hkelley

I think the issue is that the app update wiped out our API key. Resetting it in the app configuration seemed to fix it. headers['Authorization'] = config['misp_key']

We had been using the previous version on Splunk cloud. The new version works like the previous version now that we have updated the API key. I don't recall having...

At the risk of stating the obvious, I'd start with a very simple side-by-side troubleshooting with a command like this from the Splunk search: ``` | mispcollect misp_instance= eventid="9999" endpoint="events"...

@J1mb0S1ic3 , we don't use a client cert, just an auth key. 

Yes, this would be helpful, particularly the update to misp_last_seen. We often see the same indicator over many different days. I would like to be able to update the `misp_last_seen`...

Any updates here? I have the same scenario. We have inserted our RFC1918 network into the GeoLite2-City.mmdb DB and would like to use these with geoip .

I have roughed out some code in Go to merge our RFC1918 addresses into the MMDB files. I did this with a plan to use them in @robcowart 's Elastiflow...

Yes, I'm using a test with only a snippet lifted from [20_filter_90_post_process.logstash.conf](https://github.com/robcowart/elastiflow/blob/e192c9288263936cea86981a967432a4b471ee8a/logstash/elastiflow/conf.d/20_filter_90_post_process.logstash.conf). ``` geoip { source => "[source][ip]" database => "${ELASTIFLOW_GEOIP_DB_PATH:/etc/logstash/elastiflow/geoipdbs}/GeoLite2-City.mmdb" cache_size => "${ELASTIFLOW_GEOIP_CACHE_SIZE:8192}" target => "[metadata][geoip_src]" fields => [...

@jorritfolmer , I'm not very well-equipped either (I don't really do Splunk development, I just badly needed the OAuth support for this TA). However, if there is no other caretaker...

Microsoft has set a date of October 2022. ``` Today, we are announcing that, effective October 1, 2022, we will begin to permanently disable Basic Auth in all tenants, regardless...