Closed ag-michael closed 3 years ago
Hi I agree Do you know how to do that via MISP API? -- Sent with K-9 Mail.
@remg427 I was trying to do a PR to implement this and I found in your code setting misp_attribute_tag actually does this! I think all that's missing is documenting it here: https://github.com/remg427/misp42splunk/blob/master/docs/mispalerts.md
As an aside, I'm running into a separate problem where this line is causing events to be unpublished by default, would be great if we can control this as a parameter: https://github.com/remg427/misp42splunk/blob/master/misp42splunk/bin/modalert_misp_alert_create_event_helper.py#L261
I'll open a separate issue if I can't figure that out on my own.
Hi,
I couldn't find a way to apply attribute level tags when using
|sendalert misp_alert_create_event ..
this would be a great feature to have, lots of context will be lost otherwise.