Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • Jan 31 10:50
    eromang opened #19
  • Jan 25 10:10
    adulau commented #285
  • Jan 25 10:10

    adulau on main

    update taxonomies guide (add hi… Merge pull request #285 from De… (compare)

  • Jan 25 10:10
    adulau closed #285
  • Jan 25 08:35
    Delta-Sierra opened #285
  • Dec 30 2022 15:39
    adulau commented #18
  • Dec 30 2022 15:39

    adulau on master

    Update information_sharing_dora… Merge pull request #18 from lde… (compare)

  • Dec 30 2022 15:39
    adulau closed #18
  • Dec 30 2022 09:39
    ldelavaissiere opened #18
  • Dec 08 2022 08:58

    adulau on main

    chg: [README] updated (compare)

  • Nov 12 2022 11:50
    adulau commented #17
  • Nov 12 2022 11:50

    adulau on master

    Update README.md Proposal to l… Merge pull request #17 from lde… (compare)

  • Nov 12 2022 11:50
    adulau closed #17
  • Nov 12 2022 11:49
    ldelavaissiere opened #17
  • Nov 12 2022 11:46
    iglocska commented #16
  • Nov 12 2022 11:36
    ldelavaissiere commented #16
  • Nov 12 2022 11:35
    adulau commented #16
  • Nov 12 2022 11:35
    adulau closed #16
  • Nov 12 2022 11:35

    adulau on master

    Create information_sharing_dora… Merge pull request #16 from lde… (compare)

  • Nov 12 2022 11:28
    ldelavaissiere opened #16
andras
@andras:matrix.circl.lu
[m]
If you're OK with trying something hacky:
in the plugin itself
after this line:
GV-007
@GV-007
@andras:matrix.circl.lu I am not a programmer, so not sure how to craft the query...
you can get the full contents of the userinfo via $oidc->requestUserInfo();
it might make sense to grab that and log it
just to make sure that OneLogin actually includes the roles
GV-007
@GV-007
OK, I just add that line and then log: $this->log($oidc, "oidc_log");, right ?
andras
@andras:matrix.circl.lu
[m]
something like this rather:
$this->log(json_encode($oidc->requestUserInfo()), "oidc_log");
GV-007
@GV-007
@andras:matrix.circl.lu thanks for the tip, I don't see any roles in the output:
2021-09-29 09:42:40 Info: OIDC: User `{"sub":"59611704","email":"geert.verstrepen@XXX","preferred_username":"XXX","name":"Geert Verstrepen"}` – oidc_log
andras
@andras:matrix.circl.lu
[m]
yeah was stuck on something similar last week with another tool / another idp :)
GV-007
@GV-007
@andras:matrix.circl.lu on OneLogin end, I configured the roles parameter, so not sure why we don't see it...
andras
@andras:matrix.circl.lu
[m]
For what I was stuck on: I also configured the groups/roles in the tool (in my case it was keycloak) but I had to specifically map it so that it would actually show up in the response and the JWT
GV-007
@GV-007
@andras:matrix.circl.lu, many thanks, I'll start now by creating a ticket at OneLogin
Keep you informed
andras
@andras:matrix.circl.lu
[m]
no worries
if it helps:
from keycloak it looked like this:
it's the very last entry that did it
ended up with it being included in the JWT:
3 replies
Matthew
@yaekmj_twitter
Is there a common way to express generic $EmailRecipient rather than leaking users addresses ?
GV-007
@GV-007
@andras:matrix.circl.lu got a reply on my support case that in the request a scope should bedfined:
To allow roles to be sent, you need to set the appropriate scope, see https://developers.onelogin.com/openid-connect/scopes
Brent Murphy
@bm11100

I've got a cron just set up to cache feeds and it has been working fine. I saw the feeds havent been cached lately and when I run /var/www/MISP/app/Console/cake Server cacheFeed 2 all 2>&1 manually I am getting errors like below -

2021-09-29 14:46:41 Notice: Redis::exec(): send of 8192 bytes failed with errno=32 Broken pipe in [/var/www/MISP/app/Model/Feed.php, line 1334]
Notice Error: Redis::exec(): send of 8192 bytes failed with errno=32 Broken pipe in [/var/www/MISP/app/Model/Feed.php, line 1334]

I havent modified the Feed.php file at all, the error in this instance is $pipe->exec();. Has anyone had this issue?

