Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • Jan 05 15:11

    righel on main

    fix: add flag to update deps as… (compare)

  • Dec 23 2021 15:06
    adulau commented #274
  • Dec 23 2021 15:06

    adulau on main

    add: SimpleBackgroundJobs migra… Merge pull request #274 from ri… (compare)

  • Dec 23 2021 15:06
    adulau closed #274
  • Dec 23 2021 14:53
    righel opened #274
  • Nov 30 2021 13:08

    cvandeplas on main

    chg: [feeds] added inherit from… (compare)

  • Nov 29 2021 15:33
    besendorf opened #273
  • Oct 26 2021 09:39

    adulau on main

    chg: [types and categories] ssh… Merge branch 'main' of github.c… (compare)

  • Oct 13 2021 20:04
    adulau commented #272
  • Oct 13 2021 20:04

    adulau on main

    Update README.md Fix typo Merge pull request #272 from cl… (compare)

  • Oct 13 2021 20:04
    adulau closed #272
  • Oct 13 2021 08:34
    cliodhna-lynch opened #272
  • Oct 01 2021 17:55
    adulau commented #270
  • Oct 01 2021 17:55

    adulau on main

    Fix typos Merge pull request #270 from ga… (compare)

  • Oct 01 2021 17:55
    adulau closed #270
  • Oct 01 2021 12:15
    Wachizungu opened #271
  • Oct 01 2021 09:47
    garanews opened #270
  • Aug 20 2021 06:34

    cvandeplas on main

    chg: [types] updated types and … (compare)

  • Jun 13 2021 22:09
    Wachizungu opened #269
  • Jun 01 2021 19:08
    Wachizungu opened #268
Sascha Rommelfangen
@rommelfs
You had a working file and modified something. Since then it doesn’t work.
lucatrabalza
@lucatrabalza
no never work the import of the events using curl
Sascha Rommelfangen
@rommelfs
Then I don’t know what I read earlier today in this channel
lucatrabalza
@lucatrabalza
i'd like just to import json misp event using curl
Sascha Rommelfangen
@rommelfs
please share your full json file or create one that you can share.
lucatrabalza
@lucatrabalza
now it works, mabye syntax error of json file. How can i understand if curl will b successful exeduted or not? Cause i'd like to run the script with cron job so i'd like to know witch json file are successful imported and witch are not imported on misp. Thank you
3 replies
luciano (righel)
@luciano:matrix.circl.lu
[m]
/var/www/MISP/app/tmp/logs
match-markhattarki
@match-markhattarki

hello... I just stood up my own misp instance. I installed it on a ubuntu system, following the instructions as best as I could. I ran the INSTALL.SH -c, as per the instructions. I am not sure if I need to install modules or other components.

When I try to add a feed, I get a "feed not added" banner at the top. I don't see any errors in the logs. I am guessing that something might not be writable.

PLEASE! Any help or pointers would be greatly appreciated!!!!

1 reply
Milann SHRESTHA
@milannshrestha
How do i revert to Org Name from Org Logo.. I don't see any option..
lucatrabalza
@lucatrabalza
if i use "timestamp" to export events that i have imported on the last 24 hours is correct? I want to export just events that i have imported on my SIEM on the last 24 hours
this is my curl:
curl --insecure -H "Authorization: KEY " -H "Content-type: application/json" -H "Accept: application/json" -X "POST" https://MYIP/events/restSearch -d '{"returnFormat": "stix", "publish_timestamp": "24h"}'
IF I RUN THIS CURL query gives me also events that i imported on 13/08/2021 not ONLY the events imported on the last 24 hours
5 replies
Fatima Sadiq
@fatimasadiq
Hello everyone, I want to fetch only info and threat level from the event attribute i tried with misp search , controller and attribue but it didn't work... can anyone help please ... which query is going to used for this .. Thank you
r = misp.search_index(attribute='info' ) it fetching all attributes of event ...i just need info and threat level
lucatrabalza
@lucatrabalza
@lucatrabalza
if i use "timestamp" to export events that i have imported on the last 24 hours is correct? I want to export just events that i have imported on my SIEM on the last 24 hours
this is my curl:
curl --insecure -H "Authorization: KEY " -H "Content-type: application/json" -H "Accept: application/json" -X "POST" https://MYIP/events/restSearch -d '{"returnFormat": "stix", "publish_timestamp": "24h"}'
IF I RUN THIS CURL query gives me also events that i imported on 13/08/2021 not ONLY the events imported on the last 24 hours
how can i change timestamp to Published ??
i'd like export events published on the last 24 h
2 replies
mtoivo
@mtoivo_twitter
A quick question: after installing hotfix update, should the MYSQL.sql be imported again? It should not overwrite anything, but new tables will be created etc?
Also: diagnostics show that expected_db version is: 72, but the MYSQL.sql included inserts db_version to: 61
mtoivo
@mtoivo_twitter
And finally: I cannot (hotfix-)update the installed MISP via git, because the underlying OS does not have internet connection. Therefore I've just packaged the MISP elsewhere beforehand, created an archive out of it and just unarchived that on top of the old installation, saving the old config file (and not deleting stuff created there after previous installation). Is it possble that I run into poblems with this approach?
War10ck3
@War10ck3
I am attempting a new MISP deployment and am unable to install the PHP repo. I also attempted to install it manually using install.sh during the MISP installation process, but I received a gpg error. How can I troubleshoot this?
php issue.png
lucatrabalza
@lucatrabalza
how can i export all ip address of all events in my misp ?
LFED-FP
@LFED-FP
Hey y'all!!! I have a quick question I hope someone can help me out with
I am running MISP v 2.4.141
I can build and docker-compose up my local version of misp just fine

But I am getting these weird message constantly being spamed

misp_web        | 2021-08-18 17:53:38,764 INFO success: master entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
misp_web        | 2021-08-18 17:53:38,773 INFO exited: master (exit status 1; not expected)
misp_web        | 2021-08-18 17:53:39,781 INFO spawned: 'master' with pid 185

Any idea why and how I might be able to fix this?

