Closed ipfyx closed 3 years ago
Hi, thank you for PR. I have integrated it but also took this PR to refactor outpout of mispsight to:
number of fields has increased but can be easily filter out, for example | fields - misp_* could you check version 4.0.1 on this repo and provide me feedback thank you again for your interest in misp42
Hi, I am new to app development in splunk. Any tips please ? How do you develop misp42splunk ? How do you debug it ? I am currently editing the code of the app installed with the splunk store...
I am kind of use to pdb with breakpoints etc. I would like to run mispgetioc from the cmdline for example, because debuging it using only logs after a websearch is a nightmare... Thanks.
Hi, I simply develop and test on a Splunk instance using debug messages on key points I haven't tried to emulate cloud from command line What would you like to change to misp42? -- Sent with K-9 Mail.
mispsight should return some column when all sigthings are at 0 (sigthing, false positive and expiration). Otherwise, none appears for attributes with sigthing info. mispsight can then be used to filter out false positive.
|mispsight misp_instance=misp field=misp_ip_dst |search misp_fp="False"