The MISP is an open-source software solution for collecting, storing, distributing, and sharing cyber security data. The flexibility and power of MISP contribute to its wide adoption, making it an important data source.
Use Case
Template authors should be able to fetch MISP events to be described / rendered in the reports.
execution properties (taken from Events search endpoint query parameters):
value - (required) a string attribute
type - (optional) a string attribute, enum
category - (optional) a string attribute, enum
org - (optional) a string attribute
tags - (optional) an attribute that contains a list of strings
event_tags - (optional) an attribute that contains a list of strings
searchall - (optional) a string attribute
from / to / last -- optional string attributes
event_id -- (optional) int attribute (eventid in the request query)
with_attachments -- (optional) bool attribute (withAttachments in the request query)
sharing_groups -- (optional) a list of strings (sharinggroup in the request query)
only_metadata -- (optional) bool attribute (metadata in the request query)
uuid -- (optional) string attribute
include_sightings -- (optional) bool attribute (includeSightingdb in the request query)
threat_level_id -- (optional) int attribute, enum
limit - (optional) int attribute
Client's behavior:
as with other plugins, the pagination (if needed) is done in the backend and is not configurable by the user. The user only provides a limit value to cap the number of results returned.
the client uses json as returnFormat query parameter value
Description
The MISP is an open-source software solution for collecting, storing, distributing, and sharing cyber security data. The flexibility and power of MISP contribute to its wide adoption, making it an important data source.
Use Case
Template authors should be able to fetch MISP events to be described / rendered in the reports.
API docs -- https://www.misp-project.org/openapi/#tag/Events
Requirements
api_key
- (required) a string attributevalue
- (required) a string attributetype
- (optional) a string attribute, enumcategory
- (optional) a string attribute, enumorg
- (optional) a string attributetags
- (optional) an attribute that contains a list of stringsevent_tags
- (optional) an attribute that contains a list of stringssearchall
- (optional) a string attributefrom
/to
/last
-- optional string attributesevent_id
-- (optional) int attribute (eventid
in the request query)with_attachments
-- (optional) bool attribute (withAttachments
in the request query)sharing_groups
-- (optional) a list of strings (sharinggroup
in the request query)only_metadata
-- (optional) bool attribute (metadata
in the request query)uuid
-- (optional) string attributeinclude_sightings
-- (optional) bool attribute (includeSightingdb
in the request query)threat_level_id
-- (optional) int attribute, enumlimit
- (optional) int attributeClient's behavior:
limit
value to cap the number of results returned.json
asreturnFormat
query parameter valueAdditional Information
restSearchEvents
endpoint docs - https://www.misp-project.org/openapi/#tag/Events/operation/restSearchEvents