Further, when I visit my local host I am being redirected to this url https://gearssdk.opswat.com? Is this normal? Any clarity would be greatly appreciated!!
LFED-FP
@LFED-FP
Im on mac catalina V10.15.7
docker info
 ~ docker info
Client:
 Context:    default
 Debug Mode: false
 Plugins:
  app: Docker App (Docker Inc., v0.9.1-beta3)
  buildx: Build with BuildKit (Docker Inc., v0.5.1-docker)
  scan: Docker Scan (Docker Inc., v0.5.0)

Server:
 Server Version: 20.10.5
LaramieSmile
@LaramieSmile
Hey all. I'm trying to setup Azure AD SSO for my MISP instance and need to know what the Assertion Consumer Service URL is for the MISP host. Anyone happen to know that info or where I can find it?
Monah Baki
@mbaki
Hi all first time installing MISP, I got it up and running on VMware, but when I try to change a user password, I get disconnected for about 5-10 min and my SSH session drops, any reason why?
kara-1234
@kara-1234
really dumb question. I'm on MISP 2.4.110 (I know, a little old, looking at updating soon) but is there a fix for searching events with the rest client? I expect using event.date to only get the user supplied date of the event, but when I do lets say event date 2021/08/20, I get an event from 2021/08/06 that was updated on 2021/08/20.
1 reply
I would think event.date would let me just search by user supplied event date, event.last would be any events modified in the last X time, and then event.published_date and event.timestamp would let me filter based on published dates and timestamp (maybe first change?) respectfully.
kara-1234
@kara-1234
Also, not sure if it's a bug, but my first recorded change and last change timestamps sometimes match when they shouldn't.. like first recorded change jumps to the last change.
bl4ckm4mb4
@bl4ckm4mb4:matrix.org
[m]
Hi guys, I hope u're good & enjoining the weekend.. I've one doubt about the setting "MISP.external_baseurl" .. this have to be a domain name of the server where MISP is installated (? I finished the MISP installation & initial feeds configuration .. I really appreciatte any suggestion . Best Regards
and if you knowns how to push out the downside-banner ("This is an initial install Powered by MISP 2.4.148") please tell me .. will help me too..
Kim Hot
@KimHotDK
Hi all,
I'm looking for more information and documentation about the PyMISP and the MISP Automation API - do you have any hidden gems of articles, videos or blogs on the topic? What is your go to?
Acemampz
@Acemampz
hello, i had installed the MISP application on my azure cloud account. the install went smooth. and i am able to access the application. but the application freezes whenever i try to make any changes for example when i try to enable the feeds it freezes? also whenever i make an change in the Server Settings and Maintenance page , like the MISP.email to my company id, i get an error " Request failed for an unknown reason". i get the same error when i try to enable the enrichment as well. how do i solve this issue?
lucatrabalza
@lucatrabalza
hello, i import feed with Scheduled Tasks (fetch_feeds ) every day, but all events have the Published attribute set no, how can i set Published: Yes ? I want this cause to export events in stix format i use the attribute publish_timestamp. This is the comand: curl --insecure -H "Authorization: APY KEY" -H "Content-type: application/json" -H "Accept: application/json" -X "POST" https://myip/events/restSearch -d '{"returnFormat": "stix", "publish_timestamp": "24h"}'
lucatrabalza
@lucatrabalza
how can i do ?
MySickSi
@MySickSi
This message was deleted
Hi all! My cron jobs to cache and fetch feeds have suddenly stopped working. Below you can see the command Im running, and its seen in MISP, but it refuses to complete. Any idea on whats going on and what I can do to correct this?
image.png
image.png
MySickSi
@MySickSi
Hi all, if anyone is in the same position as me, just restart the workers. It fixed my issue.
msc_xyz
@msc_xyz:matrix.org
[m]
Hi everybody, I've got some problems with old sync jobs which seem to stuck (states unknown and running, while in fact done). Anybody could give me some help how to resolve this?
mammamiiiya
@mammamiiiya
Why does the .sql dump takes like forever to load? The dump was pretty quick but the restore process is taking more than 12 hrs. The file is ~120GB.
Command I used to backup:
mysqldump --opt -u misp -p misp > MISPbackupfile.sql
Command I used to restore:
mysql -u misp -p misp < MISPbackupfile.sql
Any help? Also, can I use mysqlpump to load the .sql file?
mammamiiiya
@mammamiiiya
Fast forward, I have successfully imported the file. Took more than a day or so. But the new MISP instance cannot get past the login screen. No errors as well. If i try with an invalid credential, it says authentication failure. But with correct email and pass, it just stucks on logging. Any help? Thanks in advance.