Get Event by Id

6 min

description retrieve detailed information for a specific event in misp by providing the unique event id endpoint url events/view/{{eventid}} method get inputs path parameters (object) – required eventid (string) – required headers (object) – required accept (string) – required content type (string) – required output example \[ { "event" { "id" "12345", "org id" "12345", "distribution" "0", "info" "logged source ip", "orgc id" "12345", "uuid" "c99506a6 1255 4b71 afa5 7b8ba48c3b1b", "date" "1991 01 15", "published" false, "analysis" "0", "attribute count" "321", "timestamp" "1617875568", "sharing group id" "1", "proposal email lock" true, "locked" true, "threat level id" "1", "publish timestamp" "1617875568", "sighting timestamp" "1617875568", "disable correlation" false, "extends uuid" "c99506a6 1255 4b71 afa5 7b8ba48c3b1b", "event creator email" "user\@example com", "feed" { "id" "3", "name" "circl osint feed", "provider" "circl", "url" "https //www circl lu/doc/misp/feed osint", "rules" "{\\"tags\\" {\\"or\\" \[],\\"not\\" \[]},\\"orgs\\" {\\"or\\" \[],\\"not\\" \[]},\\"url params\\" \\"\\"}", "enabled" true, "distribution" "0", "sharing group id" "1", "tag id" "12345", "default" true, "source format" "1", "fixed event" true, "delta merge" true, "event id" "12345", "publish" false, "override ids" true, "settings" "{\\"csv\\" {\\"value\\" \\"\\",\\"delimiter\\" \\"\\"},\\"common\\" {\\"excluderegex\\" \\"\\"},\\"disable correlation\\" \\"1\\"}", "input source" "local", "delete local file" true, "lookup visible" true, "headers" "x custom header a foo\nx custom header b bar\n", "caching enabled" true, "force to ids" true, "orgc id" "12345", "cache timestamp" "1617875568" }, "org" { "id" "12345", "name" "orgname", "uuid" "c99506a6 1255 4b71 afa5 7b8ba48c3b1b" }, "orgc" { "id" "12345", "name" "orgname", "uuid" "c99506a6 1255 4b71 afa5 7b8ba48c3b1b" }, "attribute" \[ { "id" "12345", "event id" "12345", "object id" "12345", "object relation" "sensor", "category" "internal reference", "type" "md5", "value" "127 0 0 1", "to ids" true, "uuid" "c99506a6 1255 4b71 afa5 7b8ba48c3b1b", "timestamp" "1617875568", "distribution" "0", "sharing group id" "1", "comment" "logged source ip", "deleted" false, "disable correlation" false, "first seen" "1581984000000000", "last seen" "1581984000000000" } ], "shadowattribute" \[ { "id" "12345", "event id" "12345", "object id" "12345", "object relation" "sensor", "category" "internal reference", "type" "md5", "value" "127 0 0 1", "to ids" true, "uuid" "c99506a6 1255 4b71 afa5 7b8ba48c3b1b", "timestamp" "1617875568", "distribution" "0", "sharing group id" "1", "comment" "logged source ip", "deleted" false, "disable correlation" false, "first seen" "1581984000000000", "last seen" "1581984000000000" } ], "relatedevent" \[ {} ], "galaxy" \[ { "id" "12345", "uuid" "c99506a6 1255 4b71 afa5 7b8ba48c3b1b", "name" "ransomware", "type" "ransomware", "description" "ransomware galaxy based on ", "version" "1", "icon" "globe", "namespace" "misp", "kill chain order" { "fraud tactics" \[ "initiation", "target compromise", "perform fraud", "obtain fraudulent assets", "assets transfer", "monetisation" ] } } ], "object" \[ { "id" "12345", "name" "ail leak", "meta category" "string", "description" "string", "template uuid" "c99506a6 1255 4b71 afa5 7b8ba48c3b1b", "template version" "1", "event id" "12345", "uuid" "c99506a6 1255 4b71 afa5 7b8ba48c3b1b", "timestamp" "1617875568", "distribution" "0", "sharing group id" "1", "comment" "string", "deleted" true, "first seen" "1581984000000000", "last seen" "1581984000000000", "attribute" \[ { "id" "12345", "event id" "12345", "object id" "12345", "object relation" "sensor", "category" "internal reference", "type" "md5", "value" "127 0 0 1", "to ids" true, "uuid" "c99506a6 1255 4b71 afa5 7b8ba48c3b1b", "timestamp" "1617875568", "distribution" "0", "sharing group id" "1", "comment" "logged source ip", "deleted" false, "disable correlation" false, "first seen" "1581984000000000", "last seen" "1581984000000000" } ] } ], "eventreport" \[ {} ], "tag" \[ { "id" "12345", "name" "tlp\ white", "colour" "#ffffff", "exportable" true, "org id" "12345", "user id" "12345", "hide tag" false, "numerical value" "12345", "is galaxy" true, "is custom galaxy" true, "inherited" 1 } ] } } ] output parameters event (object) id (string) org id (string) distribution (string) info (string) orgc id (string) uuid (string) date (string) published (boolean) analysis (string) attribute count (string) timestamp (string) sharing group id (string) proposal email lock (boolean) locked (boolean) threat level id (string) publish timestamp (string) sighting timestamp (string) disable correlation (boolean) extends uuid (string) event creator email (string) feed (object) id (string) name (string) provider (string) url (string) rules (string) enabled (boolean) distribution (string) sharing group id (string) tag id (string) default (boolean) source format (string) fixed event (boolean) delta merge (boolean) event id (string) publish (boolean) override ids (boolean) settings (string) input source (string) delete local file (boolean) lookup visible (boolean) headers (string) caching enabled (boolean) force to ids (boolean) orgc id (string) cache timestamp (string) org (object) id (string) name (string) uuid (string) orgc (object) id (string) name (string) uuid (string) attribute (array) id (string) event id (string) object id (string) object relation (string) category (string) type (string) value (string) to ids (boolean) uuid (string) timestamp (string) distribution (string) sharing group id (string) comment (string) deleted (boolean) disable correlation (boolean) first seen (string) last seen (string) shadowattribute (array) id (string) event id (string) object id (string) object relation (string) category (string) type (string) value (string) to ids (boolean) uuid (string) timestamp (string) distribution (string) sharing group id (string) comment (string) deleted (boolean) disable correlation (boolean) first seen (string) last seen (string) relatedevent (array) galaxy (array) id (string) uuid (string) name (string) type (string) description (string) version (string) icon (string) namespace (string) kill chain order (object) fraud tactics (array) object (array) id (string) name (string) meta category (string) description (string) template uuid (string) template version (string) event id (string) uuid (string) timestamp (string) distribution (string) sharing group id (string) comment (string) deleted (boolean) first seen (string) last seen (string) attribute (array) id (string) event id (string) object id (string) object relation (string) category (string) type (string) value (string) to ids (boolean) uuid (string) timestamp (string) distribution (string) sharing group id (string) comment (string) deleted (boolean) disable correlation (boolean) first seen (string) last seen (string) eventreport (array) tag (array) id (string) name (string) colour (string) exportable (boolean) org id (string) user id (string) hide tag (boolean) numerical value (string) is galaxy (boolean) is custom galaxy (boolean) inherited (number)

Get Count of Attributes by Category

Get Events