Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • Jun 30 14:58

    chrisr3d on main

    fix: [python doc] Updated instr… (compare)

  • Jun 27 04:44

    cvandeplas on main

    Fixes broken GH taxonomy links Merge pull request #282 from 00… (compare)

  • Jun 27 04:44
    cvandeplas closed #282
  • Jun 27 04:44
    cvandeplas commented #282
  • Jun 26 21:36
    00willo opened #282
  • Jun 02 12:32

    SteveClement on main

    chg: [doc] removed trailing spa… fix: [pdf] PDF conversion works… Merge branch 'MISP:main' into m… and 1 more (compare)

  • Jun 02 12:32
    SteveClement closed #281
  • Jun 02 12:31
    SteveClement opened #281
  • Jun 01 19:56

    SteveClement on main

    chg: [workflow] PDF fails, putt… chg: [workflow] PDF fails, remo… Merge branch 'MISP:main' into m… and 1 more (compare)

  • Jun 01 19:56
    SteveClement closed #280
  • Jun 01 19:56
    SteveClement opened #280
  • Jun 01 15:58

    SteveClement on main

    chg: [workflow] use node_module… chg: [dbg] Workflow chg: [dbg] Workflow, split plug… and 8 more (compare)

  • Jun 01 15:58
    SteveClement closed #279
  • Jun 01 15:57
    SteveClement opened #279
  • Jun 01 14:06

    SteveClement on main

    chg: [doc] Made it working with… new: [workflow] first tentative… chg: [workflow] because npm is … and 4 more (compare)

  • Jun 01 14:06
    SteveClement closed #278
  • Jun 01 14:06
    SteveClement opened #278
  • Jun 01 09:36

    adulau on main

    chg: [honkit] fixes (compare)

  • Jun 01 09:31

    adulau on main

    chg: [workflow] because npm is … (compare)

  • Jun 01 09:23

    adulau on main

    chg: [workflow] because npm is … (compare)

Andras Iklody
@iglocska

Hello, I recently was "given" an extremely outdated version of MISP. After much debugging and updating I finally have a working instance. Now when I try to pull events it gives me the following errors:

2022-08-09 13:27:10 Notice: Undefined index: Attribute in [/var/www/MISP/app/Model/Event.php, line 7546]
Warning Error: Invalid argument supplied for foreach() in [/var/www/MISP/app/Model/Event.php, line 7546]

This one is potentially interesting. I can see that being an issue

iglocska
@andras:matrix.circl.lu
[m]
I've pushed a speculative fix to the 2.4 branch
git pull to get it
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
Oh, so it was a new bug? I was expecting something stuck from the old install 😅
iglocska
@andras:matrix.circl.lu
[m]
it's an old bug
but a bit of an edge case
ZMQ needs to be enabled and you need to push an event with empty objects
Kamil Mikulski
@kamilm119:matrix.org
[m]
Hi, I am new to MISP and tried to install it on VirtualBox Ubuntu Server 20.04. Installation was successful but I have a few questions: 1) how do I login on my newly created @misp account (root is default)? 2) How do I start MISP from ubuntu server? 3) I understand that once the server is running I should login through a website opened with IP number - should I open second linux on virutalbox or can I connect through windows on which I have the virtualbox installed? Apologies for noob questions
junior-skater
@junior-skater
@andras:matrix.circl.lu thanks you, i already fixed the typo and it worked, my bad jajaj
Weliton Souza
@ServSlack
image.png

Hello, I have updated MISP today to " v.2.4.160 " and after reload " Diagnostics " tab I can see a lot of " Benign Deltas " to update data base:

I copy each one and conencted on my DB instance I run all using MISP user and using MISP DB, but after update " Diagnostics " tab nothing update.

