MISP/misp-cloud

matrixbot

@matrixbot

NickServ on Freenode You have 30 seconds to identify to your nickname before it is changed.

NickServ on Freenode Invalid password for gouki.

NickServ on Freenode This nickname is registered. Please choose a different nickname, or identify via /msg NickServ identify <password>.

NickServ on Freenode You failed to identify in time for the nickname gouki

mumenomari

@mumenomari

Hello Everyone...not able to find MIPS-Cloud on AWS....was it remove or the name changed ?

Mumbar

@MumbarGit

Hi,
I would like to ask on MISP-cloud. After deployment it says: “Production usage is considered harmful.”
Is it meant in general? Or if I would follow guidance in https://github.com/MISP/misp-cloud/wiki/MISP-and-Cloud-Securityand change salt and those passwords it can be used for production without any security concerns?

matrixbot

@matrixbot

NickServ on Freenode This nickname is registered. Please choose a different nickname, or identify via /msg NickServ identify <password>.

NickServ on Freenode Invalid password for gouki.

matrixbot

@matrixbot

NickServ on Freenode This nickname is registered. Please choose a different nickname, or identify via /msg NickServ identify <password>.

matrixbot

@matrixbot

NickServ on Freenode Invalid password for gouki.

NickServ on Freenode This nickname is registered. Please choose a different nickname, or identify via /msg NickServ identify <password>.

matrixbot

@matrixbot

NickServ on Freenode Invalid password for gouki.

NickServ on Freenode This nickname is registered. Please choose a different nickname, or identify via /msg NickServ identify <password>.

matrixbot

@matrixbot

NickServ on Freenode Invalid password for gouki.

matrixbot

@matrixbot

NickServ on Freenode Invalid password for gouki.

matrixbot

@matrixbot

NickServ on Freenode This nickname is registered. Please choose a different nickname, or identify via /msg NickServ identify <password>.

matrixbot

@matrixbot

NickServ on Freenode This nickname is registered. Please choose a different nickname, or identify via /msg NickServ identify <password>.

rf-bmecha

@rf-bmecha

Trying to download the MISP AMI but it looks like it's no longer there. Have they been removed? Searced the AMI IDs as well with no luck

Mohamed Sultan

@mohammedsultan

@MumbarGit Did you find the answer?

Malte Spille

@malte_spille_twitter

Hi, I'm testing misp-cloud. In my instance there's no open module port (6666). Therefore i get "Connection refused" in diagnostics. So far i haven't changed anything. Is this intended? Thanks!

sugimanoj2020

@sugimanoj2020

Hi, I have a MISP instance up and running in AWS. I couldnt run the modules. The diagnostics tab under server settings shows connection refused. Any help would be greatly appreciated.

Enrichment module system…Connection refused
Import module system…Connection refused
Export module system…Connection refused
Cortex module system…System not enabled

Malte Spille

@malte_spille_twitter

@sugimanoj2020 Hi, i had the same problem in my instance. misp-modules fail to start. Therefore there's no socket on port 6666 and you receive the connection refused. I tried to start misp-modules via cli and received a lot of dependency problems. Try to start misp without -s this works for me

sugimanoj2020

@sugimanoj2020

@malte_spille_twitter Thanks a lot, let me try :)

sugimanoj2020

@sugimanoj2020

@malte_spille_twitter ubuntu@ip-172-31-37-176:/usr/local/src/misp-modules$ /var/www/MISP/venv/bin/misp-modules -l 127.0.0.1
-bash: /var/www/MISP/venv/bin/misp-modules: Permission denied
ubuntu@ip-172-31-37-176:/usr/local/src/misp-modules$ /var/www/MISP/venv/bin/misp-modules -l 127.0.0.1 -s
-bash: /var/www/MISP/venv/bin/misp-modules: Permission denied
ubuntu@ip-172-31-37-176:/usr/local/src/misp-modules$

Mumbar

@MumbarGit

@mohammedsultan No. I went for Ubuntu server (with hardening) and install MISP on it.

rf-bmecha

@rf-bmecha

@mohammedsultan I did the same and installed MISP from a Ubuntu Server on AWS

Malte Spille

@malte_spille_twitter

Hello, is there something to configure to get email working? Maybe within AWS?

JessScull

@JessScull

Hello, I am using the AWS MISP AMI and today I am having issues where some of the tabs on the console say 'internal server error' for diagnostics, jobs and pulling feeds. I also am getting connection refused from the server. The AMI image I am using is ami-0df84149addb57878 are there any known issues with this?

Malte Spille

@malte_spille_twitter

Hi guys, some imports don't work on my system. I've tested it with stix and joe-import. According to the diagnostics the import module is working fine. No problems with e.g. OpenIOC-imports. Any ideas? Thanks.

