550e8400-e29b-41d4-a716-446655440000"

Restore galaxy cluster:

Path Parametreleri:

Parametre Gerekli Veri Türü Açıklama Örnek
galaxyClusterId Evet string Galaxy kümesinin benzersiz kimliği, bir dize veya UUID olarak ifade edilebilir. "123456" veya "550e8400-e29b-41d4-a716-446655440000"

 

API Endpoint ve Parametreleri

User Parametreleri

Reset user password:

Path Parametreleri: 

Parametre Gerekli Veri Türü Açıklama Örnek
userId Evet string Kullanıcının benzersiz kimliği, bir dize olarak ifade edilir. "12345"
firstTimeReset Evet string İlk kez sıfırlama, yalnızca yeni kullanıcı kayıtları için 1 olarak ayarlanır. "0" veya "1"

Add user:

Request Body Şeması:

Parametre Gerekli Veri Türü Açıklama Örnek
org_id Hayır string Kuruluşun benzersiz kimliği, bir dize olarak ifade edilir. "12345"
server_id Hayır string Sunucunun benzersiz kimliği, bir dize olarak ifade edilir. "67890"
email Hayır string Kullanıcının e-posta adresi. "example@example.com"
autoalert Hayır boolean Otomatik bildirim ayarlarını belirtir. true veya false
authkey Hayır string veya null API'ye erişim için kullanılan API kimlik anahtarı. "abcdef1234567890" veya null
invited_by Hayır string Davet eden kullanıcının benzersiz kimliği. "23456"
gpgkey Hayır string veya null Kullanıcının GPG anahtarı. "-----BEGIN PGP PUBLIC KEY BLOCK----- ..." veya null
certif_public Hayır string veya null Kullanıcının genel sertifikası. "-----BEGIN CERTIFICATE----- ..." veya null
nids_sid Hayır string Ağ tabanlı bir sistemde, kullanıcının benzersiz kimliği. "34567"
termsaccepted Hayır boolean Kullanıcının kullanıcı sözleşmesini kabul edip etmediğini belirtir. true veya false
newsread Hayır string Haberlerin son okunma tarihi. "1617598655"
role_id Hayır string Kullanıcının rolünün benzersiz kimliği. "45678"
change_pw Hayır string Parola değiştirme gereksinimini belirtir. "0" veya "1"
contactalert Hayır boolean İletişim bildirimi ayarlarını belirtir. true veya false
disabled Hayır boolean Kullanıcının devre dışı bırakılıp bırakılmadığını belirtir. true veya false
expiration Hayır string veya null Kullanıcının hesap süresinin son kullanma tarihi. "2024-12-31T23:59:59Z" veya null
current_login Hayır string Kullanıcının son oturum açma tarihi. "1617598655"
last_login Hayır string Kullanıcının önceki oturum açma tarihi. "1617598655"
force_logout Hayır boolean Kullanıcının oturumunun kapatılmasını zorlar. true veya false
date_created Hayır string Kullanıcının hesabının oluşturulma tarihi. "1617598655"
date_modified Hayır string Kullanıcının hesabının son değiştirme tarihi. "1617598655"

Edit user:

Path Parametleri: 

Parametre Gerekli Veri Türü Açıklama Örnek
userId Evet string Kullanıcının benzersiz kimliği. "12345"

Request Body Şeması:

Parametre Gerekli Veri Türü Açıklama Örnek
id Evet string Kullanıcının benzersiz kimliği. "12345"
org_id Evet string Kullanıcının bağlı olduğu kuruluşun benzersiz kimliği. "67890"
server_id Evet string Kullanıcının bağlı olduğu sunucunun benzersiz kimliği. "98765"
email Evet string Kullanıcının e-posta adresi. "example@example.com"
autoalert   boolean Otomatik bildirim ayarı. true
authkey   string API'ye erişim için kullanılan yetkilendirme anahtarı. MISP ayarı Security.advanced_authkeys false olarak ayarlanmışsa yalnızca ayarlanır. "abcd1234"
invited_by   string Davet eden kullanıcının benzersiz kimliği. "54321"
gpgkey   string GPG anahtar. "gpg123"
certif_public   string Genel sertifika. "public_cert123"
nids_sid   string NIDS SID (Network Intrusion Detection System Security ID). "nids456"
termsaccepted   boolean Kullanıcı tarafından koşulların kabul edilip edilmediği. true
newsread   string Haberlerin okunma tarihi. "1635610000"
role_id   string Kullanıcının rolünün benzersiz kimliği. "78901"
change_pw   string Şifre değişikliği gerekip gerekmediği. "1"
contactalert   boolean İletişim uyarısı ayarı. false
disabled   boolean Kullanıcının devre dışı bırakılıp bırakılmadığı. false
expiration   string Kullanıcının hesabının son kullanma tarihi. "2024-12-31T23:59:59Z"
current_login   string Kullanıcının son oturum açma tarihi. "1635610000"
last_login   string Kullanıcının son giriş tarihi. "1635610000"
force_logout   boolean Oturum kapatma zorlama ayarı. true
date_created   string Kullanıcının oluşturulma tarihi. "1635610000"
date_modified   string Kullanıcının son düzenlenme tarihi. "1635610000"

Delete user:

Path Parametreleri: 

Parametre Gerekli Veri Türü Açıklama Örnek
userId Evet string Kullanıcının benzersiz kimliği. "12345"

Get user by ID:

Path Parametreleri: 

Parametre Gerekli Veri Türü Açıklama Örnek
userId Evet string Kullanıcının benzersiz kimliği. "12345"

Delete user TOTP:

Path Parametreleri:

Parametre Gerekli Veri Türü Açıklama Örnek
userId Evet string Kullanıcının benzersiz sayısal kimliği (ID). "12345"

 

 

 

API Endpoint ve Parametreleri

Organizasyon Parametreleri

Add organisation:

Request Body Şeması:

Parametre Gerekli Veri Türü Açıklama Örnek
name - string Kuruluşun adı "XYZ Company"
date_created - string Oluşturulma tarihi "2024-04-12"
date_modified - string Değiştirilme tarihi "2024-04-12"
description - string Kuruluşun açıklaması "A software company specialized in AI"
type - string Kuruluşun türü "Private"
nationality - string Kuruluşun ulusal kimliği "US"
sector - string Kuruluşun sektörü "Technology"
created_by - string Oluşturan kullanıcının sayısal kimliği (ID) "12345"
uuid - string Kuruluşun benzersiz tanımlayıcısı (UUID) "550e8400-e29b-41d4-a716-446655440000"
contacts - string İletişim bilgileri "contact@xyz.com"
local - boolean Yerel mi? true
restricted_to_domain - Dizi Alan adına sınırlı mı? ["xyz.com"]
landingpage - string Kuruluşun web sayfası "www.xyz.com"
user_count - string Kullanıcı sayısı "100"
created_by_email - string Oluşturan kullanıcının e-posta adresi "user@xyz.com"

Edit organisation:

Path Parametreleri:

Parametre Gerekli Veri Türü Açıklama Örnek
organisationId - string Kuruluşun benzersiz kimliği (OrganisationId) veya tanımlayıcısı (UUID) "12345" veya "550e8400-e29b-41d4-a716-446655440000"

Request Body Şeması:

Parametre Gerekli Veri Türü Açıklama Örnek
name - string (OrganisationName) <= 255 karakter Kuruluşun adı "ABC Company"
type - string or null (OrganisationType) <= 255 karakter Kuruluşun türü "Public"
nationality - string or null Kuruluşun ülkesi "USA"
sector - string or null Kuruluşun sektörü "Technology"
contacts - string or null Kuruluşun iletişim bilgileri "contact@abccompany.com"
description - string or null Kuruluşun açıklaması "Global technology company"
local - boolean or null Kuruluşun yerel olup olmadığı true
uuid - string or null <uuid> Kuruluşun benzersiz kimliği (UUID) "550e8400-e29b-41d4-a716-446655440000"
restricted_to_domain - Array of strings or null <hostname> Kuruluşun alan adına kısıtlı olduğu durumlar ["example.com", "subdomain.example.com"]

Delete organisation:

Path Parameters:

Parametre Gerekli Veri Türü Açıklama Örnek
organisationId Evet string (OrganisationId) veya UUID (string) Kuruluşun benzersiz kimliği (UUID) veya sayısal ID "123456" veya "550e8400-e29b-41d4-a716-446655440000"

Get organisation by ID:

Path Parametreleri:

Parametre Gerekli Veri Türü Açıklama Örnek
organisationId Evet string (OrganisationId) veya UUID (string) Kuruluşun benzersiz kimliği (UUID) veya sayısal ID "123456" veya "550e8400-e29b-41d4-a716-446655440000"

 

API Endpoint ve Parametreleri

Server Parametreleri

Add server:

Request Body Şeması:

Parametre Gerekli Veri Türü Açıklama Örnek
name Hayır string (ServerName) Sunucunun adı "MISP Server"
url Hayır string Sunucunun URL'si "https://misp.example.com"
authkey Hayır string (AuthKeyRaw) = 40 characters Kimlik doğrulama anahtarı "4d1f1fb8ed6d746150ca34f98258d12a7f3a24a3"
org_id Hayır string (OrganisationId) <= 10 characters ^\d+$ Kuruluşun benzersiz kimliği "123456"
push Hayır boolean Sunucunun olayları itme yeteneği var mı? true
pull Hayır boolean Sunucunun olayları çekme yeteneği var mı? true
push_sightings Hayır boolean Sunucunun görüşleri itme yeteneği var mı? true
push_galaxy_clusters Hayır boolean Sunucunun galaksi kümelerini itme yeteneği var mı? true
pull_galaxy_clusters Hayır boolean Sunucunun galaksi kümelerini çekme yeteneği var mı? true
lastpulledid Hayır string or null <= 10 characters ^\d+$ Son çekilen olayın ID'si "987654"
lastpushedid Hayır string or null <= 10 characters ^\d+$ Son itilen olayın ID'si "654321"
organization Hayır string or null Sunucunun bağlı olduğu organizasyonun adı "Example Organization"
remote_org_id Hayır string (OrganisationId) <= 10 characters ^\d+$ Uzak organizasyonun benzersiz kimliği "789012"
publish_without_email Hayır boolean E-posta olmadan yayınlama izni true
unpublish_event Hayır boolean Etkinliği yayından kaldırma yeteneği true
self_signed Hayır boolean Kendi imzalı sertifikaları kabul eder mi? true
pull_rules Hayır string Bu sunucudan etkinlik çekmek için kural seti "{ 'rule': 'value' }"
push_rules Hayır string Bu sunuca olayları itmek için kural seti "{ 'rule': 'value' }"
cert_file Hayır string or null <byte> Base64 kodlanmış sertifika "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArQQW"
client_cert_file Hayır string or null <byte> Base64 kodlanmış istemci sertifikası "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArQQW"
internal Hayır boolean Dahili sunucu mu? true
skip_proxy Hayır boolean Proxy'yi atlamak için izin var mı? true
caching_enabled Hayır boolean Önbelleğe alma etkin mi? true
priority Hayır string or null <= 10 characters ^\d+$ Öncelik sırası "1"
cache_timestamp Hayır boolean Önbellek zaman damgası true

Edit server:

Path Parametreleri: 

Parametre Gerekli Veri Türü Açıklama Örnek
serverId Evet string Sunucunun benzersiz kimliği "123456"

Request Body Şeması: 

Parametre Gerekli Veri Türü Açıklama Örnek
id Evet string Sunucunun benzersiz kimliği "123456"
name - string Sunucunun adı "MISP Server 1"
url - string Sunucunun URL'si "https://example.com/misp"
authkey - string API kimlik anahtarı "a1b2c3d4e5f6..."
org_id - string Kuruluşun benzersiz kimliği "987654"
push - boolean Sunucuya olay gönderme yeteneği true
pull - boolean Sunucudan olay alma yeteneği true
push_sightings - boolean Görüntülemeleri sunucuya gönderme yeteneği false
push_galaxy_clusters - boolean Galaksi kümelerini sunucuya gönderme yeteneği true
pull_galaxy_clusters - boolean Galaksi kümelerini sunucudan alma yeteneği false
lastpulledid - string Son alınan olayın benzersiz kimliği "654321"
lastpushedid - string Son gönderilen olayın benzersiz kimliği "789012"
organization - string Sunucunun bağlı olduğu kuruluşun adı "Example Org"
remote_org_id - string Uzak sunucunun bağlı olduğu kuruluşun kimliği "456789"
publish_without_email - boolean E-posta olmadan yayınlama yeteneği false
unpublish_event - boolean Olayları yayından kaldırma yeteneği false
self_signed - boolean Kendi kendine imzalama yeteneği true
pull_rules - string Sunucudan olay çekme kuralları {...}
push_rules - string Sunucuya olay gönderme kuralları {...}
cert_file - string Sertifika dosyası (Base64 kodlu) "..."
client_cert_file - string İstemci sertifika dosyası (Base64 kodlu) "..."
internal - boolean Dahili sunucu işareti false
skip_proxy - boolean Proxy'yi atlayma yeteneği true
caching_enabled - boolean Önbelleğe alma yeteneği true
priority - string Öncelik düzeyi "1"
cache_timestamp - boolean Önbellek zaman damgası true

Delete server:

Path Parametreleri:

Parametre Gerekli Veri Türü Açıklama Örnek
serverId Evet string Sunucunun benzersiz kimliği "123456"

Pull server:

Path Parametreleri: 

Parametre Gerekli Veri Türü Açıklama Örnek
serverId Evet string Sunucunun benzersiz kimliği "123456"
pullTechnique Evet string Olayların bu sunucudan çekilmesi için kullanılacak çekme tekniği "full" veya "incremental" veya "pull_relevant_clusters"

Push server:

Path Parametreleri: 

Parametre Gerekli Veri Türü Açıklama Örnek
serverId Evet string Sunucunun benzersiz kimliği "123456"
pushTechnique Evet string Bu sunucuya olayları itmek için kullanılacak itme tekniği "full" veya "incremental"

Start worker:

Path Parametreleri: 

Parametre Gerekli Veri Türü Açıklama Örnek
workerType Evet string İşçi türü "default", "email", "scheduler", "cache", "prio", "update"

Stop worker:

Path Parametreleri:

Parametre Gerekli Veri Türü Açıklama Örnek
workerPid Evet string İşçi PID'si "12345"

Get server setting by name:

Path Parameterleri: 

Parametre Gerekli Veri Türü Açıklama Örnek
settingName Evet string Ayarın adı "MISP.background_jobs"

Edit server setting:

Path Parametreleri: 

Parametre Gerekli Veri Türü Açıklama Örnek
settingName Evet string Ayarın adı "MISP.background_jobs"

Request Body Şeması: 

Parametre Gerekli Veri Türü Açıklama Örnek
value Evet string string, boolean, number veya object türlerinden biri. "string"

Import server:

Path Paremetreleri: 

Parametre Gerekli Veri Türü Açıklama Örnek
name Evet string Sunucu adı "example-server"
url Evet string Sunucunun URLsi "https://example.com"
uuid Evet string Sunucunun benzersiz kimliği (UUID) "550e8400-e29b-41d4-a716-446655440000"
authkey Evet string Kimlik doğrulama anahtarı "a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t"

Organisation:

Parametre Gerekli Veri Türü Açıklama Örnek
name Evet string Kuruluşun adı "example-org"

 

 

 

 


API Endpoint ve Parametreleri

Sharing Group Parametreleri

Add a sharing group:

Request Body Şeması:

Parametre Gerekli Veri Türü Açıklama Örnek
uuid Evet string Paylaşım grubunun benzersiz kimliği "550e8400-e29b-41d4-a716-446655440000"
name Evet string Paylaşım grubunun adı "example-group"
description Evet string Paylaşım grubunun açıklaması "This is an example sharing group."
releasability Evet string Paylaşım grubunun serbest bırakılabilirliği "All"
local Evet boolean Paylaşım grubunun yerel olup olmadığı true
active Evet boolean Paylaşım grubunun etkin olup olmadığı true
org_count Evet string Paylaşım grubundaki kuruluş sayısı "5"
organisation_uuid Evet string Paylaşım grubunun kuruluşunun benzersiz kimliği "550e8400-e29b-41d4-a716-446655440001"
org_id Evet string Kuruluşun ID'si "12345"
sync_user_id Evet string Senkronize kullanıcı ID'si "67890"
created Evet string Oluşturulma tarihi "2024-04-12T12:00:00Z"
modified Evet string Değiştirilme tarihi "2024-04-12T12:00:00Z"
roaming Evet boolean Paylaşım grubunun dolaşım modunda olup olmadığı false

Edit a sharing group:

Path Parametreleri:

Parametre Gerekli Veri Türü Açıklama Örnek
sharingGroupId Evet string (or null) veya UUID Paylaşım grubunun benzersiz kimliği veya boş olması "550e8400-e29b-41d4-a716-446655440000" veya null

Request body Şeması: 

Parametre Gerekli Veri Türü Açıklama Örnek
id Opsiyonel string (SharingGroupId) veya null Paylaşım grubunun benzersiz kimliği veya boş olması "123456" veya null
uuid Gerekli string <uuid> (UUID) <= 36 characters Paylaşım grubunun benzersiz UUID'si "550e8400-e29b-41d4-a716-446655440000"
name Gerekli string (SharingGroupName) <= 255 characters Paylaşım grubunun adı "Paylaşım Grubu 1"
description Gerekli string (SharingGroupDescription) <= 65535 characters Paylaşım grubunun açıklaması "Bu bir paylaşım grubu açıklamasıdır."
releasability Gerekli string (SharingGroupReleasability) <= 65535 characters Paylaşım grubunun yayınlanabilirlik durumu "Sınırlı" veya "Genel"
local Gerekli boolean Yerel mi yoksa uzak mı olduğu true veya false
active Gerekli boolean Paylaşım grubunun etkin olup olmadığı true veya false
org_count Gerekli string^\d+$ Paylaşım grubundaki kuruluş sayısı "3" veya "10"
organisation_uuid Gerekli string <uuid> (UUID) <= 36 characters Paylaşım grubunun ait olduğu kuruluşun UUID'si "550e8400-e29b-41d4-a716-446655440001"
org_id Gerekli string (OrganisationId) <= 10 characters ^\d+$ Paylaşım grubunun ait olduğu kuruluşun ID'si "123456"
sync_user_id Gerekli string (UserId) <= 10 characters ^\d+$ Paylaşım grubunun senkronizasyon kullanıcısının ID'si "789012"
created Gerekli string <datetime> Paylaşım grubunun oluşturulma tarihi "2024-04-17 15:30:00"
modified Gerekli string <datetime> Paylaşım grubunun son değiştirilme tarihi "2024-04-17 15:30:00"
roaming Gerekli boolean Paylaşım grubunun gezinti modunda olup olmadığı true veya false

Delete a sharing group:

Path Parametreleri: 

Parametre Gerekli Veri Türü Açıklama Örnek
sharingGroupId Opsiyonel (SharingGroupId (string or null)) or UUID (string) Paylaşım grubunun benzersiz kimliği veya boş olması "123456" veya null

Get a sharing group by ID:

Path Parametreleri:

Parametre Gerekli Veri Türü Açıklama Örnek
sharingGroupId Gerekli (SharingGroupId (string or null)) or UUID (string) Paylaşım grubunun benzersiz kimliği veya boş olması "123456" veya null

Add an organisation to a sharing group:

Path Parametreleri: 

Parametre Gerekli Veri Türü Açıklama Örnek
sharingGroupId Gerekli (SharingGroupId (string or null)) or UUID (string) Paylaşım grubunun benzersiz kimliği veya boş olması "123456"
organisationId Gerekli OrganisationId (string) or UUID (string) Organizasyonun benzersiz kimliği "789012"

Remove an organisation from a sharing group:

Path Parametreleri:

Parametre Gerekli Veri Türü Açıklama Örnek
sharingGroupId Gerekli (SharingGroupId (string veya null)) veya UUID (string) Paylaşım grubunun benzersiz kimliği veya boş olması "123456"
organisationId Gerekli OrganisationId (string) veya UUID (string) Organizasyonun benzersiz kimliği "789012"

Add a server to a sharing group:

Path Parametreleri: 

Parametre Gerekli Veri Türü Açıklama Örnek
sharingGroupId Gerekli (SharingGroupId (string veya null)) veya UUID (string) Paylaşım grubunun benzersiz kimliği veya boş olması "123456"
serverId Gerekli ServerId (string) veya UUID (string) Sunucunun benzersiz kimliği "789012"

Remove a server from a sharing group:

Path Parametreleri: 

Parametre Gerekli Veri Türü Açıklama Örnek
sharingGroupServerId Gerekli string veya null Paylaşım grubu sunucusunun benzersiz kimliği veya boş olması "123456"
serverId Gerekli ServerId (string veya UUID) Sunucunun benzersiz kimliği "789012"

 

API Endpoint ve Parametreleri

Feed Parametreleri

Get a feed by ID:

Path Parametreleri: 

Parametre Gerekli Veri Türü Açıklama Örnek
feedId Gerekli FeedId (string veya UUID) Kaynağın benzersiz kimliği "456789"

Add a feed:

Request Body Şeması:

Parametre Gerekli Veri Türü Açıklama Örnek
name - string (FeedName) <= 255 Beslenmenin adı "Example Feed"
provider - string (FeedProvider) Beslemenin sağlayıcısı "Example Provider"
url - string (FeedUrl) Beslemenin URL'si "https://example.com/feed"
rules - string or null (FeedRules) Dizeye dönüştürülmüş JSON filtre kuralları { "filter": "value" }
enabled - boolean (FeedEnabledFlag) Beslemenin etkin olup olmadığı true
distribution - string (DistributionLevelId) Yayınlandığında ve sonradan çekildiğinde bu etkinlikleri kimin görebileceği: "0"
sharing_group_id - string or null (SharingGroupId) Paylaşım grubunun UUID'si veya sayısal ID'si "123456"
tag_id - string (TagId) <= 10 Atfedilecek etiketin ID'si "789"
source_format - string (FeedSourceFormat) Besleme kaynağının biçimi "csv"
fixed_event - boolean (FeedFixedEvent) Hedef etkinlik seçeneği düşünülebilir true
delta_merge - boolean (FeedDeltaMergeFlag) Öznitelikleri birleştir (yalnızca yeni öznitelik ekle, iptal edilen öznitelikleri kaldır) true
event_id - string (EventId) <= 10 Yayınlanan etkinliklerin ID'si "987654"
publish - boolean (PublishedFlag) Varsayılan: false true
override_ids - boolean (FeedOverrideIDSFlag) IDS bayrakları bu besleme için Kapatılacaktır true
input_source - string (FeedInputSource) Kaynağın (url alanı) bir dizin (yerel) veya gerçek bir URL (ağ) olup olmadığını belirtin. "network"
delete_local_file - boolean (FeedDeleteLocalFileFlag) IDS bayrakları bu besleme için Kapatılacaktır true
lookup_visible - boolean (FeedLookupVisibleFlag) Araştırma, beslemeye karşılık gelmeyecek true
headers - string or null (FeedHeaders) İsteklerle birlikte iletilmesi gereken başlıklar. Her biriyle ayrılmış. "Content-Type: application/json"
caching_enabled - boolean (FeedCachingEnabledFlag) Besleme önbelleğe alınır true
force_to_ids - boolean (FeedForceToIDSFlag) IDS bayrakları bu besleme için Açılacaktır true
orgc_id - string (OrganisationId) <= 10 Organizasyonun UUID'si veya sayısal ID'si "123456"