image.png
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
@ServSlack: you can ignore all the ones in your screenshot. They are bugs? FPs? because of how different versions of MySQL describe tables.
Kamil Mikulski
@kamilm119:matrix.org
[m]
what's the default password for a local user created by misp installer?
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
Kamil Mikulski
@kamilm119:matrix.org
[m]
Isn't it only for the bootable test environment? I meant a local user recommended by install.sh when installing on ubuntu server
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
The OS user? It was randomly generated during the installation and printed to console.
Kamil Mikulski
@kamilm119:matrix.org
[m]
Anders Einar (Kagee): Yes it did. Now I wanted to log in back to the local user to finally access the server. I think I need to do it right? Apologies for tormenting you here with these silly questions but I've never installed nor run anything on ubuntu SERVER and I am a bit stuck between having installed MISP and not being sure what do I need to do now to be able to access it via website. So logging to a local user, finding the server IP, running MISP server and logging
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
I would assume you would just log in with the same user you ran the install script from? But how do you not know the machine IP? You would need that to SSH to it ...
Kamil Mikulski
@kamilm119:matrix.org
[m]
I run the install script as a root, then the installer suggested to switch (and to create) new misp user different than root. I wasn't asked for the machine IP so I didn't do anything with SSH
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
How did you connec to to the machine? How did you log in to access the machine as root ?
Kamil Mikulski
@kamilm119:matrix.org
[m]
iglocska
@andras:matrix.circl.lu
[m]
so let's take a step back.
you were logged into a machine (either directly, via SSH, or via your virtualisation software's own GUI/console access)
on that machine you ran the install script that created the additional misp user and configured MISP for you
you are already logged in as root, so you have full access to the machine. No need to ever log in with the MISP user itself (and since you're root you can just su misp if you want it anyway)
once it is running you can access MISP via the web browser, by navigating to the IP that MISP is available on
(on VMs it's most likely going to be a forwarded port to the host, make sure you read the instructions at the end of the installer)
Weliton Souza
@ServSlack

Hey Guys @andras:matrix.circl.lu and others I need your help.

After my last update for MISP 2.4.160 I have updates stucked for my DB:

image.png

image.png
I check and all workes are in Running state...

Forllow the error:

[2022-08-11 21:11:14] main.ERROR: {"queue":"prio","id":"d9a6a73fc79e47af2186f933931578f4","class":"AdminShell","args":[["runUpdates",9438]]} failed: SQLSTATE [22007]: Invalid datetime format: 1366 Incorrect integer value: '' for column misp.jobs.status at row 1 {"type":"fail","log":"SQLSTATE[22007]: Invalid datetime format: 1366 Incorrect integer value: '' for column misp.jobs.status at row 1","job_id":"d9a6a73fc79e47af2186f933931578f4","time":86,"worker": "45c4f460fd6f:3653"} []
[2022-08-11 21:31:39] main.INFO: got {"queue":"prio","id":"f63246d27af85ffccb6e82e632288523","class":"AdminShell","args":[["runUpdates",9439]]} {"type":"got","args":"[object] (Resque_Job: {\"queue\":\"prio\",\"id\":\"f63246d27af85ffccb6e82e632288523\",\"class\":\"AdminShell\",\"args\":[[\"runUpdates\",9439]]})","worker":"45c4f460fd6f:3653"} []
[2022-08-11 21:31:39] main.INFO: Processing ID:f63246d27af85ffccb6e82e632288523 in prio {"type":"process","worker":"45c4f460fd6f:3653","job_id":"f63246d27af85ffccb6e82e632288523"} []
[2022-08-11 21:31:39] main.ERROR: {"queue":"prio","id":"f63246d27af85ffccb6e82e632288523","class":"AdminShell","args":[["runUpdates",9439]]} failed: SQLSTATE[22007]: Invalid datetime format: 1366 Incorrect integer value: '' for column misp.jobs.status at row 1 {"type":"fail","log":"SQLSTATE[22007]: Invalid datetime format: 1366 Incorrect integer value: '' for column misp.jobs.status at row 1","job_id":"f63246d27af85ffccb6e82e632288523","time":108,"worker":"45c4f460fd6f:3653"} []

Weliton Souza
@ServSlack

After include the line below inside " /etc/mysql/my.cnf " and restart DB my instance I again release the update and it run normally

sql_mode = ""

image.png
image.png
Weliton Souza
@ServSlack

My problem now is related with another instance and getting another type of error:

