-
MISP to Cribl via Rest API Collector
Hi Community, Could anyone please help me configure MISP with Cribl via the Rest API collector. The 'x-rapidapi-key' is the MISP api key of the admin user the same api i gave in token attribute section and authentication I'm using username and password of the admin. Thanks in advance,
-
REST Collector - complete variable reference
Hi everyone, I can't find a complete list of available variables to use in the REST collector configuration. I only know those that are embedded in the documentation (for example, ${earliest}). Is there a complete reference table which I may have overlooked?
-
REST Collector Strategies - pull all events since last run
Hi, for most of my SaaS services, I have to use the REST collector to pull events periodically, as they do not support sending their events directly into Cribl. I wonder what the recommended strategy is to ensure that all events are getting collected. What schedule is common to run the REST collector on? every few hours or…
-
Data collected using REST Collector getting appended in a single file, how to resolve?
TLDR : JSON Collected from API, parsed through Pipeline, should have three JSON files in S3, but have two where one file have 2 JSON object appended, need help to find out the reason Hi All, At first, I want to say, no this is not an event breaker issue, as much as my understanding. Let me explain. I am trying to get some…
-
Pagination of REST Collector discover results
Dear Cribl Community, Is there a way to paginate the DISCOVER (HTTP Request) stage results when using the REST API collector. The COLLECT stage has pagination parameters, but I can't figure out how to paginate discover results. Thanks! Regards, Justas
-
Move REST Collectors from one worker group to another
I would like to move 15-20 REST collectors from one worker group to another. For routes/pipelines, I just copy and then switch groups and paste but the copy function isn't available in REST collectors. Any suggestions on how to move a REST collector?
-
Assistance with a REST collector
I used a standalone test box to get my REST collector working like I wanted. authentication, discover and collect worked great. When I moved it into my distributed environment, it errors out but does pull in some events. The discovery and collect phases are distrubuted across my 5 workers. It seems like the authentication…