Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • 11:23

    adulau on main

    chg: [types] updated (compare)

  • 10:32

    adulau on main

    chg: [types] updated chg: [types] updated for jarm-f… (compare)

  • Nov 17 16:43
    adulau commented #163
  • Nov 17 16:08
    TTycho commented #163
  • Nov 17 10:47
    mokaddem commented #132
  • Nov 17 04:38
    PROTechThor labeled #2
  • Nov 17 04:38
    PROTechThor labeled #2
  • Nov 17 04:37
    PROTechThor labeled #3
  • Nov 17 04:35
    PROTechThor assigned #5
  • Nov 17 04:34
    PROTechThor labeled #6
  • Nov 17 04:34
    PROTechThor labeled #6
  • Nov 17 04:34
    PROTechThor commented #6
  • Nov 17 04:28
    PROTechThor labeled #8
  • Nov 17 04:26
    PROTechThor labeled #9
  • Nov 17 04:26
    PROTechThor labeled #9
  • Nov 17 04:25
    PROTechThor labeled #10
  • Nov 17 04:25
    PROTechThor labeled #10
  • Nov 17 04:24
    PROTechThor labeled #13
  • Nov 17 04:24
    PROTechThor labeled #13
  • Nov 17 04:16
    PROTechThor commented #22
Andras Iklody
@iglocska
they fill up your logs FAST
MC-SECOPS
@MC-SECOPS
Are those accessible in the GUI or directly on the box like the error.log?
Andras Iklody
@iglocska
gui!
when you're logged in, audit log on the top rightish part of the menu
(you do need to be a site admin to see it)
MC-SECOPS
@MC-SECOPS
copy that, I'll try that and see what I can find and will post back to you. Thank you for the quick response today!
Andras Iklody
@iglocska
no worries, holler when you got the logs and we can take it from there!
Nils Kuhnert
@3c7

Anyone has issues with adding new pgp keys?

[Exception] No key found
Stack Trace:
#0 /var/www/MISP/app/Model/User.php(325): GpgTool->validateGpgKey()
#1 /var/www/MISP/app/Lib/cakephp/lib/Cake/Model/Validator/CakeValidationRule.php(275): User->validateGpgkey()
#2 /var/www/MISP/app/Lib/cakephp/lib/Cake/Model/Validator/CakeValidationSet.php(135): CakeValidationRule->process()
#3 /var/www/MISP/app/Lib/cakephp/lib/Cake/Model/ModelValidator.php(268): CakeValidationSet->validate()
#4 /var/www/MISP/app/Lib/cakephp/lib/Cake/Model/ModelValidator.php(99): ModelValidator->errors()
#5 /var/www/MISP/app/Lib/cakephp/lib/Cake/Model/Model.php(3502): ModelValidator->validates()
#6 /var/www/MISP/app/Lib/cakephp/lib/Cake/Model/Model.php(1838): Model->validates()
#7 /var/www/MISP/app/Lib/cakephp/lib/Cake/Model/Model.php(1760): Model->_doSave()
#8 /var/www/MISP/app/Controller/UsersController.php(956): Model->save()
#9 [internal function]: UsersController->admin_edit()
#10 /var/www/MISP/app/Lib/cakephp/lib/Cake/Controller/Controller.php(499): ReflectionMethod->invokeArgs()
#11 /var/www/MISP/app/Lib/cakephp/lib/Cake/Routing/Dispatcher.php(193): Controller->invokeAction()
#12 /var/www/MISP/app/Lib/cakephp/lib/Cake/Routing/Dispatcher.php(167): Dispatcher->_invoke()
#13 /var/www/MISP/app/webroot/index.php(92): Dispatcher->dispatch()
#14 {main}

Checked the key and it looks okay.

