by

Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • 03:55
    chvishnu labeled #6189
  • 03:55
    chvishnu labeled #6189
  • 03:55
    chvishnu labeled #6189
  • 03:55
    chvishnu opened #6189
  • 03:55
    chvishnu labeled #6189
  • 03:55
    chvishnu opened #6189
  • 03:54
    chvishnu labeled #6188
  • 03:54
    chvishnu labeled #6188
  • 03:54
    chvishnu labeled #6188
  • 03:54
    chvishnu labeled #6188
  • 03:54
    chvishnu opened #6188
  • 03:54
    chvishnu opened #6188
  • 03:18
    imidoriya commented #614
  • 03:18
    imidoriya commented #614
  • 03:00
    imidoriya commented #614
  • 03:00
    imidoriya commented #614
  • 02:23
    JKD32332 commented #6187
  • 02:23
    JKD32332 commented #6187
  • 02:20
    JKD32332 commented #6182
  • 02:20
    JKD32332 commented #6182
Michael
@ag-michael
@krishnamohan152 try running the right python version explicitly like sudo python3 -m pip install git+https://github.com/MISP/MISP-STIX-Converter.git
Eugene
@4ekin
Hi all! What version of cortex does correctly work with MISP?
I've install with docker cortex:3.0.0-RC4 and when I try to enrich some data with cortex it returns JSON to value field
Eugene
@4ekin
Ok, i've found that cortex can extract observables itself and return to MISP not only raw JSON
mathurin68
@mathurin68
Does anyone on here know of a good python program to extract ioc's from pdf? The best one I've seen is https://github.com/armbues/ioc_parser but that doesn't seem to work with python3
Filip Šuster
@sustefil

Hi there, does anybody know why simple pymisp search to one day back takes excessive time (>10 minutes) and memory (>5 GB)? I even put an index on the timestamp, but didnt help. We have quite big instance (>1 000 000 events), but still, this should be fast IMO

pymisp.search(timestamp=1595509713)

batikhOps
@batikhOps
Hi all! Quick question. I'm trying to query the virustotal module from the API using the following curl command: curl http://127.0.0.1:6666/query -H "Content-Type: application/json" --data @body.json -X POST. However, i get the following error: "error": "Something went wrong, look in the server logs for details." Checking the server logs, I see the following error: KeyError: 'attribute'. Any idea how to handle this?
Michael
@ag-michael
is event.info the only/ideal place to put description of the event (paragraph) ?
Michael
@ag-michael
also, is it possible using the api to set organization at the attribute level?
Jason Kendall
@coolacid
2.4.129 is 2 weeks without a writeup posted to Github ;)
Joao Paulo A. F.
@JoaoPauloF

Hello guys! I would like to know if someone could help me.

I am trying to integrate MISP with IDefense, from Accenture. Does anyone knows how to do that? Or anyone faced a similar integration?

Michael
@ag-michael
Added a few features I needed and did a PR: MISP/MISP-STIX-Converter#40
If anyone else uses a threatconnect feed, let me know what you think. Even for open feeds like alienvault, the information source and other details were not being included which made working with the events when having a sighting difficult (e.g.: references and description)
Jesse Hedden
@jagrvargen
Greetings, I PRed a MISP expansion module 3-4 weeks ago and was curious about the release cycles of the MISP modules. Does anyone know when I can expect the next release/how often releases are made? Thank you!
TIRUMALA KRISHNA MOHAN G
@krishnamohan152
image.png

Hi all,

@ag-michael thanks for helping me to resolve the previous issue.

And currently, I am trying to pull manually the feeds and getting the following error and check with rest of the settings and it looks fine.

Kindly help me out.

Michael
@ag-michael
@krishnamohan152 Looks like you have a connection issue, firewall/proxy preventing feeds from being pulled? can you curl them? MISP/Support might be a better room
Michael
@ag-michael
is misp-taxii-server maintained?
TIRUMALA KRISHNA MOHAN G
@krishnamohan152
Hey
I set the proxy and now it is working fine
Mark Arena
@markarenaau_twitter
hi all
We (Intel 471) are about to roll out a freemium of Malware Intelligence for MISP users. It provides near real-time coverage (feeds of IOCs, malware reports etc) from Emotet, Vidar and AZORult. Looking for some beta testers but need a two-way NDA signed for that. Let me know if you'd be interested
Will roll out for everyone else post beta testing done
Michael
@ag-michael
@markarenaau_twitter There are similar feeds on Alienvault, might help to differentiate yours
Mark Arena
@markarenaau_twitter
Thanks
davehouser1
@davehouser1
I am having difficulty installing a new misp enrichment module, are there clear instructions someone can share on how to accomplish this task?
student2work
@student2work
Hi , is there any way to customize the add event form (Like adding some more info)?
vpiserchia
@vpiserchia
hello all, question, there is a way to push all stix packages from the same collection in a single MISP event? does that make sense at all?
芭蕉大象
@yoloyanng
Hey,guys I have installed the misp-dashboard and it is running, but there is nothing. whats the problems, the config is wrong? or the misp instance?
vpiserchia
@vpiserchia
if I use the pymisp API and I want to remove all the attributes of my events, what is the best way to do that pls?

