{ "exercise": { "description": "Simple Data Creation: Creation of an Event using the API", "expanded": "Simple Data Creation: Creation of an Event using the API", "meta": { "author": "MISP Project", "level": "beginner", "priority": 1 }, "name": "Simple Data Creation Via the API", "namespace": "data-model", "tags": [ "exercise:software-scope=\"misp\"", "state:production" ], "total_duration": "7200", "uuid": "29324587-db6c-4a73-a209-cf8c79871629", "version": "20240624" }, "inject_flow": [ { "description": "Event Creation", "inject_uuid": "a6b5cf88-ba93-4c3f-8265-04e00d53778e", "reporting_callback": [], "requirements": {}, "sequence": { "completion_trigger": [ "time_expiration", "completion" ], "followed_by": [ "00275360-d84a-4ce7-84fc-98baefd13776" ], "trigger": [ "startex" ] }, "timing": { "triggered_at": null } }, { "description": "Attributes Creation", "inject_uuid": "00275360-d84a-4ce7-84fc-98baefd13776", "reporting_callback": [], "requirements": { "inject_uuid": "a6b5cf88-ba93-4c3f-8265-04e00d53778e", "resolution_requirement": "MISP Event created" }, "sequence": { "completion_trigger": [ "time_expiration", "completion" ], "followed_by": [ "be1c3d25-e0df-4492-bdc1-f2e825194ef3" ], "trigger": [ ] }, "timing": { "triggered_at": null } }, { "description": "Object Creation", "inject_uuid": "be1c3d25-e0df-4492-bdc1-f2e825194ef3", "reporting_callback": [], "requirements": { "inject_uuid": "a6b5cf88-ba93-4c3f-8265-04e00d53778e", "resolution_requirement": "MISP Event created" }, "sequence": { "completion_trigger": [ "time_expiration", "completion" ], "followed_by": [ "cf149a8c-5601-4eec-aea3-5142170d309b" ], "trigger": [ ] }, "timing": { "triggered_at": null } }, { "description": "Edition to `org-only`", "inject_uuid": "cf149a8c-5601-4eec-aea3-5142170d309b", "reporting_callback": [], "requirements": { "inject_uuid": "00275360-d84a-4ce7-84fc-98baefd13776", "resolution_requirement": "MISP Attributes created" }, "sequence": { "completion_trigger": [ "time_expiration", "completion" ], "followed_by": [ "b4a8c490-4f0a-4a33-bee1-044b9f659e83" ], "trigger": [ ] }, "timing": { "triggered_at": null } }, { "description": "Tagging `tlp:green`", "inject_uuid": "b4a8c490-4f0a-4a33-bee1-044b9f659e83", "reporting_callback": [], "requirements": { "inject_uuid": "00275360-d84a-4ce7-84fc-98baefd13776", "resolution_requirement": "MISP Attributes created" }, "sequence": { "completion_trigger": [ "time_expiration", "completion" ], "trigger": [ ] }, "timing": { "triggered_at": null } } ], "inject_payloads": [ ], "injects": [ { "action": "event_creation", "inject_evaluation": [ { "parameters": [ { ".Event.info": { "comparison": "contains", "values": [ "event", "API" ] } } ], "result": "MISP Event created", "evaluation_strategy": "data_filtering", "evaluation_context": { "request_is_rest": true }, "score_range": [ 0, 20 ] } ], "name": "Event Creation", "target_tool": "MISP", "uuid": "a6b5cf88-ba93-4c3f-8265-04e00d53778e" }, { "action": "attribute_creation", "inject_evaluation": [ { "parameters": [ { ".Event.info": { "comparison": "contains", "values": [ "event", "API" ] } }, { ".Event.Attribute": { "comparison": "contains", "values": [ { "type": "ip-dst", "value": "" }, { "type": "domain", "value": "evil.com" }, { "type": "filename", "value": "evil.exe" } ] } } ], "result": "MISP Attributes created", "evaluation_strategy": "data_filtering", "evaluation_context": { "request_is_rest": true }, "score_range": [ 0, 30 ] } ], "name": "Attributes Creation", "target_tool": "MISP", "uuid": "00275360-d84a-4ce7-84fc-98baefd13776" }, { "action": "object_creation", "inject_evaluation": [ { "parameters": [ { ".Event.info": { "comparison": "contains", "values": [ "event", "API" ] } }, { ".Event.Object": { "comparison": "contains", "values": [ { "name": "domain-ip", "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734" } ] } } ], "result": "MISP Object created`", "evaluation_strategy": "data_filtering", "evaluation_context": { "request_is_rest": true }, "score_range": [ 0, 10 ] }, { "parameters": [ { ".Event.info": { "comparison": "contains", "values": [ "event", "API" ] } }, { ".Event.Object[name=\"domain-ip\"].Attribute": { "comparison": "contains", "values": [ { "object_relation": "ip", "value": "" }, { "object_relation": "domain", "value": "foobar.baz" }, { "object_relation": "text", "value": "Classified information" } ] } } ], "result": "MISP Object's Attributes created`", "evaluation_strategy": "data_filtering", "evaluation_context": { "request_is_rest": true }, "score_range": [ 0, 10 ] } ], "name": "Object Creation", "target_tool": "MISP", "uuid": "be1c3d25-e0df-4492-bdc1-f2e825194ef3" }, { "action": "edition_org_only", "inject_evaluation": [ { "parameters": [ { ".Event.info": { "comparison": "contains", "values": [ "event", "API" ] } }, { ".Event.Attribute": { "comparison": "contains", "values": [ { "type": "ip-dst", "value": "", "distribution": 0 } ] } } ], "result": "MISP Edition `org-only` done", "evaluation_strategy": "data_filtering", "evaluation_context": { "request_is_rest": true }, "score_range": [ 0, 10 ] } ], "name": "Edition to `org-only`", "target_tool": "MISP", "uuid": "cf149a8c-5601-4eec-aea3-5142170d309b" }, { "action": "tagging_tlp_green", "inject_evaluation": [ { "parameters": [ { ".Event.info": { "comparison": "contains", "values": [ "event", "API" ] } }, { ".Event.Attribute": { "comparison": "contains", "values": [ { "type": "ip-dst", "value": "", "distribution": 0 } ] } }, { ".Event.Attribute[value=\"\"].Tag": { "JQ": "jq '.Event.Attribute[] | select(.value == \"\") | .Tag'", "comparison": "contains", "values": [ { "name": "tlp:green" } ] } } ], "result": "MISP Tagging `tlp:green` done", "evaluation_strategy": "data_filtering", "evaluation_context": { "request_is_rest": true }, "score_range": [ 0, 20 ] } ], "name": "Tagging `tlp:green`", "target_tool": "MISP", "uuid": "b4a8c490-4f0a-4a33-bee1-044b9f659e83" } ] }