Hi ansusabu, My question is about the "other" field. When I initiate the query, MISP returns all attributes or events independent of the value I am looking for. In the MISP audit logs, I don't see any parameters passed with the request to the Rest API. Have you encountered such an issue or any suggestions to get it working?  Best regards, Yanko ... View more

Hi dewu94, Have you managed to get it working? I experience the same issue and whatever I put in the other field, I always get all events or all attributes. I have checked MISP audit logs and no parameter is specified in the request to pass to the rest API. I don't understand how others use it as I couldn't find a proper documentation. Best regards, Yanko ... View more

Hi stephanedeck, could you please specify what do you mean by making a loop with a local output file? Have you copied the contents of the default/outputs.conf file into local/outputs.conf file? Answer is much appreciated ... View more

Hi plimon, Could you share your experience while upgrading from ES 4.7.4 to 5.2.2? Did you follow the incremental approach or upgraded directly to the latest? In the documentation that Luke shared, it actually says "Splunk Enterprise Security supports upgrading from version 4.5.x or later to 5.2.2" ... View more