Hello everyone.
After creating an API key from the misp web gui with the administrator account and adding on splunk the instance of my MISP, I tried to use the command
I will preface this by saying that on the misp I created some example events, so I confirm that the event with ID=5 exists.
Would anyone be able to explain why?
I have tried both unflagging the "Check MISP certificate" and "Use a client certificate" items but nothing changes, on the contrary, when the second item is flagged when I perform a search I get the error:
"External search command 'mispgetevent' returned error code 1. Script output = "error_message=Exception at "/opt/splunk/etc/apps/misp42splunk/bin/misp_common.py", line 127 : [MC-PC-E05] client_cert_full_path file at /home/docker-misp/ssl/cert.pem not readable "."
The strange thing is that trying to use command like this from the server where the app for splunk misp42 is installed:
curl --header "Authorization: AUTHKEY" \
--header "Accept: application/json" \
--header "Content-Type: application/json" https://misminstance.com -k (-k because without it I got an SSL error)
I can get all the information, but on MISP platform I see "never" under "last used" column referring on that specific key. Strange, since I had used it a few seconds earlier with the command line command...
Hello everyone. After creating an API key from the misp web gui with the administrator account and adding on splunk the instance of my MISP, I tried to use the command
| mispgetevent misp_instance=default_misp eventid=5but the result was as follows:
[MC306] DEBUG urlib3 POST request failed url=https://[my_MISP_domain_name]/events/restSearch, verify=True, header={'Content-type': 'application/json', 'Authorization': '[my_API_key]', 'Accept': 'application/json', 'host': '[my_MISP_domain_name]'}'body={'eventid': '5', 'returnFormat': 'json', 'withAttachments': False, 'page': 1, 'limit': 1000}I will preface this by saying that on the misp I created some example events, so I confirm that the event with ID=5 exists. Would anyone be able to explain why? I have tried both unflagging the "Check MISP certificate" and "Use a client certificate" items but nothing changes, on the contrary, when the second item is flagged when I perform a search I get the error:
"External search command 'mispgetevent' returned error code 1. Script output = "error_message=Exception at "/opt/splunk/etc/apps/misp42splunk/bin/misp_common.py", line 127 : [MC-PC-E05] client_cert_full_path file at /home/docker-misp/ssl/cert.pem not readable "."The strange thing is that trying to use command like this from the server where the app for splunk misp42 is installed: curl --header "Authorization: AUTHKEY" \ --header "Accept: application/json" \ --header "Content-Type: application/json" https://misminstance.com -k (-k because without it I got an SSL error)
I can get all the information, but on MISP platform I see "never" under "last used" column referring on that specific key. Strange, since I had used it a few seconds earlier with the command line command...
Any advice?