Add syncservers pull rules

Author: ostefano

core/files/configure_misp.sh

@@ -421,7 +421,7 @@ create_sync_servers() {
 
         # Add sync server
         echo "... adding new sync server ${NAME} with organization id ${ORG_ID}"
-        JSON_DATA=$(echo "${!DATA}" | jq --arg org_id ${ORG_ID} 'del(.remote_org_uuid) | . + {remote_org_id: $org_id}')
+        JSON_DATA=$(echo "${!DATA}" | jq --arg org_id ${ORG_ID} 'del(.remote_org_uuid) | . + {remote_org_id: $org_id} | del(..|select(. == ""))')
         add_server ${BASE_URL} ${ADMIN_KEY} "$JSON_DATA" > /dev/null
     done
 }

docker-compose.yml

@@ -148,6 +148,7 @@ services:
           "name": "${SYNCSERVERS_1_NAME}",
           "authkey": "${SYNCSERVERS_1_KEY}",
           "url": "${SYNCSERVERS_1_URL}",
+          "pull_rules": "${SYNCSERVERS_1_PULL_RULES}",
           "pull": true
         }
       # mysql settings

template.env

@@ -63,6 +63,10 @@ SYNCSERVERS_1_URL=
 SYNCSERVERS_1_NAME=
 SYNCSERVERS_1_UUID=
 SYNCSERVERS_1_KEY=
+# pull rules are JSON encoded (and escaped) dictionaries
+# Example: only pull events where the analysis is complete
+# 	SYNCSERVERS_1_PULL_RULES='{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"{\\\"searchanalysis\\\": \\\"2\\\"}\"}'
+SYNCSERVERS_1_PULL_RULES=
 
 # optional and used to set mysql db and credentials
 # MYSQL_HOST=