Edit a feed:

Path Parametreleri: 

Parametre Gerekli Veri Türü Açıklama Örnek
feedId zorunlu string Beslemenin UUID'si veya sayısal ID'si "123456"

Request Body Şeması: 

Parametre Gerekli Veri Türü Açıklama Örnek
id zorunlu string (FeedId) Besleme ID'si "123456"
name   string (FeedName) Besleme adı "Örnek Besleme"
provider   string (FeedProvider) Sağlayıcı "Sağlayıcı A"
url   string (FeedUrl) URL "http://example.com/feed"
rules   string veya null (FeedRules) Dizeleştirilmiş JSON filtre kuralları {"type": "malware"}
enabled   boolean (FeedEnabledFlag) Etkin mi? true
distribution   string (DistributionLevelId) Dağıtım Seviyesi Enum: "0" "1" "2" "3" "4" "5" Kimler etkinlikleri görebilecek, yayımlandığında ve sonunda çekildiğinde: 0 - Sadece kuruluşunuz 1 - Yalnızca bu topluluk 2 - Bağlı topluluklar 3 - Tüm topluluklar 4 - Paylaşım grubu 5 - Miras Olayı "0"
sharing_group_id   string veya null (SharingGroupId) Paylaşım Grubu ID'si "789012"
tag_id   string (TagId) Etiket ID'si "345678"
source_format   string (FeedSourceFormat) Kaynak Formatı Enum: "1" "csv" "freetext" "misp" "csv"
fixed_event   boolean (FeedFixedEvent) Sabit Olay true
delta_merge   boolean (FeedDeltaMergeFlag) Delta Birleştirme false
event_id   string (EventId) Olay ID'si "234567"
publish   boolean (PublishedFlag) Yayımla false
override_ids   boolean (FeedOverrideIDSFlag) IDS bayrakları bu besleme için kapatılacak true
input_source   string (FeedInputSource) Kaynak Türü Enum: "local" "network" "local"
delete_local_file   boolean (FeedDeleteLocalFileFlag) Yerel dosya silinsin mi? false
lookup_visible   boolean (FeedLookupVisibleFlag) Arama, besleme uyumu içinde görünür olacak mı? true
headers   string veya null (FeedHeaders) İsteklerle geçilecek başlıklar. Tümü virgülle ayrılmış "Content-Type: application/json, Authorization: Bearer token"
caching_enabled   boolean (FeedCachingEnabledFlag) Besleme önbelleğe alınıyor mu? true
force_to_ids   boolean (FeedForceToIDSFlag) IDS bayrakları bu besleme için açılacak true
orgc_id   string (OrganisationId) Kuruluş ID'si "456789"

Enable feed:

Path Parametreleri: 

Parametre Gerekli Veri Türü Açıklama Örnek
feedId zorunlu FeedId (string) Besleme ID'si "123456"

Disable feed:

Path Parametreleri: 

Parametre Gerekli Veri Türü Açıklama Örnek
feedId zorunlu FeedId (string) veya UUID (string) Besleme ID'si "123456"

Cache feeds:

Path Parametreleri: 

Parametre Gerekli Veri Türü Açıklama Örnek
cacheFeedsScope zorunlu string Önbellek besleme kapsamı "all"

Fetch from feed by ID:

Path Parametreleri: 

Parametre Gerekli Veri Türü Açıklama
feedId zorunlu string Besleme Kimliği (String veya UUID)

 

API Endpoint ve Parametreleri

Obje Parametreleri

[restSearch] Get a filtered and paginated list of objects:

Request Body Şeması:

Parametre Gerekli Veri Türü Açıklama Örnek
page null integer (int32) >= 1 1
limit null integer (int32) >= 0 10
quickFilter   string Olayları herhangi bir etiket adı, olay açıklamaları, öznitelik değerleri veya öznitelik yorumlarıyla eşleştirmek için arama yapar. "malware"
searchall   string Olayları herhangi bir etiket adı, olay açıklamaları, öznitelik değerleri veya öznitelik yorumlarıyla eşleştirmek için arama yapar. "ransomware"
timestamp   string (Timestamp) ^\d+$ "1617613315"
object_name   string <= 131071 karakter "malicious_file.exe"
object_template_uuid   string <uuid> <= 36 karakter "6f3c0d71-5b7a-46a9-a78b-29a146b5e3c7"
object_template_version   string ^\d+$ "1"
eventid   string <= 10 karakter ^\d+$ "12345"
eventinfo   string <= 65535 karakter "Malware infection"
ignore   boolean false true
from   string veya null (DateRestSearchFilter)    
to   string veya null (DateRestSearchFilter)    
date   string veya null (DateRestSearchFilter)    
tags   Array of strings veya null (TagsRestSearchFilter)  
last   integer veya string veya null (LastRestSearchFilter)  
event_timestamp   string (Timestamp) ^\d+$ "1617613315"
publish_timestamp   string (Timestamp) ^\d+$ "1617613315"
org   OrganisationId veya OrganisationName    
uuid   string <uuid> <= 36 karakter "6f3c0d71-5b7a-46a9-a78b-29a146b5e3c7"
value   string <= 131071 karakter "1.2.3.4"
type   string <= 100 karakter "ip-src"
category   string <= 255 karakter "Network activity"
object_relation   string veya null (ObjectRelationRestSearchFilter)  
attribute_timestamp   string (Timestamp) ^\d+$ "1617613315"
first_seen   string veya null (NullableMicroTimestamp) ^\d+$ veya null "1617613315"
last_seen   string veya null (NullableMicroTimestamp) ^\d+$ veya null "1617613315"
comment   string <= 65535 karakter "Malicious activity"
to_ids   boolean veya null (ToIDSRestSearchFlag)    
published   boolean false true
deleted   boolean false false
withAttachments   boolean false true
enforceWarninglist   boolean veya null (EnforceWarninglistRestSearchFilter)    
includeAllTags   boolean false true
includeEventUuid   boolean false true
include_event_uuid   boolean false true
includeEventTags   boolean false true
includeProposals   boolean false true
includeWarninglistHits   boolean veya null false true
includeContext   boolean veya null (IncludeContextRestSearchFlag)    
includeSightings   boolean veya null (IncludeContextRestSearchFlag)    
includeSightingdb   boolean veya null (IncludeSightingDbRestSearchFlag)    
includeCorrelations   boolean veya null (IncludeCorrelationsRestSearchFlag)    
includeDecayScore   boolean false true
includeFullModel   boolean false true
allow_proposal_blocking   boolean false true
metadata   boolean veya null (MetadataRestSearchFilter)    
attackGalaxy   string veya null (AttackGalaxyRestSearchFilter)    
excludeDecayed   boolean false true
decayingModel   string    
modelOverrides   object    
returnFormat   string "json" "json"

Add an object to an event:

Path Parametreleri:

Parametre Gerekli Veri Türü Açıklama Örnek
eventId required EventId (string) or UUID (string) Etkinliğin UUID'si veya sayısal kimliği. "12345"
objectTemplateId required ObjectTemplateId (string) or UUID (string) Nesne şablonunun UUID'si veya sayısal kimliği. "6f3c0d71-5b7a-46a9-a78b-29a146b5e3c7"

Request Body Şeması:

Attribute:

Parametre Gerekli Veri Türü Açıklama Örnek
category - string Öznitelik kategorisi. "Network activity"
value - string Öznitelik değeri. "192.168.1.1"
to_ids - boolean IDS'ye rapor edilsin mi? true
disable_correlation - boolean Korelasyonu devre dışı bırak. false
distribution - string Yayımlanan etkinliği kimler görebilir? "0"
comment - string Özniteliğe yapılan yorum. "Possible malware"
object_relation - string Nesne ilişkisi. "Related to incident"

Get object by ID:

Path Parametreleri: 

Parametre Gerekli Veri Türü Açıklama Örnek
objectId Gerekli string Nesnenin UUID veya sayısal kimliği. "1234"

Delete object:

Path Parametreleri:

Parametre Gerekli Veri Türü Açıklama Örnek
objectId Gerekli string Nesnenin UUID veya sayısal kimliği. "1234"
hardDelete Gerekli string Varlığın silinme yöntemi. "0"

 

 






 


 

API Endpoint ve Parametreleri

Tag Parametreleri

Get tag by ID:

Path Parametreleri:

Parametre Gerekli Veri Türü Açıklama Örnek
tagId Gerekli string Özniteliğin sayısal kimliği. "12345"

Add tag:

Request Body Şeması:

Parametre Gerekli Veri Türü Açıklama Örnek
name Gerekli string Etiketin adı "Example Tag"
colour Gerekli string Etiket rengi "#FF0000"
exportable Opsiyonel boolean Etiketin dışa aktarılabilir olup olmadığı true
org_id Opsiyonel string Kuruluşun kimliği "12345"
user_id Opsiyonel string Kullanıcının kimliği "67890"
hide_tag Opsiyonel boolean Etiketin gizlenip gizlenmeyeceği false
numerical_value Opsiyonel string veya null Sayısal değer "100"
is_galaxy Opsiyonel boolean Galaksi olup olmadığı true
is_custom_galaxy Opsiyonel boolean Özel bir galaksi olup olmadığı true
inherited Opsiyonel integer Miras alınıp alınmadığı 1

Delete tag:

Path Parametreleri:

Parametre Gerekli Veri Türü Açıklama Örnek
tagId Gerekli string Etiketin sayısal kimliği "12345"

Edit tag:

Path Parametreleri:

Parametre Gerekli Veri Türü Açıklama Örnek
tagId Gerekli string Etiketin sayısal kimliği 12345

Request Body Şeması:

Parametre Gerekli Veri Türü Açıklama Örnek
name Gerekli string Etiket adı "ABC"
colour Gerekli string Etiket rengi "#FF0000"
exportable Opsiyonel boolean Dışa aktarılabilir mi? (Varsayılan: true) true
org_id Gerekli string Organizasyonun kimliği "12345"
user_id Gerekli string Kullanıcının kimliği "54321"
hide_tag Opsiyonel boolean Etiket gizli mi? (Varsayılan: false) false
numerical_value Opsiyonel string veya null Sayısal değer "10"
is_galaxy Opsiyonel boolean Galaxy etiketi mi? (Varsayılan: true) true
is_custom_galaxy Opsiyonel boolean Özel galaxy etiketi mi? (Varsayılan: true) true
inherited Opsiyonel integer Miras alınan mı? (Varsayılan: 1) 1

Search tag:

Path Parametreleri:

Parametre Gerekli Veri Türü Açıklama Örnek
tagSearchTerm Gerekli string Etiket arama terimi "%tlp%"

 

 

API Endpoint ve Parametreleri

Sighting Parametreleri

Get sightings by event ID:

Path Parametreleri:

Parametre Gerekli Veri Türü Açıklama Örnek
eventId Gerekli string Olayın UUID veya sayısal kimliği "1234"

Add sightings of a list of values:

Request Body Şemas:

Parametre Gerekli Veri Türü Açıklama Örnek
values Gerekli Dize Dizisi Değerlerin listesi ["value1", "value2"]
timestamp Opsiyonel Dize veya null Zaman damgası (isteğe bağlı) "1630458921"
filters Opsiyonel Nesne (Object) Arama filtreleri { ... }

Add sighting of an attribute:

Path Parametreleri:

Parametre Gerekli Veri Türü Açıklama Örnek
attributeId Gerekli Dize (String) Özniteliğin UUID veya sayısal ID'si "12345"

Delete sighting:

Path Parametreleri:

Parametre Gerekli Veri Türü Açıklama Örnek
sightingId Gerekli Dize (String) Görme ID'si (UUID veya sayısal) "12345"

 

API Endpoint ve Parametreleri

Warninglist Parametreleri:

Search warninglists:

Request Body Şeması:

Parametre Gerekli Veri Türü Açıklama Örnek
value Opsiyonel Dize (String) veya null Uyarı listelerinin adı, açıklaması veya türü ile eşleşmek için kullanılacak arama terimi "malware"
enabled Opsiyonel Boolean veya null Arama sonuçlarında yalnızca etkin uyarı listelerini filtrelemek için kullanılır true

Enable/disable warninglists:

Request Body Şeması:

Parametre Gerekli Veri Türü Açıklama Örnek
id Opsiyonel Dize (String) veya Dize Dizisi (Array of strings) Filtrelenecek uyarı listesi kimlikleri "12345" veya ["12345", "67890"]
name Opsiyonel Dize veya Dize Dizisi Filtrelenecek uyarı listesi adı veya adları "Malware" veya ["Malware", "Phishing"]
enabled Opsiyonel Boolean Filtrelenecek uyarı listesi durumu (etkin veya devre dışı) true

Get warninglist by ID:

Path Parametreleri:

Parametre Gerekli Veri Türü Açıklama Örnek
warninglistId Gerekli Dize (String) Uyarı listesinin sayısal kimliği "3"

 

 

 

API Endpoint ve Parametreleri

Noticelist Parametreleri

Get a noticelist by ID:

Path Parametreleri:

Parametre Gerekli Veri Türü Açıklama Örnek
noticelistId Gerekli Dize (String) Bildirim listesinin sayısal kimliği "3"

Enable/disable noticelist:

Path Parametreleri:

Parametre Gerekli Veri Türü Açıklama Örnek
noticelistId Gerekli Dize (String) Bildirim listesinin sayısal kimliği "3"

 

API Endpoint ve Parametreleri

Log Parametreleri

Get instance logs:

Request Body Şeması:

Parametre Gerekli Veri Türü Açıklama Örnek
page Opsiyonel Tam sayı Sayfa numarası (1 veya daha büyük) 1
limit Opsiyonel Tam sayı Sonuç limiti (0 veya daha büyük) 10
id Opsiyonel Dize (String) Günlük kimliği "12345"
title Opsiyonel Dize (String) Günlük başlığı "login"
created Opsiyonel Tarih veya tarih aralığı Oluşturma tarihi veya aralığı "2024-04-01T00:00:00Z"
model Opsiyonel Dize (String) Günlüğün modele göre aranması "User"
model_id Opsiyonel Dize (String) Günlüğün model kimliği "54321"
action Opsiyonel Dize (String) Eylem türü "add"
user_id Opsiyonel Dize (String) Kullanıcı kimliği "67890"
change Opsiyonel Dize (String) Günlük değişikliği metni "password"
email Opsiyonel E-posta E-posta adresi "example@example.com"
org Opsiyonel Dize (String) Kuruluş adı "ACME"
description Opsiyonel Dize (String) Açıklama "User login"
ip Opsiyonel Dize (String) IP adresi "192.0.2.0"

 

API Endpoint ve Parametreleri

Kimlik Doğrulama Anahtarı Parametreleri

Search auth keys:

Request Body Şeması:

Parametre Gerekli Veri Türü Açıklama Örnek
page Opsiyonel Tam sayı Sayfa numarası (1 veya daha büyük) 1
limit Opsiyonel Tam sayı Sonuç limiti (0 veya daha büyük) 10
id Opsiyonel Dize (String) Kimlik (AuthKeyId) "12345"
uuid Opsiyonel UUID UUID "123e4567-e89b-12d3-a456-426614174000"
authkey_start Opsiyonel Dize (String) Kimlik başlangıcı "abcd"
authkey_end Opsiyonel Dize (String) Kimlik sonu "wxyz"
created Opsiyonel Tarih veya tarih aralığı Oluşturma tarihi veya aralığı "2024-04-01T00:00:00Z"
expiration Opsiyonel Tarih veya tarih aralığı Son kullanma tarihi veya aralığı "2024-05-01T00:00:00Z"
read_only Opsiyonel Boolean Salt okunur mu? true
user_id Opsiyonel Dize (String) Kullanıcı kimliği "67890"
comment Opsiyonel Dize (String) Yorum "Auth key for internal use"
allowed_ips Opsiyonel Dize (String) İzin verilen IP adresleri "["192.0.2.0", "198.51.100.0"]"
last_used Opsiyonel Tarih veya tarih aralığı Son kullanım tarihi veya aralığı "2024-04-15T12:00:00Z"

Add auth keys:

Path Parametreleri:

Parametre Gerekli Veri Türü Açıklama Örnek
userId Gerekli Dize (String) Kullanıcı kimliği "12345"

Request Body Şeması:

Parametre Gerekli Veri Türü Açıklama Örnek
uuid Gerekli UUID (Dize) <= 36 Karakter Benzersiz kimlik "c70d92b3-354b-4aaf-b3fd-fd627deea15a"
read_only - Boolean Salt Okunur mu true
user_id - String (UserId) <= 10 Karakter Kullanıcı kimliği "12345"
comment - String Yorum "Bu kullanıcı özel izinlere sahip."
allowed_ips - Dizi (Array) İzin verilen IP adresleri ["192.168.1.1", "10.0.0.1"]

View auth key:

Path Parametreleri:

Parametre Gerekli Veri Türü Açıklama
authKeyId Evet AuthKeyId (Dize) veya UUID (Dize) <= 36 Karakter Yetkilendirme anahtarının benzersiz kimliği veya sayısal ID'si

Edit auth key:

Path Parametreleri:

Parametre Gerekli Veri Türü Açıklama
authKeyId Evet AuthKeyId (Dize) veya UUID (Dize) <= 36 Karakter Yetkilendirme anahtarının benzersiz kimliği veya sayısal ID'si

Request Body Şeması:

Parametre Gerekli Veri Türü Açıklama Örnek
read_only Hayır boolean Okuma izni var mı? true
comment Hayır string Yorum "Bu anahtar genel kullanım içindir."
allowed_ips Hayır Array of strings veya null İzin verilen IP adreslerinin listesi veya null (boş) ["192.168.1.1", "192.168.1.2"]

Delete auth key:

Path Parametreleri:

Parametre Gerekli Veri Türü Açıklama Örnek
authKeyId Evet AuthKeyId (string) Auth anahtarının UUID veya sayısal ID'si "12345" veya "a1b2c3d4"





 

 






API Endpoint ve Parametreleri

Kullanıcı Ayarları Parametreleri

Search user settings:

Request Body Şeması:

Parametre Gerekli Veri Türü Açıklama Örnek
id Evet UserSettingId (string) Kullanıcı ayarlarının sayısal ID'si "12345"
setting Evet UserSettingName (string) Kullanıcı ayarı adı "publish_alert_filter"
user_id Evet UserId (string) Kullanıcının sayısal ID'si "54321"

Get user setting by id:

Path Parametreleri:

Parametre Gerekli Veri Türü Açıklama Örnek
userSettingId Evet UserSettingId (string) Kullanıcı ayarlarının sayısal ID'si "12345"

Set user setting:

Path Parametreleri:

Parametre Gerekli Veri Türü Açıklama Örnek
userId Evet UserId (string) Kullanıcının sayısal ID'si "12345"
userSettingName Evet UserSettingName (string) Kullanıcı ayarının adı "publish_alert_filter"

Request Body Şeması:

Parametre Gerekli Veri Türü Açıklama Örnek
widget - string Widget'ın türü "example_widget"
position - object Widget'ın konumu { "x": 10, "y": 20 }

Get user setting by id:

Path Parametreleri: 

Tabloyu güncelledim:

Parametre Gerekli Veri Türü Açıklama Örnek
userId Evet string Kullanıcının sayısal kimliği "12345"
userSettingName Evet string Kullanıcı ayarlarının adı "publish_alert_filter"

Delete user setting by id:

Path Parametreleri:

Parametre Gerekli Veri Türü Açıklama Örnek
userSettingId Evet string Kullanıcı ayarlarının kimliği "12345"

 

API Endpoint ve Parametreleri

EventReport Parametreleri

Get event report by ID:

Path Parametreleri:

Parametre Gerekli Veri Türü Açıklama Örnek
eventReportId Evet string Raporun kimliği "12345"

Add Event Report:

Path Parametreleri:

Parametre Gerekli Veri Türü Açıklama Örnek
eventId Evet string Olayın kimliği "12345"

Request Body Şeması:

Parametre Gerekli Veri Türü Açıklama Örnek
uuid Hayır string <uuid> (UUID) Raporun benzersiz kimliği "12345"
eventId Evet string (EventId) İlgili olayın kimliği "123"
name Evet string (EventReportName) Raporun adı "Olay Raporu"
content Evet string Rapor içeriği "Bu bir rapor içeriğidir."
distribution Evet string (DistributionLevelId) Dağıtım seviyesi "0"
sharing_group_id Hayır string or null Paylaşım grubunun kimliği "456"
timestamp Hayır string or null Zaman damgası "1648214400"
deleted Hayır boolean Raporun silinip silinmediği true

Edit Event Report:

Path Parametreleri:

Parametre Gerekli Veri Türü Açıklama Örnek
eventReportId Evet string (EventReportId) Olay raporunun kimliği "123"
uuid Hayır string <uuid> (UUID) Raporun benzersiz kimliği "12345"

Delete Event Report:

Path Parametreleri:

Parametre Gerekli Veri Türü Açıklama Örnek
eventReportId Evet string (EventReportId) Olay raporunun kimliği "123"
hardDelete Evet string Varlığı sert silmek için "1", yumuşak silme için "0". "1"
Restore Event Report:
Path Parametreleri:
Parametre Gerekli Veri Türü Açıklama Örnek
eventReportId Evet string (EventReportId) Olay raporunun kimliği "123"

Import Report From URL:

Path Parametreleri:

Parametre Gerekli Veri Türü Açıklama Örnek
eventId Evet string (EventId) Olayın UUID veya sayısal kimliği "12345"

Request Body Şeması:

Parametre Gerekli Veri Türü Açıklama
url Evet string Kaynak URL veya adresi





 





















 

API Request ve Response Örnekleri

API Request ve Response Örnekleri

Analyst Data

Add analyst data:

POST

https://misp.local/analystData/add/{analystType}/{objectUUID}/{ObjectType}

Response:

200:

AnalystNote:

{
  "note": "Provide more context",
  "language": "fr-BE",
  "note_type_name": "Note",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "object_type": "Attribute",
  "authors": "john.doe@admin.test",
  "org_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "orgc_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "created": "2024-03-19 11:10:24",
  "modified": "2024-03-19 11:10:24",
  "distribution": "0",
  "sharing_group_id": "1",
  "locked": true
}

AnalystOpinion:

{
  "comment": "Provide more context",
  "opinion": 70,
  "note_type_name": "Opinion",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "object_type": "Attribute",
  "authors": "john.doe@admin.test",
  "org_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "orgc_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "created": "2024-03-19 11:10:24",
  "modified": "2024-03-19 11:10:24",
  "distribution": "0",
  "sharing_group_id": "1",
  "locked": true
}


