Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • 07:25
    cudeso labeled #8103
  • 07:25
    cudeso opened #8103
  • 07:25
    cudeso opened #8103
  • 07:25
    cudeso labeled #8103
  • 03:23
    erichschmidt starred MISP/MISP
  • 01:38
    hitenkoku starred MISP/misp-galaxy
  • Jan 19 22:21
    sycophantic edited #144
  • Jan 19 22:19
    netops2devops starred MISP/MISP
  • Jan 19 22:18
    sycophantic opened #144
  • Jan 19 22:13
    Tikki224 starred MISP/misp-galaxy
  • Jan 19 21:52
    imidoriya closed #817
  • Jan 19 21:52
    imidoriya closed #817
  • Jan 19 21:48
    adulau commented #819
  • Jan 19 21:48
    adulau commented #819
  • Jan 19 21:48

    adulau on main

    Add feed option for local tag e… Merge pull request #819 from im… (compare)

  • Jan 19 21:48

    adulau on main

    Add feed option for local tag e… Merge pull request #819 from im… (compare)

  • Jan 19 21:48
    adulau closed #819
  • Jan 19 21:48
    adulau closed #819
  • Jan 19 21:44
    adulau labeled #544
Andras Iklody
@iglocska
that seems to be an oversight
Jeroen Pinoy
@Wachizungu
okay thx for confirming will check if I can do a PR for that in a while
subramanyamanoj
@subramanyamanoj
Is there a way to tag an indicator at MITRE Tactic level (e.g TA0011) rather than at the technique level (e.g T1071) as i dont see tactics part of the galaxy ? If yes, any recommended tagging format ?
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
Oh now, there was a typo in my first commit to MISP 😢
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
(weird, i am sure i copied it directly from a running instance that was working)
Andras Iklody
@iglocska
no worries
it happens ;)
r0sier
@r0sier
Hi team! Trying to use import STIX via the UI. Get presented with 'Could not import STIX document' which seems to be a non syntax related issue as any errors in the JSON would normally return 'Could not import STIX document: Issues executing the ingestion script or invalid input. Please check whether the dependencies for STIX are met via the diagnostic tool.'. Nothing at all within exec-errors.log. I validated the STIX files with the STIX2Validator too and no issues. Any ideas? Was working fine until recently, so I've probably messed around with the wrong thing! Diagnostic tool reports no issues either
r0sier
@r0sier
Issue was you cant import a STIX bundle, delete the event, and re-import without changing the bundle UUID. Not too sure if thats expected.. We were testing hence deleting and re-importing
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
A better error message would probably be useful
subramanyamanoj
@subramanyamanoj
Is this a right format for MITRE galaxy tag as i see this in some of recent feeds ? The technique doesnt have the name but just the code itself. (Eg: misp-galaxy:mitre-attack-pattern=“T1566.002”) ?
1 reply
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
I see that 2.4.144 is tagged ?
1 reply
(loved the birtday logo in .143 btw)
To bad my users didn't see it since we don't use the login form
Andras Iklody
@iglocska
yeah 2.4.144 is tagged, blog post should be out today
yeah that's a bummer :(
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
@coolacid: Bump to 2.4.1.44? :D
Stefano Ortolani
@ostefano
Is there a reason why creating a MISP feed with pyMISP (https://github.com/MISP/PyMISP/tree/main/examples/feed-generator) creates a file called hashes.csv? How is that file used? My understanding is that it keeps a mapping between hash of each attribute and the event. What is the reason for that?
andras
@andras:matrix.circl.lu
[m]
When you "cache" a feed
it will only ingest that file
rather than parsing the manifest -> then each individual event.json
and hashing all attribute values
it front-loads that task rather than letting all clients ingesting the feed calculate the hashes
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
    private function getOrDef($variable, $default) {
        if (Configure::check($variable)) {
            return Configure::read($variable);
        }
        return $default;
    }
I wronte the following wrapper as part of my code, to be able the read config variables with a default value. Does a function like this exsists already that i did not find ?
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
:point_up: Edit: I wrote the following wrapper as part of my code, to be able the read config variables with a default value. Does a function like this exsists already that i did not find ?
andras
@andras:matrix.circl.lu
[m]
there's Controller::getSetting($setting_name)
sorry ServersController*
    public function getSetting($setting_name)
    {
        $setting = $this->Server->getSettingData($setting_name);
        if (!empty($setting["redacted"])) {
            throw new MethodNotAllowedException(__('This setting is redacted.'));
        }
        if (Configure::check($setting_name)) {
            $setting['value'] = Configure::read($setting_name);
        }
        return $this->RestResponse->viewData($setting);
    }
the advantage of this is it loads the setting definition too
and if no setting is set, it shows the assumed default value
output for MISP.osuser on my machine:
{
    "level": 0,
    "description": "The Unix user MISP (php) is running as",
    "value": "www-data",
    "errorMessage": "",
    "test": "testForEmpty",
    "type": "string",
    "name": "MISP.osuser"
}
it's a value that is not set, so it defaults to www-data
baseurl:
{
    "level": 0,
    "description": "The base url of the application (in the format https:\/\/www.mymispinstance.com or https:\/\/myserver.com\/misp). Several features depend on this setting being correctly set to function.",
    "value": "http:\/\/localhost:5000",
    "errorMessage": "The currently set baseurl does not match the URL through which you have accessed the page. Disregard this if you are accessing the page via an alternate URL (for example via IP address).",
    "test": "testBaseURL",
    "type": "string",
    "name": "MISP.baseurl"
}
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
And I can call that from my authcomponent?
andras
@andras:matrix.circl.lu
[m]
ah no.
you'll need your own function there indeed
but I'd copy the logic of this
Server->getSettingData() you can access from the authcomponent if I am not mistaken
via
$server = ClassRegistry::init('Server');
$setting = $server->getSettingData($foo);
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
And to add setting data I would add it to server.php around line ... 4525 😯
?
andras
@andras:matrix.circl.lu
[m]
yeah if you want new settings, yeah
that way the setting won't be restricted to just the config.php file
but you'll get it in the interface / no more purging of the settings etc
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
Purging of settings?
andras
@andras:matrix.circl.lu
[m]
yeah afaik there is a potential issue with using the interface of changing settings affecting the settings in config.php