MISP Object Attributes Not Correlated with UUID

remg427 / misp42splunk

A Splunk app to use MISP in background

GNU Lesser General Public License v3.0

109 stars 30 forks source link

MISP Object Attributes Not Correlated with UUID #172

Closed malvidin closed 3 years ago

malvidin commented 3 years ago

When mispgetioc returns a type of misp_object, the values cannot be correlated to the UUID for each attribute.

The output=raw option returns each attribute separately in a JSON blob that can be parsed with spath, but I expected a reproducible way to correlate the attribute UUID and its value from the default table output.

remg427 commented 3 years ago

Hi, thanks for using misp42 in version 4, mispgetioc has a new parameter expand_object (boolean). If true each attribute of an object is on a different row with its properties.