Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • 12:25
    righel commented #7764
  • 12:25
    righel commented #7764
  • 12:20
    righel commented #7764
  • 12:20
    righel commented #7764
  • 12:19
    righel commented #7764
  • 12:19
    righel commented #7764
  • 12:18
    righel commented #7764
  • 12:18
    righel commented #7764
  • 12:18
    righel commented #7764
  • 12:18
    righel commented #7764
  • 12:10
    redbiker-svg commented #7586
  • 12:10
    redbiker-svg commented #7586
  • 12:07
    redbiker-svg closed #7567
  • 12:07
    redbiker-svg closed #7567
  • 12:04
    redbiker-svg labeled #7764
  • 12:04
    redbiker-svg labeled #7764
  • 12:04
    redbiker-svg labeled #7764
  • 12:04
    redbiker-svg labeled #7764
  • 12:04
    redbiker-svg opened #7764
  • 12:04
    redbiker-svg opened #7764
Feldunost
@Feldunost
is there a command line or a script to import into MISP event id ?
andras
@andras:matrix.circl.lu
[m]
that expects MISP event format data
however, if you post a STIX document to /events/upload_stix/[version]
it will create a single, or multiple events depending on the stix documents' contents
(accepted versions are 1 and 2)
andras
@andras:matrix.circl.lu
[m]
what was the output?
also, are the diagnostics in misp complaining about missing libraries?
Feldunost
@Feldunost
checking diagnostics
stix and stix2 libraries are OK
andras
@andras:matrix.circl.lu
[m]
could you share a sample of what you tried to post?
also, which version of MISP are you on?
Feldunost
@Feldunost
v2.4.141
it's a simple taxi-poll
andras
@andras:matrix.circl.lu
[m]
ok I am not entirely sure what you are trying to do
that endpoint expects a STIX document
yeah that won't work as that test.json will not be a STIX document
it will be a taxii package
Feldunost
@Feldunost
did this and it gets correctly the stic file from alienvault as testing
andras
@andras:matrix.circl.lu
[m]
that contains a stix package
Feldunost
@Feldunost
ah ?
andras
@andras:matrix.circl.lu
[m]
just guessing but you probably have your data wrapped
Feldunost
@Feldunost
so it's not stix file out of the box ,
andras
@andras:matrix.circl.lu
[m]
yeah exactly, in that case it definitely won't work
Feldunost
@Feldunost
but on header it's stix package
andras
@andras:matrix.circl.lu
[m]
ok that looks correct
Feldunost
@Feldunost
oh ?
andras
@andras:matrix.circl.lu
[m]
a stix package should work
can you send me a sample export?
I can have a look
Feldunost
@Feldunost
mmmh getting it
andras
@andras:matrix.circl.lu
[m]
Feldunost
@Feldunost
sent
it's very simple from alienvault as testing
seems to be version 1.2
andras
@andras:matrix.circl.lu
[m]
having a look, looks like indeed a bug
the document looks fine
SQLSTATE[42000]: Syntax error or access violation: 1055 'misp.GalaxyCluster.value' isn't in GROUP BY
will have a look where it comes from that's weird
Feldunost
@Feldunost
ooh, bug discoverer title ? :D
\o/
might be because of this
<indicator:Title>vigalaxy.com from https://otx.alienvault.com/pulse/60c74c2 ...</indicator:Title>
since it mentions galaxy cluster value
Feldunost
@Feldunost
seems like i can't use that either : /var/www/MISP/venv/bin/python3 ingest_stix.py --version 2 --path stix2.json
doesn't let me specify event id to populate
andras
@andras:matrix.circl.lu
[m]
Will have a look later tonight
Feldunost
@Feldunost
yeah no worries, i'm searching others ways
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
Anyone working with misp-module that has any feeling of wether it could be updated to use chardet 4.0.0 ? https://github.com/chardet/chardet/releases/tag/4.0.0
1 reply
imidoriya
@imidoriya
Any way to query the jobs queue via API for pending count and such? I’d like to keep track of the job queue for monitoring as sometimes it gets backlogged.
2 replies
andras
@andras:matrix.circl.lu
[m]
it returns json, the same way as all other APIs
just pass the correct accept and content-type headers