Open Alaa-HIjazi opened 4 years ago
mokaddem
commented
4 years ago This endpoint is deprecated. Please use the restSearch endpoint which provide more options.
curl \
-d '{"returnFormat":"suricata","page":"1","limit":"60"}' \
-H "Authorization: ..." \
-H "Accept: application/json" \
-H "Content-type: application/json" \
-X POST https://localhost/attributes/restSearchAlso the built-in REST Client /servers/rest may prove useful for endpoint documentation and query crafting.
Alaa-HIjazi
commented
4 years ago Yes but im running into the same issue, i installed snort for ubuntu but what for the configuration ?, i also tried the url in the documentation : https://misp.local/events/nids/snort/download and i got the same message
mokaddem
commented
4 years ago What issue are your referring to? The fact that the export is empty or the notice about reminding you to set your environment variable to match what is described?
Alaa-HIjazi
commented
4 years ago Both, since it's empty and setting up the environment, even when i use the direct url to download it as snort i get the same issue in a downloaded text file
mokaddem
commented
4 years ago For the notice it's not an issue at all, it's just a reminder.
For the empty response, it depends on the query you are performing.
For me, the following request works just fine. It returns me 10 attributes having the to_ids flag set
/attributes/restSearch
{
"returnFormat": "suricata",
"page": "1",
"limit": "10"
}Could you paste your query here? Thanks
Alaa-HIjazi
commented
4 years ago let's say i want to download a suricata format then i'am taking the documentation url : https://misp.local/events/nids/snort/download/ and i get the same results .
I'am trying to Curl with nids : curl -k --header "Authorization: key" --header "Accept: application/json" --header "Content-Type: application/json" https://misp.local/events/nids/suricata/download/2/false/tag1/ the following output is shown:
Any Suggestions ?