Closed mmeyer21 closed 3 years ago
Hi, I am working on it. I would like to clarify. In your context you have installed several instance of the app with different app names? misp_dev, misp_staging, misp_prod? and you want to use the proper instances defined in each of them from anywhere in splunk. That's why it is better to use rest that return all stanza when config file only return stanza from misp42splunk as this is hard coded in 4.0.0 and earlier.
so indeed rest is cleaner and will adapt to different situation. thank you for your prototype I am using misp_instances = splunklib.data.load(response.body.read())['feed']['entry'] on my env app_config = instance.get('content') does not work but I copy directly from instance dict; it is OK
I still need to check for proxy settings and when calling from alert action and should push to github first beginning of next week. hope this fine and thanks again for using misp42 looking forward to getting other feed back
Hi, thank you for your quick response. We would like to use your app as delivered from github or splunkbase. In addtion we have several versions of an config app with different names one per stage (for example misp_dev, mosp_staging, misp_prod). This apps only contain url, api_keys etc. for different misp_instances. Your app should be able to use misp_instances out of another app to get this work.
I`m looking forward hearing regarding this issue again.
see latest package 4.0.1 that implements your solution for stanza settings. I wanted to do the same for proxy but for the moment it works with config file
is fixed in 4.0.1
Hi there,
in my environment we are bound to use different stages. That is why we need to configure different misp_instances per stage. To get that done we are using different apps per stage added to this great app for interacting with misp. The configuration dashboard is working quite well in this constellation. To get the custom commands running, i needed to change the prepare_config in misp_common.py.
I changed it from relying on a /local/*conf-File to using REST (like in Config-Dashboard). Unfortunately i did not test it with cert_file or proxy_settings.
Sample code: