MISP/Support

The ultimate support channel for all things MISP. Please come prepared. Bring log files and turn off SELinux. Please contribute your new knowledge to https://github.com/MISP/misp-book/tree/master/faq Error logs: /var/www/MISP/app/tmp/logs/error.log

Andras Iklody

@iglocska

Hello, I recently was "given" an extremely outdated version of MISP. After much debugging and updating I finally have a working instance. Now when I try to pull events it gives me the following errors:
2022-08-09 13:27:10 Notice: Undefined index: Attribute in [/var/www/MISP/app/Model/Event.php, line 7546]
Warning Error: Invalid argument supplied for foreach() in [/var/www/MISP/app/Model/Event.php, line 7546]

This one is potentially interesting. I can see that being an issue

iglocska

@andras:matrix.circl.lu

[m]

I've pushed a speculative fix to the 2.4 branch

git pull to get it

Anders Einar (Kagee)

@hildenae:matrix.org

[m]

Oh, so it was a new bug? I was expecting something stuck from the old install 😅

iglocska

@andras:matrix.circl.lu

[m]

it's an old bug

but a bit of an edge case

ZMQ needs to be enabled and you need to push an event with empty objects

Kamil Mikulski

@kamilm119:matrix.org

[m]

Hi, I am new to MISP and tried to install it on VirtualBox Ubuntu Server 20.04. Installation was successful but I have a few questions: 1) how do I login on my newly created @misp account (root is default)? 2) How do I start MISP from ubuntu server? 3) I understand that once the server is running I should login through a website opened with IP number - should I open second linux on virutalbox or can I connect through windows on which I have the virtualbox installed? Apologies for noob questions

junior-skater

@junior-skater

@andras:matrix.circl.lu thanks you, i already fixed the typo and it worked, my bad jajaj

Weliton Souza

@ServSlack

Hello, I have updated MISP today to " v.2.4.160 " and after reload " Diagnostics " tab I can see a lot of " Benign Deltas " to update data base:

I copy each one and conencted on my DB instance I run all using MISP user and using MISP DB, but after update " Diagnostics " tab nothing update.

Anders Einar (Kagee)

@hildenae:matrix.org

[m]

@ServSlack: you can ignore all the ones in your screenshot. They are bugs? FPs? because of how different versions of MySQL describe tables.

Kamil Mikulski

@kamilm119:matrix.org

[m]

what's the default password for a local user created by misp installer?

Anders Einar (Kagee)

@hildenae:matrix.org

[m]

Kamil Mikulski: https://www.circl.lu/doc/misp/quick-start/

Kamil Mikulski

@kamilm119:matrix.org

[m]

Isn't it only for the bootable test environment? I meant a local user recommended by install.sh when installing on ubuntu server

Anders Einar (Kagee)

@hildenae:matrix.org

[m]

The OS user? It was randomly generated during the installation and printed to console.

Kamil Mikulski

@kamilm119:matrix.org

[m]

Anders Einar (Kagee): Yes it did. Now I wanted to log in back to the local user to finally access the server. I think I need to do it right? Apologies for tormenting you here with these silly questions but I've never installed nor run anything on ubuntu SERVER and I am a bit stuck between having installed MISP and not being sure what do I need to do now to be able to access it via website. So logging to a local user, finding the server IP, running MISP server and logging

Anders Einar (Kagee)

@hildenae:matrix.org

[m]

I would assume you would just log in with the same user you ran the install script from? But how do you not know the machine IP? You would need that to SSH to it ...

Kamil Mikulski

@kamilm119:matrix.org

[m]

I run the install script as a root, then the installer suggested to switch (and to create) new misp user different than root. I wasn't asked for the machine IP so I didn't do anything with SSH

Anders Einar (Kagee)

@hildenae:matrix.org

[m]

How did you connec to to the machine? How did you log in to access the machine as root ?

