Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • Oct 26 09:39

    adulau on main

    chg: [types and categories] ssh… Merge branch 'main' of github.c… (compare)

  • Oct 13 20:04
    adulau commented #272
  • Oct 13 20:04

    adulau on main

    Update README.md Fix typo Merge pull request #272 from cl… (compare)

  • Oct 13 20:04
    adulau closed #272
  • Oct 13 08:34
    cliodhna-lynch opened #272
  • Oct 01 17:55
    adulau commented #270
  • Oct 01 17:55

    adulau on main

    Fix typos Merge pull request #270 from ga… (compare)

  • Oct 01 17:55
    adulau closed #270
  • Oct 01 12:15
    Wachizungu opened #271
  • Oct 01 09:47
    garanews opened #270
  • Aug 20 06:34

    cvandeplas on main

    chg: [types] updated types and … (compare)

  • Jun 13 22:09
    Wachizungu opened #269
  • Jun 01 19:08
    Wachizungu opened #268
  • May 09 08:38
    adulau commented #267
  • May 09 08:38
    adulau closed #266
  • May 09 08:38

    adulau on main

    chg: [warninglists] Restructure… Merge pull request #267 from Wa… (compare)

  • May 09 08:38
    adulau closed #267
  • May 08 18:29
    Wachizungu opened #267
  • May 05 09:13
    Wachizungu edited #245
  • May 05 06:05
    adulau labeled #266
mtoivo
@mtoivo_twitter
A quick question: after installing hotfix update, should the MYSQL.sql be imported again? It should not overwrite anything, but new tables will be created etc?
Also: diagnostics show that expected_db version is: 72, but the MYSQL.sql included inserts db_version to: 61
mtoivo
@mtoivo_twitter
And finally: I cannot (hotfix-)update the installed MISP via git, because the underlying OS does not have internet connection. Therefore I've just packaged the MISP elsewhere beforehand, created an archive out of it and just unarchived that on top of the old installation, saving the old config file (and not deleting stuff created there after previous installation). Is it possble that I run into poblems with this approach?
War10ck3
@War10ck3
I am attempting a new MISP deployment and am unable to install the PHP repo. I also attempted to install it manually using install.sh during the MISP installation process, but I received a gpg error. How can I troubleshoot this?
php issue.png
lucatrabalza
@lucatrabalza
how can i export all ip address of all events in my misp ?
LFED-FP
@LFED-FP
Hey y'all!!! I have a quick question I hope someone can help me out with
I am running MISP v 2.4.141
I can build and docker-compose up my local version of misp just fine

But I am getting these weird message constantly being spamed

misp_web        | 2021-08-18 17:53:38,764 INFO success: master entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
misp_web        | 2021-08-18 17:53:38,773 INFO exited: master (exit status 1; not expected)
misp_web        | 2021-08-18 17:53:39,781 INFO spawned: 'master' with pid 185

Any idea why and how I might be able to fix this?

Further, when I visit my local host I am being redirected to this url https://gearssdk.opswat.com? Is this normal? Any clarity would be greatly appreciated!!
LFED-FP
@LFED-FP
Im on mac catalina V10.15.7
docker info
 ~ docker info
Client:
 Context:    default
 Debug Mode: false
 Plugins:
  app: Docker App (Docker Inc., v0.9.1-beta3)
  buildx: Build with BuildKit (Docker Inc., v0.5.1-docker)
  scan: Docker Scan (Docker Inc., v0.5.0)

