Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • Jan 31 10:50
    eromang opened #19
  • Jan 25 10:10
    adulau commented #285
  • Jan 25 10:10

    adulau on main

    update taxonomies guide (add hi… Merge pull request #285 from De… (compare)

  • Jan 25 10:10
    adulau closed #285
  • Jan 25 08:35
    Delta-Sierra opened #285
  • Dec 30 2022 15:39
    adulau commented #18
  • Dec 30 2022 15:39

    adulau on master

    Update information_sharing_dora… Merge pull request #18 from lde… (compare)

  • Dec 30 2022 15:39
    adulau closed #18
  • Dec 30 2022 09:39
    ldelavaissiere opened #18
  • Dec 08 2022 08:58

    adulau on main

    chg: [README] updated (compare)

  • Nov 12 2022 11:50
    adulau commented #17
  • Nov 12 2022 11:50

    adulau on master

    Update README.md Proposal to l… Merge pull request #17 from lde… (compare)

  • Nov 12 2022 11:50
    adulau closed #17
  • Nov 12 2022 11:49
    ldelavaissiere opened #17
  • Nov 12 2022 11:46
    iglocska commented #16
  • Nov 12 2022 11:36
    ldelavaissiere commented #16
  • Nov 12 2022 11:35
    adulau commented #16
  • Nov 12 2022 11:35
    adulau closed #16
  • Nov 12 2022 11:35

    adulau on master

    Create information_sharing_dora… Merge pull request #16 from lde… (compare)

  • Nov 12 2022 11:28
    ldelavaissiere opened #16
andras
@andras:matrix.circl.lu
[m]
$this->getConfig('roles_property', 'roles');
this is where the key at which the roles can be found is read
which you need to configure in two places:
  1. in your MISP's oidc config
  1. your IAM / OIDC implementation needs to actually pass the roles along via that key
so make sure that this actually happens
this needs to be exposed via the userinfo endpoint, as requested by the oidc library used by the plugin here:
GV-007
@GV-007
@andras:matrix.circl.lu indeed, I am using OneLogin IdP, which by default uses groups, so I tried 2 things already:
  • In the MISP OIDC config defining 'groups' as key
  • In OneLogin changing key to roles (default of MSIP)
    In both cases $roles keeps empty
andras
@andras:matrix.circl.lu
[m]
I have never used OneLogin, if you craft a query for the userinfo endpoint, can you see groups being included as a key?
If you're OK with trying something hacky:
in the plugin itself
after this line:
GV-007
@GV-007
@andras:matrix.circl.lu I am not a programmer, so not sure how to craft the query...
you can get the full contents of the userinfo via $oidc->requestUserInfo();
it might make sense to grab that and log it
just to make sure that OneLogin actually includes the roles
GV-007
@GV-007
OK, I just add that line and then log: $this->log($oidc, "oidc_log");, right ?
andras
@andras:matrix.circl.lu
[m]
something like this rather:
$this->log(json_encode($oidc->requestUserInfo()), "oidc_log");
GV-007
@GV-007
@andras:matrix.circl.lu thanks for the tip, I don't see any roles in the output:
2021-09-29 09:42:40 Info: OIDC: User `{"sub":"59611704","email":"geert.verstrepen@XXX","preferred_username":"XXX","name":"Geert Verstrepen"}` – oidc_log
andras
@andras:matrix.circl.lu
[m]
yeah was stuck on something similar last week with another tool / another idp :)
GV-007
@GV-007
@andras:matrix.circl.lu on OneLogin end, I configured the roles parameter, so not sure why we don't see it...
andras
@andras:matrix.circl.lu
[m]
For what I was stuck on: I also configured the groups/roles in the tool (in my case it was keycloak) but I had to specifically map it so that it would actually show up in the response and the JWT
GV-007
@GV-007
@andras:matrix.circl.lu, many thanks, I'll start now by creating a ticket at OneLogin
Keep you informed
andras
@andras:matrix.circl.lu
[m]
no worries
if it helps:
from keycloak it looked like this:
it's the very last entry that did it
ended up with it being included in the JWT:
3 replies
Matthew
@yaekmj_twitter
Is there a common way to express generic $EmailRecipient rather than leaking users addresses ?
GV-007
@GV-007
@andras:matrix.circl.lu got a reply on my support case that in the request a scope should bedfined:
To allow roles to be sent, you need to set the appropriate scope, see https://developers.onelogin.com/openid-connect/scopes
Brent Murphy
@bm11100

