search

remg427 / misp42splunk

A Splunk app to use MISP in background
GNU Lesser General Public License v3.0
109 stars 30 forks source link

FEATURE REQUESTS - Search IoCs using pagination #206

Open pietrogu opened 2 years ago

pietrogu commented 2 years ago

Hi,

when I import from MISP a big number of IoCs, often I receive a Timeout. Could it be possible to give the possibility to make the search using the pagination feature provided by MISP?

Thanks, Pietro

remg427 commented 2 years ago

Hi Thank you for using misp42 This is already possible just use limit= and page= to retrieve paginated results Default limit is 1000 and default page is 1 On splunk you may use

|mispgetioc limit=10000 page=1 | append [ |mispgetioc limit=10000 page=2] | append [ |mispgetioc limit=10000 page=3]

Hope it helps Best regards Remi -- Sent with K-9 Mail.

pietrogu commented 2 years ago

Thank you!

pietrogu commented 1 year ago

Hi,

sorry if I reopen, is there maybe something that let this to without knowing how much page are needed?

remg427 commented 1 year ago

Hi, to be tested but I think using | misprest and in json_request returnFormat=count will return the number of results