Add syncservers pull rules

MISP · Aug 6, 2024 · 5ef80d3 · 5ef80d3
1 parent 2f24067
commit 5ef80d3
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 1 deletion.
diff --git a/core/files/configure_misp.sh b/core/files/configure_misp.sh
@@ -421,7 +421,7 @@ create_sync_servers() {
 
  # Add sync server
  echo "... adding new sync server ${NAME} with organization id ${ORG_ID}"
- JSON_DATA=$(echo "${!DATA}" | jq --arg org_id ${ORG_ID} 'del(.remote_org_uuid) | . + {remote_org_id: $org_id}')
+ JSON_DATA=$(echo "${!DATA}" | jq --arg org_id ${ORG_ID} 'del(.remote_org_uuid) | . + {remote_org_id: $org_id} | del(..|select(. == ""))')
  add_server ${BASE_URL} ${ADMIN_KEY} "$JSON_DATA" > /dev/null
  done
 }

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -148,6 +148,7 @@ services:
  "name": "${SYNCSERVERS_1_NAME}",
  "authkey": "${SYNCSERVERS_1_KEY}",
  "url": "${SYNCSERVERS_1_URL}",
+ "pull_rules": "${SYNCSERVERS_1_PULL_RULES}",
  "pull": true
  }
  # mysql settings

diff --git a/template.env b/template.env
@@ -63,6 +63,10 @@ SYNCSERVERS_1_URL=
 SYNCSERVERS_1_NAME=
 SYNCSERVERS_1_UUID=
 SYNCSERVERS_1_KEY=
+# pull rules are JSON encoded (and escaped) dictionaries
+# Example: only pull events where the analysis is complete
+# SYNCSERVERS_1_PULL_RULES='{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"{\\\"searchanalysis\\\": \\\"2\\\"}\"}'
+SYNCSERVERS_1_PULL_RULES=
 
 # optional and used to set mysql db and credentials
 # MYSQL_HOST=