Disk space is not full

Filesystem      Size  Used Avail Use% Mounted on
devtmpfs        7.7G     0  7.7G   0% /dev
tmpfs           7.7G     0  7.7G   0% /dev/shm
tmpfs           7.7G   33M  7.7G   1% /run
tmpfs           7.7G     0  7.7G   0% /sys/fs/cgroup
/dev/nvme0n1p1  500G  9.6G  491G   2% /
tmpfs           1.6G     0  1.6G   0% /run/user/1003
1 reply
cac0ns3c
@cac0ns3c
i delete all the events from MISP using PyMISP but now when i'm trying to get them again from the feeds i'm getting the. error
2021-09-29 20:12:41 Error: Could not save freetext feed data for feed 3.
[Exception] The target event is no longer valid. Make sure that the target event 816 exists.
Stack Trace:
#0 /var/www/MISP/app/Model/Feed.php(1013): Feed->saveFreetextFeedData()
#1 /var/www/MISP/app/Console/Command/ServerShell.php(297): Feed->downloadFromFeedInitiator()
#2 /var/www/MISP/app/Console/Command/AppShell.php(35): ServerShell->fetchFeed()
#3 /var/www/MISP/app/Vendor/kamisama/php-resque-ex/lib/Resque/Job.php(199): AppShell->perform()
#4 /var/www/MISP/app/Vendor/kamisama/php-resque-ex/lib/Resque/Worker.php(278): Resque_Job->perform()
#5 /var/www/MISP/app/Vendor/kamisama/php-resque-ex/lib/Resque/Worker.php(241): Resque_Worker->perform()
#6 /var/www/MISP/app/Vendor/kamisama/php-resque-ex/bin/resque(109): Resque_Worker->work()
#7 /var/www/MISP/app/Vendor/kamisama/php-resque-ex/bin/resque(100): startWorker()
#8 {main}
andras
@andras:matrix.circl.lu
[m]
Edit the feed, remove the id for the fixed event
cac0ns3c
@cac0ns3c
how do i edit the feed ?
andras
@andras:matrix.circl.lu
[m]
Feed index -> edit button on the right
cac0ns3c
@cac0ns3c
image.png
there is no event id, but outside it says fixed id 225
andras
@andras:matrix.circl.lu
[m]
Interesting
Hitting submit on the form should hopefully solve it
cac0ns3c
@cac0ns3c
didn't solve it, also tried creating new event every push
andras
@andras:matrix.circl.lu
[m]
Same error with new events every push?
Btw careful with that setting, don’t leave it on for longer than you absolutely have to
I can have a look at why resetting it doesn’t work tomorrow
cac0ns3c
@cac0ns3c
it doesn't change the fixed id
andras
@andras:matrix.circl.lu
[m]
Need to grab some sleep first though
Could you open an issue on GitHub so i don’t forget?
cac0ns3c
@cac0ns3c
yeah sure, no problem
andras
@andras:matrix.circl.lu
[m]
Cheers
cac0ns3c
@cac0ns3c
@andras:matrix.circl.lu MISP/MISP#7790
cac0ns3c
@cac0ns3c
@andras:matrix.circl.lu found a workaround, delete the feed and reload it :)
cac0ns3c
@cac0ns3c
how do i edit feeds/index.json ?
GV-007
@GV-007

@andras:matrix.circl.lu got a reply on my support case that in the request a scope should bedfined:
To allow roles to be sent, you need to set the appropriate scope, see https://developers.onelogin.com/openid-connect/scopes

@andras:matrix.circl.lu does this ring a bell to you, adding additional scopes for oidc ?

Xebus
@Xebus-Systems
Yo is it possible to reset your MISP configuration back to default?
Xebus
@Xebus-Systems
anyone have an example around how to configure email notifications to work in MISP, i cant find any documentation anywhere for this