AnalystRelationship:

{
  "related_object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "related_object_type": "Attribute",
  "relationship_type": "related-to",
  "note_type_name": "Relationship",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "object_type": "Attribute",
  "authors": "john.doe@admin.test",
  "org_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "orgc_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "created": "2024-03-19 11:10:24",
  "modified": "2024-03-19 11:10:24",
  "distribution": "0",
  "sharing_group_id": "1",
  "locked": true
}


403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Edit analyst data:

POST

https://misp.local/analystData/edit/{analystType}/{analystDataID}

Response:

200:

AnalystNote:

{
  "note": "Provide more context",
  "language": "fr-BE",
  "note_type_name": "Note",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "object_type": "Attribute",
  "authors": "john.doe@admin.test",
  "org_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "orgc_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "created": "2024-03-19 11:10:24",
  "modified": "2024-03-19 11:10:24",
  "distribution": "0",
  "sharing_group_id": "1",
  "locked": true
}


AnalystOpinion:

{
  "comment": "Provide more context",
  "opinion": 70,
  "note_type_name": "Opinion",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "object_type": "Attribute",
  "authors": "john.doe@admin.test",
  "org_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "orgc_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "created": "2024-03-19 11:10:24",
  "modified": "2024-03-19 11:10:24",
  "distribution": "0",
  "sharing_group_id": "1",
  "locked": true
}


AnalystRelationship:

{
  "related_object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "related_object_type": "Attribute",
  "relationship_type": "related-to",
  "note_type_name": "Relationship",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "object_type": "Attribute",
  "authors": "john.doe@admin.test",
  "org_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "orgc_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "created": "2024-03-19 11:10:24",
  "modified": "2024-03-19 11:10:24",
  "distribution": "0",
  "sharing_group_id": "1",
  "locked": true
}


403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}


Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Delete Analyst data:

DELETE

https://misp.local/analystData/delete/{analystType}/{analystDataID}

Response:

200:

{
  "message": "Analyst Note deleted."
}


403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

List Analyst data:

GET

https://misp.local/analystData/delete/{analystType}/{analystDataID}

Response:

200:

[
  {
    "note": "Provide more context",
    "language": "fr-BE",
    "note_type_name": "Note",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "object_type": "Attribute",
    "authors": "john.doe@admin.test",
    "org_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "orgc_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "created": "2024-03-19 11:10:24",
    "modified": "2024-03-19 11:10:24",
    "distribution": "0",
    "sharing_group_id": "1",
    "locked": true
  }
]


403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}}

Get Analyst Data by ID:

GET

https://misp.local/analystData/view/{analystType}/{analystDataID}

Response:

200:

AnalystNote:

{
  "note": "Provide more context",
  "language": "fr-BE",
  "note_type_name": "Note",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "object_type": "Attribute",
  "authors": "john.doe@admin.test",
  "org_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "orgc_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "created": "2024-03-19 11:10:24",
  "modified": "2024-03-19 11:10:24",
  "distribution": "0",
  "sharing_group_id": "1",
  "locked": true
}


AnalystOpinion:

{
  "comment": "Provide more context",
  "opinion": 70,
  "note_type_name": "Opinion",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "object_type": "Attribute",
  "authors": "john.doe@admin.test",
  "org_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "orgc_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "created": "2024-03-19 11:10:24",
  "modified": "2024-03-19 11:10:24",
  "distribution": "0",
  "sharing_group_id": "1",
  "locked": true
}


AnalystRelationship:

{
  "related_object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "related_object_type": "Attribute",
  "relationship_type": "related-to",
  "note_type_name": "Relationship",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "object_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "object_type": "Attribute",
  "authors": "john.doe@admin.test",
  "org_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "orgc_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "created": "2024-03-19 11:10:24",
  "modified": "2024-03-19 11:10:24",
  "distribution": "0",
  "sharing_group_id": "1",
  "locked": true
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

 

 


API Request ve Response Örnekleri

Attributes

[restSearch] Get a filtered and paginated list of attributes:

POST

https://misp.local/attributes/restSearch

Resquest:
{
  "page": 1,
  "limit": 0,
  "value": "127.0.0.1",
  "value1": "127.0.0.1",
  "value2": "127.0.0.1",
  "type": "md5",
  "category": "Internal reference",
  "org": "12345",
  "tags": [
    "tlp:amber"
  ],
  "from": "string",
  "to": "string",
  "last": 0,
  "eventid": "12345",
  "withAttachments": false,
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "publish_timestamp": "1617875568",
  "published": false,
  "timestamp": "1617875568",
  "attribute_timestamp": "1617875568",
  "enforceWarninglist": true,
  "to_ids": true,
  "deleted": false,
  "event_timestamp": "1617875568",
  "threat_level_id": "1",
  "eventinfo": "string",
  "sharinggroup": [
    "1"
  ],
  "decayingModel": "string",
  "score": "string",
  "first_seen": "string",
  "last_seen": "string",
  "includeEventUuid": false,
  "includeEventTags": false,
  "includeProposals": false,
  "requested_attributes": [
    "id"
  ],
  "includeContext": true,
  "headerless": true,
  "includeWarninglistHits": true,
  "attackGalaxy": "mitre-attack",
  "object_relation": "filepath",
  "includeSightings": true,
  "includeCorrelations": true,
  "modelOverrides": {
    "lifetime": 3,
    "decay_speed": 2.3,
    "threshold": 30,
    "default_base_score": 80,
    "base_score_config": {
      "estimative-language:confidence-in-analytic-judgment": 0.25,
      "estimative-language:likelihood-probability": 0.25,
      "phishing:psychological-acceptability": 0.25,
      "phishing:state": 0.2
    }
  },
  "includeDecayScore": false,
  "includeFullModel": false,
  "excludeDecayed": false,
  "returnFormat": "json"
}
Response: 

200: 

{
  "response": {
    "Attribute": [
      {
        "id": "12345",
        "event_id": "12345",
        "object_id": "12345",
        "object_relation": "sensor",
        "category": "Internal reference",
        "type": "md5",
        "value": "127.0.0.1",
        "to_ids": true,
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "timestamp": "1617875568",
        "distribution": "0",
        "sharing_group_id": "1",
        "comment": "logged source ip",
        "deleted": false,
        "disable_correlation": false,
        "first_seen": "1581984000000000",
        "last_seen": "1581984000000000",
        "data": "string",
        "event_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "decay_score": [
          {
            "score": 10.5,
            "base_score": 80,
            "decayed": true,
            "DecayingModel": {
              "id": "12345",
              "name": "Phishing model"
            }
          }
        ],
        "Event": {
          "id": "12345",
          "org_id": "12345",
          "distribution": "0",
          "info": "logged source ip",
          "orgc_id": "12345",
          "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
          "date": "1991-01-15",
          "published": false,
          "analysis": "0",
          "attribute_count": "321",
          "timestamp": "1617875568",
          "sharing_group_id": "1",
          "proposal_email_lock": true,
          "locked": true,
          "threat_level_id": "1",
          "publish_timestamp": "1617875568",
          "sighting_timestamp": "1617875568",
          "disable_correlation": false,
          "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
          "event_creator_email": "user@example.com"
        },
        "Object": {
          "id": "12345",
          "name": "ail-leak",
          "meta-category": "string",
          "description": "string",
          "template_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
          "template_version": "1",
          "event_id": "12345",
          "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
          "timestamp": "1617875568",
          "distribution": "0",
          "sharing_group_id": "1",
          "comment": "string",
          "deleted": true,
          "first_seen": "1581984000000000",
          "last_seen": "1581984000000000",
          "Attribute": [
            {
              "id": "12345",
              "event_id": "12345",
              "object_id": "12345",
              "object_relation": "sensor",
              "category": "Internal reference",
              "type": "md5",
              "value": "127.0.0.1",
              "to_ids": true,
              "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
              "timestamp": "1617875568",
              "distribution": "0",
              "sharing_group_id": "1",
              "comment": "logged source ip",
              "deleted": false,
              "disable_correlation": false,
              "first_seen": "1581984000000000",
              "last_seen": "1581984000000000"
            }
          ]
        },
        "Tag": [
          {
            "id": "12345",
            "name": "tlp:white",
            "colour": "#ffffff",
            "exportable": true,
            "org_id": "12345",
            "user_id": "12345",
            "hide_tag": false,
            "numerical_value": "12345",
            "is_galaxy": true,
            "is_custom_galaxy": true,
            "inherited": 1
          }
        ]
      }
    ]
  }
}

403: 

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default: 

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Add an attribute:

POST

https://misp.local/attributes/add/{eventId}

Resquest:
{
  "event_id": "12345",
  "object_id": "12345",
  "object_relation": "sensor",
  "category": "Internal reference",
  "type": "md5",
  "value": "127.0.0.1",
  "to_ids": true,
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "timestamp": "1617875568",
  "distribution": "0",
  "sharing_group_id": "1",
  "comment": "logged source ip",
  "deleted": false,
  "disable_correlation": false,
  "first_seen": "1581984000000000",
  "last_seen": "1581984000000000"
}
Response: 

200: 

{
  "Attribute": {
    "id": "12345",
    "event_id": "12345",
    "object_id": "12345",
    "object_relation": "sensor",
    "category": "Internal reference",
    "type": "md5",
    "value": "127.0.0.1",
    "to_ids": true,
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "timestamp": "1617875568",
    "distribution": "0",
    "sharing_group_id": "1",
    "comment": "logged source ip",
    "deleted": false,
    "disable_correlation": false,
    "first_seen": "1581984000000000",
    "last_seen": "1581984000000000"
  }
}

403: 

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default: 

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Edit an attribute:

PUT

https://misp.local/attributes/edit/{attributeId}

Resquest:
{
  "id": "12345",
  "event_id": "12345",
  "object_id": "12345",
  "object_relation": "sensor",
  "category": "Internal reference",
  "type": "md5",
  "value": "127.0.0.1",
  "to_ids": true,
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "timestamp": "1617875568",
  "distribution": "0",
  "sharing_group_id": "1",
  "comment": "logged source ip",
  "deleted": false,
  "disable_correlation": false,
  "first_seen": "1581984000000000",
  "last_seen": "1581984000000000"
}
Response: 

200: 

{
  "Attribute": {
    "id": "12345",
    "event_id": "12345",
    "object_id": "12345",
    "object_relation": "sensor",
    "category": "Internal reference",
    "type": "md5",
    "value": "127.0.0.1",
    "to_ids": true,
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "timestamp": "1617875568",
    "distribution": "0",
    "sharing_group_id": "1",
    "comment": "logged source ip",
    "deleted": false,
    "disable_correlation": false,
    "first_seen": "1581984000000000",
    "last_seen": "1581984000000000"
  }
}

403: 

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404: 

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default: 

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Delete an attribute:

DELETE

https://misp.local/attributes/delete/{attributeId}

Response: 

200: 

{
  "message": "Attribute deleted."
}

403: 

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404: 

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default: 

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Restore an attribute:

POST

https://misp.local/attributes/restore/{attributeId}

Response: 

200: 

{
  "Attribute": {
    "id": "12345",
    "event_id": "12345",
    "object_id": "12345",
    "object_relation": "sensor",
    "category": "Internal reference",
    "type": "md5",
    "value": "127.0.0.1",
    "to_ids": true,
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "timestamp": "1617875568",
    "distribution": "0",
    "sharing_group_id": "1",
    "comment": "logged source ip",
    "deleted": false,
    "disable_correlation": false,
    "first_seen": "1581984000000000",
    "last_seen": "1581984000000000"
  }
}

403: 

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404: 

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default: 

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Add a tag to an attribute:

POST

https://misp.local/attributes/addTag/{attributeId}/{tagId}/local:{local}

Response: 

200: 

{
  "saved": true,
  "success": "Tag added.",
  "check_publish": true,
  "errors": "Tag could not be added."
}

403: 

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404: 

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default: 

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Remove a tag from an attribute:

POST

https://misp.local/attributes/removeTag/{attributeId}/{tagId}

Response: 

200: 

{
  "saved": true,
  "success": "Tag removed.",
  "check_publish": true,
  "errors": "Tag could not be added."
}

403: 

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404: 

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default: 

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get a list of attributes:

GET

https://misp.local/attributes

Response: 

200: 

[
  {
    "id": "12345",
    "event_id": "12345",
    "object_id": "12345",
    "object_relation": "sensor",
    "category": "Internal reference",
    "type": "md5",
    "value": "127.0.0.1",
    "to_ids": true,
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "timestamp": "1617875568",
    "distribution": "0",
    "sharing_group_id": "1",
    "comment": "logged source ip",
    "deleted": false,
    "disable_correlation": false,
    "first_seen": "1581984000000000",
    "last_seen": "1581984000000000"
  }
]

403: 

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default: 

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get the count of attributes per category:

GET

https://misp.local/attributes/attributeStatistics/{context}/{percentage}

Response: 

200: 

[
  {
    "Antivirus detection": "10"
  },
  {
    "Artifacts dropped": "20"
  }
]

403: 

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default: 

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get a list of the available attribute types:

GET

https://misp.local/attributes/describeTypes

Response: 

200: 

{
  "sane_defaults": {
    "md5": {
      "default_category": "Payload delivery",
      "to_ids": 1
    },
    "pdb": {
      "default_category": "Artifacts dropped",
      "to_ids": 0
    }
  },
  "types": [
    "md5"
  ],
  "categories": [
    "Internal reference"
  ],
  "category_type_mappings": {
    "Internal reference": [
      "text",
      "link",
      "comment",
      "other"
    ],
    "Antivirus detection": [
      "link",
      "comment",
      "text",
      "hex",
      "other"
    ]
  }
}

403: 

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default: 

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

 

API Request ve Response Örnekleri

Events

[restSearch] Get a filtered and paginated list of events:

POST

https://misp.local/events/restSearch

Request:
{
  "page": 1,
  "limit": 0,
  "value": "127.0.0.1",
  "type": "md5",
  "category": "Internal reference",
  "org": "12345",
  "tags": [
    "tlp:amber"
  ],
  "event_tags": [
    "tlp:amber"
  ],
  "searchall": "malware",
  "from": "string",
  "to": "string",
  "last": 0,
  "eventid": "12345",
  "withAttachments": false,
  "sharinggroup": [
    "1"
  ],
  "metadata": true,
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "publish_timestamp": "1617875568",
  "timestamp": "1617875568",
  "published": false,
  "enforceWarninglist": true,
  "sgReferenceOnly": true,
  "requested_attributes": [
    "id"
  ],
  "includeContext": true,
  "headerless": true,
  "includeWarninglistHits": true,
  "attackGalaxy": "mitre-attack",
  "to_ids": true,
  "deleted": false,
  "excludeLocalTags": true,
  "date": "string",
  "includeSightingdb": true,
  "tag": "tlp:white",
  "object_relation": "filepath",
  "threat_level_id": "1",
  "returnFormat": "json"
}
Resquest:

200:

{
  "response": [
    {
      "Event": {
        "id": "12345",
        "org_id": "12345",
        "distribution": "0",
        "info": "logged source ip",
        "orgc_id": "12345",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "date": "1991-01-15",
        "published": false,
        "analysis": "0",
        "attribute_count": "321",
        "timestamp": "1617875568",
        "sharing_group_id": "1",
        "proposal_email_lock": true,
        "locked": true,
        "threat_level_id": "1",
        "publish_timestamp": "1617875568",
        "sighting_timestamp": "1617875568",
        "disable_correlation": false,
        "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "event_creator_email": "user@example.com",
        "Feed": {
          "id": "3",
          "name": "CIRCL OSINT Feed",
          "provider": "CIRCL",
          "url": "https://www.circl.lu/doc/misp/feed-osint",
          "rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
          "enabled": true,
          "distribution": "0",
          "sharing_group_id": "1",
          "tag_id": "12345",
          "default": true,
          "source_format": "1",
          "fixed_event": true,
          "delta_merge": true,
          "event_id": "12345",
          "publish": false,
          "override_ids": true,
          "settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\"\"},\"common\":{\"excluderegex\":\"\"},\"disable_correlation\":\"1\"}",
          "input_source": "local",
          "delete_local_file": true,
          "lookup_visible": true,
          "headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
          "caching_enabled": true,
          "force_to_ids": true,
          "orgc_id": "12345",
          "cache_timestamp": "1617875568"
        },
        "Org": {
          "id": "12345",
          "name": "ORGNAME",
          "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
        },
        "Orgc": {
          "id": "12345",
          "name": "ORGNAME",
          "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
        },
        "Attribute": [
          {
            "id": "12345",
            "event_id": "12345",
            "object_id": "12345",
            "object_relation": "sensor",
            "category": "Internal reference",
            "type": "md5",
            "value": "127.0.0.1",
            "to_ids": true,
            "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
            "timestamp": "1617875568",
            "distribution": "0",
            "sharing_group_id": "1",
            "comment": "logged source ip",
            "deleted": false,
            "disable_correlation": false,
            "first_seen": "1581984000000000",
            "last_seen": "1581984000000000"
          }
        ],
        "ShadowAttribute": [
          {
            "id": "12345",
            "event_id": "12345",
            "object_id": "12345",
            "object_relation": "sensor",
            "category": "Internal reference",
            "type": "md5",
            "value": "127.0.0.1",
            "to_ids": true,
            "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
            "timestamp": "1617875568",
            "distribution": "0",
            "sharing_group_id": "1",
            "comment": "logged source ip",
            "deleted": false,
            "disable_correlation": false,
            "first_seen": "1581984000000000",
            "last_seen": "1581984000000000"
          }
        ],
        "RelatedEvent": [
          {}
        ],
        "Galaxy": [
          {
            "id": "12345",
            "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
            "name": "Ransomware",
            "type": "ransomware",
            "description": "Ransomware galaxy based on ...",
            "version": "1",
            "icon": "globe",
            "namespace": "misp",
            "kill_chain_order": {
              "fraud-tactics": [
                "Initiation",
                "Target Compromise",
                "Perform Fraud",
                "Obtain Fraudulent Assets",
                "Assets Transfer",
                "Monetisation"
              ]
            }
          }
        ],
        "Object": [
          {
            "id": "12345",
            "name": "ail-leak",
            "meta-category": "string",
            "description": "string",
            "template_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
            "template_version": "1",
            "event_id": "12345",
            "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
            "timestamp": "1617875568",
            "distribution": "0",
            "sharing_group_id": "1",
            "comment": "string",
            "deleted": true,
            "first_seen": "1581984000000000",
            "last_seen": "1581984000000000",
            "Attribute": [
              {
                "id": "12345",
                "event_id": "12345",
                "object_id": "12345",
                "object_relation": "sensor",
                "category": "Internal reference",
                "type": "md5",
                "value": "127.0.0.1",
                "to_ids": true,
                "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
                "timestamp": "1617875568",
                "distribution": "0",
                "sharing_group_id": "1",
                "comment": "logged source ip",
                "deleted": false,
                "disable_correlation": false,
                "first_seen": "1581984000000000",
                "last_seen": "1581984000000000"
              }
            ]
          }
        ],
        "EventReport": [
          {
            "id": "12345",
            "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
            "event_id": "12345",
            "name": "Report of the incident",
            "content": "string",
            "distribution": "0",
            "sharing_group_id": "1",
            "timestamp": "1617875568",
            "deleted": false
          }
        ],
        "Tag": [
          {
            "id": "12345",
            "name": "tlp:white",
            "colour": "#ffffff",
            "exportable": true,
            "org_id": "12345",
            "user_id": "12345",
            "hide_tag": false,
            "numerical_value": "12345",
            "is_galaxy": true,
            "is_custom_galaxy": true,
            "inherited": 1
          }
        ],
        "Event": {
          "id": "12345",
          "timestamp": "1617875568",
          "sighting_timestamp": "1617875568",
          "published": false,
          "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
          "orgc_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
        }
      }
    }
  ]
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default: 

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Add event:

POST

https://misp.local/events/add

Request: 
{
  "org_id": "12345",
  "distribution": "0",
  "info": "logged source ip",
  "orgc_id": "12345",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "date": "1991-01-15",
  "published": false,
  "analysis": "0",
  "attribute_count": "321",
  "timestamp": "1617875568",
  "sharing_group_id": "1",
  "proposal_email_lock": true,
  "locked": true,
  "threat_level_id": "1",
  "publish_timestamp": "1617875568",
  "sighting_timestamp": "1617875568",
  "disable_correlation": false,
  "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "event_creator_email": "user@example.com"
}
Response:

200:

{
  "Event": {
    "id": "12345",
    "org_id": "12345",
    "distribution": "0",
    "info": "logged source ip",
    "orgc_id": "12345",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "date": "1991-01-15",
    "published": false,
    "analysis": "0",
    "attribute_count": "321",
    "timestamp": "1617875568",
    "sharing_group_id": "1",
    "proposal_email_lock": true,
    "locked": true,
    "threat_level_id": "1",
    "publish_timestamp": "1617875568",
    "sighting_timestamp": "1617875568",
    "disable_correlation": false,
    "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "event_creator_email": "user@example.com",
    "Feed": {
      "id": "3",
      "name": "CIRCL OSINT Feed",
      "provider": "CIRCL",
      "url": "https://www.circl.lu/doc/misp/feed-osint",
      "rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
      "enabled": true,
      "distribution": "0",
      "sharing_group_id": "1",
      "tag_id": "12345",
      "default": true,
      "source_format": "1",
      "fixed_event": true,
      "delta_merge": true,
      "event_id": "12345",
      "publish": false,
      "override_ids": true,
      "settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\"\"},\"common\":{\"excluderegex\":\"\"},\"disable_correlation\":\"1\"}",
      "input_source": "local",
      "delete_local_file": true,
      "lookup_visible": true,
      "headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
      "caching_enabled": true,
      "force_to_ids": true,
      "orgc_id": "12345",
      "cache_timestamp": "1617875568"
    },
    "Org": {
      "id": "12345",
      "name": "ORGNAME",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
    },
    "Orgc": {
      "id": "12345",
      "name": "ORGNAME",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
    },
    "Attribute": [
      {
        "id": "12345",
        "event_id": "12345",
        "object_id": "12345",
        "object_relation": "sensor",
        "category": "Internal reference",
        "type": "md5",
        "value": "127.0.0.1",
        "to_ids": true,
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "timestamp": "1617875568",
        "distribution": "0",
        "sharing_group_id": "1",
        "comment": "logged source ip",
        "deleted": false,
        "disable_correlation": false,
        "first_seen": "1581984000000000",
        "last_seen": "1581984000000000"
      }
    ],
    "ShadowAttribute": [
      {
        "id": "12345",
        "event_id": "12345",
        "object_id": "12345",
        "object_relation": "sensor",
        "category": "Internal reference",
        "type": "md5",
        "value": "127.0.0.1",
        "to_ids": true,
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "timestamp": "1617875568",
        "distribution": "0",
        "sharing_group_id": "1",
        "comment": "logged source ip",
        "deleted": false,
        "disable_correlation": false,
        "first_seen": "1581984000000000",
        "last_seen": "1581984000000000"
      }
    ],
    "RelatedEvent": [
      {}
    ],
    "Galaxy": [
      {
        "id": "12345",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "name": "Ransomware",
        "type": "ransomware",
        "description": "Ransomware galaxy based on ...",
        "version": "1",
        "icon": "globe",
        "namespace": "misp",
        "kill_chain_order": {
          "fraud-tactics": [
            "Initiation",
            "Target Compromise",
            "Perform Fraud",
            "Obtain Fraudulent Assets",
            "Assets Transfer",
            "Monetisation"
          ]
        }
      }
    ],
    "Object": [
      {
        "id": "12345",
        "name": "ail-leak",
        "meta-category": "string",
        "description": "string",
        "template_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "template_version": "1",
        "event_id": "12345",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "timestamp": "1617875568",
        "distribution": "0",
        "sharing_group_id": "1",
        "comment": "string",
        "deleted": true,
        "first_seen": "1581984000000000",
        "last_seen": "1581984000000000",
        "Attribute": [
          {
            "id": "12345",
            "event_id": "12345",
            "object_id": "12345",
            "object_relation": "sensor",
            "category": "Internal reference",
            "type": "md5",
            "value": "127.0.0.1",
            "to_ids": true,
            "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
            "timestamp": "1617875568",
            "distribution": "0",
            "sharing_group_id": "1",
            "comment": "logged source ip",
            "deleted": false,
            "disable_correlation": false,
            "first_seen": "1581984000000000",
            "last_seen": "1581984000000000"
          }
        ]
      }
    ],
    "EventReport": [
      {
        "id": "12345",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "event_id": "12345",
        "name": "Report of the incident",
        "content": "string",
        "distribution": "0",
        "sharing_group_id": "1",
        "timestamp": "1617875568",
        "deleted": false
      }
    ],
    "Tag": [
      {
        "id": "12345",
        "name": "tlp:white",
        "colour": "#ffffff",
        "exportable": true,
        "org_id": "12345",
        "user_id": "12345",
        "hide_tag": false,
        "numerical_value": "12345",
        "is_galaxy": true,
        "is_custom_galaxy": true,
        "inherited": 1
      }
    ]
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Edit event:

