Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • 06:56
    jaszium starred MISP/MISP
  • Jan 22 20:28
    PROTechThor labeled #6897
  • Jan 22 20:28
    PROTechThor labeled #6897
  • Jan 22 20:28
    PROTechThor labeled #6897
  • Jan 22 20:28
    PROTechThor labeled #6897
  • Jan 22 20:28
    Nygaardc starred MISP/MISP
  • Jan 22 20:27
    PROTechThor unlabeled #6901
  • Jan 22 20:27
    PROTechThor unlabeled #6901
  • Jan 22 17:44
    chrisinmtown commented #6901
  • Jan 22 17:44
    chrisinmtown commented #6901
  • Jan 22 17:44
    chrisinmtown edited #6901
  • Jan 22 17:44
    chrisinmtown edited #6901
  • Jan 22 15:09
    iglocska commented #6893
  • Jan 22 15:09
    iglocska commented #6893
  • Jan 22 15:09
    iglocska commented #6893
  • Jan 22 15:09
    iglocska commented #6893
  • Jan 22 15:06
    iglocska commented #6901
  • Jan 22 15:06
    iglocska commented #6901
  • Jan 22 15:01
    iglocska commented #6901
  • Jan 22 15:01
    iglocska commented #6901
Michael
@ag-michael
facepalm How silly of me
Andras Iklody
@iglocska
;)
Michael
@ag-michael
Thank you so much @iglocska that worked!!
Andras Iklody
@iglocska
no worries!
Max H.
@8ear
Hi,
How can the installer script improved?
Edit directly or must some .tpl files edited?
Max H.
@8ear
@iglocska thanks
Anders Einar Hilden
@Kagee
MISP v2.4.136 16. december, and no release notes ?
Andras Iklody
@iglocska
oops, looks like we missed those
Andras Iklody
@iglocska
B-)
thanks for the heads-up ;)
dewu1994
@dewu1994
Hello, is there any way to add local tags via API?
I mean to assign them to events/attributes.
Andras Iklody
@iglocska

post to:
/events/addTag/[event_id]/[tag_id]/local:1

body:
{}

alternatively

post to:
/events/addTag/[event_id]/local:1

body:
{"tag": 5}

Ranis1199
@Ranis1199

Hello guys, is there any difference in type between "hostname" and "domain".

I mean I understand what does it mean, but what is the difference if I block some domain under "hostname" type and some hostname under "domain" type?

Do I need to separate these 2 types for example in the case of mining pool feeds?

dewu1994
@dewu1994
@iglocska works fine, thank you! Is there maybe also a way to apply local tags with the tag name instead of id?
Jason Kendall
@coolacid
MISP-Modules release v.2.4.146 is a typo I assume, and should probably be removed?
Andras Iklody
@iglocska
that definitely sounds like a typo lol. Off by one for the incrementing (2.4.136 + 1)
Anders Einar Hilden
@Kagee
I was woundering the same.
@coolacid I should have waited a few days to ask you to update the dockers :P
Max H.
@8ear
Is it allowed that we support a dockerfile direct in the misp/misp repo so that it fits always to current misp version?
1 reply
adulau
@adulau:matrix.circl.lu
[m]
forget about the updates.
We have already 2 repo in misp project for docker and we are actively looking for maintainers.
Max H.
@8ear

Yeah I understand but for misp-dockerized I ended only because I switched my company.
And the problem of the two extra repos are that the dockerfile itself is not part of misp/misp. So that you can version it with the tag that you deliver. So in may view the following is required:

  • dockerfile in misp/misp repo which is also added to pull request check test if this does not work it is not allowed to merge
  • additional repo like misp/docker with all the other stuff like scripts docker-compose etc. and with GitHub actions for an daily build into an hub.docker.com misp organization

If it is wanted I will maintain it. But only if I get support from you for that.
At the moment the most create their own docker container because there is nothing ready.

Max H.
@8ear
I offer this already in misp-module repo, but if we do it then with the goal of a daily builded misp/misp and misp/modules docker container at hub.docker.com.
MISP/misp-modules#468
So that my private work is directly done for all guys.
Max H.
@8ear
It looks like that misp organization is already existing https://hub.docker.com/u/misp
Max H.
@8ear
I will fork the repo and test all the things on my own namespace first.
Anders Einar Hilden
@Kagee
There is also coolacid's at https://github.com/coolacid/docker-misp
Jason Kendall
@coolacid
There is very little maintenance on mine since it's very optimized. Typically, it's bump the version and release a tag. Most bugs are edge cases, or updates in core that isn't well communicated (new requirements etc) which doesn't take long to resolve. Every MISP release is tagged separate, as well as a current. This allows enterprises to stage specific versions.
Andras Iklody
@iglocska
<3
Jason Kendall
@coolacid
My repo is managed very Specificly to be enterprise friendly, and optimized ;)
<3 you too
Now do pyMISP-STIX ;)
Andras Iklody
@iglocska
@chrisr3d is working on it (and I am sure the call-out will make him even more nervous)
Jason Kendall
@coolacid
Lol.. happy to review ;)
Jason Kendall
@coolacid
MISP/MISP#1894 - GroupBy errors, which is coming up from people using the docker images.
Einar Johnsen
@EinarJohnsen2_twitter
Hi, I have a bit of trouble uploading attachments (specifically pdfs) via the API. The misp-url/attributes/add_attachment does not seem to be an option via the API? I can use the "Upload Sample" API but it is not a malware I want to upload. Any tips? The upload attachment via the GUI does the trick, but I would like to automate it.
Andras Iklody
@iglocska
yeah you can just use /attributes/add
base64 encode the file, add it in the "data" field
and choose "attachment" as the type
so something like:
{
    "value": "myattachment.pdf",
    "category": "External analysis",
    "type": "attachment",
    "to_ids": 0,
    "data": base64_encoded_contents
}
should work
Einar Johnsen
@EinarJohnsen2_twitter
Ah, thanks for the quick reply @iglocska. I will try it out
Andras Iklody
@iglocska
no worries!

MISP/MISP#1894 - GroupBy errors, which is coming up from people using the docker images.

missed this - is it still happening with 2.4.137?

thought those were resolved :x
1 reply
Carlos Borges
@hackunagi

Hello everyone. I came to a situation where I would like to register a kind of profile of a network infrastructure. This should include since whois data (registrar, registrar email, date created, tld) to other things like hosting provider, associated mail and dns infrastructure, and things like certificate, JARM signature, etc

My question is. Theres at least two/three official objects like whois, url and ja3. Should I send a PR to update them to a newer a broader version? Or propose a new object like network-infrastructure-signature or related

1 reply
This would come in hand to
standardize an object and is structures for use by my team, but also to allow correlation between unique elements that help point to a pivot analysis