Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • Jun 30 14:58

    chrisr3d on main

    fix: [python doc] Updated instr… (compare)

  • Jun 27 04:44

    cvandeplas on main

    Fixes broken GH taxonomy links Merge pull request #282 from 00… (compare)

  • Jun 27 04:44
    cvandeplas closed #282
  • Jun 27 04:44
    cvandeplas commented #282
  • Jun 26 21:36
    00willo opened #282
  • Jun 02 12:32

    SteveClement on main

    chg: [doc] removed trailing spa… fix: [pdf] PDF conversion works… Merge branch 'MISP:main' into m… and 1 more (compare)

  • Jun 02 12:32
    SteveClement closed #281
  • Jun 02 12:31
    SteveClement opened #281
  • Jun 01 19:56

    SteveClement on main

    chg: [workflow] PDF fails, putt… chg: [workflow] PDF fails, remo… Merge branch 'MISP:main' into m… and 1 more (compare)

  • Jun 01 19:56
    SteveClement closed #280
  • Jun 01 19:56
    SteveClement opened #280
  • Jun 01 15:58

    SteveClement on main

    chg: [workflow] use node_module… chg: [dbg] Workflow chg: [dbg] Workflow, split plug… and 8 more (compare)

  • Jun 01 15:58
    SteveClement closed #279
  • Jun 01 15:57
    SteveClement opened #279
  • Jun 01 14:06

    SteveClement on main

    chg: [doc] Made it working with… new: [workflow] first tentative… chg: [workflow] because npm is … and 4 more (compare)

  • Jun 01 14:06
    SteveClement closed #278
  • Jun 01 14:06
    SteveClement opened #278
  • Jun 01 09:36

    adulau on main

    chg: [honkit] fixes (compare)

  • Jun 01 09:31

    adulau on main

    chg: [workflow] because npm is … (compare)

  • Jun 01 09:23

    adulau on main

    chg: [workflow] because npm is … (compare)

abruce
@abruce:matrix.org
[m]

Hi all, I'm having some issues implementing a custom decay model in MISP and would appreciate any insight. I've attempted to create JSON files based on the default decay models stored in the misp-decay-model directory and have tried to update the models in the GUI however they are not appearing. (I attempted the same way I did with uploading a custom taxonomy). I've also tried uploading the file from the GUI however it tells me that I do not have proper permissions to upload.

Still having some issues with this if anyone has any expertise with decay models

Andras Iklody
@iglocska
@abruce:matrix.org - best is to ping @mokaddem - he's currently enjoying a week of holidays, but should be back next week\
GV-007
@GV-007
I try to setup MISP auth using oidcauth, anyone has experience / docs ? I miss URL's for auth provider: Login URL ; Redirect URL
GV-007
@GV-007
Getting following error for now:
[Error] Class 'Jumbojett\OpenIDConnectClient' not found
3 replies
luciano (righel)
@luciano:matrix.circl.lu
[m]
just to be sure, have you done the following steps?
https://github.com/MISP/MISP/tree/2.4/app/Plugin/OidcAuth#usage
5 replies
luciano (righel)
@luciano:matrix.circl.lu
[m]
could you try changing this?
'roles_property' => 'Groups',
to this:
'roles_property' => array('Groups')
1 reply
luciano (righel)
@luciano:matrix.circl.lu
[m]
hm, sorry i can't help, i'm not that familiar with this plugin, seems the $roles variable gets overwritten around here:
https://github.com/MISP/MISP/blob/2.4/app/Plugin/OidcAuth/Controller/Component/Auth/OidcAuthenticate.php#L47-L52
1 reply
maybe you can add some debug lines around there to check what's happening on your instance
cac0ns3c
@cac0ns3c
My MISP machine is 8vCPU, 80Gb RAM and the API results are taking for ever, is there something to do about it ?
Is there a way to export Suricata rules by event?
As my exported misp.rules grow to 1.7Gb trying to find a solution for ingesting the events to SecurityOnion one by one
Rambatla Venkat Rao
@RamboV
Hello There, I am trying to have a dropdown menu in the Expansion module settings , how can I achieve this functionality, like I have moduleconfig = ['server', 'port'], I want one more configuration option "service", which has a pre-defined set of values.
noname0521
@noname0521
Hi ,
I am finding difficulty in uninstalling MISP on ubuntu. Can't find something specific which can help in completely removing MISP from server. Is there some documentation around it. Please help.
Luca
@lucacyber
hi, how can i search if an ip is present on my MISP using openApi?
7 replies
luciano (righel)
@luciano:matrix.circl.lu
[m]
welcome 👍️
mryayap
@mryayap

Hi all,
I had a synchronization issue on my MISP instances.
quick explanation on what happened :

An instance A (external organization) have created an event, let's say event #1 with 100 attributes.
I have Two instance on my side : B and C.
The instance B is synchronized with the instance A and the instance C synchronized with B.

To summerize :

C --> B --> A
(not push, just pull)

Until yesterday the event was well synchronized between all the instances.
Since the instance A has updated the Event #1 yesterday by adding fews attributes.

All the attributes was well synchronized on instance B but not on C. To solve the issue,I had to remove the event on C and re-run a synchronization to get the new attributes.

(I hope that my explanations are clear :) )

Any idea what happened ? i didn't find relevant logs on my servers :(

cac0ns3c
@cac0ns3c

Is there a way to export Suricata rules by event?
As my exported misp.rules grow to 1.7Gb trying to find a solution for ingesting the events to SecurityOnion one by one

any one has any idea?

