Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • Aug 20 06:34

    cvandeplas on main

    chg: [types] updated types and … (compare)

  • Jun 13 22:09
    Wachizungu opened #269
  • Jun 01 19:08
    Wachizungu opened #268
  • May 09 08:38
    adulau commented #267
  • May 09 08:38
    adulau closed #266
  • May 09 08:38

    adulau on main

    chg: [warninglists] Restructure… Merge pull request #267 from Wa… (compare)

  • May 09 08:38
    adulau closed #267
  • May 08 18:29
    Wachizungu opened #267
  • May 05 09:13
    Wachizungu edited #245
  • May 05 06:05
    adulau labeled #266
  • May 04 22:23
    Wachizungu opened #266
  • May 04 16:25
    adulau commented #265
  • May 04 16:25

    adulau on main

    chg: [User stories] Fix typo Merge pull request #265 from Wa… (compare)

  • May 04 16:25
    adulau closed #265
  • May 04 09:24
    Wachizungu opened #265
  • May 01 21:01
    Wachizungu commented #264
  • May 01 20:42
    adulau commented #264
  • May 01 20:42

    adulau on main

    chg: [FAQ] add sudo with user w… Merge pull request #264 from Wa… (compare)

  • May 01 20:42
    adulau closed #264
  • May 01 18:41
    Wachizungu opened #264
Andras Iklody
@iglocska

With the new API key security in place is there any way through PyMISP to create a user add it to an organisation AND create an API key for this user ("Service Account") and get this output .... Currently I've only found that I can create the user then login and create the api key and then copy it from there .... Thanks in advance :)

The response from MISP when you create a user should include an API key that you can use (in theory)

