remg427 / misp42splunk

A Splunk app to use MISP in background
GNU Lesser General Public License v3.0
108 stars 30 forks source link

Feature Request: Delete tags using send alert #185

Closed ag-michael closed 3 years ago

ag-michael commented 3 years ago

Hi @remg427 ,

Would it be possible to remove tags from attributes using misp42? I have a use case where this would solve a lot of problems.

Thanks in advance!

remg427 commented 3 years ago

Hi, With version 4.0.0 and higher this is doable using misprest. With misprest you use any MISP API endpoint. You need to prepare json_request using for example a subsearch to prepare the string. Not trivial but doable. I could share an example if you need. Thanks for using misp42.

-- Sent with K-9 Mail.

ag-michael commented 3 years ago

@remg427 I know you can do json_request, but how can I specify the URL endpoint?

This is the simple request I'm trying to make in curl format:

curl \
 -d '{}' \
 -H "Authorization: <apikey>" \
 -H "Accept: application/json" \
 -H "Content-type: application/json" \
 -X POST https://misp.mydomain.com/attributes/removeTag/6617124/88196

I'd be grateful for an example.

remg427 commented 3 years ago

If you use 4.0.0 there is a dashboard for misprest allowing you to build a working command -- Sent with K-9 Mail.

ag-michael commented 3 years ago

Thanks @remg427 . I'll close this issue out, I'll test 4.0.0 this or next week.