Comments (7)
iglocska
commented on June 20, 2024
Sorry, missclick, didn't mean to close the issue.
from misp-book.
adulau
commented on June 20, 2024
Indeed the misp-book is not up-to-date with the misp-modules documentation
For the definition of hover and expansion:
https://github.com/MISP/misp-modules#module-type
We will have a look to update misp-book asap.
from misp-book.
giray
commented on June 20, 2024
Yeah I found that piece of documentation, however, it does not explain HOW its being utilized within MISP itself. Currently I'm struggling with it not doing anything at all. I'd expect MISP to make calls to port 6666 where the misp-modules application is running. It is configured under Administration -> Server Settings -> Plugins -> Enrichment. However no calls. Hence I'm wondering if I'm doing something wrong on the user end ...
from misp-book.
iglocska
commented on June 20, 2024
The modules should always show up in the enrichment settings, the hover / enrichment options shouldn't matter. The only difference between the two is what MISP is allowed to use the modules for:
Hover: If this is enabled MISP will query the module when a user hovers over an attribute with a matching type with the module's input mispattributes.
Enrichment: If this is enabled the small "explosion" icon will show up in the actions field of each attribute when viewing an event that is eligible to be used by the enrichment (again using the input part of the mispattributes).
Is there any chance you could share the module that you're working on? I can test it and check what's going wrong.
from misp-book.
giray
commented on June 20, 2024
I'm using the current modules that come with misp-modules, so based on your description I do expect something to pop up when hovering over an IP address, as the example attribute below, though I don't see anything happening, and don't see a "explosion" icon. I have "Propose Edit", "Propose Delete", "Edit" and "Delete"
Payload delivery | ip-src | 142.122.37.211 | E-mail Source IP | Yes |Inherit | 0 (0)
from misp-book.
iglocska
commented on June 20, 2024
Hmph. Can you paste the output of misp modules when you start the system?
from misp-book.
giray
commented on June 20, 2024
sure ...
/opt/Intelligence/MISP/misp-modules# 2016-08-04 10:38:49,290 - misp-modules - INFO - Helpers loaded cache.py
2016-08-04 10:38:49,291 - misp-modules - INFO - MISP modules cve imported
2016-08-04 10:38:49,292 - misp-modules - INFO - MISP modules dns imported
2016-08-04 10:38:49,292 - misp-modules - INFO - MISP modules ipasn imported
2016-08-04 10:38:49,293 - misp-modules - INFO - MISP modules eupi imported
2016-08-04 10:38:49,296 - misp-modules - INFO - MISP modules passivetotal imported
2016-08-04 10:38:49,296 - misp-modules - INFO - MISP modules circl_passivedns imported
2016-08-04 10:38:49,297 - misp-modules - INFO - MISP modules sourcecache imported
2016-08-04 10:38:49,298 - misp-modules - INFO - MISP modules asn_history imported
2016-08-04 10:38:49,298 - misp-modules - INFO - MISP modules circl_passivessl imported
2016-08-04 10:38:49,301 - misp-modules - INFO - MISP modules server started on localhost port 6666
from misp-book.
Related Issues (20)
- Lack of documentation regarding feeds / synchronisation HOT 4
- Document how to create a new dashboard widget
- Document relations / event graph
- Document event report functionality
- Document correlation exclusions functionality HOT 2
- Document what a NIDS SID is HOT 1
- Document includeCorrelations HOT 1
- Document syslog behavior especially priority and RHEL
- Document PHP developer debugging / troubleshooting techniques HOT 2
- Document decaying system
- Document correlation engine HOT 2
- Document existing dashboard widgets / usage
- Document warninglists checkValue functionality
- Create a "basic misp usage" section
- Update screenshots according to changes in top menu (v2.4.144)
- Document how to create simple scheduled job to trigger (pull) sync
- Rename Bro to zeek
- https://misp-project.org/MISP-sizer/ return not found HOT 1
- Workflow Module Error - Invalid argument supplied for foreach HOT 1
- Document local tagging permissions
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from misp-book.