Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • 12:25
    righel commented #7764
  • 12:25
    righel commented #7764
  • 12:20
    righel commented #7764
  • 12:20
    righel commented #7764
  • 12:19
    righel commented #7764
  • 12:19
    righel commented #7764
  • 12:18
    righel commented #7764
  • 12:18
    righel commented #7764
  • 12:18
    righel commented #7764
  • 12:18
    righel commented #7764
  • 12:10
    redbiker-svg commented #7586
  • 12:10
    redbiker-svg commented #7586
  • 12:07
    redbiker-svg closed #7567
  • 12:07
    redbiker-svg closed #7567
  • 12:04
    redbiker-svg labeled #7764
  • 12:04
    redbiker-svg labeled #7764
  • 12:04
    redbiker-svg labeled #7764
  • 12:04
    redbiker-svg labeled #7764
  • 12:04
    redbiker-svg opened #7764
  • 12:04
    redbiker-svg opened #7764
Xebus
@Xebus-Systems
question to anyone that might know ( im new to MISP) ....unsure if its documented, is it possible to connect MISP to Azure Sentinel via MISP API in the UI? I know about the graph connector python script, was wondering if there was a better way?
fatsheep白
@f47sh33p_twitter
Hello,
Is it possible to copy an event from another organization to my organization?
It is a copy on the same MISP instance.
Feldunost
@Feldunost
currently taxii is working fine on a private instance, i am trying to import the stix file that resulted from taxii polling process
is there a command line or a script to import into MISP event id ?
andras
@andras:matrix.circl.lu
[m]
that expects MISP event format data
however, if you post a STIX document to /events/upload_stix/[version]
it will create a single, or multiple events depending on the stix documents' contents
(accepted versions are 1 and 2)
andras
@andras:matrix.circl.lu
[m]
what was the output?
also, are the diagnostics in misp complaining about missing libraries?
Feldunost
@Feldunost
checking diagnostics
stix and stix2 libraries are OK
andras
@andras:matrix.circl.lu
[m]
could you share a sample of what you tried to post?
also, which version of MISP are you on?
Feldunost
@Feldunost
v2.4.141
it's a simple taxi-poll
andras
@andras:matrix.circl.lu
[m]
ok I am not entirely sure what you are trying to do
that endpoint expects a STIX document
yeah that won't work as that test.json will not be a STIX document
it will be a taxii package
Feldunost
@Feldunost
did this and it gets correctly the stic file from alienvault as testing
andras
@andras:matrix.circl.lu
[m]
that contains a stix package
Feldunost
@Feldunost
ah ?
andras
@andras:matrix.circl.lu
[m]
just guessing but you probably have your data wrapped
Feldunost
@Feldunost
so it's not stix file out of the box ,
andras
@andras:matrix.circl.lu
[m]
yeah exactly, in that case it definitely won't work
Feldunost
@Feldunost
but on header it's stix package
andras
@andras:matrix.circl.lu
[m]
ok that looks correct
Feldunost
@Feldunost
oh ?
andras
@andras:matrix.circl.lu
[m]
a stix package should work
can you send me a sample export?
I can have a look
Feldunost
@Feldunost
mmmh getting it
andras
@andras:matrix.circl.lu
[m]
Feldunost
@Feldunost
sent
it's very simple from alienvault as testing
seems to be version 1.2
andras
@andras:matrix.circl.lu
[m]
having a look, looks like indeed a bug
the document looks fine
SQLSTATE[42000]: Syntax error or access violation: 1055 'misp.GalaxyCluster.value' isn't in GROUP BY
will have a look where it comes from that's weird
Feldunost
@Feldunost
ooh, bug discoverer title ? :D
\o/
might be because of this
<indicator:Title>vigalaxy.com from https://otx.alienvault.com/pulse/60c74c2 ...</indicator:Title>
since it mentions galaxy cluster value
Feldunost
@Feldunost
seems like i can't use that either : /var/www/MISP/venv/bin/python3 ingest_stix.py --version 2 --path stix2.json
doesn't let me specify event id to populate
andras
@andras:matrix.circl.lu
[m]
Will have a look later tonight
Feldunost
@Feldunost
yeah no worries, i'm searching others ways
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
Anyone working with misp-module that has any feeling of wether it could be updated to use chardet 4.0.0 ? https://github.com/chardet/chardet/releases/tag/4.0.0
1 reply