Skip to main content

Galaxy Cluster

Add galaxy cluster:

GET

https://misp.local/galaxies

Request: 
{
  "id": "12345",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "collection_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "type": "mitre-enterprise-attack-attack-pattern",
  "value": "Brute Force - T1110",
  "tag_name": "tlp:white",
  "description": "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained...",
  "galaxy_id": "12345",
  "source": "https://github.com/mitre/cti",
  "authors": [
    "MITRE"
  ],
  "version": "1",
  "distribution": "0",
  "sharing_group_id": "1",
  "org_id": "12345",
  "orgc_id": "12345",
  "default": true,
  "locked": true,
  "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "extends_version": "1",
  "published": false,
  "deleted": false,
  "GalaxyElement": [
    {
      "id": "12345",
      "galaxy_cluster_id": "12345",
      "key": "categories",
      "value": "Military"
    }
  ]
}
Response:

200:

{
  "GalaxyCluster": {
    "id": "12345",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "collection_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "type": "mitre-enterprise-attack-attack-pattern",
    "value": "Brute Force - T1110",
    "tag_name": "tlp:white",
    "description": "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained...",
    "galaxy_id": "12345",
    "source": "https://github.com/mitre/cti",
    "authors": [
      "MITRE"
    ],
    "version": "1",
    "distribution": "0",
    "sharing_group_id": "1",
    "org_id": "12345",
    "orgc_id": "12345",
    "default": true,
    "locked": true,
    "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "extends_version": "1",
    "published": false,
    "deleted": false,
    "GalaxyElement": [
      {
        "id": "12345",
        "galaxy_cluster_id": "12345",
        "key": "categories",
        "value": "Military"
      }
    ]
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Edit galaxy cluster

POST

https://misp.local/galaxy_clusters/add/{galaxyId}

Request: 
{
  "id": "12345",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "collection_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "type": "mitre-enterprise-attack-attack-pattern",
  "value": "Brute Force - T1110",
  "tag_name": "tlp:white",
  "description": "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained...",
  "galaxy_id": "12345",
  "source": "https://github.com/mitre/cti",
  "authors": [
    "MITRE"
  ],
  "version": "1",
  "distribution": "0",
  "sharing_group_id": "1",
  "org_id": "12345",
  "orgc_id": "12345",
  "default": true,
  "locked": true,
  "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "extends_version": "1",
  "published": false,
  "deleted": false,
  "GalaxyElement": [
    {
      "id": "12345",
      "galaxy_cluster_id": "12345",
      "key": "categories",
      "value": "Military"
    }
  ]
}
Response:

200:

{
  "GalaxyCluster": {
    "id": "12345",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "collection_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "type": "mitre-enterprise-attack-attack-pattern",
    "value": "Brute Force - T1110",
    "tag_name": "tlp:white",
    "description": "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained...",
    "galaxy_id": "12345",
    "source": "https://github.com/mitre/cti",
    "authors": [
      "MITRE"
    ],
    "version": "1",
    "distribution": "0",
    "sharing_group_id": "1",
    "org_id": "12345",
    "orgc_id": "12345",
    "default": true,
    "locked": true,
    "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "extends_version": "1",
    "published": false,
    "deleted": false,
    "GalaxyElement": [
      {
        "id": "12345",
        "galaxy_cluster_id": "12345",
        "key": "categories",
        "value": "Military"
      }
    ]
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get galaxy clusters:

GET

https://misp.local/galaxy_clusters/add/{galaxyId}

Response:

200:

[
  {
    "GalaxyCluster": {
      "id": "12345",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "collection_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "type": "mitre-enterprise-attack-attack-pattern",
      "value": "Brute Force - T1110",
      "tag_name": "tlp:white",
      "description": "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained...",
      "galaxy_id": "12345",
      "source": "https://github.com/mitre/cti",
      "authors": [
        "MITRE"
      ],
      "version": "1",
      "distribution": "0",
      "sharing_group_id": "1",
      "org_id": "12345",
      "orgc_id": "12345",
      "default": true,
      "locked": true,
      "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "extends_version": "1",
      "published": false,
      "deleted": false,
      "GalaxyElement": [
        {
          "id": "12345",
          "galaxy_cluster_id": "12345",
          "key": "categories",
          "value": "Military"
        }
      ]
    }
  }
]

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Search galaxy clusters:

POST

https://misp.local/galaxy_clusters/add/{galaxyId}

Request:
{
  "context": "all",
  "searchall": "botnet"
}
Response:

200:

