There is a error in code of the cutom command mispgetevent and mispfect and option pipesplit=true to process MISP combined attributes such as domain|ip and return 2 distinct fields (misp_domain and misp_ip in this example).
AttributeError at "/opt/splunk/etc/apps/misp42splunk/bin/mispgetevent.py", line 212 : 'dict' object has no attribute 'deepcopy'
The custom command mispgetioc is not impacted and works as expected with pipesplit=true.
Solution
upgrade to MISP42 4.3.1.1
keep option pipesplit unset or set to pipesplit=false and process the field in the SPL
Impacted version: MISP42 4.3.1
Problem
There is a error in code of the cutom command mispgetevent and mispfect and option pipesplit=true to process MISP combined attributes such as domain|ip and return 2 distinct fields (misp_domain and misp_ip in this example).
AttributeError at "/opt/splunk/etc/apps/misp42splunk/bin/mispgetevent.py", line 212 : 'dict' object has no attribute 'deepcopy'The custom command mispgetioc is not impacted and works as expected with pipesplit=true.
Solution