Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • Oct 13 20:04
    adulau commented #272
  • Oct 13 20:04

    adulau on main

    Update README.md Fix typo Merge pull request #272 from cl… (compare)

  • Oct 13 20:04
    adulau closed #272
  • Oct 13 08:34
    cliodhna-lynch opened #272
  • Oct 01 17:55
    adulau commented #270
  • Oct 01 17:55

    adulau on main

    Fix typos Merge pull request #270 from ga… (compare)

  • Oct 01 17:55
    adulau closed #270
  • Oct 01 12:15
    Wachizungu opened #271
  • Oct 01 09:47
    garanews opened #270
  • Aug 20 06:34

    cvandeplas on main

    chg: [types] updated types and … (compare)

  • Jun 13 22:09
    Wachizungu opened #269
  • Jun 01 19:08
    Wachizungu opened #268
  • May 09 08:38
    adulau commented #267
  • May 09 08:38
    adulau closed #266
  • May 09 08:38

    adulau on main

    chg: [warninglists] Restructure… Merge pull request #267 from Wa… (compare)

  • May 09 08:38
    adulau closed #267
  • May 08 18:29
    Wachizungu opened #267
  • May 05 09:13
    Wachizungu edited #245
  • May 05 06:05
    adulau labeled #266
  • May 04 22:23
    Wachizungu opened #266
msc_xyz
@msc_xyz:matrix.org
[m]
Hi everybody, I've got some problems with old sync jobs which seem to stuck (states unknown and running, while in fact done). Anybody could give me some help how to resolve this?
mammamiiiya
@mammamiiiya
Why does the .sql dump takes like forever to load? The dump was pretty quick but the restore process is taking more than 12 hrs. The file is ~120GB.
Command I used to backup:
mysqldump --opt -u misp -p misp > MISPbackupfile.sql
Command I used to restore:
mysql -u misp -p misp < MISPbackupfile.sql
Any help? Also, can I use mysqlpump to load the .sql file?
mammamiiiya
@mammamiiiya
Fast forward, I have successfully imported the file. Took more than a day or so. But the new MISP instance cannot get past the login screen. No errors as well. If i try with an invalid credential, it says authentication failure. But with correct email and pass, it just stucks on logging. Any help? Thanks in advance.
msc_xyz
@msc_xyz:matrix.org
[m]
Does anybody know why some feed syncs are really slow (e.g. abuse.ch MISP feeds)? I already disabled the correlation, but the initial sync is already running for days...
msc_xyz
@msc_xyz:matrix.org
[m]
and is there a possibility to sync events just from a specific date ongoing? my filter (Datefrom:YYYY-MM-DD) doesn't seem to work
lucatrabalza
@lucatrabalza
hello, i import feed with Scheduled Tasks (fetch_feeds ) every day, but all events have the Published attribute set no, how can i set Published: Yes ? I want this cause to export events in stix format i use the attribute publish_timestamp. This is the comand: curl --insecure -H "Authorization: APY KEY" -H "Content-type: application/json" -H "Accept: application/json" -X "POST" https://myip/events/restSearch -d '{"returnFormat": "stix", "publish_timestamp": "24h"}'
riccardosl
@riccardosl
Hello everyone, do you know where is possible to find successful and failed login events in MISP folders?
meltedpenguin
@meltedpenguin
I seem to be having the same issue that is being reported by @msc_xyz:matrix.org. Does anyone know why that may be the case? Or could someone point me to a potential log file that may have more information?
2 replies
cybgit
@cybgit
Question re Correlation exclusions. When you add exclusions and then run the clean up correlations, is it supposed to untick the correlation check next to attributes that match the exclusion, or does it just go through the correlations DB and remove matched entries, but doesnt update all the attributes across events that match the exclusion?
lucatrabalza
@lucatrabalza
Hi, my MISP go very slow, i have 8 cpu 8gb of ram and 100 gb hard disk, how can i do to become misp more faster ? how can i do tuning ?
cybgit
@cybgit
When you say slow @lucatrabalza do you mean in navigation of the UI or when certain activities are performed. Have you ran htop or other system commands to identify if memory, cpu, disk is being maxed out etc?
eCrimeLabs
@eCrimeLabs
@lucatrabalza look at your MySQL config I’ve in the past has these issues but were due to the config there being set to low as default
msc_xyz
@msc_xyz:matrix.org
[m]
@eCrimeLabs: what do you mean with "low setting"?
eCrimeLabs
@eCrimeLabs
Typically memory and threading if I recall correctly but in general optimize
msc_xyz
@msc_xyz:matrix.org
[m]
thanks for the hint
I've switched to redis for php session and added innodb_buffer_pool_size to the mariadb config file (section mysqld). This already speeds up everything much
could you suggest some other variables for tuning the database?
eCrimeLabs
@eCrimeLabs

