Default URL and (username/password)
• MISP web interface - http://127.0.0.1 (NAT:
Threat Sharing
MISP Training Cheat Sheet
Virtual Machine (MISP Training VM)
The MISP Training VM is available at the following location :
https://www.circl.lu/misp-images/.
The VM can be imported into VirtualBox or VMWare as an appliance
(OVA).
The MISP training VM includes multiple applications and packages
which are configured by default without production-ready secure
settings. We strongly recommend to not use this VM for production
and/or for storing sensitive information.
How to upgrade MISP to the latest version?
Log in via SSH or terminal and type the following commands (your
http://127.0.0.1:8080) ([email protected]/admin)
• MISP-modules - http://127.0.0.1:6666
• MISP-dashboard - http://127.0.0.1:8001
• Viper-web - http://127.0.0.1:8888 (admin/Password1234)
• jupyter-notebook - http://127.0.0.1:8889
• system credentials via ssh/terminal - (misp/Password1234)
How to get the API key of my user?
Go to the MISP web interface, and simply click your username in the
right upper corner to see your user profile which includes your API
key.
How to reset a password in MISP?
If you did any specific mistake while setting up your password at the
first login. You can reset the password by logging in on the system
(via SSH or terminal) and typing the following command:
/var/www/MISP/app/Console/cake Password
[email protected] YourTemporaryPasssword
How to reset the bruteforce login
protection?
While trying to log into MISP multiple times unsuccessfuly, the
bruteforce protection might be triggered. You can reset the bruteforce
login protection’s state by logging into the system (via SSH or
terminal) and typing the following command:
/var/www/MISP/app/Console/cake Admin
clearBruteforce
VM must have an Internet access):
1. cd /var/www/MISP
2. git pull origin 2.4
3. git submodule update ––init ––recursive
Getting OSINT information into your MISP
By default, a fresh installation of MISP is empty as we prefer to leave
it up to the users to store, gather, and share the information they
need. If you would like to populate your MISP with some real-life
data, simply enable the CIRCL OSINT feed, which contains
cybersecurity threat-related information. In order to enable the
OSINT feed, go to → Sync Actions then → List Feeds. Then
select the checkbox next to the first feed (called CIRCL OSINT
Feed) and click on top Enable Selected. To fetch all events from
the selected feed, scroll to the right side of the CIRCL OSINT Feed
row and simply click the icon depicting a downward pointing arrow
in a circle. Once you go back to the Event Index, the events will start
appearing gradually.
Training materials and documentation
MISP training materials are available at the following location
https:
//www.circl.lu/services/misp-training-materials/
and are freely licensed under CC-BY-SA. MISP book is available at the
following location https://www.circl.lu/doc/misp/.
Copyright
c 2018 MISP Project licensed under CC-BY-SA