Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • Oct 26 09:39

    adulau on main

    chg: [types and categories] ssh… Merge branch 'main' of github.c… (compare)

  • Oct 13 20:04
    adulau commented #272
  • Oct 13 20:04

    adulau on main

    Update README.md Fix typo Merge pull request #272 from cl… (compare)

  • Oct 13 20:04
    adulau closed #272
  • Oct 13 08:34
    cliodhna-lynch opened #272
  • Oct 01 17:55
    adulau commented #270
  • Oct 01 17:55

    adulau on main

    Fix typos Merge pull request #270 from ga… (compare)

  • Oct 01 17:55
    adulau closed #270
  • Oct 01 12:15
    Wachizungu opened #271
  • Oct 01 09:47
    garanews opened #270
  • Aug 20 06:34

    cvandeplas on main

    chg: [types] updated types and … (compare)

  • Jun 13 22:09
    Wachizungu opened #269
  • Jun 01 19:08
    Wachizungu opened #268
  • May 09 08:38
    adulau commented #267
  • May 09 08:38
    adulau closed #266
  • May 09 08:38

    adulau on main

    chg: [warninglists] Restructure… Merge pull request #267 from Wa… (compare)

  • May 09 08:38
    adulau closed #267
  • May 08 18:29
    Wachizungu opened #267
  • May 05 09:13
    Wachizungu edited #245
  • May 05 06:05
    adulau labeled #266
Matthew Keay
@matthewkeay_twitter
(on misppriv, for context sorry)
abruce
@abruce:matrix.org
[m]
Hi all, I'm having some issues implementing a custom decay model in MISP and would appreciate any insight. I've attempted to create JSON files based on the default decay models stored in the misp-decay-model directory and have tried to update the models in the GUI however they are not appearing. (I attempted the same way I did with uploading a custom taxonomy). I've also tried uploading the file from the GUI however it tells me that I do not have proper permissions to upload.
Jan Wrona
@jwrona
Hello, I'm looking for a way to integrate CACAO Security Playbooks into MISP. I can add Event, then add the attachment attribute and paste there the full CACAO Playbook (JSON). But I would also like to have the playbook metadata stored directly in the MISP event, so I'm thinking about adding a MISP object which would just copy the playbook metadata attributes. The problem I'm dealing with here is data redundancy, since it's still needed to attach the full CACAO playbook (omitting the metadata would make it invalid). What do you think about it?
1 reply
Matthew Keay
@matthewkeay_twitter
The install.sh script seems a bit broken, if you dont change the baseurl it seems unable to make requests (invalid cert), if you give it a baseurl and quickly stick a valid cert on.. it goes and sets it back to misp.local
Jeroen Pinoy
@Wachizungu
@matthewkeay_twitter I think correlations might be disabled on that instance (MISPPRIV), that's what it looks like from statistics anyway. If anyone from the admins could confirm that would be nice though :).
bl4ckm4mb4
@bl4ckm4mb4:matrix.org
[m]
Hi Fellas , I hope you're good.
Unfortunatelly , I'm having problems with login to my MISP instance. (I tried to restart the core service for the WebUI (apache2) and I tried too to restart the server .. but I've the same problem .. The login page is showed through https /443 .. but when I try to put my user/pass , the login page stay load indefinitely. Do you know how can I to trace the error ?
1 reply
I saw into the /var/www/MISP/app/log/ directory
for the errors, but i see nothing usefull to understand the problem here ..
I appreaciate any help that you can give me. So .. i wish you a great day !
Jeroen Pinoy
@Wachizungu
your apache logs don't show anything either ?
Assuming default login (no SSO integration etc)? No disk space issues or things like that?
luciano (righel)
@luciano:matrix.circl.lu
[m]
Hello bl4ckm4mb4 , can you login via ssh to the MISP instance and check if there is enough free space?
Logs that can shed some light:
/var/www/MISP/app/tmp/logs/error.log
/var/log/apache2/error.log
/var/log/apache2/misp.local_error.log
bl4ckm4mb4
@bl4ckm4mb4:matrix.org
[m]

Hi Wachizungu , thanks for response ! My apache logs only display :

Sep 20 14:33:24 ss11080 /var/www/MISP/app/tmp/logs/[1646]: 2021-09-20 14:33:24 Notice: User (2): mail_user@company.com -- login

and the login page is stuck there. (i'm using default login, and the disk space appears to be fine on df output)

