Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Jul 27 19:11
    JakubOnderka opened #7610
  • Jul 27 19:11
    JakubOnderka opened #7610
  • Jul 27 18:52

    JakubOnderka on develop

    new: [test] Security test for p… chg: [API] Refactor event publi… Merge pull request #7539 from J… (compare)

  • Jul 27 18:52

    JakubOnderka on develop

    new: [test] Security test for p… chg: [API] Refactor event publi… Merge pull request #7539 from J… (compare)

  • Jul 27 18:52
    JakubOnderka closed #7539
  • Jul 27 18:52
    JakubOnderka closed #7539
  • Jul 27 18:52
    JakubOnderka ready_for_review #7539
  • Jul 27 18:52
    JakubOnderka ready_for_review #7539
  • Jul 27 17:17
    JakubOnderka synchronize #7577
  • Jul 27 17:17
    JakubOnderka synchronize #7577
  • Jul 27 17:14
    JakubOnderka closed #7262
  • Jul 27 17:14
    JakubOnderka closed #7262
  • Jul 27 17:13
    JakubOnderka synchronize #7010
  • Jul 27 17:13
    JakubOnderka synchronize #7010
  • Jul 27 17:11

    JakubOnderka on develop

    chg: [internal] Remove unused v… chg: [internal] Removed unused … chg: [internal] Simplified Attr… and 3 more (compare)

  • Jul 27 17:11

    JakubOnderka on develop

    chg: [internal] Remove unused v… chg: [internal] Removed unused … chg: [internal] Simplified Attr… and 3 more (compare)

  • Jul 27 17:11
    JakubOnderka closed #7609
  • Jul 27 17:11
    JakubOnderka closed #7609
  • Jul 27 17:11
    JakubOnderka ready_for_review #7609
  • Jul 27 17:11
    JakubOnderka ready_for_review #7609
Feldunost
@Feldunost
seems like i can't use that either : /var/www/MISP/venv/bin/python3 ingest_stix.py --version 2 --path stix2.json
doesn't let me specify event id to populate
andras
@andras:matrix.circl.lu
[m]
Will have a look later tonight
Feldunost
@Feldunost
yeah no worries, i'm searching others ways
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
Anyone working with misp-module that has any feeling of wether it could be updated to use chardet 4.0.0 ? https://github.com/chardet/chardet/releases/tag/4.0.0
1 reply
imidoriya
@imidoriya
Any way to query the jobs queue via API for pending count and such? I’d like to keep track of the job queue for monitoring as sometimes it gets backlogged.
2 replies
andras
@andras:matrix.circl.lu
[m]
it returns json, the same way as all other APIs
just pass the correct accept and content-type headers
or if your monitoring tool can't do that
just append .json at the end of the url
luciano (righel)
@luciano:matrix.circl.lu
[m]
example:
curl --location --request GET 'https://misp.local/jobs' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--header 'Authorization: YOUR_API_KEY'
Feldunost
@Feldunost
@andras:matrix.circl.lu updated to .144, same problem with stix import
imidoriya
@imidoriya
Does setting Security.advanced_authkeys=True invalidate existing keys? I’d like to turn this on, but not if it’s going to break all existing API users.
andras
@andras:matrix.circl.lu
[m]
It does indeed
buuuut
if you enable it
and go to your server diagnostics
there's a button called Update Authkeys to advanced Authkeys
which will create the new style API keys out of the existing ones
one downside: The new authkey system is partially there because we wanted to store only the hashes of passwords
so this kinda defeats the purpose in that there will be a version of the keys you copy over in the clear on the user object
if you're fine with that you can totally do it though
and maintain access for all the users
future keys that get generated will only exist in their hashed state from there on
imidoriya
@imidoriya
cool, thanks
andras
@andras:matrix.circl.lu
[m]
no worries
imidoriya
@imidoriya
Can I run the Update Authkeys to advanced Authkeys prior to enabling advanced_authkeys?
andras
@andras:matrix.circl.lu
[m]
errr
not sure
I guess maybe? :)
imidoriya
@imidoriya
lol
andras
@andras:matrix.circl.lu
[m]
just tried it
seems to work without enabling it
imidoriya
@imidoriya
Hmmm, it said The upgrade process is complete, 0 authkey(s) generated.. I went ahead and enabled advanced_authkeys and things still seem to be working. Hope that’s the case for everyone else.
Tom
@nyx0
Hello, i have an issue with mitre misp-galaxy. Some misp-galaxy:mitre-attack-pattern tags are not available in the API, however we can see the entry in the JSON file (misp-galaxy/main/clusters/mitre-attack-pattern.json) "value": "Boot or Logon Autostart Execution - T1547" it prevents us to add this technique to an event using the API.
3 replies
imidoriya
@imidoriya
Can a wildcard (or multiple entries) be used for the base_url or external_baseurl? Someone was reporting login errors if they just went to https://domain.com, instead of https://www.domain.com (very common practice). I’d like for MISP to support both without issue.
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
You can set it to nothing
But it may introduce bugs, at it is not testet much
Feldunost
@Feldunost
@andras:matrix.circl.lu so actually what is the best way to connect alienvault user's feed to a misp ?
if there is something else than stix import ?
andras
@andras:matrix.circl.lu
[m]
No idea not using it ourselves :(
Feldunost
@Feldunost
I guess i got to wait for stix fix for now.
Feldunost
@Feldunost
ok stix import works but it creates another event. instead i want it to populate a specific event ... aha
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
So, yes, adminitrators have to pay attention, but would it be sensible to have the default role in the add user gui to be "User", not "admin" ?
1 reply
andras
@andras:matrix.circl.lu
[m]
yeah you can set a default
so if you set user, then each time you create a new user it will default to that in the UI
also IIRC if you create a user via the API without a role_id set it will default to that (but not 100% about that)
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
Yes, but i feel the default default should be User, not Admin :)
andras
@andras:matrix.circl.lu
[m]
yeah that would indeed make sense
sharing is caring but that's taking it a step too far by default probably