MISP
/
misp-book
mirror of https://github.com/MISP/misp-book
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [faq] Update README.md to include blocking attachment

main
Sami Mokaddem 2024-09-25 15:45:58 +02:00 committed by GitHub
parent f9c7644b95
commit 36f870a77f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
faq/README.md
View File

@ -922,6 +922,18 @@ Created symlink from /etc/systemd/system/multi-user.target.wants/php73-php-fpm.s
A galaxy can be assigned like a tag. You can use the add tag function and copy the full conntector-tag. Example `misp-galaxy:ransomware=“Locky”`, which can be found in `/galaxy_clusters/view/` A galaxy can be assigned like a tag. You can use the add tag function and copy the full conntector-tag. Example `misp-galaxy:ransomware=“Locky”`, which can be found in `/galaxy_clusters/view/`
## How to block attachment (and malware-sample) to be ingested
For that, we'll use the Import Regex feature in MISP.
1. Got to `/regexp/admin_index` (In the UI under Input Fulters -> Import Regexp)
2. Create a new import Regex `/admin/regexp/add`
- Regexp: `/^.$/i`
- Note: If you want to only allow specific file extensions, you can use a regex a similar regex (in this case, we only allow .png attachment): `/^.*\.(?!png)[^.]+$/i`
- Replacement: `[Leave the field empty]` (Leaving the field empty will prevent that value to be saved)
- Select the checkboxes `attachment` and `malware-sample`
3. From that point onward, users will still be able to add attachement but they won't be accepted by the system anymore.
- Note: If you allowed specific file extensions, only file ending with the provided extension will be accepted. Please, bear in mind that it only looks at the filename and skip MIME checks alltogether.
## Updating PHP from 7.2 to 7.4.5 on Ubuntu 18.04 ## Updating PHP from 7.2 to 7.4.5 on Ubuntu 18.04
### Installation ### Installation