You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello, we are currently trying to use the MISP API more and more and want to know if the following behaviour is expected?
We are trying to get all IOC with the following types from MISP to MISP42 App in Splunk
| mispgetioc misp_instance=default_misp last=1d type="sha256,domain,ip-dst,text"
All our feeds regarding IP Reputation where initially setup on 02.07.2023
and they get updated daily since then
but when we use the following API Call:
| mispgetioc misp_instance=default_misp last=1d type="sha256,domain,ip-dst,text"
we get nothing only when we enter for last=410d
is this expected?
With date instead we get the expected result?
| mispgetioc misp_instance=default_misp date=mm-dd-yyyy type="sha256,domain,ip-dst,text"
We have MISP version 2.4.185 installed
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hello, we are currently trying to use the MISP API more and more and want to know if the following behaviour is expected?
We are trying to get all IOC with the following types from MISP to MISP42 App in Splunk
| mispgetioc misp_instance=default_misp last=1d type="sha256,domain,ip-dst,text"
All our feeds regarding IP Reputation where initially setup on 02.07.2023
![datemisp42](https://private-user-images.githubusercontent.com/90552473/316758748-97558b21-2df0-4f56-929d-8eb105d599f0.PNG?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTg1MTY4MzQsIm5iZiI6MTcxODUxNjUzNCwicGF0aCI6Ii85MDU1MjQ3My8zMTY3NTg3NDgtOTc1NThiMjEtMmRmMC00ZjU2LTkyOWQtOGViMTA1ZDU5OWYwLlBORz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA2MTYlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNjE2VDA1NDIxNFomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTM3ZmFmZThmMDQxODYyNTJmNjY5MzcyN2MyNjgwN2E0MjhiMzExMDg0ZGE5MTgyNjJmNjU2YTY0OGE4NTMxODgmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.yGYgaq0lUwttppJCgxVY6kz2FcLL5UU4UfYjPMLrSag)
and they get updated daily since then
![datemisp42I](https://private-user-images.githubusercontent.com/90552473/316757406-1aef3293-40d2-4c36-a2de-0d293db2b01e.PNG?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTg1MTY4MzQsIm5iZiI6MTcxODUxNjUzNCwicGF0aCI6Ii85MDU1MjQ3My8zMTY3NTc0MDYtMWFlZjMyOTMtNDBkMi00YzM2LWEyZGUtMGQyOTNkYjJiMDFlLlBORz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA2MTYlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNjE2VDA1NDIxNFomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTViZGI3NGQ0MzlkZGY3NzM5NWQzNDkxNmUwNzgzYzI4Y2I2YzRmMjc4ZWJiZGI0ZTcwNWI4ZWI5YWM0Yjc0ZTcmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.n-2KTNYC51yJVyDh7Q4YYHvsIOd9CiKPkNf01cpxVFA)
but when we use the following API Call:
| mispgetioc misp_instance=default_misp last=1d type="sha256,domain,ip-dst,text"
we get nothing only when we enter for last=410d
is this expected?
With date instead we get the expected result?
| mispgetioc misp_instance=default_misp date=mm-dd-yyyy type="sha256,domain,ip-dst,text"
We have MISP version 2.4.185 installed
Beta Was this translation helpful? Give feedback.
All reactions