Kamil Mikulski

@kamilm119:matrix.org

[m]

I've followed this: https://misp.github.io/MISP/INSTALL.ubuntu2004/ and that: https://www.youtube.com/watch?v=nZcTc60YsIs

iglocska

@andras:matrix.circl.lu

[m]

so let's take a step back.

you were logged into a machine (either directly, via SSH, or via your virtualisation software's own GUI/console access)

on that machine you ran the install script that created the additional misp user and configured MISP for you

you are already logged in as root, so you have full access to the machine. No need to ever log in with the MISP user itself (and since you're root you can just su misp if you want it anyway)

once it is running you can access MISP via the web browser, by navigating to the IP that MISP is available on

(on VMs it's most likely going to be a forwarded port to the host, make sure you read the instructions at the end of the installer)

Weliton Souza

@ServSlack

Hey Guys @andras:matrix.circl.lu and others I need your help.

After my last update for MISP 2.4.160 I have updates stucked for my DB:

I check and all workes are in Running state...

Forllow the error:

[2022-08-11 21:11:14] main.ERROR: {"queue":"prio","id":"d9a6a73fc79e47af2186f933931578f4","class":"AdminShell","args":[["runUpdates",9438]]} failed: SQLSTATE [22007]: Invalid datetime format: 1366 Incorrect integer value: '' for column misp.jobs.status at row 1 {"type":"fail","log":"SQLSTATE[22007]: Invalid datetime format: 1366 Incorrect integer value: '' for column misp.jobs.status at row 1","job_id":"d9a6a73fc79e47af2186f933931578f4","time":86,"worker": "45c4f460fd6f:3653"} []
[2022-08-11 21:31:39] main.INFO: got {"queue":"prio","id":"f63246d27af85ffccb6e82e632288523","class":"AdminShell","args":[["runUpdates",9439]]} {"type":"got","args":"[object] (Resque_Job: {\"queue\":\"prio\",\"id\":\"f63246d27af85ffccb6e82e632288523\",\"class\":\"AdminShell\",\"args\":[[\"runUpdates\",9439]]})","worker":"45c4f460fd6f:3653"} []
[2022-08-11 21:31:39] main.INFO: Processing ID:f63246d27af85ffccb6e82e632288523 in prio {"type":"process","worker":"45c4f460fd6f:3653","job_id":"f63246d27af85ffccb6e82e632288523"} []
[2022-08-11 21:31:39] main.ERROR: {"queue":"prio","id":"f63246d27af85ffccb6e82e632288523","class":"AdminShell","args":[["runUpdates",9439]]} failed: SQLSTATE[22007]: Invalid datetime format: 1366 Incorrect integer value: '' for column misp.jobs.status at row 1 {"type":"fail","log":"SQLSTATE[22007]: Invalid datetime format: 1366 Incorrect integer value: '' for column misp.jobs.status at row 1","job_id":"f63246d27af85ffccb6e82e632288523","time":108,"worker":"45c4f460fd6f:3653"} []

Weliton Souza

@ServSlack

After include the line below inside " /etc/mysql/my.cnf " and restart DB my instance I again release the update and it run normally

sql_mode = ""

Weliton Souza

@ServSlack

My problem now is related with another instance and getting another type of error:

resque-2022-08-11.log

[2022-08-11 22:42:45] main.ERROR: {"queue":"prio","id":"e395667a6ae5a466316b84e5e2b194e0","class":"AdminShell","args":[["runUpdates",3063]]} failed: SQLSTATE[23000]: Integrity constraint violation: 1062 Duplicate entry '183885-14235790-35778' for key 'unique_correlation' {"type":"fail","log":"SQLSTATE[23000]: Integrity constraint violation: 1062 Duplicate entry '183885-14235790-35778' for key 'unique_correlation'","job_id":"e395667a6ae5a466316b84e5e2b194e0","time":217,"worker":"2ca66f78eb1c:182"} []
[2022-08-11 22:42:45] main.INFO: got {"queue":"prio","id":"de5f77ae2f6064aaba67540d38b226c6","class":"AdminShell","args":[["runUpdates",3064]]} {"type":"got","args":"[object] (Resque_Job: {\"queue\":\"prio\",\"id\":\"de5f77ae2f6064aaba67540d38b226c6\",\"class\":\"AdminShell\",\"args\":[[\"runUpdates\",3064]]})","worker":"2ca66f78eb1c:182"} []