PUT

https://misp.local/events/edit/{eventId}

Request: 
{
  "org_id": "12345",
  "distribution": "0",
  "info": "logged source ip",
  "orgc_id": "12345",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "date": "1991-01-15",
  "published": false,
  "analysis": "0",
  "attribute_count": "321",
  "timestamp": "1617875568",
  "sharing_group_id": "1",
  "proposal_email_lock": true,
  "locked": true,
  "threat_level_id": "1",
  "publish_timestamp": "1617875568",
  "sighting_timestamp": "1617875568",
  "disable_correlation": false,
  "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "event_creator_email": "user@example.com"
}
Response:

200:

{
  "Event": {
    "id": "12345",
    "org_id": "12345",
    "distribution": "0",
    "info": "logged source ip",
    "orgc_id": "12345",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "date": "1991-01-15",
    "published": false,
    "analysis": "0",
    "attribute_count": "321",
    "timestamp": "1617875568",
    "sharing_group_id": "1",
    "proposal_email_lock": true,
    "locked": true,
    "threat_level_id": "1",
    "publish_timestamp": "1617875568",
    "sighting_timestamp": "1617875568",
    "disable_correlation": false,
    "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "event_creator_email": "user@example.com",
    "Feed": {
      "id": "3",
      "name": "CIRCL OSINT Feed",
      "provider": "CIRCL",
      "url": "https://www.circl.lu/doc/misp/feed-osint",
      "rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
      "enabled": true,
      "distribution": "0",
      "sharing_group_id": "1",
      "tag_id": "12345",
      "default": true,
      "source_format": "1",
      "fixed_event": true,
      "delta_merge": true,
      "event_id": "12345",
      "publish": false,
      "override_ids": true,
      "settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\"\"},\"common\":{\"excluderegex\":\"\"},\"disable_correlation\":\"1\"}",
      "input_source": "local",
      "delete_local_file": true,
      "lookup_visible": true,
      "headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
      "caching_enabled": true,
      "force_to_ids": true,
      "orgc_id": "12345",
      "cache_timestamp": "1617875568"
    },
    "Org": {
      "id": "12345",
      "name": "ORGNAME",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
    },
    "Orgc": {
      "id": "12345",
      "name": "ORGNAME",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
    },
    "Attribute": [
      {
        "id": "12345",
        "event_id": "12345",
        "object_id": "12345",
        "object_relation": "sensor",
        "category": "Internal reference",
        "type": "md5",
        "value": "127.0.0.1",
        "to_ids": true,
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "timestamp": "1617875568",
        "distribution": "0",
        "sharing_group_id": "1",
        "comment": "logged source ip",
        "deleted": false,
        "disable_correlation": false,
        "first_seen": "1581984000000000",
        "last_seen": "1581984000000000"
      }
    ],
    "ShadowAttribute": [
      {
        "id": "12345",
        "event_id": "12345",
        "object_id": "12345",
        "object_relation": "sensor",
        "category": "Internal reference",
        "type": "md5",
        "value": "127.0.0.1",
        "to_ids": true,
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "timestamp": "1617875568",
        "distribution": "0",
        "sharing_group_id": "1",
        "comment": "logged source ip",
        "deleted": false,
        "disable_correlation": false,
        "first_seen": "1581984000000000",
        "last_seen": "1581984000000000"
      }
    ],
    "RelatedEvent": [
      {}
    ],
    "Galaxy": [
      {
        "id": "12345",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "name": "Ransomware",
        "type": "ransomware",
        "description": "Ransomware galaxy based on ...",
        "version": "1",
        "icon": "globe",
        "namespace": "misp",
        "kill_chain_order": {
          "fraud-tactics": [
            "Initiation",
            "Target Compromise",
            "Perform Fraud",
            "Obtain Fraudulent Assets",
            "Assets Transfer",
            "Monetisation"
          ]
        }
      }
    ],
    "Object": [
      {
        "id": "12345",
        "name": "ail-leak",
        "meta-category": "string",
        "description": "string",
        "template_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "template_version": "1",
        "event_id": "12345",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "timestamp": "1617875568",
        "distribution": "0",
        "sharing_group_id": "1",
        "comment": "string",
        "deleted": true,
        "first_seen": "1581984000000000",
        "last_seen": "1581984000000000",
        "Attribute": [
          {
            "id": "12345",
            "event_id": "12345",
            "object_id": "12345",
            "object_relation": "sensor",
            "category": "Internal reference",
            "type": "md5",
            "value": "127.0.0.1",
            "to_ids": true,
            "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
            "timestamp": "1617875568",
            "distribution": "0",
            "sharing_group_id": "1",
            "comment": "logged source ip",
            "deleted": false,
            "disable_correlation": false,
            "first_seen": "1581984000000000",
            "last_seen": "1581984000000000"
          }
        ]
      }
    ],
    "EventReport": [
      {
        "id": "12345",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "event_id": "12345",
        "name": "Report of the incident",
        "content": "string",
        "distribution": "0",
        "sharing_group_id": "1",
        "timestamp": "1617875568",
        "deleted": false
      }
    ],
    "Tag": [
      {
        "id": "12345",
        "name": "tlp:white",
        "colour": "#ffffff",
        "exportable": true,
        "org_id": "12345",
        "user_id": "12345",
        "hide_tag": false,
        "numerical_value": "12345",
        "is_galaxy": true,
        "is_custom_galaxy": true,
        "inherited": 1
      }
    ]
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Delete event:

DELETE

https://misp.local/events/delete/{eventId}

Response:

200:

{
  "saved": true,
  "success": true,
  "name": "Event deleted.",
  "message": "Could not delete Event",
  "url": "/events/delete/1",
  "errors": "Event was not deleted."
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get a list of events:

GET

https://misp.local/events

Response:

200:

[
  {
    "id": "12345",
    "org_id": "12345",
    "distribution": "0",
    "info": "logged source ip",
    "orgc_id": "12345",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "date": "1991-01-15",
    "published": false,
    "analysis": "0",
    "attribute_count": "321",
    "timestamp": "1617875568",
    "sharing_group_id": "1",
    "proposal_email_lock": true,
    "locked": true,
    "threat_level_id": "1",
    "publish_timestamp": "1617875568",
    "sighting_timestamp": "1617875568",
    "disable_correlation": false,
    "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "event_creator_email": "user@example.com",
    "Feed": {
      "id": "3",
      "name": "CIRCL OSINT Feed",
      "provider": "CIRCL",
      "url": "https://www.circl.lu/doc/misp/feed-osint",
      "rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
      "enabled": true,
      "distribution": "0",
      "sharing_group_id": "1",
      "tag_id": "12345",
      "default": true,
      "source_format": "1",
      "fixed_event": true,
      "delta_merge": true,
      "event_id": "12345",
      "publish": false,
      "override_ids": true,
      "settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\"\"},\"common\":{\"excluderegex\":\"\"},\"disable_correlation\":\"1\"}",
      "input_source": "local",
      "delete_local_file": true,
      "lookup_visible": true,
      "headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
      "caching_enabled": true,
      "force_to_ids": true,
      "orgc_id": "12345",
      "cache_timestamp": "1617875568"
    },
    "Org": {
      "id": "12345",
      "name": "ORGNAME",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
    },
    "Orgc": {
      "id": "12345",
      "name": "ORGNAME",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
    },
    "Attribute": [
      {
        "id": "12345",
        "event_id": "12345",
        "object_id": "12345",
        "object_relation": "sensor",
        "category": "Internal reference",
        "type": "md5",
        "value": "127.0.0.1",
        "to_ids": true,
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "timestamp": "1617875568",
        "distribution": "0",
        "sharing_group_id": "1",
        "comment": "logged source ip",
        "deleted": false,
        "disable_correlation": false,
        "first_seen": "1581984000000000",
        "last_seen": "1581984000000000"
      }
    ],
    "ShadowAttribute": [
      {
        "id": "12345",
        "event_id": "12345",
        "object_id": "12345",
        "object_relation": "sensor",
        "category": "Internal reference",
        "type": "md5",
        "value": "127.0.0.1",
        "to_ids": true,
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "timestamp": "1617875568",
        "distribution": "0",
        "sharing_group_id": "1",
        "comment": "logged source ip",
        "deleted": false,
        "disable_correlation": false,
        "first_seen": "1581984000000000",
        "last_seen": "1581984000000000"
      }
    ],
    "RelatedEvent": [
      {}
    ],
    "Galaxy": [
      {
        "id": "12345",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "name": "Ransomware",
        "type": "ransomware",
        "description": "Ransomware galaxy based on ...",
        "version": "1",
        "icon": "globe",
        "namespace": "misp",
        "kill_chain_order": {
          "fraud-tactics": [
            "Initiation",
            "Target Compromise",
            "Perform Fraud",
            "Obtain Fraudulent Assets",
            "Assets Transfer",
            "Monetisation"
          ]
        }
      }
    ],
    "Object": [
      {
        "id": "12345",
        "name": "ail-leak",
        "meta-category": "string",
        "description": "string",
        "template_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "template_version": "1",
        "event_id": "12345",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "timestamp": "1617875568",
        "distribution": "0",
        "sharing_group_id": "1",
        "comment": "string",
        "deleted": true,
        "first_seen": "1581984000000000",
        "last_seen": "1581984000000000",
        "Attribute": [
          {
            "id": "12345",
            "event_id": "12345",
            "object_id": "12345",
            "object_relation": "sensor",
            "category": "Internal reference",
            "type": "md5",
            "value": "127.0.0.1",
            "to_ids": true,
            "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
            "timestamp": "1617875568",
            "distribution": "0",
            "sharing_group_id": "1",
            "comment": "logged source ip",
            "deleted": false,
            "disable_correlation": false,
            "first_seen": "1581984000000000",
            "last_seen": "1581984000000000"
          }
        ]
      }
    ],
    "EventReport": [
      {
        "id": "12345",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "event_id": "12345",
        "name": "Report of the incident",
        "content": "string",
        "distribution": "0",
        "sharing_group_id": "1",
        "timestamp": "1617875568",
        "deleted": false
      }
    ],
    "Tag": [
      {
        "id": "12345",
        "name": "tlp:white",
        "colour": "#ffffff",
        "exportable": true,
        "org_id": "12345",
        "user_id": "12345",
        "hide_tag": false,
        "numerical_value": "12345",
        "is_galaxy": true,
        "is_custom_galaxy": true,
        "inherited": 1
      }
    ]
  }
]

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}
Search events:

POST

https://misp.local/events/index

Request:
{
  "page": 1,
  "limit": 0,
  "sort": "timestamp",
  "direction": "asc",
  "minimal": false,
  "attribute": "covert channel",
  "eventid": "12345",
  "datefrom": "2021-03-05",
  "dateuntil": "2021-03-05",
  "org": "CIRCL",
  "eventinfo": "Phishing campaing",
  "tag": "tlp:white",
  "tags": [
    "tlp:amber",
    "cycat:scope=\"exploit\""
  ],
  "distribution": "0",
  "sharinggroup": "1",
  "analysis": "0",
  "threatlevel": "1",
  "email": "admin@admin.test",
  "hasproposal": "1",
  "timestamp": "1",
  "publish_timestamp": "1",
  "searchDatefrom": "2020-01-20",
  "searchDateuntil": "2020-01-20"
}

 

Response:

200:

[
  {
    "id": "12345",
    "org_id": "12345",
    "distribution": "0",
    "info": "logged source ip",
    "orgc_id": "12345",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "date": "1991-01-15",
    "published": false,
    "analysis": "0",
    "attribute_count": "321",
    "timestamp": "1617875568",
    "sharing_group_id": "1",
    "proposal_email_lock": true,
    "locked": true,
    "threat_level_id": "1",
    "publish_timestamp": "1617875568",
    "sighting_timestamp": "1617875568",
    "disable_correlation": false,
    "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "event_creator_email": "user@example.com",
    "Feed": {
      "id": "3",
      "name": "CIRCL OSINT Feed",
      "provider": "CIRCL",
      "url": "https://www.circl.lu/doc/misp/feed-osint",
      "rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
      "enabled": true,
      "distribution": "0",
      "sharing_group_id": "1",
      "tag_id": "12345",
      "default": true,
      "source_format": "1",
      "fixed_event": true,
      "delta_merge": true,
      "event_id": "12345",
      "publish": false,
      "override_ids": true,
      "settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\"\"},\"common\":{\"excluderegex\":\"\"},\"disable_correlation\":\"1\"}",
      "input_source": "local",
      "delete_local_file": true,
      "lookup_visible": true,
      "headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
      "caching_enabled": true,
      "force_to_ids": true,
      "orgc_id": "12345",
      "cache_timestamp": "1617875568"
    },
    "Org": {
      "id": "12345",
      "name": "ORGNAME",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
    },
    "Orgc": {
      "id": "12345",
      "name": "ORGNAME",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
    },
    "Attribute": [
      {
        "id": "12345",
        "event_id": "12345",
        "object_id": "12345",
        "object_relation": "sensor",
        "category": "Internal reference",
        "type": "md5",
        "value": "127.0.0.1",
        "to_ids": true,
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "timestamp": "1617875568",
        "distribution": "0",
        "sharing_group_id": "1",
        "comment": "logged source ip",
        "deleted": false,
        "disable_correlation": false,
        "first_seen": "1581984000000000",
        "last_seen": "1581984000000000"
      }
    ],
    "ShadowAttribute": [
      {
        "id": "12345",
        "event_id": "12345",
        "object_id": "12345",
        "object_relation": "sensor",
        "category": "Internal reference",
        "type": "md5",
        "value": "127.0.0.1",
        "to_ids": true,
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "timestamp": "1617875568",
        "distribution": "0",
        "sharing_group_id": "1",
        "comment": "logged source ip",
        "deleted": false,
        "disable_correlation": false,
        "first_seen": "1581984000000000",
        "last_seen": "1581984000000000"
      }
    ],
    "RelatedEvent": [
      {}
    ],
    "Galaxy": [
      {
        "id": "12345",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "name": "Ransomware",
        "type": "ransomware",
        "description": "Ransomware galaxy based on ...",
        "version": "1",
        "icon": "globe",
        "namespace": "misp",
        "kill_chain_order": {
          "fraud-tactics": [
            "Initiation",
            "Target Compromise",
            "Perform Fraud",
            "Obtain Fraudulent Assets",
            "Assets Transfer",
            "Monetisation"
          ]
        }
      }
    ],
    "Object": [
      {
        "id": "12345",
        "name": "ail-leak",
        "meta-category": "string",
        "description": "string",
        "template_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "template_version": "1",
        "event_id": "12345",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "timestamp": "1617875568",
        "distribution": "0",
        "sharing_group_id": "1",
        "comment": "string",
        "deleted": true,
        "first_seen": "1581984000000000",
        "last_seen": "1581984000000000",
        "Attribute": [
          {
            "id": "12345",
            "event_id": "12345",
            "object_id": "12345",
            "object_relation": "sensor",
            "category": "Internal reference",
            "type": "md5",
            "value": "127.0.0.1",
            "to_ids": true,
            "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
            "timestamp": "1617875568",
            "distribution": "0",
            "sharing_group_id": "1",
            "comment": "logged source ip",
            "deleted": false,
            "disable_correlation": false,
            "first_seen": "1581984000000000",
            "last_seen": "1581984000000000"
          }
        ]
      }
    ],
    "EventReport": [
      {
        "id": "12345",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "event_id": "12345",
        "name": "Report of the incident",
        "content": "string",
        "distribution": "0",
        "sharing_group_id": "1",
        "timestamp": "1617875568",
        "deleted": false
      }
    ],
    "Tag": [
      {
        "id": "12345",
        "name": "tlp:white",
        "colour": "#ffffff",
        "exportable": true,
        "org_id": "12345",
        "user_id": "12345",
        "hide_tag": false,
        "numerical_value": "12345",
        "is_galaxy": true,
        "is_custom_galaxy": true,
        "inherited": 1
      }
    ]
  }
]

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get event by ID:

GET

https://misp.local/events/view/{eventId}

Response:

200:

{
  "Event": {
    "id": "12345",
    "org_id": "12345",
    "distribution": "0",
    "info": "logged source ip",
    "orgc_id": "12345",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "date": "1991-01-15",
    "published": false,
    "analysis": "0",
    "attribute_count": "321",
    "timestamp": "1617875568",
    "sharing_group_id": "1",
    "proposal_email_lock": true,
    "locked": true,
    "threat_level_id": "1",
    "publish_timestamp": "1617875568",
    "sighting_timestamp": "1617875568",
    "disable_correlation": false,
    "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "event_creator_email": "user@example.com",
    "Feed": {
      "id": "3",
      "name": "CIRCL OSINT Feed",
      "provider": "CIRCL",
      "url": "https://www.circl.lu/doc/misp/feed-osint",
      "rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
      "enabled": true,
      "distribution": "0",
      "sharing_group_id": "1",
      "tag_id": "12345",
      "default": true,
      "source_format": "1",
      "fixed_event": true,
      "delta_merge": true,
      "event_id": "12345",
      "publish": false,
      "override_ids": true,
      "settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\"\"},\"common\":{\"excluderegex\":\"\"},\"disable_correlation\":\"1\"}",
      "input_source": "local",
      "delete_local_file": true,
      "lookup_visible": true,
      "headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
      "caching_enabled": true,
      "force_to_ids": true,
      "orgc_id": "12345",
      "cache_timestamp": "1617875568"
    },
    "Org": {
      "id": "12345",
      "name": "ORGNAME",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
    },
    "Orgc": {
      "id": "12345",
      "name": "ORGNAME",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
    },
    "Attribute": [
      {
        "id": "12345",
        "event_id": "12345",
        "object_id": "12345",
        "object_relation": "sensor",
        "category": "Internal reference",
        "type": "md5",
        "value": "127.0.0.1",
        "to_ids": true,
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "timestamp": "1617875568",
        "distribution": "0",
        "sharing_group_id": "1",
        "comment": "logged source ip",
        "deleted": false,
        "disable_correlation": false,
        "first_seen": "1581984000000000",
        "last_seen": "1581984000000000"
      }
    ],
    "ShadowAttribute": [
      {
        "id": "12345",
        "event_id": "12345",
        "object_id": "12345",
        "object_relation": "sensor",
        "category": "Internal reference",
        "type": "md5",
        "value": "127.0.0.1",
        "to_ids": true,
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "timestamp": "1617875568",
        "distribution": "0",
        "sharing_group_id": "1",
        "comment": "logged source ip",
        "deleted": false,
        "disable_correlation": false,
        "first_seen": "1581984000000000",
        "last_seen": "1581984000000000"
      }
    ],
    "RelatedEvent": [
      {}
    ],
    "Galaxy": [
      {
        "id": "12345",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "name": "Ransomware",
        "type": "ransomware",
        "description": "Ransomware galaxy based on ...",
        "version": "1",
        "icon": "globe",
        "namespace": "misp",
        "kill_chain_order": {
          "fraud-tactics": [
            "Initiation",
            "Target Compromise",
            "Perform Fraud",
            "Obtain Fraudulent Assets",
            "Assets Transfer",
            "Monetisation"
          ]
        }
      }
    ],
    "Object": [
      {
        "id": "12345",
        "name": "ail-leak",
        "meta-category": "string",
        "description": "string",
        "template_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "template_version": "1",
        "event_id": "12345",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "timestamp": "1617875568",
        "distribution": "0",
        "sharing_group_id": "1",
        "comment": "string",
        "deleted": true,
        "first_seen": "1581984000000000",
        "last_seen": "1581984000000000",
        "Attribute": [
          {
            "id": "12345",
            "event_id": "12345",
            "object_id": "12345",
            "object_relation": "sensor",
            "category": "Internal reference",
            "type": "md5",
            "value": "127.0.0.1",
            "to_ids": true,
            "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
            "timestamp": "1617875568",
            "distribution": "0",
            "sharing_group_id": "1",
            "comment": "logged source ip",
            "deleted": false,
            "disable_correlation": false,
            "first_seen": "1581984000000000",
            "last_seen": "1581984000000000"
          }
        ]
      }
    ],
    "EventReport": [
      {
        "id": "12345",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "event_id": "12345",
        "name": "Report of the incident",
        "content": "string",
        "distribution": "0",
        "sharing_group_id": "1",
        "timestamp": "1617875568",
        "deleted": false
      }
    ],
    "Tag": [
      {
        "id": "12345",
        "name": "tlp:white",
        "colour": "#ffffff",
        "exportable": true,
        "org_id": "12345",
        "user_id": "12345",
        "hide_tag": false,
        "numerical_value": "12345",
        "is_galaxy": true,
        "is_custom_galaxy": true,
        "inherited": 1
      }
    ]
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Publish an event:

