Support: Fetching Suricata rules : unable to filter
VLFrank opened this issue · comments
Support Questions
When trying to fetch suricata rules I am unable to filter on events or tags I always get the rules for everything we have in the MISP .
when I curl on those :
https://MISP/events/nids/suricata/download/11111
https://MISP/events/nids/suricata/download/false/false/test
They both create the same file that has way to much stuff in them .
Any Idea what I am doing wrong ?
MISP version
2.4.188
Operating System
Ubuntu
Operating System version
20.04
PHP version
7.4.33
Browser
No response
Browser version
No response
Relevant log output
No response
Extra attachments
No response
Code of Conduct
- I agree to follow this project's Code of Conduct
Use the ReST API, it's more complete and convenient.
https://www.misp-project.org/openapi/#tag/Attributes/operation/restSearchAttributes
The thing is Suricata-update ask for an URL that why I have tried that way .
You mean this tool https://github.com/OISF/suricata-update you can specify additional rules (https://github.com/OISF/suricata-update?tab=readme-ov-file#suricata-configuration) and generate those from the ReST API.
The thing is Suricata-update ask for an URL that why I have tried that way .
I used this to send the rules to suricata here i have a timestamp of 7d but you can change it to whatever you want .
https://change_to_your_url/attributes/restSearch/returnFormat:suricata/publish_timestamp:7d
I recommend you to follow this documentaiton it helped me a lot
https://www.circl.lu/doc/misp/automation/
I have solved my Issue by fetching the IOC raw (not as suricata rules) from the API and then putting them in a dataset in suricata .