MISP
/
misp-book
mirror of https://github.com/MISP/misp-book
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [new] Added quick FAQ (WiP) and Requirements draft.

pull/133/head
Steve Clement 2018-10-29 16:28:16 +09:00
parent 2dccb001ec
commit 9f1b1ce49a
3 changed files with 45 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
SUMMARY.md
View File

@ -2,6 +2,7 @@
* [Book Convention](book-convention/README.md) * [Book Convention](book-convention/README.md)
* [Quick Start](quick-start/README.md) * [Quick Start](quick-start/README.md)
* [Requirements](requirements/README.md)
* [Get Your Instance](get-your-instance/README.md) * [Get Your Instance](get-your-instance/README.md)
* [General Layout](general-layout/README.md) * [General Layout](general-layout/README.md)
* [General Concepts](general-concepts/README.md) * [General Concepts](general-concepts/README.md)
@ -24,4 +25,5 @@
* [Synchronisation/Sharing](sharing/README.md) * [Synchronisation/Sharing](sharing/README.md)
* [ZeroMQ - MISP publish-subscribe](misp-zmq/README.md) * [ZeroMQ - MISP publish-subscribe](misp-zmq/README.md)
* [Translations - i18n & l10n](translation/README.md) * [Translations - i18n & l10n](translation/README.md)
* [FAQ](faq/README.md)
* [Appendices](appendices/README.md) * [Appendices](appendices/README.md)

17
faq/README.md Normal file
View File

@ -0,0 +1,17 @@
# Frequently Asked Questions
The following page hosts most frequently asked questions as seen on our [issues](https://github.com/MISP/issues) and [gitter](https://gitter.im/MISP/MISP).
## permission issues
https://misp.github.io/MISP/INSTALL.ubuntu1804/#5-set-the-permissions
fig1
## Update MISP fails
fig2
### error: pathspec 'app/composer.json' did not match any file(s) known to git
This is not an error and can be ignore. Nothing will be impacted by this.

26
requirements/README.md Normal file
View File

@ -0,0 +1,26 @@
# MISP Instance requirements
## Intro
There are various ways you can run a MISP instance.
- Virtualized with docker/ansible/packer etc
- VMware/Virtualbox/Xen etc
- Dedicated hardware
- Road warrior setups
- Air-gapped setups
Whilst there is never an ultimate answer to what specifications a system needs, we try to give an approximate answer depending on your use case.
## The biggie
Having millions of events with millions of attributes (indicators) will eventually result in sub-par performance.
Ideally you have millions of attributes and thousands of events. But this also depends on how you ingest the data.
With millions of attributes a bottleneck could be the correlation engine.
Especially if you have many duplicates in your events. (Use the feed matrix to see if feeds are massively overlapping)
### Tool assisted sizing
During a hackathon [misp-sizer](https://www.misp-project.org/MISP-sizer/) was conceived. ([code](https://github.com/MISP/MISP-sizer))
This can give you a very rough estimate and needs some more [improvements](https://github.com/MISP/MISP-sizer/issues).