Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • Sep 14 17:24
    adulau commented #283
  • Sep 14 17:24

    adulau on main

    chg: [synchronisation] clarify … Merge pull request #283 from Wa… (compare)

  • Sep 14 17:24
    adulau closed #283
  • Sep 14 15:45
    Wachizungu opened #283
  • Jun 30 14:58

    chrisr3d on main

    fix: [python doc] Updated instr… (compare)

  • Jun 27 04:44

    cvandeplas on main

    Fixes broken GH taxonomy links Merge pull request #282 from 00… (compare)

  • Jun 27 04:44
    cvandeplas closed #282
  • Jun 27 04:44
    cvandeplas commented #282
  • Jun 26 21:36
    00willo opened #282
  • Jun 02 12:32

    SteveClement on main

    chg: [doc] removed trailing spa… fix: [pdf] PDF conversion works… Merge branch 'MISP:main' into m… and 1 more (compare)

  • Jun 02 12:32
    SteveClement closed #281
  • Jun 02 12:31
    SteveClement opened #281
  • Jun 01 19:56

    SteveClement on main

    chg: [workflow] PDF fails, putt… chg: [workflow] PDF fails, remo… Merge branch 'MISP:main' into m… and 1 more (compare)

  • Jun 01 19:56
    SteveClement closed #280
  • Jun 01 19:56
    SteveClement opened #280
  • Jun 01 15:58

    SteveClement on main

    chg: [workflow] use node_module… chg: [dbg] Workflow chg: [dbg] Workflow, split plug… and 8 more (compare)

  • Jun 01 15:58
    SteveClement closed #279
  • Jun 01 15:57
    SteveClement opened #279
  • Jun 01 14:06

    SteveClement on main

    chg: [doc] Made it working with… new: [workflow] first tentative… chg: [workflow] because npm is … and 4 more (compare)

  • Jun 01 14:06
    SteveClement closed #278
E6DUchiha
@E6DUchiha
hello everyone, i hope that you are doing well!
I would like you to help me please with the synchronization process with two instances of MISP, I tried the documentation, the GitHub issues, the forums but I couldn't arrive at any positive results! So, if anyone has an idea or already passed through this process, please let me know.
cybgit
@cybgit
@E6DUchiha what is not working? what are you trying to do?
E6DUchiha
@E6DUchiha
@cybgit i have two running instances of misp,
cybgit
@cybgit
cool. and you want to sync events from one to the other?
E6DUchiha
@E6DUchiha
1st tried Synchronization between 2 different VM having each an instance of misp but i couldn't, then i tried with docker containers two different containers of misp, but still can sync them
Exactly
I tried the documentation but i couldn't make it
cybgit
@cybgit
So starting at the beginning, can the 2 VMs connect to each other? Probably try a nc -vvv <instance 2 ip> 443 from the instance one at the CLI
if you have connectivity then it depends how you configure the 2 instances.
E6DUchiha
@E6DUchiha
Yeah
That is, i tried to configure the remote instance with local organisation and i added a sync user, then i moved back the local instance and i imported the sync user json file to create a sync server, but it didn't work
I tried changing the organisation in the remote instance to remote rather than local, when i run the test it says: Authentication failed
I can't find a clear way or process on how to configure Synchronization between the two instances
cybgit
@cybgit

Try configuring a push on instance one. So sync actions -> list servers -> new server
Put the URL to the instance 2 server and a name
Then under instance ownership and credentials select new external orgnaisation and fill in the info - you'll need to go on to instance 2 and find the UUID of the orgnisation you want events to be entered into.
You then just need a sync user creating on instance 2 and grab that users auth key.
Enter the authkey of the instance 2 sync user into the authkey section back on instance 1 where you are adding your new server
Then select the sync methods. Probably try a push to start with.

What may be good (and what i did) was to create a TAG - something like TestSync on instance 1. Then when adding your new server you can select push rules and then select that TestSync tag. That way, you can just create an event or tag an existing event with your TestSync tag to test if it works

When you've added your server you can then go to sync actions -> list servers and select the push all (up arrow icon) at the far right of the server you've created
image.png
Its a bit hard getting your head around tbh
Hope that helps
E6DUchiha
@E6DUchiha
I see
I will try it, and I'll keep updated of any news, that point you mentioned about tagging and rules I've not tried it before, so I'll give it a try and I'll tell you, really thank you so much for your help 🙏 i really appreciate it ^^
E6DUchiha
@E6DUchiha
@cybgit hello there, i hope that you are having a great day today ^^,
@cybgit Well, i tried as you told me but still didn't work, it says authentication failed! I dunno if i can upload a document here with screenshots of my configuration!
Matthew
@yaekmj_twitter
Am I doing something stupid/is it expected workflow when I hit publish sometimes - the publish options disappear from the event and it doesn't get published? Can't see anything helpful in event history or the generic logs.
Ghost
@ghost~615372946da037398486bfb7
Sorry if this was already mentioned, but does anyone know why EMailObject and ExpandedPyMISP.upload_sample portions of PyMISP are getting deprecated?
GV-007
@GV-007

Did some debugging today on the OidcAuthenticate plugin (with OneLogin as provider). I added some logging in the PHP script:

        if (empty($roles)) {
            $this->log($roleProperty, "roleproperty_log");
            $roles = $oidc->requestUserInfo($roleProperty);
            $this->log($roles, "roles_log");

it seems $roles stays empty

2021-09-24 11:36:04 Info: OIDC: User `geert.verstrepen@nsoc.works` – Trying login
2021-09-24 11:36:04 Info: OIDC: User `roles` – roleproperty_log
2021-09-24 11:36:04 Info: OIDC: User `` – roles_log
2021-09-24 11:36:04 Info: OIDC: User `geert.verstrepen@nsoc.works` – User organisation `NSOC` found with ID 1.

Any suggestions ?

Nobody has used the OIDC plugin ?

andras
@andras:matrix.circl.lu
[m]
I haven't myself
but after a quick read of the codebase:
$this->getConfig('roles_property', 'roles');
this is where the key at which the roles can be found is read
which you need to configure in two places:
  1. in your MISP's oidc config
  1. your IAM / OIDC implementation needs to actually pass the roles along via that key
so make sure that this actually happens
this needs to be exposed via the userinfo endpoint, as requested by the oidc library used by the plugin here:
GV-007
@GV-007
@andras:matrix.circl.lu indeed, I am using OneLogin IdP, which by default uses groups, so I tried 2 things already:
  • In the MISP OIDC config defining 'groups' as key
  • In OneLogin changing key to roles (default of MSIP)
    In both cases $roles keeps empty
andras
@andras:matrix.circl.lu
[m]
I have never used OneLogin, if you craft a query for the userinfo endpoint, can you see groups being included as a key?
If you're OK with trying something hacky:
in the plugin itself
after this line:
GV-007
@GV-007
@andras:matrix.circl.lu I am not a programmer, so not sure how to craft the query...
you can get the full contents of the userinfo via $oidc->requestUserInfo();
it might make sense to grab that and log it
just to make sure that OneLogin actually includes the roles
GV-007
@GV-007
OK, I just add that line and then log: $this->log($oidc, "oidc_log");, right ?
andras
@andras:matrix.circl.lu
[m]
something like this rather:
$this->log(json_encode($oidc->requestUserInfo()), "oidc_log");
GV-007
@GV-007
@andras:matrix.circl.lu thanks for the tip, I don't see any roles in the output:
2021-09-29 09:42:40 Info: OIDC: User `{"sub":"59611704","email":"geert.verstrepen@XXX","preferred_username":"XXX","name":"Geert Verstrepen"}` – oidc_log