openapi: 3.0.0 info: title: MISP Automation API version: "2.4" description: | ### Getting Started MISP API allows you to query, create, modify data models, such as [Events](https://www.circl.lu/doc/misp/GLOSSARY.html#misp-event), [Objects](https://www.circl.lu/doc/misp/misp-objects/), [Attributes](https://www.circl.lu/doc/misp/GLOSSARY.html#misp-attribute). This is extremly useful for interconnecting MISP with external tools and feeding other systems with threat intel data. It also lets you perform administrative tasks such as creating users, organisations, altering MISP settings, and much more. To get an API key there are several options: * **[UI]** Go to [My Profile -> Auth Keys](/auth_keys/index) section and click on `+ Add authentication key` * **[UI]** As an admin go to the the [Administration -> List Users -> View](/admin/users/view/[id]) page of the user you want to create an auth key for and on the `Auth keys` section click on `+ Add authentication key` * **[CLI]** Use the following command: `./app/Console/cake user change_authkey [e-mail/user_id]` * **API** Provided you already have an admin level API key, you can create an API key for another user using the `[POST]/auth_keys/add/{{user_id}}` endpoint. > **NOTE:** The authentication key will only be displayed once, so take note of it or store it properly in your application secrets. #### Accept and Content-Type headers When performing your request, depending on the type of request, you might need to explicitly specify in what content type you want to get your results. This is done by setting one of the below `Accept` headers: Accept: application/json Accept: application/xml When submitting data in a `POST`, `PUT` or `DELETE` operation you also need to specify in what content-type you encoded the payload. This is done by setting one of the below `Content-Type` headers: Content-Type: application/json Content-Type: application/xml Example: ``` curl --header "Authorization: YOUR_API_KEY" \ --header "Accept: application/json" \ --header "Content-Type: application/json" https:/// ``` > **NOTE**: By appending .json or .xml the content type can also be set without the need for a header. #### Automation using PyMISP [PyMISP](https://github.com/MISP/PyMISP) is a Python library to access MISP platforms via their REST [API](https://www.circl.lu/doc/misp/GLOSSARY.html#api). It allows you to fetch events, add or update events/attributes, add or update samples or search for attributes. ### FAQ * [Dev FAQ](https://www.circl.lu/doc/misp/dev-faq/) * [GitHub project FAQ](https://github.com/MISP/MISP/wiki/Frequently-Asked-Questions) servers: - url: https://misp.local tags: - name: Analyst Data description: "Analyst Data allows analysts to share and add their own analysis to any MISP data having an UUID. They can be one of these three type: Analyst Note, Analyst Opionion or Analyst Relationship." - name: Attributes description: "Attributes in MISP can be network indicators (e.g. IP address), system indicators (e.g. a string in memory) or even bank account details." externalDocs: url: https://www.circl.lu/doc/misp/GLOSSARY.html#misp-attribute - name: Events description: "MISP events are encapsulations for contextually related information represented as attributes and objects." externalDocs: url: https://www.circl.lu/doc/misp/GLOSSARY.html#misp-event - name: Galaxies description: "Galaxies in MISP are a method used to express a large object called cluster that can be attached to MISP events or attributes." externalDocs: url: https://www.circl.lu/doc/misp/galaxy/ - name: Galaxy Clusters description: "A galaxy cluster that can be attached to MISP events or attributes." externalDocs: url: https://www.circl.lu/doc/misp/galaxy/ - name: Users description: "As an admin (not to be confused with Org Admin), you can set up new accounts for users, edit user profiles, delete them, or just have a look at all the viewers' profiles." externalDocs: url: https://www.circl.lu/doc/misp/administration/#users - name: Organisations description: "Each users belongs to an organisation. As admin, you can manage these organisations." externalDocs: url: https://www.circl.lu/doc/misp/administration/#organisations - name: Servers description: "Servers represent MISP instances we are connected to and from which we can pull/push data from/to." externalDocs: url: https://www.circl.lu/doc/misp/sharing/ - name: Sharing Groups description: "Sharing groups in MISP are a more granular way to create re-usable distribution lists for events/attributes that allow users to include organisations from their own instance (local organisations) as well as organisations from directly, or indirectly connected instances (external organisations)." externalDocs: url: https://www.circl.lu/doc/misp/sharing/#sharing-groups - name: Feeds description: "Feeds are remote or local resources containing indicators that can be automatically imported into MISP at regular intervals. Feeds can be structured in [MISP format](https://www.circl.lu/doc/misp/GLOSSARY.html#misp-format), CSV format or even free-text format." externalDocs: url: https://www.circl.lu/doc/misp/managing-feeds/#feeds - name: Objects description: "MISP objects are in addition to MISP attributes to allow advanced combinations and concatenation of attributes. The creation of these objects and their associated attributes are based on real cyber security use-cases and existing practices in information sharing." externalDocs: url: https://www.circl.lu/doc/misp/misp-objects/ - name: Tags description: "" externalDocs: url: https://www.circl.lu/doc/misp/quick-start/#tags-and-taglist - name: Sightings description: "Sightings is a system allowing people to react on attributes on an event. It was originally designed to provide an easy method for user to tell when they see a given attribute, giving it more credibility." externalDocs: url: https://www.circl.lu/doc/misp/sightings/ - name: Warninglists description: "MISP warninglists are lists of well-known indicators that can be associated to potential false positives, errors or mistakes." externalDocs: url: https://www.circl.lu/doc/misp/warninglists/ - name: Noticelists description: "Notice lists to inform MISP users of the legal, privacy, policy or even technical implications of using specific attributes, categories or objects." externalDocs: url: https://www.circl.lu/doc/misp/noticelists/ - name: Logs description: "Users with audit permissions are able to browse or search logs that MISP automatically appends each time certain actions are taken (actions that modify data or if a user logs in and out)." externalDocs: url: https://www.circl.lu/doc/misp/administration/#using-misp-logs - name: AuthKeys description: "AuthKeys are used to authenticate MISP API requests. AuthKeys can be set to read-only, a single user can have multiple auth keys." externalDocs: url: https://www.circl.lu/doc/misp/automation/#automation-key - name: UserSettings description: "User settings enables users to customize different MISP features, such as UI elements and default API behaviors." - name: Taxonomies description: "MISP Taxonomies is a set of common classification libraries to tag, classify and organise information. Taxonomy allows to express the same vocabulary among a distributed set of users and organisations." externalDocs: url: https://www.circl.lu/doc/misp/taxonomy/#taxonomies - name: Event Report description: "Event reports can contain text under the markdown format and are stored inside an event. They can be used to describe events or processes in a readable way." paths: /analystData/add/{analystType}/{objectUUID}/{ObjectType}: post: summary: "Add analyst data" operationId: addAnalystData tags: - Analyst Data parameters: - $ref: "#/components/parameters/analystDataTypeParameter" - $ref: "#/components/parameters/analystDataObjectUUIDParameter" - $ref: "#/components/parameters/analystDataObjectTypeParameter" requestBody: $ref: "#/components/requestBodies/AddAnalystDataRequest" responses: "200": $ref: "#/components/responses/AnalystDataResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /analystData/edit/{analystType}/{analystDataID}: post: summary: "Edit analyst data" operationId: editAnalystData tags: - Analyst Data parameters: - $ref: "#/components/parameters/analystDataTypeParameter" - $ref: "#/components/parameters/analystDataIdParameter" requestBody: $ref: "#/components/requestBodies/AddAnalystDataRequest" responses: "200": $ref: "#/components/responses/AnalystDataResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /analystData/delete/{analystType}/{analystDataID}: delete: summary: "Delete Analyst data" operationId: deleteAnalystData tags: - Analyst Data parameters: - $ref: "#/components/parameters/analystDataTypeParameter" - $ref: "#/components/parameters/analystDataIdParameter" responses: "200": $ref: "#/components/responses/DeleteAnalystDataResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /analystData/index/{analystType}: get: summary: "List Analyst data" operationId: indexAnalystData tags: - Analyst Data parameters: - $ref: "#/components/parameters/analystDataTypeParameter" responses: "200": $ref: "#/components/responses/AnalystDataListResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /analystData/view/{analystType}/{analystDataID}: get: summary: "Get Analyst Data by ID" operationId: getEventById tags: - Analyst Data parameters: - $ref: "#/components/parameters/analystDataTypeParameter" - $ref: "#/components/parameters/analystDataIdParameter" responses: "200": $ref: "#/components/responses/AnalystDataResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /attributes/restSearch: post: summary: "[restSearch] Get a filtered and paginated list of attributes" description: | **This is the recommended endpoint for searching attributes.** operationId: restSearchAttributes tags: - Attributes requestBody: $ref: "#/components/requestBodies/RestSearchAttributesRequest" responses: "200": $ref: "#/components/responses/AttributesRestSearchResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /attributes/add/{eventId}: post: summary: "Add an attribute" operationId: addAttribute tags: - Attributes parameters: - $ref: "#/components/parameters/eventIdParameter" requestBody: $ref: "#/components/requestBodies/AddAttributeRequest" responses: "200": $ref: "#/components/responses/AttributeResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /attributes/edit/{attributeId}: put: summary: "Edit an attribute" operationId: editAttribute tags: - Attributes parameters: - $ref: "#/components/parameters/attributeIdParameter" requestBody: $ref: "#/components/requestBodies/EditAttributeRequest" responses: "200": $ref: "#/components/responses/AttributeResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /attributes/delete/{attributeId}: delete: summary: "Delete an attribute" operationId: deleteAttribute tags: - Attributes parameters: - $ref: "#/components/parameters/attributeIdParameter" responses: "200": $ref: "#/components/responses/DeleteAttributeResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /attributes/restore/{attributeId}: post: summary: "Restore an attribute" operationId: restoreAttribute tags: - Attributes parameters: - $ref: "#/components/parameters/attributeIdParameter" responses: "200": $ref: "#/components/responses/AttributeResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /attributes/addTag/{attributeId}/{tagId}/local:{local}: post: summary: "Add a tag to an attribute" operationId: tagAttribute tags: - Attributes parameters: - $ref: "#/components/parameters/attributeIdParameter" - $ref: "#/components/parameters/tagIdParameter" - $ref: "#/components/parameters/localParameter" responses: "200": $ref: "#/components/responses/AddAttributeTagResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /attributes/removeTag/{attributeId}/{tagId}: post: summary: "Remove a tag from an attribute" operationId: untagAttribute tags: - Attributes parameters: - $ref: "#/components/parameters/attributeIdParameter" - $ref: "#/components/parameters/tagIdParameter" responses: "200": $ref: "#/components/responses/RemoveAttributeTagResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /attributes: get: summary: "Get a list of attributes" operationId: getAttributes tags: - Attributes responses: "200": $ref: "#/components/responses/AttributeListResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /attributes/view/{attributeId}: get: summary: "Get an attribute by ID" operationId: getAttributeById tags: - Attributes parameters: - $ref: "#/components/parameters/attributeIdParameter" responses: "200": $ref: "#/components/responses/AttributeResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /attributes/attributeStatistics/{context}/{percentage}: get: summary: "Get the count of attributes per category" operationId: getAttributeStatistics tags: - Attributes parameters: - $ref: "#/components/parameters/attributeStatisticsContextParameter" - $ref: "#/components/parameters/attributeStatisticsPercentageParameter" responses: "200": $ref: "#/components/responses/AttributeStatisticsResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /attributes/describeTypes: get: summary: "Get a list of the available attribute types" operationId: describeAttributeTypes tags: - Attributes responses: "200": $ref: "#/components/responses/DescribeAttributeTypesResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /eventReports/view/{eventReportId}: get: summary: "Get event report by ID" operationId: viewEventReport tags: - Event Report parameters: - $ref: "#/components/parameters/eventReportIdParameter" responses: "200": $ref: "#/components/responses/EventReportResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /eventReports/add/{eventId}: post: summary: "Add Event Report" operationId: addEventReport tags: - Event Report parameters: - $ref: "#/components/parameters/eventIdParameter" requestBody: $ref: "#/components/requestBodies/AddEventReportRequest" responses: "200": $ref: "#/components/responses/EventReportResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /eventReports/edit/{eventReportId}: post: summary: "Edit Event Report" operationId: editEventReport tags: - Event Report parameters: - $ref: "#/components/parameters/eventReportIdParameter" responses: "200": $ref: "#/components/responses/EventReportResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /eventReports/delete/{eventReportId}/{hardDelete}: post: summary: "Delete Event Report" operationId: deleteEventReport tags: - Event Report parameters: - $ref: "#/components/parameters/eventReportIdParameter" - $ref: "#/components/parameters/hardDeleteParameterNotRequired" responses: "200": $ref: "#/components/responses/DeleteEventReportResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /eventReports/restore/{eventReportId}: post: summary: "Restore Event Report" operationId: restoreEventReport tags: - Event Report parameters: - $ref: "#/components/parameters/eventReportIdParameter" responses: "200": $ref: "#/components/responses/RestoreEventReportResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /eventReports/index: get: summary: "Get event reports" operationId: indexEventReport tags: - Event Report responses: "200": $ref: "#/components/responses/EventReportListResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /eventReports/importReportFromUrl/{eventId}: post: summary: "Import Report From URL" operationId: importFromURLEventReport tags: - Event Report parameters: - $ref: "#/components/parameters/eventIdParameter" requestBody: $ref: "#/components/requestBodies/ImportFromURLEventReportRequest" responses: "200": $ref: "#/components/responses/EventReportImportFromUrlResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /events/restSearch: post: summary: "[restSearch] Get a filtered and paginated list of events" operationId: restSearchEvents description: | **This is the recommended endpoint for searching events.** tags: - Events requestBody: $ref: "#/components/requestBodies/RestSearchEventsRequest" responses: "200": $ref: "#/components/responses/EventsRestSearchResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /events/add: post: summary: "Add event" operationId: addEvent tags: - Events requestBody: $ref: "#/components/requestBodies/AddEventRequest" responses: "200": $ref: "#/components/responses/AddEventResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /events/edit/{eventId}: put: summary: "Edit event" operationId: editEvent tags: - Events parameters: - $ref: "#/components/parameters/eventIdParameter" requestBody: $ref: "#/components/requestBodies/EditEventRequest" responses: "200": $ref: "#/components/responses/EditEventResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /events/delete/{eventId}: delete: summary: "Delete event" operationId: deleteEvent tags: - Events parameters: - $ref: "#/components/parameters/eventIdParameter" responses: "200": $ref: "#/components/responses/DeleteEventResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /events: get: summary: "Get a list of events" operationId: getEvents tags: - Events responses: "200": $ref: "#/components/responses/ExtendedEventListResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /events/index: post: summary: "Search events" operationId: searchEvents tags: - Events requestBody: $ref: "#/components/requestBodies/SearchEventRequest" responses: "200": $ref: "#/components/responses/ExtendedEventListResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /events/view/{eventId}: get: summary: "Get event by ID" operationId: getEventById tags: - Events parameters: - $ref: "#/components/parameters/eventIdParameter" responses: "200": $ref: "#/components/responses/ExtendedEventResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /events/publish/{eventId}: post: summary: "Publish an event" operationId: publishEvent tags: - Events parameters: - $ref: "#/components/parameters/eventIdParameter" responses: "200": $ref: "#/components/responses/PublishEventResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /events/unpublish/{eventId}: post: summary: "Unpublish an event" operationId: unpublishEvent tags: - Events parameters: - $ref: "#/components/parameters/eventIdParameter" responses: "200": $ref: "#/components/responses/UnpublishEventResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /events/addTag/{eventId}/{tagId}/local:{local}: post: summary: "Add event tag" operationId: tagEvent tags: - Events parameters: - $ref: "#/components/parameters/eventIdParameter" - $ref: "#/components/parameters/tagIdParameter" - $ref: "#/components/parameters/localParameter" responses: "200": $ref: "#/components/responses/AddEventTagResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /events/removeTag/{eventId}/{tagId}: post: summary: "Remove event tag" operationId: untagEvent tags: - Events parameters: - $ref: "#/components/parameters/eventIdParameter" - $ref: "#/components/parameters/tagIdParameter" responses: "200": $ref: "#/components/responses/RemoveEventTagResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /galaxies: get: summary: "Get galaxies" operationId: getGalaxies tags: - Galaxies responses: "200": $ref: "#/components/responses/GalaxyListResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" post: summary: "Search galaxies" operationId: searchGalaxies tags: - Galaxies requestBody: $ref: "#/components/requestBodies/SearchGalaxyRequest" responses: "200": $ref: "#/components/responses/GalaxyListResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /galaxies/view/{galaxyId}: get: summary: "Get galaxy by ID" operationId: getGalaxyById tags: - Galaxies parameters: - $ref: "#/components/parameters/galaxyIdParameter" responses: "200": $ref: "#/components/responses/ExtendedGalaxyResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /galaxies/update: post: summary: "Force update the galaxies with the galaxy json definitions" operationId: updateGalaxies tags: - Galaxies responses: "200": $ref: "#/components/responses/UpdateGalaxiesResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /galaxies/delete/{galaxyId}: delete: summary: "Delete a galaxy" operationId: deleteGalaxy tags: - Galaxies parameters: - $ref: "#/components/parameters/galaxyIdParameter" responses: "200": $ref: "#/components/responses/DeleteGalaxyResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /galaxies/import: post: summary: "Import a galaxy cluster" operationId: importGalaxyCluster tags: - Galaxies requestBody: $ref: "#/components/requestBodies/ImportGalaxyClusterRequest" responses: "200": $ref: "#/components/responses/ImportGalaxyClusterResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /galaxies/export/{galaxyId}: post: summary: "Export galaxy clusters" operationId: exportGalaxyClusters tags: - Galaxies parameters: - $ref: "#/components/parameters/galaxyIdParameter" requestBody: $ref: "#/components/requestBodies/ExportGalaxyClusterRequest" responses: "200": $ref: "#/components/responses/ExportGalaxyClustersResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /galaxies/attachCluster/{attachTargetId}/{attachTargetType}/local:{local}: post: summary: "Attach the galaxy cluster tag a given entity" operationId: attachGalaxyCluster tags: - Galaxies parameters: - $ref: "#/components/parameters/attachTargetIdParameter" - $ref: "#/components/parameters/attachTargetTypeParameter" - $ref: "#/components/parameters/localParameter" requestBody: $ref: "#/components/requestBodies/AttachGalaxyClusterRequest" responses: "200": $ref: "#/components/responses/AttachGalaxyClusterResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /galaxy_clusters/add/{galaxyId}: post: summary: "Add galaxy cluster" operationId: addGalaxyCluster tags: - Galaxy Clusters parameters: - $ref: "#/components/parameters/galaxyIdParameter" requestBody: $ref: "#/components/requestBodies/AddGalaxyClusterRequest" responses: "200": $ref: "#/components/responses/GalaxyClusterResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /galaxy_clusters/edit/{galaxyClusterId}: put: summary: "Edit galaxy cluster" operationId: editGalaxyCluster tags: - Galaxy Clusters parameters: - $ref: "#/components/parameters/galaxyClusterIdParameter" requestBody: $ref: "#/components/requestBodies/EditGalaxyClusterRequest" responses: "200": $ref: "#/components/responses/GalaxyClusterResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /galaxy_clusters/index/{galaxyId}: get: summary: "Get galaxy clusters" operationId: getGalaxyClusters tags: - Galaxy Clusters parameters: - $ref: "#/components/parameters/galaxyIdParameter" responses: "200": $ref: "#/components/responses/GalaxyClusterListResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" post: summary: "Search galaxy clusters" operationId: searchGalaxyClusters tags: - Galaxy Clusters parameters: - $ref: "#/components/parameters/galaxyIdParameter" requestBody: $ref: "#/components/requestBodies/SearchGalaxyClustersRequest" responses: "200": $ref: "#/components/responses/GalaxyClusterListResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /galaxy_clusters/view/{galaxyClusterId}: get: summary: "Get galaxy cluster by ID" operationId: getGalaxyClusterById tags: - Galaxy Clusters parameters: - $ref: "#/components/parameters/galaxyClusterIdParameter" responses: "200": $ref: "#/components/responses/ExtendedGalaxyClusterResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /galaxy_clusters/publish/{galaxyClusterId}: post: summary: "Publish galaxy cluster" operationId: publishGalaxyCluster tags: - Galaxy Clusters parameters: - $ref: "#/components/parameters/galaxyClusterIdParameter" responses: "200": $ref: "#/components/responses/PublishGalaxyClusterResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /galaxy_clusters/unpublish/{galaxyClusterId}: post: summary: "Unpublish galaxy cluster" operationId: unpublishGalaxyCluster tags: - Galaxy Clusters parameters: - $ref: "#/components/parameters/galaxyClusterIdParameter" responses: "200": $ref: "#/components/responses/UnpublishGalaxyClusterResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /galaxy_clusters/delete/{galaxyClusterId}: post: summary: "Delete galaxy cluster" operationId: deleteGalaxyCluster tags: - Galaxy Clusters parameters: - $ref: "#/components/parameters/galaxyClusterIdParameter" responses: "200": $ref: "#/components/responses/DeleteGalaxyClusterResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /galaxy_clusters/restore/{galaxyClusterId}: post: summary: "Restore galaxy cluster" operationId: restoreGalaxyCluster tags: - Galaxy Clusters parameters: - $ref: "#/components/parameters/galaxyClusterIdParameter" responses: "200": $ref: "#/components/responses/RestoreGalaxyClusterResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /users/initiatePasswordReset/{userId}/{firstTimeReset}: post: summary: "Reset user password" operationId: resetUserPassword tags: - Users parameters: - $ref: "#/components/parameters/userIdParameter" - $ref: "#/components/parameters/firstTimeResetParameter" responses: "200": $ref: "#/components/responses/ResetUserPasswordResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /admin/users/add: post: summary: "Add user" operationId: addUser tags: - Users requestBody: $ref: "#/components/requestBodies/AddUserRequest" responses: "200": $ref: "#/components/responses/UserResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /admin/users/edit/{userId}: put: summary: "Edit user" operationId: editUser tags: - Users parameters: - $ref: "#/components/parameters/userIdParameter" requestBody: $ref: "#/components/requestBodies/EditUserRequest" responses: "200": $ref: "#/components/responses/UserResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /admin/users/delete/{userId}: delete: summary: "Delete user" operationId: deleteUser tags: - Users parameters: - $ref: "#/components/parameters/userIdParameter" responses: "200": $ref: "#/components/responses/DeleteUserResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /admin/users: get: summary: "Get users" operationId: getUsers tags: - Users responses: "200": $ref: "#/components/responses/UserListResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /admin/users/view/{userId}: get: summary: "Get user by ID" operationId: getUserById tags: - Users parameters: - $ref: "#/components/parameters/userIdParameter" responses: "200": $ref: "#/components/responses/ExtendedUserResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /users/totp_delete/{userId}: delete: summary: "Delete user TOTP" operationId: deleteUserTotp tags: - Users parameters: - $ref: "#/components/parameters/userIdParameter" responses: "200": $ref: "#/components/responses/DeleteUserTotpResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundUserTotpDeleteResponse" default: $ref: "#/components/responses/ApiErrorResponse" /admin/organisations/add: post: summary: "Add organisation" operationId: addOrganisation tags: - Organisations requestBody: $ref: "#/components/requestBodies/AddOrganisationRequest" responses: "200": $ref: "#/components/responses/OrganisationResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /admin/organisations/edit/{organisationId}: put: summary: "Edit organisation" operationId: editOrganisation tags: - Organisations parameters: - $ref: "#/components/parameters/organisationIdParameter" requestBody: $ref: "#/components/requestBodies/EditOrganisationRequest" responses: "200": $ref: "#/components/responses/OrganisationResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /admin/organisations/delete/{organisationId}: delete: summary: "Delete organisation" operationId: deleteOrganisation tags: - Organisations parameters: - $ref: "#/components/parameters/organisationIdParameter" responses: "200": $ref: "#/components/responses/DeleteOrganisationResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /admin/logs: post: summary: "Get instance logs" operationId: getLogs tags: - Logs requestBody: $ref: "#/components/requestBodies/GetLogsRequest" responses: "200": $ref: "#/components/responses/GetLogsResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /organisations: get: summary: "Get organisations" operationId: getOrganisations tags: - Organisations responses: "200": $ref: "#/components/responses/OrganisationListResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /organisations/view/{organisationId}: get: summary: "Get organisation by ID" operationId: getOrganisationById tags: - Organisations parameters: - $ref: "#/components/parameters/organisationIdParameter" responses: "200": $ref: "#/components/responses/OrganisationResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /servers/add: post: summary: "Add server" operationId: addServer tags: - Servers requestBody: $ref: "#/components/requestBodies/AddServerRequest" responses: "200": $ref: "#/components/responses/ServerResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /servers/edit/{serverId}: put: summary: "Edit server" operationId: editServer tags: - Servers parameters: - $ref: "#/components/parameters/serverIdParameter" requestBody: $ref: "#/components/requestBodies/EditServerRequest" responses: "200": $ref: "#/components/responses/ServerResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /servers/delete/{serverId}: post: summary: "Delete server" operationId: deleteServer tags: - Servers parameters: - $ref: "#/components/parameters/serverIdParameter" responses: "200": $ref: "#/components/responses/DeleteServerResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /servers: get: summary: "Get servers" operationId: getServers tags: - Servers responses: "200": $ref: "#/components/responses/ServerListResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /servers/pull/{serverId}/{pullTechnique}: get: summary: "Pull server" operationId: pullServer tags: - Servers parameters: - $ref: "#/components/parameters/serverIdParameter" - $ref: "#/components/parameters/pullTechniqueParameter" responses: "200": $ref: "#/components/responses/PullServerResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /servers/push/{serverId}/{pushTechnique}: get: summary: "Push server" operationId: pushServer tags: - Servers parameters: - $ref: "#/components/parameters/serverIdParameter" - $ref: "#/components/parameters/pushTechniqueParameter" responses: "200": $ref: "#/components/responses/PushServerResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /servers/getVersion: get: summary: "Get current instance version" operationId: getServerVersion tags: - Servers responses: "200": $ref: "#/components/responses/ServerVersionResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /servers/getPyMISPVersion: get: summary: "Get current instance PyMISP version" operationId: getPyMISPVersion tags: - Servers responses: "200": $ref: "#/components/responses/ServerPyMISPVersionResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /servers/serverSettings: get: summary: "Get current instance settings and diagnostics" operationId: getServerSettings tags: - Servers responses: "200": $ref: "#/components/responses/ServerSettingsResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /servers/getWorkers: get: summary: "Get workers" operationId: getWorkers tags: - Servers responses: "200": $ref: "#/components/responses/GetWorkersResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /servers/startWorker/{workerType}: post: summary: "Start worker" operationId: startWorker tags: - Servers parameters: - $ref: "#/components/parameters/workerTypeParameter" responses: "200": $ref: "#/components/responses/StartWorkerResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /servers/stopWorker/{workerPid}: post: summary: "Stop worker" operationId: stopWorker tags: - Servers parameters: - $ref: "#/components/parameters/workerPidParameter" responses: "200": $ref: "#/components/responses/StopWorkerResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /servers/killAllWorkers: post: summary: "Kill all workers" operationId: killAllWorkers tags: - Servers responses: "200": $ref: "#/components/responses/KillAllWorkersResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /servers/restartWorkers: post: summary: "Restart workers" operationId: restartWorkers tags: - Servers responses: "200": $ref: "#/components/responses/RestartWorkersResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /servers/restartDeadWorkers: post: summary: "Restart dead workers" operationId: restartDeadWorkers tags: - Servers responses: "200": $ref: "#/components/responses/RestartDeadWorkersResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /servers/update: post: summary: "Update server" operationId: updateServer tags: - Servers responses: "200": $ref: "#/components/responses/UpdateServerResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /servers/cache: post: summary: "Cache server" operationId: cacheServer tags: - Servers responses: "200": $ref: "#/components/responses/CacheServerResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /servers/createSync: post: summary: "Create sync" operationId: createSync tags: - Servers responses: "200": $ref: "#/components/responses/CreateSyncResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /servers/getInstanceUUID: get: summary: "Get instance UUID" operationId: getServerUuid tags: - Servers responses: "200": $ref: "#/components/responses/GetInstanceUUIDResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /servers/getSetting/{settingName}: get: summary: "Get server setting by name" operationId: getServerSetting tags: - Servers parameters: - $ref: "#/components/parameters/settingNameParameter" responses: "200": $ref: "#/components/responses/GetServerSettingResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /servers/serverSettingsEdit/{settingName}: post: summary: "Edit server setting" operationId: editServerSetting tags: - Servers parameters: - $ref: "#/components/parameters/settingNameParameter" requestBody: $ref: "#/components/requestBodies/EditServerSettingRequest" responses: "200": $ref: "#/components/responses/EditServerSettingResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /servers/import: post: summary: "Import server" operationId: importServer tags: - Servers requestBody: $ref: "#/components/requestBodies/ImportServerRequest" responses: "200": $ref: "#/components/responses/ServerResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /sharing_groups/add: post: summary: "Add a sharing group" operationId: addSharingGroup tags: - Sharing Groups requestBody: $ref: "#/components/requestBodies/AddSharingGroupRequest" responses: "200": $ref: "#/components/responses/SharingGroupResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /sharing_groups/edit/{sharingGroupId}: post: summary: "Edit a sharing group" operationId: editSharingGroup tags: - Sharing Groups parameters: - $ref: "#/components/parameters/sharingGroupIdParameter" requestBody: $ref: "#/components/requestBodies/EditSharingGroupRequest" responses: "200": $ref: "#/components/responses/SharingGroupResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /sharing_groups/delete/{sharingGroupId}: delete: summary: "Delete a sharing group" operationId: deleteSharingGroup tags: - Sharing Groups parameters: - $ref: "#/components/parameters/sharingGroupIdParameter" responses: "200": $ref: "#/components/responses/DeleteSharingGroupResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /sharing_groups: get: summary: "Get a list of sharing groups" operationId: getSharingGroup tags: - Sharing Groups responses: "200": $ref: "#/components/responses/SharingGroupListResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /sharing_groups/view/{sharingGroupId}: get: summary: "Get a sharing group by ID" operationId: getSharingGroupById tags: - Sharing Groups parameters: - $ref: "#/components/parameters/sharingGroupIdParameter" responses: "200": $ref: "#/components/responses/SharingGroupResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /sharing_groups/addOrg/{sharingGroupId}/{organisationId}: post: summary: "Add an organisation to a sharing group" operationId: addOrganisationToSharingGroup tags: - Sharing Groups parameters: - $ref: "#/components/parameters/sharingGroupIdParameter" - $ref: "#/components/parameters/organisationIdParameter" responses: "200": $ref: "#/components/responses/AddOrganisationToSharingGroupResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /sharing_groups/removeOrg/{sharingGroupId}/{organisationId}: post: summary: "Remove an organisation from a sharing group" operationId: removeOrganisationFromSharingGroup tags: - Sharing Groups parameters: - $ref: "#/components/parameters/sharingGroupIdParameter" - $ref: "#/components/parameters/organisationIdParameter" responses: "200": $ref: "#/components/responses/RemoveOrganisationFromSharingGroupResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /sharing_groups/addServer/{sharingGroupId}/{serverId}: post: summary: "Add a server to a sharing group" operationId: addServerToSharingGroup tags: - Sharing Groups parameters: - $ref: "#/components/parameters/sharingGroupIdParameter" - $ref: "#/components/parameters/serverIdParameter" responses: "200": $ref: "#/components/responses/AddServerToSharingGroupResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /sharing_groups/removeServer/{sharingGroupServerId}/{serverId}: post: summary: "Remove a server from a sharing group" operationId: removeServerFromSharingGroup tags: - Sharing Groups parameters: - $ref: "#/components/parameters/sharingGroupServerIdParameter" - $ref: "#/components/parameters/serverIdParameter" responses: "200": $ref: "#/components/responses/RemoveServerFromSharingGroupResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /feeds: get: summary: "Get a list of feeds" operationId: getFeeds tags: - Feeds responses: "200": $ref: "#/components/responses/FeedListResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /feeds/view/{feedId}: get: summary: "Get a feed by ID" operationId: getFeedById tags: - Feeds parameters: - $ref: "#/components/parameters/feedIdParameter" responses: "200": $ref: "#/components/responses/FeedResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /feeds/add: post: summary: "Add a feed" operationId: addFeed tags: - Feeds requestBody: $ref: "#/components/requestBodies/AddFeedRequest" responses: "200": $ref: "#/components/responses/FeedResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /feeds/edit/{feedId}: put: summary: "Edit a feed" operationId: editFeed tags: - Feeds parameters: - $ref: "#/components/parameters/feedIdParameter" requestBody: $ref: "#/components/requestBodies/EditFeedRequest" responses: "200": $ref: "#/components/responses/FeedResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /feeds/enable/{feedId}: post: summary: "Enable feed" operationId: enableFeed tags: - Feeds parameters: - $ref: "#/components/parameters/feedIdParameter" responses: "200": $ref: "#/components/responses/EnableFeedResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /feeds/disable/{feedId}: post: summary: "Disable feed" operationId: disableFeed tags: - Feeds parameters: - $ref: "#/components/parameters/feedIdParameter" responses: "200": $ref: "#/components/responses/DisableFeedResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /feeds/cacheFeeds/{cacheFeedsScope}: post: summary: "Cache feeds" operationId: cacheFeeds tags: - Feeds parameters: - $ref: "#/components/parameters/cacheFeedsScopeParameter" responses: "200": $ref: "#/components/responses/CacheFeedsResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /feeds/fetchFromFeed/{feedId}: post: summary: "Fetch from feed by ID" operationId: fetchFromFeed tags: - Feeds parameters: - $ref: "#/components/parameters/feedIdParameter" responses: "200": $ref: "#/components/responses/FetchFromFeedResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /feeds/fetchFromAllFeeds: post: summary: "Fetch from all feeds" operationId: fetchFromAllFeeds tags: - Feeds responses: "200": $ref: "#/components/responses/FetchFromAllFeedsResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /warninglists: get: summary: "Get a list of warninglists" operationId: getWarninglists tags: - Warninglists responses: "200": $ref: "#/components/responses/WarninglistListResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" post: summary: "Search warninglists" operationId: searchWarninglists tags: - Warninglists requestBody: $ref: "#/components/requestBodies/WarninglistsSearchRequest" responses: "200": $ref: "#/components/responses/WarninglistListResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /warninglists/toggleEnable: post: summary: "Enable/disable warninglists" operationId: toggleEnableWarninglist tags: - Warninglists requestBody: $ref: "#/components/requestBodies/WarninglistsToggleEnableRequest" responses: "200": $ref: "#/components/responses/WarninglistToggleEnabledResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /warninglists/view/{warninglistId}: get: summary: "Get warninglist by ID" operationId: getWarninglistById tags: - Warninglists parameters: - $ref: "#/components/parameters/warninglistIdParameter" responses: "200": $ref: "#/components/responses/WarninglistResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /warninglists/checkValue: post: summary: "Check if a list of values matches any warninglists" operationId: checkValueWarninglistsMatches tags: - Warninglists requestBody: $ref: "#/components/requestBodies/WarninglistCheckValuesRequest" responses: "200": $ref: "#/components/responses/WarninglistMatchListResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /warninglists/update: post: summary: "Update warninglists" operationId: updateWarninglists tags: - Warninglists responses: "200": $ref: "#/components/responses/UpdateWarninglistsResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /noticelists: get: summary: "Get a list of noticelists" operationId: getNoticelists tags: - Noticelists responses: "200": $ref: "#/components/responses/NoticelistListResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /noticelists/view/{noticelistId}: get: summary: "Get a noticelist by ID" operationId: getNoticelistById tags: - Noticelists parameters: - $ref: "#/components/parameters/noticelistIdParameter" responses: "200": $ref: "#/components/responses/NoticelistResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /noticelists/toggleEnable/{noticelistId}: post: summary: "Enable/disable noticelist" operationId: toggleEnableNoticelist tags: - Noticelists parameters: - $ref: "#/components/parameters/noticelistIdParameter" responses: "200": $ref: "#/components/responses/NoticelistToggleEnableResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /noticelists/update: post: summary: "Update noticelists" operationId: updateNoticelists tags: - Noticelists responses: "200": $ref: "#/components/responses/UpdateNoticelistsResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /objects/restsearch: post: summary: "[restSearch] Get a filtered and paginated list of objects" description: | **This is the recommended endpoint for searching objects.** operationId: restSearchObjects tags: - Objects requestBody: $ref: "#/components/requestBodies/RestSearchObjectsRequest" responses: "200": $ref: "#/components/responses/ObjectsRestSearchResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /objects/add/{eventId}/{objectTemplateId}: post: summary: "Add an object to an event" operationId: addObject tags: - Objects parameters: - $ref: "#/components/parameters/eventIdParameter" - $ref: "#/components/parameters/objectTemplateIdParameter" requestBody: $ref: "#/components/requestBodies/AddObjectRequest" responses: "200": $ref: "#/components/responses/ObjectResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /objects/view/{objectId}: get: summary: "Get object by ID" operationId: getObjectById tags: - Objects parameters: - $ref: "#/components/parameters/objectIdParameter" responses: "200": $ref: "#/components/responses/ExtendedObjectResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /objects/delete/{objectId}/{hardDelete}: delete: summary: "Delete object" operationId: deleteObject tags: - Objects parameters: - $ref: "#/components/parameters/objectIdParameter" - $ref: "#/components/parameters/hardDeleteParameter" responses: "200": $ref: "#/components/responses/DeleteObjectResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /sightings/index/{eventId}: get: summary: "Get sightings by event ID" operationId: getSightingsByEventId tags: - Sightings parameters: - $ref: "#/components/parameters/eventIdParameter" responses: "200": $ref: "#/components/responses/SightingListResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /sightings/add: post: summary: "Add sightings of a list of values" operationId: addSightingByValue tags: - Sightings requestBody: $ref: "#/components/requestBodies/AddSightingsRequest" responses: "200": $ref: "#/components/responses/SightingResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /sightings/add/{attributeId}: post: summary: "Add sighting of an attribute" operationId: addSighting tags: - Sightings parameters: - $ref: "#/components/parameters/attributeIdParameter" responses: "200": $ref: "#/components/responses/SightingResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /sightings/delete/{sightingId}: post: summary: "Delete sighting" operationId: deleteSighting tags: - Sightings parameters: - $ref: "#/components/parameters/sightingIdParameter" responses: "200": $ref: "#/components/responses/DeleteSightingResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /tags: get: summary: "Get tags" operationId: getTags tags: - Tags responses: "200": $ref: "#/components/responses/TagListResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /tags/view/{tagId}: get: summary: "Get tag by ID" operationId: getTagById tags: - Tags parameters: - $ref: "#/components/parameters/tagIdParameter" responses: "200": $ref: "#/components/responses/TagResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /tags/add: post: summary: "Add tag" operationId: addTag tags: - Tags requestBody: $ref: "#/components/requestBodies/AddTagRequest" responses: "200": $ref: "#/components/responses/TagResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /tags/delete/{tagId}: post: summary: "Delete tag" operationId: deleteTag tags: - Tags parameters: - $ref: "#/components/parameters/tagIdParameter" responses: "200": $ref: "#/components/responses/DeleteTagResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /tags/edit/{tagId}: post: summary: "Edit tag" operationId: editTag tags: - Tags parameters: - $ref: "#/components/parameters/tagIdParameter" requestBody: $ref: "#/components/requestBodies/EditTagRequest" responses: "200": $ref: "#/components/responses/EditTagResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /tags/search/{tagSearchTerm}: get: summary: "Search tag" operationId: searchTag tags: - Tags parameters: - $ref: "#/components/parameters/tagSearchTermParameter" responses: "200": $ref: "#/components/responses/SearchTagResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /auth_keys: get: summary: "Get auth keys" operationId: getAuthKeys tags: - AuthKeys responses: "200": $ref: "#/components/responses/GetAuthKeysResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" post: summary: "Search auth keys" operationId: searchAuthKeys tags: - AuthKeys requestBody: $ref: "#/components/requestBodies/GetAuthKeyRequest" responses: "200": $ref: "#/components/responses/GetAuthKeysResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /auth_keys/add/{userId}: post: summary: "Add auth keys" operationId: addAuthKey tags: - AuthKeys parameters: - $ref: "#/components/parameters/userIdParameter" requestBody: $ref: "#/components/requestBodies/AddAuthKeyRequest" responses: "200": $ref: "#/components/responses/AddAuthKeyResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /auth_keys/view/{authKeyId}: get: summary: "View auth key" operationId: getAuthKeyById tags: - AuthKeys parameters: - $ref: "#/components/parameters/authKeyIdParameter" responses: "200": $ref: "#/components/responses/AuthKeyResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /auth_keys/edit/{authKeyId}: post: summary: "Edit auth key" operationId: editAuthKey tags: - AuthKeys parameters: - $ref: "#/components/parameters/authKeyIdParameter" requestBody: $ref: "#/components/requestBodies/EditAuthKeyRequest" responses: "200": $ref: "#/components/responses/AuthKeyResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /auth_keys/delete/{authKeyId}: delete: summary: "Delete auth key" operationId: deleteAuthKey tags: - AuthKeys parameters: - $ref: "#/components/parameters/authKeyIdParameter" responses: "200": $ref: "#/components/responses/DeleteAuthKeyResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /user_settings: get: summary: "Get user settings" operationId: getUserSettings tags: - UserSettings responses: "200": $ref: "#/components/responses/GetUserSettingsResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" post: summary: "Search user settings" operationId: searchUserSettings tags: - UserSettings requestBody: $ref: "#/components/requestBodies/GetUserSettingRequest" responses: "200": $ref: "#/components/responses/GetUserSettingsResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /user_settings/view/{userSettingId}: get: summary: "Get user setting by id" operationId: getUserSettingById tags: - UserSettings parameters: - $ref: "#/components/parameters/userSettingIdParameter" responses: "200": $ref: "#/components/responses/UserSettingResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /user_settings/setSetting/{userId}/{userSettingName}: post: summary: "Set user setting" operationId: setUserSetting tags: - UserSettings parameters: - $ref: "#/components/parameters/userIdParameter" - $ref: "#/components/parameters/userSettingNameParameter" requestBody: $ref: "#/components/requestBodies/SetUserSettingRequest" responses: "200": $ref: "#/components/responses/UserSettingResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /user_settings/getSetting/{userId}/{userSettingName}: get: summary: "Get user setting by id" operationId: getUserSettingByName tags: - UserSettings parameters: - $ref: "#/components/parameters/userIdParameter" - $ref: "#/components/parameters/userSettingNameParameter" responses: "200": $ref: "#/components/responses/UserSettingResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /user_settings/delete/{userSettingId}: delete: summary: "Delete user setting by id" operationId: deleteUserSettingById tags: - UserSettings parameters: - $ref: "#/components/parameters/userSettingIdParameter" responses: "200": $ref: "#/components/responses/DeleteUserSettingResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /taxonomies: get: summary: "Get taxonomies" operationId: getTaxonomies tags: - Taxonomies responses: "200": $ref: "#/components/responses/GetTaxonomiesResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /taxonomies/view/{taxonomyIdParameter}: get: summary: "Get a taxonomy by ID" operationId: getTaxonomyById tags: - Taxonomies responses: "200": $ref: "#/components/responses/TaxonomiesResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /taxonomies/enable/{taxonomyIdParameter}: post: summary: "Enable taxonomy" operationId: enableTaxonomy tags: - Taxonomies responses: "200": $ref: "#/components/responses/EnableTaxonomyResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /taxonomies/disable/{taxonomyIdParameter}: post: summary: "Disable taxonomy" operationId: disableTaxonomy tags: - Taxonomies responses: "200": $ref: "#/components/responses/DisableTaxonomyResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /taxonomies/update: post: summary: "Update taxonomies" operationId: updateTaxonomies tags: - Taxonomies responses: "200": $ref: "#/components/responses/UpdateTaxonomiesResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /taxonomies/taxonomy_tags/{taxonomyIdParameter}: get: summary: "Get a taxonomy extended with tags used in events and attributes." operationId: getTaxonomyTags tags: - Taxonomies responses: "200": $ref: "#/components/responses/GetTaxonomyTagsResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" /taxonomies/export/{taxonomyIdParameter}: get: summary: "Export taxonomy." operationId: exportTaxonomy tags: - Taxonomies responses: "200": $ref: "#/components/responses/ExportTaxonomyTagsResponse" "403": $ref: "#/components/responses/UnauthorizedApiErrorResponse" "404": $ref: "#/components/responses/NotFoundApiErrorResponse" default: $ref: "#/components/responses/ApiErrorResponse" components: schemas: # Analyst Data AnalystDataID: type: string pattern: '^\d+$' maxLength: 10 example: "12345" AnalystDataType: type: string enum: - "Note" - "Opinion" - "Relationship" AnalystObjectType: type: string enum: - "Attribute" - "Event" - "EventReport" - "GalaxyCluster" - "Galaxy" - "Object" - "Note" - "Opinion" - "Relationship" - "Organisation" - "SharingGroup" AnalystDataAuthors: type: string example: "john.doe@admin.test" AnalystNoteNote: type: string example: "Provide more context" AnalystNoteLanguage: type: string description: "RFC5646 Language code" example: "fr-BE" AnalystNoteOpinion: type: number description: "The opinion expressed on a scale from 0 to 100 where values < 50 are negatives, 50 is neutral and values > 50 are positives" format: integer minimum: 0 maximum: 100 example: 70 AnalystData: type: object properties: uuid: $ref: "#/components/schemas/UUID" object_uuid: $ref: "#/components/schemas/UUID" object_type: $ref: "#/components/schemas/AnalystObjectType" authors: $ref: "#/components/schemas/AnalystDataAuthors" org_uuid: $ref: "#/components/schemas/UUID" orgc_uuid: $ref: "#/components/schemas/UUID" created: type: string example: "2024-03-19 11:10:24" modified: type: string example: "2024-03-19 11:10:24" distribution: $ref: "#/components/schemas/DistributionLevelId" sharing_group_id: $ref: "#/components/schemas/SharingGroupId" locked: $ref: "#/components/schemas/IsLocked" AnalystNote: allOf: - type: object properties: note: $ref: "#/components/schemas/AnalystNoteNote" language: $ref: "#/components/schemas/AnalystNoteLanguage" note_type_name: type: string enum: - "Note" - $ref: "#/components/schemas/AnalystData" AnalystOpinion: allOf: - type: object properties: comment: $ref: "#/components/schemas/AnalystNoteNote" opinion: $ref: "#/components/schemas/AnalystNoteOpinion" note_type_name: type: string enum: - "Opinion" - $ref: "#/components/schemas/AnalystData" AnalystRelationship: allOf: - type: object properties: related_object_uuid: $ref: "#/components/schemas/UUID" related_object_type: $ref: "#/components/schemas/AnalystObjectType" relationship_type: type: string example: "related-to" note_type_name: type: string enum: - "Relationship" - $ref: "#/components/schemas/AnalystData" # Attributes AttributeId: type: string pattern: '^\d+$' maxLength: 10 example: "12345" AttributeType: type: string maxLength: 100 enum: - "md5" - "sha1" - "sha256" - "filename" - "pdb" - "filename|md5" - "filename|sha1" - "filename|sha256" - "ip-src" - "ip-dst" - "hostname" - "domain" - "domain|ip" - "email" - "email-src" - "eppn" - "email-dst" - "email-subject" - "email-attachment" - "email-body" - "float" - "git-commit-id" - "url" - "http-method" - "user-agent" - "ja3-fingerprint-md5" - "jarm-fingerprint" - "favicon-mmh3" - "hassh-md5" - "hasshserver-md5" - "regkey" - "regkey|value" - "AS" - "snort" - "bro" - "zeek" - "community-id" - "pattern-in-file" - "pattern-in-traffic" - "pattern-in-memory" - "pattern-filename" - "pgp-public-key" - "pgp-private-key" - "yara" - "stix2-pattern" - "sigma" - "gene" - "kusto-query" - "mime-type" - "identity-card-number" - "cookie" - "vulnerability" - "cpe" - "weakness" - "attachment" - "malware-sample" - "link" - "comment" - "text" - "hex" - "other" - "named pipe" - "mutex" - "process-state" - "target-user" - "target-email" - "target-machine" - "target-org" - "target-location" - "target-external" - "btc" - "dash" - "xmr" - "iban" - "bic" - "bank-account-nr" - "aba-rtn" - "bin" - "cc-number" - "prtn" - "phone-number" - "threat-actor" - "campaign-name" - "campaign-id" - "malware-type" - "uri" - "authentihash" - "vhash" - "ssdeep" - "imphash" - "telfhash" - "pehash" - "impfuzzy" - "sha224" - "sha384" - "sha512" - "sha512/224" - "sha512/256" - "sha3-224" - "sha3-256" - "sha3-384" - "sha3-512" - "tlsh" - "cdhash" - "filename|authentihash" - "filename|vhash" - "filename|ssdeep" - "filename|imphash" - "filename|impfuzzy" - "filename|pehash" - "filename|sha224" - "filename|sha384" - "filename|sha512" - "filename|sha512/224" - "filename|sha512/256" - "filename|sha3-224" - "filename|sha3-256" - "filename|sha3-384" - "filename|sha3-512" - "filename|tlsh" - "windows-scheduled-task" - "windows-service-name" - "windows-service-displayname" - "whois-registrant-email" - "whois-registrant-phone" - "whois-registrant-name" - "whois-registrant-org" - "whois-registrar" - "whois-creation-date" - "x509-fingerprint-sha1" - "x509-fingerprint-md5" - "x509-fingerprint-sha256" - "dns-soa-email" - "size-in-bytes" - "counter" - "datetime" - "port" - "ip-dst|port" - "ip-src|port" - "hostname|port" - "mac-address" - "mac-eui-64" - "email-dst-display-name" - "email-src-display-name" - "email-header" - "email-reply-to" - "email-x-mailer" - "email-mime-boundary" - "email-thread-index" - "email-message-id" - "github-username" - "github-repository" - "github-organisation" - "jabber-id" - "twitter-id" - "dkim" - "dkim-signature" - "first-name" - "middle-name" - "last-name" - "full-name" - "date-of-birth" - "place-of-birth" - "gender" - "passport-number" - "passport-country" - "passport-expiration" - "redress-number" - "nationality" - "visa-number" - "issue-date-of-the-visa" - "primary-residence" - "country-of-residence" - "special-service-request" - "frequent-flyer-number" - "travel-details" - "payment-details" - "place-port-of-original-embarkation" - "place-port-of-clearance" - "place-port-of-onward-foreign-destination" - "passenger-name-record-locator-number" - "mobile-application-id" - "chrome-extension-id" - "cortex" - "boolean" - "anonymised" AttributeValue: type: string maxLength: 131071 example: "127.0.0.1" AttributeCategory: type: string maxLength: 255 enum: - "Internal reference" - "Targeting data" - "Antivirus detection" - "Payload delivery" - "Artifacts dropped" - "Payload installation" - "Persistence mechanism" - "Network activity" - "Payload type" - "Attribution" - "External analysis" - "Financial fraud" - "Support Tool" - "Social network" - "Person" - "Other" AttributeComment: type: string maxLength: 65535 example: "logged source ip" AttributeEventUUID: $ref: "#/components/schemas/UUID" AttributeAttachment: description: "base64 representation of the attachment" type: string format: byte AttributeNoId: type: object properties: event_id: $ref: "#/components/schemas/EventId" object_id: $ref: "#/components/schemas/ObjectId" object_relation: $ref: "#/components/schemas/NullableObjectRelation" category: $ref: "#/components/schemas/AttributeCategory" type: $ref: "#/components/schemas/AttributeType" value: $ref: "#/components/schemas/AttributeValue" to_ids: $ref: "#/components/schemas/ToIDS" uuid: $ref: "#/components/schemas/UUID" timestamp: $ref: "#/components/schemas/NullableTimestamp" distribution: $ref: "#/components/schemas/DistributionLevelId" sharing_group_id: $ref: "#/components/schemas/SharingGroupId" comment: $ref: "#/components/schemas/AttributeComment" deleted: $ref: "#/components/schemas/SoftDeletedFlag" disable_correlation: $ref: "#/components/schemas/DisableCorrelationFlag" first_seen: $ref: "#/components/schemas/NullableMicroTimestamp" last_seen: $ref: "#/components/schemas/NullableMicroTimestamp" Attribute: allOf: - type: object properties: id: $ref: "#/components/schemas/AttributeId" - $ref: "#/components/schemas/AttributeNoId" ExtendedAttribute: allOf: - $ref: "#/components/schemas/Attribute" - type: object properties: data: $ref: "#/components/schemas/AttributeAttachment" event_uuid: $ref: "#/components/schemas/UUID" decay_score: $ref: "#/components/schemas/DecayScoreList" AttributeList: type: array items: $ref: "#/components/schemas/Attribute" AttributeRestSearchListItem: allOf: - $ref: "#/components/schemas/ExtendedAttribute" - type: object properties: Event: $ref: "#/components/schemas/Event" Object: $ref: "#/components/schemas/Object" Tag: $ref: "#/components/schemas/TagList" AttributeRestSearchList: type: array items: $ref: "#/components/schemas/AttributeRestSearchListItem" AttributeStatisticsResponse: description: Dictionary of attribute types/categories showing the ammount of occurences/percentage. type: object example: - "Antivirus detection": "10" - "Artifacts dropped": "20" DescribeAttributeTypesResponse: description: "Lists available attribute types, default categories and category-type mappings." type: object properties: sane_defaults: type: object example: md5: default_category: "Payload delivery" to_ids: 1 pdb: default_category: "Artifacts dropped" to_ids: 0 types: type: array items: $ref: "#/components/schemas/AttributeType" categories: type: array items: $ref: "#/components/schemas/AttributeCategory" category_type_mappings: type: object example: "Internal reference": - "text" - "link" - "comment" - "other" "Antivirus detection": - "link" - "comment" - "text" - "hex" - "other" AttributeRestSearchFilter: type: object properties: page: $ref: "#/components/schemas/PageSearchFilter" limit: $ref: "#/components/schemas/LimitSearchFilter" value: $ref: "#/components/schemas/AttributeValue" value1: $ref: "#/components/schemas/AttributeValue" value2: $ref: "#/components/schemas/AttributeValue" type: $ref: "#/components/schemas/AttributeType" category: $ref: "#/components/schemas/AttributeCategory" org: oneOf: - $ref: "#/components/schemas/OrganisationId" - $ref: "#/components/schemas/OrganisationName" tags: $ref: "#/components/schemas/TagsRestSearchFilter" from: $ref: "#/components/schemas/DateRestSearchFilter" to: $ref: "#/components/schemas/DateRestSearchFilter" last: $ref: "#/components/schemas/LastRestSearchFilter" eventid: $ref: "#/components/schemas/EventId" withAttachments: $ref: "#/components/schemas/WithAttachmentsRestSearchFilter" uuid: $ref: "#/components/schemas/UUID" publish_timestamp: $ref: "#/components/schemas/Timestamp" published: $ref: "#/components/schemas/PublishedFlag" timestamp: $ref: "#/components/schemas/Timestamp" attribute_timestamp: $ref: "#/components/schemas/Timestamp" enforceWarninglist: $ref: "#/components/schemas/EnforceWarninglistRestSearchFilter" to_ids: $ref: "#/components/schemas/ToIDSRestSearchFlag" deleted: $ref: "#/components/schemas/SoftDeletedFlagValuesToInclude" event_timestamp: $ref: "#/components/schemas/Timestamp" threat_level_id: $ref: "#/components/schemas/ThreatLevelId" eventinfo: description: "Quick event description" type: string sharinggroup: $ref: "#/components/schemas/SharingGroupIDRestSearchFilter" decayingModel: $ref: "#/components/schemas/DecayingModelRestSearchFilter" score: $ref: "#/components/schemas/DecayingModelScoreRestSearchFilter" first_seen: description: "Seen within the last x amount of time, where x can be defined in days, hours, minutes (for example 5d or 12h or 30m)" type: string last_seen: description: "Seen within the last x amount of time, where x can be defined in days, hours, minutes (for example 5d or 12h or 30m)" type: string includeEventUuid: $ref: "#/components/schemas/IncludeEventUUIDRestSearchFlag" includeEventTags: $ref: "#/components/schemas/IncludeEventTagsRestSearchFlag" includeProposals: $ref: "#/components/schemas/IncludeProposalsRestSearchFlag" requested_attributes: $ref: "#/components/schemas/RequestedAttributesRestSearchFilter" includeContext: $ref: "#/components/schemas/IncludeContextRestSearchFlag" headerless: $ref: "#/components/schemas/HeaderlessRestSearchFlag" includeWarninglistHits: $ref: "#/components/schemas/IncludeWarninglistHitsRestSearchFlag" attackGalaxy: $ref: "#/components/schemas/AttackGalaxyRestSearchFilter" object_relation: $ref: "#/components/schemas/ObjectRelationRestSearchFilter" includeSightings: $ref: "#/components/schemas/IncludeSightingDbRestSearchFlag" includeCorrelations: $ref: "#/components/schemas/IncludeCorrelationsRestSearchFlag" modelOverrides: $ref: "#/components/schemas/ModelOverridesRestSearchFilter" includeDecayScore: $ref: "#/components/schemas/IncludeDecayScoreRestSearchFlag" includeFullModel: $ref: "#/components/schemas/IncludeFullModelRestSearchFlag" excludeDecayed: $ref: "#/components/schemas/ExcludeDecayedRestSearchFlag" returnFormat: $ref: "#/components/schemas/AttributesRestSearchReturnFormat" # Decay Models DecayingModelParameters: type: object properties: lifetime: type: number format: float example: 3 decay_speed: type: number format: float example: 2.3 threshold: type: number format: float example: 30 default_base_score: type: number format: float example: 80 base_score_config: type: object example: estimative-language:confidence-in-analytic-judgment: 0.25 estimative-language:likelihood-probability: 0.25 phishing:psychological-acceptability: 0.25 phishing:state: 0.20 DecayingModel: type: object properties: id: type: string pattern: '^\d+$' maxLength: 10 example: "12345" name: type: string maxLength: 255 example: "Phishing model" FullDecayingModel: description: "Present if the `includeFullModel` flag was set to *true* in the rest search request" type: object properties: id: type: string pattern: '^\d+$' maxLength: 10 example: "12345" uuid: $ref: "#/components/schemas/UUID" name: type: string maxLength: 255 example: "Phishing model" description: type: string maxLength: 65535 example: "Simple model to rapidly decay phishing website." parameters: $ref: "#/components/schemas/DecayingModelParameters" attribute_types: type: array items: $ref: "#/components/schemas/AttributeType" org_id: $ref: "#/components/schemas/OrganisationId" enabled: type: boolean all_orgs: type: boolean ref: type: array items: type: string example: "https://arxiv.org/abs/1902.03914" formula: type: string enum: - Polynomial version: type: string example: "2" default: type: boolean isEditable: type: boolean DecayScore: type: object properties: score: type: number format: float example: 10.5 base_score: type: number format: float example: 80 decayed: type: boolean DecayingModel: oneOf: - $ref: "#/components/schemas/DecayingModel" - $ref: "#/components/schemas/FullDecayingModel" DecayScoreList: type: array items: $ref: "#/components/schemas/DecayScore" # Events EventId: type: string pattern: '^\d+$' maxLength: 10 example: "12345" EventInfo: type: string maxLength: 65535 example: "logged source ip" EventAttributeCount: type: string pattern: '^\d+$' example: "321" EventProposalEmailLock: type: boolean EventOrganisation: type: object properties: id: $ref: "#/components/schemas/OrganisationId" name: $ref: "#/components/schemas/OrganisationName" uuid: $ref: "#/components/schemas/UUID" EventTagId: type: string pattern: '^\d+$' maxLength: 10 example: "12345" EventTag: type: object properties: id: $ref: "#/components/schemas/EventTagId" event_id: $ref: "#/components/schemas/EventId" tag_id: $ref: "#/components/schemas/TagId" local: $ref: "#/components/schemas/IsLocal" Tag: $ref: "#/components/schemas/Tag" EventTagList: type: array items: $ref: "#/components/schemas/EventTag" EventReportId: type: string pattern: '^\d+$' maxLength: 10 example: "12345" EventReportName: type: string maxLength: 65535 example: "Report of the incident" EventReportValue: type: string EventReport: allOf: - type: object properties: id: $ref: "#/components/schemas/EventReportId" - $ref: "#/components/schemas/EventReportNoId" EventReportNoId: type: object properties: uuid: $ref: "#/components/schemas/UUID" event_id: $ref: "#/components/schemas/EventId" name: $ref: "#/components/schemas/EventReportName" content: $ref: "#/components/schemas/EventReportValue" distribution: $ref: "#/components/schemas/DistributionLevelId" sharing_group_id: $ref: "#/components/schemas/SharingGroupId" timestamp: $ref: "#/components/schemas/NullableTimestamp" deleted: $ref: "#/components/schemas/SoftDeletedFlag" EventNoId: type: object properties: org_id: $ref: "#/components/schemas/OrganisationId" distribution: $ref: "#/components/schemas/DistributionLevelId" info: $ref: "#/components/schemas/EventInfo" orgc_id: $ref: "#/components/schemas/OrganisationId" uuid: $ref: "#/components/schemas/UUID" date: type: string example: "1991-01-15" published: $ref: "#/components/schemas/PublishedFlag" analysis: $ref: "#/components/schemas/AnalysisLevelId" attribute_count: $ref: "#/components/schemas/EventAttributeCount" timestamp: $ref: "#/components/schemas/NullableTimestamp" sharing_group_id: $ref: "#/components/schemas/SharingGroupId" proposal_email_lock: $ref: "#/components/schemas/EventProposalEmailLock" locked: $ref: "#/components/schemas/IsLocked" threat_level_id: $ref: "#/components/schemas/ThreatLevelId" publish_timestamp: $ref: "#/components/schemas/Timestamp" sighting_timestamp: $ref: "#/components/schemas/Timestamp" disable_correlation: $ref: "#/components/schemas/DisableCorrelationFlag" extends_uuid: $ref: "#/components/schemas/ExtendsUUID" event_creator_email: type: string format: email Event: allOf: - type: object properties: id: $ref: "#/components/schemas/EventId" - $ref: "#/components/schemas/EventNoId" ExtendedEvent: allOf: - $ref: "#/components/schemas/Event" - type: object properties: Feed: $ref: "#/components/schemas/Feed" Org: $ref: "#/components/schemas/EventOrganisation" Orgc: $ref: "#/components/schemas/EventOrganisation" Attribute: $ref: "#/components/schemas/AttributeList" ShadowAttribute: $ref: "#/components/schemas/AttributeList" RelatedEvent: type: array items: type: object properties: Event: $ref: "#/components/schemas/ExtendedEvent" Galaxy: type: array items: $ref: "#/components/schemas/Galaxy" Object: type: array items: $ref: "#/components/schemas/Object" EventReport: type: array items: $ref: "#/components/schemas/EventReport" Tag: $ref: "#/components/schemas/TagList" CreatedEvent: type: object properties: Event: allOf: - $ref: "#/components/schemas/ExtendedEvent" - type: object properties: event_creator_email: type: string format: email Galaxy: type: array items: $ref: "#/components/schemas/Galaxy" Object: type: array items: $ref: "#/components/schemas/Object" EventReport: type: array items: $ref: "#/components/schemas/EventReport" UpdatedEvent: type: object properties: Event: allOf: - $ref: "#/components/schemas/ExtendedEvent" - type: object properties: event_creator_email: type: string format: email Galaxy: type: array items: $ref: "#/components/schemas/Galaxy" Object: type: array items: $ref: "#/components/schemas/Object" EventReport: type: array items: $ref: "#/components/schemas/EventReport" Tag: type: array items: $ref: "#/components/schemas/Tag" SlimEvent: type: object properties: id: $ref: "#/components/schemas/EventId" timestamp: $ref: "#/components/schemas/Timestamp" sighting_timestamp: $ref: "#/components/schemas/Timestamp" published: $ref: "#/components/schemas/PublishedFlag" uuid: $ref: "#/components/schemas/UUID" orgc_uuid: $ref: "#/components/schemas/UUID" required: - id - timestamp - sighting_timestamp - published - uuid - orgc_uuid EventList: type: array items: $ref: "#/components/schemas/Event" ExtendedEventList: type: array items: $ref: "#/components/schemas/ExtendedEvent" SlimEventList: type: array items: $ref: "#/components/schemas/SlimEvent" EventRestSearchList: type: array items: type: object properties: Event: type: object allOf: - $ref: "#/components/schemas/ExtendedEvent" - type: object properties: Event: $ref: "#/components/schemas/SlimEvent" # Objects ObjectId: type: string pattern: '^\d+$' maxLength: 10 example: "12345" ObjectName: type: string maxLength: 131071 example: "ail-leak" ObjectMetaCategory: type: string ObjectDescription: type: string ObjectTemplateVersion: type: string pattern: '^\d+$' example: "1" ObjectRelation: type: string maxLength: 255 example: "sensor" NullableObjectRelation: nullable: true type: string maxLength: 255 example: "sensor" Object: type: object properties: id: $ref: "#/components/schemas/ObjectId" name: $ref: "#/components/schemas/ObjectName" meta-category: $ref: "#/components/schemas/ObjectMetaCategory" description: $ref: "#/components/schemas/ObjectDescription" template_uuid: $ref: "#/components/schemas/UUID" template_version: $ref: "#/components/schemas/ObjectTemplateVersion" event_id: $ref: "#/components/schemas/EventId" uuid: $ref: "#/components/schemas/UUID" timestamp: $ref: "#/components/schemas/Timestamp" distribution: $ref: "#/components/schemas/DistributionLevelId" sharing_group_id: $ref: "#/components/schemas/SharingGroupId" comment: type: string deleted: type: boolean first_seen: $ref: "#/components/schemas/NullableMicroTimestamp" last_seen: $ref: "#/components/schemas/NullableMicroTimestamp" Attribute: type: array items: $ref: "#/components/schemas/Attribute" ExtendedObject: allOf: - $ref: "#/components/schemas/Object" - type: object properties: Event: type: object properties: id: $ref: "#/components/schemas/EventId" info: $ref: "#/components/schemas/EventInfo" org_id: $ref: "#/components/schemas/OrganisationId" orgc_id: $ref: "#/components/schemas/OrganisationId" ObjectTemplateId: type: string pattern: '^\d+$' maxLength: 10 example: "12345" ObjectRestSearchList: type: object properties: Object: $ref: "#/components/schemas/Object" ObjectRestSearchFilter: type: object properties: page: $ref: "#/components/schemas/PageSearchFilter" limit: $ref: "#/components/schemas/LimitSearchFilter" quickFilter: $ref: "#/components/schemas/SearchAllRestSearchFilter" searchall: $ref: "#/components/schemas/SearchAllRestSearchFilter" timestamp: $ref: "#/components/schemas/Timestamp" object_name: $ref: "#/components/schemas/ObjectName" object_template_uuid: $ref: "#/components/schemas/UUID" object_template_version: $ref: "#/components/schemas/ObjectTemplateVersion" eventid: $ref: "#/components/schemas/EventId" eventinfo: $ref: "#/components/schemas/EventInfo" ignore: description: "If true matches both true and false values for `to_ids` and `published`" type: boolean default: false from: $ref: "#/components/schemas/DateRestSearchFilter" to: $ref: "#/components/schemas/DateRestSearchFilter" date: $ref: "#/components/schemas/DateRestSearchFilter" tags: $ref: "#/components/schemas/TagsRestSearchFilter" last: $ref: "#/components/schemas/LastRestSearchFilter" event_timestamp: $ref: "#/components/schemas/Timestamp" publish_timestamp: $ref: "#/components/schemas/Timestamp" org: oneOf: - $ref: "#/components/schemas/OrganisationId" - $ref: "#/components/schemas/OrganisationName" uuid: $ref: "#/components/schemas/UUID" value: $ref: "#/components/schemas/AttributeValue" type: $ref: "#/components/schemas/AttributeType" category: $ref: "#/components/schemas/AttributeCategory" object_relation: $ref: "#/components/schemas/ObjectRelationRestSearchFilter" attribute_timestamp: $ref: "#/components/schemas/Timestamp" first_seen: $ref: "#/components/schemas/NullableMicroTimestamp" last_seen: $ref: "#/components/schemas/NullableMicroTimestamp" comment: $ref: "#/components/schemas/AttributeComment" to_ids: $ref: "#/components/schemas/ToIDSRestSearchFlag" published: $ref: "#/components/schemas/PublishedFlag" deleted: $ref: "#/components/schemas/SoftDeletedFlag" withAttachments: $ref: "#/components/schemas/WithAttachmentsRestSearchFilter" enforceWarninglist: $ref: "#/components/schemas/EnforceWarninglistRestSearchFilter" includeAllTags: $ref: "#/components/schemas/IncludeAllTagsRestSearchFilter" includeEventUuid: $ref: "#/components/schemas/IncludeEventUUIDRestSearchFlag" include_event_uuid: $ref: "#/components/schemas/IncludeEventUUIDRestSearchFlag" includeEventTags: $ref: "#/components/schemas/IncludeEventTagsRestSearchFlag" includeProposals: $ref: "#/components/schemas/IncludeProposalsRestSearchFlag" includeWarninglistHits: $ref: "#/components/schemas/IncludeWarninglistHitsRestSearchFlag" includeContext: $ref: "#/components/schemas/IncludeContextRestSearchFlag" includeSightings: $ref: "#/components/schemas/IncludeContextRestSearchFlag" includeSightingdb: $ref: "#/components/schemas/IncludeSightingDbRestSearchFlag" includeCorrelations: $ref: "#/components/schemas/IncludeCorrelationsRestSearchFlag" includeDecayScore: $ref: "#/components/schemas/IncludeDecayScoreRestSearchFlag" includeFullModel: $ref: "#/components/schemas/IncludeFullModelRestSearchFlag" allow_proposal_blocking: $ref: "#/components/schemas/AllowProposalBlockingRestSearchFlag" metadata: $ref: "#/components/schemas/MetadataRestSearchFilter" attackGalaxy: $ref: "#/components/schemas/AttackGalaxyRestSearchFilter" excludeDecayed: $ref: "#/components/schemas/ExcludeDecayedRestSearchFlag" decayingModel: $ref: "#/components/schemas/DecayingModelRestSearchFilter" modelOverrides: $ref: "#/components/schemas/ModelOverridesRestSearchFilter" score: $ref: "#/components/schemas/DecayingModelScoreRestSearchFilter" returnFormat: $ref: "#/components/schemas/ObjectsRestSearchReturnFormat" # Sightings SightingId: type: string pattern: '^\d+$' maxLength: 10 example: "12345" Sighting: type: object properties: id: $ref: "#/components/schemas/SightingId" attribute_id: $ref: "#/components/schemas/AttributeId" event_id: $ref: "#/components/schemas/EventId" org_id: $ref: "#/components/schemas/OrganisationId" date_sighting: $ref: "#/components/schemas/Timestamp" uuid: $ref: "#/components/schemas/UUID" source: type: string type: type: string attribute_uuid: $ref: "#/components/schemas/UUID" Organisation: type: object properties: id: $ref: "#/components/schemas/OrganisationId" uuid: $ref: "#/components/schemas/UUID" name: $ref: "#/components/schemas/OrganisationName" # Galaxies GalaxyId: type: string pattern: '^\d+$' maxLength: 10 example: "12345" GalaxyName: type: string maxLength: 255 example: "Ransomware" GalaxyType: type: string maxLength: 255 example: "ransomware" GalaxyDescription: type: string maxLength: 65535 example: "Ransomware galaxy based on ..." GalaxyVersion: type: string maxLength: 255 example: "1" GalaxyNamespace: type: string maxLength: 255 example: "misp" Galaxy: type: object properties: id: $ref: "#/components/schemas/GalaxyId" uuid: $ref: "#/components/schemas/UUID" name: $ref: "#/components/schemas/GalaxyName" type: $ref: "#/components/schemas/GalaxyType" description: $ref: "#/components/schemas/GalaxyDescription" version: $ref: "#/components/schemas/GalaxyVersion" icon: $ref: "#/components/schemas/Icon" namespace: $ref: "#/components/schemas/GalaxyNamespace" kill_chain_order: type: object nullable: true example: fraud-tactics: - "Initiation" - "Target Compromise" - "Perform Fraud" - "Obtain Fraudulent Assets" - "Assets Transfer" - "Monetisation" GalaxyClusterId: type: string pattern: '^\d+$' maxLength: 10 example: "12345" GalaxyClusterValue: type: string maxLength: 65535 example: "Brute Force - T1110" GalaxyClusterType: type: string maxLength: 255 example: "mitre-enterprise-attack-attack-pattern" GalaxyClusterDescription: type: string maxLength: 65535 example: "Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained..." GalaxyClusterSource: type: string maxLength: 255 example: "https://github.com/mitre/cti" GalaxyClusterAuthors: type: array items: type: string example: "MITRE" GalaxyClusterVersion: type: string nullable: true maxLength: 255 example: "1" GalaxyElementId: type: string pattern: '^\d+$' maxLength: 10 example: "12345" GalaxyElementKey: type: string maxLength: 255 example: "categories" GalaxyElementValue: type: string maxLength: 65535 example: "Military" GalaxyElement: type: object properties: id: $ref: "#/components/schemas/GalaxyElementId" galaxy_cluster_id: $ref: "#/components/schemas/GalaxyClusterId" key: $ref: "#/components/schemas/GalaxyElementKey" value: $ref: "#/components/schemas/GalaxyElementValue" GalaxyElementList: type: array items: $ref: "#/components/schemas/GalaxyElement" GalaxyClusterRelationList: type: array items: $ref: "#/components/schemas/GalaxyElement" GalaxyClusterNoId: type: object properties: uuid: $ref: "#/components/schemas/UUID" collection_uuid: $ref: "#/components/schemas/UUID" type: $ref: "#/components/schemas/GalaxyClusterType" value: $ref: "#/components/schemas/GalaxyClusterValue" tag_name: $ref: "#/components/schemas/TagName" description: $ref: "#/components/schemas/GalaxyClusterDescription" galaxy_id: $ref: "#/components/schemas/GalaxyId" source: $ref: "#/components/schemas/GalaxyClusterSource" authors: $ref: "#/components/schemas/GalaxyClusterAuthors" version: $ref: "#/components/schemas/GalaxyClusterVersion" distribution: $ref: "#/components/schemas/DistributionLevelId" sharing_group_id: $ref: "#/components/schemas/SharingGroupId" org_id: $ref: "#/components/schemas/OrganisationId" orgc_id: $ref: "#/components/schemas/OrganisationId" default: $ref: "#/components/schemas/IsDefault" locked: $ref: "#/components/schemas/IsLocked" extends_uuid: $ref: "#/components/schemas/ExtendsUUID" extends_version: $ref: "#/components/schemas/GalaxyClusterVersion" published: $ref: "#/components/schemas/PublishedFlag" deleted: $ref: "#/components/schemas/SoftDeletedFlag" GalaxyElement: type: array items: $ref: "#/components/schemas/GalaxyElement" GalaxyCluster: description: "MISP galaxy is a simple method to express a large object called cluster that can be attached to MISP events or attributes." allOf: - type: object properties: id: $ref: "#/components/schemas/GalaxyClusterId" - $ref: "#/components/schemas/GalaxyClusterNoId" ExtendedGalaxyCluster: description: "A galaxy cluster with all it's details." allOf: - $ref: "#/components/schemas/GalaxyCluster" - type: object properties: Galaxy: $ref: "#/components/schemas/Galaxy" GalaxyClusterRelation: $ref: "#/components/schemas/GalaxyClusterRelationList" Org: $ref: "#/components/schemas/Organisation" Orgc: $ref: "#/components/schemas/Organisation" tag_count: type: integer format: int32 tag_id: $ref: "#/components/schemas/TagId" ExtendedGalaxy: description: "A galaxy with it's galaxy cluster details." allOf: - type: object properties: Galaxy: $ref: "#/components/schemas/Galaxy" GalaxyCluster: type: array items: $ref: "#/components/schemas/GalaxyCluster" GalaxyMispFormat: description: "Galaxy and clusters representation in misp-galaxy format." type: object properties: name: $ref: "#/components/schemas/GalaxyName" type: $ref: "#/components/schemas/GalaxyType" authors: $ref: "#/components/schemas/GalaxyClusterAuthors" version: oneOf: - type: boolean - $ref: "#/components/schemas/GalaxyClusterVersion" uuid: $ref: "#/components/schemas/UUID" source: $ref: "#/components/schemas/GalaxyClusterSource" values: type: array items: type: object properties: description: $ref: "#/components/schemas/GalaxyClusterDescription" uuid: $ref: "#/components/schemas/UUID" value: $ref: "#/components/schemas/GalaxyClusterValue" extends_uuid: $ref: "#/components/schemas/ExtendsUUID" extends_Version: $ref: "#/components/schemas/GalaxyClusterVersion" meta: description: "Each Galaxy element associated to this cluster represents a key-value property." type: object example: - categories: "botnet" - refs: "http://example.com" - aliases: - "malware" - "win32" - "windows" - topics: - "Windows" - "Malware" GalaxyValueSearchFilter: description: "Text search term to find a matching galaxy name, namespace, description, kill_chain_order or uuid." type: string example: "botnet" ImportGalaxyClusterItem: type: object properties: GalaxyCluster: $ref: "#/components/schemas/GalaxyClusterNoId" Galaxy: type: object properties: uuid: $ref: "#/components/schemas/UUID" # Tags TagId: type: string pattern: '^\d+$' maxLength: 10 example: "12345" TagName: type: string example: "tlp:white" maxLength: 255 TagColour: type: string example: "#ffffff" maxLength: 7 TagNumericalValue: type: string nullable: true pattern: '^\d+$' example: "12345" HideTagFlag: type: boolean default: false TagNoId: type: object properties: name: $ref: "#/components/schemas/TagName" colour: $ref: "#/components/schemas/TagColour" exportable: $ref: "#/components/schemas/IsExportable" org_id: $ref: "#/components/schemas/OrganisationId" user_id: $ref: "#/components/schemas/UserId" hide_tag: $ref: "#/components/schemas/HideTagFlag" numerical_value: $ref: "#/components/schemas/TagNumericalValue" is_galaxy: $ref: "#/components/schemas/IsGalaxy" is_custom_galaxy: $ref: "#/components/schemas/IsCustomGalaxy" inherited: $ref: "#/components/schemas/IsInherited" Tag: description: "A tag is a simple method to classify an event with a simple string. The tag name can be freely chosen. The tag name can be also chosen from a fixed machine-tag vocabulary called MISP taxonomies" allOf: - type: object properties: id: $ref: "#/components/schemas/TagId" - $ref: "#/components/schemas/TagNoId" TagList: type: array items: $ref: "#/components/schemas/Tag" TagCollectionId: type: string pattern: '^\d+$' maxLength: 10 example: "12345" ExtendedTag: type: object properties: Tag: $ref: "#/components/schemas/Tag" Taxonomy: $ref: "#/components/schemas/Taxonomy" TaxonomyPredicate: $ref: "#/components/schemas/TaxonomyPredicate" # Taxonomies TaxonomyId: type: string pattern: '^\d+$' maxLength: 10 example: "12345" TaxonomyPredicateId: type: string pattern: '^\d+$' maxLength: 10 example: "12345" TaxonomyNamespace: type: string example: "tlp" TaxonomyDescription: type: string example: "Disclosure is not limited. Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction." TaxonomyVersion: type: string pattern: '^\d+$' example: "5" Taxonomy: type: object properties: id: $ref: "#/components/schemas/TaxonomyId" namespace: $ref: "#/components/schemas/TaxonomyNamespace" description: $ref: "#/components/schemas/TaxonomyDescription" version: $ref: "#/components/schemas/TaxonomyVersion" enabled: type: boolean exclusive: type: boolean required: type: boolean TaxonomyPredicateValue: type: string example: "white" TaxonomyPredicateExpanded: type: string example: "(TLP:WHITE) Information can be shared publicly in accordance with the law." TaxonomyPredicateDescription: type: string example: "Disclosure is not limited. Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction." TaxonomyPredicate: type: object properties: id: $ref: "#/components/schemas/TaxonomyPredicateId" taxonomy_id: $ref: "#/components/schemas/TaxonomyId" value: $ref: "#/components/schemas/TaxonomyPredicateValue" expanded: $ref: "#/components/schemas/TaxonomyPredicateExpanded" colour: type: string example: "#ffffff" description: $ref: "#/components/schemas/TaxonomyPredicateDescription" exclusive: type: boolean numerical_value: type: integer nullable: true TaxonomyPredicateExport: type: object properties: value: $ref: "#/components/schemas/TaxonomyPredicateValue" expanded: $ref: "#/components/schemas/TaxonomyPredicateExpanded" TaxonomyEntryExport: type: object properties: value: type: string example: "spam" expanded: type: string example: "spam" description: type: string example: "Spam or ‘unsolicited bulk e-mail’, meaning that the recipient has not granted verifiable permission for the message to be sent and that the message is sent as part of a larger collection of messages, all having identical content." TaxonomyValueExport: type: object properties: predicate: $ref: "#/components/schemas/TaxonomyPredicateValue" entry: type: array items: $ref: "#/components/schemas/TaxonomyEntryExport" TaxonomyEntry: type: object properties: tag: $ref: "#/components/schemas/TagName" expanded: type: string description: type: string exclusive_predicate: type: boolean existing_tag: type: boolean ExtendedTaxonomyEntry: allOf: - $ref: "#/components/schemas/UserNoId" - type: object properties: events: type: number attributes: type: number # Users UserId: type: string pattern: '^\d+$' maxLength: 10 example: "12345" DashboardUserSetting: type: object properties: widget: type: string example: "MispStatusWidget" position: type: object properties: x: type: string pattern: '^\d+$' example: "0" y: type: string pattern: '^\d+$' example: "0" width: type: string pattern: '^\d+$' example: "2" height: type: string pattern: '^\d+$' example: "2" PublishAlertFilterUserSetting: type: object example: - "AND": - "NOT": - "EventTag.name": - "%osint%" - "OR": - "Tag.name": - "tlp:green" - "tlp:amber" - "tlp:red" - "%privint%" DashboardAccessUserSetting: type: boolean HomepageUserSetting: type: object properties: path: type: string example: "/events/index" DefaultRestSearchParametersUserSetting: type: object example: - "AND": - "NOT": - "EventTag.name": - "%osint%" - "OR": - "Tag.name": - "tlp:green" - "tlp:amber" - "tlp:red" - "%privint%" TagNumbericalValueOverrideUserSetting: type: object example: - "false-positive:risk='medium'": 99 EventIndexHideColumnsUserSetting: type: array items: type: string example: "clusters" UserSettingId: type: string pattern: '^\d+$' maxLength: 10 example: "12345" UserSettingName: type: string enum: - "publish_alert_filter" - "dashboard_access" - "dashboard" - "homepage" - "default_restsearch_parameters" - "tag_numerical_value_override" - "event_index_hide_columns" UserSetting: type: object properties: id: $ref: "#/components/schemas/UserSettingId" setting: $ref: "#/components/schemas/UserSettingName" value: anyOf: - $ref: "#/components/schemas/DashboardUserSetting" - $ref: "#/components/schemas/PublishAlertFilterUserSetting" - $ref: "#/components/schemas/DashboardAccessUserSetting" - $ref: "#/components/schemas/HomepageUserSetting" - $ref: "#/components/schemas/DefaultRestSearchParametersUserSetting" - $ref: "#/components/schemas/TagNumbericalValueOverrideUserSetting" - $ref: "#/components/schemas/EventIndexHideColumnsUserSetting" user_id: $ref: "#/components/schemas/UserId" timestamp: $ref: "#/components/schemas/Timestamp" ViewUserSettings: type: object properties: publish_alert_filter: $ref: "#/components/schemas/PublishAlertFilterUserSetting" dashboard_access: $ref: "#/components/schemas/DashboardAccessUserSetting" dashboard: type: array items: $ref: "#/components/schemas/DashboardUserSetting" homepage: $ref: "#/components/schemas/HomepageUserSetting" default_restsearch_parameters: $ref: "#/components/schemas/DefaultRestSearchParametersUserSetting" tag_numerical_value_override: $ref: "#/components/schemas/TagNumbericalValueOverrideUserSetting" event_index_hide_columns: $ref: "#/components/schemas/EventIndexHideColumnsUserSetting" UserNoId: type: object properties: org_id: $ref: "#/components/schemas/OrganisationId" server_id: $ref: "#/components/schemas/ServerId" email: type: string format: email autoalert: type: boolean authkey: description: "API auth key used for the API, only set if MISP setting `Security.advanced_authkeys` is set to `false`." nullable: true type: string minLength: 40 maxLength: 40 example: "894c8d095180c7ea28789092e96ca6424199aa4f" invited_by: $ref: "#/components/schemas/UserId" gpgkey: type: string nullable: true certif_public: type: string nullable: true nids_sid: type: string pattern: '^\d+$' maxLength: 10 example: "4000000" termsaccepted: type: boolean newsread: $ref: "#/components/schemas/Timestamp" role_id: $ref: "#/components/schemas/RoleId" change_pw: description: "Password change required." type: string enum: - "0" - "1" contactalert: type: boolean disabled: type: boolean expiration: type: string format: date-time nullable: true current_login: $ref: "#/components/schemas/Timestamp" last_login: $ref: "#/components/schemas/Timestamp" force_logout: type: boolean date_created: $ref: "#/components/schemas/Timestamp" date_modified: $ref: "#/components/schemas/Timestamp" User: allOf: - type: object properties: id: $ref: "#/components/schemas/UserId" - $ref: "#/components/schemas/UserNoId" ExtendedUser: allOf: - $ref: "#/components/schemas/User" - type: object properties: User: $ref: "#/components/schemas/User" Role: $ref: "#/components/schemas/Role" UserSetting: $ref: "#/components/schemas/ViewUserSettings" UserListItem: type: object properties: User: $ref: "#/components/schemas/User" Role: $ref: "#/components/schemas/Role" Organisation: type: object properties: id: $ref: "#/components/schemas/OrganisationId" name: $ref: "#/components/schemas/OrganisationName" UserList: type: array items: $ref: "#/components/schemas/UserListItem" # Organisations OrganisationId: type: string pattern: '^\d+$' maxLength: 10 example: "12345" OrganisationName: type: string maxLength: 255 example: "ORGNAME" OrganisationType: type: string nullable: true maxLength: 255 example: "ADMIN" OrganisationNoId: type: object properties: name: $ref: "#/components/schemas/OrganisationName" date_created: type: string example: "2021-06-14 14:29:19" date_modified: type: string example: "2021-06-14 14:29:19" description: type: string type: $ref: "#/components/schemas/OrganisationType" nationality: type: string sector: type: string created_by: $ref: "#/components/schemas/UserId" uuid: type: string contacts: type: string nullable: true local: type: boolean restricted_to_domain: type: array items: type: string format: hostname landingpage: type: string nullable: true user_count: type: string nullable: true pattern: '^\d+$' example: "3" created_by_email: nullable: true type: string Organisation: allOf: - type: object properties: id: $ref: "#/components/schemas/OrganisationId" - $ref: "#/components/schemas/OrganisationNoId" OrganisationListItem: type: object properties: Organisation: $ref: "#/components/schemas/Organisation" OrganisationList: type: array items: $ref: "#/components/schemas/OrganisationListItem" # Servers ServerId: type: string pattern: '^\d+$' maxLength: 10 example: "12345" ServerName: type: string maxLength: 255 example: "Phising Server" ServerNoId: type: object properties: name: $ref: "#/components/schemas/ServerName" url: type: string example: "https://misppriv.circl.lu" authkey: $ref: "#/components/schemas/AuthKeyRaw" org_id: $ref: "#/components/schemas/OrganisationId" push: type: boolean pull: type: boolean push_sightings: type: boolean push_galaxy_clusters: type: boolean pull_galaxy_clusters: type: boolean lastpulledid: type: string nullable: true pattern: '^\d+$' maxLength: 10 example: "12345" lastpushedid: type: string nullable: true pattern: '^\d+$' maxLength: 10 example: "12345" organization: type: string nullable: true remote_org_id: $ref: "#/components/schemas/OrganisationId" publish_without_email: type: boolean unpublish_event: type: boolean self_signed: type: boolean pull_rules: description: "Stringified JSON rules for pulling events from this server." type: string example: '{"tags":{"OR":[],"NOT":[]},"orgs":{"OR":[],"NOT":[]},"url_params":""}' push_rules: type: string description: "Stringified JSON rules for pushing events from this server." example: '{"tags":{"OR":[],"NOT":[]},"orgs":{"OR":[],"NOT":[]}}' cert_file: type: string description: "Base64 encoded certificate" nullable: true format: byte client_cert_file: type: string description: "Base64 encoded client certificate" nullable: true format: byte internal: type: boolean skip_proxy: type: boolean caching_enabled: type: boolean priority: type: string nullable: true pattern: '^\d+$' maxLength: 10 example: "1" cache_timestamp: type: boolean Server: allOf: - type: object properties: id: $ref: "#/components/schemas/ServerId" - $ref: "#/components/schemas/ServerNoId" ServerListItem: type: object properties: Server: $ref: "#/components/schemas/Server" Organisation: $ref: "#/components/schemas/Organisation" RemoteOrg: $ref: "#/components/schemas/Organisation" User: type: array items: $ref: "#/components/schemas/User" ServerList: type: array items: $ref: "#/components/schemas/ServerListItem" PhpServerSetting: type: object properties: explanation: type: string example: "The maximum duration that a script can run (does not affect the background workers). A too low number will break long running scripts like comprehensive API exports" recommended: anyOf: - type: integer example: 300 - type: string unit: type: string example: "seconds" value: anyOf: - type: integer format: int32 example: 300 - type: string ServerPackageVersion: type: object properties: version: type: string example: "1.2.0.11" expected: type: string example: ">1.2.0.9" status: type: integer format: int32 minimum: 0 example: 1 DatabaseTableDiagnostics: type: object properties: used: type: string example: "207.63MB" reclaimable: type: string example: "5MB" table: type: string example: "attributes" MispSetting: type: object properties: level: type: integer example: 0 value: anyOf: - type: string - type: boolean - type: number errorMessage: type: string nullable: true example: "The currently set baseurl does not match the URL through which you have accessed the page. Disregard this if you are accessing the page via an alternate URL (for example via IP address)." test: nullable: true anyOf: - type: string example: "testBaseURL" - type: boolean type: type: string example: "string" enum: - "string" - "boolean" - "numeric" "null": type: boolean nullable: true subGroup: type: string nullable: true example: "Enrichment" cli_only: type: integer nullable: true example: 1 redacted: type: boolean nullable: true optionsSource: type: object nullable: true afterHook: type: string nullable: true example: "cleanCacheFiles" error: type: integer nullable: true example: 1 tab: type: string example: "MISP" setting: type: string example: "MISP.baseurl" options: nullable: true anyOf: - type: object - type: string - type: array items: type: string - type: array items: type: object Worker: type: object properties: pid: type: integer example: 1233 user: type: string example: "www-data" alive: type: boolean correct_user: type: boolean ok: type: boolean WorkersStatus: type: object properties: ok: type: boolean workers: type: array items: $ref: "#/components/schemas/Worker" jobCount: type: integer nullable: true example: 0 UpdateServerResultItem: type: object properties: input: type: string example: "cd $(git rev-parse --show-toplevel) && git checkout app/composer.json 2>&1" output: type: array items: type: string example: "Updated 1 path from the index" status: type: integer example: 0 # Feeds FeedId: type: string pattern: '^\d+$' maxLength: 10 example: "3" FeedName: type: string maxLength: 255 example: "CIRCL OSINT Feed" FeedSourceFormat: type: string enum: - "1" - "csv" - "freetext" - "misp" FeedInputSource: description: "Specify whether the source (url field) is a directory (local) or an genuine url (network)." type: string enum: - "local" - "network" FeedHeaders: description: "Headers to be passed with the requests. All separated by \n" type: string nullable: true example: | X-Custom-Header-A: Foo X-Custom-Header-B: Bar FeedSettings: type: string nullable: true example: '{"csv":{"value":"","delimiter":""},"common":{"excluderegex":""},"disable_correlation":"1"}' FeedRules: description: "Stringified JSON filter rules." type: string nullable: true example: '{"tags":{"OR":[],"NOT":[]},"orgs":{"OR":[],"NOT":[]},"url_params":""}' FeedUrl: type: string example: "https://www.circl.lu/doc/misp/feed-osint" FeedFixedEvent: description: "target_event option might be considered" type: boolean FeedDeltaMergeFlag: description: "Merge attributes (only add new attribute, remove revoked attributes)" type: boolean FeedProvider: type: string example: "CIRCL" FeedOverrideIDSFlag: description: "The IDS flags will be set to Off for this feed" type: boolean FeedDeleteLocalFileFlag: description: "The IDS flags will be set to Off for this feed" type: boolean FeedLookupVisibleFlag: description: "The lookup will not be visible in the feed correlation" type: boolean FeedCachingEnabledFlag: description: "The feed is cached" type: boolean FeedForceToIDSFlag: description: "The IDS flags will be set to On for this feed" type: boolean FeedEnabledFlag: type: boolean FeedCacheTimestamp: nullable: true anyOf: - $ref: "#/components/schemas/Timestamp" - type: boolean FeedNoId: type: object properties: name: $ref: "#/components/schemas/FeedName" provider: $ref: "#/components/schemas/FeedProvider" url: $ref: "#/components/schemas/FeedUrl" rules: $ref: "#/components/schemas/FeedRules" enabled: $ref: "#/components/schemas/FeedEnabledFlag" distribution: $ref: "#/components/schemas/DistributionLevelId" sharing_group_id: $ref: "#/components/schemas/SharingGroupId" tag_id: $ref: "#/components/schemas/TagId" default: $ref: "#/components/schemas/IsDefault" source_format: $ref: "#/components/schemas/FeedSourceFormat" fixed_event: $ref: "#/components/schemas/FeedFixedEvent" delta_merge: $ref: "#/components/schemas/FeedDeltaMergeFlag" event_id: $ref: "#/components/schemas/EventId" publish: $ref: "#/components/schemas/PublishedFlag" override_ids: $ref: "#/components/schemas/FeedOverrideIDSFlag" settings: $ref: "#/components/schemas/FeedSettings" input_source: $ref: "#/components/schemas/FeedInputSource" delete_local_file: $ref: "#/components/schemas/FeedDeleteLocalFileFlag" lookup_visible: $ref: "#/components/schemas/FeedLookupVisibleFlag" headers: $ref: "#/components/schemas/FeedHeaders" caching_enabled: $ref: "#/components/schemas/FeedCachingEnabledFlag" force_to_ids: $ref: "#/components/schemas/FeedForceToIDSFlag" orgc_id: $ref: "#/components/schemas/OrganisationId" cache_timestamp: $ref: "#/components/schemas/FeedCacheTimestamp" Feed: allOf: - type: object properties: id: $ref: "#/components/schemas/FeedId" - $ref: "#/components/schemas/FeedNoId" # Warninglists WarninglistId: type: string pattern: '^\d+$' maxLength: 10 example: "3" WarninglistEntry: type: object properties: id: type: string pattern: '^\d+$' example: "1234" value: type: string example: "10.128.0.0/24" warninglist_id: $ref: "#/components/schemas/WarninglistId" Warninglist: type: object properties: id: $ref: "#/components/schemas/WarninglistId" name: type: string example: "List of known domains to know external IP" type: type: string enum: - "cidr" - "hostname" - "substring" - "string" - "regex" example: "cidr" description: type: string version: type: string pattern: '^\d+$' example: "10" enabled: type: boolean warninglist_entry_count: type: string pattern: '^\d+$' example: "1234" valid_attributes: description: "List of comma separated warninglist types." type: string example: "domain, hostname, domain|ip, uri, url" WarninglistEntry: type: array items: $ref: "#/components/schemas/WarninglistEntry" WarninglistsIdFilter: anyOf: - $ref: "#/components/schemas/WarninglistId" - type: array items: $ref: "#/components/schemas/WarninglistId" WarninglistsNameFilter: anyOf: - type: string example: "%search term%" - type: array items: type: string example: "%search term%" # Noticelists NoticelistId: type: string pattern: '^\d+$' maxLength: 10 example: "3" NoticelistEntry: type: object properties: id: type: string pattern: '^\d+$' example: "1234" noticelist_id: $ref: "#/components/schemas/NoticelistId" data: type: object properties: scope: type: array items: type: string example: "attribute" field: type: array items: type: string example: "category" value: type: array items: type: string example: "Person" tags: type: array items: $ref: "#/components/schemas/TagName" message: type: object properties: en: type: string example: "This attribute is likely to contain personal data and the data subject is likely to be directly identifiable." Noticelist: type: object properties: id: $ref: "#/components/schemas/NoticelistId" name: type: string example: "List of known domains to know external IP" type: type: string enum: - "cidr" - "hostname" - "substring" - "string" - "regex" example: "cidr" description: type: string version: type: string pattern: '^\d+$' example: "10" enabled: type: boolean warninglist_entry_count: type: string pattern: '^\d+$' example: "1234" valid_attributes: description: "List of comma separated warninglist types." type: string example: "domain, hostname, domain|ip, uri, url" NoticelistEntry: type: array items: $ref: "#/components/schemas/NoticelistEntry" # Roles RoleId: type: string pattern: '^\d+$' maxLength: 10 example: "3" RoleName: type: string maxLength: 255 example: "ORGNAME" Role: type: object properties: id: $ref: "#/components/schemas/RoleId" name: $ref: "#/components/schemas/RoleName" perm_add: type: boolean perm_modify: type: boolean perm_modify_org: type: boolean perm_publish: type: boolean perm_delegate: type: boolean perm_sync: type: boolean perm_admin: type: boolean perm_audit: type: boolean perm_auth: type: boolean perm_site_admin: type: boolean perm_regexp_access: type: boolean perm_tagger: type: boolean perm_template: type: boolean perm_sharing_group: type: boolean perm_tag_editor: type: boolean perm_sighting: type: boolean perm_object_template: type: boolean perm_publish_zmq: type: boolean perm_publish_kafka: type: boolean perm_decaying: type: boolean perm_galaxy_editor: type: boolean default_role: type: boolean memory_limit: type: string nullable: true pattern: '^\d+$|^$' max_execution_time: type: string nullable: true pattern: '^\d+$|^$' restricted_to_site_admin: type: boolean enforce_rate_limit: type: boolean rate_limit_count: type: string pattern: '^\d+$' permission: type: string pattern: '^\d+$' example: "3" permission_description: type: string example: "publish" # Sharing Groups SharingGroupId: type: string nullable: true pattern: '^\d+$|^$' maxLength: 10 example: "1" SharingGroupServerId: type: string nullable: true pattern: '^\d+$|^$' maxLength: 10 example: "1" SharingGroupOrganisationId: type: string nullable: true pattern: '^\d+$|^$' maxLength: 10 example: "1" SharingGroupName: type: string maxLength: 255 example: "Banking Sharing Group" SharingGroupDescription: type: string maxLength: 65535 example: "Banking Institutions of X Sharing Group" SharingGroupReleasability: type: string maxLength: 65535 SlimSharingGroupNoId: type: object properties: uuid: $ref: "#/components/schemas/UUID" name: $ref: "#/components/schemas/SharingGroupName" description: $ref: "#/components/schemas/SharingGroupDescription" releasability: $ref: "#/components/schemas/SharingGroupReleasability" local: type: boolean active: type: boolean org_count: type: string pattern: '^\d+$' example: "6" SlimSharingGroup: allOf: - type: object properties: id: $ref: "#/components/schemas/SharingGroupId" - $ref: "#/components/schemas/SlimSharingGroupNoId" SharingGroupNoId: allOf: - $ref: "#/components/schemas/SlimSharingGroupNoId" - type: object properties: organisation_uuid: $ref: "#/components/schemas/UUID" org_id: $ref: "#/components/schemas/OrganisationId" sync_user_id: $ref: "#/components/schemas/UserId" created: type: string format: datetime modified: type: string format: datetime roaming: type: boolean SharingGroup: allOf: - type: object properties: id: $ref: "#/components/schemas/SharingGroupId" - $ref: "#/components/schemas/SharingGroupNoId" SharingGroupOrganisation: type: object properties: id: $ref: "#/components/schemas/SharingGroupOrganisationId" sharing_group_id: $ref: "#/components/schemas/SharingGroupId" org_id: $ref: "#/components/schemas/OrganisationId" extend: type: boolean Organisation: type: object properties: id: $ref: "#/components/schemas/OrganisationId" name: $ref: "#/components/schemas/OrganisationName" uuid: $ref: "#/components/schemas/UUID" SharingGroupServer: type: object properties: all_orgs: type: boolean server_id: $ref: "#/components/schemas/ServerId" sharing_group_id: $ref: "#/components/schemas/SharingGroupId" Server: type: object properties: id: $ref: "#/components/schemas/ServerId" name: $ref: "#/components/schemas/ServerName" SharingGroupListItem: type: object properties: SharingGroup: $ref: "#/components/schemas/SlimSharingGroup" Organisation: type: object properties: id: $ref: "#/components/schemas/OrganisationId" name: $ref: "#/components/schemas/OrganisationName" uuid: $ref: "#/components/schemas/UUID" SharingGroupOrg: type: array items: $ref: "#/components/schemas/SharingGroupOrganisation" SharingGroupServer: type: array items: $ref: "#/components/schemas/SharingGroupServer" editable: type: boolean deletable: type: boolean # Logs LogActionType: type: string enum: - "accept" - "accept_delegation" - "acceptRegistrations" - "add" - "admin_email" - "attachTags" - "auth" - "auth_fail" - "blocklisted" - "captureRelations" - "change_pw" - "delete" - "disable" - "discard" - "discardRegistrations" - "edit" - "email" - "enable" - "enrichment" - "error" - "export" - "fetchEvent" - "file_upload" - "galaxy" - "include_formula" - "login" - "login_fail" - "logout" - "merge" - "pruneUpdateLogs" - "publish" - "publish_sightings" - "publish alert" - "pull" - "purge_events" - "push" - "registration" - "registration_error" - "remove_dead_workers" - "request" - "request_delegation" - "reset_auth_key" - "send_mail" - "security" - "serverSettingsEdit" - "tag" - "undelete" - "update" - "update_database" - "update_db_worker" - "upgrade_24" - "upload_sample" - "version_warning" - "warning" - "wipe_default" LogId: type: string pattern: '^\d+$' maxLength: 10 example: "12345" LogTitle: type: string example: "Attribute (448272) from Event (1): Other/text foo" LogChange: type: string example: "name () => (ORGNAME)" LogDescription: type: string example: 'Organisation "ORGNAME" (1) added by User "SYSTEM" (0).' Log: type: object properties: id: $ref: "#/components/schemas/LogId" title: $ref: "#/components/schemas/LogTitle" created: type: string format: datetime model: $ref: "#/components/schemas/ModelName" model_id: $ref: "#/components/schemas/ModelId" action: $ref: "#/components/schemas/LogActionType" user_id: $ref: "#/components/schemas/UserId" change: $ref: "#/components/schemas/LogChange" email: type: string format: email org: $ref: "#/components/schemas/OrganisationName" description: $ref: "#/components/schemas/LogDescription" ip: type: string example: "10.0.0.10" # General AuthKeyRaw: type: string minLength: 40 maxLength: 40 example: "894c8d095180c7ea28789092e96ca6424199aa4f" DistributionLevelId: type: string enum: ["0", "1", "2", "3", "4", "5"] description: > Who will be able to see this event once it becomes published and eventually when it becomes pulled: * `0` - Your organization only * `1` - This community only * `2` - Connected communities * `3` - All communities * `4` - Sharing group * `5` - Inherit Event ThreatLevelId: type: string enum: ["1", "2", "3", "4"] description: > Represents the threat level. * `1` - High * `2` - Medium * `3` - Low * `4` - Undefined AnalysisLevelId: type: string enum: ["0", "1", "2"] description: > Represents the analysis maturity level. * `0` - Initial * `1` - Ongoing * `2` - Complete ToIDS: type: boolean default: true UUID: type: string format: uuid maxLength: 36 example: "c99506a6-1255-4b71-afa5-7b8ba48c3b1b" ExtendsUUID: type: string nullable: true maxLength: 36 example: "c99506a6-1255-4b71-afa5-7b8ba48c3b1b" Timestamp: type: string pattern: '^\d+$' default: "0" example: "1617875568" NullableTimestamp: nullable: true type: string pattern: '^\d+$|^$' default: "0" example: "1617875568" MicroTimestamp: type: string pattern: '^\d+$' example: "1581984000000000" NullableMicroTimestamp: nullable: true type: string pattern: '^\d+$|^$' default: null example: "1581984000000000" SoftDeletedFlag: type: boolean default: false SoftDeletedFlagValuesToInclude: description: 'Whether to include soft-deleted attributes. Default value 0. If set to 1, only deleted attributes will be returned. If set to [0,1], both deleted and non-deleted attributes wil be returned.' type: boolean default: false PublishedFlag: type: boolean default: false DisableCorrelationFlag: type: boolean default: false IsExportable: type: boolean default: true IsGalaxy: type: boolean default: true IsCustomGalaxy: type: boolean default: true IsInherited: type: integer format: int32 default: 1 IsLocked: type: boolean IsDefault: type: boolean IsLocal: type: boolean Local: type: integer format: int32 maxLength: 1 default: 0 nullable: false enum: - 0 - 1 IsReadOnly: type: boolean Icon: type: string maxLength: 255 example: "globe" PageSearchFilter: type: integer format: int32 nullable: true minimum: 1 LimitSearchFilter: type: integer format: int32 nullable: true minimum: 0 SortSearchField: description: Field to be used to sort the result type: string nullable: true example: "timestamp" DirectionSearchField: description: Sort direction of the result type: string nullable: true default: "asc" enum: - "asc" - "desc" DateRestSearchFilter: description: "You can use any of the valid time related filters (examples: 7d, timestamps, [14d, 7d] for ranges, etc.)" type: string nullable: true DateIntervalRestSearchFilter: description: "Interval described by two dates" type: array minimum: 2 maximum: 2 items: $ref: "#/components/schemas/DateRestSearchFilter" LastRestSearchFilter: description: "Events published within the last x amount of time, where x can be defined in days, hours, minutes (for example 5d or 12h or 30m), ISO 8601 datetime format or timestamp" oneOf: - type: integer - type: string nullable: true TagsRestSearchFilter: nullable: true type: array items: type: string example: "tlp:amber" SearchAllRestSearchFilter: description: "Search events by matching any tag names, event descriptions, attribute values or attribute comments" type: string example: malware ToIDSRestSearchFlag: nullable: true type: boolean SharingGroupIDRestSearchFilter: description: "Sharing group ID(s), either as single string or list of IDs" nullable: true items: type: string example: "1" DecayingModelRestSearchFilter: description: "Specify the decaying model from which the decaying score should be calculated" type: string DecayingModelScoreRestSearchFilter: description: "An alias to override on-the-fly the threshold of the decaying model" type: string MetadataRestSearchFilter: description: "Will only return the metadata of the given query scope, contained data is omitted." nullable: true type: boolean IncludeEventUUIDRestSearchFlag: description: "Include matching eventUuids in the response" type: boolean default: false IncludeAllTagsRestSearchFilter: description: "Include also exportable tags" type: boolean default: false IncludeEventTagsRestSearchFlag: description: "Include tags of matching events in the response" type: boolean default: false IncludeProposalsRestSearchFlag: description: "Include proposals of matching events in the response" type: boolean default: false EnforceWarninglistRestSearchFilter: description: "Should the warning list be enforced. Adds blocked field for matching attributes" nullable: true type: boolean WithAttachmentsRestSearchFilter: description: "Extends the response with the base64 representation of the attachment, if there is one" type: boolean default: false RequestedAttributesRestSearchFilter: description: "List of properties that will be selected in the CSV export" type: array items: type: string example: "id" IncludeContextRestSearchFlag: description: "Adds events context fields in the CSV export" nullable: true type: boolean HeaderlessRestSearchFlag: description: "Removes header in the CSV export" nullable: true type: boolean IncludeWarninglistHitsRestSearchFlag: nullable: true type: boolean AttackGalaxyRestSearchFilter: nullable: true type: string example: "mitre-attack" ExcludeLocalTagsRestSearchFilter: description: "Exclude local tags from the export" nullable: true type: boolean IncludeSightingDbRestSearchFlag: description: "Extend response with Sightings DB results if the module is enabled" nullable: true type: boolean IncludeCorrelationsRestSearchFlag: nullable: true type: boolean IncludeDecayScoreRestSearchFlag: description: "Include all enabled decaying score" type: boolean default: false IncludeFullModelRestSearchFlag: description: "Include all model information of matching events in the response" type: boolean default: false AllowProposalBlockingRestSearchFlag: description: "Allow blocking attributes from to_ids sensitive exports if a proposal has been made to it to remove the IDS flag" type: boolean default: false ExcludeDecayedRestSearchFlag: description: "Should the decayed elements by excluded" type: boolean default: false ModelOverridesRestSearchFilter: $ref: "#/components/schemas/DecayingModelParameters" ModelId: type: string pattern: '^\d+$' maxLength: 10 example: "12345" ModelName: type: string enum: - "AdminSetting" - "Allowedlist" - "AttachmentScan" - "Attribute" - "AttributeTag" - "AuditLog" - "AuthKey" - "Bruteforce" - "Cerebrate" - "Community" - "CorrelationExclusion" - "Correlation" - "Dashboard" - "DecayingModelMapping" - "DecayingModel" - "EventBlocklist" - "EventDelegation" - "EventGraph" - "EventLock" - "Event" - "EventReport" - "EventTag" - "FavouriteTag" - "Feed" - "FuzzyCorrelateSsdeep" - "GalaxyClusterBlocklist" - "GalaxyCluster" - "GalaxyClusterRelation" - "GalaxyClusterRelationTag" - "GalaxyElement" - "Galaxy" - "Inbox" - "Job" - "Log" - "MispObject" - "Module" - "News" - "NoticelistEntry" - "Noticelist" - "NotificationLog" - "ObjectReference" - "ObjectRelationship" - "ObjectTemplateElement" - "ObjectTemplate" - "Organisation" - "OrgBlocklist" - "Post" - "Regexp" - "RestClientHistory" - "Role" - "Server" - "ShadowAttribute" - "SharingGroupOrg" - "SharingGroup" - "SharingGroupServer" - "SightingdbOrg" - "Sightingdb" - "Sighting" - "TagCollection" - "TagCollectionTag" - "Tag" - "Task" - "TaxonomyEntry" - "Taxonomy" - "TaxonomyPredicate" - "TemplateElementAttribute" - "TemplateElementFile" - "TemplateElement" - "TemplateElementText" - "Template" - "TemplateTag" - "Thread" - "ThreatLevel" - "User" - "UserSetting" - "WarninglistEntry" - "Warninglist" - "WarninglistType" EventsRestSearchReturnFormat: