Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ideal configuration to prevent indefinite ingestion of indicators #158

Open
StressedOutMouse opened this issue Apr 10, 2024 · 0 comments
Open

Ideal configuration to prevent indefinite ingestion of indicators #158

StressedOutMouse opened this issue Apr 10, 2024 · 0 comments

Comments

@StressedOutMouse
Copy link

StressedOutMouse commented Apr 10, 2024
edited
Loading

Hello,

Apologies as this is somewhat of a duplicate of: #113
I wanted to ask what the ideal configuration of the MISP initialization script is? I've encountered an issue where after executing the script, it runs for a prolong period of time as the longest I've clocked is 12hrs+. Is it a matter of system resources, since with only 16GBs of RAM and the large volume of indicators, is the pull size too small?

Command: python3.8 misp_import.py --indicators --debug

[2024-04-05 13:38:38,814] DEBUG    config  client_id                                   value redacted, check config file
[2024-04-05 13:38:38,814] DEBUG    config  client_secret                               value redacted, check config file
[2024-04-05 13:38:38,814] DEBUG    config  crowdstrike_url                             auto
[2024-04-05 13:38:38,814] DEBUG    config  api_request_max                             2500
[2024-04-05 13:38:38,814] DEBUG    config  api_enable_ssl                              True
[2024-04-05 13:38:38,815] DEBUG    config  reports_timestamp_filename                  lastReportsUpdate.dat
[2024-04-05 13:38:38,815] DEBUG    config  indicators_timestamp_filename               lastIndicatorsUpdate.dat
[2024-04-05 13:38:38,815] DEBUG    config  actors_timestamp_filename                   lastActorsUpdate.dat
[2024-04-05 13:38:38,815] DEBUG    config  init_reports_days_before                    1
[2024-04-05 13:38:38,815] DEBUG    config  init_indicators_minutes_before              60
[2024-04-05 13:38:38,815] DEBUG    config  init_actors_days_before                     1
[2024-04-05 13:38:38,815] DEBUG    config  reports_tags                                value not specified
[2024-04-05 13:38:38,815] DEBUG    config  indicators_tags                             value not specified
[2024-04-05 13:38:38,816] DEBUG    config  actors_tags                                 value not specified
[2024-04-05 13:38:38,816] DEBUG    config  unknown_mapping                             CrowdStrike:indicator:galaxy: UNATTRIBUTED
[2024-04-05 13:38:38,816] DEBUG    config  unattributed_title                          Unattributed indicators:
[2024-04-05 13:38:38,816] DEBUG    config  indicator_type_title                        Indicator Type:
[2024-04-05 13:38:38,816] DEBUG    config  malware_family_title                        Malware Family:
[2024-04-05 13:38:38,816] DEBUG    config  misp_url                                    [REDACTED]
[2024-04-05 13:38:38,816] DEBUG    config  misp_auth_key                               value redacted, check config file
[2024-04-05 13:38:38,816] DEBUG    config  crowdstrike_org_uuid                        [REDACTED]
[2024-04-05 13:38:38,817] DEBUG    config  miss_track_file                             no_galaxy_mapping.log
[2024-04-05 13:38:38,817] DEBUG    config  galaxies_map_file                           galaxy.ini
[2024-04-05 13:38:38,817] DEBUG    config  misp_enable_ssl                             False
[2024-04-05 13:38:38,817] WARNING  config  misp_enable_ssl                             SSL is disabled for MISP API requests
[2024-04-05 13:38:38,817] DEBUG    config  misp_malware_family_range                   5d
[2024-04-05 13:38:38,817] DEBUG    config  ind_attribute_batch_size                    1000
[2024-04-05 13:38:38,817] DEBUG    config  event_save_memory_refresh_interval          180
[2024-04-05 13:38:38,818] DEBUG    config  max_threads                                 16
[2024-04-05 13:38:38,818] DEBUG    config  tag_unknown_galaxy_maps                     True
[2024-04-05 13:38:38,818] DEBUG    config  taxonomic_kill-chain                        True
[2024-04-05 13:38:38,818] DEBUG    config  taxonomic_information-security-data-source  True
[2024-04-05 13:38:38,818] DEBUG    config  taxonomic_type                              True
[2024-04-05 13:38:38,818] DEBUG    config  taxonomic_iep                               False
[2024-04-05 13:38:38,818] DEBUG    config  taxonomic_iep2                              True
[2024-04-05 13:38:38,818] DEBUG    config  taxonomic_iep2_version                      False
[2024-04-05 13:38:38,818] DEBUG    config  taxonomic_tlp                               True
[2024-04-05 13:38:38,819] DEBUG    config  taxonomic_workflow                          True
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@StressedOutMouse