remg427
commented
4 years ago Hi, I don't know how to define tags are local from Splunk. thought you just have to create them as local.Is there any REST query that set this?
Closed Belrix closed 3 years ago
remg427
commented
4 years ago Hi, I don't know how to define tags are local from Splunk. thought you just have to create them as local.Is there any REST query that set this?
remg427
commented
3 years ago in version 4 you can publish on creation regarding local tag, I think that if you create them on MISP as local (not exportable) then you can set them via alert action and it should be fine
remg427
commented
3 years ago implemented on 4.0.0
It would be helpful to define whether tags are local or global (we do a lot of automation for sec tools based on tags). Also, a flag to publish event when sent? BTW - big fan of misp42splunk. Really helping us out.