description: "Format of the response payload" type: string enum: - json - xml - csv - text - stix - stix2 - stix-json - attack - attack-sightings - cache - count - hashes - netfilter - opendata - openioc - rpz - snort - suricata - yara - yara-json AttributesRestSearchReturnFormat: description: "Format of the response payload" type: string enum: - json - xml - csv - text - stix - stix2 - stix-json - hashes - cache - count - netfilter - opendata - openioc - rpz - snort - suricata - text - yara - yara-json ObjectsRestSearchReturnFormat: description: "Format of the response payload" type: string enum: - json ObjectRelationRestSearchFilter: description: "Filter by the attribute object relation value" nullable: true type: string example: "filepath" # AuthKeys AuthKeyId: type: string pattern: '^\d+$' maxLength: 10 example: "12345" AuthKey: type: object properties: id: $ref: "#/components/schemas/AuthKeyId" uuid: $ref: "#/components/schemas/UUID" authkey_start: type: string maxLength: 4 authkey_end: type: string maxLength: 4 created: $ref: "#/components/schemas/Timestamp" expiration: type: string format: datetime example: "1970-01-01 00:00:00" nullable: true read_only: $ref: "#/components/schemas/IsReadOnly" user_id: $ref: "#/components/schemas/UserId" comment: type: string allowed_ips: type: array items: description: IP address type: string example: "127.0.0.1" nullable: true last_used: $ref: "#/components/schemas/NullableTimestamp" ApiError: type: object required: - name - message - url properties: name: type: string message: type: string url: type: string example: "/attributes" UnauthorizedApiError: type: object required: - name - message - url properties: name: type: string example: "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header." message: type: string example: "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header." url: type: string example: "/attributes" NotFoundApiError: type: object required: - name - message - url properties: name: type: string example: "Invalid attribute" message: type: string example: "Invalid attribute" url: type: string example: "/attributes/1234" NotFoundUserTotpDeleteError: type: object required: - name - message - url properties: name: type: string example: "Invalid user" message: type: string example: "Invalid user" url: type: string example: "/users/totp_delete/1" parameters: eventIdParameter: name: eventId in: path description: "UUID or numeric ID of the event" required: true schema: oneOf: - $ref: "#/components/schemas/EventId" - $ref: "#/components/schemas/UUID" attributeIdParameter: name: attributeId in: path description: "UUID or numeric ID of the attribute" required: true schema: oneOf: - $ref: "#/components/schemas/AttributeId" - $ref: "#/components/schemas/UUID" tagIdParameter: name: tagId in: path description: Numeric ID of the attribute required: true schema: $ref: "#/components/schemas/TagId" localParameter: name: local in: path description: "Whether the object should be attached locally or not to the target" schema: $ref: "#/components/schemas/Local" tagSearchTermParameter: name: tagSearchTerm in: path description: Tag search term required: true schema: type: string example: "%tlp%" galaxyIdParameter: name: galaxyId in: path description: "UUID or numeric ID of the galaxy" required: true schema: oneOf: - $ref: "#/components/schemas/GalaxyId" - $ref: "#/components/schemas/UUID" galaxyClusterIdParameter: name: galaxyClusterId in: path description: "UUID or numeric ID of the galaxy cluster" required: true schema: oneOf: - $ref: "#/components/schemas/GalaxyClusterId" - $ref: "#/components/schemas/UUID" userIdParameter: name: userId in: path description: "Numeric ID of the user" required: true schema: $ref: "#/components/schemas/UserId" firstTimeResetParameter: name: firstTimeReset in: path description: "First time reset is set to `1` only for new user registrations." required: true schema: type: string enum: - "0" - "1" organisationIdParameter: name: organisationId in: path description: "UUID or numeric ID of the organisation" required: true schema: oneOf: - $ref: "#/components/schemas/OrganisationId" - $ref: "#/components/schemas/UUID" serverIdParameter: name: serverId in: path description: "UUID or numeric ID of the server" required: true schema: oneOf: - $ref: "#/components/schemas/ServerId" - $ref: "#/components/schemas/UUID" pullTechniqueParameter: name: pullTechnique in: path description: "Pull technique to be used for pulling events from this instance." required: true schema: type: string enum: - "full" - "incremental" - "pull_relevant_clusters" pushTechniqueParameter: name: pushTechnique in: path description: "Push technique to be used for pushing events to this instance." required: true schema: type: string enum: - "full" - "incremental" workerTypeParameter: name: workerType in: path description: "Worker type." required: true schema: type: string enum: - "default" - "email" - "scheduler" - "cache" - "prio" - "update" workerPidParameter: name: workerPid in: path description: "Worker PID." required: true schema: type: string pattern: '^\d+$' settingNameParameter: name: settingName in: path description: "Setting name." required: true schema: type: string example: "MISP.background_jobs" sharingGroupIdParameter: name: sharingGroupId in: path description: "UUID or numeric ID of the sharing group" required: true schema: oneOf: - $ref: "#/components/schemas/SharingGroupId" - $ref: "#/components/schemas/UUID" sharingGroupServerIdParameter: name: sharingGroupServerId in: path description: "UUID or numeric ID of the sharing group server" required: true schema: $ref: "#/components/schemas/SharingGroupServerId" feedIdParameter: name: feedId in: path description: "UUID or numeric ID of the feed" required: true schema: oneOf: - $ref: "#/components/schemas/FeedId" - $ref: "#/components/schemas/UUID" warninglistIdParameter: name: warninglistId in: path description: "Numeric ID of the warninglist" required: true schema: $ref: "#/components/schemas/WarninglistId" noticelistIdParameter: name: noticelistId in: path description: "Numeric ID of the noticelist" required: true schema: $ref: "#/components/schemas/NoticelistId" sightingIdParameter: name: sightingId in: path description: "UUID or numeric ID of the sighting" required: true schema: $ref: "#/components/schemas/SightingId" cacheFeedsScopeParameter: name: cacheFeedsScope in: path description: "Cache feeds strategy" required: true schema: type: string enum: - "all" - "csv" - "freetext" attachTargetIdParameter: name: attachTargetId in: path description: "UUID or numeric ID of the target entity (Event, Attribute or TagCollection)" required: true schema: anyOf: - $ref: "#/components/schemas/EventId" - $ref: "#/components/schemas/AttributeId" - $ref: "#/components/schemas/TagCollectionId" attachTargetTypeParameter: name: attachTargetType in: path description: "Type of the target entity to attach to the galaxy cluster." required: true schema: type: string enum: - "event" - "attribute" - "tag_collection" attributeStatisticsContextParameter: name: context in: path required: true description: Context of the statistics. schema: type: string default: "type" enum: - type - category attributeStatisticsPercentageParameter: name: percentage in: path required: true description: "`0` to show attribute count, `1` for showing percentages" schema: type: integer objectIdParameter: name: objectId in: path description: "UUID or numeric ID of the object" required: true schema: oneOf: - $ref: "#/components/schemas/ObjectId" - $ref: "#/components/schemas/UUID" hardDeleteParameter: name: hardDelete in: path description: "`1` for hard delete the entity, `0` for soft deletion." required: true schema: type: string enum: - "0" - "1" hardDeleteParameterNotRequired: name: hardDelete in: path description: "`1` for hard delete the entity, `0` for soft deletion." required: false schema: type: string enum: - "0" - "1" objectTemplateIdParameter: name: objectTemplateId in: path description: "UUID or numeric ID of the object template" required: true schema: oneOf: - $ref: "#/components/schemas/ObjectTemplateId" - $ref: "#/components/schemas/UUID" authKeyIdParameter: name: authKeyId in: path description: "UUID or numeric ID of the auth key" required: true schema: oneOf: - $ref: "#/components/schemas/AuthKeyId" - $ref: "#/components/schemas/UUID" userSettingIdParameter: name: userSettingId in: path description: "UUID or numeric ID of the user setting" required: true schema: $ref: "#/components/schemas/UserSettingId" userSettingNameParameter: name: userSettingName in: path description: "Name of the user setting" required: true schema: $ref: "#/components/schemas/UserSettingName" taxonomyIdParameter: name: taxonomyId in: path description: "Numeric ID of the taxonomy" required: true schema: $ref: "#/components/schemas/TaxonomyId" eventReportIdParameter: name: eventReportId in: path description: "UUID or numeric ID of the event report" required: true schema: oneOf: - $ref: "#/components/schemas/EventReportId" - $ref: "#/components/schemas/UUID" analystDataIdParameter: name: analystID in: path description: "UUID or numeric ID of the Analyst data" required: true schema: oneOf: - $ref: "#/components/schemas/AnalystDataID" - $ref: "#/components/schemas/UUID" analystDataTypeParameter: name: analystType in: path description: "Type of the analyst data." required: true schema: $ref: "#/components/schemas/AnalystDataType" analystDataObjectUUIDParameter: name: analystObjectUUID in: path description: "Object UUID that has an analyst data" required: true schema: $ref: "#/components/schemas/UUID" analystDataObjectTypeParameter: name: analystObjectType in: path description: "Object type that has an analyst data" required: true schema: $ref: "#/components/schemas/analystObjectType" securitySchemes: ApiKeyAuth: type: apiKey in: header name: Authorization description: | The authentication of the automation is performed via a secure key available in the MISP UI interface. Make sure you keep that key secret as it gives access to the entire database! The [API](https://www.circl.lu/doc/misp/GLOSSARY.html#api) key is available in the event actions menu under automation. The authorization is performed by using the following header in the API requests: Authorization: YOUR_API_KEY > **NOTE**: Since version 2.2 the usage of the authentication key in the URL is deprecated. Instead, pass the auth key in an Authorization header in the request. The legacy option of having the auth key in the URL is temporarily still supported but not recommended. requestBodies: AddAttributeRequest: required: true content: application/json: schema: $ref: "#/components/schemas/AttributeNoId" EditAttributeRequest: required: true content: application/json: schema: $ref: "#/components/schemas/Attribute" RestSearchAttributesRequest: required: true content: application/json: schema: $ref: "#/components/schemas/AttributeRestSearchFilter" AddEventRequest: required: true content: application/json: schema: $ref: "#/components/schemas/EventNoId" EditEventRequest: required: true content: application/json: schema: $ref: "#/components/schemas/EventNoId" SearchEventRequest: required: true content: application/json: schema: type: object properties: page: $ref: "#/components/schemas/PageSearchFilter" limit: $ref: "#/components/schemas/LimitSearchFilter" sort: $ref: "#/components/schemas/SortSearchField" direction: $ref: "#/components/schemas/DirectionSearchField" minimal: description: "Returns a minimal version of the event, only events with `attributeCount` > 0 will be returned" type: boolean nullable: true default: false attribute: description: "Filter events matching the given string with attributes values" type: string nullable: true example: "covert channel" eventid: $ref: "#/components/schemas/EventId" datefrom: description: "Event creation date is greater or equal" type: string nullable: true format: date example: "2021-03-05" dateuntil: description: "Event creation date is less or equal" type: string nullable: true format: date example: "2021-03-05" org: description: "Filter events by matching the creator organisation name" type: string nullable: true example: "CIRCL" eventinfo: description: "Filter events by matching the event info text" type: string nullable: true example: "Phishing campaing" tag: $ref: "#/components/schemas/TagName" tags: description: "Filter events by matching *any* of the event tags of a given list of tag names" type: array nullable: true items: $ref: "#/components/schemas/TagName" example: - "tlp:amber" - 'cycat:scope="exploit"' distribution: $ref: "#/components/schemas/DistributionLevelId" sharinggroup: $ref: "#/components/schemas/SharingGroupId" analysis: $ref: "#/components/schemas/AnalysisLevelId" threatlevel: $ref: "#/components/schemas/ThreatLevelId" email: description: "Filter events by matching the event creator user email" type: string nullable: true format: email example: "admin@admin.test" hasproposal: description: "Filter events by checking if it has attributes with change proposals. Possible values: `0`, `1`" type: string nullable: true example: "1" timestamp: description: "Event timestamp greater or equal" type: string nullable: true example: "1" publish_timestamp: description: "Event publish timestamp greater or equal" type: string nullable: true example: "1" searchDatefrom: description: "Filters on the date, anything newer than the given date in YYYY-MM-DD format is taken - non-negatable" type: string nullable: true example: "2020-01-20" searchDateuntil: description: "Filters on the date, anything older than the given date in YYYY-MM-DD format is taken - non-negatable" type: string nullable: true example: "2020-01-20" RestSearchEventsRequest: required: true content: application/json: schema: type: object properties: page: $ref: "#/components/schemas/PageSearchFilter" limit: $ref: "#/components/schemas/LimitSearchFilter" value: $ref: "#/components/schemas/AttributeValue" type: $ref: "#/components/schemas/AttributeType" category: $ref: "#/components/schemas/AttributeCategory" org: oneOf: - $ref: "#/components/schemas/OrganisationId" - $ref: "#/components/schemas/OrganisationName" tags: $ref: "#/components/schemas/TagsRestSearchFilter" event_tags: $ref: "#/components/schemas/TagsRestSearchFilter" searchall: $ref: "#/components/schemas/SearchAllRestSearchFilter" from: $ref: "#/components/schemas/DateRestSearchFilter" to: $ref: "#/components/schemas/DateRestSearchFilter" last: $ref: "#/components/schemas/LastRestSearchFilter" eventid: $ref: "#/components/schemas/EventId" withAttachments: $ref: "#/components/schemas/WithAttachmentsRestSearchFilter" sharinggroup: $ref: "#/components/schemas/SharingGroupIDRestSearchFilter" metadata: $ref: "#/components/schemas/MetadataRestSearchFilter" uuid: $ref: "#/components/schemas/UUID" publish_timestamp: $ref: "#/components/schemas/Timestamp" timestamp: $ref: "#/components/schemas/Timestamp" published: $ref: "#/components/schemas/PublishedFlag" enforceWarninglist: $ref: "#/components/schemas/EnforceWarninglistRestSearchFilter" sgReferenceOnly: description: "Will only return the sharing group ID" type: boolean requested_attributes: $ref: "#/components/schemas/RequestedAttributesRestSearchFilter" includeContext: $ref: "#/components/schemas/IncludeContextRestSearchFlag" headerless: $ref: "#/components/schemas/HeaderlessRestSearchFlag" includeWarninglistHits: $ref: "#/components/schemas/IncludeWarninglistHitsRestSearchFlag" attackGalaxy: $ref: "#/components/schemas/AttackGalaxyRestSearchFilter" to_ids: $ref: "#/components/schemas/ToIDS" deleted: $ref: "#/components/schemas/SoftDeletedFlagValuesToInclude" excludeLocalTags: $ref: "#/components/schemas/ExcludeLocalTagsRestSearchFilter" date: $ref: "#/components/schemas/DateRestSearchFilter" includeSightingdb: $ref: "#/components/schemas/IncludeSightingDbRestSearchFlag" tag: $ref: "#/components/schemas/TagName" object_relation: $ref: "#/components/schemas/ObjectRelationRestSearchFilter" threat_level_id: $ref: "#/components/schemas/ThreatLevelId" returnFormat: $ref: "#/components/schemas/EventsRestSearchReturnFormat" SearchGalaxyRequest: required: true content: application/json: schema: type: object properties: value: $ref: "#/components/schemas/GalaxyValueSearchFilter" ImportGalaxyClusterRequest: required: true content: application/json: schema: type: array items: $ref: "#/components/schemas/ImportGalaxyClusterItem" ExportGalaxyClusterRequest: content: application/json: schema: type: object properties: Galaxy: type: object properties: default: description: "`true` to filter out galaxy clusters with `default=true` set." type: boolean custom: description: "`true` to filter out galaxy clusters with `default=false` set" type: boolean distribution: $ref: "#/components/schemas/DistributionLevelId" format: description: "If set to `misp-galaxy` result set is in the misp-galaxy format." type: string enum: - "default" - "misp-galaxy" download: description: "`true` returns the response as a json file attachment, `false` returns the response in the response body." type: boolean AttachGalaxyClusterRequest: content: application/json: schema: type: object properties: Galaxy: type: object properties: target_id: description: "Target galaxy cluster to attach." type: integer format: int32 example: 1235 SearchGalaxyClustersRequest: content: application/json: schema: type: object properties: context: type: string enum: - "all" - "default" - "org" - "deleted" searchall: description: "Search galaxy clusters by matching any value, description, uuid or galaxy elements values." type: string example: "botnet" AddGalaxyClusterRequest: content: application/json: schema: $ref: "#/components/schemas/GalaxyCluster" EditGalaxyClusterRequest: content: application/json: schema: $ref: "#/components/schemas/GalaxyCluster" AddUserRequest: content: application/json: schema: $ref: "#/components/schemas/UserNoId" EditUserRequest: content: application/json: schema: $ref: "#/components/schemas/User" AddOrganisationRequest: content: application/json: schema: $ref: "#/components/schemas/OrganisationNoId" EditOrganisationRequest: content: application/json: schema: type: object properties: name: $ref: "#/components/schemas/OrganisationName" type: $ref: "#/components/schemas/OrganisationType" nationality: type: string nullable: true sector: type: string nullable: true contacts: type: string nullable: true description: type: string nullable: true local: type: boolean nullable: true uuid: type: string nullable: true format: uuid restricted_to_domain: nullable: true type: array items: type: string format: hostname AddServerRequest: content: application/json: schema: $ref: "#/components/schemas/ServerNoId" EditServerRequest: content: application/json: schema: $ref: "#/components/schemas/Server" EditServerSettingRequest: content: application/json: schema: type: object properties: value: anyOf: - type: string - type: boolean - type: number - type: object ImportServerRequest: content: application/json: schema: type: object properties: name: $ref: "#/components/schemas/ServerName" url: type: string example: "https://misppriv.circl.lu" uuid: $ref: "#/components/schemas/UUID" authkey: $ref: "#/components/schemas/AuthKeyRaw" Organisation: type: object properties: name: $ref: "#/components/schemas/OrganisationName" AddSharingGroupRequest: content: application/json: schema: $ref: "#/components/schemas/SharingGroupNoId" EditSharingGroupRequest: content: application/json: schema: $ref: "#/components/schemas/SharingGroup" AddFeedRequest: content: application/json: schema: type: object properties: name: $ref: "#/components/schemas/FeedName" provider: $ref: "#/components/schemas/FeedProvider" url: $ref: "#/components/schemas/FeedUrl" rules: $ref: "#/components/schemas/FeedRules" enabled: $ref: "#/components/schemas/FeedEnabledFlag" distribution: $ref: "#/components/schemas/DistributionLevelId" sharing_group_id: $ref: "#/components/schemas/SharingGroupId" tag_id: $ref: "#/components/schemas/TagId" source_format: $ref: "#/components/schemas/FeedSourceFormat" fixed_event: $ref: "#/components/schemas/FeedFixedEvent" delta_merge: $ref: "#/components/schemas/FeedDeltaMergeFlag" event_id: $ref: "#/components/schemas/EventId" publish: $ref: "#/components/schemas/PublishedFlag" override_ids: $ref: "#/components/schemas/FeedOverrideIDSFlag" input_source: $ref: "#/components/schemas/FeedInputSource" delete_local_file: $ref: "#/components/schemas/FeedDeleteLocalFileFlag" lookup_visible: $ref: "#/components/schemas/FeedLookupVisibleFlag" headers: $ref: "#/components/schemas/FeedHeaders" caching_enabled: $ref: "#/components/schemas/FeedCachingEnabledFlag" force_to_ids: $ref: "#/components/schemas/FeedForceToIDSFlag" orgc_id: $ref: "#/components/schemas/OrganisationId" EditFeedRequest: content: application/json: schema: type: object properties: id: $ref: "#/components/schemas/FeedId" name: $ref: "#/components/schemas/FeedName" provider: $ref: "#/components/schemas/FeedProvider" url: $ref: "#/components/schemas/FeedUrl" rules: $ref: "#/components/schemas/FeedRules" enabled: $ref: "#/components/schemas/FeedEnabledFlag" distribution: $ref: "#/components/schemas/DistributionLevelId" sharing_group_id: $ref: "#/components/schemas/SharingGroupId" tag_id: $ref: "#/components/schemas/TagId" source_format: $ref: "#/components/schemas/FeedSourceFormat" fixed_event: $ref: "#/components/schemas/FeedFixedEvent" delta_merge: $ref: "#/components/schemas/FeedDeltaMergeFlag" event_id: $ref: "#/components/schemas/EventId" publish: $ref: "#/components/schemas/PublishedFlag" override_ids: $ref: "#/components/schemas/FeedOverrideIDSFlag" input_source: $ref: "#/components/schemas/FeedInputSource" delete_local_file: $ref: "#/components/schemas/FeedDeleteLocalFileFlag" lookup_visible: $ref: "#/components/schemas/FeedLookupVisibleFlag" headers: $ref: "#/components/schemas/FeedHeaders" caching_enabled: $ref: "#/components/schemas/FeedCachingEnabledFlag" force_to_ids: $ref: "#/components/schemas/FeedForceToIDSFlag" orgc_id: $ref: "#/components/schemas/OrganisationId" WarninglistsSearchRequest: content: application/x-www-form-urlencoded: schema: type: object properties: value: description: "Search term to be used to match warninglists name, description or type." type: string nullable: true enabled: type: boolean nullable: true WarninglistsToggleEnableRequest: content: application/x-www-form-urlencoded: schema: type: object properties: id: $ref: "#/components/schemas/WarninglistsIdFilter" name: $ref: "#/components/schemas/WarninglistsNameFilter" enabled: type: boolean nullable: false WarninglistCheckValuesRequest: content: application/json: schema: type: array items: type: string example: "10.128.0.2" ToggleEnableNoticelistRequest: content: application/json: schema: type: object properties: Noticelist: type: object properties: data: description: "Id of the noticelist to enable/disable." type: integer example: 1 RestSearchObjectsRequest: required: true content: application/json: schema: $ref: "#/components/schemas/ObjectRestSearchFilter" AddObjectRequest: