I'm attempting to populate the taxii server so i can push it into MISP later.
My command looks like this
taxii-proxy --poll-path http://hailataxii.com/taxii-data --poll-collection guest.Lehigh_edu --inbox-path http://localhost:9000/services/inbox --inbox-collection collection --binding urn:stix.mitre.org:xml:1.1
Every feed i'm connecting to will eventually fail with the following message
ERROR: FAILURE: There was a failure while executing the message handler.
I saw on another post that changing collate to latin1_general_ci could help , but it didn't help in my case .
If i change the server to test.taxiistand.com and use one of the available collections there it will take longer but will fail eventually with the same error

If there is another way to populate taxii server using any possible commands i'm ready to give it a try.

Thanks

I know I am just missing something, but I cant figure out what I am missing.
Everything installed just fine, I run opentaxii-run-dev and then run taxii-push --path http://localhost:9000/services/inbox -f tests/sample.xml --dest collection --username root --password root -v

and the following error below comes up on the opentaxii server and I get the error Failure: there was a failure while executing the message handler.

Traceback (most recent call last):
File "/usr/local/lib/python3.5/dist-packages/Flask-0.12.2-py3.5.egg/flask/app.py", line 1612, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/local/lib/python3.5/dist-packages/Flask-0.12.2-py3.5.egg/flask/app.py", line 1598, in dispatch_request
return self.view_functionsrule.endpoint
File "/usr/local/lib/python3.5/dist-packages/opentaxii-0.1.10a1-py3.5.egg/opentaxii/middleware.py", line 76, in wrapper
return _process_with_service(service)
File "/usr/local/lib/python3.5/dist-packages/opentaxii-0.1.10a1-py3.5.egg/opentaxii/middleware.py", line 154, in _process_with_service
response_message = service.process(request.headers, taxii_message)
File "/usr/local/lib/python3.5/dist-packages/opentaxii-0.1.10a1-py3.5.egg/opentaxii/taxii/services/abstract.py", line 89, in process
in_response_to=message.message_id)
File "/usr/local/lib/python3.5/dist-packages/opentaxii-0.1.10a1-py3.5.egg/opentaxii/taxii/exceptions.py", line 48, in raise_failure
tb=tb)
File "/usr/local/lib/python3.5/dist-packages/six.py", line 692, in reraise
raise value.with_traceback(tb)
File "/usr/local/lib/python3.5/dist-packages/opentaxii-0.1.10a1-py3.5.egg/opentaxii/taxii/services/abstract.py", line 83, in process
response_message = handler.handle_message(self, message)
File "/usr/local/lib/python3.5/dist-packages/opentaxii-0.1.10a1-py3.5.egg/opentaxii/taxii/services/handlers/inbox_message_handlers.py", line 126, in handle_message
return InboxMessage11Handler.handle_message(service, request)
File "/usr/local/lib/python3.5/dist-packages/opentaxii-0.1.10a1-py3.5.egg/opentaxii/taxii/services/handlers/inbox_message_handlers.py", line 65, in handle_message
inbox_message_id=inbox_message.id if inbox_message else None)
File "/usr/local/lib/python3.5/dist-packages/opentaxii-0.1.10a1-py3.5.egg/opentaxii/persistence/manager.py", line 164, in create_content
collection_ids=collection_ids, service_id=service_id)
File "/usr/local/lib/python3.5/dist-packages/blinker-1.4-py3.5.egg/blinker/base.py", line 267, in send
for receiver in self.receivers_for(sender)]
File "/usr/local/lib/python3.5/dist-packages/blinker-1.4-py3.5.egg/blinker/base.py", line 267, in
for receiver in self.receivers_for(sender)]
File "/usr/local/lib/python3.5/dist-packages/misp_taxii_hooks-0.2-py3.5.egg/misp_taxii_hooks/hooks.py", line 58, in post_stix
package = pymisp.tools.stix.load_stix(StringIO(content_block.content.decode()))
opentaxii.taxii.exceptions.FailureStatus: 'str' object has no attribute 'decode', logger=opentaxii.middleware, event=Status exception, level=warning, timestamp=2017-11-02T17:53:15.401407Z}
127.0.0.1 - - [02/Nov/2017 12:53:15] "POST /services/inbox HTTP/1.1" 200 -

I'm not sure if this is some weird issue with my server or Python or if it's something dealing with one of the underlying libraries used by the MISP Taxii Service, but I'm kind of stumped.