Mikey995

@Mikey995

Hi guys, now I have pretty challenging integration with MISP and Azure Sentinel. (Using Ubuntu1804)
I'm trying to upload all indicators to Sentinel within 1 DAY. Basically, it takes lots more days but we found a way to make this time shorter as follows:

copy directories under /MISP
modify each 'conf.py' to filter IoC (I filtered by 'Attribute' such as 'ip-src' and 'sha1')
run multiple scripts at the same time

It works actually, but unfortunately, 'ip-src' includes about 400,000 IoC so it is bottleneck now...
So, now I'm looking for some other filter which includes less than 200,000 IoC for each. Does anyone have brilliant ideas about this? Thanks!

Bradley Logan

@brlogan

It looks like the salt is now randomly generated, so there may not be a need to change it after install. Is that correct?

Pragathi633

@Pragathi633

Hi Everyone Im trying to build misp usinf the docker image on aws ECR Fargate service - Im strugllign as the variables are not passing has anyone done this model before

andrew134598

@andrew134598

Hi, is the license for misp-cloud open/free?

chilltownmayor

@chilltownmayor

Hi Folks, has anyone been successful launching MISP as a container instance in azure and using azure database for mysql servers.
its probably a unique deployment, but we are trying to leverage azure services for our deployment.
Ive built my docker locally then pushed to container registry and mount volumes using azure storage.

More context - i copy the /data_dir/ folder to a file share and mount via ARM. The issue I keep running into is the docker terminates when generating the gnugp.

Jason Zhang

@cyberML

Guys, have you got any experiences deploying MISP on GCP (with DB using Cloud MySQL)? We are thinking to run a docker image on it. What are the pros/cons? Any best practices/suggestions will be greatly appreciated! Thanks

andrew134598

@andrew134598

Hi Guys, did you try to do load balancing for Cloud-MISP?

Erreinion

@Erreinion

I've been asked to estimate the costs of running a MISP instance in the cloud (AWS) with a resilient infrastructure (Route53, WAF, etc.) I know it's like asking "how long is a piece of string?" but are there ranges and estimates? Do you have aggregate costs that you can share? I'm writing a guide for all the Public Sector organisations and universities and colleges in Scotland. I'm advocating for an ISAC, but they want to know the costs for each individual org to host their own (that way, the cost savings of an ISAC can be more fully understood).

andrew134598

@andrew134598

I have installed the MISP AWS instance (v2.4.141), but the REST API doesn't work? Any ideas what is wrong?

adulau

@adulau:matrix.circl.lu

[m]

What do you mean by it doesn’t work? If you use curl and use your api key? what kind of error message do you get? Have you tried the ReST client from the MISP UI?

andrew134598

@andrew134598

The Rest Client cannot displayed event 1 row as I set limit ="1". After a few minutes I receives an error "Something went wrong. Connection timed out". The same activity on another instance takes a few seconds. If I run Curl i receive 0 results, 0 errors, however I know that these data are in MISP.

adulau

@adulau:matrix.circl.lu

[m]

Can you share your query?

Did you check the error logs?

gijoemygoodness

@gijoemygoodness

I have somewhat of a newb question. When I first visit my MISP instance (deployed via AMI), the banner at the top states: "Production usage is considered harmful. Read: https://github.com/MISP/misp-cloud/wiki/MISP-and-Cloud-Security". Is that just a banner I change or are there many things needed to be changed in order to be considered safe for production use?

Right now we use VPC security groups to control access to the instance. But I know there are many other settings that can be modified on the platform to handle user auth, logging, and security, but I'm not sure what's considered absolutely vital.

andrew134598

@andrew134598

Hi Guys, Please advise how the MISP upload files to S3 and how to configure it correctly? I set Plugin.S3_enable, Plugin.S3_bucket_name, Plugin.S3_region, but new attachements are not added to my S3. What may be wrong?

adulau

@adulau:matrix.circl.lu

[m]

https://twitter.com/MISPProject/status/1393141380369821697 - On the 15th May 2011, a first version of MISP was released. We are celebrating our first 10 years birthday as the leading open source project for information and intelligence sharing. Thanks to all the people and organisations who support us. #opensource #infosec #DFIR #CTI

Amey Narale

@amey9:matrix.org

[m]

Hey, I am trying to deploy MISP on AWS EC2. I am able to see 2 different community AMIs, MISP-Cloud-1600988553 and MISP-1588754359. Which one should I go ahead with? There isn't much documentation and details available about their difference.

2 replies

Yiwei (Gilbert) Guo

@GilbertGuo

Hey, I'm trying to find a MISP cloud instance on AWS but there isn't any. Anyone has any ideas?

Where communities thrive

People

Repo info

Activity