Thanks Luciano , root partition is 43% full
i will see theese logs that you suggest. Thanks for your help guys
luciano (righel)
@luciano:matrix.circl.lu
[m]
you could also verify mysql/mariadb is running.
sudo service mysql status
bl4ckm4mb4
@bl4ckm4mb4:matrix.org
[m]
yes, it's running.. here is the output from systemctl status mysql :

misp@ss11080:~$ sudo systemctl status mysql
● mariadb.service - MariaDB 10.3.31 database server
Loaded: loaded (/lib/systemd/system/mariadb.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2021-09-20 14:23:21 UTC; 33min ago
Docs: man:mysqld(8)
https://mariadb.com/kb/en/library/systemd/
Process: 852 ExecStartPre=/usr/bin/install -m 755 -o mysql -g root -d /var/run/mysqld (code=exited, status=0/SUCCESS)
Process: 887 ExecStartPre=/bin/sh -c systemctl unset-environment _WSREP_START_POSITION (code=exited, status=0/SUCCESS)
Process: 894 ExecStartPre=/bin/sh -c [ ! -e /usr/bin/galera_recovery ] && VAR= || VAR=cd /usr/bin/..; /usr/bin/galera_recovery; [ $? -eq 0 ] && systemct>
Process: 1063 ExecStartPost=/bin/sh -c systemctl unset-environment _WSREP_START_POSITION (code=exited, status=0/SUCCESS)
Process: 1069 ExecStartPost=/etc/mysql/debian-start (code=exited, status=0/SUCCESS)
Main PID: 970 (mysqld)
Status: "Taking your SQL requests now..."
Tasks: 31 (limit: 19077)
Memory: 7.3G
CGroup: /system.slice/mariadb.service
└─970 /usr/sbin/mysqld

Sep 20 14:23:20 ss11080 mysqld[970]: 2021-09-20 14:23:20 0 [Note] /usr/sbin/mysqld (mysqld 10.3.31-MariaDB-0ubuntu0.20.04.1) starting as process 970 ...
Sep 20 14:23:21 ss11080 systemd[1]: Started MariaDB 10.3.31 database server.

srry

I 've one doubt .. my MISP instance have :

4 cpu's -- 16 gb RAM, and 300 GB DISK

I assume that the hardware requirements for a simple instance are OK .. it this right ?
luciano (righel)
@luciano:matrix.circl.lu
[m]
Yes, that's more than enough
bl4ckm4mb4
@bl4ckm4mb4:matrix.org
[m]
great thank you ! .. I'm running on Ubuntu 20.04.3 LTS
andras
@andras:matrix.circl.lu
[m]
It's in /var/www/MISP/app/Config/config.php
1 reply
bl4ckm4mb4
@bl4ckm4mb4:matrix.org
[m]

Unexpectedly I have been able to log into the WebUI, (I left the browser window open trying to access for about 20 minutes), I have not modified any configuration since we started talking. I have only checked logs ..

I would appreciate if you have any ideas on how to improve this .. maybe it is some configuration about the correlations / events that are in my instance.

Any suggestion will be well received. I thank you all

I will do it , and see if the problem appears again , thank you so much Wachizungu, Luciano & Andras for your time & help
I really appreaciate that
andras
@andras:matrix.circl.lu
[m]
let us know if it does!
:)
bl4ckm4mb4
@bl4ckm4mb4:matrix.org
[m]
I change the base url to https:internal_FQDN_of-the_server (i can access to the login page, but it still delaying the login fase)
about 8 minutes and still loading
andras
@andras:matrix.circl.lu
[m]
how does the CPU load look while that is happening?
1 reply
bl4ckm4mb4
@bl4ckm4mb4:matrix.org
[m]
just now it returns me to the events page , it's normal to delaying 10 minutes ? or I've something bad configured ?
andras
@andras:matrix.circl.lu
[m]
definitely doesn't sound normal
interesting, could you fire up your mysql cli?
1 reply
luciano (righel)
@luciano:matrix.circl.lu
[m]
You could check log in into the database via cli and run show processlist; while the login is loading after submit
andras
@andras:matrix.circl.lu
[m]
exactly ;)
bl4ckm4mb4
@bl4ckm4mb4:matrix.org
[m]
Sure guys , let me do it again
andras
@andras:matrix.circl.lu
[m]
mysql -u misp -p misp
bl4ckm4mb4
@bl4ckm4mb4:matrix.org
[m]
I tried with mysql -u misp -p misp
jhaaja but didn't work
andras
@andras:matrix.circl.lu
[m]
what did it say?
bl4ckm4mb4
@bl4ckm4mb4:matrix.org
[m]
andras
@andras:matrix.circl.lu
[m]
sounds like you've got the wrong pw ;)
cat /var/www/MISP/app/Config/database.php | grep password
bl4ckm4mb4
@bl4ckm4mb4:matrix.org
[m]
thanks for troubleshooting this with me , you're the best , please if you've get me the link to buy you a coffe/beer , you win it !
andras
@andras:matrix.circl.lu
[m]
haha! No worries at all
1 reply