Comments (4)
iglocska
commented on July 18, 2024
Sounds like you have probably ingested the same feed over and over into new events. To resolve it:
- Truncate the correlations table
- modify your csv/freetext feed settings to always use fixed events, not "new event each pull"
- Delete all the duplicate events coming from the feeds (they will have the same info fields, one per feed)
- recorrelate the database (server settings -> diagnostics -> legacy tools -> recorrelate attributes)
This should get you up and running again. Let us know if it doesn't resolve it.
from misp-dashboard.
faustus25
commented on July 18, 2024
Truncating the correlations table works but I need to delete the high volume attribute Fixed Events for certain events.
Part of the problem is the fact, that Warning List attributes are duplicated in multiple events i.e. "8.8.8.8" and should be ideally mass deleted. The second is that the MISP ZMQ filters through each single attribute for those high volume attribute Fixed Events which is time consuming and eventually the ZMQ listener stops.
from misp-dashboard.
faustus25
commented on July 18, 2024
I have remove feeds with excessive attributes but ideally an option to mass delete duplicate false positive attributes would help.
Disk space for misp-dashboard:
/usr/local/src/misp-dashboard/data ------------------------------------------------------------------------------------------------------------------------------------------
/..
2.1 GiB [##########] temp-5530.rdb
2.1 GiB [######### ] dump.rdb
1.9 GiB [######### ] temp-9849.rdb
548.4 MiB [## ] temp-1612.rdb
454.7 MiB [## ] temp-1404.rdb
442.2 MiB [## ] temp-1339.rdb
438.6 MiB [## ] temp-1582.rdb
438.4 MiB [## ] temp-1326.rdb
436.1 MiB [## ] temp-1455.rdb
435.4 MiB [## ] temp-1415.rdb
419.2 MiB [# ] temp-1435.rdb
406.2 MiB [# ] temp-1405.rdb
406.2 MiB [# ] temp-1492.rdb
374.5 MiB [# ] temp-1342.rdb
349.9 MiB [# ] temp-1412.rdb
328.7 MiB [# ] temp-2020.rdb
325.5 MiB [# ] temp-1286.rdb
63.2 MiB [ ] /GeoLite2-City_20180807
20.0 KiB [ ] country_code_lat_long.json
@ 0.0 B [ ] GeoLite2-City
Is it recommended to delete all the temp.rdb files?
Also how do you get the ZMQ listener to move onto the next event published? The dashboard is stuck on one event that has an excessive amount of attributes and can't progress to the next one.
from misp-dashboard.
mokaddem
commented on July 18, 2024
Indeed, if you publish massive events to the ZMQ channel, it will generate a lot of data.
As of now, you can't skip event that are being processed.
from misp-dashboard.
Related Issues (20)
- Too many redirects cause inability to display HOT 3
- Auth with Misp Saml HOT 3
- pycountry module install error HOT 1
- Dashboard not showing results HOT 2
- Do I install this on my misp server or on a different server? (aka is this a standalone tool) HOT 1
- Python Script not working. HOT 4
- Unable to connect to the MISP Dashboard, zmq_Dispatcher crashes after publishing events HOT 3
- Maps do not show HOT 1
- Redis server error HOT 1
- Question on compatibility with MISP docker
- Slight syntax error in diagnostic.py file
- Getting Error in MISP Dashboard Script( install_dependencies.sh)
- Unable to populate the Map with entries HOT 3
- Support request: Don't understand redis port
- Bug: Live dashboard - attribute with tags HOT 3
- Bug: Attribute.category panel does not work as expected HOT 1
- No data in Trendings dashboard HOT 1
- Replace maxmind with GeoOpen
- Malware
- Dispatcher stop working
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from misp-dashboard.