search

MISP / misp-galaxy

Clusters and elements to attach to MISP events or attributes (like threat actors)
https://misp-galaxy.org/
Other
513 stars 257 forks source link

Issue regarding creating galaxy #832

Closed eagerwolverine closed 1 year ago

eagerwolverine commented 1 year ago

Hey I'm trying to create the new galaxies on the MISP platform. I'm currently running my misp instance on microsoft azure on the student's free $100 free trial.

So the issue I'm facing is that I'm not able to create the new galaxies on MISP platform and alongside with it when I tried to import the galaxies in json format it's saying that " Could not import galaxy clusters. 0 imported, 0 ignored, 8 failed. Galaxy not found, Galaxy not found, Galaxy not found, Galaxy not found, Galaxy not found, Galaxy not found, Galaxy not found, Galaxy not found " the galaxy name is 'attck4fraud - Principles of MITRE ATT&CK in the fraud domain"

Also whenever I'm trying to import it's also giving an error of "You don't have permission to access '/galaxies/import'." Even when I'm logged in as an admin.

So please suggest a way to create and import galaxy.

cvandeplas commented 1 year ago

The import galaxy on the webpage is to import a Galaxy file that was generated by the MISP Web UI itself. It is not meant to import a Galaxy in the MISP-Galaxy format. (ok, this might sound a bit confusing)

If you want to add your own galaxy, just copy both json files to /var/www/MISP/app/files/misp-galaxy/clusters and /var/www/MISP/app/files/misp-galaxy/galaxies . Then go in the webinterface and press the "update galaxies" button.

All this is documented in the MISP-book

cvandeplas commented 1 year ago

I've clarified the webui in commit https://github.com/MISP/MISP/commit/74b9d62dc7202d16e7e569086c2e1b509d92f79e

eagerwolverine commented 1 year ago

How am I supposed to copy my json files to the location specified by you as I am using MISP instance that's setup on azure cloud using putty as ssh So please suggest a way to do so.. And also I setup by installing docker first so please tell me if it does make any difference.

Thank you in advance!

cvandeplas commented 1 year ago

SSH also allows file transfer. On Microsoft Windows WinSCP is a popular file transfer program that supports SSH.

eagerwolverine commented 1 year ago

ok... So, let's say my present working directory on putty is "azureuser@demovm:~/misp-docker$"

So how and where am I supposed to copy the json file of the galaxy.. Can you provide some information regarding that. Since I've tried by creating custom directories but it's not working kindly help!

Thank you in advance.!

cvandeplas commented 1 year ago

For such support questions please resort to the available support channels. I believe to understand you are a student, so the free community support hosted on Gitter might be the best option to have interactive conversations with other users. https://www.misp-project.org/support/

cvandeplas commented 1 year ago

For such support questions please resort to the available support channels. I believe to understand you are a student, so the free community support hosted on Gitter might be the best option to have interactive conversations with other users. https://www.misp-project.org/support/