3 replies

Weliton Souza

@ServSlack

Weliton Souza

@ServSlack

All time that I try release job update are created two jobs and one always failed:

Marius Karotkis

@mariuskarotkis

iglocska

@andras:matrix.circl.lu

[m]

Chicken and egg issue, getting the index set will prevent any similar issues

but you can't set the index because the issue is already there

truncating the table -> upgrading -> recorrelating should solve it

1 reply

phil0u

@phil0u

Hi ! I'm new to MISP, so i used Docker to quickly bootstrap a working environment, so far so good. I'm now struggling to install mail_to_misp. I've tried with Ubuntu , Debian10 and 11, venv or not, and i have errors when trying the test email included on the GitHub repo.

phil0u

@phil0u

~/mail_to_misp$ ./mail_to_misp.py -r tests/mails/simple_forward.eml
...
warnings.warn(
Traceback (most recent call last):
File "./mail_to_misp.py", line 101, in <module>
mail2misp.add_event()
File "/home/misp/mail_to_misp/mail2misp/mail2misp.py", line 414, in add_event
event = self.misp.add_event(self.misp_event, pythonify=True)
File "/home/misp/mispmail/lib/python3.8/site-packages/pymisp/api.py", line 379, in add_event
e.load(new_event)
File "/home/misp/mispmail/lib/python3.8/site-packages/pymisp/mispevent.py", line 1616, in load
self.from_dict(**event)
File "/home/misp/mispmail/lib/python3.8/site-packages/pymisp/mispevent.py", line 1661, in from_dict
raise NewEventError('The info field of the new event is required.')
pymisp.exceptions.NewEventError: The info field of the new event is required.

phil0u

@phil0u

I finally got it to work by using a separate VM (debian64, running Python 3.9). Still has issues and few failures on the repo test emails (i'll file an issue) than the one that served as my Docker environnement (Ubuntu 20.04 using python 3.8). BTW, Ubuntu 22.04 (Python 3.10) is not working either so far.

VitorUgo

@vicki1dosgames_twitter

Hello, i don't receive any information on my threat intel misp in elasticsearch but my filebeat don't have any error. Any solution for this problem?

PavelicF

@PavelicF

Hi, after updating MISP to latest version ( v2.4.161 (4d9ea1e4e37eddb4d2974d27e3f64c5f7853fa43) ) we did a pull all from a remote server. We can now see events but after opening them we can't see the attributes.
They are searchable in the list/search attributes section but arent in the view of the event itself. I dont know if its of any importance but we also disabled correlations.

We are getting this error message when viewing event:
Attribute warning: This event doesn't have any attributes visible to you. Either the owner of the event decided to have a specific distribution scheme per attribute and wanted to still distribute the event alone either for notification or potential contribution with attributes without such restriction. Or the owner forgot to add the attributes or the appropriate distribution level. If you think there is a mistake or you can contribute attributes based on the event meta-information, feel free to make a proposal.

Can anyone help please?

Thomas Ward

@teward

@PavelicF I would start by checking what the configuration is on the remote server from the attributes. It sounds like maybe the attributes don't inherit the sharing status of the Event as the warning itself states.

sharonmary

@sharonmary:matrix.org

[m]

Good news
Put an end to your financial problems,now you can start earning with your PC or mobile phone, PAY INSTANTLY!
So far I’ve made over €5,500 in last 12days of doing this!(HOW) info inbox me the directly Telegram
👇👇
https://t.me/+klV1ANnp3q02YjU0

Where communities thrive

People

Repo info

Activity

resque-2022-08-11.log