search

remg427 / misp42splunk

A Splunk app to use MISP in background
GNU Lesser General Public License v3.0
109 stars 30 forks source link

Last parameter not working #222

Closed Gh1Dra0 closed 1 year ago

Gh1Dra0 commented 1 year ago

While using last=1h the filter doesn't works. It also gives misp IoCs from a very long time in past. It seems it got depreciated in MISP.

remg427 commented 1 year ago

Hi. Thank you for reporting. I'll check and improve Remi

Le 10 décembre 2022 00:41:11 GMT+01:00, Gh1Dra0 @.***> a écrit :

While using last=1h the filter doesn't works. It also gives misp IoCs from a very long time in past. It seems it got depreciated in MISP.

-- Reply to this email directly or view it on GitHub: https://github.com/remg427/misp42splunk/issues/222 You are receiving this because you are subscribed to this thread.

Message ID: @.***> -- Sent with K-9 Mail.

remg427 commented 1 year ago

Hi Be aware that last applies on last publish timestamp of eventvand not at attributes timestamp level I.e. it returns all attributes of an event published in last hour Cheers

Le 10 décembre 2022 00:41:11 GMT+01:00, Gh1Dra0 @.***> a écrit :

While using last=1h the filter doesn't works. It also gives misp IoCs from a very long time in past. It seems it got depreciated in MISP.

-- Reply to this email directly or view it on GitHub: https://github.com/remg427/misp42splunk/issues/222 You are receiving this because you are subscribed to this thread.

Message ID: @.***> -- Sent with K-9 Mail.