Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • 16:11
    slennie12 edited #8104
  • 16:11
    slennie12 edited #8104
  • 16:09
    slennie12 opened #8104
  • 16:09
    slennie12 labeled #8104
  • 16:09
    slennie12 labeled #8104
  • 16:09
    slennie12 opened #8104
  • 15:23

    JakubOnderka on develop

    new: [CLI] Security audit fix: [setting] Default value fo… new: [security] securityAuditTls and 3 more (compare)

  • 15:23

    JakubOnderka on develop

    new: [CLI] Security audit fix: [setting] Default value fo… new: [security] securityAuditTls and 3 more (compare)

  • 15:23
    JakubOnderka closed #8089
  • 15:23
    JakubOnderka closed #8089
  • 15:23
    JakubOnderka ready_for_review #8089
  • 15:23
    JakubOnderka ready_for_review #8089
  • 15:08
    JakubOnderka synchronize #8089
  • 15:08
    JakubOnderka synchronize #8089
  • 15:02
    JakubOnderka synchronize #8089
  • 15:02
    JakubOnderka synchronize #8089
  • 14:32
    JakubOnderka synchronize #8089
  • 14:32
    JakubOnderka synchronize #8089
  • 14:04
    JakubOnderka synchronize #8089
  • 14:04
    JakubOnderka synchronize #8089
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
A better error message would probably be useful
subramanyamanoj
@subramanyamanoj
Is this a right format for MITRE galaxy tag as i see this in some of recent feeds ? The technique doesnt have the name but just the code itself. (Eg: misp-galaxy:mitre-attack-pattern=“T1566.002”) ?
1 reply
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
I see that 2.4.144 is tagged ?
1 reply
(loved the birtday logo in .143 btw)
To bad my users didn't see it since we don't use the login form
Andras Iklody
@iglocska
yeah 2.4.144 is tagged, blog post should be out today
yeah that's a bummer :(
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
@coolacid: Bump to 2.4.1.44? :D
Stefano Ortolani
@ostefano
Is there a reason why creating a MISP feed with pyMISP (https://github.com/MISP/PyMISP/tree/main/examples/feed-generator) creates a file called hashes.csv? How is that file used? My understanding is that it keeps a mapping between hash of each attribute and the event. What is the reason for that?
andras
@andras:matrix.circl.lu
[m]
When you "cache" a feed
it will only ingest that file
rather than parsing the manifest -> then each individual event.json
and hashing all attribute values
it front-loads that task rather than letting all clients ingesting the feed calculate the hashes
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
    private function getOrDef($variable, $default) {
        if (Configure::check($variable)) {
            return Configure::read($variable);
        }
        return $default;
    }
I wronte the following wrapper as part of my code, to be able the read config variables with a default value. Does a function like this exsists already that i did not find ?
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
:point_up: Edit: I wrote the following wrapper as part of my code, to be able the read config variables with a default value. Does a function like this exsists already that i did not find ?
andras
@andras:matrix.circl.lu
[m]
there's Controller::getSetting($setting_name)
sorry ServersController*
    public function getSetting($setting_name)
    {
        $setting = $this->Server->getSettingData($setting_name);
        if (!empty($setting["redacted"])) {
            throw new MethodNotAllowedException(__('This setting is redacted.'));
        }
        if (Configure::check($setting_name)) {
            $setting['value'] = Configure::read($setting_name);
        }
        return $this->RestResponse->viewData($setting);
    }
the advantage of this is it loads the setting definition too
and if no setting is set, it shows the assumed default value
output for MISP.osuser on my machine:
{
    "level": 0,
    "description": "The Unix user MISP (php) is running as",
    "value": "www-data",
    "errorMessage": "",
    "test": "testForEmpty",
    "type": "string",
    "name": "MISP.osuser"
}
it's a value that is not set, so it defaults to www-data
baseurl:
{
    "level": 0,
    "description": "The base url of the application (in the format https:\/\/www.mymispinstance.com or https:\/\/myserver.com\/misp). Several features depend on this setting being correctly set to function.",
    "value": "http:\/\/localhost:5000",
    "errorMessage": "The currently set baseurl does not match the URL through which you have accessed the page. Disregard this if you are accessing the page via an alternate URL (for example via IP address).",
    "test": "testBaseURL",
    "type": "string",
    "name": "MISP.baseurl"
}
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
And I can call that from my authcomponent?
andras
@andras:matrix.circl.lu
[m]
ah no.
you'll need your own function there indeed
but I'd copy the logic of this
Server->getSettingData() you can access from the authcomponent if I am not mistaken
via
$server = ClassRegistry::init('Server');
$setting = $server->getSettingData($foo);
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
And to add setting data I would add it to server.php around line ... 4525 😯
?
andras
@andras:matrix.circl.lu
[m]
yeah if you want new settings, yeah
that way the setting won't be restricted to just the config.php file
but you'll get it in the interface / no more purging of the settings etc
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
Purging of settings?
andras
@andras:matrix.circl.lu
[m]
yeah afaik there is a potential issue with using the interface of changing settings affecting the settings in config.php
not sure if it was resolved in the end or not, that was ages ago
(I might be completely wrong and it's a non issue)
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
I do believe it was. I write quite a few setting that are not in server.php
Well, under ApacheSecureAuth, that is.
andras
@andras:matrix.circl.lu
[m]
ah ok in that case it's all good
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
Feels like some things should be moved out of server.php just to make it a smaller file :/
Feldunost
@Feldunost
Hello everyone,
I'm looking for a module to be able to pull all IOCs from selected or specified users in alienvault OTX
I know there are some, but which is the most convenient way to go ?
24 replies
derwilliwonka
@derwilliwonka
Hey guys anyone familiar with misp-taxii?