Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • 21:08
    adulau commented #7613
  • 21:08
    adulau commented #7613
  • 21:08
    adulau commented #7613
  • 21:08
    adulau commented #7613
  • 21:08

    adulau on 2.4

    quick fix sticky buffers Accor… Merge pull request #7613 from l… (compare)

  • 21:08

    adulau on 2.4

    quick fix sticky buffers Accor… Merge pull request #7613 from l… (compare)

  • 21:08
    adulau closed #7613
  • 21:08
    adulau closed #7613
  • 16:41

    JakubOnderka on develop

    fix: [stix2misp] Use describeTy… Merge pull request #7500 from J… (compare)

  • 16:41

    JakubOnderka on develop

    fix: [stix2misp] Use describeTy… Merge pull request #7500 from J… (compare)

  • 16:40
    JakubOnderka closed #7500
  • 16:40
    JakubOnderka closed #7500
  • 16:40
    JakubOnderka ready_for_review #7500
  • 16:40
    JakubOnderka ready_for_review #7500
  • Jul 31 12:56
    Rivaldosetiawan135 starred MISP/misp-warninglists
  • Jul 31 08:42

    adulau on develop

    chg: [warning-lists] updated to… Merge branch '2.4' of github.co… Merge branch '2.4' of github.co… (compare)

  • Jul 31 08:42

    adulau on develop

    chg: [warning-lists] updated to… Merge branch '2.4' of github.co… Merge branch '2.4' of github.co… (compare)

  • Jul 31 08:42

    adulau on 2.4

    chg: [warning-lists] updated to… Merge branch '2.4' of github.co… (compare)

  • Jul 31 08:42

    adulau on 2.4

    chg: [warning-lists] updated to… Merge branch '2.4' of github.co… (compare)

andras
@andras:matrix.circl.lu
[m]
Will have a look later tonight
Feldunost
@Feldunost
yeah no worries, i'm searching others ways
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
Anyone working with misp-module that has any feeling of wether it could be updated to use chardet 4.0.0 ? https://github.com/chardet/chardet/releases/tag/4.0.0
1 reply
imidoriya
@imidoriya
Any way to query the jobs queue via API for pending count and such? I’d like to keep track of the job queue for monitoring as sometimes it gets backlogged.
2 replies
andras
@andras:matrix.circl.lu
[m]
it returns json, the same way as all other APIs
just pass the correct accept and content-type headers
or if your monitoring tool can't do that
just append .json at the end of the url
luciano (righel)
@luciano:matrix.circl.lu
[m]
example:
curl --location --request GET 'https://misp.local/jobs' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--header 'Authorization: YOUR_API_KEY'
Feldunost
@Feldunost
@andras:matrix.circl.lu updated to .144, same problem with stix import
imidoriya
@imidoriya
Does setting Security.advanced_authkeys=True invalidate existing keys? I’d like to turn this on, but not if it’s going to break all existing API users.
andras
@andras:matrix.circl.lu
[m]
It does indeed
buuuut
if you enable it
and go to your server diagnostics
there's a button called Update Authkeys to advanced Authkeys
which will create the new style API keys out of the existing ones
one downside: The new authkey system is partially there because we wanted to store only the hashes of passwords
so this kinda defeats the purpose in that there will be a version of the keys you copy over in the clear on the user object
if you're fine with that you can totally do it though
and maintain access for all the users
future keys that get generated will only exist in their hashed state from there on
imidoriya
@imidoriya
cool, thanks
andras
@andras:matrix.circl.lu
[m]
no worries
imidoriya
@imidoriya
Can I run the Update Authkeys to advanced Authkeys prior to enabling advanced_authkeys?
andras
@andras:matrix.circl.lu
[m]
errr
not sure
I guess maybe? :)
imidoriya
@imidoriya
lol
andras
@andras:matrix.circl.lu
[m]
just tried it
seems to work without enabling it
imidoriya
@imidoriya
Hmmm, it said The upgrade process is complete, 0 authkey(s) generated.. I went ahead and enabled advanced_authkeys and things still seem to be working. Hope that’s the case for everyone else.
Tom
@nyx0
Hello, i have an issue with mitre misp-galaxy. Some misp-galaxy:mitre-attack-pattern tags are not available in the API, however we can see the entry in the JSON file (misp-galaxy/main/clusters/mitre-attack-pattern.json) "value": "Boot or Logon Autostart Execution - T1547" it prevents us to add this technique to an event using the API.
3 replies
imidoriya
@imidoriya
Can a wildcard (or multiple entries) be used for the base_url or external_baseurl? Someone was reporting login errors if they just went to https://domain.com, instead of https://www.domain.com (very common practice). I’d like for MISP to support both without issue.
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
You can set it to nothing
But it may introduce bugs, at it is not testet much
Feldunost
@Feldunost
@andras:matrix.circl.lu so actually what is the best way to connect alienvault user's feed to a misp ?
if there is something else than stix import ?
andras
@andras:matrix.circl.lu
[m]
No idea not using it ourselves :(
Feldunost
@Feldunost
I guess i got to wait for stix fix for now.
Feldunost
@Feldunost
ok stix import works but it creates another event. instead i want it to populate a specific event ... aha
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
So, yes, adminitrators have to pay attention, but would it be sensible to have the default role in the add user gui to be "User", not "admin" ?
1 reply
andras
@andras:matrix.circl.lu
[m]
yeah you can set a default
so if you set user, then each time you create a new user it will default to that in the UI
also IIRC if you create a user via the API without a role_id set it will default to that (but not 100% about that)
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
Yes, but i feel the default default should be User, not Admin :)
andras
@andras:matrix.circl.lu
[m]
yeah that would indeed make sense
sharing is caring but that's taking it a step too far by default probably
wth! that change broke production stuff for me. why is the stix converter legacy?