Greetings, dear Turk Hack Team Members, Today I'll talk about "Misc-Dashboard".
Let's examine the important topics.
Overview Chart from Misp Samples
WHAT'S IT?
A dashboard showing live data and statistics of one or more MISP indicators. The dashboard can be used as a real-time tool for gathering intelligence data.
Misc-dashboard includes a tool that shows the contribution and time rankings of organizations and companies. These tables can also be used generally for SOCs (Security operations centers), security teams, or for some teams maintaining cyber practices, to monitor and track the integrity of operations ongoing.
IMPORTANT
MISP ZeroMQ plugin allows real-time integration of various events (event broadcast, feature creation or removal, Aiming) through a flexible publish-subscribe model. Configuration and setup are described in the MISP manual.
Actually, you need to enable Zeromq in various add-ons. Before doing this (if not done before) make sure there is PHP support for Redis. You can then take the necessary actions.
FEATURES
Live Indicator
+ To maintain subscription to multiple ZMQ feeds from different MISP instances,
+ Images can be analyzed live (geographic Iocations),
+ Shows the contributions and transactions made by the organizations and companies,
Geographical Positioning Dashboard
+ Getting geographically and historically local information to support security teams and similar teams to support CSIRTs or SOCs in detecting threats within their scanning zones.
+ Possibility to obtain geographical information from certain regions and provide threat control,,
Table of Contributors
Showing Options:
+ Monthly ranking of all organizations and companies,
+ Last contributing organization (dynamic updates)
+ Contribution level of all organizations
+ Each contribution category per organization
+ Current rank of selected organization (dynamic updates)
Includes:
+ Sandboxing of the platform:
+ Standings on two different levels, with unique icons
+ Special obtainable badges for source code contributors and donors,
Users Dashboard
+ It shows when and how the platform was used.
+ Contributions - entries - regulations etc.
+ Entry punchcard and contributions over time.
Trends Dashboard
+ Provides real-time information to support Security teams, CSIRTs or SOCs, showing current threats and activity,
+ Shows the times of seeing - showing and discussing,
+ Displays the most active events categories and labels, sequentially sorts and schematizes on the table,
Installation and General Details
Before the installation, I have to say that the only supported system is Linux and an open source Unix-like operating system.
Update the config.cfg config file to match your system.
Launch the ./install_dependencies.sh file from the MISP-Dashboard directory. (idempotent-ish)
- Parts that you can change:
+ RedisGlobal -> computer + RedisGlobal -> connection point
+ RedisGlobal -> zmq_url + RedisGlobal -> misp_web_url
Updating and Pulling Up
+ Re-update your config.cfg config file, detailing any possible changes to the config.cfg.default file.
+ Restart to refrésh new relations. - /install_dependencies.sh
+ Make sure that the zmq python3 scripts are not running. Otherwise, your update will be blocked and will fail.
Let's examine the important topics.
Overview Chart from Misp Samples
WHAT'S IT?
A dashboard showing live data and statistics of one or more MISP indicators. The dashboard can be used as a real-time tool for gathering intelligence data.
Misc-dashboard includes a tool that shows the contribution and time rankings of organizations and companies. These tables can also be used generally for SOCs (Security operations centers), security teams, or for some teams maintaining cyber practices, to monitor and track the integrity of operations ongoing.
IMPORTANT
MISP ZeroMQ plugin allows real-time integration of various events (event broadcast, feature creation or removal, Aiming) through a flexible publish-subscribe model. Configuration and setup are described in the MISP manual.
Actually, you need to enable Zeromq in various add-ons. Before doing this (if not done before) make sure there is PHP support for Redis. You can then take the necessary actions.
FEATURES
Live Indicator
+ To maintain subscription to multiple ZMQ feeds from different MISP instances,
+ Images can be analyzed live (geographic Iocations),
+ Shows the contributions and transactions made by the organizations and companies,
Geographical Positioning Dashboard
+ Getting geographically and historically local information to support security teams and similar teams to support CSIRTs or SOCs in detecting threats within their scanning zones.
+ Possibility to obtain geographical information from certain regions and provide threat control,,
Table of Contributors
Showing Options:
+ Monthly ranking of all organizations and companies,
+ Last contributing organization (dynamic updates)
+ Contribution level of all organizations
+ Each contribution category per organization
+ Current rank of selected organization (dynamic updates)
Includes:
+ Sandboxing of the platform:
+ Standings on two different levels, with unique icons
+ Special obtainable badges for source code contributors and donors,
Users Dashboard
+ It shows when and how the platform was used.
