Attributes [restSearch] Get a filtered and paginated list of attributes: POST https://misp.local/attributes/restSearch Resquest: { "page": 1, "limit": 0, "value": "127.0.0.1", "value1": "127.0.0.1", "value2": "127.0.0.1", "type": "md5", "category": "Internal reference", "org": "12345", "tags": [ "tlp:amber" ], "from": "string", "to": "string", "last": 0, "eventid": "12345", "withAttachments": false, "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b", "publish_timestamp": "1617875568", "published": false, "timestamp": "1617875568", "attribute_timestamp": "1617875568", "enforceWarninglist": true, "to_ids": true, "deleted": false, "event_timestamp": "1617875568", "threat_level_id": "1", "eventinfo": "string", "sharinggroup": [ "1" ], "decayingModel": "string", "score": "string", "first_seen": "string", "last_seen": "string", "includeEventUuid": false, "includeEventTags": false, "includeProposals": false, "requested_attributes": [ "id" ], "includeContext": true, "headerless": true, "includeWarninglistHits": true, "attackGalaxy": "mitre-attack", "object_relation": "filepath", "includeSightings": true, "includeCorrelations": true, "modelOverrides": { "lifetime": 3, "decay_speed": 2.3, "threshold": 30, "default_base_score": 80, "base_score_config": { "estimative-language:confidence-in-analytic-judgment": 0.25, "estimative-language:likelihood-probability": 0.25, "phishing:psychological-acceptability": 0.25, "phishing:state": 0.2 } }, "includeDecayScore": false, "includeFullModel": false, "excludeDecayed": false, "returnFormat": "json" } Response:  200:   { "response": { "Attribute": [ { "id": "12345", "event_id": "12345", "object_id": "12345", "object_relation": "sensor", "category": "Internal reference", "type": "md5", "value": "127.0.0.1", "to_ids": true, "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b", "timestamp": "1617875568", "distribution": "0", "sharing_group_id": "1", "comment": "logged source ip", "deleted": false, "disable_correlation": false, "first_seen": "1581984000000000", "last_seen": "1581984000000000", "data": "string", "event_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b", "decay_score": [ { "score": 10.5, "base_score": 80, "decayed": true, "DecayingModel": { "id": "12345", "name": "Phishing model" } } ], "Event": { "id": "12345", "org_id": "12345", "distribution": "0", "info": "logged source ip", "orgc_id": "12345", "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b", "date": "1991-01-15", "published": false, "analysis": "0", "attribute_count": "321", "timestamp": "1617875568", "sharing_group_id": "1", "proposal_email_lock": true, "locked": true, "threat_level_id": "1", "publish_timestamp": "1617875568", "sighting_timestamp": "1617875568", "disable_correlation": false, "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b", "event_creator_email": "user@example.com" }, "Object": { "id": "12345", "name": "ail-leak", "meta-category": "string", "description": "string", "template_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b", "template_version": "1", "event_id": "12345", "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b", "timestamp": "1617875568", "distribution": "0", "sharing_group_id": "1", "comment": "string", "deleted": true, "first_seen": "1581984000000000", "last_seen": "1581984000000000", "Attribute": [ { "id": "12345", "event_id": "12345", "object_id": "12345", "object_relation": "sensor", "category": "Internal reference", "type": "md5", "value": "127.0.0.1", "to_ids": true, "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b", "timestamp": "1617875568", "distribution": "0", "sharing_group_id": "1", "comment": "logged source ip", "deleted": false, "disable_correlation": false, "first_seen": "1581984000000000", "last_seen": "1581984000000000" } ] }, "Tag": [ { "id": "12345", "name": "tlp:white", "colour": "#ffffff", "exportable": true, "org_id": "12345", "user_id": "12345", "hide_tag": false, "numerical_value": "12345", "is_galaxy": true, "is_custom_galaxy": true, "inherited": 1 } ] } ] } } 403:   { "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.", "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.", "url": "/attributes" } Default:   { "name": "string", "message": "string", "url": "/attributes" } Add an attribute: POST https://misp.local/attributes/add/{eventId} Resquest: { "event_id": "12345", "object_id": "12345", "object_relation": "sensor", "category": "Internal reference", "type": "md5", "value": "127.0.0.1", "to_ids": true, "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b", "timestamp": "1617875568", "distribution": "0", "sharing_group_id": "1", "comment": "logged source ip", "deleted": false, "disable_correlation": false, "first_seen": "1581984000000000", "last_seen": "1581984000000000" } Response:  200:   { "Attribute": { "id": "12345", "event_id": "12345", "object_id": "12345", "object_relation": "sensor", "category": "Internal reference", "type": "md5", "value": "127.0.0.1", "to_ids": true, "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b", "timestamp": "1617875568", "distribution": "0", "sharing_group_id": "1", "comment": "logged source ip", "deleted": false, "disable_correlation": false, "first_seen": "1581984000000000", "last_seen": "1581984000000000" } } 403:   { "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.", "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.", "url": "/attributes" } Default:   { "name": "string", "message": "string", "url": "/attributes" } Edit an attribute: PUT https://misp.local/attributes/edit/{attributeId} Resquest: { "id": "12345", "event_id": "12345", "object_id": "12345", "object_relation": "sensor", "category": "Internal reference", "type": "md5", "value": "127.0.0.1", "to_ids": true, "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b", "timestamp": "1617875568", "distribution": "0", "sharing_group_id": "1", "comment": "logged source ip", "deleted": false, "disable_correlation": false, "first_seen": "1581984000000000", "last_seen": "1581984000000000" } Response:  200:   { "Attribute": { "id": "12345", "event_id": "12345", "object_id": "12345", "object_relation": "sensor", "category": "Internal reference", "type": "md5", "value": "127.0.0.1", "to_ids": true, "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b", "timestamp": "1617875568", "distribution": "0", "sharing_group_id": "1", "comment": "logged source ip", "deleted": false, "disable_correlation": false, "first_seen": "1581984000000000", "last_seen": "1581984000000000" } } 403:   { "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.", "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.", "url": "/attributes" } 404:   { "name": "Invalid attribute", "message": "Invalid attribute", "url": "/attributes/1234" } Default:   { "name": "string", "message": "string", "url": "/attributes" } Delete an attribute: DELETE https://misp.local/attributes/delete/{attributeId} Response:  200:   { "message": "Attribute deleted." } 403:   { "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.", "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.", "url": "/attributes" } 404:   { "name": "Invalid attribute", "message": "Invalid attribute", "url": "/attributes/1234" } Default:   { "name": "string", "message": "string", "url": "/attributes" } Restore an attribute: POST https://misp.local/attributes/restore/{attributeId} Response:  200:   { "Attribute": { "id": "12345", "event_id": "12345", "object_id": "12345", "object_relation": "sensor", "category": "Internal reference", "type": "md5", "value": "127.0.0.1", "to_ids": true, "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b", "timestamp": "1617875568", "distribution": "0", "sharing_group_id": "1", "comment": "logged source ip", "deleted": false, "disable_correlation": false, "first_seen": "1581984000000000", "last_seen": "1581984000000000" } } 403:   { "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.", "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.", "url": "/attributes" } 404:   { "name": "Invalid attribute", "message": "Invalid attribute", "url": "/attributes/1234" } Default:   { "name": "string", "message": "string", "url": "/attributes" } Add a tag to an attribute: POST https://misp.local/attributes/addTag/{attributeId}/{tagId}/local:{local} Response:  200:   { "saved": true, "success": "Tag added.", "check_publish": true, "errors": "Tag could not be added." } 403:   { "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.", "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.", "url": "/attributes" } 404:   { "name": "Invalid attribute", "message": "Invalid attribute", "url": "/attributes/1234" } Default:   { "name": "string", "message": "string", "url": "/attributes" } Remove a tag from an attribute: POST https://misp.local/attributes/removeTag/{attributeId}/{tagId} Response:  200:   { "saved": true, "success": "Tag removed.", "check_publish": true, "errors": "Tag could not be added." } 403:   { "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.", "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.", "url": "/attributes" } 404:   { "name": "Invalid attribute", "message": "Invalid attribute", "url": "/attributes/1234" } Default:   { "name": "string", "message": "string", "url": "/attributes" } Get a list of attributes: GET https://misp.local/attributes Response:  200:   [ { "id": "12345", "event_id": "12345", "object_id": "12345", "object_relation": "sensor", "category": "Internal reference", "type": "md5", "value": "127.0.0.1", "to_ids": true, "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b", "timestamp": "1617875568", "distribution": "0", "sharing_group_id": "1", "comment": "logged source ip", "deleted": false, "disable_correlation": false, "first_seen": "1581984000000000", "last_seen": "1581984000000000" } ] 403:   { "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.", "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.", "url": "/attributes" } Default:   { "name": "string", "message": "string", "url": "/attributes" } Get the count of attributes per category: GET https://misp.local/attributes/attributeStatistics/{context}/{percentage} Response:  200:   [ { "Antivirus detection": "10" }, { "Artifacts dropped": "20" } ] 403:   { "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.", "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.", "url": "/attributes" } Default:   { "name": "string", "message": "string", "url": "/attributes" } Get a list of the available attribute types: GET https://misp.local/attributes/describeTypes Response:  200:   { "sane_defaults": { "md5": { "default_category": "Payload delivery", "to_ids": 1 }, "pdb": { "default_category": "Artifacts dropped", "to_ids": 0 } }, "types": [ "md5" ], "categories": [ "Internal reference" ], "category_type_mappings": { "Internal reference": [ "text", "link", "comment", "other" ], "Antivirus detection": [ "link", "comment", "text", "hex", "other" ] } } 403:   { "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.", "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.", "url": "/attributes" } Default:   { "name": "string", "message": "string", "url": "/attributes" }