misp-attributes
Fetch MISP attributes.
misp-attributes [profile=PROFILE] [proxy=PROXY] [duration=NUM{mon|w|d|h|m|s}] [from=yyyyMMddHHmmss] [to=yyyyMMddHHmmss] [type=TYPE]
- profile=PROFILE
- Comma seperated MISP profile names.
- proxy=PROXY
- Proxy server setting If not specified, send feed requests directly without proxy server. e.g. IP:PORT
- duration=NUM{mon|w|d|h|m|s}
- Scan only recent data. You should use s(second), m(minute), h(hour), d(day), mon(month) time unit. For example,
10smeans data from 10 seconds earlier. if not specified, the time is set based on from - from=yyyyMMddHHmmss
- Start time of range. yyyyMMddHHmmss format. If you omit time part, it will be padded by zero. if not specified, it is set to 00:00:00 of the command execution date.
- to=yyyyMMddHHmmss
- End time of range. yyyyMMddHHmmss format. If you omit time part, it will be padded by zero. if not specified, it is set to 00:00:00 the next day of the command execution date.
- type=TYPE
- Find by MISP attribute types. Use comma separated names.
Output Fields
| Field | Type | Name | Description |
|---|---|---|---|
| _time | Date | Time | Created time |
| profile | String | Connect profile | The identifier of MISP connect profile |
| event_id | Integer | Event ID | |
| attr_id | Integer | Attribute ID | |
| category | String | Category | e.g. Network activity, Payload delivery |
| attr_type | String | Attribute type | e.g. domain, ip-src, ip-dst, url, md5, sha256 |
| value | String | Attribute value | e.g. sapocijo.xyz |
| comment | String | Comment | |
| event_guid | String | Event GUID | |
| attr_guid | String | Attribute GUID |