cbboggs
@cbboggs
how would one go about deleting a cached instance of a server? for example - if we added a server entry - set it to cache only, but then later decided to pull events and don't want them all correlating to a cached event as well?
cbboggs
@cbboggs
I can understand existing correlations not being removed just because we uncheck "Caching Enabled" - but I have a feeling that the existing cache is causing some stress on the database while we attempt to sync these events, causing mysql to die and the sync hangs.
Chris Lott
@chrisInMtown_twitter
Unfortunately @andras I found a small but extremely annoying difference PyMISP 2.4.140->2.4.141, the logging behavior; also see MISP/PyMISP#731
Andras Iklody
@iglocska
That could be. However, PyMISP 2.4.141 came out after the MISP release so it will be included with the next MISP release ;) You're obviously free to use a newer PyMISP version
or maybe I misunderstood it
ok I see thought this still had to do with the version pinned in MISP
that is indeed annying
Will ping Raphael
Chris Lott
@chrisInMtown_twitter
Thanks @iglocska
andras
@andras:matrix.circl.lu
[m]
ping Raphaël
Raphaël
@raph:matrix.circl.lu
[m]
pong
hm
andras
@andras:matrix.circl.lu
[m]
😂
Raphaël
@raph:matrix.circl.lu
[m]
(will handle that from the issue asap)
Chris Lott
@chrisInMtown_twitter
Thanks @raph:matrix.circl.lu
Chris Lott
@chrisInMtown_twitter
@raph:matrix.circl.lu and I discussed logging issues back and forth in the issue, not sure we've reached a meeting of the minds tho
andrew134598
@andrew134598
Hi Guys, I have installed the MISP AWS instance (v2.4.141), but the REST API doesn't work? I cannot troubleshoot the issue. Any ideas where can be a problem?
Andras Iklody
@iglocska
The rest api or the rest client?
if it's the latter make sure you set the rest client baseurl in the server settings to someway the instance can connect to itselft.
http(s)://127.0.0.1 should work for example
andrew134598
@andrew134598
@iglocska REST Client, Yes I have baseurl set.
Andras Iklody
@iglocska
can you share a sample query that fails?
andrew134598
@andrew134598
obraz.png
Chris Lott
@chrisInMtown_twitter
The error is "connection timed out" @andrew134598 you answered about baseurl but please note @iglocska was asking you to check setting Security.rest_client_baseurl
5 replies
Just to make sure, this is not to be confused with MISP.baseurl
Carlos Lopez
@clopmz
Hi all. When I try to update to release 2.4.141 from 2.4.140, I have received the following error when I try to update db schema to release 67 from relesea 65:
MariaDB [dbmisp]> ALTER TABLE auth_keys ADD COLUMN allowed_ips text NULL COLLATE utf8mb4_unicode_ci ;
ERROR 1060 (42S21): Duplicate column name 'allowed_ips'
Andras Iklody
@iglocska
sounds like the update already ran, but you shouldn't have to run it by hand anyway
Carlos Lopez
@clopmz
UHmm ... then hwo I can I fix it? Actually in diagonstics:
Most of the time, these benign deltas are artifacts coming from a different database version or RDBMS system used by this instance and thus, can be ignored.
Table name Description Expected schema Actual schema
auth_keys
Column allowed_ips does not exist but should allowed_ips YES text 65535 utf8mb4_unicode_ci text
Expected DB_version: 67Actual DB_version: 65
Updates are not locked DataSource: Database/Mysql
Andras Iklody
@iglocska
it sounds like your updates are stuck
are your workers running?
if you have actual version x
and expected version is x+n
then your updates are stuck
Carlos Lopez
@clopmz
Uhmm .... all workers are running :
Andras Iklody
@iglocska
if you go to server settings -> diagnostics
Carlos Lopez
@clopmz
17895 ? S 0:00 bash -c cd '/var/www/MISP/app/Vendor/kamisama/php-resque-ex'; VERBOSE=true QUEUE='default' PIDFILE='/var/www/MISP/app/Plugin/CakeResque/tmp/16184691085558' APP_INCLUDE=
17896 ? S 0:00 php ./bin/resque
17912 ? S 0:00 bash -c cd '/var/www/MISP/app/Vendor/kamisama/php-resque-ex'; VERBOSE=true QUEUE='prio' PIDFILE='/var/www/MISP/app/Plugin/CakeResque/tmp/1618469108969' APP_INCLUDE='/va
17913 ? S 0:00 php ./bin/resque
17928 ? S 0:00 bash -c cd '/var/www/MISP/app/Vendor/kamisama/php-resque-ex'; VERBOSE=true QUEUE='cache' PIDFILE='/var/www/MISP/app/Plugin/CakeResque/tmp/16184691093793' APP_INCLUDE='/
17929 ? S 0:00 php ./bin/resque
17944 ? S 0:00 bash -c cd '/var/www/MISP/app/Vendor/kamisama/php-resque-ex'; VERBOSE=true QUEUE='email' PIDFILE='/var/www/MISP/app/Plugin/CakeResque/tmp/1618469109789' APP_INCLUDE='/v
17945 ? S 0:00 php ./bin/resque
17960 ? S 0:00 bash -c cd '/var/www/MISP/app/Vendor/kamisama/php-resque-ex'; VERBOSE=true QUEUE='update' PIDFILE='/var/www/MISP/app/Plugin/CakeResque/tmp/16184691101691' APP_INCLUDE='
17961 ? S 0:00 php ./bin/resque
17976 ? S 0:00 bash -c cd '/var/www/MISP/app/Vendor/kamisama/php-resque-ex-scheduler'; VERBOSE=true QUEUE='default' PIDFILE='/var/www/MISP/app/Plugin/CakeResque/tmp/16184691105804' AP
17977 ? S 0:00 php ./bin/resque-scheduler.php
Andras Iklody
@iglocska
view update progress
what does it tell you there?
Carlos Lopez
@clopmz
Yep .... Ah, ok ... Now it shows all is ok:
Most of the time, these benign deltas are artifacts coming from a different database version or RDBMS system used by this instance and thus, can be ignored.
Table name Description Expected schema Actual schema
Expected DB_version: 67Actual DB_version: 67
Updates are not locked DataSource: Database/Mysql
Show database indexes
Index diagnostic:
Andras Iklody
@iglocska
ok all good :)
it just had to run the updates
dan00bielb
@dan00bielb
Good morning, is actually possible to integrate the CISA TAXII feed in the MISP? There is something already implemented?
Andras Iklody
@iglocska
CISA provides integration fo rthat
ArchithSanku
@ArchithSanku
Hello, All !! I had an issue : I have changed Base_Url Settings and external base url settings
am not able to login
changed - MISP.external_baseurl