Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Apr 10 21:12
    Sreejith2k commented #27
  • Apr 09 12:10
    0xtf closed #27
  • Apr 09 12:10
    0xtf commented #27
  • Apr 09 11:23
    Sreejith2k edited #27
  • Apr 09 11:22
    Sreejith2k opened #27
  • Feb 15 09:48
    NetwarSystem opened #26
  • Feb 11 15:27
    andrew134598 opened #25
  • Sep 29 2020 18:23
    ChristophFrankeSecurity commented #23
  • Sep 28 2020 10:23
    0xtf commented #23
  • Sep 26 2020 18:07
    ChristophFrankeSecurity commented #23
  • Sep 24 2020 23:37
    0xtf commented #23
  • Sep 24 2020 23:28

    0xtf on master

    build in Frankfurt (compare)

  • Sep 24 2020 23:27

    0xtf on master

    2.4.132 (compare)

  • Sep 24 2020 23:21

    0xtf on master

    Updated AMI Identifiers (compare)

  • Sep 24 2020 22:25

    0xtf on master

    Updated AMI Identifiers (compare)

  • Sep 24 2020 21:44

    0xtf on master

    2.4.131 (compare)

  • Sep 21 2020 21:01
    ChristophFrankeSecurity opened #24
  • Sep 10 2020 14:50

    0xtf on master

    Updated AMI Identifiers (compare)

  • Jul 29 2020 12:13
    cudeso opened #23
  • May 20 2020 18:22
    0xtf labeled #15
Ibrahim Bin Asaker
@MGS88
hello everyone
is there fast forward way to install https certificate in misp?
Tiago Faria
@0xtf
@SteveClement 🤣 way ahead of us :P
Steve Clement
@SteveClement
@MGS88 I did use lets encrypt without a problem. I followed the certbot instructions AFTER my regular MISP Install: https://certbot.eff.org/lets-encrypt/ubuntubionic-apache.html
I did NOT add the external repository, FYI.
matrixbot
@matrixbot
NickServ on Freenode Guest18103 is not a registered nickname.
matrixbot
@matrixbot
NickServ on Freenode You have 30 seconds to identify to your nickname before it is changed.
NickServ on Freenode Invalid password for gouki.
NickServ on Freenode This nickname is registered. Please choose a different nickname, or identify via /msg NickServ identify <password>.
NickServ on Freenode You failed to identify in time for the nickname gouki
mumenomari
@mumenomari
Hello Everyone...not able to find MIPS-Cloud on AWS....was it remove or the name changed ?
Mumbar
@MumbarGit
Hi,
I would like to ask on MISP-cloud. After deployment it says: “Production usage is considered harmful.”
Is it meant in general? Or if I would follow guidance in https://github.com/MISP/misp-cloud/wiki/MISP-and-Cloud-Securityand change salt and those passwords it can be used for production without any security concerns?
matrixbot
@matrixbot
NickServ on Freenode This nickname is registered. Please choose a different nickname, or identify via /msg NickServ identify <password>.
NickServ on Freenode Invalid password for gouki.
matrixbot
@matrixbot
NickServ on Freenode This nickname is registered. Please choose a different nickname, or identify via /msg NickServ identify <password>.
matrixbot
@matrixbot
NickServ on Freenode Invalid password for gouki.
NickServ on Freenode This nickname is registered. Please choose a different nickname, or identify via /msg NickServ identify <password>.
matrixbot
@matrixbot
NickServ on Freenode Invalid password for gouki.
NickServ on Freenode This nickname is registered. Please choose a different nickname, or identify via /msg NickServ identify <password>.
matrixbot
@matrixbot
NickServ on Freenode Invalid password for gouki.
matrixbot
@matrixbot
NickServ on Freenode Invalid password for gouki.
matrixbot
@matrixbot
NickServ on Freenode This nickname is registered. Please choose a different nickname, or identify via /msg NickServ identify <password>.
matrixbot
@matrixbot
NickServ on Freenode This nickname is registered. Please choose a different nickname, or identify via /msg NickServ identify <password>.
rf-bmecha
@rf-bmecha
Trying to download the MISP AMI but it looks like it's no longer there. Have they been removed? Searced the AMI IDs as well with no luck
Mohamed Sultan
@mohammedsultan
@MumbarGit Did you find the answer?
Malte Spille
@malte_spille_twitter
Hi, I'm testing misp-cloud. In my instance there's no open module port (6666). Therefore i get "Connection refused" in diagnostics. So far i haven't changed anything. Is this intended? Thanks!
sugimanoj2020
@sugimanoj2020

Hi, I have a MISP instance up and running in AWS. I couldnt run the modules. The diagnostics tab under server settings shows connection refused. Any help would be greatly appreciated.

