Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dashboard not showing results #158

Open
woodonggyu opened this issue May 25, 2021 · 2 comments
Open

Dashboard not showing results #158

woodonggyu opened this issue May 25, 2021 · 2 comments

Comments

@woodonggyu
Copy link

Currently, I can access misp-dashboard.
but when did something (ex. add event), misp-dashboard not showing any results.

The settings are as follows.

in. config.cfg

[Auth]
auth_enabled = False
misp_fqdn = https://192.168.22.128
ssl_verify = False
session_secret = **Change_Me**
\# Only send cookies with requests over HTTPS if the cookie is marked secure.
session_cookie_secure = False

in. MISP ZeroMQ settings (+ installed pyzmq)

Optional | Plugin.ZeroMQ_enable | true | Enables or disables the pub/sub feature of MISP. Make sure that you install the requirements for the plugin to work. Refer to the installation instructions for more information. |  
Optional | Plugin.ZeroMQ_port | 50000 | The port that the pub/sub feature will use. |  
Optional | Plugin.ZeroMQ_username |   | The username that client need to use to connect to ZeroMQ. | Value not set.
Optional | Plugin.ZeroMQ_password |   | The password that client need to use to connect to ZeroMQ. | Value not set.
Optional | Plugin.ZeroMQ_redis_host | redis | Location of the Redis db used by MISP and the Python PUB script to queue data to be published. |  
Optional | Plugin.ZeroMQ_redis_port | 6379 | The port that Redis is listening on. |  
Optional | Plugin.ZeroMQ_redis_password |   | The password, if set for Redis. | Value not set.
Optional | Plugin.ZeroMQ_redis_database | 1 | The database to be used for queuing messages for the pub/sub functionality. |  
Optional | Plugin.ZeroMQ_redis_namespace | mispq | The namespace to be used for queuing messages for the pub/sub functionality. |  
Optional | Plugin.ZeroMQ_include_attachments | true | Enable this setting to include the base64 encoded payloads of malware-samples/attachments in the output. |  
Optional | Plugin.ZeroMQ_event_notifications_enable | true | Enables or disables the publishing of any event creations/edits/deletions. |  
Optional | Plugin.ZeroMQ_object_notifications_enable | true | Enables or disables the publishing of any object creations/edits/deletions. |  
Optional | Plugin.ZeroMQ_object_reference_notifications_enable | true | Enables or disables the publishing of any object reference creations/deletions. |  
Optional | Plugin.ZeroMQ_attribute_notifications_enable | true | Enables or disables the publishing of any attribute creations/edits/soft deletions. |  
Optional | Plugin.ZeroMQ_tag_notifications_enable | true | Enables or disables the publishing of any tag creations/edits/deletions as well as tags being attached to / detached from various MISP elements. |  
Optional | Plugin.ZeroMQ_sighting_notifications_enable | true | Enables or disables the publishing of new sightings to the ZMQ pubsub feed. |  
Optional | Plugin.ZeroMQ_user_notifications_enable | true | Enables or disables the publishing of new/modified users to the ZMQ pubsub feed. |  
Optional | Plugin.ZeroMQ_organisation_notifications_enable | true | Enables or disables the publishing of new/modified organisations to the ZMQ pubsub feed. |  
Optional | Plugin.ZeroMQ_audit_notifications_enable | true | Enables or disables the publishing of log entries to the ZMQ pubsub feed. Keep in mind, this can get pretty verbose depending on your logging settings.

What more can you doubt?
Thank you.
@woodonggyu
Copy link
Author

While looking for a problem, I found several suspicious problem.

The currently running environment is as follows.

  • MISP : localhost(192.168.22.128) running docker image (based coolacid)
  • Dashboard : localhost(192.168.22.128)

According to the link below, ZeroMQ uses localhost:50000 by default.
(ref. https://www.circl.lu/doc/misp/misp-zmq/)

so, Can't connect to ZeroMQ from zmq_subscriber.py.

How change ZeroMQ setting in MISP ? (like as access external)

    parser = argparse.ArgumentParser(description='A zmq subscriber. It subscribes to a ZMQ then redispatch it to the misp-dashboard')
    parser.add_argument('-n', '--name', required=False, dest='zmqname', help='The ZMQ feed name', default="MISP Standard ZMQ")
    parser.add_argument('-u', '--url', required=False, dest='zmqurl', help='The URL to connect to', default="tcp://localhost:50000")
    args = parser.parse_args()

When running diagnostic.py, The result is as follows.

✔ Virtual environment and packages
✔ Configuration
✔ File permission
✔ Redis
⠼ checking zmq of misp - elapsed time: 5s

in. config.cfg

[RedisGlobal]
host=192.168.22.128
port=6379
misp_web_url = https://192.168.22.128
misp_instances = [{
    "name": "misp",
    "url": "https://192.168.22.128",
    "zmq": "tcp://localhost:50000"}]

@mokaddem
Copy link
Contributor

mokaddem commented Jul 1, 2021

Hey,
Did you manage to solve your issue?
If not, what is the full output of the diagnostic.py?
Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mokaddem @woodonggyu