I'm doing this way, but it does not seem to work:

if misp_event.attributes:

        # Mark attribute as deleted (aka soft deletion)
        map(lambda a: a.delete(), misp_event.attributes)
        map(lambda a: misp.delete_attribute(a.id), misp_event.attributes)

not sure about the second "map", as after I do:

misp.update_event(misp_event.id, misp_event)

if misp_event.attributes:
        # Mark attribute as deleted (aka soft deletion)
        map(lambda a: a.delete(), misp_event.attributes)
        map(lambda a: misp.delete_attribute(a.id), misp_event.attributes)
not sure about the second "map", as after I do:
misp.update_event(misp_event.id, misp_event)
vpiserchia
@vpiserchia
ok found, map is a generator, you need to run over it to make it working. for example with:
list(map(lambda a: a.delete(), misp_event.attributes))
芭蕉大象
@yoloyanng
hello, how could I get the history data by the Feed
rbnor
@rbnor
hey
vpiserchia
@vpiserchia
hello all, anyone can explain me why I'm not able to update a MISP event with new attributes?
I'm using pymisp with the misp.update_event call, but it does not seem to work, and I see nothing on the logs
some guidelines on where to check will be more than appreciated
vpiserchia
@vpiserchia
I'm trying to push event with hundreds attribute, can this be the problem:
MISPEvent(id="None", info="guest.phishtank_com", attributes="11463", tags=[<MISPTag(name=tlp:white)>, <MISPTag(name=misp-galaxy:misp-attack-pattern="URL embedded in Email")>])
Jason Kendall
@coolacid
@iglocska @chrisr3d Any updates on when STIX Lib will be ready? I know a lot of stuff has been done already, but want to implement a bunch of STIX stuff in feedgen.
Christian Studer
@chrisr3d
@coolacid I will have some days of vacation in the next few days, but I already started ordering ideas about this, with notes so when I come back I can start implementing it. Sorry it takes some time, but we have been also busy with other stuff in the last days
Jason Kendall
@coolacid
No worries at all! Just keeping tabs on it for reference. Anything I can do to help with it let me know.
Enjoy the time off!
mmorr33
@mmorr33
Has anyone here ever successfully integrated SSO with MISP? Documentation seems somewhat sparse for individuals not well-versed in how to approach.
Anders Einar Hilden
@Kagee
Is there a reason (apart from local and remote MISP resources) that normal users are allowed to view feed indexes and feed events, but not view remote server indexes and remote server events? I see the limitations for feeds were removes 10 days ago -> MISP/MISP@2340970
5 replies
Anders Einar Hilden
@Kagee
@JKD32332 If it is like the manual ubuntu instructions, there are several commans listet in an example form, but they are wrapped in a function in the example, and will thus not "do anything" unless you call said functions
4 replies
JKD32332
@JKD32332
Hello, I am nearly complete with my CentOS 8 installation and deployment of MISP. However, I am stuck on the step where I am creating a systemd unit for workers. I wrote the command “sudo checkmodule -M -m -o /tmp/workerstartsh.mod $PATH_TO_MISP/INSTALL/worker/startsh.te” I get an error saying “checkmodule: unable to open /var/MISP/INSTALL/worker/startsh.te” I don’t see anything about workerstartsh.mod until this step. There is no workerstartsh.mod file. Do you know where I can find it?
JKD32332
@JKD32332
Its the same issue that someone else also had here MISP/MISP#6182
Xorcerer
@rishab-rb
Hello everyone, I'm trying to understand the architecture of MISP, like how it communicates with each layer and the protocols being used for the same.
I couldn't find any resource for that, except documentation, and even that does not contain any information about the architecture. Can someone please guide me.