Support: Add event via API doesn't add event
JTurn01 opened this issue · comments
Support Questions
I am using Postman to try and add an event to MISP. However, when I send the POST, the event doesn't come up in the event list.
I know the API URL works and authorization token is correct because I ran a GET to pull the events and the response was a list of all the events. So, nothing is wrong with networking or authorization.
MISP version
2.4.192
Operating System
Ubuntu
Operating System version
22.04
PHP version
7.4.33
Browser
No response
Browser version
No response
Relevant log output
POST: http://url:80/events/add/
Body:
{ "org_id": "1",
"distribution": "0",
"info": "test",
"orgc_id": "1",
"uuid": "39eac02b-1101-4029-b199-99162a29d027",
"date": "2024-06-03",
"published": 0,
"analysis": "0",
"attribute_count": "321",
"timestamp": "1617875568",
"sharing_group_id": "1",
"proposal_email_lock": 0,
"locked": 0,
"threat_level_id": "3",
"publish_timestamp": "0",
"sighting_timestamp": "0",
"disable_correlation": 0,
"event_creator_email": "admin@admin.test"
}
Response:
<?xml version="1.0" encoding="UTF-8"?>
<response>
<name>/events/add API description</name>
<description>POST a MISP Event JSON to this API to create an Event. Contained objects can also be included (such as attributes, objects, tags, etc).</description>
<mandatory_fields>info</mandatory_fields>
<optional_fields>threat_level_id</optional_fields>
<optional_fields>analysis</optional_fields>
<optional_fields>distribution</optional_fields>
<optional_fields>sharing_group_id</optional_fields>
<optional_fields>uuid</optional_fields>
<optional_fields>published</optional_fields>
<optional_fields>timestamp</optional_fields>
<optional_fields>date</optional_fields>
<optional_fields>Attribute</optional_fields>
<optional_fields>Object</optional_fields>
<optional_fields>Shadow_Attribute</optional_fields>
<optional_fields>EventTag</optional_fields>
<url>/events/add</url>
</response>
Extra attachments
Code of Conduct
- I agree to follow this project's Code of Conduct
You are missing the Content-Type
header, it should be application/json
.
Also, you are sending two Accept
headers, MISP is taking into account the application/xml
one and that is why you are getting an XML response, if this is not intended remove it.
Sample:
curl --location 'http://localhost:8080/events/add' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--header 'Authorization: API_AUTH_KEY' \
--data '{
"info": "foobar",
"orgc_id": 1
}'
I disabled the one header for application/xml
and already had a header for Content-Type header.
After disabling the xml header, I get the following response, which is the same result I was getting before, just in JSON format. And an event is still not created
{
"name": "/events/add API description",
"description": "POST a MISP Event JSON to this API to create an Event. Contained objects can also be included (such as attributes, objects, tags, etc).",
"mandatory_fields": [
"info"
],
"optional_fields": [
"threat_level_id",
"analysis",
"distribution",
"sharing_group_id",
"uuid",
"published",
"timestamp",
"date",
"Attribute",
"Object",
"Shadow_Attribute",
"EventTag"
],
"url": "/events/add"
}
It seems you are sending a GET
request instead of a POST
.
Issue was making the request to the http port instead of https.