A collection of tips for using MISP.

Related tags

Miscellaneous misp-tip-of-the-week
Overview

MISP Tip of the Week

A collection of tips for using MISP. Published via BelgoMISP (todo) and this repository. Available in MD and JSON.

Do you want to contribute? Suggest a tip via a Github issue or do a PR to the JSON file.

Tips of the Week

20220302 Administration workers jobs

You can get the number of pending jobs in the MISP workers via {misp_url}/servers/getWorkers .

https://www.misp-project.org/2020/08/22/MISP-Monitoring-with-Cacti.html/

20220302 Administration usermanagement

Reset the password of a user via the CLI /var/www/MISP/app/Console/cake Password [email protected] Password1234

20220302 Administration correlations performance

Correlations aren’t cached, this means that they are requested (counted) every time when accessing the event index page. You can get a huge performance increase on the event index page by disabling MISP.showCorrelationsOnIndex.

https://www.vanimpe.eu/2021/03/25/staying-in-control-of-misp-correlations/

JSON format

    {
        "timestamp": "20220302",
        "category": "Administration",
        "tags": ["correlations", "performance"],
        "refs": [ "https://www.misp-project.org/" ],
        "screenshots": [ "https://raw.githubusercontent.com/MISP/misp-website/new/assets/assets/images/misp-small.png"],
        "value": "tip"
    }

Each tip as an entry. Most recent entry is the first in the list.

  • Timestamp: date in YYYYMMDD
  • Category: Administration, Threatintel, Misc
  • Tags: list of tags
  • Refs: list of external references
  • Screenshots: list of screenshots (put the files on Github)
  • Entry: text
Comments
  • [TIP] Uniqueness of attributes in an event

    [TIP] Uniqueness of attributes in an event

    Category

    Threatintel

    Tags

    Add tags for the tip

    Tip

    As attribute: need to be unique for the event As attribute part of an object: does not need to be unique for the event

    tip 
    opened by cudeso 4
  • [TIP] Custom taxonomy

    [TIP] Custom taxonomy

    Category

    Select one: Threatintel

    Tags

    taxonomy, tags

    Tip

    You can add custom taxonomies to describe for example internal sources that provided intel or that were affected by a specific threat.

    • /var/www/MISP/app/files/taxonomies
    • Create a directory with the name of your taxonomy
    • Add a JSON file called machinetag.json
    • When finished, ensure that the files are readable by the web user
    • chown -R www-data:www-data yourtaxonomy
    tip 
    opened by cudeso 4
  • [TIP] CSP Security.csp_enforce

    [TIP] CSP Security.csp_enforce

    Category

    Select one: Administration

    Tags

    Add tags for the tip

    Tip

    Set Security.csp_enforce to true In config, section 'Security'

    'csp' =>
array(
  'font-src' => "'self' fonts.gstatic.com"
)
    tip 
    opened by cudeso 3
  • [TIP] Use the API to query logs to add to your monitoring host

    [TIP] Use the API to query logs to add to your monitoring host

    Category

    Administration

    Tags

    logs, monitoring, SIEM

    Tip

    You can query the /admin/logs API to get a list of recent event or attribute changes per user. The same API can also be used to track authentication attempts.

    Run this from cron to ingest to a SIEM.

    curl -s -k -d '{"model": "Event", "created":"1h"}' \
-H "Authorization: API_KEY" \
-H "Accept: application/json" \
-H "Content-type: application/json" \
-X POST https://misp/admin/logs \
 | jq '.[] .Log | {created, email, ip, action, description,title}'

    1

    tip 
    opened by cudeso 3
  • [TIP] Export galaxies

    [TIP] Export galaxies

    Category

    Select one: Misc

    Tags

    Add tags for the tip

    Tip

    Instead of https://www.misp-project.org/2020/07/31/MISP-galaxy-101.html/ https://twitter.com/MISPProject/status/1598243405020024832/photo/1

    tip 
    opened by cudeso 2
  • [TIP] Use 'Security.encryption_key' to encrypt authentication keys to access remote servers

