I cannot access MISP dashboard

I am in the process of installing T-Guard components. After following all the steps in the setup GUI interface (I will attach a picture),


I can access the dashboard of (Wazuh, IRIS, and Shuffle) using the credential information provided in T-Guard documentation (I will attach a picture of the credential information provided in T-Guard documentation).

Still, I cannot access MISP dashboard although all the containers are running (I will attach a picture of all the running containers related to MISP).

When I try to access MISP dashboard using (https://[IP]:1443), the page freezes.

I also allowed port 1443 in my firewall (I will attach a picture of the firewall status)

Note:
[I am using an Ubuntu 22.04 virtual machine installed on VirtualBox to do the setup].

Could you please help me to debug the issue?
I have been trying to solve the issue for a while, but no promising result.

Hi, Faris!

Thank you for your feedback on using our T-Guard SOC Package.

Regarding the issue you are facing, it seems to be caused by the T-Guard installation being on a machine or device that uses an internal network (not public). You need to change the baseurl configuration inside the MISP configuration file with the following steps:

  1. Edit the MISP config file:
sudo nano ~/t-guard/misp/config/config.php
  1. Change the IP address in ‘baseurl’ to your IP address used to access Wazuh, Shuffle, and IRIS (in your case, 192.168.56.102). Then, save it.

  2. Try to open the MISP dashboard again.

We hope this helps you resolve the issue.

Thank you!

Thank you for taking the time to reply,
The issue has been resolved after following the given instructions.

Thank you so much for the update! We’re delighted to hear that the issue has been resolved. :blush:

If you have any other questions or need further assistance, please feel free to reach out. We’re always here to help!

Best regards, T-Guard Team

Hello:
I also have the problem that MISP DashBoard cannot be opened. After modifying /t-guard/misp/configs/config.php to my internal IP, the web page can be opened.

But when I log in using admin@admin.test/admin, “You have tripped the cross-site request forgery protection of MISP” appears. How to solve it?

Hi, begize!

Regarding the issue you are facing, it appears that there might be an issue with the latest version of MISP. We recommend updating the MISP-core image to version 2.4.190 and the MISP-module image to version 2.4.187. Here are the steps to do so:

  1. Edit the MISP docker-compose.yml file:

nano ~/t-guard/misp/docker-compose.yml

  1. Scroll down to misp-core, then replace the image version from “latest” to “v2.4.190

  2. Scroll down again to misp-modules, then replace the image version from “latest” to “v2.4.187

  3. Save it

  4. Repeat the MISP installation step in setup.sh

We hope this helps you resolve the issue.

Thank you!

Hi :
After modifying the version and reinstalling it, i can log in normally, thank you~~

Thank you for the update! We’re delighted to hear that the issue has been resolved.

If you have any other questions or need further assistance, please feel free to reach out. We’re always here to help!

Best regards, T-Guard Team

Hello,
I followed those step and it does work, however I have another probleme.
When I want to go to misp, in Administration → List Auth Keys, I get :

This Page isn’t working right now
... can’t currently handle this request.
HTTP ERROR 500.

The error log say this:

2024-09-19 14:52:20 Error: [RedisException] ERR AUTH called without any password configured for the default user. Are you sure your configuration is correct?
Request URL: /auth_keys/index
Stack Trace:
#0 /var/www/MISP/app/Lib/Tools/RedisTool.php(44): Redis->auth()
#1 /var/www/MISP/app/Model/AuthKey.php(359): RedisTool::init()
#2 /var/www/MISP/app/Controller/AuthKeysController.php(39): AuthKey->getLastUsageForKeys()
#3 /var/www/MISP/app/Controller/Component/CRUDComponent.php(59): AuthKeysController->{closure}()
#4 /var/www/MISP/app/Controller/AuthKeysController.php(49): CRUDComponent->index()
#5 [internal function]: AuthKeysController->index()
#6 /var/www/MISP/app/Lib/cakephp/lib/Cake/Controller/Controller.php(499): ReflectionMethod->invokeArgs()
#7 /var/www/MISP/app/Lib/cakephp/lib/Cake/Routing/Dispatcher.php(193): Controller->invokeAction()
#8 /var/www/MISP/app/Lib/cakephp/lib/Cake/Routing/Dispatcher.php(167): Dispatcher->_invoke()
#9 /var/www/MISP/app/webroot/index.php(101): Dispatcher->dispatch()
#10 {main}
2024-09-19 14:52:20 Error: Fatal Error (1): Uncaught Error: Class ‘AppExceptionRenderer’ not found in /var/www/MISP/app/Lib/cakephp/lib/Cake/Error/ErrorHandler.php:126
Stack trace:
#0 [internal function]: ErrorHandler::handleException()
#1 {main}
thrown in [/var/www/MISP/app/Lib/cakephp/lib/Cake/Error/ErrorHandler.php, line 126]
2024-09-19 14:52:20 Error: [InternalErrorException] Internal Server Error
Request URL: /auth_keys/index
Stack Trace:
#0 /var/www/MISP/app/Lib/cakephp/lib/Cake/Error/ErrorHandler.php(212): ErrorHandler::handleFatalError()
#1 /var/www/MISP/app/Lib/cakephp/lib/Cake/Core/App.php(970): ErrorHandler::handleError()
#2 /var/www/MISP/app/Lib/cakephp/lib/Cake/Core/App.php(943): App::_checkFatalError()
#3 [internal function]: App::shutdown()
#4 {main}

I suppose this is a php version error but I can’t update it to 8.2.* (in the container it is php7.4.34)

PS: Is it necessary to use this AuthKey to link wazuh to misp ? the installation step end after iris and I am new to this ^^’

Thanks a lot

New security friend