Good day,
Setup a MISP server and trying to ingest data with MISP integration but there is no data coming into elastic. Got the right authkey and no restrictions on the MISP Server firewall. Also able to get data when running curl command off the VM that got the agent, so the MISP server is reachable and data can be obtained but the integration is not working. Also checked datasets but nothing for misp.
Hi @lamp123432,
Welcome back! How are you ingesting the data into Elasticsearch? Are you using the MISP agent integration or something else? Are there any errors in the logs at all?
Using MISP agent integration. Nothing in the logs
Ok, which version of the integration are you using? And which version of Elastic have you installed the integration?
Everything being used is the latest version.
Agent version: 8.9.1
MISP Integration version: 1.20.0
It's difficult to say without any log errors or obvious misconfiguration. Does the system persist after you reinstall the integration?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.