Brent Murphy
@bm11100
Anyone know where the MISP footer UTC time is generated from? I have a MISP instance in AWS, confirmed correct time zone on server, but my MISP instance time is incorrect. This leads to incorrect times on the events/attributes
Brent Murphy
@bm11100
found timezone.ini in /etc/php-fpm.d
GV-007
@GV-007

Did some debugging today on the OidcAuthenticate plugin (with OneLogin as provider). I added some logging in the PHP script:

        if (empty($roles)) {
            $this->log($roleProperty, "roleproperty_log");
            $roles = $oidc->requestUserInfo($roleProperty);
            $this->log($roles, "roles_log");

it seems $roles stays empty

2021-09-24 11:36:04 Info: OIDC: User `geert.verstrepen@nsoc.works` – Trying login
2021-09-24 11:36:04 Info: OIDC: User `roles` – roleproperty_log
2021-09-24 11:36:04 Info: OIDC: User `` – roles_log
2021-09-24 11:36:04 Info: OIDC: User `geert.verstrepen@nsoc.works` – User organisation `NSOC` found with ID 1.

Any suggestions ?

nowy1982
@nowy1982
How can I export misp server settings and all users from version 2.4.93 to 2.4.148?
Jon
@DudeGuyBruh_twitter
Hey, has anyone installed MISP with RDS as the database? I'm able to telnet from my EC2 instance to RDS and connect via the mysql command, but the INSTALL.sh script is getting access denied errors
E6DUchiha
@E6DUchiha
hello everyone, i hope that you are doing well!
I would like you to help me please with the synchronization process with two instances of MISP, I tried the documentation, the GitHub issues, the forums but I couldn't arrive at any positive results! So, if anyone has an idea or already passed through this process, please let me know.
cybgit
@cybgit
@E6DUchiha what is not working? what are you trying to do?
E6DUchiha
@E6DUchiha
@cybgit i have two running instances of misp,
cybgit
@cybgit
cool. and you want to sync events from one to the other?
E6DUchiha
@E6DUchiha
1st tried Synchronization between 2 different VM having each an instance of misp but i couldn't, then i tried with docker containers two different containers of misp, but still can sync them
Exactly
I tried the documentation but i couldn't make it
cybgit
@cybgit
So starting at the beginning, can the 2 VMs connect to each other? Probably try a nc -vvv <instance 2 ip> 443 from the instance one at the CLI
if you have connectivity then it depends how you configure the 2 instances.
E6DUchiha
@E6DUchiha
Yeah
That is, i tried to configure the remote instance with local organisation and i added a sync user, then i moved back the local instance and i imported the sync user json file to create a sync server, but it didn't work
I tried changing the organisation in the remote instance to remote rather than local, when i run the test it says: Authentication failed
I can't find a clear way or process on how to configure Synchronization between the two instances
cybgit
@cybgit

Try configuring a push on instance one. So sync actions -> list servers -> new server
Put the URL to the instance 2 server and a name
Then under instance ownership and credentials select new external orgnaisation and fill in the info - you'll need to go on to instance 2 and find the UUID of the orgnisation you want events to be entered into.
You then just need a sync user creating on instance 2 and grab that users auth key.
Enter the authkey of the instance 2 sync user into the authkey section back on instance 1 where you are adding your new server
Then select the sync methods. Probably try a push to start with.

What may be good (and what i did) was to create a TAG - something like TestSync on instance 1. Then when adding your new server you can select push rules and then select that TestSync tag. That way, you can just create an event or tag an existing event with your TestSync tag to test if it works

When you've added your server you can then go to sync actions -> list servers and select the push all (up arrow icon) at the far right of the server you've created
image.png
Its a bit hard getting your head around tbh
Hope that helps
E6DUchiha
@E6DUchiha
I see
I will try it, and I'll keep updated of any news, that point you mentioned about tagging and rules I've not tried it before, so I'll give it a try and I'll tell you, really thank you so much for your help 🙏 i really appreciate it ^^
E6DUchiha
@E6DUchiha
@cybgit hello there, i hope that you are having a great day today ^^,
@cybgit Well, i tried as you told me but still didn't work, it says authentication failed! I dunno if i can upload a document here with screenshots of my configuration!
Matthew
@yaekmj_twitter
Am I doing something stupid/is it expected workflow when I hit publish sometimes - the publish options disappear from the event and it doesn't get published? Can't see anything helpful in event history or the generic logs.
Ghost
@ghost~615372946da037398486bfb7
Sorry if this was already mentioned, but does anyone know why EMailObject and ExpandedPyMISP.upload_sample portions of PyMISP are getting deprecated?
GV-007
@GV-007

Did some debugging today on the OidcAuthenticate plugin (with OneLogin as provider). I added some logging in the PHP script:

        if (empty($roles)) {
            $this->log($roleProperty, "roleproperty_log");
            $roles = $oidc->requestUserInfo($roleProperty);
            $this->log($roles, "roles_log");

it seems $roles stays empty

2021-09-24 11:36:04 Info: OIDC: User `geert.verstrepen@nsoc.works` – Trying login
2021-09-24 11:36:04 Info: OIDC: User `roles` – roleproperty_log
2021-09-24 11:36:04 Info: OIDC: User `` – roles_log
2021-09-24 11:36:04 Info: OIDC: User `geert.verstrepen@nsoc.works` – User organisation `NSOC` found with ID 1.

Any suggestions ?

Nobody has used the OIDC plugin ?

andras
@andras:matrix.circl.lu
[m]
I haven't myself
but after a quick read of the codebase:
$this->getConfig('roles_property', 'roles');