POST

https://misp.local/events/publish/{eventId}

Response:

200:

{
  "name": "Publish",
  "message": "Job queued",
  "url": "https://misp.local/events/alert/1",
  "id": "string"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Unpublish an event:

POST

https://misp.local/events/addTag/{eventId}/{tagId}/local:{local}

Response:

200:

{
  "saved": true,
  "success": true,
  "name": "Event unpublished.",
  "message": "Event unpublished.",
  "url": "/events/unpublish/1"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Add event tag:

POST

https://misp.local/events/addTag/{eventId}/{tagId}/local:{local}

Response:

200:

{
  "saved": true,
  "success": "Tag added.",
  "check_publish": true,
  "errors": "Tag could not be added."
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Remove event tag:

POST

https://misp.local/events/removeTag/{eventId}/{tagId}

Response:

200:

{
  "saved": true,
  "success": "Tag removed.",
  "check_publish": true,
  "errors": "Tag could not be added."
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

 

 

API Request ve Response Örnekleri

Galaxies

Get galaxies:

GET

https://misp.local/galaxies

Response:

200:

[
  {
    "Galaxy": {
      "id": "12345",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "name": "Ransomware",
      "type": "ransomware",
      "description": "Ransomware galaxy based on ...",
      "version": "1",
      "icon": "globe",
      "namespace": "misp",
      "kill_chain_order": {
        "fraud-tactics": [
          "Initiation",
          "Target Compromise",
          "Perform Fraud",
          "Obtain Fraudulent Assets",
          "Assets Transfer",
          "Monetisation"
        ]
      }
    }
  }
]

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

 

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Search galaxies:

POST

https://misp.local/galaxies

Request:
{
  "value": "botnet"
}
Response:

200:

[
  {
    "Galaxy": {
      "id": "12345",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "name": "Ransomware",
      "type": "ransomware",
      "description": "Ransomware galaxy based on ...",
      "version": "1",
      "icon": "globe",
      "namespace": "misp",
      "kill_chain_order": {
        "fraud-tactics": [
          "Initiation",
          "Target Compromise",
          "Perform Fraud",
          "Obtain Fraudulent Assets",
          "Assets Transfer",
          "Monetisation"
        ]
      }
    }
  }
]

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get galaxy by ID:

POST

https://misp.local/galaxies

Response:

200:

{
  "Galaxy": {
    "id": "12345",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "name": "Ransomware",
    "type": "ransomware",
    "description": "Ransomware galaxy based on ...",
    "version": "1",
    "icon": "globe",
    "namespace": "misp",
    "kill_chain_order": {
      "fraud-tactics": [
        "Initiation",
        "Target Compromise",
        "Perform Fraud",
        "Obtain Fraudulent Assets",
        "Assets Transfer",
        "Monetisation"
      ]
    }
  },
  "GalaxyCluster": [
    {
      "id": "12345",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "collection_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "type": "mitre-enterprise-attack-attack-pattern",
      "value": "Brute Force - T1110",
      "tag_name": "tlp:white",
      "description": "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained...",
      "galaxy_id": "12345",
      "source": "https://github.com/mitre/cti",
      "authors": [
        "MITRE"
      ],
      "version": "1",
      "distribution": "0",
      "sharing_group_id": "1",
      "org_id": "12345",
      "orgc_id": "12345",
      "default": true,
      "locked": true,
      "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "extends_version": "1",
      "published": false,
      "deleted": false,
      "GalaxyElement": [
        {
          "id": "12345",
          "galaxy_cluster_id": "12345",
          "key": "categories",
          "value": "Military"
        }
      ]
    }
  ]
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Force update the galaxies with the galaxy json definitions:

POST

https://misp.local/galaxies/update

Response:

200:

{
  "saved": true,
  "success": true,
  "name": "Galaxies updated.",
  "message": "Galaxies updated.",
  "url": "/galaxies/update"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Delete a galaxy:

DELETE

https://misp.local/galaxies/delete/{galaxyId}

Response:

200:

{
  "saved": true,
  "success": true,
  "name": "Galaxy deleted",
  "message": "Galaxy deleted",
  "url": "/galaxies/delete"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Import a galaxy cluster:

POST

https://misp.local/galaxies/import

Request:
[
  {
    "GalaxyCluster": {
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "collection_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "type": "mitre-enterprise-attack-attack-pattern",
      "value": "Brute Force - T1110",
      "tag_name": "tlp:white",
      "description": "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained...",
      "galaxy_id": "12345",
      "source": "https://github.com/mitre/cti",
      "authors": [
        "MITRE"
      ],
      "version": "1",
      "distribution": "0",
      "sharing_group_id": "1",
      "org_id": "12345",
      "orgc_id": "12345",
      "default": true,
      "locked": true,
      "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "extends_version": "1",
      "published": false,
      "deleted": false,
      "GalaxyElement": [
        {
          "id": "12345",
          "galaxy_cluster_id": "12345",
          "key": "categories",
          "value": "Military"
        }
      ]
    },
    "Galaxy": {
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
    }
  }
]

 

Response:

200:

{
  "saved": true,
  "success": true,
  "name": "'Galaxy clusters imported. 1 imported, 0 ignored, 0 failed.",
  "message": "'Galaxy clusters imported. 1 imported, 0 ignored, 0 failed.",
  "url": "/galaxies/import"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Export galaxy clusters

POST

https://misp.local/galaxies/export/{galaxyId}

Request:
{
  "Galaxy": {
    "default": true,
    "custom": true,
    "distribution": "0",
    "format": "default",
    "download": true
  }
}

 

Response:

200:

GalaxyMispFormat:

{
  "name": "Ransomware",
  "type": "ransomware",
  "authors": [
    "MITRE"
  ],
  "version": true,
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "source": "https://github.com/mitre/cti",
  "values": [
    {
      "description": "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained...",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "value": "Brute Force - T1110",
      "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "extends_Version": "1",
      "meta": [
        {
          "categories": "botnet"
        },
        {
          "refs": "http://example.com"
        },
        {
          "aliases": [
            "malware",
            "win32",
            "windows"
          ]
        },
        {
          "topics": [
            "Windows",
            "Malware"
          ]
        }
      ]
    }
  ]
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Attach the galaxy cluster tag a given entity

POST

https://misp.local/galaxies/attachCluster/{attachTargetId}/{attachTargetType}/local:{local}

Request:
{
  "Galaxy": {
    "target_id": 1235
  }
}
Response:

200:

{
  "saved": true,
  "success": "Cluster attached.",
  "check_publish": true
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

 

 

API Request ve Response Örnekleri

Galaxy Cluster

Add galaxy cluster:

GET

https://misp.local/galaxies

Request: 
{
  "id": "12345",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "collection_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "type": "mitre-enterprise-attack-attack-pattern",
  "value": "Brute Force - T1110",
  "tag_name": "tlp:white",
  "description": "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained...",
  "galaxy_id": "12345",
  "source": "https://github.com/mitre/cti",
  "authors": [
    "MITRE"
  ],
  "version": "1",
  "distribution": "0",
  "sharing_group_id": "1",
  "org_id": "12345",
  "orgc_id": "12345",
  "default": true,
  "locked": true,
  "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "extends_version": "1",
  "published": false,
  "deleted": false,
  "GalaxyElement": [
    {
      "id": "12345",
      "galaxy_cluster_id": "12345",
      "key": "categories",
      "value": "Military"
    }
  ]
}
Response:

200:

{
  "GalaxyCluster": {
    "id": "12345",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "collection_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "type": "mitre-enterprise-attack-attack-pattern",
    "value": "Brute Force - T1110",
    "tag_name": "tlp:white",
    "description": "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained...",
    "galaxy_id": "12345",
    "source": "https://github.com/mitre/cti",
    "authors": [
      "MITRE"
    ],
    "version": "1",
    "distribution": "0",
    "sharing_group_id": "1",
    "org_id": "12345",
    "orgc_id": "12345",
    "default": true,
    "locked": true,
    "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "extends_version": "1",
    "published": false,
    "deleted": false,
    "GalaxyElement": [
      {
        "id": "12345",
        "galaxy_cluster_id": "12345",
        "key": "categories",
        "value": "Military"
      }
    ]
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Edit galaxy cluster

POST

https://misp.local/galaxy_clusters/add/{galaxyId}

Request: 
{
  "id": "12345",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "collection_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "type": "mitre-enterprise-attack-attack-pattern",
  "value": "Brute Force - T1110",
  "tag_name": "tlp:white",
  "description": "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained...",
  "galaxy_id": "12345",
  "source": "https://github.com/mitre/cti",
  "authors": [
    "MITRE"
  ],
  "version": "1",
  "distribution": "0",
  "sharing_group_id": "1",
  "org_id": "12345",
  "orgc_id": "12345",
  "default": true,
  "locked": true,
  "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "extends_version": "1",
  "published": false,
  "deleted": false,
  "GalaxyElement": [
    {
      "id": "12345",
      "galaxy_cluster_id": "12345",
      "key": "categories",
      "value": "Military"
    }
  ]
}
Response:

200:

{
  "GalaxyCluster": {
    "id": "12345",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "collection_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "type": "mitre-enterprise-attack-attack-pattern",
    "value": "Brute Force - T1110",
    "tag_name": "tlp:white",
    "description": "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained...",
    "galaxy_id": "12345",
    "source": "https://github.com/mitre/cti",
    "authors": [
      "MITRE"
    ],
    "version": "1",
    "distribution": "0",
    "sharing_group_id": "1",
    "org_id": "12345",
    "orgc_id": "12345",
    "default": true,
    "locked": true,
    "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "extends_version": "1",
    "published": false,
    "deleted": false,
    "GalaxyElement": [
      {
        "id": "12345",
        "galaxy_cluster_id": "12345",
        "key": "categories",
        "value": "Military"
      }
    ]
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get galaxy clusters:

GET

https://misp.local/galaxy_clusters/add/{galaxyId}

Response:

200:

[
  {
    "GalaxyCluster": {
      "id": "12345",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "collection_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "type": "mitre-enterprise-attack-attack-pattern",
      "value": "Brute Force - T1110",
      "tag_name": "tlp:white",
      "description": "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained...",
      "galaxy_id": "12345",
      "source": "https://github.com/mitre/cti",
      "authors": [
        "MITRE"
      ],
      "version": "1",
      "distribution": "0",
      "sharing_group_id": "1",
      "org_id": "12345",
      "orgc_id": "12345",
      "default": true,
      "locked": true,
      "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "extends_version": "1",
      "published": false,
      "deleted": false,
      "GalaxyElement": [
        {
          "id": "12345",
          "galaxy_cluster_id": "12345",
          "key": "categories",
          "value": "Military"
        }
      ]
    }
  }
]

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Search galaxy clusters:

POST

https://misp.local/galaxy_clusters/add/{galaxyId}

Request:
{
  "context": "all",
  "searchall": "botnet"
}
Response:

200:

[
  {
    "GalaxyCluster": {
      "id": "12345",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "collection_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "type": "mitre-enterprise-attack-attack-pattern",
      "value": "Brute Force - T1110",
      "tag_name": "tlp:white",
      "description": "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained...",
      "galaxy_id": "12345",
      "source": "https://github.com/mitre/cti",
      "authors": [
        "MITRE"
      ],
      "version": "1",
      "distribution": "0",
      "sharing_group_id": "1",
      "org_id": "12345",
      "orgc_id": "12345",
      "default": true,
      "locked": true,
      "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "extends_version": "1",
      "published": false,
      "deleted": false,
      "GalaxyElement": [
        {
          "id": "12345",
          "galaxy_cluster_id": "12345",
          "key": "categories",
          "value": "Military"
        }
      ]
    }
  }
]

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get galaxy cluster by ID:

Get

https://misp.local/galaxy_clusters/view/{galaxyClusterId}

Response:

200:

{
  "GalaxyCluster": {
    "id": "12345",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "collection_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "type": "mitre-enterprise-attack-attack-pattern",
    "value": "Brute Force - T1110",
    "tag_name": "tlp:white",
    "description": "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained...",
    "galaxy_id": "12345",
    "source": "https://github.com/mitre/cti",
    "authors": [
      "MITRE"
    ],
    "version": "1",
    "distribution": "0",
    "sharing_group_id": "1",
    "org_id": "12345",
    "orgc_id": "12345",
    "default": true,
    "locked": true,
    "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "extends_version": "1",
    "published": false,
    "deleted": false,
    "GalaxyElement": [
      {
        "id": "12345",
        "galaxy_cluster_id": "12345",
        "key": "categories",
        "value": "Military"
      }
    ],
    "Galaxy": {
      "id": "12345",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "name": "Ransomware",
      "type": "ransomware",
      "description": "Ransomware galaxy based on ...",
      "version": "1",
      "icon": "globe",
      "namespace": "misp",
      "kill_chain_order": {
        "fraud-tactics": [
          "Initiation",
          "Target Compromise",
          "Perform Fraud",
          "Obtain Fraudulent Assets",
          "Assets Transfer",
          "Monetisation"
        ]
      }
    },
    "GalaxyClusterRelation": [
      {
        "id": "12345",
        "galaxy_cluster_id": "12345",
        "key": "categories",
        "value": "Military"
      }
    ],
    "Org": {
      "id": "12345",
      "name": "ORGNAME",
      "date_created": "2021-06-14 14:29:19",
      "date_modified": "2021-06-14 14:29:19",
      "description": "string",
      "type": "ADMIN",
      "nationality": "string",
      "sector": "string",
      "created_by": "12345",
      "uuid": "string",
      "contacts": "string",
      "local": true,
      "restricted_to_domain": [
        "example.com"
      ],
      "landingpage": "string",
      "user_count": "3",
      "created_by_email": "string"
    },
    "Orgc": {
      "id": "12345",
      "name": "ORGNAME",
      "date_created": "2021-06-14 14:29:19",
      "date_modified": "2021-06-14 14:29:19",
      "description": "string",
      "type": "ADMIN",
      "nationality": "string",
      "sector": "string",
      "created_by": "12345",
      "uuid": "string",
      "contacts": "string",
      "local": true,
      "restricted_to_domain": [
        "example.com"
      ],
      "landingpage": "string",
      "user_count": "3",
      "created_by_email": "string"
    },
    "tag_count": 0,
    "tag_id": "12345"
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Publish galaxy cluster:

POST

https://misp.local/galaxy_clusters/publish/{galaxyClusterId}

Response:

200:

{
  "message": "Publish job queued. Job ID: 4e9d26c275a7b190fcab10029df8c6b6"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Unpublish galaxy cluster:

POST

https://misp.local/galaxy_clusters/unpublish/{galaxyClusterId}

Response:

200:

{
  "saved": true,
  "success": true,
  "name": "GalaxyCluster unpublished",
  "message": "GalaxyCluster unpublished",
  "url": "/galaxy_clusters/publish/1"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Delete galaxy cluster:

POST

https://misp.local/galaxy_clusters/unpublish/{galaxyClusterId}

Response:

200:

{
  "saved": true,
  "success": true,
  "name": "Galaxy cluster successfuly soft deleted.",
  "message": "Galaxy cluster successfuly soft deleted.",
  "url": "/galaxy_clusters/delete/1"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Restore galaxy cluster:

POST

https://misp.local/galaxy_clusters/unpublish/{galaxyClusterId}

Response:

200:

{
  "saved": true,
  "success": true,
  "name": "GalaxyCluster restored",
  "message": "GalaxyCluster restored",
  "url": "/galaxy_clusters/restore/1"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

 

API Request ve Response Örnekleri

Users

Reset user password:

POST

https://misp.local/users/initiatePasswordReset/{userId}/{firstTimeReset}

Response: 

200:

{
  "saved": true,
  "success": "New credentials sent."
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Add user:

POST

https://misp.local/users/initiatePasswordReset/{userId}/{firstTimeReset}

Request:
{
  "org_id": "12345",
  "server_id": "12345",
  "email": "user@example.com",
  "autoalert": true,
  "authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
  "invited_by": "12345",
  "gpgkey": "string",
  "certif_public": "string",
  "nids_sid": "4000000",
  "termsaccepted": true,
  "newsread": "1617875568",
  "role_id": "3",
  "change_pw": "0",
  "contactalert": true,
  "disabled": true,
  "expiration": "2019-08-24T14:15:22Z",
  "current_login": "1617875568",
  "last_login": "1617875568",
  "force_logout": true,
  "date_created": "1617875568",
  "date_modified": "1617875568"
}
Response: 

200:

{
  "id": "12345",
  "org_id": "12345",
  "server_id": "12345",
  "email": "user@example.com",
  "autoalert": true,
  "authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
  "invited_by": "12345",
  "gpgkey": "string",
  "certif_public": "string",
  "nids_sid": "4000000",
  "termsaccepted": true,
  "newsread": "1617875568",
  "role_id": "3",
  "change_pw": "0",
  "contactalert": true,
  "disabled": true,
  "expiration": "2019-08-24T14:15:22Z",
  "current_login": "1617875568",
  "last_login": "1617875568",
  "force_logout": true,
  "date_created": "1617875568",
  "date_modified": "1617875568"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Edit user:

PUT

https://misp.local/admin/users/edit/{userId}

Request:
{
  "id": "12345",
  "org_id": "12345",
  "server_id": "12345",
  "email": "user@example.com",
  "autoalert": true,
  "authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
  "invited_by": "12345",
  "gpgkey": "string",
  "certif_public": "string",
  "nids_sid": "4000000",
  "termsaccepted": true,
  "newsread": "1617875568",
  "role_id": "3",
  "change_pw": "0",
  "contactalert": true,
  "disabled": true,
  "expiration": "2019-08-24T14:15:22Z",
  "current_login": "1617875568",
  "last_login": "1617875568",
  "force_logout": true,
  "date_created": "1617875568",
  "date_modified": "1617875568"
}
Response: 

200:

{
  "id": "12345",
  "org_id": "12345",
  "server_id": "12345",
  "email": "user@example.com",
  "autoalert": true,
  "authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
  "invited_by": "12345",
  "gpgkey": "string",
  "certif_public": "string",
  "nids_sid": "4000000",
  "termsaccepted": true,
  "newsread": "1617875568",
  "role_id": "3",
  "change_pw": "0",
  "contactalert": true,
  "disabled": true,
  "expiration": "2019-08-24T14:15:22Z",
  "current_login": "1617875568",
  "last_login": "1617875568",
  "force_logout": true,
  "date_created": "1617875568",
  "date_modified": "1617875568"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Delete user:

DELETE

https://misp.local/admin/users/delete/{userId}

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "User deleted.",
  "message": "User deleted.",
  "url": "/admin/users/delete/1"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get users:

GET

https://misp.local/admin/users

Response: 

200:

[
  {
    "User": {
      "id": "12345",
      "org_id": "12345",
      "server_id": "12345",
      "email": "user@example.com",
      "autoalert": true,
      "authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
      "invited_by": "12345",
      "gpgkey": "string",
      "certif_public": "string",
      "nids_sid": "4000000",
      "termsaccepted": true,
      "newsread": "1617875568",
      "role_id": "3",
      "change_pw": "0",
      "contactalert": true,
      "disabled": true,
      "expiration": "2019-08-24T14:15:22Z",
      "current_login": "1617875568",
      "last_login": "1617875568",
      "force_logout": true,
      "date_created": "1617875568",
      "date_modified": "1617875568"
    },
    "Role": {
      "id": "3",
      "name": "ORGNAME",
      "perm_add": true,
      "perm_modify": true,
      "perm_modify_org": true,
      "perm_publish": true,
      "perm_delegate": true,
      "perm_sync": true,
      "perm_admin": true,
      "perm_audit": true,
      "perm_auth": true,
      "perm_site_admin": true,
      "perm_regexp_access": true,
      "perm_tagger": true,
      "perm_template": true,
      "perm_sharing_group": true,
      "perm_tag_editor": true,
      "perm_sighting": true,
      "perm_object_template": true,
      "perm_publish_zmq": true,
      "perm_publish_kafka": true,
      "perm_decaying": true,
      "perm_galaxy_editor": true,
      "default_role": true,
      "memory_limit": "string",
      "max_execution_time": "string",
      "restricted_to_site_admin": true,
      "enforce_rate_limit": true,
      "rate_limit_count": "string",
      "permission": "3",
      "permission_description": "publish"
    },
    "Organisation": {
      "id": "12345",
      "name": "ORGNAME"
    }
  }
]

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get user by ID:

GET

https://misp.local/admin/users/view/{userId}

Response: 

200:

{
  "id": "12345",
  "org_id": "12345",
  "server_id": "12345",
  "email": "user@example.com",
  "autoalert": true,
  "authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
  "invited_by": "12345",
  "gpgkey": "string",
  "certif_public": "string",
  "nids_sid": "4000000",
  "termsaccepted": true,
  "newsread": "1617875568",
  "role_id": "3",
  "change_pw": "0",
  "contactalert": true,
  "disabled": true,
  "expiration": "2019-08-24T14:15:22Z",
  "current_login": "1617875568",
  "last_login": "1617875568",
  "force_logout": true,
  "date_created": "1617875568",
  "date_modified": "1617875568",
  "User": {
    "id": "12345",
    "org_id": "12345",
    "server_id": "12345",
    "email": "user@example.com",
    "autoalert": true,
    "authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
    "invited_by": "12345",
    "gpgkey": "string",
    "certif_public": "string",
    "nids_sid": "4000000",
    "termsaccepted": true,
    "newsread": "1617875568",
    "role_id": "3",
    "change_pw": "0",
    "contactalert": true,
    "disabled": true,
    "expiration": "2019-08-24T14:15:22Z",
    "current_login": "1617875568",
    "last_login": "1617875568",
    "force_logout": true,
    "date_created": "1617875568",
    "date_modified": "1617875568"
  },
  "Role": {
    "id": "3",
    "name": "ORGNAME",
    "perm_add": true,
    "perm_modify": true,
    "perm_modify_org": true,
    "perm_publish": true,
    "perm_delegate": true,
    "perm_sync": true,
    "perm_admin": true,
    "perm_audit": true,
    "perm_auth": true,
    "perm_site_admin": true,
    "perm_regexp_access": true,
    "perm_tagger": true,
    "perm_template": true,
    "perm_sharing_group": true,
    "perm_tag_editor": true,
    "perm_sighting": true,
    "perm_object_template": true,
    "perm_publish_zmq": true,
    "perm_publish_kafka": true,
    "perm_decaying": true,
    "perm_galaxy_editor": true,
    "default_role": true,
    "memory_limit": "string",
    "max_execution_time": "string",
    "restricted_to_site_admin": true,
    "enforce_rate_limit": true,
    "rate_limit_count": "string",
    "permission": "3",
    "permission_description": "publish"
  },
  "UserSetting": {
    "publish_alert_filter": [
      {
        "AND": [
          {
            "NOT": [
              {
                "EventTag.name": [
                  "%osint%"
                ]
              }
            ]
          },
          {
            "OR": [
              {
                "Tag.name": [
                  "tlp:green",
                  "tlp:amber",
                  "tlp:red",
                  "%privint%"
                ]
              }
            ]
          }
        ]
      }
    ],
    "dashboard_access": true,
    "dashboard": [
      {
        "widget": "MispStatusWidget",
        "position": {
          "x": "0",
          "y": "0",
          "width": "2",
          "height": "2"
        }
      }
    ],
    "homepage": {
      "path": "/events/index"
    },
    "default_restsearch_parameters": [
      {
        "AND": [
          {
            "NOT": [
              {
                "EventTag.name": [
                  "%osint%"
                ]
              }
            ]
          },
          {
            "OR": [
              {
                "Tag.name": [
                  "tlp:green",
                  "tlp:amber",
                  "tlp:red",
                  "%privint%"
                ]
              }
            ]
          }
        ]
      }
    ],
    "tag_numerical_value_override": [
      {
        "false-positive:risk='medium'": 99
      }
    ],
    "event_index_hide_columns": [
      "clusters"
    ]
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Delete user TOTP:

