Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • 07:32
    righel unlabeled #8003
  • 07:32
    righel unlabeled #8003
  • 07:32
    righel labeled #8003
  • 07:32
    righel labeled #8003
  • 07:28
    righel commented #8003
  • 07:28
    righel commented #8003
  • 04:27
    viveksis12 commented #8003
  • 04:27
    viveksis12 commented #8003
  • 04:18
    viveksis12 commented #8003
  • 04:18
    viveksis12 commented #8003
  • 04:17
    viveksis12 commented #8003
  • 04:17
    viveksis12 commented #8003
  • 02:46
    ydnzol starred MISP/MISP
  • Nov 30 20:49
    ani-abraham commented #535
  • Nov 30 20:48
    ani-abraham commented #535
  • Nov 30 20:48
    ani-abraham commented #535
  • Nov 30 20:45
    cocoonkid starred MISP/MISP
  • Nov 30 17:38
    R1ch01d closed #7950
  • Nov 30 17:38
    R1ch01d closed #7950
  • Nov 30 17:38
    R1ch01d commented #7950
andras
@andras:matrix.circl.lu
[m]
it will only ingest that file
rather than parsing the manifest -> then each individual event.json
and hashing all attribute values
it front-loads that task rather than letting all clients ingesting the feed calculate the hashes
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
    private function getOrDef($variable, $default) {
        if (Configure::check($variable)) {
            return Configure::read($variable);
        }
        return $default;
    }
I wronte the following wrapper as part of my code, to be able the read config variables with a default value. Does a function like this exsists already that i did not find ?
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
:point_up: Edit: I wrote the following wrapper as part of my code, to be able the read config variables with a default value. Does a function like this exsists already that i did not find ?
andras
@andras:matrix.circl.lu
[m]
there's Controller::getSetting($setting_name)
sorry ServersController*
    public function getSetting($setting_name)
    {
        $setting = $this->Server->getSettingData($setting_name);
        if (!empty($setting["redacted"])) {
            throw new MethodNotAllowedException(__('This setting is redacted.'));
        }
        if (Configure::check($setting_name)) {
            $setting['value'] = Configure::read($setting_name);
        }
        return $this->RestResponse->viewData($setting);
    }
the advantage of this is it loads the setting definition too
and if no setting is set, it shows the assumed default value
output for MISP.osuser on my machine:
{
    "level": 0,
    "description": "The Unix user MISP (php) is running as",
    "value": "www-data",
    "errorMessage": "",
    "test": "testForEmpty",
    "type": "string",
    "name": "MISP.osuser"
}
it's a value that is not set, so it defaults to www-data
baseurl:
{
    "level": 0,
    "description": "The base url of the application (in the format https:\/\/www.mymispinstance.com or https:\/\/myserver.com\/misp). Several features depend on this setting being correctly set to function.",
    "value": "http:\/\/localhost:5000",
    "errorMessage": "The currently set baseurl does not match the URL through which you have accessed the page. Disregard this if you are accessing the page via an alternate URL (for example via IP address).",
    "test": "testBaseURL",
    "type": "string",
    "name": "MISP.baseurl"
}
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
And I can call that from my authcomponent?
andras
@andras:matrix.circl.lu
[m]
ah no.
you'll need your own function there indeed
but I'd copy the logic of this
Server->getSettingData() you can access from the authcomponent if I am not mistaken
via
$server = ClassRegistry::init('Server');
$setting = $server->getSettingData($foo);
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
And to add setting data I would add it to server.php around line ... 4525 😯
?
andras
@andras:matrix.circl.lu
[m]
yeah if you want new settings, yeah
that way the setting won't be restricted to just the config.php file
but you'll get it in the interface / no more purging of the settings etc
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
Purging of settings?
andras
@andras:matrix.circl.lu
[m]
yeah afaik there is a potential issue with using the interface of changing settings affecting the settings in config.php
not sure if it was resolved in the end or not, that was ages ago
(I might be completely wrong and it's a non issue)
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
I do believe it was. I write quite a few setting that are not in server.php
Well, under ApacheSecureAuth, that is.
andras
@andras:matrix.circl.lu
[m]
ah ok in that case it's all good
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
Feels like some things should be moved out of server.php just to make it a smaller file :/
Feldunost
@Feldunost
Hello everyone,
I'm looking for a module to be able to pull all IOCs from selected or specified users in alienvault OTX
I know there are some, but which is the most convenient way to go ?
24 replies
derwilliwonka
@derwilliwonka
Hey guys anyone familiar with misp-taxii?
Feldunost
@Feldunost

Hey guys anyone familiar with misp-taxii?

found this, might help maybe as kick-start : https://gist.github.com/ag-michael/54736e6d972f17e7e4b7ab7e70f4c3f2

Xebus
@Xebus-Systems
question to anyone that might know ( im new to MISP) ....unsure if its documented, is it possible to connect MISP to Azure Sentinel via MISP API in the UI? I know about the graph connector python script, was wondering if there was a better way?
fatsheep白
@f47sh33p_twitter
Hello,
Is it possible to copy an event from another organization to my organization?
It is a copy on the same MISP instance.
Feldunost
@Feldunost
currently taxii is working fine on a private instance, i am trying to import the stix file that resulted from taxii polling process
is there a command line or a script to import into MISP event id ?
andras
@andras:matrix.circl.lu
[m]
that expects MISP event format data
however, if you post a STIX document to /events/upload_stix/[version]
it will create a single, or multiple events depending on the stix documents' contents
(accepted versions are 1 and 2)
andras
@andras:matrix.circl.lu
[m]
what was the output?