I'm attempting to import STIX files obtained from the Anomali TAXII feed into MISP, but every STIX file I tried was crashing. After banging my head against the wall for a bit, I realized that while lxml is parsing the STIX file it crashes while reading the 65535th character of the STIX file.

Poll Anomali to get the latest Phish Tank STIX file
taxii-poll --host limo.anomali.com --https --collection Phish_Tank_F107 --discovery /api/v1/taxii/taxii-discovery-service/ --username guest --password guest --begin 2018-11-01T00:00:00Z --end 2018-12-22T00:00:00Z > phishtank.xml

Attempt to push the STIX file to opentaxii-run-dev
taxii-push --path http://localhost:9000/services/inbox -f phishtank.xml --dest collection --username MYUSERNAME --password MYPASSWORD

Error Log - line 847, column 228 is the 65535th char in the STIX file

    127.0.0.1 - - [21/Dec/2018 12:59:04] "POST /services/inbox HTTP/1.1" 200 -
'cm9vdDpyb290' 12
Posting STIX...
2018-12-21T18:00:36.436787Z [opentaxii.middleware] warning: Status exception {exception=Traceback (most recent call last):
  File "/usr/local/lib/python3.4/dist-packages/misp_stix_converter/converters/convert.py", line 112, in load_stix
    stix_package = STIXPackage.from_json(data)
  File "/usr/local/lib/python3.4/dist-packages/mixbox/entities.py", line 495, in from_json
    d = json.loads(json_doc)
  File "/usr/lib/python3.4/json/__init__.py", line 318, in loads
    return _default_decoder.decode(s)
  File "/usr/lib/python3.4/json/decoder.py", line 343, in decode
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())
  File "/usr/lib/python3.4/json/decoder.py", line 361, in raw_decode
    raise ValueError(errmsg("Expecting value", s, err.value)) from None
ValueError: Expecting value: line 1 column 1 (char 0)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/lib/python3.4/dist-packages/opentaxii-0.1.10a1-py3.4.egg/opentaxii/taxii/services/abstract.py", line 83, in proce
ss
    response_message = handler.handle_message(self, message)
  File "/usr/local/lib/python3.4/dist-packages/opentaxii-0.1.10a1-py3.4.egg/opentaxii/taxii/services/handlers/inbox_message_handlers
.py", line 126, in handle_message
    return InboxMessage11Handler.handle_message(service, request)
  File "/usr/local/lib/python3.4/dist-packages/opentaxii-0.1.10a1-py3.4.egg/opentaxii/taxii/services/handlers/inbox_message_handlers
.py", line 65, in handle_message
    inbox_message_id=inbox_message.id if inbox_message else None)
  File "/usr/local/lib/python3.4/dist-packages/opentaxii-0.1.10a1-py3.4.egg/opentaxii/persistence/manager.py", line 164, in create_c
ontent
    collection_ids=collection_ids, service_id=service_id)
  File "/usr/local/lib/python3.4/dist-packages/blinker-1.4-py3.4.egg/blinker/base.py", line 267, in send
    for receiver in self.receivers_for(sender)]
  File "/usr/local/lib/python3.4/dist-packages/blinker-1.4-py3.4.egg/blinker/base.py", line 267, in <listcomp>
    for receiver in self.receivers_for(sender)]
  File "/usr/local/lib/python3.4/dist-packages/misp_taxii_hooks-0.2-py3.4.egg/misp_taxii_hooks/hooks.py", line 62, in post_stix
    package = pymisp.tools.stix.load_stix(StringIO(block))
  File "/usr/local/lib/python3.4/dist-packages/pymisp/tools/stix.py", line 16, in load_stix
    stix = convert.load_stix(stix)
  File "/usr/local/lib/python3.4/dist-packages/misp_stix_converter/converters/convert.py", line 119, in load_stix
    stixXml = etree.fromstring(stix.read())
  File "src/lxml/etree.pyx", line 3213, in lxml.etree.fromstring
  File "src/lxml/parser.pxi", line 1876, in lxml.etree._parseMemoryDocument
  File "src/lxml/parser.pxi", line 1757, in lxml.etree._parseDoc
  File "src/lxml/parser.pxi", line 1067, in lxml.etree._BaseParser._parseUnicodeDoc
  File "src/lxml/parser.pxi", line 600, in lxml.etree._ParserContext._handleParseResultDoc
  File "src/lxml/parser.pxi", line 710, in lxml.etree._handleParseResult
  File "src/lxml/parser.pxi", line 639, in lxml.etree._raiseParseError
  File "<string>", line 847
lxml.etree.XMLSyntaxError: Premature end of data in tag Description line 847, line 847, column 228

