Sounds like you should unistall all of the MISP components from SOAR.
To uninstall the threat service you can run this command on the appliance
sudo resutil threatserverdel -name MISP
------------------------------
AnnMarie Norcross
------------------------------
Original Message:
Sent: Wed June 05, 2024 10:00 AM
From: Janeesh George
Subject: MISP error while creating incident
Hi AnnMarie,
Misp is no longer in our environment. We had it removed, it was an older version.
Also, I've disabled the "Create attribute" rule and get the same error.
And i see "rc-cts-misp-1.1.1.tar.gz" is installed.
------------------------------
Janeesh George
Original Message:
Sent: Wed June 05, 2024 09:30 AM
From: AnnMarie Norcross
Subject: MISP error while creating incident
Hi Janeesh
What version of the MISP app do you have installed?
The latest app on the App Exchange is 3.0.2 which uses playbooks (not workflows). I notice in the error message that the error is in the pre-processor script of a workflow.
The 3.0.2 app only has manual playbooks. It sounds like some automatic rule is getting triggered when you are creating an incident. Do you have the MISP custom threat service installed?
AnnMarie
------------------------------
AnnMarie Norcross
Original Message:
Sent: Wed June 05, 2024 08:30 AM
From: Janeesh George
Subject: MISP error while creating incident
------------------------------
Janeesh George
------------------------------