1 reply
eCrimeLabs
@eCrimeLabs
In the MISP header menu is it in any way possible to add custom links after the "Audit" menu section, or is this a feature request ?
Andras Iklody
@iglocska
feature request :)
eCrimeLabs
@eCrimeLabs
(y)
Andras Iklody
@iglocska
but a sensible one for sure
eCrimeLabs
@eCrimeLabs
done :)
Andras Iklody
@iglocska
cheers!
Anders Einar Hilden
@Kagee
is there any way to change a "random" setting in config.php using the cake shell? (spesificly want to read/set settings udner ApacheSecureAuth)
eCrimeLabs
@eCrimeLabs
Has anyone build a successful content-security-policy setting for MISP by any chance that they can share :)
MC-SECOPS
@MC-SECOPS
@iglocska I've got the debugging logs turned on like we discussed Tuesday, am I still looking at the error.log in /var/www/MISP/app/tmp/logs for new info that this enabled or a different place?
Andras Iklody
@iglocska
nono those should be in the database
you can access them via audit logs in MISP
MC-SECOPS
@MC-SECOPS
My bad, forgot we talked about that already. Checking them now.
MC-SECOPS
@MC-SECOPS
Looking in the audit logs after enabling those options and running a query, there is nothing under any of these logs in the below screenshot around the time I ran the query. I may be doing something incorrectly.
AuditLogOptions.JPG
MC-SECOPS
@MC-SECOPS
@iglocska just wanted to check in if you had some further guidance on my above posts? Thanks!
MySickSi
@MySickSi
image.png
Hey everyone! Im getting an invalid target when attempting to tag a UID. I attempted using curl, and the built-in Rest Client. The UUID Im targeting is our ORG, and I am an admin in MISP. I tried both the name and the number of multiple tags.
image.png
Anders Einar Hilden
@Kagee
@MySickSi Well, your curl screenshot indicates that you are getting a HTTP 302, not a HTTPS 405 - are you using a non-https url or something there?
PandaLyfe
@PandaLyfe
Hey guys! I would fetch feeds but when I review “jobs” they all failed. I have three feeds enabled. I would then review “workers” but all of them are dead. I would “restart” all workers but no luck. Afterwards, I would try to “start a worker” and some would start, but fetching feeds continues to fail. Is there anything I can do to fix this?
MySickSi
@MySickSi
@Kagee Im using non-https url
MySickSi
@MySickSi
Is there a way to tag all events coming in from a remote server?
So that any events coming in will be automatically tagged?
PandaLyfe
@PandaLyfe
Regarding my issue I posted a few minutes ago, I posted an issue on Github at: MISP/MISP#6608. Any help would be appreciated.
mammamiiiya
@mammamiiiya
guys i have a problem. I have hosted my MISP in digital ocean. and today it's storage got full. I have added additional 500 GB but came to know that DigitalOcean doesn't use LVM. Now the problem is, how do I configure the mysql to start writing changes to the new partition? I'm using MISP Docker XME edition
mammamiiiya
@mammamiiiya

@mammamiiiya It would probably be much less error prone if you were able to use DNS instead of HTTP verification for Let's Encrypt

thanks for the help <3

imidoriya
@imidoriya
Is delegating an event suppose to increment the event.id by 1? This is really confusing me as I delegate an event, then it no longer exists. I have a new event though that is the event +1.
imidoriya
@imidoriya
I deleted this question by error. Is it possible to allow a local org to add a local tag that is not the host org? If not, is there a way to disable export on a tag but still allow local orgs to read it via event.tags?
imidoriya
@imidoriya
Alternatively, I tried to let the host org create the tag, but I get an Invalid Target. Can only the owning org tag an event?
imidoriya
@imidoriya
Is there a reason local orgs are not allowed to add local tags? Or the host org is not allowed to change a tag to a local tag without taking ownership? If I did a PR to introduce an option to allow that, would it be accepted?
Greg
@LogicalEy3_twitter
I added a module and it isn't populating, does the service need to be restarted?
Paul Hart
@hart.paul23_gitlab
You are not on a branch, Update MISP will fail (can i get help with this please - trying to update 2.4.126 to 2.4.134
Paul Hart
@hart.paul23_gitlab
Hello anyone know why i'm getting this error - You are not on a branch, Update MISP will fail (can i get help with this please - trying to update 2.4.126 to 2.4.134
Andras Iklody
@iglocska

@iglocska just wanted to check in if you had some further guidance on my above posts? Thanks!

Those logs should show up in your MISP's audit log (via the interface) not in MISP/app/tmp/logs

Is delegating an event suppose to increment the event.id by 1? This is really confusing me as I delegate an event, then it no longer exists. I have a new event though that is the event +1.

It is not incrementing it by 1. It creates a new event. So if you had event ID 25 and you delegated it it COULD become ID 26 - but if other events were created before issuing the request and it being accepted it could easily be 27, 28, or something higher.

The idea is that a delegation purges the existing event of the requestor, in order to recreate a fresh creation history for the newly accepted event, masking the fact that it wasn't created by the organisation accepting the request. (Keep in mind that event logs are visible to other organisations on the instance)

I added a module and it isn't populating, does the service need to be restarted?

Yeah, the module service needs to be restarted

Hello anyone know why i'm getting this error - You are not on a branch, Update MISP will fail (can i get help with this please - trying to update 2.4.126 to 2.4.134

git checkout 2.4

War10ck3
@War10ck3
G'day... I have MISP configured to send emails to users requesting password reset, and there is a digital signature attachment inside the email notification received by users. Is it possible to remove this attachment?
eCrimeLabs
@eCrimeLabs
Was wondering if it is possible to use delegations across a sync between two MISP instances in different organisations where a sharing group is used 
Scenario description
1. On my local MISP instance I'm creating an event and adding a sharing group to share to a specific MISP instans 
2. I'm setting delegation to an organization on the receiving end

Will this be recieved when sync'ed in the delegation queue on the other end or does delegation only work when the event is created locally and delegation handled locally on same instans
imidoriya
@imidoriya
@iglocska it would be nice if the response to accepting the delegation returned the new event_id. How is one to programatically know what the new id is?