Skip to main content

Create Event

Create a new event.

External Documentation

To learn more, visit the MISP documentation.

Basic Parameters

ParameterDescription
DateThe date of the event.
Distribution-
Event Creator EmailThe email of the creator of the event.
InfoInformation about the event. Max length is 65535.
Organization IDThe organisation identifier.
PublishedRepresents whether the event was published.
Sighting TimestampThe sighting timestamp.
Threat Level ID-
UUIDUUID of the event.

Advanced Parameters

ParameterDescription
AnalysisThe analysis maturity level.
Attribute CountThe attribute count.
Disable CorrelationPrevents correlation with other events.
Extended UUIDThe extended UUID.
LockedRepresents whether the event is locked.
Orgc IDThe orgc id.
Proposal Email LockRepresents whether there will be an ability to send proposal emails for the event.
Publish TimestampThe publish timestamp.
Sharing Group IDThe ID of the sharing group.
TimestampTimestamp of the event.

Example Output

{
"Event": {
"id": "12345",
"org_id": "12345",
"distribution": "0",
"info": "logged source ip",
"orgc_id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"date": "1991-01-15",
"published": false,
"analysis": "0",
"attribute_count": "321",
"timestamp": "1617875568",
"sharing_group_id": "1",
"proposal_email_lock": true,
"locked": true,
"threat_level_id": "1",
"publish_timestamp": "1617875568",
"sighting_timestamp": "1617875568",
"disable_correlation": false,
"extends_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"event_creator_email": "user@example.com",
"Feed": {
"id": "3",
"name": "CIRCL OSINT Feed",
"provider": "CIRCL",
"url": "https://www.circl.lu/doc/misp/feed-osint",
"rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
"enabled": true,
"distribution": "0",
"sharing_group_id": "1",
"tag_id": "12345",
"default": true,
"source_format": "1",
"fixed_event": true,
"delta_merge": true,
"event_id": "12345",
"publish": false,
"override_ids": true,
"settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\"\"},\"common\":{\"excluderegex\":\"\"},\"disable_correlation\":\"1\"}",
"input_source": "local",
"delete_local_file": true,
"lookup_visible": true,
"headers": "X-Custom-Header-A: Foo\nX-Custom-Header-B: Bar\n",
"caching_enabled": true,
"force_to_ids": true,
"orgc_id": "12345",
"cache_timestamp": "1617875568"
},
"Org": {
"id": "12345",
"name": "ORGNAME",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
},
"Orgc": {
"id": "12345",
"name": "ORGNAME",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
},
"Attribute": [
{
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
],
"ShadowAttribute": [
{
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
],
"RelatedEvent": [
{}
],
"Galaxy": [
{
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"name": "Ransomware",
"type": "ransomware",
"description": "Ransomware galaxy based on ...",
"version": "1",
"icon": "globe",
"namespace": "misp",
"kill_chain_order": {
"fraud-tactics": [
"Initiation",
"Target Compromise",
"Perform Fraud",
"Obtain Fraudulent Assets",
"Assets Transfer",
"Monetisation"
]
}
}
],
"Object": [
{
"id": "12345",
"name": "ail-leak",
"meta-category": "string",
"description": "string",
"template_uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"template_version": "1",
"event_id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "string",
"deleted": true,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000",
"Attribute": [
{
"id": "12345",
"event_id": "12345",
"object_id": "12345",
"object_relation": "sensor",
"category": "Internal reference",
"type": "md5",
"value": "127.0.0.1",
"to_ids": true,
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"timestamp": "1617875568",
"distribution": "0",
"sharing_group_id": "1",
"comment": "logged source ip",
"deleted": false,
"disable_correlation": false,
"first_seen": "1581984000000000",
"last_seen": "1581984000000000"
}
]
}
],
"EventReport": [
{
"id": "12345",
"uuid": "c99506a6-1255-4b71-afa5-7b8ba48c3b1b",
"event_id": "12345",
"name": "Report of the incident",
"content": "string",
"distribution": "0",
"sharing_group_id": "1",
"timestamp": "1617875568",
"deleted": false
}
],
"Tag": [
{
"id": "12345",
"name": "tlp:white",
"colour": "#ffffff",
"exportable": true,
"org_id": "12345",
"user_id": "12345",
"hide_tag": false,
"numerical_value": "12345",
"is_galaxy": true,
"is_custom_galaxy": true,
"inherited": 1
}
]
}
}

Workflow Library Example

Create Event with Misp and Send Results Via Email

Workflow LibraryPreview this Workflow on desktop