I've got a cron just set up to cache feeds and it has been working fine. I saw the feeds havent been cached lately and when I run /var/www/MISP/app/Console/cake Server cacheFeed 2 all 2>&1 manually I am getting errors like below -

2021-09-29 14:46:41 Notice: Redis::exec(): send of 8192 bytes failed with errno=32 Broken pipe in [/var/www/MISP/app/Model/Feed.php, line 1334]
Notice Error: Redis::exec(): send of 8192 bytes failed with errno=32 Broken pipe in [/var/www/MISP/app/Model/Feed.php, line 1334]

I havent modified the Feed.php file at all, the error in this instance is $pipe->exec();. Has anyone had this issue?

Disk space is not full

Filesystem      Size  Used Avail Use% Mounted on
devtmpfs        7.7G     0  7.7G   0% /dev
tmpfs           7.7G     0  7.7G   0% /dev/shm
tmpfs           7.7G   33M  7.7G   1% /run
tmpfs           7.7G     0  7.7G   0% /sys/fs/cgroup
/dev/nvme0n1p1  500G  9.6G  491G   2% /
tmpfs           1.6G     0  1.6G   0% /run/user/1003
1 reply
cac0ns3c
@cac0ns3c
i delete all the events from MISP using PyMISP but now when i'm trying to get them again from the feeds i'm getting the. error
2021-09-29 20:12:41 Error: Could not save freetext feed data for feed 3.
[Exception] The target event is no longer valid. Make sure that the target event 816 exists.
Stack Trace:
#0 /var/www/MISP/app/Model/Feed.php(1013): Feed->saveFreetextFeedData()
#1 /var/www/MISP/app/Console/Command/ServerShell.php(297): Feed->downloadFromFeedInitiator()
#2 /var/www/MISP/app/Console/Command/AppShell.php(35): ServerShell->fetchFeed()
#3 /var/www/MISP/app/Vendor/kamisama/php-resque-ex/lib/Resque/Job.php(199): AppShell->perform()
#4 /var/www/MISP/app/Vendor/kamisama/php-resque-ex/lib/Resque/Worker.php(278): Resque_Job->perform()
#5 /var/www/MISP/app/Vendor/kamisama/php-resque-ex/lib/Resque/Worker.php(241): Resque_Worker->perform()
#6 /var/www/MISP/app/Vendor/kamisama/php-resque-ex/bin/resque(109): Resque_Worker->work()
#7 /var/www/MISP/app/Vendor/kamisama/php-resque-ex/bin/resque(100): startWorker()
#8 {main}
andras
@andras:matrix.circl.lu
[m]
Edit the feed, remove the id for the fixed event
cac0ns3c
@cac0ns3c
how do i edit the feed ?
andras
@andras:matrix.circl.lu
[m]
Feed index -> edit button on the right
cac0ns3c
@cac0ns3c
image.png
there is no event id, but outside it says fixed id 225
andras
@andras:matrix.circl.lu
[m]
Interesting
Hitting submit on the form should hopefully solve it
cac0ns3c
@cac0ns3c
didn't solve it, also tried creating new event every push
andras
@andras:matrix.circl.lu
[m]
Same error with new events every push?
Btw careful with that setting, don’t leave it on for longer than you absolutely have to
I can have a look at why resetting it doesn’t work tomorrow
cac0ns3c
@cac0ns3c
it doesn't change the fixed id