Skip to main content

Sighting

Get sightings by event ID:

GET

https://misp.local/sightings/index/{eventId}

Response: 

200:

{
  "Tag": [
    {
      "id": "12345",
      "name": "tlp:white",
      "colour": "#ffffff",
      "exportable": true,
      "org_id": "12345",
      "user_id": "12345",
      "hide_tag": false,
      "numerical_value": "12345",
      "is_galaxy": true,
      "is_custom_galaxy": true,
      "inherited": 1
    }
  ]
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Add sightings of a list of values:

POST

https://misp.local/sightings/add

Request:
{
  "values": [
    "127.0.0.1"
  ],
  "timestamp": "1617875568",
  "filters": {
    "page": 1,
    "limit": 0,
    "value": "127.0.0.1",
    "value1": "127.0.0.1",
    "value2": "127.0.0.1",
    "type": "md5",
    "category": "Internal reference",
    "org": "12345",
    "tags": [
      "tlp:amber"
    ],
    "from": "string",
    "to": "string",
    "last": 0,
    "eventid": "12345",
    "withAttachments": false,
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "publish_timestamp": "1617875568",
    "published": false,
    "timestamp": "1617875568",
    "attribute_timestamp": "1617875568",
    "enforceWarninglist": true,
    "to_ids": true,
    "deleted": false,
    "event_timestamp": "1617875568",
    "threat_level_id": "1",
    "eventinfo": "string",
    "sharinggroup": [
      "1"
    ],
    "decayingModel": "string",
    "score": "string",
    "first_seen": "string",
    "last_seen": "string",
    "includeEventUuid": false,
    "includeEventTags": false,
    "includeProposals": false,
    "requested_attributes": [
      "id"
    ],
    "includeContext": true,
    "headerless": true,
    "includeWarninglistHits": true,
    "attackGalaxy": "mitre-attack",
    "object_relation": "filepath",
    "includeSightings": true,
    "includeCorrelations": true,
    "modelOverrides": {
      "lifetime": 3,
      "decay_speed": 2.3,
      "threshold": 30,
      "default_base_score": 80,
      "base_score_config": {
        "estimative-language:confidence-in-analytic-judgment": 0.25,
        "estimative-language:likelihood-probability": 0.25,
        "phishing:psychological-acceptability": 0.25,
        "phishing:state": 0.2
      }
    },
    "includeDecayScore": false,
    "includeFullModel": false,
    "excludeDecayed": false,
    "returnFormat": "json"
  }
}
Response: 

200:

{
  "id": "12345",
  "attribute_id": "12345",
  "event_id": "12345",
  "org_id": "12345",
  "date_sighting": "1617875568",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "source": "string",
  "type": "string",
  "attribute_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "Organisation": {
    "id": "12345",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "name": "ORGNAME"
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Add sighting of an attribute:

POST

https://misp.local/sightings/add/{attributeId}

Response: 

200:

{
  "id": "12345",
  "attribute_id": "12345",
  "event_id": "12345",
  "org_id": "12345",
  "date_sighting": "1617875568",
  "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "source": "string",
  "type": "string",
  "attribute_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
  "Organisation": {
    "id": "12345",
    "uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
    "name": "ORGNAME"
  }
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

Delete sighting:

POST

https://misp.local/sightings/delete/{sightingId}

Response: 

200:

{
  "saved": true,
  "success": true,
  "name": "Sighting successfully deleted.",
  "message": "Sighting successfully deleted.",
  "url": "/sightings/delete/1"
}

403:

{
  "name": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "message": "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.",
  "url": "/attributes"
}

404:

{
  "name": "Invalid attribute",
  "message": "Invalid attribute",
  "url": "/attributes/1234"
}

Default:

{
  "name": "string",
  "message": "string",
  "url": "/attributes"
}

 

Back to top