mokaddem
commented
5 years ago Hello @cbboggs!
Thanks for the great feedback and your debugging session. It is much appreciated!
I added a note about it in the README.md and updated the web interface to display a message if the login page is empty.
Your suggestion regarding the automated check is relevant. However, it is not practical as the misp-dashboard has no access to MISP itself, and moreover this setting may change over time.
We could detect if the key audit is there from time to time, but I feel like it's a bit over-engineering the problem and a simple message could do the trick.
Thank you!
Not sure if it's specific to a version of MISP (we are currently running v2.4.106) but our Users section of the dashboard wasn't working.. it would show sightings in the "overtime" chart, but no logins were present, in any of the charts.
After debugging a bit and looking through the zmq and dashboard code - it was apparent that (maybe due to a MISP update) login events were no longer sent with the "user" category, but with the "audit" category. There is even a comment in zmq_dispatcher.py referencing this change. However, this setting was apparently disabled in our MISP instance (Plugin.ZeroMQ_audit_notifications_enable = false).
I enabled that setting and the Users dashboard started populating properly.
I'm not sure if that setting is a MISP default or was added and defaulted to false because of an update. I suppose it might be good to add a note regarding this to the readme, or maybe automate a check of the setting in the install_dependencies script?