    [TIP] Use 'Security.encryption_key' to encrypt authentication keys to access remote servers

    Category

    Administration

    Tags

    security hardening audit

    Tip

    sudo -H -u www-data /var/www/MISP/app/Console/cake Admin setSetting Security.encryption_key "key"

    tip 
    opened by cudeso 2
  • [TIP] Correlation exclusions to avoid noise

    [TIP] Correlation exclusions to avoid noise

    Category

    Select one: Administration | Threatintel | Misc

    Tags

    Add tags for the tip

    Tip

    Once added, you can execute the cleaning of the existing correlations

    tip 
    opened by cudeso 2
  • [TIP] Use feed correlation / lookup feature to query OSINT data without directly importing all event data

    [TIP] Use feed correlation / lookup feature to query OSINT data without directly importing all event data

    Category

    Select one: Threatintel

    Tags

    Feeds

    Tip

    To enable a feed for caching, check the enabled field to benefit automatically of the feeds in your local MISP instance. To allow other users of your MISP instance to benefit from this functionality, simply check the “lookup visible” checkbox.

    tip 
    opened by cudeso 2
  • [TIP] Use delegation to preserve the anonymity of the threat event author

    [TIP] Use delegation to preserve the anonymity of the threat event author

    Category

    Threatintel

    Tags

    opsec

    Tip

    Use the MISP Event Delegation feature to have events published by another organisations. This way you can guarantee the anonymity of the threat event author.

    tip 
    opened by cudeso 2
  • [TIP] Reporting security issues

    [TIP] Reporting security issues

    Category

    Select one: Misc

    Tags

    bugs vulnerability

    Tip

    MISP welcomes the reporting of security vulnerabilities for MISP or related project repositories. Contact CIRCL https://www.circl.lu/contact/ or have a look at https://www.misp-project.org/security/

    tip 
    opened by cudeso 1
  • [TIP] Custom CSS

    [TIP] Custom CSS

    Category

    Administration

    Tags

    UI

    Tip

    Download bootstrap.css from https://bootswatch.com/2/ Rename to theme name ('united.css') Copy to /var/www/MISP/app/webroot/css/ Set name MISP.custom_css

    tip 
    opened by cudeso 1
  • [TIP] pull filters gets tags from remote instance

    [TIP] pull filters gets tags from remote instance

    Category

    Select one: Administration

    Tags

    Add tags for the tip

    Tip

    Latest versions: when you setup pull filters, your instance will now attempt to contact the remote instance to retrieve a list of available tags

    tip 
    opened by cudeso 0
  • [TIP] Correlation limits

    [TIP] Correlation limits

    Category

    Select one: Threatintel

    Tags

    correlation pivoting

    Tip

    Correlations are extremely useful to highlight relations between threat events but they can also kill your environment. Use MISP.correlation_limit to limit correlations to a sane limit. Defaults to 100.

    tip 
    opened by cudeso 1
  • [TIP] Use Packer to automatically created MISP servers

    [TIP] Use Packer to automatically created MISP servers

    Category

    Administration

    Tags

    devops, install

    Tip

    Use Packer (via misp-packer : https://github.com/MISP/misp-packer) to build MISP machine images with just one command.

    tip 
    opened by cudeso 0
Owner
Koen Van Impe
Koen Van Impe
GitHub
Scripts to integrate DFIR-IRIS, MISP and TimeSketch

Scripts to integrate DFIR-IRIS, MISP and TimeSketch

Koen Van Impe 20 Dec 16, 2022
Tips that improve your life in one way or another

Tips that improve your life in one way or another. This software downloads life tips from reddit.com/r/LifeProTips and tweet the most upvoted tips on Twitter.

Burak Tokman 2 Aug 4, 2022
One Ansible Module for using LINE notify API to send notification. It can be required in the collection list.

