Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • May 09 08:38
    adulau commented #267
  • May 09 08:38
    adulau closed #266
  • May 09 08:38

    adulau on main

    chg: [warninglists] Restructure… Merge pull request #267 from Wa… (compare)

  • May 09 08:38
    adulau closed #267
  • May 08 18:29
    Wachizungu opened #267
  • May 05 09:13
    Wachizungu edited #245
  • May 05 06:05
    adulau labeled #266
  • May 04 22:23
    Wachizungu opened #266
  • May 04 16:25
    adulau commented #265
  • May 04 16:25

    adulau on main

    chg: [User stories] Fix typo Merge pull request #265 from Wa… (compare)

  • May 04 16:25
    adulau closed #265
  • May 04 09:24
    Wachizungu opened #265
  • May 01 21:01
    Wachizungu commented #264
  • May 01 20:42
    adulau commented #264
  • May 01 20:42

    adulau on main

    chg: [FAQ] add sudo with user w… Merge pull request #264 from Wa… (compare)

  • May 01 20:42
    adulau closed #264
  • May 01 18:41
    Wachizungu opened #264
  • Apr 24 13:07

    adulau on main

    chg: [automation] add doc for /… Merge pull request #263 from Wa… (compare)

  • Apr 24 13:07
    adulau closed #263
  • Apr 24 12:10
    Wachizungu opened #263
andras
@andras:matrix.circl.lu
[m]
This week we’re supporting the locked shields exercise so it’s a bit crazy
Chris Lott
@chrisInMtown_twitter
trying to keep up here .. so every form gets a unique token? and the number of tokens kept on the server is very small?
andras
@andras:matrix.circl.lu
[m]
Yup, not sure what the thresholds are for the framework
Chris Lott
@chrisInMtown_twitter
well anyhow, I'm very glad to hear we're not guessing anymore, you know exactly the cause and a fix is in the works.
andras
@andras:matrix.circl.lu
[m]
Yup, my initial assumption was way off
Chris Lott
@chrisInMtown_twitter
basically I was convinced something about our proxy etc. was breaking these; I couldn't believe that something so basic could be broken
:/
andras
@andras:matrix.circl.lu
[m]
I think it manifests more likely on large events
Chris Lott
@chrisInMtown_twitter
my test events have zero attributes
andras
@andras:matrix.circl.lu
[m]
As the ajax loading hits at a different time
Chris Lott
@chrisInMtown_twitter
zero tags
nada
andras
@andras:matrix.circl.lu
[m]
Ok that’s weird
Chris Lott
@chrisInMtown_twitter
100% reproducible tho
andras
@andras:matrix.circl.lu
[m]
Either way the forms are actually in the attribute lists top buttons
So they’re always there
Chris Lott
@chrisInMtown_twitter
yes I see the page structure uses lots of forms
andras
@andras:matrix.circl.lu
[m]
They need to go
Dumb ideas from ages ago biting us in the arse
Chris Lott
@chrisInMtown_twitter
gotcha. if you have time to contribute just one sentence to #7329 that will really help, thx in adv
or if you have an issue open already, I'll close mine as dupe
Xebus
@Xebus-Systems
@Erreinion if you have a copy of the MISP dummies guide, can i get a copy of it...here in NZ we are building out a MISP platform using Azure as a container instance and im running into some issues around TLS. If you guide has some info around these areas it would help
Levi
@levitannin
Hello MISP peeps. I'm looking for any good resources on utilizing the REST client and/or connecting MISP to RSA NetWitness. I'm newer to this platform (and the community) so if anyone has any information please let me know :)
Chris Lott
@chrisInMtown_twitter
@levitannin if you don't know about it already, you might look at PyMISP which lets you build your own custom REST Client to use the MISP REST interface
Chris Lott
@chrisInMtown_twitter
hmm at the risk of interrupting dinner, or a post-exercise adult beverage, I'd like to ask a question: Can Cake cache (copy to Redis) object attributes
andras
@andras:matrix.circl.lu
[m]
Atm no, but I mean it can do anything we code it to do 😂
But not sure i understood the question
Chris Lott
@chrisInMtown_twitter
we would like overlap (correlation) analysis for object attributes also. Today we only get that for plain attributes
andras
@andras:matrix.circl.lu
[m]
Oh wow really? That’s a bug
It should be for everything
You mean via feed/server caching?
Chris Lott
@chrisInMtown_twitter
um let me rephrase please. I'm not saying it cannot. I'm checking if it CAN
andras
@andras:matrix.circl.lu
[m]
Generally it should ignore objects altogether and fetch all attribute values
Meaning it flattens the event first
Object attributes and normal ones alike
Chris Lott
@chrisInMtown_twitter
none of our feeds processed by supplied MISP/Cake/delta ingest use object-attributes. Only our custom feeds; and MISP/Cake cannot fetch/cache those
andras
@andras:matrix.circl.lu
[m]
It should be able to cache those too
Unless i completely missed the point
Chris Lott
@chrisInMtown_twitter
that's why I say "MISP/Cake cannot cache"
The problem is the ETL task of consuming the premium data feed and munging it into events and attributes;
andras
@andras:matrix.circl.lu
[m]
Yeah depending on the format that might need a fair bit of glue
Chris Lott
@chrisInMtown_twitter
hmm questioning my assumptions here .. I believe that "cache" is an action that copies from the source (the remote server) to the local redis cache.
andras
@andras:matrix.circl.lu
[m]
It’s even dumber than that
Chris Lott
@chrisInMtown_twitter
If however "cache" can operate as copying from local MISP database of events, obj & attributes to local Redis memcache, then that would be very interesting
andras
@andras:matrix.circl.lu
[m]
It loops the remote through the ingestion that you would normally use for a fetch operation
Extracts the values from the derived attributes
Hashes them
And throws them into Redis
When it comes to misp format feeds/misp servers
It does something different