rommelfs
commented
7 years ago Please show me the config file at the line that starts with 'stopword'.
Closed carnak closed 7 years ago
rommelfs
commented
7 years ago Please show me the config file at the line that starts with 'stopword'.
carnak
commented
7 years ago I don't understand the question:
root@misp:/var/www/MISP/app/Config# ll total 76 drwxr-x--- 2 www-data www-data 4096 Jun 4 13:56 ./ drwxr-x--- 15 www-data www-data 4096 Jun 2 10:21 ../ -rwxr-x--- 1 www-data www-data 6512 Jun 2 10:16 bootstrap.default.php -rwxr-x--- 1 www-data www-data 6512 Jun 2 10:16 bootstrap.php -rwxr-x--- 1 www-data www-data 6973 Jun 2 10:16 config.default.php -rwxr-x--- 1 www-data www-data 3084 Jun 3 16:39 config.php -rwxr-x--- 1 www-data www-data 10323 Jun 2 10:16 core.default.php -rwxr-x--- 1 www-data www-data 10323 Jun 2 10:16 core.php -rwxr-x--- 1 www-data www-data 2541 Jun 2 10:16 database.default.php -rwxr-x--- 1 www-data www-data 2530 Jun 2 10:31 database.php -rwxr-x--- 1 www-data www-data 3002 Jun 2 10:16 email.php -rwxr-x--- 1 www-data www-data 2247 Jun 2 10:16 routes.php root@misp:/var/www/MISP/app/Config# grep stopword * root@misp:/var/www/MISP/app/Config#
Attached is config report MISP.report.json.txt
rommelfs
commented
7 years ago Please show me the line starting with 'stopword' in your mail_to_mips config file 'mail_to_misp_config.py'. According to your error log, this should be located at /usr/src/mail_to_misp/.
Thanks.
carnak
commented
7 years ago Wait.... I just reread your previous note
Will get the config to you momentarily
Thanks, Alan
On Jun 4, 2017, at 3:22 PM, Sascha Rommelfangen notifications@github.com wrote:
Please show me the line starting with 'stopword' in your mail_to_mips config file 'mail_to_misp_config.py'. According to your error log, this should be located at /usr/src/mail_to_misp/.
Thanks.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.
carnak
commented
7 years ago Sascha - I have:
stopword = config. stopword
on line 139
Thanks, Alan
On Jun 4, 2017, at 3:53 PM, alancz alancz@wowway.com wrote:
Wait.... I just reread your previous note
Will get the config to you momentarily
Thanks, Alan
On Jun 4, 2017, at 3:22 PM, Sascha Rommelfangen notifications@github.com wrote:
Please show me the line starting with 'stopword' in your mail_to_mips config file 'mail_to_misp_config.py'. According to your error log, this should be located at /usr/src/mail_to_misp/.
Thanks.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.
rommelfs
commented
7 years ago Ok, that is the line in the actual 'mail_to_misp.py' program which references the config file. Now please look into the config file 'mail_to_misp_config.py' and paste what's in there at the line that contains 'stopword'.
Thanks, Sascha
carnak
commented
7 years ago Gotcha... I see following:
stopword = b'Whois & IP Information"
Thanks, Alan
On Jun 4, 2017, at 4:35 PM, Sascha Rommelfangen notifications@github.com wrote:
Ok, that is the line in the actual 'mail_to_misp.py' program which references the config file. Now please look into the config file 'mail_to_misp_config.py' and paste what's in there at the line that contains 'stopword'.
Thanks, Sascha
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.
carnak
commented
7 years ago In addition, Plugin.Enrichment_whois_enabled is False currently
Thanks, Alan
On Jun 4, 2017, at 4:35 PM, Sascha Rommelfangen notifications@github.com wrote:
Ok, that is the line in the actual 'mail_to_misp.py' program which references the config file. Now please look into the config file 'mail_to_misp_config.py' and paste what's in there at the line that contains 'stopword'.
Thanks, Sascha
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.
rommelfs
commented
7 years ago Ok, so this is the old config format. It has changed in the meantime. Please git pull and start with a new config from the example that is delivered as part of this project.
Cheers, Sascha
Am 04.06.2017 um 23:49 schrieb carnak notifications@github.com:
Gotcha... I see following:
stopword = b'Whois & IP Information"
Thanks, Alan
On Jun 4, 2017, at 4:35 PM, Sascha Rommelfangen notifications@github.com wrote:
Ok, that is the line in the actual 'mail_to_misp.py' program which references the config file. Now please look into the config file 'mail_to_misp_config.py' and paste what's in there at the line that contains 'stopword'.
Thanks, Sascha
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.
rommelfs
commented
7 years ago I'm afraid there is no such thing as Plugin.Enrichment_whois_enabled in mail_to_misp.
Am 04.06.2017 um 23:52 schrieb carnak notifications@github.com:
In addition, Plugin.Enrichment_whois_enabled is False currently
Thanks, Alan
On Jun 4, 2017, at 4:35 PM, Sascha Rommelfangen notifications@github.com wrote:
Ok, that is the line in the actual 'mail_to_misp.py' program which references the config file. Now please look into the config file 'mail_to_misp_config.py' and paste what's in there at the line that contains 'stopword'.
Thanks, Sascha
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.
carnak
commented
7 years ago Will do - many thanks Sascha!
I will start on this in the morning
Thanks! Alan
On Jun 4, 2017, at 6:19 PM, Sascha Rommelfangen notifications@github.com wrote:
Ok, so this is the old config format. It has changed in the meantime. Please git pull and start with a new config from the example that is delivered as part of this project.
Cheers, Sascha
Am 04.06.2017 um 23:49 schrieb carnak notifications@github.com:
Gotcha... I see following:
stopword = b'Whois & IP Information"
Thanks, Alan
On Jun 4, 2017, at 4:35 PM, Sascha Rommelfangen notifications@github.com wrote:
Ok, that is the line in the actual 'mail_to_misp.py' program which references the config file. Now please look into the config file 'mail_to_misp_config.py' and paste what's in there at the line that contains 'stopword'.
Thanks, Sascha
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.
carnak
commented
7 years ago Not seeing much difference in my config file, compared to what's on git at the moment:
misp_url = 'YOUR_MISP_URL' misp_key = 'YOUR_KEY_HERE' # The MISP auth key can be found on the MISP web interface under the automation section misp_verifycert = True 11c11 < nameservers = ['208.67.222.222']
nameservers = ['149.13.33.69']
The email events are getting into MISP, and we can create the attributes from there.
Thanks, Alan
Hello - I have built a new instance of MISP, and am having following error message when running mail_to_misp.py:
0.74, dsn=5.3.0, status=bounced (Command died with status 1: "/usr/src/mail_to_misp/mail_to_misp.py". Command output: /usr/lib/python3/dist-packages/urllib3/connectionpool.py:794: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.org/en/latest/security.html InsecureRequestWarning) /usr/local/lib/python3.5/dist-packages/pymisp-2.4.71-py3.5.egg/pymisp/api.py:1493: DeprecationWarning: Call to deprecated function add_tag. def add_tag(self, event, tag, attribute=False): Traceback (most recent call last): File "/usr/src/mail_to_misp/mail_to_misp.py", line 181, in email_data = email_data.split(stopword, 1)[0] TypeError: Can't convert 'bytes' object to str implicitly )
Jun 3 00:33:02 misp postfix/cleanup[14702]: 67F7D4140C: message-id=<20170603003302.67F7D4140C@misp
Please advise how this can be overcome.
Thanks!