Server:
 Server Version: 20.10.5
LaramieSmile
@LaramieSmile
Hey all. I'm trying to setup Azure AD SSO for my MISP instance and need to know what the Assertion Consumer Service URL is for the MISP host. Anyone happen to know that info or where I can find it?
Monah Baki
@mbaki
Hi all first time installing MISP, I got it up and running on VMware, but when I try to change a user password, I get disconnected for about 5-10 min and my SSH session drops, any reason why?
kara-1234
@kara-1234
really dumb question. I'm on MISP 2.4.110 (I know, a little old, looking at updating soon) but is there a fix for searching events with the rest client? I expect using event.date to only get the user supplied date of the event, but when I do lets say event date 2021/08/20, I get an event from 2021/08/06 that was updated on 2021/08/20.
1 reply
I would think event.date would let me just search by user supplied event date, event.last would be any events modified in the last X time, and then event.published_date and event.timestamp would let me filter based on published dates and timestamp (maybe first change?) respectfully.
kara-1234
@kara-1234
Also, not sure if it's a bug, but my first recorded change and last change timestamps sometimes match when they shouldn't.. like first recorded change jumps to the last change.
bl4ckm4mb4
@bl4ckm4mb4:matrix.org
[m]
Hi guys, I hope u're good & enjoining the weekend.. I've one doubt about the setting "MISP.external_baseurl" .. this have to be a domain name of the server where MISP is installated (? I finished the MISP installation & initial feeds configuration .. I really appreciatte any suggestion . Best Regards
and if you knowns how to push out the downside-banner ("This is an initial install Powered by MISP 2.4.148") please tell me .. will help me too..
Kim Hot
@KimHotDK
Hi all,
I'm looking for more information and documentation about the PyMISP and the MISP Automation API - do you have any hidden gems of articles, videos or blogs on the topic? What is your go to?
Acemampz
@Acemampz
hello, i had installed the MISP application on my azure cloud account. the install went smooth. and i am able to access the application. but the application freezes whenever i try to make any changes for example when i try to enable the feeds it freezes? also whenever i make an change in the Server Settings and Maintenance page , like the MISP.email to my company id, i get an error " Request failed for an unknown reason". i get the same error when i try to enable the enrichment as well. how do i solve this issue?
lucatrabalza
@lucatrabalza
hello, i import feed with Scheduled Tasks (fetch_feeds ) every day, but all events have the Published attribute set no, how can i set Published: Yes ? I want this cause to export events in stix format i use the attribute publish_timestamp. This is the comand: curl --insecure -H "Authorization: APY KEY" -H "Content-type: application/json" -H "Accept: application/json" -X "POST" https://myip/events/restSearch -d '{"returnFormat": "stix", "publish_timestamp": "24h"}'
lucatrabalza
@lucatrabalza
how can i do ?
MySickSi
@MySickSi
This message was deleted
Hi all! My cron jobs to cache and fetch feeds have suddenly stopped working. Below you can see the command Im running, and its seen in MISP, but it refuses to complete. Any idea on whats going on and what I can do to correct this?
image.png
image.png
MySickSi
@MySickSi
Hi all, if anyone is in the same position as me, just restart the workers. It fixed my issue.
msc_xyz
@msc_xyz:matrix.org
[m]
Hi everybody, I've got some problems with old sync jobs which seem to stuck (states unknown and running, while in fact done). Anybody could give me some help how to resolve this?
mammamiiiya
@mammamiiiya
Why does the .sql dump takes like forever to load? The dump was pretty quick but the restore process is taking more than 12 hrs. The file is ~120GB.
Command I used to backup:
mysqldump --opt -u misp -p misp > MISPbackupfile.sql
Command I used to restore:
mysql -u misp -p misp < MISPbackupfile.sql
Any help? Also, can I use mysqlpump to load the .sql file?
mammamiiiya
@mammamiiiya
Fast forward, I have successfully imported the file. Took more than a day or so. But the new MISP instance cannot get past the login screen. No errors as well. If i try with an invalid credential, it says authentication failure. But with correct email and pass, it just stucks on logging. Any help? Thanks in advance.
msc_xyz
@msc_xyz:matrix.org
[m]
Does anybody know why some feed syncs are really slow (e.g. abuse.ch MISP feeds)? I already disabled the correlation, but the initial sync is already running for days...
msc_xyz
@msc_xyz:matrix.org
[m]
and is there a possibility to sync events just from a specific date ongoing? my filter (Datefrom:YYYY-MM-DD) doesn't seem to work
lucatrabalza
@lucatrabalza
hello, i import feed with Scheduled Tasks (fetch_feeds ) every day, but all events have the Published attribute set no, how can i set Published: Yes ? I want this cause to export events in stix format i use the attribute publish_timestamp. This is the comand: curl --insecure -H "Authorization: APY KEY" -H "Content-type: application/json" -H "Accept: application/json" -X "POST" https://myip/events/restSearch -d '{"returnFormat": "stix", "publish_timestamp": "24h"}'
riccardosl
@riccardosl
Hello everyone, do you know where is possible to find successful and failed login events in MISP folders?
meltedpenguin
@meltedpenguin
I seem to be having the same issue that is being reported by @msc_xyz:matrix.org. Does anyone know why that may be the case? Or could someone point me to a potential log file that may have more information?
2 replies
cybgit
@cybgit
Question re Correlation exclusions. When you add exclusions and then run the clean up correlations, is it supposed to untick the correlation check next to attributes that match the exclusion, or does it just go through the correlations DB and remove matched entries, but doesnt update all the attributes across events that match the exclusion?
lucatrabalza
@lucatrabalza
Hi, my MISP go very slow, i have 8 cpu 8gb of ram and 100 gb hard disk, how can i do to become misp more faster ? how can i do tuning ?
cybgit
@cybgit
When you say slow @lucatrabalza do you mean in navigation of the UI or when certain activities are performed. Have you ran htop or other system commands to identify if memory, cpu, disk is being maxed out etc?
eCrimeLabs
@eCrimeLabs
@lucatrabalza look at your MySQL config I’ve in the past has these issues but were due to the config there being set to low as default
msc_xyz
@msc_xyz:matrix.org
[m]
@eCrimeLabs: what do you mean with "low setting"?
eCrimeLabs
@eCrimeLabs
Typically memory and threading if I recall correctly but in general optimize
msc_xyz
@msc_xyz:matrix.org
[m]
thanks for the hint
I've switched to redis for php session and added innodb_buffer_pool_size to the mariadb config file (section mysqld). This already speeds up everything much
could you suggest some other variables for tuning the database?
eCrimeLabs
@eCrimeLabs

@msc_xyz:matrix.org

[mysqld]
bind-address=127.0.0.1
innodb_buffer_pool_instances=6
query_cache_size=2048M
innodb_buffer_pool_size=6G
max_allowed_packet=300M
innodb_log_file_size=256M

This did some good for me, could potentially be optimized even more :)

2 replies
github-germ
@github-germ
Hello... can anyone educate me on the source of the data in redis 'misp:cidr_cache_list' ?
github-germ
@github-germ
OK, figured that out. thx.
meltedpenguin
@meltedpenguin
@eCrimeLabs Could you provide some information where these settings are? I am running Ubuntu 20.04.