+ Contributions - entries - regulations etc.
+ Entry punchcard and contributions over time.
Trends Dashboard
+ Provides real-time information to support Security teams, CSIRTs or SOCs, showing current threats and activity,
+ Shows the times of seeing - showing and discussing,
+ Displays the most active events categories and labels, sequentially sorts and schematizes on the table,
Installation and General Details
Before the installation, I have to say that the only supported system is Linux and an open source Unix-like operating system.
Update the config.cfg config file to match your system.
Launch the ./install_dependencies.sh file from the MISP-Dashboard directory. (idempotent-ish)
- Parts that you can change:
+ RedisGlobal -> computer + RedisGlobal -> connection point
+ RedisGlobal -> zmq_url + RedisGlobal -> misp_web_url
Updating and Pulling Up
+ Re-update your config.cfg config file, detailing any possible changes to the config.cfg.default file.
+ Restart to refrésh new relations. - /install_dependencies.sh
+ Make sure that the zmq python3 scripts are not running. Otherwise, your update will be blocked and will fail.
Kod:
+ virtualenv -p python3 DASHENV
Already using interpreter /usr/bin/python3
Using base prefix '/usr'
New python executable in /home/steve/code/misp-dashboard/DASHENV/bin/python3
Traceback (most recent call last):
File "/usr/bin/virtualenv", line 9, in <module>
load_entry_point('virtualenv==15.0.1', 'console_scripts', 'virtualenv')()
File "/usr/lib/python3/dist-packages/virtualenv.py", line 719, in main
symlink=options.symlink)
File "/usr/lib/python3/dist-packages/virtualenv.py", line 942, in create_environment
site_packages=site_packages, clear=clear, symlink=symlink))
File "/usr/lib/python3/dist-packages/virtualenv.py", line 1261, in install_python
shutil.copyfile(executable, py_executable)
File "/usr/lib/python3.5/shutil.py", line 115, in copyfile
with open(dst, 'wb') as fdst:
OSError: [Errno 26] Text file busy: '/home/steve/code/misp-dashboard/DASHENV/bin/python3'
Starting The System
+ You should not run it as root. It would be better to run it with normal privileges
-+- Example; redis server- port 6250
-+- Make sure you have a working redis server.
+ Enable virtualization ./DASHENV/bin/activate
-+- Zmq_subscriber ./zmq_subscriber.py &
+ Start the distributor to process received shipments. /zmq_dispatcher.py &
-+- Start Flask server. ./server.py &
+ Access the interface at http://localhost:8001/.
-+- Alternatively, you can run the start_all.sh script to run the commands described above.
Authentication
+ Validation can be enabled in the config /config.cfg file by setting auth_enabled=True. Users are asked to login to MISP.
+ If the dashboard_access of its setting is set to 1 for the MISP user account, and allowed to continue.
Debugging
+ Debugging is fun and gives more detail about what happens when things don't go well.
Just before running the ./Server.py file, do the following:
+ You should not run it as root. It would be better to run it with normal privileges
-+- Example; redis server- port 6250
-+- Make sure you have a working redis server.
+ Enable virtualization ./DASHENV/bin/activate
-+- Zmq_subscriber ./zmq_subscriber.py &
+ Start the distributor to process received shipments. /zmq_dispatcher.py &
-+- Start Flask server. ./server.py &
+ Access the interface at http://localhost:8001/.
-+- Alternatively, you can run the start_all.sh script to run the commands described above.
Authentication
+ Validation can be enabled in the config /config.cfg file by setting auth_enabled=True. Users are asked to login to MISP.
+ If the dashboard_access of its setting is set to 1 for the MISP user account, and allowed to continue.
Debugging
+ Debugging is fun and gives more detail about what happens when things don't go well.
Just before running the ./Server.py file, do the following:
Kod:
export FLASK_DEBUG=1
export FLASK_APP=server.py
flask run --host=0.0.0.0 --port=8001 # <- Be careful here, this exposes it on ALL ip addresses. Ideally if run locally --host=127.0.0.1
Moderatör tarafında düzenlendi: