Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • 04:44

    cvandeplas on main

    Fixes broken GH taxonomy links Merge pull request #282 from 00… (compare)

  • 04:44
    cvandeplas closed #282
  • 04:44
    cvandeplas commented #282
  • Jun 26 21:36
    00willo opened #282
  • Jun 02 12:32

    SteveClement on main

    chg: [doc] removed trailing spa… fix: [pdf] PDF conversion works… Merge branch 'MISP:main' into m… and 1 more (compare)

  • Jun 02 12:32
    SteveClement closed #281
  • Jun 02 12:31
    SteveClement opened #281
  • Jun 01 19:56

    SteveClement on main

    chg: [workflow] PDF fails, putt… chg: [workflow] PDF fails, remo… Merge branch 'MISP:main' into m… and 1 more (compare)

  • Jun 01 19:56
    SteveClement closed #280
  • Jun 01 19:56
    SteveClement opened #280
  • Jun 01 15:58

    SteveClement on main

    chg: [workflow] use node_module… chg: [dbg] Workflow chg: [dbg] Workflow, split plug… and 8 more (compare)

  • Jun 01 15:58
    SteveClement closed #279
  • Jun 01 15:57
    SteveClement opened #279
  • Jun 01 14:06

    SteveClement on main

    chg: [doc] Made it working with… new: [workflow] first tentative… chg: [workflow] because npm is … and 4 more (compare)

  • Jun 01 14:06
    SteveClement closed #278
  • Jun 01 14:06
    SteveClement opened #278
  • Jun 01 09:36

    adulau on main

    chg: [honkit] fixes (compare)

  • Jun 01 09:31

    adulau on main

    chg: [workflow] because npm is … (compare)

  • Jun 01 09:23

    adulau on main

    chg: [workflow] because npm is … (compare)

  • Jun 01 09:19

    adulau on main

    new: [workflow] first tentative… Merge branch 'main' of github.c… (compare)

bl4ckm4mb4
@bl4ckm4mb4:matrix.org
[m]
this is the output when I'm loged in .. so i will try the same , but at the login page
Here is the output from show processlist; when I'm trying to login to WebUI
andras
@andras:matrix.circl.lu
[m]
ok bummer, that's indeed something that's been plaguing us recently. Working on a fix for it for a while but temporarily it's on hold. As a quick remedy:
edit your /var/www/MISP/app/Config/config.php
you should have a setting called showCorrelationsOnIndex
1 reply
set that to 0
bl4ckm4mb4
@bl4ckm4mb4:matrix.org
[m]
Great ! I come to do it .. I need to restart any service ?
andras
@andras:matrix.circl.lu
[m]
nah, just changing the value should be enough
though restarting mysql should kill the running queries
(service mysql restart)
bl4ckm4mb4
@bl4ckm4mb4:matrix.org
[m]
Really thank you guys !
Now login inmediately !
thanks Andras
if you have a coffee link , please send me bro !
thanks to luciano too !!
andras
@andras:matrix.circl.lu
[m]
😎 Great news, expect a more permanent fix for this in the near future
bl4ckm4mb4
@bl4ckm4mb4:matrix.org
[m]
Awesome !! Have a good week !!
abruce
@abruce:matrix.org
[m]

Hi all, I'm having some issues implementing a custom decay model in MISP and would appreciate any insight. I've attempted to create JSON files based on the default decay models stored in the misp-decay-model directory and have tried to update the models in the GUI however they are not appearing. (I attempted the same way I did with uploading a custom taxonomy). I've also tried uploading the file from the GUI however it tells me that I do not have proper permissions to upload.

Still having some issues with this if anyone has any expertise with decay models

Andras Iklody
@iglocska
@abruce:matrix.org - best is to ping @mokaddem - he's currently enjoying a week of holidays, but should be back next week\
GV-007
@GV-007
I try to setup MISP auth using oidcauth, anyone has experience / docs ? I miss URL's for auth provider: Login URL ; Redirect URL
GV-007
@GV-007
Getting following error for now:
[Error] Class 'Jumbojett\OpenIDConnectClient' not found
3 replies
luciano (righel)
@luciano:matrix.circl.lu
[m]
just to be sure, have you done the following steps?
https://github.com/MISP/MISP/tree/2.4/app/Plugin/OidcAuth#usage
5 replies
luciano (righel)
@luciano:matrix.circl.lu
[m]
could you try changing this?
'roles_property' => 'Groups',
to this:
'roles_property' => array('Groups')
1 reply
luciano (righel)
@luciano:matrix.circl.lu
[m]
hm, sorry i can't help, i'm not that familiar with this plugin, seems the $roles variable gets overwritten around here:
https://github.com/MISP/MISP/blob/2.4/app/Plugin/OidcAuth/Controller/Component/Auth/OidcAuthenticate.php#L47-L52
1 reply
maybe you can add some debug lines around there to check what's happening on your instance
cac0ns3c
@cac0ns3c
My MISP machine is 8vCPU, 80Gb RAM and the API results are taking for ever, is there something to do about it ?
Is there a way to export Suricata rules by event?
As my exported misp.rules grow to 1.7Gb trying to find a solution for ingesting the events to SecurityOnion one by one
Rambatla Venkat Rao
@RamboV
Hello There, I am trying to have a dropdown menu in the Expansion module settings , how can I achieve this functionality, like I have moduleconfig = ['server', 'port'], I want one more configuration option "service", which has a pre-defined set of values.
noname0521
@noname0521
Hi ,
I am finding difficulty in uninstalling MISP on ubuntu. Can't find something specific which can help in completely removing MISP from server. Is there some documentation around it. Please help.
Luca
@lucacyber
hi, how can i search if an ip is present on my MISP using openApi?
7 replies
luciano (righel)
@luciano:matrix.circl.lu
[m]
welcome 👍️
mryayap
@mryayap

Hi all,
I had a synchronization issue on my MISP instances.
quick explanation on what happened :

An instance A (external organization) have created an event, let's say event #1 with 100 attributes.
I have Two instance on my side : B and C.
The instance B is synchronized with the instance A and the instance C synchronized with B.

To summerize :

C --> B --> A
(not push, just pull)

Until yesterday the event was well synchronized between all the instances.
Since the instance A has updated the Event #1 yesterday by adding fews attributes.

All the attributes was well synchronized on instance B but not on C. To solve the issue,I had to remove the event on C and re-run a synchronization to get the new attributes.

(I hope that my explanations are clear :) )

Any idea what happened ? i didn't find relevant logs on my servers :(

cac0ns3c
@cac0ns3c

Is there a way to export Suricata rules by event?
As my exported misp.rules grow to 1.7Gb trying to find a solution for ingesting the events to SecurityOnion one by one

any one has any idea?

Brent Murphy
@bm11100
Anyone know where the MISP footer UTC time is generated from? I have a MISP instance in AWS, confirmed correct time zone on server, but my MISP instance time is incorrect. This leads to incorrect times on the events/attributes
Brent Murphy
@bm11100
found timezone.ini in /etc/php-fpm.d
GV-007
@GV-007

Did some debugging today on the OidcAuthenticate plugin (with OneLogin as provider). I added some logging in the PHP script:

        if (empty($roles)) {
            $this->log($roleProperty, "roleproperty_log");
            $roles = $oidc->requestUserInfo($roleProperty);
            $this->log($roles, "roles_log");

it seems $roles stays empty

2021-09-24 11:36:04 Info: OIDC: User `geert.verstrepen@nsoc.works` – Trying login
2021-09-24 11:36:04 Info: OIDC: User `roles` – roleproperty_log
2021-09-24 11:36:04 Info: OIDC: User `` – roles_log
2021-09-24 11:36:04 Info: OIDC: User `geert.verstrepen@nsoc.works` – User organisation `NSOC` found with ID 1.

Any suggestions ?

nowy1982
@nowy1982
How can I export misp server settings and all users from version 2.4.93 to 2.4.148?
Jon
@DudeGuyBruh_twitter
Hey, has anyone installed MISP with RDS as the database? I'm able to telnet from my EC2 instance to RDS and connect via the mysql command, but the INSTALL.sh script is getting access denied errors
E6DUchiha
@E6DUchiha
hello everyone, i hope that you are doing well!
I would like you to help me please with the synchronization process with two instances of MISP, I tried the documentation, the GitHub issues, the forums but I couldn't arrive at any positive results! So, if anyone has an idea or already passed through this process, please let me know.
cybgit
@cybgit
@E6DUchiha what is not working? what are you trying to do?
E6DUchiha
@E6DUchiha
@cybgit i have two running instances of misp,
cybgit
@cybgit
cool. and you want to sync events from one to the other?
E6DUchiha
@E6DUchiha
1st tried Synchronization between 2 different VM having each an instance of misp but i couldn't, then i tried with docker containers two different containers of misp, but still can sync them
Exactly
I tried the documentation but i couldn't make it
cybgit
@cybgit
So starting at the beginning, can the 2 VMs connect to each other? Probably try a nc -vvv <instance 2 ip> 443 from the instance one at the CLI
if you have connectivity then it depends how you configure the 2 instances.
E6DUchiha
@E6DUchiha
Yeah