From 9f1b1ce49afb1f5d9bf64e1d400b3e5ba30551d3 Mon Sep 17 00:00:00 2001 From: Steve Clement Date: Mon, 29 Oct 2018 16:28:16 +0900 Subject: [PATCH] chg: [new] Added quick FAQ (WiP) and Requirements draft. --- SUMMARY.md | 2 ++ faq/README.md | 17 +++++++++++++++++ requirements/README.md | 26 ++++++++++++++++++++++++++ 3 files changed, 45 insertions(+) create mode 100644 faq/README.md create mode 100644 requirements/README.md diff --git a/SUMMARY.md b/SUMMARY.md index 646b020..935e903 100755 --- a/SUMMARY.md +++ b/SUMMARY.md @@ -2,6 +2,7 @@ * [Book Convention](book-convention/README.md) * [Quick Start](quick-start/README.md) +* [Requirements](requirements/README.md) * [Get Your Instance](get-your-instance/README.md) * [General Layout](general-layout/README.md) * [General Concepts](general-concepts/README.md) @@ -24,4 +25,5 @@ * [Synchronisation/Sharing](sharing/README.md) * [ZeroMQ - MISP publish-subscribe](misp-zmq/README.md) * [Translations - i18n & l10n](translation/README.md) +* [FAQ](faq/README.md) * [Appendices](appendices/README.md) diff --git a/faq/README.md b/faq/README.md new file mode 100644 index 0000000..d0961d3 --- /dev/null +++ b/faq/README.md @@ -0,0 +1,17 @@ +# Frequently Asked Questions + +The following page hosts most frequently asked questions as seen on our [issues](https://github.com/MISP/issues) and [gitter](https://gitter.im/MISP/MISP). + +## permission issues + +https://misp.github.io/MISP/INSTALL.ubuntu1804/#5-set-the-permissions +fig1 + +## Update MISP fails + +fig2 + +### error: pathspec 'app/composer.json' did not match any file(s) known to git + +This is not an error and can be ignore. Nothing will be impacted by this. + diff --git a/requirements/README.md b/requirements/README.md new file mode 100644 index 0000000..2180ffa --- /dev/null +++ b/requirements/README.md @@ -0,0 +1,26 @@ +# MISP Instance requirements + +## Intro + +There are various ways you can run a MISP instance. + +- Virtualized with docker/ansible/packer etc +- VMware/Virtualbox/Xen etc +- Dedicated hardware +- Road warrior setups +- Air-gapped setups + +Whilst there is never an ultimate answer to what specifications a system needs, we try to give an approximate answer depending on your use case. + +## The biggie + +Having millions of events with millions of attributes (indicators) will eventually result in sub-par performance. +Ideally you have millions of attributes and thousands of events. But this also depends on how you ingest the data. +With millions of attributes a bottleneck could be the correlation engine. +Especially if you have many duplicates in your events. (Use the feed matrix to see if feeds are massively overlapping) + +### Tool assisted sizing + +During a hackathon [misp-sizer](https://www.misp-project.org/MISP-sizer/) was conceived. ([code](https://github.com/MISP/MISP-sizer)) +This can give you a very rough estimate and needs some more [improvements](https://github.com/MISP/MISP-sizer/issues). +