DELETE

https://misp.local/users/totp_delete/{userId}

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "User TOTP deleted.",
  "message": "User TOTP deleted.",
  "url": "/users/totp_delete/1",
  "id": "1"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid user",
  "message": "Invalid user",
  "url": "/users/totp_delete/1"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

API Request ve Response Örnekleri

Organisations

Add organisation:

POST

https://misp.local/admin/organisations/add

Request:
{
  "name": "ORGNAME",
  "date_created": "2021-06-14 14:29:19",
  "date_modified": "2021-06-14 14:29:19",
  "description": "string",
  "type": "ADMIN",
  "nationality": "string",
  "sector": "string",
  "created_by": "12345",
  "uuid": "string",
  "contacts": "string",
  "local": true,
  "restricted_to_domain": [
    "example.com"
  ],
  "landingpage": "string",
  "user_count": "3",
  "created_by_email": "string"
}
Response: 

200:

{
  "id": "12345",
  "name": "ORGNAME",
  "date_created": "2021-06-14 14:29:19",
  "date_modified": "2021-06-14 14:29:19",
  "description": "string",
  "type": "ADMIN",
  "nationality": "string",
  "sector": "string",
  "created_by": "12345",
  "uuid": "string",
  "contacts": "string",
  "local": true,
  "restricted_to_domain": [
    "example.com"
  ],
  "landingpage": "string",
  "user_count": "3",
  "created_by_email": "string"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Edit organisation:

PUT

https://misp.local/admin/organisations/edit/{organisationId}

Request:
{
  "name": "ORGNAME",
  "type": "ADMIN",
  "nationality": "string",
  "sector": "string",
  "contacts": "string",
  "description": "string",
  "local": true,
  "uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f",
  "restricted_to_domain": [
    "example.com"
  ]
}
Response: 

200:

{
  "id": "12345",
  "name": "ORGNAME",
  "date_created": "2021-06-14 14:29:19",
  "date_modified": "2021-06-14 14:29:19",
  "description": "string",
  "type": "ADMIN",
  "nationality": "string",
  "sector": "string",
  "created_by": "12345",
  "uuid": "string",
  "contacts": "string",
  "local": true,
  "restricted_to_domain": [
    "example.com"
  ],
  "landingpage": "string",
  "user_count": "3",
  "created_by_email": "string"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Delete organisation:

DELETE

https://misp.local/admin/organisations/delete/{organisationId}

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Organisation deleted",
  "message": "Organisation deleted",
  "url": "/admin/organisations/delete/1"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get organisations:

GET

https://misp.local/organisations

Response: 

200:

[
  {
    "Organisation": {
      "id": "12345",
      "name": "ORGNAME",
      "date_created": "2021-06-14 14:29:19",
      "date_modified": "2021-06-14 14:29:19",
      "description": "string",
      "type": "ADMIN",
      "nationality": "string",
      "sector": "string",
      "created_by": "12345",
      "uuid": "string",
      "contacts": "string",
      "local": true,
      "restricted_to_domain": [
        "example.com"
      ],
      "landingpage": "string",
      "user_count": "3",
      "created_by_email": "string"
    }
  }
]

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get organisation by ID:

GET

https://misp.local/organisations/view/{organisationId}

Response: 

200:

{
  "id": "12345",
  "name": "ORGNAME",
  "date_created": "2021-06-14 14:29:19",
  "date_modified": "2021-06-14 14:29:19",
  "description": "string",
  "type": "ADMIN",
  "nationality": "string",
  "sector": "string",
  "created_by": "12345",
  "uuid": "string",
  "contacts": "string",
  "local": true,
  "restricted_to_domain": [
    "example.com"
  ],
  "landingpage": "string",
  "user_count": "3",
  "created_by_email": "string"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

API Request ve Response Örnekleri

Server

Add server:

POST

https://misp.local/servers/add

Request:
{
  "name": "Phising Server",
  "url": "https://misppriv.circl.lu",
  "authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
  "org_id": "12345",
  "push": true,
  "pull": true,
  "push_sightings": true,
  "push_galaxy_clusters": true,
  "pull_galaxy_clusters": true,
  "lastpulledid": "12345",
  "lastpushedid": "12345",
  "organization": "string",
  "remote_org_id": "12345",
  "publish_without_email": true,
  "unpublish_event": true,
  "self_signed": true,
  "pull_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
  "push_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]}}",
  "cert_file": "string",
  "client_cert_file": "string",
  "internal": true,
  "skip_proxy": true,
  "caching_enabled": true,
  "priority": "1",
  "cache_timestamp": true
}
Response: 

200:

{
  "Server": {
    "id": "12345",
    "name": "Phising Server",
    "url": "https://misppriv.circl.lu",
    "authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
    "org_id": "12345",
    "push": true,
    "pull": true,
    "push_sightings": true,
    "push_galaxy_clusters": true,
    "pull_galaxy_clusters": true,
    "lastpulledid": "12345",
    "lastpushedid": "12345",
    "organization": "string",
    "remote_org_id": "12345",
    "publish_without_email": true,
    "unpublish_event": true,
    "self_signed": true,
    "pull_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
    "push_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]}}",
    "cert_file": "string",
    "client_cert_file": "string",
    "internal": true,
    "skip_proxy": true,
    "caching_enabled": true,
    "priority": "1",
    "cache_timestamp": true
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Edit server:

PUT

https://misp.local/servers/edit/{serverId}

Request:
{
  "id": "12345",
  "name": "Phising Server",
  "url": "https://misppriv.circl.lu",
  "authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
  "org_id": "12345",
  "push": true,
  "pull": true,
  "push_sightings": true,
  "push_galaxy_clusters": true,
  "pull_galaxy_clusters": true,
  "lastpulledid": "12345",
  "lastpushedid": "12345",
  "organization": "string",
  "remote_org_id": "12345",
  "publish_without_email": true,
  "unpublish_event": true,
  "self_signed": true,
  "pull_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
  "push_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]}}",
  "cert_file": "string",
  "client_cert_file": "string",
  "internal": true,
  "skip_proxy": true,
  "caching_enabled": true,
  "priority": "1",
  "cache_timestamp": true
}
Response: 

200:

{
  "Server": {
    "id": "12345",
    "name": "Phising Server",
    "url": "https://misppriv.circl.lu",
    "authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
    "org_id": "12345",
    "push": true,
    "pull": true,
    "push_sightings": true,
    "push_galaxy_clusters": true,
    "pull_galaxy_clusters": true,
    "lastpulledid": "12345",
    "lastpushedid": "12345",
    "organization": "string",
    "remote_org_id": "12345",
    "publish_without_email": true,
    "unpublish_event": true,
    "self_signed": true,
    "pull_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
    "push_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]}}",
    "cert_file": "string",
    "client_cert_file": "string",
    "internal": true,
    "skip_proxy": true,
    "caching_enabled": true,
    "priority": "1",
    "cache_timestamp": true
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Delete server:

POST

https://misp.local/servers/delete/{serverId}

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Server deleted",
  "message": "Server deleted",
  "url": "/servers/delete/1"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get servers:

GET

https://misp.local/servers

Response: 

200:

[
  {
    "Server": {
      "id": "12345",
      "name": "Phising Server",
      "url": "https://misppriv.circl.lu",
      "authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
      "org_id": "12345",
      "push": true,
      "pull": true,
      "push_sightings": true,
      "push_galaxy_clusters": true,
      "pull_galaxy_clusters": true,
      "lastpulledid": "12345",
      "lastpushedid": "12345",
      "organization": "string",
      "remote_org_id": "12345",
      "publish_without_email": true,
      "unpublish_event": true,
      "self_signed": true,
      "pull_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
      "push_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]}}",
      "cert_file": "string",
      "client_cert_file": "string",
      "internal": true,
      "skip_proxy": true,
      "caching_enabled": true,
      "priority": "1",
      "cache_timestamp": true
    },
    "Organisation": {
      "id": "12345",
      "name": "ORGNAME",
      "date_created": "2021-06-14 14:29:19",
      "date_modified": "2021-06-14 14:29:19",
      "description": "string",
      "type": "ADMIN",
      "nationality": "string",
      "sector": "string",
      "created_by": "12345",
      "uuid": "string",
      "contacts": "string",
      "local": true,
      "restricted_to_domain": [
        "example.com"
      ],
      "landingpage": "string",
      "user_count": "3",
      "created_by_email": "string"
    },
    "RemoteOrg": {
      "id": "12345",
      "name": "ORGNAME",
      "date_created": "2021-06-14 14:29:19",
      "date_modified": "2021-06-14 14:29:19",
      "description": "string",
      "type": "ADMIN",
      "nationality": "string",
      "sector": "string",
      "created_by": "12345",
      "uuid": "string",
      "contacts": "string",
      "local": true,
      "restricted_to_domain": [
        "example.com"
      ],
      "landingpage": "string",
      "user_count": "3",
      "created_by_email": "string"
    },
    "User": [
      {
        "id": "12345",
        "org_id": "12345",
        "server_id": "12345",
        "email": "user@example.com",
        "autoalert": true,
        "authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
        "invited_by": "12345",
        "gpgkey": "string",
        "certif_public": "string",
        "nids_sid": "4000000",
        "termsaccepted": true,
        "newsread": "1617875568",
        "role_id": "3",
        "change_pw": "0",
        "contactalert": true,
        "disabled": true,
        "expiration": "2019-08-24T14:15:22Z",
        "current_login": "1617875568",
        "last_login": "1617875568",
        "force_logout": true,
        "date_created": "1617875568",
        "date_modified": "1617875568"
      }
    ]
  }
]

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Pull server:

GET

https://misp.local/servers/pull/{serverId}/{pullTechnique}

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Pull queued for background execution. Job ID: 1",
  "message": "Pull queued for background execution. Job ID: 1",
  "url": "/servers/pull/1"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Push server:

GET

https://misp.local/servers/push/{serverId}/{pushTechnique}

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Push queued for background execution. Job ID: 1",
  "message": "Push queued for background execution. Job ID: 1",
  "url": "/servers/push/1"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get current instance version:

GET

https://misp.local/servers/getVersion

Response: 

200:

{
  "version": "2.4.142",
  "perm_sync": true,
  "perm_sighting": true,
  "perm_galaxy_editor": true,
  "request_encoding": [
    "gzip"
  ]
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get current instance PyMISP version:

GET

https://misp.local/servers/getPyMISPVersion

Response: 

200:

{
  "version": "2.4.142"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get current instance settings and diagnostics:

GET

https://misp.local/servers/serverSettings

Response: 

200:

{
  "version": {
    "current": "v2.4.142",
    "newest": "v2.4.142",
    "upToDate": "same"
  },
  "phpSettings": {
    "max_execution_time": {
      "explanation": "The maximum duration that a script can run (does not affect the background workers). A too low number will break long running scripts like comprehensive API exports",
      "recommended": 300,
      "unit": "seconds",
      "value": 300
    },
    "memory_limit": {
      "explanation": "The maximum duration that a script can run (does not affect the background workers). A too low number will break long running scripts like comprehensive API exports",
      "recommended": 300,
      "unit": "seconds",
      "value": 300
    },
    "upload_max_filesize": {
      "explanation": "The maximum duration that a script can run (does not affect the background workers). A too low number will break long running scripts like comprehensive API exports",
      "recommended": 300,
      "unit": "seconds",
      "value": 300
    },
    "post_max_size": {
      "explanation": "The maximum duration that a script can run (does not affect the background workers). A too low number will break long running scripts like comprehensive API exports",
      "recommended": 300,
      "unit": "seconds",
      "value": 300
    }
  },
  "gpgStatus": "FAIL: Failed to load GnuPG",
  "proxyStatus": "not configured (so not tested)",
  "zmqStatus": 1,
  "stix": {
    "operational": 1,
    "stix": {
      "version": "1.2.0.11",
      "expected": ">1.2.0.9",
      "status": 1
    },
    "cybox": {
      "version": "1.2.0.11",
      "expected": ">1.2.0.9",
      "status": 1
    },
    "mixbox": {
      "version": "1.2.0.11",
      "expected": ">1.2.0.9",
      "status": 1
    },
    "maec": {
      "version": "1.2.0.11",
      "expected": ">1.2.0.9",
      "status": 1
    },
    "stix2": {
      "version": "1.2.0.11",
      "expected": ">1.2.0.9",
      "status": 1
    },
    "pymisp": {
      "version": "1.2.0.11",
      "expected": ">1.2.0.9",
      "status": 1
    }
  },
  "moduleStatus": {
    "Enrichment": 1,
    "Import": 1,
    "Export": 1,
    "Cortex": 1
  },
  "writeableDirs": {
    "/tmp": 0,
    "/var/www/MISP/app/tmp": 0,
    "/var/www/MISP/app/files": 0,
    "/var/www/MISP/app/files/scripts/tmp": 0
  },
  "writeableFiles": {
    "/var/www/MISP/app/Config/config.php": 0,
    "/var/www/MISP/.git/ORIG_HEAD": 2
  },
  "readableFiles": {
    "/var/www/MISP/app/files/scripts/stixtest.py": 0
  },
  "dbDiagnostics": {
    "admin_settings": {
      "table": "admin_settings",
      "used": "0.03 MB",
      "reclaimable": "0 MB",
      "data_in_bytes": 16384,
      "index_in_bytes": 16384,
      "reclaimable_in_bytes": 0
    },
    "allowedlist": {
      "table": "allowedlist",
      "used": "0.02 MB",
      "reclaimable": "0 MB",
      "data_in_bytes": 16384,
      "index_in_bytes": 0,
      "reclaimable_in_bytes": 0
    }
  },
  "dbSchemaDiagnostics": {
    "dataSource": "Database/Mysql",
    "actual_db_version": "68",
    "checked_table_column": [
      "column_name"
    ],
    "diagnostic": {},
    "diagnostic_index": {
      "event_reports": {
        "event_id": {
          "message": "Column `event_id` is indexed but should not",
          "sql": "DROP INDEX `event_id` ON event_reports;"
        }
      }
    },
    "expected_db_version": "70",
    "error": "string",
    "update_locked": true,
    "remaining_lock_time": 0,
    "update_fail_number_reached": true,
    "indexes": {
      "admin_settings": {
        "id": true,
        "setting": false
      }
    },
    "columnPerTable": {
      "admin_settings": [
        "id",
        "setting",
        "value"
      ]
    }
  },
  "redisInfo": {
    "extensionVersion": "5.1.1",
    "connection": true,
    "redis_version": "5.0.7",
    "redis_git_sha1": 0,
    "redis_git_dirty": 0,
    "redis_build_id": "636cde3b5c7a3923",
    "redis_mode": "standalone",
    "os": "Linux 5.8.0-50-generic x86_64",
    "arch_bits": 64,
    "multiplexing_api": "epoll",
    "atomicvar_api": "atomic-builtin",
    "gcc_version": "9.2.1",
    "process_id": 1051,
    "run_id": "f894944d92c978df93a18821fb5ebe30dfd0b257",
    "tcp_port": 6379,
    "uptime_in_seconds": 327116,
    "uptime_in_days": 3,
    "hz": 10,
    "configured_hz": 10,
    "lru_clock": 10365184,
    "executable": "/usr/bin/redis-server",
    "config_file": "/etc/redis/redis.conf",
    "connected_clients": 18,
    "client_recent_max_input_buffer": 2,
    "client_recent_max_output_buffer": 0,
    "blocked_clients": 0,
    "used_memory": 1309488,
    "used_memory_human": "1.25M",
    "used_memory_rss": 5541888,
    "used_memory_rss_human": "5.29M",
    "used_memory_peak": 1410464,
    "used_memory_peak_human": "1.35M",
    "used_memory_peak_perc": "92.84%",
    "used_memory_overhead": 1200800,
    "used_memory_startup": 796232,
    "used_memory_dataset": 108688,
    "used_memory_dataset_perc": "21.18%",
    "allocator_allocated": 1480176,
    "allocator_active": 1896448,
    "allocator_resident": 5890048,
    "total_system_memory": 33406590976,
    "total_system_memory_human": "31.11G",
    "used_memory_lua": 41984,
    "used_memory_lua_human": "41.00K",
    "used_memory_scripts": 0,
    "used_memory_scripts_human": "0B",
    "number_of_cached_scripts": 0,
    "maxmemory": 0,
    "maxmemory_human": "0B",
    "maxmemory_policy": "noeviction",
    "allocator_frag_ratio": 1.28,
    "allocator_frag_bytes": 416272,
    "allocator_rss_ratio": 3.11,
    "allocator_rss_bytes": 3993600,
    "rss_overhead_ratio": 0.94,
    "rss_overhead_bytes": -348160,
    "mem_fragmentation_ratio": 4.24,
    "mem_fragmentation_bytes": 4233432,
    "mem_not_counted_for_evict": 0,
    "mem_replication_backlog": 0,
    "mem_clients_slaves": 0,
    "mem_clients_normal": 402912,
    "mem_aof_buffer": 0,
    "mem_allocator": "jemalloc-5.2.1",
    "active_defrag_running": 0,
    "lazyfree_pending_objects": 0,
    "loading": 0,
    "rdb_changes_since_last_save": 0,
    "rdb_bgsave_in_progress": 0,
    "rdb_last_save_time": 1620977919,
    "rdb_last_bgsave_status": "ok",
    "rdb_last_bgsave_time_sec": 0,
    "rdb_current_bgsave_time_sec": -1,
    "rdb_last_cow_size": 446464,
    "aof_enabled": 0,
    "aof_rewrite_in_progress": 0,
    "aof_rewrite_scheduled": 0,
    "aof_last_rewrite_time_sec": -1,
    "aof_current_rewrite_time_sec": -1,
    "aof_last_bgrewrite_status": "ok",
    "aof_last_write_status": "ok",
    "aof_last_cow_size": 0,
    "total_connections_received": 289,
    "total_commands_processed": 252747,
    "instantaneous_ops_per_sec": 7,
    "total_net_input_bytes": 12111506,
    "total_net_output_bytes": 1232466,
    "instantaneous_input_kbps": 0.36,
    "instantaneous_output_kbps": 0.03,
    "rejected_connections": 0,
    "sync_full": 0,
    "sync_partial_ok": 0,
    "sync_partial_err": 0,
    "expired_keys": 17,
    "expired_stale_perc": 0,
    "expired_time_cap_reached_count": 0,
    "evicted_keys": 0,
    "keyspace_hits": 70,
    "keyspace_misses": 62805,
    "pubsub_channels": 0,
    "pubsub_patterns": 0,
    "latest_fork_usec": 168,
    "migrate_cached_sockets": 0,
    "slave_expires_tracked_keys": 0,
    "active_defrag_hits": 0,
    "active_defrag_misses": 0,
    "active_defrag_key_hits": 0,
    "active_defrag_key_misses": 0,
    "role": "master",
    "connected_slaves": 0,
    "master_replid": "d5e7afcf4fd1a31e539a4eadd5caf2a7da6d121c",
    "master_replid2": 0,
    "master_repl_offset": 0,
    "second_repl_offset": -1,
    "repl_backlog_active": 0,
    "repl_backlog_size": 1048576,
    "repl_backlog_first_byte_offset": 0,
    "repl_backlog_histlen": 0,
    "used_cpu_sys": 195.014281,
    "used_cpu_user": 217.352183,
    "used_cpu_sys_children": 0.050885,
    "used_cpu_user_children": 0.076436,
    "cluster_enabled": 0,
    "db0": "keys=15,expires=0,avg_ttl=0",
    "db13": "keys=12,expires=4,avg_ttl=21265731140"
  },
  "finalSettings": [
    {
      "level": 0,
      "value": "string",
      "errorMessage": "The currently set baseurl does not match the URL through which you have accessed the page. Disregard this if you are accessing the page via an alternate URL (for example via IP address).",
      "test": "testBaseURL",
      "type": "string",
      "null": true,
      "subGroup": "Enrichment",
      "cli_only": 1,
      "redacted": true,
      "optionsSource": {},
      "afterHook": "cleanCacheFiles",
      "error": 1,
      "tab": "MISP",
      "setting": "MISP.baseurl",
      "options": {}
    }
  ],
  "extensions": {
    "cli": {
      "phpversion": "7.4.3"
    },
    "extensions": {
      "json": {
        "web_version": "7.4.3",
        "web_version_outdated": false,
        "cli_version": "7.4.3",
        "cli_version_outdated": false,
        "required": true,
        "info": null
      }
    }
  },
  "workers": {
    "cache": {
      "ok": true,
      "workers": [
        {
          "pid": 1233,
          "user": "www-data",
          "alive": true,
          "correct_user": true,
          "ok": true
        }
      ],
      "jobCount": 0
    },
    "default": {
      "ok": true,
      "workers": [
        {
          "pid": 1233,
          "user": "www-data",
          "alive": true,
          "correct_user": true,
          "ok": true
        }
      ],
      "jobCount": 0
    },
    "email": {
      "ok": true,
      "workers": [
        {
          "pid": 1233,
          "user": "www-data",
          "alive": true,
          "correct_user": true,
          "ok": true
        }
      ],
      "jobCount": 0
    },
    "prio": {
      "ok": true,
      "workers": [
        {
          "pid": 1233,
          "user": "www-data",
          "alive": true,
          "correct_user": true,
          "ok": true
        }
      ],
      "jobCount": 0
    },
    "update": {
      "ok": true,
      "workers": [
        {
          "pid": 1233,
          "user": "www-data",
          "alive": true,
          "correct_user": true,
          "ok": true
        }
      ],
      "jobCount": 0
    },
    "scheduler": {
      "ok": true,
      "workers": [
        {
          "pid": 1233,
          "user": "www-data",
          "alive": true,
          "correct_user": true,
          "ok": true
        }
      ],
      "jobCount": 0
    },
    "proc_accessible": true,
    "controls": true
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get workers:

GET

https://misp.local/servers/getWorkers

Response: 

200:

