Open in app

Sign in

Write

Sign in

misp-config to Configure MISP

Sebastien Tricaud
2 min readSep 2, 2020

--

When a MISP user wants to configure MISP, there are two options:

  • Using the UI, from “Server Settings & Maintenance”
  • With the CLI tool, such as:
sudo -u www-data /usr/share/misp/app/Console/cake admin setSetting <key> <value>

In order to know the key, one has to carefully look in the individual parameter from the GUI, such as MISP.baseurl which is likely to be the very first setting one wants to change.

I personally prefer configuration files. Such as the ones we see in /etc/ and I wanted to avoid going to a GUI to read and change settings. In order to do this, I wrote a script called “misp-config”, available from the MISP source code in tools/ and written in Perl to enable almost everyone to use it out of the box without installing anything (Perl being widely available and installed on most Linux distributions by default).

When MISP is installed, such as in /var/www/MISP, you can start pulling all its configuration using:

/var/www/MISP/tools/misp-config --misp-path /var/www/MISP --create

You might need installing the Perl json library (libjson-perl on Debian) if you have the following error when running the script for the first time:

Can't locate JSON.pm in @INC (you may need to install the JSON module) [..]

It will browse Cake for all possible Configuration Settings and dump them into /etc/misp/misp.conf.d/ for each category. For example, we have one configuration setting called “Plugin.S3_aws_secret_key”, its actual setting will be dumped into /etc/misp/misp.config.d/Plugin.conf where everything is commented out (trick to only upload to Cake everything not commented and be much faster). In that file, one can now locate the key “S3_aws_secret_key” and change that setting accordingly.

Once all the Settings have been altered, you can push them back to MISP using the apply parameter like this:

/var/www/MISP/tools/misp-config --misp-path /var/www/MISP --apply

This configuration is pushed to MISP and uses CakePHP to do it, so exactly how MISP does it using the UI. Of course each Setting can be checked from the UI.

Hope you will find it useful, as it is for me to deploy MISP tailored to the way I want it.

Threat Intelligence
Misp

--

--

Sebastien Tricaud

Written by Sebastien Tricaud

111 Followers

Free Software Developer of Security Tools. Director of Security Engineering at Devo.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams