Skip to content

Commit

Permalink
Merge pull request #294 from Wachizungu/add-authkey-creation
Browse files Browse the repository at this point in the history
new: [Automation] add advanced authkey creation and authkey allowed I…
  • Loading branch information
adulau authored Aug 3, 2023
2 parents 17bf2b8 + fd50912 commit cf66610
Show file tree
Hide file tree
Showing 8 changed files with 34 additions and 1 deletion.
33 changes: 33 additions & 0 deletions automation/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,39 @@ The authorization is performed by using the following header:
~~~~
Authorization: YOUR API KEY
~~~~

#### Creating an automation key (using advanced authkeys)
Using the menu, go to Global Actions > My Profile and click "Auth keys" to show the auth keys view.

![Screenshot of My Profile view with Auth keys expanded](./figures/create-authkey-1.png)

The following form will be displayed:
![Screenshot of add authkey form](./figures/create-authkey-2-fill-form.png)

You can add an optional comment to indicate what the key will be used for.

You can also limit the usage of the key to specific IPs or subnets (one per line), by adding them in the Allowed IPs field. On some instances it is mandatory to set an IP allowlist. When adding subnets, please note that you need to use the format network_ip/subnet_mask .

You can optionally set an expiration time for the key.

Finally, it is also possible to make this key read-only, meaning that it will not be possible to do any changes on this instance using this automation key.

After clicking submit you will get a confirmation that the auth key was created, the key will be shown only one time.
![Screenshot showing success message that is displayed when an ip was successfully pinned for an authkey](./figures/create-authkey-3-authkey-displayed.png)

The same fields are available when editing an automation key.

#### Pinning an allowed IP for an automation key (using advanced authkeys)
MISP will keep track of the unique IPs that were seen for a specific automation key.
You can easily limit future usage of an automation key to one of the IPs that was seen in the past. To do so, using the menu, go to Global Actions > My Profile and click "Auth keys" to show the auth keys view. If the automation key was used in the past, you will see the "Seen IPs" listed per key. Click on the pin button next to the IP you want to limit usage to.

![Screenshot showing auth keys view with the pin button available for seen IPs](./figures/pin-step-1.png)
You will get a pop up requesting confirmation that you want to pin this IP for the key:

![Screenshot showing pop up which is displayed, requesting user confirmation after clicking the pin IP button](./figures/pin-step-2-confirm.png)
After confirmation, if all goes well, you will get a confirmation that the allowed IP was set for the automation key:
![Screenshot showing success message that is displayed when an ip was successfully pinned for an authkey](./figures/pin-step-3-success-message.png)

### Accept and Content-Type headers

When performing your request, depending on the type of request, you might need to explicitly specify in what content type you want to get your results. This is done by setting one of the below Accept headers:
Expand Down
Binary file added automation/figures/create-authkey-1.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added automation/figures/pin-step-1.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added automation/figures/pin-step-2-confirm.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
2 changes: 1 addition & 1 deletion sharing/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,7 @@ MISP has several organisation "pools", one for local and one for known external
Choose the organisation from the selected pool that defines the host organisation on the remote side. Make sure that the remote instance is actually run by the organisation you select. When selecting data to push, this organisation will be used to determine membership of sharing groups. As a result, this setting is very important, since selecting the wrong organisation can lead to leaking confidential data (oversharing) or sharing less than intended.

6. **Authkey**
You can find the authentication key on your profile on the external server. If advanced auth keys is enabled you might have to create an auth key manually. This can be done on your profile view as well.
You can find the authentication key on your profile on the external server. If advanced auth keys is enabled you might have to create an auth key manually. This can be done on your profile view as well. Please refer to the [automation](../automation/README.md) section for more information about creating an automation key.

7. **Push**
Allow the upload of events and their attributes. Only Events that match the given push rules (see 19) will be pushed to the server. Sightings and relevant galaxy clusters will not be pushed unless 'Push Sightings' and 'Push Galaxy Clusters' are enabled as well.
Expand Down

0 comments on commit cf66610

Please sign in to comment.