Servers can be added by users via
https://<misp url>/servers/add
The Add Server Form has several input fields:
Base URL The base-url to the external server you want to sync with. Example: https://foo.sig.mil.be
Instance Name A name that will make it clear to your users what this instance is. For example: Organisation A's instance
Internal instance This checkbox will only show up if the set 'local organisation', see 5, is the same as the owning organisation of the instance the remote server is being configured on. If this flag is set, the distribution of pushed data will not be automatically downgraded. Please refer to the syncing scenarios with communities distribution section for a table overview of the differences.
Remote Sync Organisation Type MISP has several organisation "pools", one for local and one for known external organisations. When adding a synchronisation connection, you need to define the host organisation of the remote instance. Select which pool you wish to pick the organisation from using this drop-down. You also have the option of adding a new external organisation directly from this interface.
Local/Known remote Organisation Choose the organisation from the selected pool that defines the host organisation on the remote side. Make sure that the remote instance is actually run by the organisation you select. When selecting data to push, this organisation will be used to determine membership of sharing groups. As a result, this setting is very important, since selecting the wrong organisation can lead to leaking confidential data (oversharing) or sharing less than intended.
Authkey You can find the authentication key on your profile on the external server. If advanced auth keys is enabled you might have to create an auth key manually. This can be done on your profile view as well. Please refer to the automation section for more information about creating an automation key.
Push Allow the upload of events and their attributes. Only Events that match the given push rules (see 19) will be pushed to the server. Sightings and relevant galaxy clusters will not be pushed unless 'Push Sightings' and 'Push Galaxy Clusters' are enabled as well.
Pull Allow the download of events and their attributes from the server. Only data matching the given pull rules (see 20) will be pulled. Relevant galaxy clusters will not be pulled in unless the 'Pull Galaxy Clusters' checkbox is ticked as well.
Push sightings If checked, sightings will be pushed out as well on push.
Caching Enabled Allow caching of the remote server. Once cached, caching related functionalities such as server overlap analysis can be done.
Push Galaxy Clusters If checked, relevant galaxy clusters will be pushed out as well on push.
Pull Galaxy Clusters If checked, relevant galaxy clusters will be pulled in as well on push. This also enables you to do a pull for galaxy clusters only if pull, see 8, is checked as well.
Unpublish Event Unpublish the synced event. This only works on push.
Publish Without Email Publish the event without sending out an email.
Self Signed Check this if you would like to allow a connection despite the other instance using a self-signed certificate (not recommended).
Skip proxy (if applicable) Do not connect to this server using the configured proxy (if any proxy host is set in the MISP configuration).
Server certificate file You can upload a certificate file if the instance you are trying to connect to has its own signing authority. (*.pem)
Client certificate file Set a client certificate to use when connecting to this server.
Push rules Allows you to set filtering rules for data to be pushed out (tag based and organisation based). Please see rules for more info.
Pull rules Allows you to set filtering rules for data to be pulled in (tag based and organisation based). Please see rules for more info.