feature: mispgetioc support for decaying score added

remg427 / misp42splunk

A Splunk app to use MISP in background

GNU Lesser General Public License v3.0

109 stars 30 forks source link

feature: mispgetioc support for decaying score added #241

Closed Benni0 closed 1 year ago

Benni0 commented 1 year ago

Hi,

I've added some options to query and filter scores from decaying models.

GuillaumeBrn commented 1 year ago

As it been adopted ? If yes, how can we query them ?

Benni0 commented 1 year ago

@GuillaumeBrn If you use Version 4.3.0 (the version from Splunkbase is older), you can query the decaying score with include_decay_score=t. But be aware that there is a bug in MISP, which can be problematic if you use pagination and exclude decayed attributes. https://github.com/MISP/MISP/issues/9175