Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • Jun 30 14:58

    chrisr3d on main

    fix: [python doc] Updated instr… (compare)

  • Jun 27 04:44

    cvandeplas on main

    Fixes broken GH taxonomy links Merge pull request #282 from 00… (compare)

  • Jun 27 04:44
    cvandeplas closed #282
  • Jun 27 04:44
    cvandeplas commented #282
  • Jun 26 21:36
    00willo opened #282
  • Jun 02 12:32

    SteveClement on main

    chg: [doc] removed trailing spa… fix: [pdf] PDF conversion works… Merge branch 'MISP:main' into m… and 1 more (compare)

  • Jun 02 12:32
    SteveClement closed #281
  • Jun 02 12:31
    SteveClement opened #281
  • Jun 01 19:56

    SteveClement on main

    chg: [workflow] PDF fails, putt… chg: [workflow] PDF fails, remo… Merge branch 'MISP:main' into m… and 1 more (compare)

  • Jun 01 19:56
    SteveClement closed #280
  • Jun 01 19:56
    SteveClement opened #280
  • Jun 01 15:58

    SteveClement on main

    chg: [workflow] use node_module… chg: [dbg] Workflow chg: [dbg] Workflow, split plug… and 8 more (compare)

  • Jun 01 15:58
    SteveClement closed #279
  • Jun 01 15:57
    SteveClement opened #279
  • Jun 01 14:06

    SteveClement on main

    chg: [doc] Made it working with… new: [workflow] first tentative… chg: [workflow] because npm is … and 4 more (compare)

  • Jun 01 14:06
    SteveClement closed #278
  • Jun 01 14:06
    SteveClement opened #278
  • Jun 01 09:36

    adulau on main

    chg: [honkit] fixes (compare)

  • Jun 01 09:31

    adulau on main

    chg: [workflow] because npm is … (compare)

  • Jun 01 09:23

    adulau on main

    chg: [workflow] because npm is … (compare)

luciano (righel)
@luciano:matrix.circl.lu
[m]
You could check log in into the database via cli and run show processlist; while the login is loading after submit
andras
@andras:matrix.circl.lu
[m]
exactly ;)
bl4ckm4mb4
@bl4ckm4mb4:matrix.org
[m]
Sure guys , let me do it again
andras
@andras:matrix.circl.lu
[m]
mysql -u misp -p misp
bl4ckm4mb4
@bl4ckm4mb4:matrix.org
[m]
I tried with mysql -u misp -p misp
jhaaja but didn't work
andras
@andras:matrix.circl.lu
[m]
what did it say?
bl4ckm4mb4
@bl4ckm4mb4:matrix.org
[m]
andras
@andras:matrix.circl.lu
[m]
sounds like you've got the wrong pw ;)
cat /var/www/MISP/app/Config/database.php | grep password
bl4ckm4mb4
@bl4ckm4mb4:matrix.org
[m]
thanks for troubleshooting this with me , you're the best , please if you've get me the link to buy you a coffe/beer , you win it !
andras
@andras:matrix.circl.lu
[m]
haha! No worries at all
1 reply
bl4ckm4mb4
@bl4ckm4mb4:matrix.org
[m]
this is the output when I'm loged in .. so i will try the same , but at the login page
Here is the output from show processlist; when I'm trying to login to WebUI
andras
@andras:matrix.circl.lu
[m]
ok bummer, that's indeed something that's been plaguing us recently. Working on a fix for it for a while but temporarily it's on hold. As a quick remedy:
edit your /var/www/MISP/app/Config/config.php
you should have a setting called showCorrelationsOnIndex
1 reply
set that to 0
bl4ckm4mb4
@bl4ckm4mb4:matrix.org
[m]
Great ! I come to do it .. I need to restart any service ?
andras
@andras:matrix.circl.lu
[m]
nah, just changing the value should be enough
though restarting mysql should kill the running queries
(service mysql restart)
bl4ckm4mb4
@bl4ckm4mb4:matrix.org
[m]
Really thank you guys !
Now login inmediately !
thanks Andras
if you have a coffee link , please send me bro !
thanks to luciano too !!
andras
@andras:matrix.circl.lu
[m]
😎 Great news, expect a more permanent fix for this in the near future
bl4ckm4mb4
@bl4ckm4mb4:matrix.org
[m]
Awesome !! Have a good week !!
abruce
@abruce:matrix.org
[m]

Hi all, I'm having some issues implementing a custom decay model in MISP and would appreciate any insight. I've attempted to create JSON files based on the default decay models stored in the misp-decay-model directory and have tried to update the models in the GUI however they are not appearing. (I attempted the same way I did with uploading a custom taxonomy). I've also tried uploading the file from the GUI however it tells me that I do not have proper permissions to upload.

