Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Feb 06 09:16
    NetwarSystem closed #26
  • Jan 20 22:34
    fbruzzaniti opened #31
  • Dec 10 2021 10:03
    amit10may closed #30
  • Dec 10 2021 10:03
    amit10may commented #30
  • Dec 07 2021 09:41
    amit10may opened #30
  • Aug 17 2021 05:10
    Ari-R opened #29
  • Aug 02 2021 05:48
    m00-k opened #28
  • Apr 10 2021 21:12
    Sreejith2k commented #27
  • Apr 09 2021 12:10
    0xtf closed #27
  • Apr 09 2021 12:10
    0xtf commented #27
  • Apr 09 2021 11:23
    Sreejith2k edited #27
  • Apr 09 2021 11:22
    Sreejith2k opened #27
  • Feb 15 2021 09:48
    NetwarSystem opened #26
  • Feb 11 2021 15:27
    andrew134598 opened #25
  • Sep 29 2020 18:23
    ChristophFrankeSecurity commented #23
  • Sep 28 2020 10:23
    0xtf commented #23
  • Sep 26 2020 18:07
    ChristophFrankeSecurity commented #23
  • Sep 24 2020 23:37
    0xtf commented #23
  • Sep 24 2020 23:28

    0xtf on master

    build in Frankfurt (compare)

  • Sep 24 2020 23:27

    0xtf on master

    2.4.132 (compare)

matrixbot
@matrixbot
NickServ on Freenode You have 30 seconds to identify to your nickname before it is changed.
NickServ on Freenode Invalid password for gouki.
NickServ on Freenode This nickname is registered. Please choose a different nickname, or identify via /msg NickServ identify <password>.
NickServ on Freenode You failed to identify in time for the nickname gouki
mumenomari
@mumenomari
Hello Everyone...not able to find MIPS-Cloud on AWS....was it remove or the name changed ?
Mumbar
@MumbarGit
Hi,
I would like to ask on MISP-cloud. After deployment it says: “Production usage is considered harmful.”
Is it meant in general? Or if I would follow guidance in https://github.com/MISP/misp-cloud/wiki/MISP-and-Cloud-Securityand change salt and those passwords it can be used for production without any security concerns?
matrixbot
@matrixbot
NickServ on Freenode This nickname is registered. Please choose a different nickname, or identify via /msg NickServ identify <password>.
NickServ on Freenode Invalid password for gouki.
matrixbot
@matrixbot
NickServ on Freenode This nickname is registered. Please choose a different nickname, or identify via /msg NickServ identify <password>.
matrixbot
@matrixbot
NickServ on Freenode Invalid password for gouki.
NickServ on Freenode This nickname is registered. Please choose a different nickname, or identify via /msg NickServ identify <password>.
matrixbot
@matrixbot
NickServ on Freenode Invalid password for gouki.
NickServ on Freenode This nickname is registered. Please choose a different nickname, or identify via /msg NickServ identify <password>.
matrixbot
@matrixbot
NickServ on Freenode Invalid password for gouki.
matrixbot
@matrixbot
NickServ on Freenode Invalid password for gouki.
matrixbot
@matrixbot
NickServ on Freenode This nickname is registered. Please choose a different nickname, or identify via /msg NickServ identify <password>.
matrixbot
@matrixbot
NickServ on Freenode This nickname is registered. Please choose a different nickname, or identify via /msg NickServ identify <password>.
rf-bmecha
@rf-bmecha
Trying to download the MISP AMI but it looks like it's no longer there. Have they been removed? Searced the AMI IDs as well with no luck
Mohamed Sultan
@mohammedsultan
@MumbarGit Did you find the answer?
Malte Spille
@malte_spille_twitter
Hi, I'm testing misp-cloud. In my instance there's no open module port (6666). Therefore i get "Connection refused" in diagnostics. So far i haven't changed anything. Is this intended? Thanks!
sugimanoj2020
@sugimanoj2020

Hi, I have a MISP instance up and running in AWS. I couldnt run the modules. The diagnostics tab under server settings shows connection refused. Any help would be greatly appreciated.

Enrichment module system…Connection refused
Import module system…Connection refused
Export module system…Connection refused
Cortex module system…System not enabled

Malte Spille
@malte_spille_twitter
@sugimanoj2020 Hi, i had the same problem in my instance. misp-modules fail to start. Therefore there's no socket on port 6666 and you receive the connection refused. I tried to start misp-modules via cli and received a lot of dependency problems. Try to start misp without -s this works for me
sugimanoj2020
@sugimanoj2020
@malte_spille_twitter Thanks a lot, let me try :)
sugimanoj2020
@sugimanoj2020
@malte_spille_twitter ubuntu@ip-172-31-37-176:/usr/local/src/misp-modules$ /var/www/MISP/venv/bin/misp-modules -l 127.0.0.1
-bash: /var/www/MISP/venv/bin/misp-modules: Permission denied
ubuntu@ip-172-31-37-176:/usr/local/src/misp-modules$ /var/www/MISP/venv/bin/misp-modules -l 127.0.0.1 -s
-bash: /var/www/MISP/venv/bin/misp-modules: Permission denied
ubuntu@ip-172-31-37-176:/usr/local/src/misp-modules$
Mumbar
@MumbarGit
@mohammedsultan No. I went for Ubuntu server (with hardening) and install MISP on it.
rf-bmecha
@rf-bmecha
@mohammedsultan I did the same and installed MISP from a Ubuntu Server on AWS
Malte Spille
@malte_spille_twitter
Hello, is there something to configure to get email working? Maybe within AWS?
JessScull
@JessScull
Hello, I am using the AWS MISP AMI and today I am having issues where some of the tabs on the console say 'internal server error' for diagnostics, jobs and pulling feeds. I also am getting connection refused from the server. The AMI image I am using is ami-0df84149addb57878 are there any known issues with this?
Malte Spille
@malte_spille_twitter
Hi guys, some imports don't work on my system. I've tested it with stix and joe-import. According to the diagnostics the import module is working fine. No problems with e.g. OpenIOC-imports. Any ideas? Thanks.
Mikey995
@Mikey995

Hi guys, now I have pretty challenging integration with MISP and Azure Sentinel. (Using Ubuntu1804)
I'm trying to upload all indicators to Sentinel within 1 DAY. Basically, it takes lots more days but we found a way to make this time shorter as follows:

  1. copy directories under /MISP
  2. modify each 'conf.py' to filter IoC (I filtered by 'Attribute' such as 'ip-src' and 'sha1')
  3. run multiple scripts at the same time

It works actually, but unfortunately, 'ip-src' includes about 400,000 IoC so it is bottleneck now...
So, now I'm looking for some other filter which includes less than 200,000 IoC for each. Does anyone have brilliant ideas about this? Thanks!

Bradley Logan
@brlogan
It looks like the salt is now randomly generated, so there may not be a need to change it after install. Is that correct?
Pragathi633
@Pragathi633
Hi Everyone Im trying to build misp usinf the docker image on aws ECR Fargate service - Im strugllign as the variables are not passing has anyone done this model before
andrew134598
@andrew134598
Hi, is the license for misp-cloud open/free?
chilltownmayor
@chilltownmayor

Hi Folks, has anyone been successful launching MISP as a container instance in azure and using azure database for mysql servers.
its probably a unique deployment, but we are trying to leverage azure services for our deployment.
Ive built my docker locally then pushed to container registry and mount volumes using azure storage.

More context - i copy the /data_dir/ folder to a file share and mount via ARM. The issue I keep running into is the docker terminates when generating the gnugp.

Jason Zhang
@cyberML
Guys, have you got any experiences deploying MISP on GCP (with DB using Cloud MySQL)? We are thinking to run a docker image on it. What are the pros/cons? Any best practices/suggestions will be greatly appreciated! Thanks
andrew134598
@andrew134598
Hi Guys, did you try to do load balancing for Cloud-MISP?
Erreinion
@Erreinion
I've been asked to estimate the costs of running a MISP instance in the cloud (AWS) with a resilient infrastructure (Route53, WAF, etc.) I know it's like asking "how long is a piece of string?" but are there ranges and estimates? Do you have aggregate costs that you can share? I'm writing a guide for all the Public Sector organisations and universities and colleges in Scotland. I'm advocating for an ISAC, but they want to know the costs for each individual org to host their own (that way, the cost savings of an ISAC can be more fully understood).
andrew134598
@andrew134598
I have installed the MISP AWS instance (v2.4.141), but the REST API doesn't work? Any ideas what is wrong?
adulau
@adulau:matrix.circl.lu
[m]
What do you mean by it doesn’t work? If you use curl and use your api key? what kind of error message do you get? Have you tried the ReST client from the MISP UI?
andrew134598
@andrew134598
The Rest Client cannot displayed event 1 row as I set limit ="1". After a few minutes I receives an error "Something went wrong. Connection timed out". The same activity on another instance takes a few seconds. If I run Curl i receive 0 results, 0 errors, however I know that these data are in MISP.
adulau
@adulau:matrix.circl.lu
[m]
Can you share your query?
Did you check the error logs?
gijoemygoodness
@gijoemygoodness
I have somewhat of a newb question. When I first visit my MISP instance (deployed via AMI), the banner at the top states: "Production usage is considered harmful. Read: https://github.com/MISP/misp-cloud/wiki/MISP-and-Cloud-Security". Is that just a banner I change or are there many things needed to be changed in order to be considered safe for production use?
Right now we use VPC security groups to control access to the instance. But I know there are many other settings that can be modified on the platform to handle user auth, logging, and security, but I'm not sure what's considered absolutely vital.
andrew134598
@andrew134598
Hi Guys, Please advise how the MISP upload files to S3 and how to configure it correctly? I set Plugin.S3_enable, Plugin.S3_bucket_name, Plugin.S3_region, but new attachements are not added to my S3. What may be wrong?
adulau
@adulau:matrix.circl.lu
[m]
https://twitter.com/MISPProject/status/1393141380369821697 - On the 15th May 2011, a first version of MISP was released. We are celebrating our first 10 years birthday as the leading open source project for information and intelligence sharing. Thanks to all the people and organisations who support us. #opensource #infosec #DFIR #CTI
Amey Narale
@amey9:matrix.org
[m]
Hey, I am trying to deploy MISP on AWS EC2. I am able to see 2 different community AMIs, MISP-Cloud-1600988553 and MISP-1588754359. Which one should I go ahead with? There isn't much documentation and details available about their difference.
2 replies
Yiwei (Gilbert) Guo
@GilbertGuo
image.png
Hey, I'm trying to find a MISP cloud instance on AWS but there isn't any. Anyone has any ideas?
image.png