PyMISP icon indicating copy to clipboard operation
PyMISP copied to clipboard

Published 20 hours ago verified publisher icon MISP

Servers hits not included in get_event() response

Open jyurkunas opened this issue 3 years ago • 0 comments

Server feed hits are not present in the JSON response when querying an existing MISP event using get_event(). Server feed hits and regular feed hits appear to be treated the same in the MISP user interface. Example below using test data:

1 is a traditional MISP feed hit S2:1 is a server feed hit image

When querying the same event using pymisp get_event(), only the 1 is present anywhere in the response: (json response is truncated & filtered)

{
    "Event": {
        "id": "1234",
        "orgc_id": "2",
        "org_id": "2",
        "date": "some_date",
        "threat_level_id": "4",
        "info": "some_event_info",
        "published": false,
        "uuid": "some_event_uuid",
        "attribute_count": "14",
        "analysis": "0",
        "timestamp": "some_timestamp",
        "distribution": "0",
        "proposal_email_lock": false,
        "locked": false,
        "publish_timestamp": "0",
        "sharing_group_id": "0",
        "disable_correlation": false,
        "extends_uuid": "",
        "protected": null,
        "Feed": [
            {
                "id": "1",
                "name": "CIRCL OSINT Feed",
                "url": "https://www.circl.lu/doc/misp/feed-osint",
                "provider": "CIRCL",
                "source_format": "misp",
                "event_uuids": [
                    "some_event_uuid"
                ]
            }
        ],
}

jyurkunas avatar Oct 04 '22 21:10 jyurkunas