Still having some issues with this if anyone has any expertise with decay models

Andras Iklody
@iglocska
@abruce:matrix.org - best is to ping @mokaddem - he's currently enjoying a week of holidays, but should be back next week\
GV-007
@GV-007
I try to setup MISP auth using oidcauth, anyone has experience / docs ? I miss URL's for auth provider: Login URL ; Redirect URL
GV-007
@GV-007
Getting following error for now:
[Error] Class 'Jumbojett\OpenIDConnectClient' not found
3 replies
luciano (righel)
@luciano:matrix.circl.lu
[m]
just to be sure, have you done the following steps?
https://github.com/MISP/MISP/tree/2.4/app/Plugin/OidcAuth#usage
5 replies
luciano (righel)
@luciano:matrix.circl.lu
[m]
could you try changing this?
'roles_property' => 'Groups',
to this:
'roles_property' => array('Groups')
1 reply
luciano (righel)
@luciano:matrix.circl.lu
[m]
hm, sorry i can't help, i'm not that familiar with this plugin, seems the $roles variable gets overwritten around here:
https://github.com/MISP/MISP/blob/2.4/app/Plugin/OidcAuth/Controller/Component/Auth/OidcAuthenticate.php#L47-L52
1 reply
maybe you can add some debug lines around there to check what's happening on your instance
cac0ns3c
@cac0ns3c
My MISP machine is 8vCPU, 80Gb RAM and the API results are taking for ever, is there something to do about it ?
Is there a way to export Suricata rules by event?
As my exported misp.rules grow to 1.7Gb trying to find a solution for ingesting the events to SecurityOnion one by one
Rambatla Venkat Rao
@RamboV
Hello There, I am trying to have a dropdown menu in the Expansion module settings , how can I achieve this functionality, like I have moduleconfig = ['server', 'port'], I want one more configuration option "service", which has a pre-defined set of values.
noname0521
@noname0521
Hi ,
I am finding difficulty in uninstalling MISP on ubuntu. Can't find something specific which can help in completely removing MISP from server. Is there some documentation around it. Please help.
Luca
@lucacyber
hi, how can i search if an ip is present on my MISP using openApi?
7 replies
luciano (righel)
@luciano:matrix.circl.lu
[m]
welcome 👍️
mryayap
@mryayap

Hi all,
I had a synchronization issue on my MISP instances.
quick explanation on what happened :

An instance A (external organization) have created an event, let's say event #1 with 100 attributes.
I have Two instance on my side : B and C.
The instance B is synchronized with the instance A and the instance C synchronized with B.

To summerize :

C --> B --> A
(not push, just pull)

Until yesterday the event was well synchronized between all the instances.
Since the instance A has updated the Event #1 yesterday by adding fews attributes.

All the attributes was well synchronized on instance B but not on C. To solve the issue,I had to remove the event on C and re-run a synchronization to get the new attributes.

(I hope that my explanations are clear :) )

Any idea what happened ? i didn't find relevant logs on my servers :(

cac0ns3c
@cac0ns3c

Is there a way to export Suricata rules by event?
As my exported misp.rules grow to 1.7Gb trying to find a solution for ingesting the events to SecurityOnion one by one

any one has any idea?

Brent Murphy
@bm11100
Anyone know where the MISP footer UTC time is generated from? I have a MISP instance in AWS, confirmed correct time zone on server, but my MISP instance time is incorrect. This leads to incorrect times on the events/attributes
Brent Murphy
@bm11100
found timezone.ini in /etc/php-fpm.d
GV-007
@GV-007

Did some debugging today on the OidcAuthenticate plugin (with OneLogin as provider). I added some logging in the PHP script:

        if (empty($roles)) {
            $this->log($roleProperty, "roleproperty_log");
            $roles = $oidc->requestUserInfo($roleProperty);
            $this->log($roles, "roles_log");

it seems $roles stays empty

2021-09-24 11:36:04 Info: OIDC: User `geert.verstrepen@nsoc.works` – Trying login
2021-09-24 11:36:04 Info: OIDC: User `roles` – roleproperty_log
2021-09-24 11:36:04 Info: OIDC: User `` – roles_log
2021-09-24 11:36:04 Info: OIDC: User `geert.verstrepen@nsoc.works` – User organisation `NSOC` found with ID 1.

Any suggestions ?