MISP list and HybridAnalysis question.

Question

MISP list and HybridAnalysis question.

DigiAngel opened this issue 5 years ago · comments

From the new munin.ini I see:

[MISP]
MISP_URL = 
MISP_API_KEY =

how do we create a list of MISP's? Is it:

MISP_URL = "link1, link2"
MISP_API_KEY = "key1, key2"

or

MISP_URL = link1
MISP_API_KEY = key1
MISP_URL = link2
MISP_API_KEY = key2

or something else? As for HA, I've not been able to get this to work...per munin.ini:

PAYLOAD_SEC_API_KEY = 
PAYLOAD_SEC_API_SECRET =

however with 2.0 api there doesn't appear to be a secret anymore:
link

Thank you....I really love this app!

Florian Roth · Answer 1 · Thu May 23 2019 23:52:34 GMT+0800 (China Standard Time)

Yes, a list like

MISP_URLS = ['https://misppriv.circl.lu', 'https://misp.my.sys']

Same counts for the API Keys

I have to check the HA issue. I've created an API KEY a long time ago.

DigiAngel · Answer 2 · Thu May 23 2019 23:54:08 GMT+0800 (China Standard Time)

Brilliant thank you!

DigiAngel · Answer 3 · Fri May 24 2019 19:06:16 GMT+0800 (China Standard Time)

Hrmm...doing a debug gets me this even with just using one url/key:

Traceback (most recent call last):
  File "/usr/lib/python3.6/configparser.py", line 789, in get
    value = d[option]
  File "/usr/lib/python3.6/collections/__init__.py", line 883, in __getitem__
    return self.__missing__(key)            # support subclasses that define __missing__
  File "/usr/lib/python3.6/collections/__init__.py", line 875, in __missing__
    raise KeyError(key)
KeyError: 'misp_urls'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "munin.py", line 1412, in <module>
    MISP_URLS = ast.literal_eval(config.get('MISP', 'MISP_URLS'))
  File "/usr/lib/python3.6/configparser.py", line 792, in get
    raise NoOptionError(option, section)
configparser.NoOptionError: No option 'misp_urls' in section: 'MISP'

Florian Roth · Answer 4 · Fri May 24 2019 20:49:00 GMT+0800 (China Standard Time)

Are you sure?
Please check for typos in the key name.

It has to look like this:

[MISP]
# URL and API Key combinations
MISP_URLS = ['https://misppriv.circl.lu']
MISP_AUTH_KEYS = ['kxkxkxkkxkxkxkxkxk']

DigiAngel · Answer 5 · Fri May 24 2019 21:34:49 GMT+0800 (China Standard Time)

Aye...here's a screenshot :)

Florian Roth · Answer 6 · Sat May 25 2019 00:09:16 GMT+0800 (China Standard Time)

There's a "S" missing in the config.
It should be MISP_URLS in the new schema. It falls back to the old format, because it finds only MISP_URL and then treats it as string and not as list.

Also, I recommend using your own config file, like -i angel.ini because munin.ini will be overwritten with every pull from the repo.

DigiAngel · Answer 7 · Sat May 25 2019 00:18:07 GMT+0800 (China Standard Time)

MISP issues was fixed thanks to @Neo23x0 ...had to validate the MISP changes in the ini file.