csp icon indicating copy to clipboard operation
csp copied to clipboard

Published 20 hours ago verified publisher icon melicertes

CSP - MISP exchange issues

Open iglocska opened this issue 5 years ago • 1 comments

Noticed several issues with the exchange via CSP to MISP:

  • Events arrive unpublished, meaning that my partners are not protected using my shared data. This also encourages tampering with shared data to get them published
  • Occasionally data doesn't get synchronised / updated. We could not figure out what triggers the behaviour during the training.
  • Revocations are not synchronised
  • Sharing groups get partially synchronised
  • We had cases where sharing groups were synchronised to instances that were not eligible for the contents via CSP

iglocska avatar Jun 04 '19 17:06 iglocska

The last one is really nasty. Imagine the following situation:

Create a trust circle, for example to make something random up, a belgacom incident that involves belgium, luxembourg, cert-eu, nato - and suddenly once we share any data to this trust circle, everyone knows about the sharing group's name and participants.

iglocska avatar Jun 05 '19 08:06 iglocska