Attributes
[restSearch] Get a filtered and paginated list of attributes:
POST
https://misp.local/attributes/restSearch
Resquest:
{
"page": 1,
"limit": 0,
"value": "127.0.0.1",
"value1": "127.0.0.1",
"value2": "127.0.0.1",
"type": "md5",
"category": "Internal reference",
"org": "12345",
"tags": [
"tlp:amber"
],
"from": "string",
"to": "string",
"last": 0,
"eventid": "12345",
"withAttachments": false,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"publish_timestamp": "1617875568",
"published": false,
"timestamp": "1617875568",
"attribute_timestamp": "1617875568",
"enforceWarninglist": true,
"to_ids": true,
"deleted": false,
"event_timestamp": "1617875568",
"threat_level_id": "1",
"eventinfo": "string",
"sharinggroup": [
"1"
],
"decayingModel": "string",
"score": "string",
"first_seen": "string",
"last_seen": "string",
"includeEventUuid": false,
"includeEventTags": false,
"includeProposals": false,
"requested_attributes": [
"id"
],
"includeContext": true,
"headerless": true,
"includeWarninglistHits": true,
"attackGalaxy": "mitre-attack",
"object_relation": "filepath",
"includeSightings": true,
"includeCorrelations": true,
"modelOverrides": {
"lifetime": 3,
"decay_speed": 2.3,
"threshold": 30,
"default_base_score": 80,
"base_score_config": {
"estimative-language:confidence-in-analytic-judgment": 0.25,
"estimative-language:likelihood-probability": 0.25,
"phishing:psychological-acceptability": 0.25,
"phishing:state": 0.2
}
},
"includeDecayScore": false,
"includeFullModel": false,
"excludeDecayed": false,
"returnFormat": "json"
}
Response:
200:
{
"response": {
"Attribute": [
{
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000",
"data": "string",
"event_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"decay_score": [
{
"score": 10.5,
"base_score": 80,
"decayed": true,
"DecayingModel": {
"id": "12345",
"name": "Phishing model"
}
}
],
"Event": {
"id": "12345",
"org_id": "12345",
"distribution": "0",
"info": "logged source ip",
"orgc_id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"date": "1991-01-15",
"published": false,
"analysis": "0",
"attribute_count": "321",
"timestamp": "1617875568",
"sharing_group_id": "1",
"proposal_email_lock": true,
"locked": true,
"threat_level_id": "1",
"publish_timestamp": "1617875568",
"sighting_timestamp": "1617875568",
"disable_correlation": false,
"extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"event_creator_email": "[email protected]"
},
"Object": {
"id": "12345",
"name": "ail-leak",
"meta-category": "string",
"description": "string",
"template_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"template_version": "1",
"event_id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "string",
"deleted": true,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000",
"Attribute": [
{
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
]
},
"Tag": [
{
"id": "12345",
"name": "tlp:white",
"colour": "#ffffff",
"exportable": true,
"org_id": "12345",
"user_id": "12345",
"hide_tag": false,
"numerical_value": "12345",
"is_galaxy": true,
"is_custom_galaxy": true,
"inherited": 1
}
]
}
]
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Add an attribute:
POST
https://misp.local/attributes/add/{eventId}
Resquest:
{
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
Response:
200:
{
"Attribute": {
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Edit an attribute:
PUT
https://misp.local/attributes/edit/{attributeId}
Resquest:
{
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
Response:
200:
{
"Attribute": {
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Delete an attribute:
DELETE
https://misp.local/attributes/delete/{attributeId}
Response:
200:
{
"message": "Attribute deleted."
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Restore an attribute:
POST
https://misp.local/attributes/restore/{attributeId}
Response:
200:
{
"Attribute": {
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Add a tag to an attribute:
POST
https://misp.local/attributes/addTag/{attributeId}/{tagId}/local:{local}
Response:
200:
{
"saved": true,
"success": "Tag added.",
"check_publish": true,
"errors": "Tag could not be added."
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Remove a tag from an attribute:
POST
https://misp.local/attributes/removeTag/{attributeId}/{tagId}
Response:
200:
{
"saved": true,
"success": "Tag removed.",
"check_publish": true,
"errors": "Tag could not be added."
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get a list of attributes:
POSTGET
https://misp.local/attributes
Response:
200:
[
{
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
]
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get the count of attributes per category:
GET
https://misp.local/attributes/restore/attributeStatistics/{attributeId}context}/{percentage}
Response:
200:
[
{
"Antivirus detection": "10"
},
{
"Artifacts dropped": "20"
}
]
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}
Get a list of the available attribute types:
GET
https://misp.local/attributes/describeTypes
Response:
200:
{
"saved"sane_defaults": true,{
"success"md5": {
"default_category": "TagPayload removed."delivery",
"check_publish"to_ids": true,1
},
"errors"pdb": {
"default_category": "TagArtifacts coulddropped",
not"to_ids": be0
added.}
},
"types": [
"md5"
],
"categories": [
"Internal reference"
],
"category_type_mappings": {
"Internal reference": [
"text",
"link",
"comment",
"other"
],
"Antivirus detection": [
"link",
"comment",
"text",
"hex",
"other"
]
}
}
403:
{
"name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
"url": "/attributes"
}
404:
{
"name": "Invalid attribute",
"message": "Invalid attribute",
"url": "/attributes/1234"
}
Default:
{
"name": "string",
"message": "string",
"url": "/attributes"
}