Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Jul 27 19:11
    JakubOnderka opened #7610
  • Jul 27 19:11
    JakubOnderka opened #7610
  • Jul 27 18:52

    JakubOnderka on develop

    new: [test] Security test for p… chg: [API] Refactor event publi… Merge pull request #7539 from J… (compare)

  • Jul 27 18:52

    JakubOnderka on develop

    new: [test] Security test for p… chg: [API] Refactor event publi… Merge pull request #7539 from J… (compare)

  • Jul 27 18:52
    JakubOnderka closed #7539
  • Jul 27 18:52
    JakubOnderka closed #7539
  • Jul 27 18:52
    JakubOnderka ready_for_review #7539
  • Jul 27 18:52
    JakubOnderka ready_for_review #7539
  • Jul 27 17:17
    JakubOnderka synchronize #7577
  • Jul 27 17:17
    JakubOnderka synchronize #7577
  • Jul 27 17:14
    JakubOnderka closed #7262
  • Jul 27 17:14
    JakubOnderka closed #7262
  • Jul 27 17:13
    JakubOnderka synchronize #7010
  • Jul 27 17:13
    JakubOnderka synchronize #7010
  • Jul 27 17:11

    JakubOnderka on develop

    chg: [internal] Remove unused v… chg: [internal] Removed unused … chg: [internal] Simplified Attr… and 3 more (compare)

  • Jul 27 17:11

    JakubOnderka on develop

    chg: [internal] Remove unused v… chg: [internal] Removed unused … chg: [internal] Simplified Attr… and 3 more (compare)

  • Jul 27 17:11
    JakubOnderka closed #7609
  • Jul 27 17:11
    JakubOnderka closed #7609
  • Jul 27 17:11
    JakubOnderka ready_for_review #7609
  • Jul 27 17:11
    JakubOnderka ready_for_review #7609
andras
@andras:matrix.circl.lu
[m]
just append .json at the end of the url
luciano (righel)
@luciano:matrix.circl.lu
[m]
example:
curl --location --request GET 'https://misp.local/jobs' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--header 'Authorization: YOUR_API_KEY'
Feldunost
@Feldunost
@andras:matrix.circl.lu updated to .144, same problem with stix import
imidoriya
@imidoriya
Does setting Security.advanced_authkeys=True invalidate existing keys? I’d like to turn this on, but not if it’s going to break all existing API users.
andras
@andras:matrix.circl.lu
[m]
It does indeed
buuuut
if you enable it
and go to your server diagnostics
there's a button called Update Authkeys to advanced Authkeys
which will create the new style API keys out of the existing ones
one downside: The new authkey system is partially there because we wanted to store only the hashes of passwords
so this kinda defeats the purpose in that there will be a version of the keys you copy over in the clear on the user object
if you're fine with that you can totally do it though
and maintain access for all the users
future keys that get generated will only exist in their hashed state from there on
imidoriya
@imidoriya
cool, thanks
andras
@andras:matrix.circl.lu
[m]
no worries
imidoriya
@imidoriya
Can I run the Update Authkeys to advanced Authkeys prior to enabling advanced_authkeys?
andras
@andras:matrix.circl.lu
[m]
errr
not sure
I guess maybe? :)
imidoriya
@imidoriya
lol
andras
@andras:matrix.circl.lu
[m]
just tried it
seems to work without enabling it
imidoriya
@imidoriya
Hmmm, it said The upgrade process is complete, 0 authkey(s) generated.. I went ahead and enabled advanced_authkeys and things still seem to be working. Hope that’s the case for everyone else.
Tom
@nyx0
Hello, i have an issue with mitre misp-galaxy. Some misp-galaxy:mitre-attack-pattern tags are not available in the API, however we can see the entry in the JSON file (misp-galaxy/main/clusters/mitre-attack-pattern.json) "value": "Boot or Logon Autostart Execution - T1547" it prevents us to add this technique to an event using the API.
3 replies
imidoriya
@imidoriya
Can a wildcard (or multiple entries) be used for the base_url or external_baseurl? Someone was reporting login errors if they just went to https://domain.com, instead of https://www.domain.com (very common practice). I’d like for MISP to support both without issue.
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
You can set it to nothing
But it may introduce bugs, at it is not testet much
Feldunost
@Feldunost
@andras:matrix.circl.lu so actually what is the best way to connect alienvault user's feed to a misp ?
if there is something else than stix import ?
andras
@andras:matrix.circl.lu
[m]
No idea not using it ourselves :(
Feldunost
@Feldunost
I guess i got to wait for stix fix for now.
Feldunost
@Feldunost
ok stix import works but it creates another event. instead i want it to populate a specific event ... aha
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
So, yes, adminitrators have to pay attention, but would it be sensible to have the default role in the add user gui to be "User", not "admin" ?
1 reply
andras
@andras:matrix.circl.lu
[m]
yeah you can set a default
so if you set user, then each time you create a new user it will default to that in the UI
also IIRC if you create a user via the API without a role_id set it will default to that (but not 100% about that)
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
Yes, but i feel the default default should be User, not Admin :)
andras
@andras:matrix.circl.lu
[m]
yeah that would indeed make sense
sharing is caring but that's taking it a step too far by default probably
wth! that change broke production stuff for me. why is the stix converter legacy?
I know misp itself has an api but you do know it does not part every single aspect of stix and import metadata as tags/comments. so people like me still depend on the legacy stix converter. I only found out because logs were being spammed due to inability to import the module
what necessitated the change? it's a publicly exposed api so removing will only have negative impact
please help me restore it if possible, I have 0 time at all (I'll file a bug later as needed)
Michael
@ag-michael
restored that line+file and fortunately that solved it :D
Hector Angel
@rhector123_twitter
Hello, someone knows how to create new types of attributes and categories?
Andras Iklody
@iglocska
@ag-michael - what were you missing from the built in stix converter? The one in pymisp is a pretty simplistic importer that just captures indicators iirc

Hello, someone knows how to create new types of attributes and categories?

New types and categories are created by the misp project rather than something that users normally modify. If you do make changes without sharing it back to the community, you might run into a situation where your data will be discarded during a synchronisation with other parties. Can you describe what types you're missing?

4 replies