Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • 06:36
    righel commented #841
  • 06:36
    righel commented #841
  • 06:35
    righel commented #841
  • 06:35
    righel commented #841
  • Jun 28 15:29
    OldToys commented #841
  • Jun 28 15:29
    OldToys commented #841
  • Jun 28 15:24
    OldToys commented #841
  • Jun 28 15:24
    OldToys commented #841
  • Jun 28 15:23
    OldToys commented #841
  • Jun 28 15:23
    OldToys commented #841
  • Jun 28 15:23
    OldToys commented #841
  • Jun 28 15:23
    OldToys commented #841
  • Jun 28 15:12
    JakubOnderka opened #8464
  • Jun 28 15:12
    JakubOnderka opened #8464
  • Jun 28 11:04
    deMasus labeled #8463
  • Jun 28 11:04
    deMasus labeled #8463
  • Jun 28 11:04
    deMasus labeled #8463
  • Jun 28 11:04
    deMasus labeled #8463
  • Jun 28 11:04
    deMasus opened #8463
  • Jun 28 11:04
    deMasus opened #8463
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
Well, you would in theory need an AD server to test them πŸ€”
andras
@andras:matrix.circl.lu
[m]
indeed. Afaik we have something in the pipe for another issue though
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
AD? LDAP? Testing?
Andras Iklody
@iglocska
yeah indeed. We've had more and more questions about the LDAP auth - so the plan was to spin up an internal test environment so we can more readily debug issues with it
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
Samba 4 as an AD domain controller in a docker mayhaps?
andras
@andras:matrix.circl.lu
[m]
No clue whatever our sysadmin gods have in mind
😎
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
I was thinking more for myself/others. Would rather prefer to test with a samba docker than tell my windows admins I need a AD controller just for misp-playing :P
andras
@andras:matrix.circl.lu
[m]
Haha, well we’re a full *nix shop so either way is painful πŸ˜‚
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
I'm having problems with the urge of looking into it during the weekend and not wait til Monday πŸ€¦πŸΌβ€β™€οΈ
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
:point_up: Edit: I'm having problems with the urge of looking into it during the weekend and not wait til Monday πŸ€¦πŸΌβ€β™€οΈ
andras
@andras:matrix.circl.lu
[m]
Hahaha
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
Looked a bit on the "prefessional services" - virtual training is the same (multiple participants) as the on-site/Luxemburg trainings, only virtual and for support contract holders?
Also, the "MISP/Sharing"-room is not on Matrix?
andras
@andras:matrix.circl.lu
[m]
It’s the same, we simply do virtual trainings to avoid physical contact during the pandemic
It is!
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
Thank you, I failed to find it :/
andras
@andras:matrix.circl.lu
[m]
Me too at first πŸ˜‚
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
I did find a "MISP" rom created by a 0xft
andras
@andras:matrix.circl.lu
[m]
Yeah indeed he created it before we saw the light and started using matrix πŸ˜„
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
How do I find MISP/Sharing ?_?
andras
@andras:matrix.circl.lu
[m]
Anders Einar (Kagee): did that work? Sent an invite
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
Hmm, I can't se anything (element.io @ android)
Weird, if I search for "#MISP_Sharing:gitter.im" I get a result, but no "Join" button
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
andras hmm, I managed to join a room called "cyberml" when I clicked the room name in the chat above
fatsheep
@fatsheep_gitlab
Hello.
I have a question about event IDs.
Is the event ID completely unique?
If I delete an event, will that event ID be used again?
RaphaΓ«l
@raph:matrix.circl.lu
[m]
They are unique on a single MISP instance and won't be reused if you delete an event
if you synchronize your events, an other instance can have an event ID you deleted on your own instance.
What will always be unique is the UUID of an event
fatsheep
@fatsheep_gitlab
@raph:matrix.circl.lu
Well noted with thanks
Jeroen Pinoy
@Wachizungu
Hey. When a user tries to use Authkey from a remote IP that is not allowed by the key, the used IP is not logged. Is there a specific reason for that?
Andras Iklody
@iglocska
that seems to be an oversight
Jeroen Pinoy
@Wachizungu
okay thx for confirming will check if I can do a PR for that in a while
subramanyamanoj
@subramanyamanoj
Is there a way to tag an indicator at MITRE Tactic level (e.g TA0011) rather than at the technique level (e.g T1071) as i dont see tactics part of the galaxy ? If yes, any recommended tagging format ?
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
Oh now, there was a typo in my first commit to MISP 😒
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
(weird, i am sure i copied it directly from a running instance that was working)
Andras Iklody
@iglocska
no worries
it happens ;)
r0sier
@r0sier
Hi team! Trying to use import STIX via the UI. Get presented with 'Could not import STIX document' which seems to be a non syntax related issue as any errors in the JSON would normally return 'Could not import STIX document: Issues executing the ingestion script or invalid input. Please check whether the dependencies for STIX are met via the diagnostic tool.'. Nothing at all within exec-errors.log. I validated the STIX files with the STIX2Validator too and no issues. Any ideas? Was working fine until recently, so I've probably messed around with the wrong thing! Diagnostic tool reports no issues either
r0sier
@r0sier
Issue was you cant import a STIX bundle, delete the event, and re-import without changing the bundle UUID. Not too sure if thats expected.. We were testing hence deleting and re-importing
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
A better error message would probably be useful
subramanyamanoj
@subramanyamanoj
Is this a right format for MITRE galaxy tag as i see this in some of recent feeds ? The technique doesnt have the name but just the code itself. (Eg: misp-galaxy:mitre-attack-pattern=β€œT1566.002”) ?
1 reply
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
I see that 2.4.144 is tagged ?
1 reply
(loved the birtday logo in .143 btw)
To bad my users didn't see it since we don't use the login form
Andras Iklody
@iglocska
yeah 2.4.144 is tagged, blog post should be out today
yeah that's a bummer :(
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
@coolacid: Bump to 2.4.1.44? :D
Stefano Ortolani
@ostefano
Is there a reason why creating a MISP feed with pyMISP (https://github.com/MISP/PyMISP/tree/main/examples/feed-generator) creates a file called hashes.csv? How is that file used? My understanding is that it keeps a mapping between hash of each attribute and the event. What is the reason for that?
andras
@andras:matrix.circl.lu
[m]
When you "cache" a feed