I cannot access MISP dashboard

I am in the process of installing T-Guard components. After following all the steps in the setup GUI interface (I will attach a picture),


I can access the dashboard of (Wazuh, IRIS, and Shuffle) using the credential information provided in T-Guard documentation (I will attach a picture of the credential information provided in T-Guard documentation).

Still, I cannot access MISP dashboard although all the containers are running (I will attach a picture of all the running containers related to MISP).

When I try to access MISP dashboard using (https://[IP]:1443), the page freezes.

I also allowed port 1443 in my firewall (I will attach a picture of the firewall status)

Note:
[I am using an Ubuntu 22.04 virtual machine installed on VirtualBox to do the setup].

Could you please help me to debug the issue?
I have been trying to solve the issue for a while, but no promising result.

Hi, Faris!

Thank you for your feedback on using our T-Guard SOC Package.

Regarding the issue you are facing, it seems to be caused by the T-Guard installation being on a machine or device that uses an internal network (not public). You need to change the baseurl configuration inside the MISP configuration file with the following steps:

  1. Edit the MISP config file:
sudo nano ~/t-guard/misp/config/config.php
  1. Change the IP address in ‘baseurl’ to your IP address used to access Wazuh, Shuffle, and IRIS (in your case, 192.168.56.102). Then, save it.

  2. Try to open the MISP dashboard again.

We hope this helps you resolve the issue.

Thank you!

Thank you for taking the time to reply,
The issue has been resolved after following the given instructions.

Thank you so much for the update! We’re delighted to hear that the issue has been resolved. :blush:

If you have any other questions or need further assistance, please feel free to reach out. We’re always here to help!

Best regards, T-Guard Team

Hello:
I also have the problem that MISP DashBoard cannot be opened. After modifying /t-guard/misp/configs/config.php to my internal IP, the web page can be opened.

But when I log in using admin@admin.test/admin, “You have tripped the cross-site request forgery protection of MISP” appears. How to solve it?

Hi, begize!

Regarding the issue you are facing, it appears that there might be an issue with the latest version of MISP. We recommend updating the MISP-core image to version 2.4.190 and the MISP-module image to version 2.4.187. Here are the steps to do so:

  1. Edit the MISP docker-compose.yml file:

nano ~/t-guard/misp/docker-compose.yml

  1. Scroll down to misp-core, then replace the image version from “latest” to “v2.4.190

  2. Scroll down again to misp-modules, then replace the image version from “latest” to “v2.4.187

  3. Save it

  4. Repeat the MISP installation step in setup.sh

We hope this helps you resolve the issue.

Thank you!

Hi :
After modifying the version and reinstalling it, i can log in normally, thank you~~

Thank you for the update! We’re delighted to hear that the issue has been resolved.

If you have any other questions or need further assistance, please feel free to reach out. We’re always here to help!

Best regards, T-Guard Team

Hello,
I followed those step and it does work, however I have another probleme.
When I want to go to misp, in Administration → List Auth Keys, I get :

This Page isn’t working right now
... can’t currently handle this request.
HTTP ERROR 500.

The error log say this:

2024-09-19 14:52:20 Error: [RedisException] ERR AUTH called without any password configured for the default user. Are you sure your configuration is correct?
Request URL: /auth_keys/index
Stack Trace:
#0 /var/www/MISP/app/Lib/Tools/RedisTool.php(44): Redis->auth()
#1 /var/www/MISP/app/Model/AuthKey.php(359): RedisTool::init()
#2 /var/www/MISP/app/Controller/AuthKeysController.php(39): AuthKey->getLastUsageForKeys()
#3 /var/www/MISP/app/Controller/Component/CRUDComponent.php(59): AuthKeysController->{closure}()
#4 /var/www/MISP/app/Controller/AuthKeysController.php(49): CRUDComponent->index()
#5 [internal function]: AuthKeysController->index()
#6 /var/www/MISP/app/Lib/cakephp/lib/Cake/Controller/Controller.php(499): ReflectionMethod->invokeArgs()
#7 /var/www/MISP/app/Lib/cakephp/lib/Cake/Routing/Dispatcher.php(193): Controller->invokeAction()
#8 /var/www/MISP/app/Lib/cakephp/lib/Cake/Routing/Dispatcher.php(167): Dispatcher->_invoke()
#9 /var/www/MISP/app/webroot/index.php(101): Dispatcher->dispatch()
#10 {main}
2024-09-19 14:52:20 Error: Fatal Error (1): Uncaught Error: Class ‘AppExceptionRenderer’ not found in /var/www/MISP/app/Lib/cakephp/lib/Cake/Error/ErrorHandler.php:126
Stack trace:
#0 [internal function]: ErrorHandler::handleException()
#1 {main}
thrown in [/var/www/MISP/app/Lib/cakephp/lib/Cake/Error/ErrorHandler.php, line 126]
2024-09-19 14:52:20 Error: [InternalErrorException] Internal Server Error
Request URL: /auth_keys/index
Stack Trace:
#0 /var/www/MISP/app/Lib/cakephp/lib/Cake/Error/ErrorHandler.php(212): ErrorHandler::handleFatalError()
#1 /var/www/MISP/app/Lib/cakephp/lib/Cake/Core/App.php(970): ErrorHandler::handleError()
#2 /var/www/MISP/app/Lib/cakephp/lib/Cake/Core/App.php(943): App::_checkFatalError()
#3 [internal function]: App::shutdown()
#4 {main}

I suppose this is a php version error but I can’t update it to 8.2.* (in the container it is php7.4.34)

PS: Is it necessary to use this AuthKey to link wazuh to misp ? the installation step end after iris and I am new to this ^^’

Thanks a lot

New security friend

Hey

I found a temporary solution. I removed all password in the misp/docker-compose.yml, because the problem was that I send a password when I try to connect to redis, however redis doesn’t except this password. What’s more I tried to add a requirepass but I was also waiting for and AUTH that isn’t set so I found it easier to juste remove the password.
This solution however isn’t the best so I will try to look for a way to make it work with the password.

Have a nice day

I ran into the same issue. I ended up executing /bin/bash in the context of the misp core docker image and generating a new auth key.

Once you’re in the local file system you can run this command to rest the auth key for a particular user:

./app/Console/cake user change_authkey [e-mail/user_id]

I changed into the console directory and ran it from ./cake

Running Ubuntu 24 over here. Hope it helps. GLHF