jnahorny
commented
4 years ago I have no idea why this has been labelled as 'bug'. I can't figure that out. Nor how to change it. Sorry :(
Open jnahorny opened 4 years ago
jnahorny
commented
4 years ago I have no idea why this has been labelled as 'bug'. I can't figure that out. Nor how to change it. Sorry :(
jnahorny
commented
4 years ago @nadouani Hi, could you please let me know what are your thoughts / plans regarding this? Do you think this should be implemented ~ like I've described it? Or you have some other idea? Also, are you willing to do it yourself (and if yes, how do you estimate the timeline for that), or should I do it, and send a pull-request? Thanks!
nadouani
commented
4 years ago The FR is meaningful and I think you have correctly described the way it should be implemented:
autoPublish)autoPublish flag returned by the /api/status APIExportFeel free to submit a PR for it, and we will take it.
Allow setting 'published' to 'true' for MISP event exporter.
Request Type
Feature Request
Problem Description
At the moment, in
./thehive-misp/app/connectors/misp/MispExport.scalawe havepublishedhardcoded to befalseformispEventJSON object. This is in line with the documentation, which says:That's fine. But I'd like to add a possibility to 'publish' the event automatically. This could help to avoid the scenario, where an analyst needs to go to MISP to do just a single thing: publish the event.
I'm thinking about two ways of implementing this, and actually they both could even be used the same time:
mispblock of theapplication.conffile), naturally, leavingfalseas the default.application.conf. So, if you havefalsein the config, the checkbox is blank; if you changed totrue, it is checked (but possible to un-check, to allow a decision on per-event basis).I'd like to work on that, but first I wanted to check out with you, if there's a chance for this feature to be then merged into TheHive. I want to avoid maintaining my own patch / fork, as this is super annoying in long run.