[
  {
    "GalaxyCluster": {
      "id": "12345",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "collection_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "type": "mitre-enterprise-attack-attack-pattern",
      "value": "Brute Force - T1110",
      "tag_name": "tlp:white",
      "description": "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained...",
      "galaxy_id": "12345",
      "source": "https://github.com/mitre/cti",
      "authors": [
        "MITRE"
      ],
      "version": "1",
      "distribution": "0",
      "sharing_group_id": "1",
      "org_id": "12345",
      "orgc_id": "12345",
      "default": true,
      "locked": true,
      "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "extends_version": "1",
      "published": false,
      "deleted": false,
      "GalaxyElement": [
        {
          "id": "12345",
          "galaxy_cluster_id": "12345",
          "key": "categories",
          "value": "Military"
        }
      ]
    }
  }
]

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Get galaxy cluster by ID:

Get

https://misp.local/galaxy_clusters/view/{galaxyClusterId}

Response:

200:

{
  "GalaxyCluster": {
    "id": "12345",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "collection_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "type": "mitre-enterprise-attack-attack-pattern",
    "value": "Brute Force - T1110",
    "tag_name": "tlp:white",
    "description": "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained...",
    "galaxy_id": "12345",
    "source": "https://github.com/mitre/cti",
    "authors": [
      "MITRE"
    ],
    "version": "1",
    "distribution": "0",
    "sharing_group_id": "1",
    "org_id": "12345",
    "orgc_id": "12345",
    "default": true,
    "locked": true,
    "extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "extends_version": "1",
    "published": false,
    "deleted": false,
    "GalaxyElement": [
      {
        "id": "12345",
        "galaxy_cluster_id": "12345",
        "key": "categories",
        "value": "Military"
      }
    ],
    "Galaxy": {
      "id": "12345",
      "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
      "name": "Ransomware",
      "type": "ransomware",
      "description": "Ransomware galaxy based on ...",
      "version": "1",
      "icon": "globe",
      "namespace": "misp",
      "kill_chain_order": {
        "fraud-tactics": [
          "Initiation",
          "Target Compromise",
          "Perform Fraud",
          "Obtain Fraudulent Assets",
          "Assets Transfer",
          "Monetisation"
        ]
      }
    },
    "GalaxyClusterRelation": [
      {
        "id": "12345",
        "galaxy_cluster_id": "12345",
        "key": "categories",
        "value": "Military"
      }
    ],
    "Org": {
      "id": "12345",
      "name": "ORGNAME",
      "date_created": "2021-06-14 14:29:19",
      "date_modified": "2021-06-14 14:29:19",
      "description": "string",
      "type": "ADMIN",
      "nationality": "string",
      "sector": "string",
      "created_by": "12345",
      "uuid": "string",
      "contacts": "string",
      "local": true,
      "restricted_to_domain": [
        "example.com"
      ],
      "landingpage": "string",
      "user_count": "3",
      "created_by_email": "string"
    },
    "Orgc": {
      "id": "12345",
      "name": "ORGNAME",
      "date_created": "2021-06-14 14:29:19",
      "date_modified": "2021-06-14 14:29:19",
      "description": "string",
      "type": "ADMIN",
      "nationality": "string",
      "sector": "string",
      "created_by": "12345",
      "uuid": "string",
      "contacts": "string",
      "local": true,
      "restricted_to_domain": [
        "example.com"
      ],
      "landingpage": "string",
      "user_count": "3",
      "created_by_email": "string"
    },
    "tag_count": 0,
    "tag_id": "12345"
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Publish galaxy cluster:

POST

https://misp.local/galaxy_clusters/publish/{galaxyClusterId}

Response:

200:

{
  "message": "Publish job queued. Job ID: 4e9d26c275a7b190fcab10029df8c6b6"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Unpublish galaxy cluster:

POST

https://misp.local/galaxy_clusters/unpublish/{galaxyClusterId}

Response:

200:

{
  "saved": true,
  "success": true,
  "name": "GalaxyCluster unpublished",
  "message": "GalaxyCluster unpublished",
  "url": "/galaxy_clusters/publish/1"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Delete galaxy cluster:

POST

https://misp.local/galaxy_clusters/unpublish/{galaxyClusterId}

Response:

200:

{
  "saved": true,
  "success": true,
  "name": "Galaxy cluster successfuly soft deleted.",
  "message": "Galaxy cluster successfuly soft deleted.",
  "url": "/galaxy_clusters/delete/1"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Restore galaxy cluster:

POST

https://misp.local/galaxy_clusters/unpublish/{galaxyClusterId}

Response:

200:

{
  "saved": true,
  "success": true,
  "name": "GalaxyCluster restored",
  "message": "GalaxyCluster restored",
  "url": "/galaxy_clusters/restore/1"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}