{
  "cache": {
    "ok": true,
    "workers": [
      {
        "pid": 1233,
        "user": "www-data",
        "alive": true,
        "correct_user": true,
        "ok": true
      }
    ],
    "jobCount": 0
  },
  "default": {
    "ok": true,
    "workers": [
      {
        "pid": 1233,
        "user": "www-data",
        "alive": true,
        "correct_user": true,
        "ok": true
      }
    ],
    "jobCount": 0
  },
  "email": {
    "ok": true,
    "workers": [
      {
        "pid": 1233,
        "user": "www-data",
        "alive": true,
        "correct_user": true,
        "ok": true
      }
    ],
    "jobCount": 0
  },
  "prio": {
    "ok": true,
    "workers": [
      {
        "pid": 1233,
        "user": "www-data",
        "alive": true,
        "correct_user": true,
        "ok": true
      }
    ],
    "jobCount": 0
  },
  "update": {
    "ok": true,
    "workers": [
      {
        "pid": 1233,
        "user": "www-data",
        "alive": true,
        "correct_user": true,
        "ok": true
      }
    ],
    "jobCount": 0
  },
  "scheduler": {
    "ok": true,
    "workers": [
      {
        "pid": 1233,
        "user": "www-data",
        "alive": true,
        "correct_user": true,
        "ok": true
      }
    ],
    "jobCount": 0
  },
  "proc_accessible": true,
  "controls": true
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Start worker:

POST

https://misp.local/servers/startWorker/{workerType}

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Worker start signal sent",
  "message": "Worker start signal sent",
  "url": "/servers/startWorker/email"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Stop worker:

POST

https://misp.local/servers/stopWorker/{workerPid}

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Worker stop signal sent",
  "message": "Worker stop signal sent",
  "url": "/servers/startWorker/1234"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Kill all workers:

POST

https://misp.local/servers/killAllWorkers

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Killing workers.",
  "message": "Killing workers.",
  "url": "/servers/killAllWorkers"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Restart workers:

POST

https://misp.local/servers/restartWorkers

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Restarting workers.",
  "message": "Restarting workers.",
  "url": "/servers/restartWorkers"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Restart dead workers:

POST

https://misp.local/servers/restartDeadWorkers

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Restarting workers.",
  "message": "Restarting workers.",
  "url": "/servers/restartDeadWorkers"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Update server:

POST

https://misp.local/servers/update

Response: 

200:

{
  "results": [
    {
      "input": "cd $(git rev-parse --show-toplevel) && git checkout app/composer.json 2>&1",
      "output": [
        "Updated 1 path from the index"
      ],
      "status": 0
    }
  ]
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Cache server:

POST

https://misp.local/servers/cache

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Server caching job initiated.",
  "message": "Server caching job initiated.",
  "url": "/servers/cache"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Create sync:

POST

https://misp.local/servers/createSync

Response: 

200:

{
  "Server": {
    "url": "https://misppriv.circl.lu",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
    "Organisation": {
      "name": "ORGNAME",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
    }
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get instance UUID:

GET

https://misp.local/servers/getInstanceUUID

Response: 

200:

{
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get server setting by name:

GET

https://misp.local/servers/getSetting/{settingName}

Response: 

200:

{
  "level": 0,
  "value": "string",
  "errorMessage": "The currently set baseurl does not match the URL through which you have accessed the page. Disregard this if you are accessing the page via an alternate URL (for example via IP address).",
  "test": "testBaseURL",
  "type": "string",
  "null": true,
  "subGroup": "Enrichment",
  "cli_only": 1,
  "redacted": true,
  "optionsSource": {},
  "afterHook": "cleanCacheFiles",
  "error": 1,
  "tab": "MISP",
  "setting": "MISP.baseurl",
  "options": {}
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Edit server setting:

POST

https://misp.local/servers/serverSettingsEdit/{settingName}

Request: 
{
  "value": "string"
}
Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Field updated",
  "message": "Field updated",
  "url": "/servers/serverSettingsEdit"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Import server:

POST

https://misp.local/servers/import

Request: 
{
  "name": "Phising Server",
  "url": "https://misppriv.circl.lu",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
  "Organisation": {
    "name": "ORGNAME"
  }
}
Response: 

200:

{
  "Server": {
    "id": "12345",
    "name": "Phising Server",
    "url": "https://misppriv.circl.lu",
    "authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
    "org_id": "12345",
    "push": true,
    "pull": true,
    "push_sightings": true,
    "push_galaxy_clusters": true,
    "pull_galaxy_clusters": true,
    "lastpulledid": "12345",
    "lastpushedid": "12345",
    "organization": "string",
    "remote_org_id": "12345",
    "publish_without_email": true,
    "unpublish_event": true,
    "self_signed": true,
    "pull_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
    "push_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]}}",
    "cert_file": "string",
    "client_cert_file": "string",
    "internal": true,
    "skip_proxy": true,
    "caching_enabled": true,
    "priority": "1",
    "cache_timestamp": true
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

API Request ve Response Örnekleri

Sharing Group

Add a sharing group:

POST

https://misp.local/sharing_groups/add

Request:
{
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "name": "Banking Sharing Group",
  "description": "Banking Institutions of X Sharing Group",
  "releasability": "string",
  "local": true,
  "active": true,
  "org_count": "6",
  "organisation_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "org_id": "12345",
  "sync_user_id": "12345",
  "created": "string",
  "modified": "string",
  "roaming": true
}
Response: 

200:

{
  "SharingGroup": {
    "id": "1",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "name": "Banking Sharing Group",
    "description": "Banking Institutions of X Sharing Group",
    "releasability": "string",
    "local": true,
    "active": true,
    "org_count": "6",
    "organisation_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "org_id": "12345",
    "sync_user_id": "12345",
    "created": "string",
    "modified": "string",
    "roaming": true
  },
  "Organisation": {
    "id": "12345",
    "name": "ORGNAME",
    "date_created": "2021-06-14 14:29:19",
    "date_modified": "2021-06-14 14:29:19",
    "description": "string",
    "type": "ADMIN",
    "nationality": "string",
    "sector": "string",
    "created_by": "12345",
    "uuid": "string",
    "contacts": "string",
    "local": true,
    "restricted_to_domain": [
      "example.com"
    ],
    "landingpage": "string",
    "user_count": "3",
    "created_by_email": "string"
  },
  "SharingGroupOrg": [
    {
      "id": "1",
      "sharing_group_id": "1",
      "org_id": "12345",
      "extend": true,
      "Organisation": {
        "id": "12345",
        "name": "ORGNAME",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
      }
    }
  ],
  "SharingGroupServer": [
    {
      "all_orgs": true,
      "server_id": "12345",
      "sharing_group_id": "1",
      "Server": {
        "id": "12345",
        "name": "Phising Server"
      }
    }
  ],
  "editable": true,
  "deletable": true
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Edit a sharing group:

POST

https://misp.local/sharing_groups/edit/{sharingGroupId}

Request:
{
  "id": "1",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "name": "Banking Sharing Group",
  "description": "Banking Institutions of X Sharing Group",
  "releasability": "string",
  "local": true,
  "active": true,
  "org_count": "6",
  "organisation_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "org_id": "12345",
  "sync_user_id": "12345",
  "created": "string",
  "modified": "string",
  "roaming": true
}
Response: 

200:

{
  "SharingGroup": {
    "id": "1",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "name": "Banking Sharing Group",
    "description": "Banking Institutions of X Sharing Group",
    "releasability": "string",
    "local": true,
    "active": true,
    "org_count": "6",
    "organisation_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "org_id": "12345",
    "sync_user_id": "12345",
    "created": "string",
    "modified": "string",
    "roaming": true
  },
  "Organisation": {
    "id": "12345",
    "name": "ORGNAME",
    "date_created": "2021-06-14 14:29:19",
    "date_modified": "2021-06-14 14:29:19",
    "description": "string",
    "type": "ADMIN",
    "nationality": "string",
    "sector": "string",
    "created_by": "12345",
    "uuid": "string",
    "contacts": "string",
    "local": true,
    "restricted_to_domain": [
      "example.com"
    ],
    "landingpage": "string",
    "user_count": "3",
    "created_by_email": "string"
  },
  "SharingGroupOrg": [
    {
      "id": "1",
      "sharing_group_id": "1",
      "org_id": "12345",
      "extend": true,
      "Organisation": {
        "id": "12345",
        "name": "ORGNAME",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
      }
    }
  ],
  "SharingGroupServer": [
    {
      "all_orgs": true,
      "server_id": "12345",
      "sharing_group_id": "1",
      "Server": {
        "id": "12345",
        "name": "Phising Server"
      }
    }
  ],
  "editable": true,
  "deletable": true
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Delete a sharing group:

DELETE

https://misp.local/sharing_groups/delete/{sharingGroupId}

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "SharingGroup deleted",
  "message": "SharingGroup deleted",
  "url": "/sharing_groups/delete/1"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get a list of sharing groups:

GET

https://misp.local/sharing_groups

Response: 

200:

{
  "response": [
    {
      "SharingGroup": {
        "id": "1",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "name": "Banking Sharing Group",
        "description": "Banking Institutions of X Sharing Group",
        "releasability": "string",
        "local": true,
        "active": true,
        "org_count": "6"
      },
      "Organisation": {
        "id": "12345",
        "name": "ORGNAME",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
      },
      "SharingGroupOrg": [
        {
          "id": "1",
          "sharing_group_id": "1",
          "org_id": "12345",
          "extend": true,
          "Organisation": {
            "id": "12345",
            "name": "ORGNAME",
            "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
          }
        }
      ],
      "SharingGroupServer": [
        {
          "all_orgs": true,
          "server_id": "12345",
          "sharing_group_id": "1",
          "Server": {
            "id": "12345",
            "name": "Phising Server"
          }
        }
      ],
      "editable": true,
      "deletable": true
    }
  ]
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get a sharing group by ID:

GET

https://misp.local/sharing_groups/view/{sharingGroupId}

Response: 

200:

{
  "SharingGroup": {
    "id": "1",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "name": "Banking Sharing Group",
    "description": "Banking Institutions of X Sharing Group",
    "releasability": "string",
    "local": true,
    "active": true,
    "org_count": "6",
    "organisation_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "org_id": "12345",
    "sync_user_id": "12345",
    "created": "string",
    "modified": "string",
    "roaming": true
  },
  "Organisation": {
    "id": "12345",
    "name": "ORGNAME",
    "date_created": "2021-06-14 14:29:19",
    "date_modified": "2021-06-14 14:29:19",
    "description": "string",
    "type": "ADMIN",
    "nationality": "string",
    "sector": "string",
    "created_by": "12345",
    "uuid": "string",
    "contacts": "string",
    "local": true,
    "restricted_to_domain": [
      "example.com"
    ],
    "landingpage": "string",
    "user_count": "3",
    "created_by_email": "string"
  },
  "SharingGroupOrg": [
    {
      "id": "1",
      "sharing_group_id": "1",
      "org_id": "12345",
      "extend": true,
      "Organisation": {
        "id": "12345",
        "name": "ORGNAME",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
      }
    }
  ],
  "SharingGroupServer": [
    {
      "all_orgs": true,
      "server_id": "12345",
      "sharing_group_id": "1",
      "Server": {
        "id": "12345",
        "name": "Phising Server"
      }
    }
  ],
  "editable": true,
  "deletable": true
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Add an organisation to a sharing group:

POST

https://misp.local/sharing_groups/addOrg/{sharingGroupId}/{organisationId}

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Organisation added to the sharing group.",
  "message": "Organisation added to the sharing group.",
  "url": "/sharing_groups/addOrg"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Remove an organisation from a sharing group:

POST

https://misp.local/sharing_groups/removeOrg/{sharingGroupId}/{organisationId}

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Organisation removed from the sharing group.",
  "message": "Organisation removed from the sharing group.",
  "url": "/sharing_groups/removeOrg"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Add a server to a sharing group:

POST

https://misp.local/sharing_groups/addServer/{sharingGroupId}/{serverId}

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Server added to the sharing group.",
  "message": "Server added to the sharing group.",
  "url": "/sharing_groups/addServer"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Remove a server from a sharing group:

POST

https://misp.local/sharing_groups/removeServer/{sharingGroupServerId}/{serverId}

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Server removed from the sharing group.",
  "message": "Server removed from the sharing group.",
  "url": "/sharing_groups/removeServer"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

API Request ve Response Örnekleri

Feed

Get a list of feeds:

GET

https://misp.local/feeds

Response: 

200:

[
  {
    "Feed": {
      "id": "3",
      "name": "CIRCL OSINT Feed",
      "provider": "CIRCL",
      "url": "https://www.circl.lu/doc/misp/feed-osint",
      "rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
      "enabled": true,
      "distribution": "0",
      "sharing_group_id": "1",
      "tag_id": "12345",
      "default": true,
      "source_format": "1",
      "fixed_event": true,
      "delta_merge": true,
      "event_id": "12345",
      "publish": false,
      "override_ids": true,
      "settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\"\"},\"common\":{\"excluderegex\":\"\"},\"disable_correlation\":\"1\"}",
      "input_source": "local",
      "delete_local_file": true,
      "lookup_visible": true,
      "headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
      "caching_enabled": true,
      "force_to_ids": true,
      "orgc_id": "12345",
      "cache_timestamp": "1617875568"
    }
  }
]

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get a feed by ID:

GET

https://misp.local/feeds/view/{feedId}

Response: 

200:

{
  "Feed": {
    "id": "3",
    "name": "CIRCL OSINT Feed",
    "provider": "CIRCL",
    "url": "https://www.circl.lu/doc/misp/feed-osint",
    "rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
    "enabled": true,
    "distribution": "0",
    "sharing_group_id": "1",
    "tag_id": "12345",
    "default": true,
    "source_format": "1",
    "fixed_event": true,
    "delta_merge": true,
    "event_id": "12345",
    "publish": false,
    "override_ids": true,
    "settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\"\"},\"common\":{\"excluderegex\":\"\"},\"disable_correlation\":\"1\"}",
    "input_source": "local",
    "delete_local_file": true,
    "lookup_visible": true,
    "headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
    "caching_enabled": true,
    "force_to_ids": true,
    "orgc_id": "12345",
    "cache_timestamp": "1617875568"
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Add a feed:

POST

https://misp.local/feeds/view/{feedId}

Request:
{
  "name": "CIRCL OSINT Feed",
  "provider": "CIRCL",
  "url": "https://www.circl.lu/doc/misp/feed-osint",
  "rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
  "enabled": true,
  "distribution": "0",
  "sharing_group_id": "1",
  "tag_id": "12345",
  "source_format": "1",
  "fixed_event": true,
  "delta_merge": true,
  "event_id": "12345",
  "publish": false,
  "override_ids": true,
  "input_source": "local",
  "delete_local_file": true,
  "lookup_visible": true,
  "headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
  "caching_enabled": true,
  "force_to_ids": true,
  "orgc_id": "12345"
}
Response: 

200:

{
  "Feed": {
    "id": "3",
    "name": "CIRCL OSINT Feed",
    "provider": "CIRCL",
    "url": "https://www.circl.lu/doc/misp/feed-osint",
    "rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
    "enabled": true,
    "distribution": "0",
    "sharing_group_id": "1",
    "tag_id": "12345",
    "default": true,
    "source_format": "1",
    "fixed_event": true,
    "delta_merge": true,
    "event_id": "12345",
    "publish": false,
    "override_ids": true,
    "settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\"\"},\"common\":{\"excluderegex\":\"\"},\"disable_correlation\":\"1\"}",
    "input_source": "local",
    "delete_local_file": true,
    "lookup_visible": true,
    "headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
    "caching_enabled": true,
    "force_to_ids": true,
    "orgc_id": "12345",
    "cache_timestamp": "1617875568"
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Edit a feed:

PUT

https://misp.local/feeds/edit/{feedId}

Request:
{
  "id": "3",
  "name": "CIRCL OSINT Feed",
  "provider": "CIRCL",
  "url": "https://www.circl.lu/doc/misp/feed-osint",
  "rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
  "enabled": true,
  "distribution": "0",
  "sharing_group_id": "1",
  "tag_id": "12345",
  "source_format": "1",
  "fixed_event": true,
  "delta_merge": true,
  "event_id": "12345",
  "publish": false,
  "override_ids": true,
  "input_source": "local",
  "delete_local_file": true,
  "lookup_visible": true,
  "headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
  "caching_enabled": true,
  "force_to_ids": true,
  "orgc_id": "12345"
}
Response: 

200:

{
  "Feed": {
    "id": "3",
    "name": "CIRCL OSINT Feed",
    "provider": "CIRCL",
    "url": "https://www.circl.lu/doc/misp/feed-osint",
    "rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
    "enabled": true,
    "distribution": "0",
    "sharing_group_id": "1",
    "tag_id": "12345",
    "default": true,
    "source_format": "1",
    "fixed_event": true,
    "delta_merge": true,
    "event_id": "12345",
    "publish": false,
    "override_ids": true,
    "settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\"\"},\"common\":{\"excluderegex\":\"\"},\"disable_correlation\":\"1\"}",
    "input_source": "local",
    "delete_local_file": true,
    "lookup_visible": true,
    "headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
    "caching_enabled": true,
    "force_to_ids": true,
    "orgc_id": "12345",
    "cache_timestamp": "1617875568"
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Enable feed:

POST

https://misp.local/feeds/enable/{feedId}

Response: 

200:

{
  "name": "Feed enabled.",
  "message": "Feed enabled.",
  "url": "/feeds/enable/1"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Disable feed:

POST

https://misp.local/feeds/disable/{feedId}

Response: 

200:

{
  "name": "Feed disabled.",
  "message": "Feed disabled.",
  "url": "/feeds/disable/1"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Cache feeds:

POST

https://misp.local/feeds/cacheFeeds/{cacheFeedsScope}

Response: 

200:

{
  "name": "Feed caching job initiated.",
  "message": "Feed caching job initiated.",
  "url": "/feeds/cacheFeed"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Fetch from feed by ID:

POST

https://misp.local/feeds/fetchFromFeed/{feedId}

Response: 

200:

{
  "result": "Pull queued for background execution."
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Fetch from all feeds:

POST

https://misp.local/feeds/fetchFromAllFeeds

Response: 

200:

{
  "result": "Pull queued for background execution."
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

API Request ve Response Örnekleri

Object

[restSearch] Get a filtered and paginated list of objects:

POST

https://misp.local/objects/restsearch

Request:
{
  "page": 1,
  "limit": 0,
  "quickFilter": "malware",
  "searchall": "malware",
  "timestamp": "1617875568",
  "object_name": "ail-leak",
  "object_template_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "object_template_version": "1",
  "eventid": "12345",
  "eventinfo": "logged source ip",
  "ignore": false,
  "from": "string",
  "to": "string",
  "date": "string",
  "tags": [
    "tlp:amber"
  ],
  "last": 0,
  "event_timestamp": "1617875568",
  "publish_timestamp": "1617875568",
  "org": "12345",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "value": "127.0.0.1",
  "type": "md5",
  "category": "Internal reference",
  "object_relation": "filepath",
  "attribute_timestamp": "1617875568",
  "first_seen": "1581984000000000",
  "last_seen": "1581984000000000",
  "comment": "logged source ip",
  "to_ids": true,
  "published": false,
  "deleted": false,
  "withAttachments": false,
  "enforceWarninglist": true,
  "includeAllTags": false,
  "includeEventUuid": false,
  "include_event_uuid": false,
  "includeEventTags": false,
  "includeProposals": false,
  "includeWarninglistHits": true,
  "includeContext": true,
  "includeSightings": true,
  "includeSightingdb": true,
  "includeCorrelations": true,
  "includeDecayScore": false,
  "includeFullModel": false,
  "allow_proposal_blocking": false,
  "metadata": true,
  "attackGalaxy": "mitre-attack",
  "excludeDecayed": false,
  "decayingModel": "string",
  "modelOverrides": {
    "lifetime": 3,
    "decay_speed": 2.3,
    "threshold": 30,
    "default_base_score": 80,
    "base_score_config": {
      "estimative-language:confidence-in-analytic-judgment": 0.25,
      "estimative-language:likelihood-probability": 0.25,
      "phishing:psychological-acceptability": 0.25,
      "phishing:state": 0.2
    }
  },
  "score": "string",
  "returnFormat": "json"
}

Response: 

200:

{
  "response": [
    {
      "Object": {
        "id": "12345",
        "name": "ail-leak",
        "meta-category": "string",
        "description": "string",
        "template_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "template_version": "1",
        "event_id": "12345",
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "timestamp": "1617875568",
        "distribution": "0",
        "sharing_group_id": "1",
        "comment": "string",
        "deleted": true,
        "first_seen": "1581984000000000",
        "last_seen": "1581984000000000",
        "Attribute": [
          {
            "id": "12345",
            "event_id": "12345",
            "object_id": "12345",
            "object_relation": "sensor",
            "category": "Internal reference",
            "type": "md5",
            "value": "127.0.0.1",
            "to_ids": true,
            "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
            "timestamp": "1617875568",
            "distribution": "0",
            "sharing_group_id": "1",
            "comment": "logged source ip",
            "deleted": false,
            "disable_correlation": false,
            "first_seen": "1581984000000000",
            "last_seen": "1581984000000000"
          }
        ]
      }
    }
  ]
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Add an object to an event:

POST

https://misp.local/objects/add/{eventId}/{objectTemplateId}

Request:
{
  "Attribute": [
    {
      "category": "Internal reference",
      "value": "127.0.0.1",
      "to_ids": true,
      "disable_correlation": false,
      "distribution": "0",
      "comment": "logged source ip",
      "object_relation": "sensor"
    }
  ]
}

Response: 

200:

{
  "Object": {
    "id": "12345",
    "name": "ail-leak",
    "meta-category": "string",
    "description": "string",
    "template_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "template_version": "1",
    "event_id": "12345",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "timestamp": "1617875568",
    "distribution": "0",
    "sharing_group_id": "1",
    "comment": "string",
    "deleted": true,
    "first_seen": "1581984000000000",
    "last_seen": "1581984000000000",
    "Attribute": [
      {
        "id": "12345",
        "event_id": "12345",
        "object_id": "12345",
        "object_relation": "sensor",
        "category": "Internal reference",
        "type": "md5",
        "value": "127.0.0.1",
        "to_ids": true,
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "timestamp": "1617875568",
        "distribution": "0",
        "sharing_group_id": "1",
        "comment": "logged source ip",
        "deleted": false,
        "disable_correlation": false,
        "first_seen": "1581984000000000",
        "last_seen": "1581984000000000"
      }
    ]
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get object by ID:

GET

https://misp.local/objects/view/{objectId}

Response: 

200:

