munin icon indicating copy to clipboard operation
munin copied to clipboard

Published 20 hours ago verified publisher icon Neo23x0

MISP list and HybridAnalysis question.

Open DigiAngel opened this issue 5 years ago • 7 comments

From the new munin.ini I see:

[MISP]
MISP_URL = 
MISP_API_KEY =

how do we create a list of MISP's? Is it:

MISP_URL = "link1, link2"
MISP_API_KEY = "key1, key2"

or

MISP_URL = link1
MISP_API_KEY = key1
MISP_URL = link2
MISP_API_KEY = key2

or something else? As for HA, I've not been able to get this to work...per munin.ini:

PAYLOAD_SEC_API_KEY = 
PAYLOAD_SEC_API_SECRET =

however with 2.0 api there doesn't appear to be a secret anymore: link

Thank you....I really love this app!

DigiAngel avatar May 23 '19 12:05 DigiAngel

Yes, a list like

MISP_URLS = ['https://misppriv.circl.lu', 'https://misp.my.sys']

Same counts for the API Keys

I have to check the HA issue. I've created an API KEY a long time ago.

Neo23x0 avatar May 23 '19 15:05 Neo23x0

Brilliant thank you!

DigiAngel avatar May 23 '19 15:05 DigiAngel

Hrmm...doing a debug gets me this even with just using one url/key:

Traceback (most recent call last):
  File "/usr/lib/python3.6/configparser.py", line 789, in get
    value = d[option]
  File "/usr/lib/python3.6/collections/__init__.py", line 883, in __getitem__
    return self.__missing__(key)            # support subclasses that define __missing__
  File "/usr/lib/python3.6/collections/__init__.py", line 875, in __missing__
    raise KeyError(key)
KeyError: 'misp_urls'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "munin.py", line 1412, in <module>
    MISP_URLS = ast.literal_eval(config.get('MISP', 'MISP_URLS'))
  File "/usr/lib/python3.6/configparser.py", line 792, in get
    raise NoOptionError(option, section)
configparser.NoOptionError: No option 'misp_urls' in section: 'MISP'

DigiAngel avatar May 24 '19 11:05 DigiAngel

Are you sure? Please check for typos in the key name.

It has to look like this:

[MISP]
# URL and API Key combinations
MISP_URLS = ['https://misppriv.circl.lu']
MISP_AUTH_KEYS = ['kxkxkxkkxkxkxkxkxk']

Neo23x0 avatar May 24 '19 12:05 Neo23x0

Aye...here's a screenshot :) 2019-05-24 07_31_19-zone-y

DigiAngel avatar May 24 '19 13:05 DigiAngel

There's a "S" missing in the config. It should be MISP_URLS in the new schema. It falls back to the old format, because it finds only MISP_URL and then treats it as string and not as list.

Also, I recommend using your own config file, like -i angel.ini because munin.ini will be overwritten with every pull from the repo.

Neo23x0 avatar May 24 '19 16:05 Neo23x0

MISP issues was fixed thanks to @Neo23x0 ...had to validate the MISP changes in the ini file.

DigiAngel avatar May 24 '19 16:05 DigiAngel