MISP API with MISP42 App in Splunk / Expected behaviour? #9644
Unanswered
waldeckerthefirst
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hello, we are currently trying to use the MISP API more and more and want to know if the following behaviour is expected?
We are trying to get all IOC with the following types from MISP to MISP42 App in Splunk
| mispgetioc misp_instance=default_misp last=1d type="sha256,domain,ip-dst,text"
All our feeds regarding IP Reputation where initially setup on 02.07.2023
and they get updated daily since then
but when we use the following API Call:
| mispgetioc misp_instance=default_misp last=1d type="sha256,domain,ip-dst,text"
we get nothing only when we enter for last=410d
is this expected?
With date instead we get the expected result?
| mispgetioc misp_instance=default_misp date=mm-dd-yyyy type="sha256,domain,ip-dst,text"
We have MISP version 2.4.185 installed
Beta Was this translation helpful? Give feedback.
All reactions