misp42splunk
misp42splunk copied to clipboard
remg427
A Splunk app to use MISP in background
I may be missing it, but I don't see how to add an attribute to that event via the Splunk adaptive response action (as one might within an ES notable)...
Thanks a lot for this great Splunk app. For all practical purposes, it seems "last" should be matching the event's "timestamp" and not "published_timestamp". For example currently, if I setup...
We get the following error when using the misp42 Splunk App: "/splunk/etc/apps/misp42splunk/lib/splunklib/searchcommands/search_command.py", line 291 : field larger than field limit (10485760) ". Are there Limitations for the 'mispsearch' and other...
Hi, when using mispfetch.py to fetch FIRST MISP IOC (https://misp.first.org/events/restSearch), I get the following message in misp42splunk.log and the IOC cannot be fetched successfully, can someone tell me how can...
Should the misp_time field be working for both attributes (on existing events) and new events? Background: we receive Splunk logs as typosquatting domains are discovered. We then push these to...
We recently started receiving errors like the following. I believe this started when we updated to misp42splunk 4.2.2 ``` | mispcollect misp_instance=MISP_xxxx eventid=9999 [MC503] DEBUG urlib3 POST request failed error=Expecting...
Hi all, we receive this error if we do this query (masked): |mispgetioc last=30d type="yyy" misp_instance=XXXX No such file or directory url=https://misp.xxx.xx/attributes/restSearch body={'last': '30d', 'returnFormat': 'json', 'withAttachments': False, 'includeEventUuid': True,...
We are having an issue where vendors/intel sources that create custom Galaxies in MISP are not displaying properly in Splunk. The galaxy will show in the "misp_tag" field but it...
Can you help to find, how i can create a local tag in misp from splunk. currently from the splunk search i am able to make global tag into misp...
When you try to connect to MISP instance and there is connection error, instead of showing error message there is error in code that tries to show "r" response of...
