Skip to content

Commit 323bec0

Browse files
m1nk-codem1nk-code
authored
Create misp.md
1 parent 37248b8 commit 323bec0

1 file changed

Lines changed: 34 additions & 0 deletions

File tree

docs/misp.md

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,34 @@
1+
# Automation API
2+
3+
Automation functionality is designed to automatically generate signatures for intrusion detection systems. To enable signature generation for a given attribute, Signature field of this attribute must be set to Yes. Note that not all attribute types are applicable for signature generation, currently we only support NIDS signature generation for IP, domains, host names, user agents etc., and hash list generation for MD5/SHA1 values of file artefacts. Support for more attribute types is planned. To make this functionality available for automated tools an authentication key is used. This makes it easier for your tools to access the data without further form-based-authentication.
4+
5+
## General
6+
7+
### Automation URL
8+
The documentation will include a default MISP URL in the examples. Don't forget to replace it with your MISP URL.
9+
10+
Default MISP URL in the documentation:
11+
12+
``` https://<misp url>/ ```
13+
14+
### Automation key
15+
The authentication of the automation is performed via a secure key available in the MISP UI interface. Make sure you keep that key secret as it gives access to the entire database! The [API](https://misp.gitbooks.io/misp-book/content/GLOSSARY.html#api) key is available in the event actions menu under automation.
16+
17+
Since version 2.2 the usage of the authentication key in the URL is deprecated. Instead, pass the auth key in an Authorization header in the request. The legacy option of having the auth key in the URL is temporarily still supported but not recommended.
18+
19+
The authorization is performed by using the following header:
20+
21+
``` Authorization: YOUR API KEY ```
22+
23+
When submitting data in a POST, PUT or DELETE operation you also need to specify in what content-type you encoded the payload. This is done by setting one of the below Content-Type headers:
24+
25+
```
26+
Content-Type: application/json
27+
Content-Type: application/xml
28+
```
29+
30+
**Example**
31+
32+
```curl --header "Authorization: YOUR API KEY" --header "Accept: application/json" --header "Content-Type: application/json" https://<misp url>/```
33+
34+
By appending .json or .xml the content type can also be set without the need for a header.

0 commit comments

Comments
 (0)