New InfoController for Rest API
70 views
Skip to first unread message
Gustavo Guillermo Perez
Jul 7, 2016, 5:57:33 PM7/7/16
to MISP development
Hello dear MISP Developer Staff, I'm in the process to compose an InfoController to facilitate the query of an event list with event info included, or make this list searching by info field.
In automation processes is very useful to have a way to discover or search the ID by the Event Info field, so before the headaches with the code (I'm using as a template EventsController.php and routed via route.php in the config section), I have a simple question: ¿The already written code for events in the REST API doesn't allow that right?
I'm using to automate the suggested PyMISP API, and does not look a good option to retrieve each event with full attributes to see only the event info field, or even to discover available Event IDs.
Best regards in advance for clarification, perhaps I've missed something in the documentation.
In automation processes is very useful to have a way to discover or search the ID by the Event Info field, so before the headaches with the code (I'm using as a template EventsController.php and routed via route.php in the config section), I have a simple question: ¿The already written code for events in the REST API doesn't allow that right?
I'm using to automate the suggested PyMISP API, and does not look a good option to retrieve each event with full attributes to see only the event info field, or even to discover available Event IDs.
Best regards in advance for clarification, perhaps I've missed something in the documentation.
Andras Iklody
Jul 8, 2016, 8:42:35 AM7/8/16
to Gustavo Guillermo Perez, MISP development
Hello Gustavo,
I don't think a new Controller is needed for something like this, simply a new API if you would like to create a PR for one within the events controller.
But even that, there is a nice solution for your issue already in MISP that you might want to look into (and I am sorry for this not being better documented):
You can filter the event index via parameters and receive a JSON back with the event metadata as a response.
So if you would like to receive a list of all event metadata that contains the word "locky", then you can POST the following message to MISP:
Headers:
Authorization: <Your API key>
Content-type: application/json
Accept: application/json
Body:
{"searcheventinfo":"Locky"}
The JSON in the body can include any of the search parameters used by the filter tool on the UI (click the little magnifying glass).
I've created a github issue for the lacking documentation, you can track it here: https://github.com/MISP/MISP/issues/1347
Let me know if you have any other questions!
Best regards,
Andras
--
You received this message because you are subscribed to the Google Groups "MISP development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to misp-devel+...@googlegroups.com.
To post to this group, send email to misp-...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/misp-devel/c1b5437f-fee5-44c9-a00d-8cc2ff10aa1c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Gustavo Guillermo Perez
Jul 13, 2016, 3:30:01 PM7/13/16
to MISP development
Thanks a lot, sorry I didn't figure out it reading the source code. It's a better idea to try what you say.
Thanks again for the update.
Thanks again for the update.
Reply all
Reply to author
Forward
0 new messages