Merge remote-tracking branch 'upstream/master'

pull/150/head
Steve Clement 2019-04-12 18:53:28 +09:00
commit 20c4e1cb0d
3 changed files with 60 additions and 2 deletions

View File

@ -6,6 +6,7 @@
| --- |:---:|:---:|:---:|:---:|:---:|:---:|
|AS| | | | X | | |
|aba-rtn| | | | | X | |
|anonymised| X | X | X | X | X | X |
|attachment| X | X | | X | | |
|authentihash| | X | | | | |
|bank-account-nr| | | | | X | |
@ -166,6 +167,7 @@
| --- |:---:|:---:|:---:|:---:|:---:|:---:|
|AS| X | | X | | | |
|aba-rtn| | | | | | |
|anonymised| X | X | X | X | X | X |
|attachment| X | | X | X | | |
|authentihash| | | X | X | | |
|bank-account-nr| | | | | | |
@ -326,6 +328,7 @@
| --- |:---:|:---:|:---:|:---:|
|AS| | | | |
|aba-rtn| | | | |
|anonymised| X | X | X | X |
|attachment| | | X | |
|authentihash| | | | |
|bank-account-nr| | | | |
@ -506,6 +509,7 @@
* **AS**: Autonomous system
* **aba-rtn**: ABA routing transit number
* **anonymised**: Anonymised value - described with the anonymisation object via a relationship
* **attachment**: Attachment with external information
* **authentihash**: Authenticode executable signature hash
* **bank-account-nr**: Bank account number without any routing number

View File

@ -193,6 +193,58 @@ There is a server setting to treat all incoming tags as hidden by default: `MISP
**Important** Make sure that you don't remove "tag editor" from sync users, or you'll be stripping tags from synchronized data.
## How to enable the csv import module?
First you have to enable the import services: double-click on "false" in the very first line and change it to "true".
In Server Settings & Maintenance -> Plugin Settings -> Import -> set "Plugin.Import_csvimport_enabled" to true.
Afterwards you'll find the csvimport from within the newly created event: "Populate from..."
Don't use from the main site ("Import from...").
## Why do I see 'The request has been black-holed' when I submit forms?
That's a security measure for form tampering protection.
All forms have a timeout (~15min) and all of them can only be submitted once. If you use your browser's "back" button and resubmit the form MISP will consider it as a potential attempt at form tampering.
## Importing large feeds creates PHP Fatal error
When importing a large feed like the CIRCL feed, the job reaches 99% and then fails.
The log file records:
```
PHP Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 1941504 bytes) in /var/www/MISP/app/Model/Feed.php on line 691
```
In this case you will need to increase the memory_limit option in `php.ini` file
## config.php is not writeable
```
Warning: app/Config/config.php is not writeable. This means that any setting changes made here will NOT be saved.
```
According to the install guide, make sure to:
```
chown -R apache:apache /var/www/MISP
find /var/www/MISP -type d -exec chmod g=rx {} \;
chmod -R g+r,o= /var/www/MISP
```
If it still doesn't work, make sure SELinxu is not enabled or modify the rule set:
```
chcon -t httpd_sys_rw_content_t /var/www/MISP/app/files
chcon -t httpd_sys_rw_content_t /var/www/MISP/app/files/terms
chcon -t httpd_sys_rw_content_t /var/www/MISP/app/files/scripts/tmp
chcon -t httpd_sys_rw_content_t /var/www/MISP/app/Plugin/CakeResque/tmp
chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/tmp
chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/webroot/img/orgs
chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/webroot/img/custom
```
<!--
Comment Place Holder
-->

View File

@ -2,8 +2,10 @@
And Justice for All! -->
# Quick Start
The Malware Information Sharing Platform (MISP) tool facilitates the exchange of Indicators of Compromise (IOCs) about targeted malware and attacks, within your community of trusted members. MISP is a distributed IOC database containing technical and non-technical information. Exchanging such information should result in faster detection of targeted attacks and improve the detection ratio, whilst also reducing the number of false positives.
With the focus on automation and standards, MISP provides you with a powerful API via PyMISP, jump ahead to these chapters to get started.
MISP (Open Source Threat Intelligence and Sharing Platform) software facilitates the exchange and sharing of threat intelligence, Indicators of Compromise (IOCs) about targeted malware and attacks, financial fraud or any intelligence within your community of trusted members. MISP sharing is a distributed model containing technical and non-technical information which can be shared within closed, semi-private or open communities. Exchanging such information should result in faster detection of targeted attacks and improve the detection ratio, whilst also reducing the number of false positives.
With the focus on automation and standards, MISP provides you with a powerful ReST API, extensibility (via misp-modules) or additional libraries such as PyMISP, jump ahead to these chapters to get started.
## Login into MISP