content: application/json: schema: type: object properties: Attribute: type: array items: type: object properties: category: $ref: "#/components/schemas/AttributeCategory" value: $ref: "#/components/schemas/AttributeValue" to_ids: $ref: "#/components/schemas/ToIDS" disable_correlation: $ref: "#/components/schemas/DisableCorrelationFlag" distribution: $ref: "#/components/schemas/DistributionLevelId" comment: $ref: "#/components/schemas/AttributeComment" object_relation: $ref: "#/components/schemas/ObjectRelation" AddSightingsRequest: content: application/json: schema: type: object properties: values: type: array items: $ref: "#/components/schemas/AttributeValue" timestamp: $ref: "#/components/schemas/NullableTimestamp" filters: $ref: "#/components/schemas/AttributeRestSearchFilter" AddTagRequest: content: application/json: schema: $ref: "#/components/schemas/TagNoId" EditTagRequest: content: application/json: schema: $ref: "#/components/schemas/TagNoId" GetLogsRequest: content: application/json: schema: type: object properties: page: $ref: "#/components/schemas/PageSearchFilter" limit: $ref: "#/components/schemas/LimitSearchFilter" id: $ref: "#/components/schemas/LogId" title: $ref: "#/components/schemas/LogTitle" created: oneOf: - $ref: "#/components/schemas/DateRestSearchFilter" - $ref: "#/components/schemas/DateIntervalRestSearchFilter" model: $ref: "#/components/schemas/ModelName" model_id: $ref: "#/components/schemas/ModelId" action: $ref: "#/components/schemas/LogActionType" user_id: $ref: "#/components/schemas/UserId" change: type: string description: "Text search for log change property" example: "%name () => (ORGNAME)%" email: type: string format: email org: type: string description: "Text search for log organisation name property" example: "ORG_%" description: type: string description: "Text search for log change property" example: "%updated by User%" ip: type: string description: "Text search for log ip property" GetAuthKeyRequest: content: application/json: schema: type: object properties: page: $ref: "#/components/schemas/PageSearchFilter" limit: $ref: "#/components/schemas/LimitSearchFilter" id: $ref: "#/components/schemas/AuthKeyId" uuid: $ref: "#/components/schemas/UUID" authkey_start: description: "Search term matching the first 4 characers of the authkey" type: string authkey_end: description: "Search term matching the last 4 characers of the authkey" type: string created: $ref: "#/components/schemas/DateRestSearchFilter" expiration: $ref: "#/components/schemas/DateRestSearchFilter" read_only: $ref: "#/components/schemas/IsReadOnly" user_id: $ref: "#/components/schemas/UserId" comment: type: string allowed_ips: description: "Stringified JSON array of the IP addresses." type: string example: '["127.0.0.1","127.0.0.2"]' last_used: $ref: "#/components/schemas/DateRestSearchFilter" AddAuthKeyRequest: content: application/json: schema: type: object properties: uuid: $ref: "#/components/schemas/UUID" read_only: $ref: "#/components/schemas/IsReadOnly" user_id: $ref: "#/components/schemas/UserId" comment: type: string allowed_ips: type: array items: description: IP address type: string example: "127.0.0.1" nullable: true EditAuthKeyRequest: content: application/json: schema: type: object properties: read_only: $ref: "#/components/schemas/IsReadOnly" comment: type: string allowed_ips: type: array items: description: IP address type: string example: "127.0.0.1" nullable: true GetUserSettingRequest: content: application/json: schema: type: object properties: id: $ref: "#/components/schemas/UserSettingId" setting: $ref: "#/components/schemas/UserSettingName" user_id: $ref: "#/components/schemas/UserId" SetUserSettingRequest: content: application/json: schema: anyOf: - $ref: "#/components/schemas/DashboardUserSetting" - $ref: "#/components/schemas/PublishAlertFilterUserSetting" - $ref: "#/components/schemas/DashboardAccessUserSetting" - $ref: "#/components/schemas/HomepageUserSetting" - $ref: "#/components/schemas/DefaultRestSearchParametersUserSetting" - $ref: "#/components/schemas/TagNumbericalValueOverrideUserSetting" - $ref: "#/components/schemas/EventIndexHideColumnsUserSetting" AddEventReportRequest: required: true content: application/json: schema: $ref: "#/components/schemas/EventReportNoId" ImportFromURLEventReportRequest: required: true content: application/json: schema: type: object properties: url: type: string example: "https://domain.example/blogpost/123.pdf" responses: AnalystDataResponse: description: "An analyst data. Could be a Note, Opinion or Relationship depending on the `analystType` parameter" content: application/json: schema: oneOf: - $ref: "#/components/schemas/AnalystNote" - $ref: "#/components/schemas/AnalystOpinion" - $ref: "#/components/schemas/AnalystRelationship" DeleteAnalystDataResponse: description: "Delete analyst data response" content: application/json: schema: type: object properties: message: type: string example: Analyst Note deleted. AnalystDataListResponse: description: "A list of Analyst Data" content: application/json: schema: type: array items: oneOf: - $ref: "#/components/schemas/AnalystNote" - $ref: "#/components/schemas/AnalystOpinion" - $ref: "#/components/schemas/AnalystRelationship" AttributeResponse: description: "An attribute" content: application/json: schema: type: object properties: Attribute: $ref: "#/components/schemas/Attribute" AttributeListResponse: description: "A list of attributes" content: application/json: schema: $ref: "#/components/schemas/AttributeList" DeleteAttributeResponse: description: "Delete attribute response" content: application/json: schema: type: object properties: message: type: string example: Attribute deleted. AddAttributeTagResponse: description: "Add attribute tag response" content: application/json: schema: type: object properties: saved: description: "`true` if the tag was succesfully added, `false` if it failed" type: boolean nullable: false success: description: "Present if the tag was succesfully added" type: string nullable: true example: "Tag added." check_publish: type: boolean nullable: true errors: type: string nullable: true example: Tag could not be added. RemoveAttributeTagResponse: description: "Remove attribute tag response" content: application/json: schema: type: object properties: saved: description: "`true` if the tag was succesfully removed, `false` if it failed" type: boolean nullable: false success: description: "Present if the tag was succesfully added" type: string nullable: true example: "Tag removed." check_publish: type: boolean nullable: true errors: type: string nullable: true example: Tag could not be added. AttributesRestSearchResponse: description: "Rest search attributes response" headers: X-Result-Count: $ref: "#/components/headers/X-Result-Count" X-Export-Module-Used: $ref: "#/components/headers/X-Export-Module-Used" X-Response-Format: $ref: "#/components/headers/X-Response-Format" content: application/json: schema: type: object properties: response: type: object properties: Attribute: $ref: "#/components/schemas/AttributeRestSearchList" AttributeStatisticsResponse: description: "Attribute statistics response" content: application/json: schema: $ref: "#/components/schemas/AttributeStatisticsResponse" DescribeAttributeTypesResponse: description: "Describe attribute categories and types response" content: application/json: schema: $ref: "#/components/schemas/DescribeAttributeTypesResponse" AddEventResponse: description: "A freshly created event" content: application/json: schema: $ref: "#/components/schemas/CreatedEvent" EditEventResponse: description: "A freshly updated event" content: application/json: schema: $ref: "#/components/schemas/UpdatedEvent" DeleteEventResponse: description: "Delete event response" content: application/json: schema: type: object properties: saved: description: "`true` if the event was succesfully deleted, `false` if it failed" type: boolean success: description: "`true` if the event was succesfully deleted, `false` if it failed" nullable: true type: boolean name: type: string example: "Event deleted." message: type: string example: "Could not delete Event" url: type: string example: "/events/delete/1" errors: description: "Only present if an error occurred when deleting the event" type: string nullable: true example: "Event was not deleted." DeleteEventReportResponse: description: "Delete event report response" content: application/json: schema: type: object properties: saved: description: "`true` if the event was succesfully deleted, `false` if it failed" type: boolean success: description: "`true` if the event was succesfully deleted, `false` if it failed" nullable: true type: boolean name: type: string example: "Event report 1 soft deleted." message: type: string example: "Event Report 1 could not be soft deleted. Reasons: Errors" url: type: string example: "/eventReport/delete/1" errors: description: "Only present if an error occurred when deleting the event" type: string nullable: true example: "Event Report was not deleted." RestoreEventReportResponse: description: "Restore Event Report response" content: application/json: schema: type: object properties: saved: description: "`true` if the event was succesfully deleted, `false` if it failed" type: boolean success: description: "`true` if the event was succesfully deleted, `false` if it failed" nullable: true type: boolean name: type: string example: "Event report 1 restored." message: type: string example: "Event Report 1 could not be restored. Reasons: Errors" url: type: string example: "/eventReport/restore/1" errors: description: "Only present if an error occurred when deleting the event" type: string nullable: true example: "Event Report was not restored." EventReportImportFromUrlResponse: description: "Import from URL Event Report response" content: application/json: schema: type: object properties: saved: description: "`true` if the event report was succesfully created, `false` if it failed" type: boolean success: description: "`true` if the event report was succesfully created, `false` if it failed" nullable: true type: boolean name: type: string example: "Event report imported" message: type: string example: "Report downloaded and created" url: type: string example: "/eventReport/importReportFromUrl/1" errors: description: "Only present if an error occurred when deleting the event" type: string nullable: true example: "Could not fetch report from URL. Fetcher module not enabled or could not download the page" AddEventTagResponse: description: "Add event tag response" content: application/json: schema: type: object properties: saved: description: "`true` if the tag was succesfully added, `false` if it failed" type: boolean nullable: false success: description: "Present if the tag was succesfully added" type: string nullable: true example: "Tag added." check_publish: type: boolean nullable: true errors: type: string nullable: true example: Tag could not be added. RemoveEventTagResponse: description: "Remove event tag response" content: application/json: schema: type: object properties: saved: description: "`true` if the tag was succesfully removed, `false` if it failed" type: boolean nullable: false success: description: "Present if the tag was succesfully added" type: string nullable: true example: "Tag removed." check_publish: type: boolean nullable: true errors: type: string nullable: true example: Tag could not be added. ExtendedEventListResponse: description: "A list of events with extended properties" headers: X-Result-Count: $ref: "#/components/headers/X-Result-Count" content: application/json: schema: $ref: "#/components/schemas/ExtendedEventList" ExtendedEventResponse: description: "An event with extended properties" content: application/json: schema: type: object properties: Event: $ref: "#/components/schemas/ExtendedEvent" EventsRestSearchResponse: description: "Rest search events response" headers: X-Result-Count: $ref: "#/components/headers/X-Result-Count" X-Export-Module-Used: $ref: "#/components/headers/X-Export-Module-Used" X-Response-Format: $ref: "#/components/headers/X-Response-Format" content: application/json: schema: type: object properties: response: $ref: "#/components/schemas/EventRestSearchList" PublishEventResponse: description: "Publish event response" content: application/json: schema: type: object properties: name: type: string example: "Publish" message: type: string example: "Job queued" url: type: string example: "https://misp.local/events/alert/1" id: type: string pattern: '^\d+$' UnpublishEventResponse: description: "Unpublish event response" content: application/json: schema: type: object properties: saved: type: boolean success: type: boolean name: type: string example: "Event unpublished." message: type: string example: "Event unpublished." url: type: string example: "/events/unpublish/1" EventReportResponse: description: "An Event Report" content: application/json: schema: type: object properties: EventReport: $ref: "#/components/schemas/EventReport" EventReportListResponse: description: "Get a list of Event Report" content: application/json: schema: type: array items: type: object properties: EventReport: $ref: "#/components/schemas/EventReport" GalaxyListResponse: description: "A list of galaxies" content: application/json: schema: type: array items: type: object properties: Galaxy: $ref: "#/components/schemas/Galaxy" ExtendedGalaxyResponse: description: "A extended galaxy response" content: application/json: schema: $ref: "#/components/schemas/ExtendedGalaxy" UpdateGalaxiesResponse: description: "Update galaxies response" content: application/json: schema: type: object properties: saved: description: "Present and `true` if the galaxies were succesfully updated." nullable: true type: boolean success: description: "Present and `true` if the galaxies were succesfully updated." nullable: true type: boolean name: type: string example: "Galaxies updated." message: type: string example: "Galaxies updated." url: type: string example: "/galaxies/update" DeleteGalaxyResponse: description: "Delete galaxy response" content: application/json: schema: type: object properties: saved: description: "Present and `true` if the galaxy was succesfully removed." nullable: true type: boolean success: description: "Present and `true` if the galaxy was succesfully removed." nullable: true type: boolean name: type: string example: "Galaxy deleted" message: type: string example: "Galaxy deleted" url: type: string example: "/galaxies/delete" ImportGalaxyClusterResponse: description: "Import galaxy cluster response" content: application/json: schema: type: object properties: saved: description: "Present and `true` if the galaxy was succesfully imported." nullable: true type: boolean success: description: "Present and `true` if the galaxy was succesfully imported." nullable: true type: boolean name: type: string example: "'Galaxy clusters imported. 1 imported, 0 ignored, 0 failed." message: type: string example: "'Galaxy clusters imported. 1 imported, 0 ignored, 0 failed." url: type: string example: "/galaxies/import" ExportGalaxyClustersResponse: description: "Export galaxy clusters response" content: application/json: schema: oneOf: - type: array items: $ref: "#/components/schemas/GalaxyCluster" - $ref: "#/components/schemas/GalaxyMispFormat" AttachGalaxyClusterResponse: description: "Attach galaxy cluster response" content: application/json: schema: type: object properties: saved: description: "Present and `true` if the galaxy cluster was succesfully attached." type: boolean success: description: "Status message of the operation." type: string example: "Cluster attached." check_publish: type: boolean GalaxyClusterResponse: description: "Galaxy cluster by ID response" content: application/json: schema: type: object properties: GalaxyCluster: $ref: "#/components/schemas/GalaxyCluster" ExtendedGalaxyClusterResponse: description: "Extended galaxy cluster by ID response" content: application/json: schema: type: object properties: GalaxyCluster: $ref: "#/components/schemas/ExtendedGalaxyCluster" GalaxyClusterListResponse: description: "Get galaxy clusters response" content: application/json: schema: type: array items: type: object properties: GalaxyCluster: $ref: "#/components/schemas/GalaxyCluster" PublishGalaxyClusterResponse: description: "Publish galaxy cluster response" content: application/json: schema: type: object properties: message: type: string example: "Publish job queued. Job ID: 4e9d26c275a7b190fcab10029df8c6b6" UnpublishGalaxyClusterResponse: description: "Unpublish galaxy cluster response" content: application/json: schema: type: object properties: saved: type: boolean success: type: boolean name: type: string example: "GalaxyCluster unpublished" message: type: string example: "GalaxyCluster unpublished" url: type: string example: "/galaxy_clusters/publish/1" DeleteGalaxyClusterResponse: description: "Delete galaxy cluster response" content: application/json: schema: type: object properties: saved: type: boolean success: type: boolean name: type: string example: "Galaxy cluster successfuly soft deleted." message: type: string example: "Galaxy cluster successfuly soft deleted." url: type: string example: "/galaxy_clusters/delete/1" RestoreGalaxyClusterResponse: description: "Restore galaxy cluster response" content: application/json: schema: type: object properties: saved: type: boolean success: type: boolean name: type: string example: "GalaxyCluster restored" message: type: string example: "GalaxyCluster restored" url: type: string example: "/galaxy_clusters/restore/1" ResetUserPasswordResponse: description: "Reset user password response" content: application/json: schema: type: object properties: saved: type: boolean success: type: string example: "New credentials sent." UserResponse: description: "User response" content: application/json: schema: $ref: "#/components/schemas/User" UserListResponse: description: "User list response" content: application/json: schema: $ref: "#/components/schemas/UserList" ExtendedUserResponse: description: "Extended user response" content: application/json: schema: $ref: "#/components/schemas/ExtendedUser" DeleteUserResponse: description: "Delete user response" content: application/json: schema: type: object properties: saved: type: boolean success: type: boolean name: type: string example: "User deleted." message: type: string example: "User deleted." url: type: string example: "/admin/users/delete/1" DeleteUserTotpResponse: description: "Delete user TOTP response" content: application/json: schema: type: object properties: saved: type: boolean success: type: boolean name: type: string example: "User TOTP deleted." message: type: string example: "User TOTP deleted." url: type: string example: "/users/totp_delete/1" id: type: string example: "1" OrganisationResponse: description: "Organisation list response" content: application/json: schema: $ref: "#/components/schemas/Organisation" OrganisationListResponse: description: "Organisation list response" content: application/json: schema: $ref: "#/components/schemas/OrganisationList" DeleteOrganisationResponse: description: "Delete organisation response" content: application/json: schema: type: object properties: saved: type: boolean success: type: boolean name: type: string example: "Organisation deleted" message: type: string example: "Organisation deleted" url: type: string example: "/admin/organisations/delete/1" ServerResponse: description: "Server response" content: application/json: schema: type: object properties: Server: $ref: "#/components/schemas/Server" ServerListResponse: description: "Server list response" content: application/json: schema: $ref: "#/components/schemas/ServerList" DeleteServerResponse: description: "Delete server response" content: application/json: schema: type: object properties: saved: type: boolean success: type: boolean name: type: string example: "Server deleted" message: type: string example: "Server deleted" url: type: string example: "/servers/delete/1" PullServerResponse: description: "Pull server response" content: application/json: schema: type: object properties: saved: type: boolean success: type: boolean name: type: string example: "Pull queued for background execution. Job ID: 1" message: type: string example: "Pull queued for background execution. Job ID: 1" url: type: string example: "/servers/pull/1" PushServerResponse: description: "Push server response" content: application/json: schema: type: object properties: saved: type: boolean success: type: boolean name: type: string example: "Push queued for background execution. Job ID: 1" message: type: string example: "Push queued for background execution. Job ID: 1" url: type: string example: "/servers/push/1" ServerVersionResponse: description: "Server version" content: application/json: schema: type: object properties: version: type: string example: "2.4.142" perm_sync: nullable: true type: boolean perm_sighting: nullable: true type: boolean perm_galaxy_editor: nullable: true type: boolean request_encoding: type: array items: type: string enum: - "gzip" - "br" ServerPyMISPVersionResponse: description: "Server PyMISP version" content: application/json: schema: type: object properties: version: type: string example: "2.4.142" ServerSettingsResponse: description: "Server settings and diagnostics" content: application/json: schema: type: object properties: version: type: object properties: current: type: string example: "v2.4.142" newest: type: string example: "v2.4.142" upToDate: type: string example: "same" phpSettings: type: object properties: max_execution_time: $ref: "#/components/schemas/PhpServerSetting" memory_limit: $ref: "#/components/schemas/PhpServerSetting" upload_max_filesize: $ref: "#/components/schemas/PhpServerSetting" post_max_size: $ref: "#/components/schemas/PhpServerSetting" gpgStatus: type: string example: "FAIL: Failed to load GnuPG" proxyStatus: type: string example: "not configured (so not tested)" zmqStatus: type: integer example: 1 stix: type: object properties: operational: type: integer example: 1 stix: $ref: "#/components/schemas/ServerPackageVersion" cybox: $ref: "#/components/schemas/ServerPackageVersion" mixbox: $ref: "#/components/schemas/ServerPackageVersion" maec: $ref: "#/components/schemas/ServerPackageVersion" stix2: $ref: "#/components/schemas/ServerPackageVersion" pymisp: $ref: "#/components/schemas/ServerPackageVersion" moduleStatus: type: object properties: Enrichment: type: integer example: 1 Import: type: integer example: 1 Export: type: integer example: 1 Cortex: type: integer example: 1 writeableDirs: type: object example: "/tmp": 0 "/var/www/MISP/app/tmp": 0 "/var/www/MISP/app/files": 0 "/var/www/MISP/app/files/scripts/tmp": 0 writeableFiles: type: object example: "/var/www/MISP/app/Config/config.php": 0 "/var/www/MISP/.git/ORIG_HEAD": 2 readableFiles: type: object example: "/var/www/MISP/app/files/scripts/stixtest.py": 0 dbDiagnostics: type: object example: "admin_settings": "table": "admin_settings" "used": "0.03 MB" "reclaimable": "0 MB" "data_in_bytes": 16384 "index_in_bytes": 16384 "reclaimable_in_bytes": 0 "allowedlist": "table": "allowedlist" "used": "0.02 MB" "reclaimable": "0 MB" "data_in_bytes": 16384 "index_in_bytes": 0 "reclaimable_in_bytes": 0 dbSchemaDiagnostics: type: object properties: