If Kaspersky Threat Feed App for MISP is stopped during its work (for example, its process is not executed or the operating system is restarted), it resumes work after you run the master script run.py. If work does not resume, contact a Kaspersky representative. Alternatively, remove the imported events from the MISP instance, remove the contents of the workdir and feed_util/feeds directories, and remove the tool.pid file from the directory in which Kaspersky Threat Feed App for MISP is installed. Then run the master script run.py; the importing process will be performed from scratch.
The master script run.py and the importing script import_to_misp.py log their activities to stdout by default. We recommend that you save the log messages to a file so that you can track the work performed by Kaspersky Threat Feed App for MISP.
Due to MISP restrictions, the MISP events that contain a large amount of attributes (more than 50 000) can be opened very slowly in the user interface or cannot be opened at all. This happens because MISP tries to get all attributes from a database and load the correlations between the attributes to memory. To get rid of these errors, we recommend that you increase the memory usage for the MISP instance. To do this, perform the following actions on the MISP computer:
/etc/php/7.1/apache2/php.ini file for editing (the path may be different depending on the PHP version installed):vi /etc/php/7.1/apache2/php.ini
memory_limit parameter:memory_limit = 5G
sudo systemctl restart apache2