misp-events
Fetch MISP events
misp-events [profile=PROFILE] [proxy=PROXY] [duration=NUM{mon|w|d|h|m|s}] [from=yyyyMMddHHmmss] [to=yyyyMMddHHmmss] [pretty=t]
- profile=PROFILE
- Comma seperated MISP profile names
- proxy=PROXY
- Proxy server setting If not specified, send feed requests directly without proxy server. e.g. IP:PORT
- duration=NUM{mon|w|d|h|m|s}
- Scan only recent data. You should use s(second), m(minute), h(hour), d(day), mon(month) time unit. For example,
10smeans data from 10 seconds earlier. if not specified, the time is set based on from - from=yyyyMMddHHmmss
- Start time of range. yyyyMMddHHmmss format. If you omit time part, it will be padded by zero. if not specified, it is set to 00:00:00 of the command execution date.
- to=yyyyMMddHHmmss
- End time of range. yyyyMMddHHmmss format. If you omit time part, it will be padded by zero. if not specified, it is set to 00:00:00 the next day of the command execution date.
- pretty=t
- Enable human-friendly output.
Output Fields
| Field | Type | Name | Description |
|---|---|---|---|
| _time | Date | Time | Created time |
| profile | String | Connect profile | The identifier of MISP connect profile |
| event_id | Integer | Event ID | |
| guid | String | GUID | |
| info | String | Information | e.g. ThreatFox IOCs for 2023-05-25 |
| tags | List | Tags | e.g. ["type:OSINT","tlp:white"] |