dataSource: type: string example: "Database/Mysql" actual_db_version: type: string pattern: '^\d+$' example: "68" checked_table_column: type: array items: type: string example: "column_name" diagnostic: type: object diagnostic_index: anyOf: - type: object example: "event_reports": "event_id": "message": "Column `event_id` is indexed but should not" "sql": "DROP INDEX `event_id` ON event_reports;" - type: array items: type: object example: [] expected_db_version: type: string pattern: '^\d+$' example: "70" error: type: string update_locked: type: boolean remaining_lock_time: type: number example: 0 update_fail_number_reached: type: boolean indexes: type: object example: "admin_settings": "id": true "setting": false columnPerTable: type: object example: "admin_settings": - "id" - "setting" - "value" redisInfo: type: object example: "extensionVersion": "5.1.1" "connection": true "redis_version": "5.0.7" "redis_git_sha1": 0 "redis_git_dirty": 0 "redis_build_id": "636cde3b5c7a3923" "redis_mode": "standalone" "os": "Linux 5.8.0-50-generic x86_64" "arch_bits": 64 "multiplexing_api": "epoll" "atomicvar_api": "atomic-builtin" "gcc_version": "9.2.1" "process_id": 1051 "run_id": "f894944d92c978df93a18821fb5ebe30dfd0b257" "tcp_port": 6379 "uptime_in_seconds": 327116 "uptime_in_days": 3 "hz": 10 "configured_hz": 10 "lru_clock": 10365184 "executable": "/usr/bin/redis-server" "config_file": "/etc/redis/redis.conf" "connected_clients": 18 "client_recent_max_input_buffer": 2 "client_recent_max_output_buffer": 0 "blocked_clients": 0 "used_memory": 1309488 "used_memory_human": "1.25M" "used_memory_rss": 5541888 "used_memory_rss_human": "5.29M" "used_memory_peak": 1410464 "used_memory_peak_human": "1.35M" "used_memory_peak_perc": "92.84%" "used_memory_overhead": 1200800 "used_memory_startup": 796232 "used_memory_dataset": 108688 "used_memory_dataset_perc": "21.18%" "allocator_allocated": 1480176 "allocator_active": 1896448 "allocator_resident": 5890048 "total_system_memory": 33406590976 "total_system_memory_human": "31.11G" "used_memory_lua": 41984 "used_memory_lua_human": "41.00K" "used_memory_scripts": 0 "used_memory_scripts_human": "0B" "number_of_cached_scripts": 0 "maxmemory": 0 "maxmemory_human": "0B" "maxmemory_policy": "noeviction" "allocator_frag_ratio": 1.28 "allocator_frag_bytes": 416272 "allocator_rss_ratio": 3.11 "allocator_rss_bytes": 3993600 "rss_overhead_ratio": 0.94 "rss_overhead_bytes": -348160 "mem_fragmentation_ratio": 4.24 "mem_fragmentation_bytes": 4233432 "mem_not_counted_for_evict": 0 "mem_replication_backlog": 0 "mem_clients_slaves": 0 "mem_clients_normal": 402912 "mem_aof_buffer": 0 "mem_allocator": "jemalloc-5.2.1" "active_defrag_running": 0 "lazyfree_pending_objects": 0 "loading": 0 "rdb_changes_since_last_save": 0 "rdb_bgsave_in_progress": 0 "rdb_last_save_time": 1620977919 "rdb_last_bgsave_status": "ok" "rdb_last_bgsave_time_sec": 0 "rdb_current_bgsave_time_sec": -1 "rdb_last_cow_size": 446464 "aof_enabled": 0 "aof_rewrite_in_progress": 0 "aof_rewrite_scheduled": 0 "aof_last_rewrite_time_sec": -1 "aof_current_rewrite_time_sec": -1 "aof_last_bgrewrite_status": "ok" "aof_last_write_status": "ok" "aof_last_cow_size": 0 "total_connections_received": 289 "total_commands_processed": 252747 "instantaneous_ops_per_sec": 7 "total_net_input_bytes": 12111506 "total_net_output_bytes": 1232466 "instantaneous_input_kbps": 0.36 "instantaneous_output_kbps": 0.03 "rejected_connections": 0 "sync_full": 0 "sync_partial_ok": 0 "sync_partial_err": 0 "expired_keys": 17 "expired_stale_perc": 0 "expired_time_cap_reached_count": 0 "evicted_keys": 0 "keyspace_hits": 70 "keyspace_misses": 62805 "pubsub_channels": 0 "pubsub_patterns": 0 "latest_fork_usec": 168 "migrate_cached_sockets": 0 "slave_expires_tracked_keys": 0 "active_defrag_hits": 0 "active_defrag_misses": 0 "active_defrag_key_hits": 0 "active_defrag_key_misses": 0 "role": "master" "connected_slaves": 0 "master_replid": "d5e7afcf4fd1a31e539a4eadd5caf2a7da6d121c" "master_replid2": 0 "master_repl_offset": 0 "second_repl_offset": -1 "repl_backlog_active": 0 "repl_backlog_size": 1048576 "repl_backlog_first_byte_offset": 0 "repl_backlog_histlen": 0 "used_cpu_sys": 195.014281 "used_cpu_user": 217.352183 "used_cpu_sys_children": 0.050885 "used_cpu_user_children": 0.076436 "cluster_enabled": 0 "db0": "keys=15,expires=0,avg_ttl=0" "db13": "keys=12,expires=4,avg_ttl=21265731140" finalSettings: type: array items: $ref: "#/components/schemas/MispSetting" extensions: type: object properties: cli: type: object properties: phpversion: type: string example: "7.4.3" extensions: type: object example: "json": "web_version": "7.4.3" "web_version_outdated": false "cli_version": "7.4.3" "cli_version_outdated": false "required": true "info": null workers: type: object properties: cache: $ref: "#/components/schemas/WorkersStatus" default: $ref: "#/components/schemas/WorkersStatus" email: $ref: "#/components/schemas/WorkersStatus" prio: $ref: "#/components/schemas/WorkersStatus" update: $ref: "#/components/schemas/WorkersStatus" scheduler: $ref: "#/components/schemas/WorkersStatus" proc_accessible: type: boolean controls: type: boolean StartWorkerResponse: description: "Start worker response" content: application/json: schema: type: object properties: saved: type: boolean success: type: boolean name: type: string example: "Worker start signal sent" message: type: string example: "Worker start signal sent" url: type: string example: "/servers/startWorker/email" StopWorkerResponse: description: "Stop worker response" content: application/json: schema: type: object properties: saved: type: boolean success: type: boolean name: type: string example: "Worker stop signal sent" message: type: string example: "Worker stop signal sent" url: type: string example: "/servers/startWorker/1234" KillAllWorkersResponse: description: "Kill all workers response" content: application/json: schema: type: object properties: saved: type: boolean success: type: boolean name: type: string example: "Killing workers." message: type: string example: "Killing workers." url: type: string example: "/servers/killAllWorkers" RestartWorkersResponse: description: "Restart workers response" content: application/json: schema: type: object properties: saved: type: boolean success: type: boolean name: type: string example: "Restarting workers." message: type: string example: "Restarting workers." url: type: string example: "/servers/restartWorkers" RestartDeadWorkersResponse: description: "Restart dead workers response" content: application/json: schema: type: object properties: saved: type: boolean success: type: boolean name: type: string example: "Restarting workers." message: type: string example: "Restarting workers." url: type: string example: "/servers/restartDeadWorkers" GetWorkersResponse: description: "Stop worker response" content: application/json: schema: type: object properties: cache: $ref: "#/components/schemas/WorkersStatus" default: $ref: "#/components/schemas/WorkersStatus" email: $ref: "#/components/schemas/WorkersStatus" prio: $ref: "#/components/schemas/WorkersStatus" update: $ref: "#/components/schemas/WorkersStatus" scheduler: $ref: "#/components/schemas/WorkersStatus" proc_accessible: type: boolean controls: type: boolean UpdateServerResponse: description: "Update server response" content: application/json: schema: type: object properties: results: type: array items: anyOf: - $ref: "#/components/schemas/UpdateServerResultItem" - type: string example: "Update failed, you are not on branch" CacheServerResponse: description: "Cache server response" content: application/json: schema: type: object properties: saved: type: boolean success: type: boolean name: type: string example: "Server caching job initiated." message: type: string example: "Server caching job initiated." url: type: string example: "/servers/cache" CreateSyncResponse: description: "Create server sync" content: application/json: schema: type: object properties: Server: type: object properties: url: type: string example: "https://misppriv.circl.lu" uuid: $ref: "#/components/schemas/UUID" authkey: $ref: "#/components/schemas/AuthKeyRaw" Organisation: type: object properties: name: $ref: "#/components/schemas/OrganisationName" uuid: $ref: "#/components/schemas/UUID" GetInstanceUUIDResponse: description: "Get instance UUID response" content: application/json: schema: type: object properties: uuid: $ref: "#/components/schemas/UUID" GetServerSettingResponse: description: "Get setting response" content: application/json: schema: $ref: "#/components/schemas/MispSetting" EditServerSettingResponse: description: "Edit setting response" content: application/json: schema: type: object properties: saved: type: boolean success: type: boolean name: type: string example: "Field updated" message: type: string example: "Field updated" url: type: string example: "/servers/serverSettingsEdit" SharingGroupResponse: description: "Get sharing group response" content: application/json: schema: type: object properties: SharingGroup: $ref: "#/components/schemas/SharingGroup" Organisation: $ref: "#/components/schemas/Organisation" SharingGroupOrg: type: array items: $ref: "#/components/schemas/SharingGroupOrganisation" SharingGroupServer: type: array items: $ref: "#/components/schemas/SharingGroupServer" editable: type: boolean deletable: type: boolean SharingGroupListResponse: description: "Get sharing groups response" content: application/json: schema: type: object properties: response: type: array items: $ref: "#/components/schemas/SharingGroupListItem" DeleteSharingGroupResponse: description: "Delete sharing group response" content: application/json: schema: type: object properties: saved: type: boolean success: type: boolean name: type: string example: "SharingGroup deleted" message: type: string example: "SharingGroup deleted" url: type: string example: "/sharing_groups/delete/1" AddOrganisationToSharingGroupResponse: description: "Add organisation to a sharing group response" content: application/json: schema: type: object properties: saved: type: boolean success: type: boolean name: type: string example: "Organisation added to the sharing group." message: type: string example: "Organisation added to the sharing group." url: type: string example: "/sharing_groups/addOrg" RemoveOrganisationFromSharingGroupResponse: description: "Remove organisation from a sharing group response" content: application/json: schema: type: object properties: saved: type: boolean success: type: boolean name: type: string example: "Organisation removed from the sharing group." message: type: string example: "Organisation removed from the sharing group." url: type: string example: "/sharing_groups/removeOrg" AddServerToSharingGroupResponse: description: "Add server to a sharing group response" content: application/json: schema: type: object properties: saved: type: boolean success: type: boolean name: type: string example: "Server added to the sharing group." message: type: string example: "Server added to the sharing group." url: type: string example: "/sharing_groups/addServer" RemoveServerFromSharingGroupResponse: description: "Remove server from a sharing group response" content: application/json: schema: type: object properties: saved: type: boolean success: type: boolean name: type: string example: "Server removed from the sharing group." message: type: string example: "Server removed from the sharing group." url: type: string example: "/sharing_groups/removeServer" FeedListResponse: description: "Get feeds response" content: application/json: schema: type: array items: type: object properties: Feed: $ref: "#/components/schemas/Feed" FeedResponse: description: "Get feed response" content: application/json: schema: type: object properties: Feed: $ref: "#/components/schemas/Feed" EnableFeedResponse: description: "Enable feed response" content: application/json: schema: type: object properties: name: type: string example: "Feed enabled." message: type: string example: "Feed enabled." url: type: string example: "/feeds/enable/1" DisableFeedResponse: description: "Disable feed response" content: application/json: schema: type: object properties: name: type: string example: "Feed disabled." message: type: string example: "Feed disabled." url: type: string example: "/feeds/disable/1" CacheFeedsResponse: description: "Cache feeds response" content: application/json: schema: type: object properties: name: type: string example: "Feed caching job initiated." message: type: string example: "Feed caching job initiated." url: type: string example: "/feeds/cacheFeed" FetchFromFeedResponse: description: "Fetch feed response" content: application/json: schema: type: object properties: result: type: string example: "Pull queued for background execution." FetchFromAllFeedsResponse: description: "Fetch all feeds response" content: application/json: schema: type: object properties: result: type: string example: "Pull queued for background execution." WarninglistListResponse: description: "Get warninglists response" content: application/json: schema: type: object properties: Warninglists: type: array items: type: object properties: Warninglist: $ref: "#/components/schemas/Warninglist" WarninglistToggleEnabledResponse: description: "Toggle enable warninglists response" content: application/json: schema: type: object properties: saved: type: boolean success: type: string example: "1 warninglist(s) disabled" WarninglistResponse: description: "Get warninglists response" content: application/json: schema: type: object properties: Warninglist: $ref: "#/components/schemas/Warninglist" WarninglistMatchListResponse: description: "List of values matching warninglists response" content: application/json: schema: type: object example: "10.128.0.2": - "id": "10" "name": "List of known Wikimedia address ranges" UpdateWarninglistsResponse: description: "List of values matching warninglists response" content: application/json: schema: type: object properties: saved: type: boolean success: nullable: true type: boolean name: type: string example: "Successfully updated 1 warninglists." message: type: string example: "Successfully updated 1 warninglists." url: type: string example: "/warninglists/update" NoticelistListResponse: description: "Get noticelists response" content: application/json: schema: type: array items: type: object properties: Noticelist: $ref: "#/components/schemas/Noticelist" NoticelistResponse: description: "Get noticelist response" content: application/json: schema: type: object properties: Noticelist: $ref: "#/components/schemas/Noticelist" NoticelistToggleEnableResponse: description: "Toggle enable noticelist response" content: application/json: schema: type: object properties: saved: type: boolean success: type: boolean name: type: string example: "Noticelist enabled." message: type: string example: "Noticelist enabled." url: type: string example: "/noticelists/toggleEnable/1" UpdateNoticelistsResponse: description: "Toggle enable noticelist response" content: application/json: schema: type: object properties: saved: type: boolean success: type: boolean name: type: string example: "Successfully updated 1 noticelists." message: type: string example: "Successfully updated 1 noticelists." url: type: string example: "/noticelists/update" ObjectResponse: description: "Object response" content: application/json: schema: type: object properties: Object: $ref: "#/components/schemas/Object" ExtendedObjectResponse: description: "Extended object response" content: application/json: schema: type: object properties: Object: $ref: "#/components/schemas/ExtendedObject" DeleteObjectResponse: description: "Delete object response" content: application/json: schema: type: object properties: saved: type: boolean success: type: boolean name: type: string example: "Object deleted" message: type: string example: "Object deleted" url: type: string example: "/objects/delete/1" ObjectsRestSearchResponse: description: "Rest search objects response" headers: X-Result-Count: $ref: "#/components/headers/X-Result-Count" X-Export-Module-Used: $ref: "#/components/headers/X-Export-Module-Used" X-Response-Format: $ref: "#/components/headers/X-Response-Format" content: application/json: schema: type: object properties: response: type: array items: $ref: "#/components/schemas/ObjectRestSearchList" SightingListResponse: description: "Get sightings response" content: application/json: schema: type: array items: $ref: "#/components/schemas/Sighting" SightingResponse: description: "Add sighting response" content: application/json: schema: $ref: "#/components/schemas/Sighting" DeleteSightingResponse: description: "Delete sighting response" content: application/json: schema: type: object properties: saved: type: boolean success: type: boolean name: type: string example: "Sighting successfully deleted." message: type: string example: "Sighting successfully deleted." url: type: string example: "/sightings/delete/1" TagListResponse: description: "Tag list response" content: application/json: schema: type: object properties: Tag: $ref: "#/components/schemas/TagList" TagResponse: description: "Tag response" content: application/json: schema: $ref: "#/components/schemas/Tag" DeleteTagResponse: description: "Delete tag response" content: application/json: schema: type: object properties: name: type: string example: "Tag deleted." message: type: string example: "Tag deleted." url: type: string example: "https://misppriv.circl.lu/tags/delete/1" EditTagResponse: description: "Tag response" content: application/json: schema: type: object properties: Tag: $ref: "#/components/schemas/Tag" SearchTagResponse: description: "Search tag response" content: application/json: schema: type: array items: $ref: "#/components/schemas/ExtendedTag" GetLogsResponse: description: "Get logs response" content: application/json: schema: type: array items: type: object properties: Log: $ref: "#/components/schemas/Log" GetAuthKeysResponse: description: "Get auth keys response" content: application/json: schema: type: array items: type: object properties: AuthKey: $ref: "#/components/schemas/AuthKey" User: type: object properties: id: $ref: "#/components/schemas/UserId" email: type: string format: email AddAuthKeyResponse: description: "Auth key response" content: application/json: schema: type: object properties: AuthKey: $ref: "#/components/schemas/AuthKey" AuthKeyResponse: description: "Auth key response" content: application/json: schema: type: object properties: AuthKey: $ref: "#/components/schemas/AuthKey" User: type: object properties: id: $ref: "#/components/schemas/UserId" org_id: $ref: "#/components/schemas/OrganisationId" nullable: true email: type: string format: email nullable: true DeleteAuthKeyResponse: description: "Delete auth key response" content: application/json: schema: type: object properties: saved: type: boolean success: type: boolean name: type: string example: "AuthKey deleted." message: type: string example: "AuthKey deleted." url: type: string example: "/auth_keys/delete/1234" GetUserSettingsResponse: description: "Get user settings response" content: application/json: schema: type: array items: type: object properties: UserSetting: $ref: "#/components/schemas/UserSetting" UserSettingResponse: description: "Get user setting response" content: application/json: schema: type: object properties: UserSetting: $ref: "#/components/schemas/UserSetting" DeleteUserSettingResponse: description: "Delete user setting response" content: application/json: schema: type: object properties: saved: type: boolean success: type: boolean name: type: string example: "Setting deleted." message: type: string example: "Setting deleted." url: type: string example: "/user_settings/delete/1234" GetTaxonomiesResponse: description: "Get taxonomies response" content: application/json: schema: type: array items: type: object properties: Taxonomy: $ref: "#/components/schemas/Taxonomy" total_count: type: integer description: "Amount of related tags to this taxonomy." current_count: type: integer description: "Amount of active related tags to this taxonomy." TaxonomiesResponse: description: "Get taxonomy response" content: application/json: schema: type: object properties: Taxonomy: $ref: "#/components/schemas/Taxonomy" entries: type: array items: $ref: "#/components/schemas/TaxonomyEntry" EnableTaxonomyResponse: description: "Enable taxonomy response" content: application/json: schema: type: object properties: saved: type: boolean success: type: boolean name: type: string example: "Taxonomy enabled" message: type: string example: "Taxonomy enabled" url: type: string example: "/taxonomies/enable/1234" DisableTaxonomyResponse: description: "Disable taxonomy response" content: application/json: schema: type: object properties: saved: type: boolean success: type: boolean name: type: string example: "Taxonomy disabled" message: type: string example: "Taxonomy disabled" url: type: string example: "/taxonomies/disabled/1234" UpdateTaxonomiesResponse: description: "Update taxonomies response" content: application/json: schema: type: object properties: saved: type: boolean success: type: boolean name: type: string example: "Successfully updated 120 taxonomy libraries." message: type: string example: "Successfully updated 120 taxonomy libraries." url: type: string example: "/taxonomies/update" GetTaxonomyTagsResponse: description: "Get taxonomy tags response" content: application/json: schema: type: object properties: Taxonomy: $ref: "#/components/schemas/Taxonomy" entries: type: array items: $ref: "#/components/schemas/ExtendedTaxonomyEntry" ExportTaxonomyTagsResponse: description: "Export taxonomy response" content: application/json: schema: type: object properties: namespace: $ref: "#/components/schemas/TaxonomyNamespace" description: $ref: "#/components/schemas/TaxonomyDescription" version: type: integer exclusive: type: boolean predicates: type: array items: $ref: "#/components/schemas/TaxonomyPredicateExport" values: type: array items: $ref: "#/components/schemas/TaxonomyValueExport" ApiErrorResponse: description: "Unexpected API error" content: application/json: schema: $ref: "#/components/schemas/ApiError" NotFoundApiErrorResponse: description: "The specified resource was not found" content: application/json: schema: $ref: "#/components/schemas/NotFoundApiError" NotFoundUserTotpDeleteResponse: description: "The specified resource was not found" content: application/json: schema: $ref: "#/components/schemas/NotFoundUserTotpDeleteError" UnauthorizedApiErrorResponse: description: "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header." content: application/json: schema: $ref: "#/components/schemas/UnauthorizedApiError" headers: X-Result-Count: description: Result set count schema: type: integer X-Export-Module-Used: description: Export module used schema: type: string enum: - json - xml - csv - text - download - stix - stix2 - stix-json - attack - attack-sightings - cache - count - hashes - netfilter - opendata - openioc - rpz - snort - suricata - yara - yara-json X-Response-Format: description: Response format schema: type: string enum: - json - xml - csv - text - download - stix - stix2 - stix-json - attack - attack-sightings - cache - count - hashes - netfilter - opendata - openioc - rpz - snort - suricata - yara - yara-json security: - ApiKeyAuth: []