Comments (8)
iglocska
commented on September 22, 2024
Sure, have a look here for the available filters and their usage:
https://circl.lu/doc/misp/automation/index.html#filtering-event-metadata
You can also pass them via the url as parameters but it is advised against since special characters in url parameters can be an issue. Though in your case the dates would work.
What you probably want:
searchdatefrom (YYYY-MM-DD - using the date field)
searchdateto (YYYY-MM-DD - using the date field)
searchtimestamp (timestamp - using the event timestamp, sadly not in the documentation yet)
searchpublishtimestamp (timestamp - using the event timestamp, sadly not in the documentation yet)
So if you wanted to use the timestamp (that is the last modification to the event):
POST to:
https://mymisp/events/index
Using the headers:
Authorization: my_api_key
Accept: application/json
Content-type: application/json
Body:
{"searchtimestamp":your_timestamp_threshold}
Or simply use a GET request and fetch:
https://mymisp/events/index/searchtimestamp:my_timestamp
from misp-book.
jdell64
commented on September 22, 2024
Oh nice! So, this may be related:
sorry for opening so many issues. I did try to do a pull request, but alas, I don't know PHP that well.
Does searchtimestamp specify a start time, or an exact time?
from misp-book.
jdell64
commented on September 22, 2024
Additionally, does the code just convert the timestamp to YYYY-MM-DD? Does it end up dropping the hour and minute fields?
from misp-book.
iglocska
commented on September 22, 2024
No worries at all, the more the merrier.
They are different fields.
Basically, the event has a user-set field called "date" in YYYY-MM-DD format with the precision only being a date.
There is the publish timestamp, which is a unix timestamp representing when the event was last published and there is also the timestamp field which is simply the timestamp the event was last edited at.
from misp-book.
chriswhite199
commented on September 22, 2024
Clarification question related to this - when passing to / from dates in yyyy-MM-dd format, how are time zones dealt with - are all date values assumed to be in the standard UTC, or are they interpreted based upon the timezone of the server you're querying?
If the later if true, then can you affect this by passing an HTTP header or (undocumented?) query param to denote the target timezone of the from / to dates passed?
from misp-book.
jdell64
commented on September 22, 2024
Any update on this?
from misp-book.
adulau
commented on September 22, 2024
This should have been fixed in MISP/MISP@c60cc78 - could you pull and test it? Thanks a lot.
from misp-book.
jdell64
commented on September 22, 2024
I believe this is resolved... I'm not hosting my own instance, but using the ops-trust.net one.
from misp-book.
Related Issues (20)
- Lack of documentation regarding feeds / synchronisation HOT 4
- Document how to create a new dashboard widget
- Document relations / event graph
- Document event report functionality
- Document correlation exclusions functionality HOT 2
- Document what a NIDS SID is HOT 1
- Document includeCorrelations HOT 1
- Document syslog behavior especially priority and RHEL
- Document PHP developer debugging / troubleshooting techniques HOT 2
- Document decaying system
- Document correlation engine HOT 2
- Document existing dashboard widgets / usage
- Document warninglists checkValue functionality
- Create a "basic misp usage" section
- Update screenshots according to changes in top menu (v2.4.144)
- Document how to create simple scheduled job to trigger (pull) sync
- Rename Bro to zeek
- https://misp-project.org/MISP-sizer/ return not found HOT 1
- Workflow Module Error - Invalid argument supplied for foreach HOT 1
- Document local tagging permissions
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from misp-book.