Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cortex-Analyzer - MISP-plugin no "ssl-verify = False" option #210

Closed
SimonSays4223 opened this issue Mar 21, 2018 · 2 comments
Closed

Cortex-Analyzer - MISP-plugin no "ssl-verify = False" option #210

SimonSays4223 opened this issue Mar 21, 2018 · 2 comments
Assignees
@3c7

Comments

@SimonSays4223
Copy link

SimonSays4223 commented Mar 21, 2018
edited
Loading

Cortex-Analyzer - MISP-plugin no "ssl-verify = False" option

Request Type

Bug / Analyzer

Work Environment

self-signed MISP within own infrastructure

Question Answer
OS version (server) CentOS
OS version (client) CentOS.
Cortex Analyzer Name MISP
Cortex Analyzer Version 2.0
Cortex Version latest
Browser type & version not important

Description

Currently there is not option available for not verifying the SSL-Cert of the MISP cortex will query with the MISP-Cortex-Analyzer plugin. The default is set to true (so it gets verified). Optional it is possible to provide a certpath for the CA or CA-bundle to verify the remote MISP-SSL Cert.
But there is no option to completly disable ssl-verification.

Steps to Reproduce

  1. try to connect to a foreign MISP with self-signed cert
  2. do not specify a certpath in application.conf
  3. see how the query fails because of the self-signed cert

Possible Solutions

Add an option (parameter) in the application.conf for disabling ssl-verification:

@line16

        try:
            verify = self.getParam('config.verify')
            if not verify:
                   # Keep the old behaviour
                   ssl = self.getParam('config.certpath', True)
             elif verify == "False":
                   ssl = False
             else:
                   # Keep the old behaviour
                   ssl = self.getParam('config.certpath', True)

            self.misp = MISPClient(url=self.getParam('config.url', None, 'No MISP url given.'),
                                key=self.getParam('config.key', None, 'No MISP api key given.'),
                                ssl=ssl),
                                name=name)

Complementary information

application.conf can now include a verify parameter withion the MISP-plugin session!
@3c7
Copy link
Contributor

3c7 commented Mar 21, 2018

You should be able to set it to false in the config.

MISP {
  key="abc..."
  url="https://misp.xyz"
  certpath=false

See https://github.com/TheHive-Project/CortexDocs/blob/master/analyzer_requirements.md#requirements-7.

@3c7 3c7 self-assigned this Mar 21, 2018
@SimonSays4223
Copy link
Author

SimonSays4223 commented Mar 21, 2018
edited
Loading

You are right, my fault! I previously checked it but due to case sensitivity it didn't worked. I tried it with certpath=False! :(

Now with
certpath=false
it works out nicely!

Thanks, bug can be closed!

@redwolfey redwolfey mentioned this issue Feb 7, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@3c7 3c7

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@3c7 @SimonSays4223