Ansible Collection - hazel_shen.line_notify Documentation for the collection. ansible-galaxy collection install hazel_shen.line_notify --ignore-certs

Hazel Shen 4 Jul 19, 2021
A collection of examples of using cocotb for functional verification of VHDL designs with GHDL.

At the moment, this repo is in an early state and serves as a learning tool for me. So it contains a a lot of quirks and code which can be done much better by cocotb-professionals.

T. Meissner 7 Mar 10, 2022
A collection of common regular expressions bundled with an easy to use interface.

CommonRegex Find all times, dates, links, phone numbers, emails, ip addresses, prices, hex colors, and credit card numbers in a string. We did the har

Madison May 1.5k Dec 31, 2022
A collection of full-stack resources for programmers.

A collection of full-stack resources for programmers.

Charles-Axel Dein 22.3k Dec 30, 2022
This is the code of Python enthusiasts collection and written.

I am Python's enthusiast, like to collect Python's programs and code.

cnzb 35 Apr 18, 2022
A collection of modern themes for Tkinter TTK

ttkbootstrap A collection of modern flat themes inspired by Bootstrap. Also includes TTK Creator which allows you to easily create and use your own th

Israel Dryer 827 Jan 4, 2023
A collection of Workflows samples for various use cases

Workflows Samples Workflows allow you to orchestrate and automate Google Cloud and HTTP-based API services with serverless workflows.

Google Cloud Platform 76 Jan 7, 2023
Blender addons - A collection of Blender tools I've written for myself over the years.

gret A collection of Blender tools I've written for myself over the years. I use these daily so they should be bug-free, mostly. Feel free to take and

null 217 Jan 8, 2023
A Curated Collection of Awesome Python Scripts

A Curated Collection of Awesome Python Scripts that will make you go wow. This repository will help you in getting those green squares. Hop in and enjoy the journey of open source. ??

Prathima Kadari 248 Dec 31, 2022
A collection of python exercises to help your learning path!

How to use Step 1: run this command git clone https://github.com/TechPenguineer/Python-Exercises.git Step 2: Run this command cd Python-Exercises You

Tech Penguin 5 Aug 5, 2021
A collection of design patterns and idioms in Python (With tests!).

Python Patterns Help the project financially: Donate: https://smartlegion.github.io/donate/ Yandex Money: https://yoomoney.ru/to/4100115206129186 PayP

null 5 Sep 12, 2021
Attempt at creating organized collection of little handy snippets of code I'm receiving along the way

ChaosCode Attempt at creating organized collection of little handy snippets of code I'm receiving along the way I always considered coding and program

INFU 4 Nov 26, 2022
A collection of repositories used to realise various end-to-end high-level synthesis (HLS) flows centering around the CIRCT project.

circt-hls What is this?: A collection of repositories used to realise various end-to-end high-level synthesis (HLS) flows centering around the CIRCT p

null 29 Dec 14, 2022
Goddard A collection of small, simple strategies for Freqtrade

Goddard A collection of small, simple strategies for Freqtrade. Simply add the strategy you choose in your strategies folder and run. ⚠️ General Crypt

Shane Jones 118 Dec 14, 2022
Multtable is a collection of multiplication table generators in various languages.

Multtable Multtable is a collection of multiplication table generators in various languages. This project was created as a joke based on one of my bro

pollen__ 7 Mar 5, 2022
A collection of daily usage utility scripts in python. Helps in automation of day to day repetitive tasks.

Kush's Utils Tool is my personal collection of scripts which is used to automated daily tasks. It is a evergrowing collection of scripts and will continue to evolve till the day I program. This is also my first python project.

Kushagra 10 Jan 16, 2022
A collection of some leetcode challenges in python and JavaScript

Python and Javascript Coding Challenges Some leetcode questions I'm currently working on to open up my mind to better ways of problem solving. Impleme

Ted Ngeene 1 Dec 20, 2021