Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Jul 27 19:11
    JakubOnderka opened #7610
  • Jul 27 19:11
    JakubOnderka opened #7610
  • Jul 27 18:52

    JakubOnderka on develop

    new: [test] Security test for p… chg: [API] Refactor event publi… Merge pull request #7539 from J… (compare)

  • Jul 27 18:52

    JakubOnderka on develop

    new: [test] Security test for p… chg: [API] Refactor event publi… Merge pull request #7539 from J… (compare)

  • Jul 27 18:52
    JakubOnderka closed #7539
  • Jul 27 18:52
    JakubOnderka closed #7539
  • Jul 27 18:52
    JakubOnderka ready_for_review #7539
  • Jul 27 18:52
    JakubOnderka ready_for_review #7539
  • Jul 27 17:17
    JakubOnderka synchronize #7577
  • Jul 27 17:17
    JakubOnderka synchronize #7577
  • Jul 27 17:14
    JakubOnderka closed #7262
  • Jul 27 17:14
    JakubOnderka closed #7262
  • Jul 27 17:13
    JakubOnderka synchronize #7010
  • Jul 27 17:13
    JakubOnderka synchronize #7010
  • Jul 27 17:11

    JakubOnderka on develop

    chg: [internal] Remove unused v… chg: [internal] Removed unused … chg: [internal] Simplified Attr… and 3 more (compare)

  • Jul 27 17:11

    JakubOnderka on develop

    chg: [internal] Remove unused v… chg: [internal] Removed unused … chg: [internal] Simplified Attr… and 3 more (compare)

  • Jul 27 17:11
    JakubOnderka closed #7609
  • Jul 27 17:11
    JakubOnderka closed #7609
  • Jul 27 17:11
    JakubOnderka ready_for_review #7609
  • Jul 27 17:11
    JakubOnderka ready_for_review #7609
andras
@andras:matrix.circl.lu
[m]
that endpoint expects a STIX document
yeah that won't work as that test.json will not be a STIX document
it will be a taxii package
Feldunost
@Feldunost
did this and it gets correctly the stic file from alienvault as testing
andras
@andras:matrix.circl.lu
[m]
that contains a stix package
Feldunost
@Feldunost
ah ?
andras
@andras:matrix.circl.lu
[m]
just guessing but you probably have your data wrapped
Feldunost
@Feldunost
so it's not stix file out of the box ,
andras
@andras:matrix.circl.lu
[m]
yeah exactly, in that case it definitely won't work
Feldunost
@Feldunost
but on header it's stix package
andras
@andras:matrix.circl.lu
[m]
ok that looks correct
Feldunost
@Feldunost
oh ?
andras
@andras:matrix.circl.lu
[m]
a stix package should work
can you send me a sample export?
I can have a look
Feldunost
@Feldunost
mmmh getting it
andras
@andras:matrix.circl.lu
[m]
Feldunost
@Feldunost
sent
it's very simple from alienvault as testing
seems to be version 1.2
andras
@andras:matrix.circl.lu
[m]
having a look, looks like indeed a bug
the document looks fine
SQLSTATE[42000]: Syntax error or access violation: 1055 'misp.GalaxyCluster.value' isn't in GROUP BY
will have a look where it comes from that's weird
Feldunost
@Feldunost
ooh, bug discoverer title ? :D
\o/
might be because of this
<indicator:Title>vigalaxy.com from https://otx.alienvault.com/pulse/60c74c2 ...</indicator:Title>
since it mentions galaxy cluster value
Feldunost
@Feldunost
seems like i can't use that either : /var/www/MISP/venv/bin/python3 ingest_stix.py --version 2 --path stix2.json
doesn't let me specify event id to populate
andras
@andras:matrix.circl.lu
[m]
Will have a look later tonight
Feldunost
@Feldunost
yeah no worries, i'm searching others ways
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
Anyone working with misp-module that has any feeling of wether it could be updated to use chardet 4.0.0 ? https://github.com/chardet/chardet/releases/tag/4.0.0
1 reply
imidoriya
@imidoriya
Any way to query the jobs queue via API for pending count and such? I’d like to keep track of the job queue for monitoring as sometimes it gets backlogged.
2 replies
andras
@andras:matrix.circl.lu
[m]
it returns json, the same way as all other APIs
just pass the correct accept and content-type headers
or if your monitoring tool can't do that
just append .json at the end of the url
luciano (righel)
@luciano:matrix.circl.lu
[m]
example:
curl --location --request GET 'https://misp.local/jobs' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--header 'Authorization: YOUR_API_KEY'
Feldunost
@Feldunost
@andras:matrix.circl.lu updated to .144, same problem with stix import
imidoriya
@imidoriya
Does setting Security.advanced_authkeys=True invalidate existing keys? I’d like to turn this on, but not if it’s going to break all existing API users.
andras
@andras:matrix.circl.lu
[m]
It does indeed
buuuut
if you enable it
and go to your server diagnostics
there's a button called Update Authkeys to advanced Authkeys
which will create the new style API keys out of the existing ones
one downside: The new authkey system is partially there because we wanted to store only the hashes of passwords
so this kinda defeats the purpose in that there will be a version of the keys you copy over in the clear on the user object
if you're fine with that you can totally do it though