@msc_xyz:matrix.org

[mysqld]
bind-address=127.0.0.1
innodb_buffer_pool_instances=6
query_cache_size=2048M
innodb_buffer_pool_size=6G
max_allowed_packet=300M
innodb_log_file_size=256M

This did some good for me, could potentially be optimized even more :)

2 replies
github-germ
@github-germ
Hello... can anyone educate me on the source of the data in redis 'misp:cidr_cache_list' ?
github-germ
@github-germ
OK, figured that out. thx.
meltedpenguin
@meltedpenguin
@eCrimeLabs Could you provide some information where these settings are? I am running Ubuntu 20.04.
@msc_xyz:matrix.org Where did you add the buffer_pool size?
3 replies
msc_xyz
@msc_xyz:matrix.org
[m]
Is it normal that I must use the admin account to trigger the fetchFromAllFeeds API endpoint? I got permissions denied with the org-admin account...
lucatrabalza
@lucatrabalza
hello, every day i fetch feed from misp comunity, when misp dowload feeds dowload all feeds and remove existing from misp db or just add new feeds ? Cause i have like 10 gb of events every day..
BinksJar
@BinksJar007_twitter
Hello, I am having issue configuring a sync from MISP Instance A to MISP Instance B - when I add the server into MISP and test the connection I get a 403 error I have checked permission and I am able to see the API Key being used in MISP however I still receive 403. Can anyone please advise ?
Daniel Jaraud
@fojac
Hello, I'm having an issue on a fresh MISP installation on a Debian LxC with the INSTALL.sh script downloaded today from https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh . The installation starts smootlhy (I tried to install only MISP Core) and nearly everything is downloaded and installed. However, the installer stalls at "Cloning into faup... resolving deltas: 100%" and never gets further. No error displayed. I've tried multiple times, without success. Has anyone encountered this? Any hint on how to proceed? Thanks!
Daniel Jaraud
@fojac
FYI, workaround: relaunching the script (without deleting the files) did the trick...
fl0x2208
@fl0x2208
So I am using mail to misp and it works - but if there is virustotal - it adds as network activity rather then external URL - how can I fix that?
Sorry external analysis
riccardosl
@riccardosl
Hello everyone, do you know where successful and failed LOCAL login events are logged in MISP file system?
cybgit
@cybgit
Correlations: Does anyone know if you can query the correlations exclusions index by API (pymisp etc) ?
5 replies
Michael
@ag-michael
where are the logs for the prio worker? how do I find out why it keeps dying and backlogging a ton of jobs?
Andras Iklody
@iglocska
it should be together with the other logs
MISP/app/tmp/logs
iirc
resque-worker-error.log
and resque-worker-[date].log
Michael
@ag-michael
I see some redis error abou tit loading the dataset in memory. I ran FLUSHALL with redis-cli , redis was taking up 8GB ram again :/
Michael
@ag-michael
is there a better way to publish without using jobs/workers? can I directly set a column in mysql?
and tyvm @iglocska
andras
@andras:matrix.circl.lu
[m]
directly setting the column will just cause issues and not have the intended effect
it is "possible" to disable all background processing
1 reply
but your requests will take a fair bit longer
would be better to figure out what's causing it
I remember you had that weird issue with your redis memory usage growing - we couldn't reproduce that, though we should dig deeper with you and perhaps set up a debug session to figure out what's going on there
Michael
@ag-michael
I have a lot of headache from the whole publication process. When you have events constantly coming in where you expect them to be published by default, it isn't working well
andras
@andras:matrix.circl.lu
[m]
but it will be SLOW at times
Michael
@ag-michael
when the prio workers fails, I get 300k+ jobs in the queue in a few hours
andras
@andras:matrix.circl.lu
[m]
woaaaah