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/flask/app.py", line 1475, in full_dispatch_request
    rv = self.dispatch_request()
  File "/usr/lib/python3/dist-packages/flask/app.py", line 1461, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File "/usr/local/lib/python3.4/dist-packages/opentaxii-0.1.10a1-py3.4.egg/opentaxii/middleware.py", line 76, in wrapper
    return _process_with_service(service)
  File "/usr/local/lib/python3.4/dist-packages/opentaxii-0.1.10a1-py3.4.egg/opentaxii/middleware.py", line 154, in _process_with_service
    response_message = service.process(request.headers, taxii_message)
  File "/usr/local/lib/python3.4/dist-packages/opentaxii-0.1.10a1-py3.4.egg/opentaxii/taxii/services/abstract.py", line 89, in process
    in_response_to=message.message_id)
  File "/usr/local/lib/python3.4/dist-packages/opentaxii-0.1.10a1-py3.4.egg/opentaxii/taxii/exceptions.py", line 48, in raise_failure
    tb=tb)
  File "/usr/local/lib/python3.4/dist-packages/six.py", line 692, in reraise
    raise value.with_traceback(tb)
  File "/usr/local/lib/python3.4/dist-packages/opentaxii-0.1.10a1-py3.4.egg/opentaxii/taxii/services/abstract.py", line 83, in process
    response_message = handler.handle_message(self, message)
  File "/usr/local/lib/python3.4/dist-packages/opentaxii-0.1.10a1-py3.4.egg/opentaxii/taxii/services/handlers/inbox_message_handlers.py", line 126, in handle_message
    return InboxMessage11Handler.handle_message(service, request)
  File "/usr/local/lib/python3.4/dist-packages/opentaxii-0.1.10a1-py3.4.egg/opentaxii/taxii/services/handlers/inbox_message_handlers.py", line 65, in handle_message
    inbox_message_id=inbox_message.id if inbox_message else None)
  File "/usr/local/lib/python3.4/dist-packages/opentaxii-0.1.10a1-py3.4.egg/opentaxii/persistence/manager.py", line 164, in create_content
    collection_ids=collection_ids, service_id=service_id)
  File "/usr/local/lib/python3.4/dist-packages/blinker-1.4-py3.4.egg/blinker/base.py", line 267, in send
    for receiver in self.receivers_for(sender)]
  File "/usr/local/lib/python3.4/dist-packages/blinker-1.4-py3.4.egg/blinker/base.py", line 267, in <listcomp>
    for receiver in self.receivers_for(sender)]
  File "/usr/local/lib/python3.4/dist-packages/misp_taxii_hooks-0.2-py3.4.egg/misp_taxii_hooks/hooks.py", line 62, in post_stix
    package = pymisp.tools.stix.load_stix(StringIO(block))
  File "/usr/local/lib/python3.4/dist-packages/pymisp/tools/stix.py", line 16, in load_stix
    stix = convert.load_stix(stix)
  File "/usr/local/lib/python3.4/dist-packages/misp_stix_converter/converters/convert.py", line 119, in load_stix
    stixXml = etree.fromstring(stix.read())
  File "src/lxml/etree.pyx", line 3213, in lxml.etree.fromstring
  File "src/lxml/parser.pxi", line 1876, in lxml.etree._parseMemoryDocument
  File "src/lxml/parser.pxi", line 1757, in lxml.etree._parseDoc
  File "src/lxml/parser.pxi", line 1067, in lxml.etree._BaseParser._parseUnicodeDoc
  File "src/lxml/parser.pxi", line 600, in lxml.etree._ParserContext._handleParseResultDoc
  File "src/lxml/parser.pxi", line 710, in lxml.etree._handleParseResult
  File "src/lxml/parser.pxi", line 639, in lxml.etree._raiseParseError
opentaxii.taxii.exceptions.FailureStatus: Premature end of data in tag Description line 847, line 847, column 228 (<string>, line 847), logger=opentaxii.middleware, timestamp=2018-12-21T18:00:36.436787Z, event=Status exception, level=warning}