Enrichment module system…Connection refused
Import module system…Connection refused
Export module system…Connection refused
Cortex module system…System not enabled

Malte Spille
@malte_spille_twitter
@sugimanoj2020 Hi, i had the same problem in my instance. misp-modules fail to start. Therefore there's no socket on port 6666 and you receive the connection refused. I tried to start misp-modules via cli and received a lot of dependency problems. Try to start misp without -s this works for me
sugimanoj2020
@sugimanoj2020
@malte_spille_twitter Thanks a lot, let me try :)
sugimanoj2020
@sugimanoj2020
@malte_spille_twitter ubuntu@ip-172-31-37-176:/usr/local/src/misp-modules$ /var/www/MISP/venv/bin/misp-modules -l 127.0.0.1
-bash: /var/www/MISP/venv/bin/misp-modules: Permission denied
ubuntu@ip-172-31-37-176:/usr/local/src/misp-modules$ /var/www/MISP/venv/bin/misp-modules -l 127.0.0.1 -s
-bash: /var/www/MISP/venv/bin/misp-modules: Permission denied
ubuntu@ip-172-31-37-176:/usr/local/src/misp-modules$
Mumbar
@MumbarGit
@mohammedsultan No. I went for Ubuntu server (with hardening) and install MISP on it.
rf-bmecha
@rf-bmecha
@mohammedsultan I did the same and installed MISP from a Ubuntu Server on AWS
Malte Spille
@malte_spille_twitter
Hello, is there something to configure to get email working? Maybe within AWS?
JessScull
@JessScull
Hello, I am using the AWS MISP AMI and today I am having issues where some of the tabs on the console say 'internal server error' for diagnostics, jobs and pulling feeds. I also am getting connection refused from the server. The AMI image I am using is ami-0df84149addb57878 are there any known issues with this?
Malte Spille
@malte_spille_twitter
Hi guys, some imports don't work on my system. I've tested it with stix and joe-import. According to the diagnostics the import module is working fine. No problems with e.g. OpenIOC-imports. Any ideas? Thanks.
Mikey995
@Mikey995

Hi guys, now I have pretty challenging integration with MISP and Azure Sentinel. (Using Ubuntu1804)
I'm trying to upload all indicators to Sentinel within 1 DAY. Basically, it takes lots more days but we found a way to make this time shorter as follows:

  1. copy directories under /MISP
  2. modify each 'conf.py' to filter IoC (I filtered by 'Attribute' such as 'ip-src' and 'sha1')
  3. run multiple scripts at the same time

It works actually, but unfortunately, 'ip-src' includes about 400,000 IoC so it is bottleneck now...
So, now I'm looking for some other filter which includes less than 200,000 IoC for each. Does anyone have brilliant ideas about this? Thanks!

Bradley Logan
@brlogan
It looks like the salt is now randomly generated, so there may not be a need to change it after install. Is that correct?
Pragathi633
@Pragathi633
Hi Everyone Im trying to build misp usinf the docker image on aws ECR Fargate service - Im strugllign as the variables are not passing has anyone done this model before
andrew134598
@andrew134598
Hi, is the license for misp-cloud open/free?
chilltownmayor
@chilltownmayor

Hi Folks, has anyone been successful launching MISP as a container instance in azure and using azure database for mysql servers.
its probably a unique deployment, but we are trying to leverage azure services for our deployment.
Ive built my docker locally then pushed to container registry and mount volumes using azure storage.

More context - i copy the /data_dir/ folder to a file share and mount via ARM. The issue I keep running into is the docker terminates when generating the gnugp.

Jason Zhang
@cyberML
Guys, have you got any experiences deploying MISP on GCP (with DB using Cloud MySQL)? We are thinking to run a docker image on it. What are the pros/cons? Any best practices/suggestions will be greatly appreciated! Thanks
andrew134598
@andrew134598
Hi Guys, did you try to do load balancing for Cloud-MISP?
Erreinion
@Erreinion
I've been asked to estimate the costs of running a MISP instance in the cloud (AWS) with a resilient infrastructure (Route53, WAF, etc.) I know it's like asking "how long is a piece of string?" but are there ranges and estimates? Do you have aggregate costs that you can share? I'm writing a guide for all the Public Sector organisations and universities and colleges in Scotland. I'm advocating for an ISAC, but they want to know the costs for each individual org to host their own (that way, the cost savings of an ISAC can be more fully understood).
andrew134598
@andrew134598
I have installed the MISP AWS instance (v2.4.141), but the REST API doesn't work? Any ideas what is wrong?
adulau
@adulau:matrix.circl.lu
[m]
What do you mean by it doesn’t work? If you use curl and use your api key? what kind of error message do you get? Have you tried the ReST client from the MISP UI?
andrew134598
@andrew134598
The Rest Client cannot displayed event 1 row as I set limit ="1". After a few minutes I receives an error "Something went wrong. Connection timed out". The same activity on another instance takes a few seconds. If I run Curl i receive 0 results, 0 errors, however I know that these data are in MISP.
adulau
@adulau:matrix.circl.lu
[m]
Can you share your query?
Did you check the error logs?
gijoemygoodness
@gijoemygoodness
I have somewhat of a newb question. When I first visit my MISP instance (deployed via AMI), the banner at the top states: "Production usage is considered harmful. Read: https://github.com/MISP/misp-cloud/wiki/MISP-and-Cloud-Security". Is that just a banner I change or are there many things needed to be changed in order to be considered safe for production use?
Right now we use VPC security groups to control access to the instance. But I know there are many other settings that can be modified on the platform to handle user auth, logging, and security, but I'm not sure what's considered absolutely vital.
andrew134598
@andrew134598
Hi Guys, Please advise how the MISP upload files to S3 and how to configure it correctly? I set Plugin.S3_enable, Plugin.S3_bucket_name, Plugin.S3_region, but new attachements are not added to my S3. What may be wrong?