resque-2022-08-11.log

[2022-08-11 22:42:45] main.ERROR: {"queue":"prio","id":"e395667a6ae5a466316b84e5e2b194e0","class":"AdminShell","args":[["runUpdates",3063]]} failed: SQLSTATE[23000]: Integrity constraint violation: 1062 Duplicate entry '183885-14235790-35778' for key 'unique_correlation' {"type":"fail","log":"SQLSTATE[23000]: Integrity constraint violation: 1062 Duplicate entry '183885-14235790-35778' for key 'unique_correlation'","job_id":"e395667a6ae5a466316b84e5e2b194e0","time":217,"worker":"2ca66f78eb1c:182"} []
[2022-08-11 22:42:45] main.INFO: got {"queue":"prio","id":"de5f77ae2f6064aaba67540d38b226c6","class":"AdminShell","args":[["runUpdates",3064]]} {"type":"got","args":"[object] (Resque_Job: {\"queue\":\"prio\",\"id\":\"de5f77ae2f6064aaba67540d38b226c6\",\"class\":\"AdminShell\",\"args\":[[\"runUpdates\",3064]]})","worker":"2ca66f78eb1c:182"} []

3 replies
Weliton Souza
@ServSlack
image.png
Weliton Souza
@ServSlack
All time that I try release job update are created two jobs and one always failed:
image.png
Marius Karotkis
@mariuskarotkis
-
iglocska
@andras:matrix.circl.lu
[m]
Chicken and egg issue, getting the index set will prevent any similar issues
but you can't set the index because the issue is already there
truncating the table -> upgrading -> recorrelating should solve it
1 reply
phil0u
@phil0u
Hi ! I'm new to MISP, so i used Docker to quickly bootstrap a working environment, so far so good. I'm now struggling to install mail_to_misp. I've tried with Ubuntu , Debian10 and 11, venv or not, and i have errors when trying the test email included on the GitHub repo.
phil0u
@phil0u
~/mail_to_misp$ ./mail_to_misp.py -r tests/mails/simple_forward.eml
...
warnings.warn(
Traceback (most recent call last):
File "./mail_to_misp.py", line 101, in <module>
mail2misp.add_event()
File "/home/misp/mail_to_misp/mail2misp/mail2misp.py", line 414, in add_event
event = self.misp.add_event(self.misp_event, pythonify=True)
File "/home/misp/mispmail/lib/python3.8/site-packages/pymisp/api.py", line 379, in add_event
e.load(new_event)
File "/home/misp/mispmail/lib/python3.8/site-packages/pymisp/mispevent.py", line 1616, in load
self.from_dict(**event)
File "/home/misp/mispmail/lib/python3.8/site-packages/pymisp/mispevent.py", line 1661, in from_dict
raise NewEventError('The info field of the new event is required.')
pymisp.exceptions.NewEventError: The info field of the new event is required.
phil0u
@phil0u
I finally got it to work by using a separate VM (debian64, running Python 3.9). Still has issues and few failures on the repo test emails (i'll file an issue) than the one that served as my Docker environnement (Ubuntu 20.04 using python 3.8). BTW, Ubuntu 22.04 (Python 3.10) is not working either so far.
VitorUgo
@vicki1dosgames_twitter
Hello, i don't receive any information on my threat intel misp in elasticsearch but my filebeat don't have any error. Any solution for this problem?
PavelicF
@PavelicF

Hi, after updating MISP to latest version ( v2.4.161 (4d9ea1e4e37eddb4d2974d27e3f64c5f7853fa43) ) we did a pull all from a remote server. We can now see events but after opening them we can't see the attributes.
They are searchable in the list/search attributes section but arent in the view of the event itself. I dont know if its of any importance but we also disabled correlations.

We are getting this error message when viewing event:
Attribute warning: This event doesn't have any attributes visible to you. Either the owner of the event decided to have a specific distribution scheme per attribute and wanted to still distribute the event alone either for notification or potential contribution with attributes without such restriction. Or the owner forgot to add the attributes or the appropriate distribution level. If you think there is a mistake or you can contribute attributes based on the event meta-information, feel free to make a proposal.

Can anyone help please?

Thomas Ward
@teward
@PavelicF I would start by checking what the configuration is on the remote server from the attributes. It sounds like maybe the attributes don't inherit the sharing status of the Event as the warning itself states.
sharonmary
@sharonmary:matrix.org
[m]
Good news
Put an end to your financial problems,now you can start earning with your PC or mobile phone, PAY INSTANTLY!
So far I’ve made over €5,500 in last 12days of doing this!(HOW) info inbox me the directly Telegram
👇👇
https://t.me/+klV1ANnp3q02YjU0