Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • Jun 13 22:09
    Wachizungu opened #269
  • Jun 01 19:08
    Wachizungu opened #268
  • May 09 08:38
    adulau commented #267
  • May 09 08:38
    adulau closed #266
  • May 09 08:38

    adulau on main

    chg: [warninglists] Restructure… Merge pull request #267 from Wa… (compare)

  • May 09 08:38
    adulau closed #267
  • May 08 18:29
    Wachizungu opened #267
  • May 05 09:13
    Wachizungu edited #245
  • May 05 06:05
    adulau labeled #266
  • May 04 22:23
    Wachizungu opened #266
  • May 04 16:25
    adulau commented #265
  • May 04 16:25

    adulau on main

    chg: [User stories] Fix typo Merge pull request #265 from Wa… (compare)

  • May 04 16:25
    adulau closed #265
  • May 04 09:24
    Wachizungu opened #265
  • May 01 21:01
    Wachizungu commented #264
  • May 01 20:42
    adulau commented #264
  • May 01 20:42

    adulau on main

    chg: [FAQ] add sudo with user w… Merge pull request #264 from Wa… (compare)

  • May 01 20:42
    adulau closed #264
  • May 01 18:41
    Wachizungu opened #264
  • Apr 24 13:07

    adulau on main

    chg: [automation] add doc for /… Merge pull request #263 from Wa… (compare)

andras
@andras:matrix.circl.lu
[m]
most of the parameters have to be hand evaluated either way - so whether you put the annotation in a comment above the function, or a separate JSON document doesn't matter
Chris Lott
@chrisInMtown_twitter
I have to disagree with you there @andras. It absolutely matters if the doc is with the code, not four directories and a file away. Remember TeX and literate programming? old lessons :/
andras
@andras:matrix.circl.lu
[m]
sure, we have tooling that composes it for us and points it out if something is missing, so we get easily around that
btw, we use TeX for all our slides, so perhaps it's a different mindset ;)
Chris Lott
@chrisInMtown_twitter
omg people still use slitex?
andras
@andras:matrix.circl.lu
[m]
absolutely
Chris Lott
@chrisInMtown_twitter
Please answer a quick question about MISP <-> PyMISP version correspondence: the MISP version tagged 2.4.141 has its PyMISP submodule at a commit for version 2.4.140. I think they should match. Is the mismatch on purpose or a defect?
Maybe that tiny difference doesn't matter, but we noticed this in our upgrade effort and are concerned
andras
@andras:matrix.circl.lu
[m]
no need to be concerned, all good
there was no change to pymisp
Chris Lott
@chrisInMtown_twitter
Thanks @andras:matrix.circl.lu
Andras Iklody
@iglocska
no worries

With the new API key security in place is there any way through PyMISP to create a user add it to an organisation AND create an API key for this user ("Service Account") and get this output .... Currently I've only found that I can create the user then login and create the api key and then copy it from there .... Thanks in advance :)

The response from MISP when you create a user should include an API key that you can use (in theory)

cbboggs
@cbboggs
how would one go about deleting a cached instance of a server? for example - if we added a server entry - set it to cache only, but then later decided to pull events and don't want them all correlating to a cached event as well?
cbboggs
@cbboggs
I can understand existing correlations not being removed just because we uncheck "Caching Enabled" - but I have a feeling that the existing cache is causing some stress on the database while we attempt to sync these events, causing mysql to die and the sync hangs.
Chris Lott
@chrisInMtown_twitter
Unfortunately @andras I found a small but extremely annoying difference PyMISP 2.4.140->2.4.141, the logging behavior; also see MISP/PyMISP#731
Andras Iklody
@iglocska
That could be. However, PyMISP 2.4.141 came out after the MISP release so it will be included with the next MISP release ;) You're obviously free to use a newer PyMISP version
or maybe I misunderstood it
ok I see thought this still had to do with the version pinned in MISP
that is indeed annying
Will ping Raphael
Chris Lott
@chrisInMtown_twitter
Thanks @iglocska
andras
@andras:matrix.circl.lu
[m]
ping Raphaël
Raphaël
@raph:matrix.circl.lu
[m]
pong
hm
andras
@andras:matrix.circl.lu
[m]
😂
Raphaël
@raph:matrix.circl.lu
[m]
(will handle that from the issue asap)
Chris Lott
@chrisInMtown_twitter
Thanks @raph:matrix.circl.lu
Chris Lott
@chrisInMtown_twitter
@raph:matrix.circl.lu and I discussed logging issues back and forth in the issue, not sure we've reached a meeting of the minds tho
andrew134598
@andrew134598
Hi Guys, I have installed the MISP AWS instance (v2.4.141), but the REST API doesn't work? I cannot troubleshoot the issue. Any ideas where can be a problem?
Andras Iklody
@iglocska
The rest api or the rest client?
if it's the latter make sure you set the rest client baseurl in the server settings to someway the instance can connect to itselft.
http(s)://127.0.0.1 should work for example
andrew134598
@andrew134598
@iglocska REST Client, Yes I have baseurl set.
Andras Iklody
@iglocska
can you share a sample query that fails?
andrew134598
@andrew134598
obraz.png
Chris Lott
@chrisInMtown_twitter
The error is "connection timed out" @andrew134598 you answered about baseurl but please note @iglocska was asking you to check setting Security.rest_client_baseurl
5 replies
Just to make sure, this is not to be confused with MISP.baseurl
Carlos Lopez
@clopmz
Hi all. When I try to update to release 2.4.141 from 2.4.140, I have received the following error when I try to update db schema to release 67 from relesea 65:
MariaDB [dbmisp]> ALTER TABLE auth_keys ADD COLUMN allowed_ips text NULL COLLATE utf8mb4_unicode_ci ;
ERROR 1060 (42S21): Duplicate column name 'allowed_ips'
Andras Iklody
@iglocska
sounds like the update already ran, but you shouldn't have to run it by hand anyway
Carlos Lopez
@clopmz
UHmm ... then hwo I can I fix it? Actually in diagonstics:
Most of the time, these benign deltas are artifacts coming from a different database version or RDBMS system used by this instance and thus, can be ignored.
Table name Description Expected schema Actual schema
auth_keys
Column allowed_ips does not exist but should allowed_ips YES text 65535 utf8mb4_unicode_ci text
Expected DB_version: 67Actual DB_version: 65
Updates are not locked DataSource: Database/Mysql
Andras Iklody
@iglocska
it sounds like your updates are stuck
are your workers running?
if you have actual version x
and expected version is x+n
then your updates are stuck
Carlos Lopez
@clopmz
Uhmm .... all workers are running :
Andras Iklody
@iglocska
if you go to server settings -> diagnostics