{
  "Object": {
    "id": "12345",
    "name": "ail-leak",
    "meta-category": "string",
    "description": "string",
    "template_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "template_version": "1",
    "event_id": "12345",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "timestamp": "1617875568",
    "distribution": "0",
    "sharing_group_id": "1",
    "comment": "string",
    "deleted": true,
    "first_seen": "1581984000000000",
    "last_seen": "1581984000000000",
    "Attribute": [
      {
        "id": "12345",
        "event_id": "12345",
        "object_id": "12345",
        "object_relation": "sensor",
        "category": "Internal reference",
        "type": "md5",
        "value": "127.0.0.1",
        "to_ids": true,
        "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
        "timestamp": "1617875568",
        "distribution": "0",
        "sharing_group_id": "1",
        "comment": "logged source ip",
        "deleted": false,
        "disable_correlation": false,
        "first_seen": "1581984000000000",
        "last_seen": "1581984000000000"
      }
    ],
    "Event": {
      "id": "12345",
      "info": "logged source ip",
      "org_id": "12345",
      "orgc_id": "12345"
    }
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Delete object:

DELETE

https://misp.local/objects/delete/{objectId}/{hardDelete}

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Object deleted",
  "message": "Object deleted",
  "url": "/objects/delete/1"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

API Request ve Response Örnekleri

TAG

Get tags:

GET

https://misp.local/tags

Response: 

200:

{
  "Tag": [
    {
      "id": "12345",
      "name": "tlp:white",
      "colour": "#ffffff",
      "exportable": true,
      "org_id": "12345",
      "user_id": "12345",
      "hide_tag": false,
      "numerical_value": "12345",
      "is_galaxy": true,
      "is_custom_galaxy": true,
      "inherited": 1
    }
  ]
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get tag by ID:

GET

https://misp.local/tags/view/{tagId}

Response: 

200:

{
  "id": "12345",
  "name": "tlp:white",
  "colour": "#ffffff",
  "exportable": true,
  "org_id": "12345",
  "user_id": "12345",
  "hide_tag": false,
  "numerical_value": "12345",
  "is_galaxy": true,
  "is_custom_galaxy": true,
  "inherited": 1
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Add tag:

POST

https://misp.local/tags/add

Response: 

200:

{
  "id": "12345",
  "name": "tlp:white",
  "colour": "#ffffff",
  "exportable": true,
  "org_id": "12345",
  "user_id": "12345",
  "hide_tag": false,
  "numerical_value": "12345",
  "is_galaxy": true,
  "is_custom_galaxy": true,
  "inherited": 1
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Delete tag:

POST

https://misp.local/tags/delete/{tagId}

Response: 

200:

{
  "name": "Tag deleted.",
  "message": "Tag deleted.",
  "url": "https://misppriv.circl.lu/tags/delete/1"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Edit tag:

POST

https://misp.local/tags/edit/{tagId}

Request:
{
  "name": "tlp:white",
  "colour": "#ffffff",
  "exportable": true,
  "org_id": "12345",
  "user_id": "12345",
  "hide_tag": false,
  "numerical_value": "12345",
  "is_galaxy": true,
  "is_custom_galaxy": true,
  "inherited": 1
}
Response: 

200:

{
  "Tag": {
    "id": "12345",
    "name": "tlp:white",
    "colour": "#ffffff",
    "exportable": true,
    "org_id": "12345",
    "user_id": "12345",
    "hide_tag": false,
    "numerical_value": "12345",
    "is_galaxy": true,
    "is_custom_galaxy": true,
    "inherited": 1
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Search tag:

GET

https://misp.local/tags/search/{tagSearchTerm}

Response: 

200:

[
  {
    "Tag": {
      "id": "12345",
      "name": "tlp:white",
      "colour": "#ffffff",
      "exportable": true,
      "org_id": "12345",
      "user_id": "12345",
      "hide_tag": false,
      "numerical_value": "12345",
      "is_galaxy": true,
      "is_custom_galaxy": true,
      "inherited": 1
    },
    "Taxonomy": {
      "id": "12345",
      "namespace": "tlp",
      "description": "Disclosure is not limited.  Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction.",
      "version": "5",
      "enabled": true,
      "exclusive": true,
      "required": true
    },
    "TaxonomyPredicate": {
      "id": "12345",
      "taxonomy_id": "12345",
      "value": "white",
      "expanded": "(TLP:WHITE) Information can be shared publicly in accordance with the law.",
      "colour": "#ffffff",
      "description": "Disclosure is not limited.  Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction.",
      "exclusive": true,
      "numerical_value": 0
    }
  }
]

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

API Request ve Response Örnekleri

Sighting

Get sightings by event ID:

GET

https://misp.local/sightings/index/{eventId}

Response: 

200:

{
  "Tag": [
    {
      "id": "12345",
      "name": "tlp:white",
      "colour": "#ffffff",
      "exportable": true,
      "org_id": "12345",
      "user_id": "12345",
      "hide_tag": false,
      "numerical_value": "12345",
      "is_galaxy": true,
      "is_custom_galaxy": true,
      "inherited": 1
    }
  ]
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Add sightings of a list of values:

POST

https://misp.local/sightings/add

Request:
{
  "values": [
    "127.0.0.1"
  ],
  "timestamp": "1617875568",
  "filters": {
    "page": 1,
    "limit": 0,
    "value": "127.0.0.1",
    "value1": "127.0.0.1",
    "value2": "127.0.0.1",
    "type": "md5",
    "category": "Internal reference",
    "org": "12345",
    "tags": [
      "tlp:amber"
    ],
    "from": "string",
    "to": "string",
    "last": 0,
    "eventid": "12345",
    "withAttachments": false,
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "publish_timestamp": "1617875568",
    "published": false,
    "timestamp": "1617875568",
    "attribute_timestamp": "1617875568",
    "enforceWarninglist": true,
    "to_ids": true,
    "deleted": false,
    "event_timestamp": "1617875568",
    "threat_level_id": "1",
    "eventinfo": "string",
    "sharinggroup": [
      "1"
    ],
    "decayingModel": "string",
    "score": "string",
    "first_seen": "string",
    "last_seen": "string",
    "includeEventUuid": false,
    "includeEventTags": false,
    "includeProposals": false,
    "requested_attributes": [
      "id"
    ],
    "includeContext": true,
    "headerless": true,
    "includeWarninglistHits": true,
    "attackGalaxy": "mitre-attack",
    "object_relation": "filepath",
    "includeSightings": true,
    "includeCorrelations": true,
    "modelOverrides": {
      "lifetime": 3,
      "decay_speed": 2.3,
      "threshold": 30,
      "default_base_score": 80,
      "base_score_config": {
        "estimative-language:confidence-in-analytic-judgment": 0.25,
        "estimative-language:likelihood-probability": 0.25,
        "phishing:psychological-acceptability": 0.25,
        "phishing:state": 0.2
      }
    },
    "includeDecayScore": false,
    "includeFullModel": false,
    "excludeDecayed": false,
    "returnFormat": "json"
  }
}
Response: 

200:

{
  "id": "12345",
  "attribute_id": "12345",
  "event_id": "12345",
  "org_id": "12345",
  "date_sighting": "1617875568",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "source": "string",
  "type": "string",
  "attribute_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "Organisation": {
    "id": "12345",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "name": "ORGNAME"
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Add sighting of an attribute:

POST

https://misp.local/sightings/add/{attributeId}

Response: 

200:

{
  "id": "12345",
  "attribute_id": "12345",
  "event_id": "12345",
  "org_id": "12345",
  "date_sighting": "1617875568",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "source": "string",
  "type": "string",
  "attribute_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "Organisation": {
    "id": "12345",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "name": "ORGNAME"
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Delete sighting:

POST

https://misp.local/sightings/delete/{sightingId}

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Sighting successfully deleted.",
  "message": "Sighting successfully deleted.",
  "url": "/sightings/delete/1"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

 

API Request ve Response Örnekleri

Warninglist

Get a list of warninglists:

POST

https://misp.local/warninglists

Response: 

200:

{
  "Warninglists": [
    {
      "Warninglist": {
        "id": "3",
        "name": "List of known domains to know external IP",
        "type": "cidr",
        "description": "string",
        "version": "10",
        "enabled": true,
        "warninglist_entry_count": "1234",
        "valid_attributes": "domain, hostname, domain|ip, uri, url",
        "WarninglistEntry": [
          {
            "id": "1234",
            "value": "10.128.0.0/24",
            "warninglist_id": "3"
          }
        ]
      }
    }
  ]
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Search warninglists:

POST

https://misp.local/warninglists

Response: 

200:

{
  "Warninglists": [
    {
      "Warninglist": {
        "id": "3",
        "name": "List of known domains to know external IP",
        "type": "cidr",
        "description": "string",
        "version": "10",
        "enabled": true,
        "warninglist_entry_count": "1234",
        "valid_attributes": "domain, hostname, domain|ip, uri, url",
        "WarninglistEntry": [
          {
            "id": "1234",
            "value": "10.128.0.0/24",
            "warninglist_id": "3"
          }
        ]
      }
    }
  ]
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Enable/disable warninglists:

POST

https://misp.local/warninglists/toggleEnable

Response: 

200:

{
  "saved": true,
  "success": "1 warninglist(s) disabled"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get warninglist by ID:

GET

https://misp.local/warninglists/view/{warninglistId}

Response: 

200:

{
  "Warninglist": {
    "id": "3",
    "name": "List of known domains to know external IP",
    "type": "cidr",
    "description": "string",
    "version": "10",
    "enabled": true,
    "warninglist_entry_count": "1234",
    "valid_attributes": "domain, hostname, domain|ip, uri, url",
    "WarninglistEntry": [
      {
        "id": "1234",
        "value": "10.128.0.0/24",
        "warninglist_id": "3"
      }
    ]
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Check if a list of values matches any warninglists:

POST

https://misp.local/warninglists/checkValue

Request:
[
  "10.128.0.2"
]
Response: 

200:

{
  "10.128.0.2": [
    {
      "id": "10",
      "name": "List of known Wikimedia address ranges"
    }
  ]
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Update warninglists:

POST

https://misp.local/warninglists/update

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Successfully updated 1 warninglists.",
  "message": "Successfully updated 1 warninglists.",
  "url": "/warninglists/update"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

API Request ve Response Örnekleri

Noticelist

Get a list of noticelists

GET

https://misp.local/warninglists

Response: 

200:

[
  {
    "Noticelist": {
      "id": "3",
      "name": "List of known domains to know external IP",
      "type": "cidr",
      "description": "string",
      "version": "10",
      "enabled": true,
      "warninglist_entry_count": "1234",
      "valid_attributes": "domain, hostname, domain|ip, uri, url",
      "NoticelistEntry": [
        {
          "id": "1234",
          "noticelist_id": "3",
          "data": {
            "scope": [
              "attribute"
            ],
            "field": [
              "category"
            ],
            "value": [
              "Person"
            ],
            "tags": [
              "tlp:white"
            ],
            "message": {
              "en": "This attribute is likely to contain personal data and the data subject is likely to be directly identifiable."
            }
          }
        }
      ]
    }
  }
]

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get a noticelist by ID:

GET

https://misp.local/warninglists

Response: 

200:

{
  "Noticelist": {
    "id": "3",
    "name": "List of known domains to know external IP",
    "type": "cidr",
    "description": "string",
    "version": "10",
    "enabled": true,
    "warninglist_entry_count": "1234",
    "valid_attributes": "domain, hostname, domain|ip, uri, url",
    "NoticelistEntry": [
      {
        "id": "1234",
        "noticelist_id": "3",
        "data": {
          "scope": [
            "attribute"
          ],
          "field": [
            "category"
          ],
          "value": [
            "Person"
          ],
          "tags": [
            "tlp:white"
          ],
          "message": {
            "en": "This attribute is likely to contain personal data and the data subject is likely to be directly identifiable."
          }
        }
      }
    ]
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Enable/disable noticelist:

POST

https://misp.local/warninglists

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Noticelist enabled.",
  "message": "Noticelist enabled.",
  "url": "/noticelists/toggleEnable/1"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Update noticelists:

POST

https://misp.local/noticelists/update

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Successfully updated 1 noticelists.",
  "message": "Successfully updated 1 noticelists.",
  "url": "/noticelists/update"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

 

 

 

API Request ve Response Örnekleri

Log

Get instance logs

POST

https://misp.local/admin/logs

Request:
{
  "page": 1,
  "limit": 0,
  "id": "12345",
  "title": "Attribute (448272) from Event (1): Other/text foo",
  "created": "string",
  "model": "AdminSetting",
  "model_id": "12345",
  "action": "accept",
  "user_id": "12345",
  "change": "%name () => (ORGNAME)%",
  "email": "user@example.com",
  "org": "ORG_%",
  "description": "%updated by User%",
  "ip": "string"
}
Response: 

200:

[
  {
    "Log": {
      "id": "12345",
      "title": "Attribute (448272) from Event (1): Other/text foo",
      "created": "string",
      "model": "AdminSetting",
      "model_id": "12345",
      "action": "accept",
      "user_id": "12345",
      "change": "name () => (ORGNAME)",
      "email": "user@example.com",
      "org": "ORGNAME",
      "description": "Organisation \"ORGNAME\" (1) added by User \"SYSTEM\" (0).",
      "ip": "10.0.0.10"
    }
  }
]

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

API Request ve Response Örnekleri

Auth key

Get auth keys:

POST

https://misp.local/auth_keys

Request:
[
  {
    "AuthKey": {
      "id": "12345",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "authkey_start": "stri",
      "authkey_end": "stri",
      "created": "1617875568",
      "expiration": "1970-01-01 00:00:00",
      "read_only": true,
      "user_id": "12345",
      "comment": "string",
      "allowed_ips": [
        "127.0.0.1"
      ],
      "last_used": "1617875568"
    },
    "User": {
      "id": "12345",
      "email": "user@example.com"
    }
  }
]
Response: 

200:

[
  {
    "Log": {
      "id": "12345",
      "title": "Attribute (448272) from Event (1): Other/text foo",
      "created": "string",
      "model": "AdminSetting",
      "model_id": "12345",
      "action": "accept",
      "user_id": "12345",
      "change": "name () => (ORGNAME)",
      "email": "user@example.com",
      "org": "ORGNAME",
      "description": "Organisation \"ORGNAME\" (1) added by User \"SYSTEM\" (0).",
      "ip": "10.0.0.10"
    }
  }
]

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Search auth keys:

POST

https://misp.local/auth_keys

Request:
{
  "page": 1,
  "limit": 0,
  "id": "12345",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "authkey_start": "string",
  "authkey_end": "string",
  "created": "string",
  "expiration": "string",
  "read_only": true,
  "user_id": "12345",
  "comment": "string",
  "allowed_ips": "[\"127.0.0.1\",\"127.0.0.2\"]",
  "last_used": "string"
}
Response: 

200:

[
  {
    "AuthKey": {
      "id": "12345",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "authkey_start": "stri",
      "authkey_end": "stri",
      "created": "1617875568",
      "expiration": "1970-01-01 00:00:00",
      "read_only": true,
      "user_id": "12345",
      "comment": "string",
      "allowed_ips": [
        "127.0.0.1"
      ],
      "last_used": "1617875568"
    },
    "User": {
      "id": "12345",
      "email": "user@example.com"
    }
  }
]

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Add auth keys:

POST

https://misp.local/auth_keys/add/{userId}

Request:
{
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "read_only": true,
  "user_id": "12345",
  "comment": "string",
  "allowed_ips": [
    "127.0.0.1"
  ]
}
Response: 

200:

{
  "AuthKey": {
    "id": "12345",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "authkey_start": "stri",
    "authkey_end": "stri",
    "created": "1617875568",
    "expiration": "1970-01-01 00:00:00",
    "read_only": true,
    "user_id": "12345",
    "comment": "string",
    "allowed_ips": [
      "127.0.0.1"
    ],
    "last_used": "1617875568"
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

View auth key:

GET

https://misp.local/auth_keys/add/{userId}

Response: 

200:

{
  "AuthKey": {
    "id": "12345",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "authkey_start": "stri",
    "authkey_end": "stri",
    "created": "1617875568",
    "expiration": "1970-01-01 00:00:00",
    "read_only": true,
    "user_id": "12345",
    "comment": "string",
    "allowed_ips": [
      "127.0.0.1"
    ],
    "last_used": "1617875568"
  },
  "User": {
    "id": "12345",
    "org_id": "12345",
    "email": "user@example.com"
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Edit auth key:

POST

https://misp.local/auth_keys/add/{userId}

Request:
{
  "read_only": true,
  "comment": "string",
  "allowed_ips": [
    "127.0.0.1"
  ]
}
Response: 

200:

{
  "AuthKey": {
    "id": "12345",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "authkey_start": "stri",
    "authkey_end": "stri",
    "created": "1617875568",
    "expiration": "1970-01-01 00:00:00",
    "read_only": true,
    "user_id": "12345",
    "comment": "string",
    "allowed_ips": [
      "127.0.0.1"
    ],
    "last_used": "1617875568"
  },
  "User": {
    "id": "12345",
    "org_id": "12345",
    "email": "user@example.com"
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Delete auth key:

DELETE

https://misp.local/auth_keys/delete/{authKeyId}

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "AuthKey deleted.",
  "message": "AuthKey deleted.",
  "url": "/auth_keys/delete/1234"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

 

API Request ve Response Örnekleri

UserSettings

Get user settings:

GET

https://misp.local/user_settings

Response: 

200:

[
  {
    "UserSetting": {
      "id": "12345",
      "setting": "publish_alert_filter",
      "value": {
        "widget": "MispStatusWidget",
        "position": {
          "x": "0",
          "y": "0",
          "width": "2",
          "height": "2"
        }
      },
      "user_id": "12345",
      "timestamp": "1617875568"
    }
  }
]

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Search user settings:

POST

https://misp.local/user_settings

Request:
{
  "id": "12345",
  "setting": "publish_alert_filter",
  "user_id": "12345"
}
Response: 

200:

[
  {
    "UserSetting": {
      "id": "12345",
      "setting": "publish_alert_filter",
      "value": {
        "widget": "MispStatusWidget",
        "position": {
          "x": "0",
          "y": "0",
          "width": "2",
          "height": "2"
        }
      },
      "user_id": "12345",
      "timestamp": "1617875568"
    }
  }
]

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get user setting by id:

GET

https://misp.local/user_settings/view/{userSettingId}

Response: 

200:

{
  "UserSetting": {
    "id": "12345",
    "setting": "publish_alert_filter",
    "value": {
      "widget": "MispStatusWidget",
      "position": {
        "x": "0",
        "y": "0",
        "width": "2",
        "height": "2"
      }
    },
    "user_id": "12345",
    "timestamp": "1617875568"
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Set user setting:

POST

https://misp.local/user_settings/setSetting/{userId}/{userSettingName}

Request:
{
  "widget": "MispStatusWidget",
  "position": {
    "x": "0",
    "y": "0",
    "width": "2",
    "height": "2"
  }
}
Response: 

200:

{
  "UserSetting": {
    "id": "12345",
    "setting": "publish_alert_filter",
    "value": {
      "widget": "MispStatusWidget",
      "position": {
        "x": "0",
        "y": "0",
        "width": "2",
        "height": "2"
      }
    },
    "user_id": "12345",
    "timestamp": "1617875568"
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get user setting by id:

GET

https://misp.local/user_settings/getSetting/{userId}/{userSettingName}

Response: 

200:

{
  "UserSetting": {
    "id": "12345",
    "setting": "publish_alert_filter",
    "value": {
      "widget": "MispStatusWidget",
      "position": {
        "x": "0",
        "y": "0",
        "width": "2",
        "height": "2"
      }
    },
    "user_id": "12345",
    "timestamp": "1617875568"
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Delete user setting by id:

DELETE

https://misp.local/user_settings/delete/{userSettingId}

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Setting deleted.",
  "message": "Setting deleted.",
  "url": "/user_settings/delete/1234"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

 

API Request ve Response Örnekleri

Taxonomy

Get taxonomies:

GET

https://misp.local/taxonomies

Response: 

200:

[
  {
    "Taxonomy": {
      "id": "12345",
      "namespace": "tlp",
      "description": "Disclosure is not limited.  Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction.",
      "version": "5",
      "enabled": true,
      "exclusive": true,
      "required": true
    },
    "total_count": 0,
    "current_count": 0
  }
]

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get a taxonomy by ID:

GET

https://misp.local/taxonomies/view/{taxonomyIdParameter}

Response: 

200:

{
  "Taxonomy": {
    "id": "12345",
    "namespace": "tlp",
    "description": "Disclosure is not limited.  Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction.",
    "version": "5",
    "enabled": true,
    "exclusive": true,
    "required": true
  },
  "entries": [
    {
      "tag": "tlp:white",
      "expanded": "string",
      "description": "string",
      "exclusive_predicate": true,
      "existing_tag": true
    }
  ]
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Enable taxonomy:

POST

https://misp.local/taxonomies/enable/{taxonomyIdParameter}

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Taxonomy enabled",
  "message": "Taxonomy enabled",
  "url": "/taxonomies/enable/1234"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Disable taxonomy:

POST

https://misp.local/taxonomies/disable/{taxonomyIdParameter}

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Taxonomy disabled",
  "message": "Taxonomy disabled",
  "url": "/taxonomies/disabled/1234"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Update taxonomies:

POST

https://misp.local/taxonomies/update

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Successfully updated 120 taxonomy libraries.",
  "message": "Successfully updated 120 taxonomy libraries.",
  "url": "/taxonomies/update"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get a taxonomy extended with tags used in events and attributes:

GET

https://misp.local/taxonomies/taxonomy_tags/{taxonomyIdParameter}

Response: 

200:

{
  "Taxonomy": {
    "id": "12345",
    "namespace": "tlp",
    "description": "Disclosure is not limited.  Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction.",
    "version": "5",
    "enabled": true,
    "exclusive": true,
    "required": true
  },
  "entries": [
    {
      "org_id": "12345",
      "server_id": "12345",
      "email": "user@example.com",
      "autoalert": true,
      "authkey": "894c8d095180c7ea28789092e96ca6424199aa4f",
      "invited_by": "12345",
      "gpgkey": "string",
      "certif_public": "string",
      "nids_sid": "4000000",
      "termsaccepted": true,
      "newsread": "1617875568",
      "role_id": "3",
      "change_pw": "0",
      "contactalert": true,
      "disabled": true,
      "expiration": "2019-08-24T14:15:22Z",
      "current_login": "1617875568",
      "last_login": "1617875568",
      "force_logout": true,
      "date_created": "1617875568",
      "date_modified": "1617875568",
      "events": 0,
      "attributes": 0
    }
  ]
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Export taxonomy:

GET

https://misp.local/taxonomies/export/{taxonomyIdParameter}

Response: 

200:

{
  "namespace": "tlp",
  "description": "Disclosure is not limited.  Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction.",
  "version": 0,
  "exclusive": true,
  "predicates": [
    {
      "value": "white",
      "expanded": "(TLP:WHITE) Information can be shared publicly in accordance with the law."
    }
  ],
  "values": [
    {
      "predicate": "white",
      "entry": [
        {
          "value": "spam",
          "expanded": "spam",
          "description": "Spam or ‘unsolicited bulk e-mail’, meaning that the recipient has not granted verifiable permission for the message to be sent and that the message is sent as part of a larger collection of messages, all having identical content."
        }
      ]
    }
  ]
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}