I'm wondering if it has something to do w/ the TEXT data object for MySQL maxing out at 65535 characters, but I'm not sure where I could find the type of data object being used to send the STIX docs to the database and possibly change it to MEDIUMTEXT or LONGTEXT.

Thanks in advance for any help you might be able to provide!

I installed succefully the MISP-Taxii-Server and another instance of OpenTAXII Server to use the first as a MISP Middleware over a TAXII feed, and the second, as a stand alone TAXII Server.

The sync between 2 OpenTAXII works fine, but no event has been created in MISP.

Follows the error

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/lib/python3.4/dist-packages/Flask-0.12.2-py3.4.egg/flask/app.py", line 1612, in full_dispatch_request
    rv = self.dispatch_request()
  File "/usr/local/lib/python3.4/dist-packages/Flask-0.12.2-py3.4.egg/flask/app.py", line 1598, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File "/usr/local/lib/python3.4/dist-packages/opentaxii-0.1.10a1-py3.4.egg/opentaxii/middleware.py", line 76, in wrapper
    return _process_with_service(service)
  File "/usr/local/lib/python3.4/dist-packages/opentaxii-0.1.10a1-py3.4.egg/opentaxii/middleware.py", line 154, in _process_with_service
    response_message = service.process(request.headers, taxii_message)
  File "/usr/local/lib/python3.4/dist-packages/opentaxii-0.1.10a1-py3.4.egg/opentaxii/taxii/services/abstract.py", line 89, in process
    in_response_to=message.message_id)
  File "/usr/local/lib/python3.4/dist-packages/opentaxii-0.1.10a1-py3.4.egg/opentaxii/taxii/exceptions.py", line 48, in raise_failure
    tb=tb)
  File "/usr/local/lib/python3.4/dist-packages/six.py", line 692, in reraise
    raise value.with_traceback(tb)
  File "/usr/local/lib/python3.4/dist-packages/opentaxii-0.1.10a1-py3.4.egg/opentaxii/taxii/services/abstract.py", line 83, in process
    response_message = handler.handle_message(self, message)
  File "/usr/local/lib/python3.4/dist-packages/opentaxii-0.1.10a1-py3.4.egg/opentaxii/taxii/services/handlers/inbox_message_handlers.py", line 126, in handle_message
    return InboxMessage11Handler.handle_message(service, request)
  File "/usr/local/lib/python3.4/dist-packages/opentaxii-0.1.10a1-py3.4.egg/opentaxii/taxii/services/handlers/inbox_message_handlers.py", line 65, in handle_message
    inbox_message_id=inbox_message.id if inbox_message else None)
  File "/usr/local/lib/python3.4/dist-packages/opentaxii-0.1.10a1-py3.4.egg/opentaxii/persistence/manager.py", line 164, in create_content
    collection_ids=collection_ids, service_id=service_id)
  File "/usr/local/lib/python3.4/dist-packages/blinker-1.4-py3.4.egg/blinker/base.py", line 267, in send
    for receiver in self.receivers_for(sender)]
  File "/usr/local/lib/python3.4/dist-packages/blinker-1.4-py3.4.egg/blinker/base.py", line 267, in <listcomp>
    for receiver in self.receivers_for(sender)]
  File "/usr/local/lib/python3.4/dist-packages/misp_taxii_hooks-0.2-py3.4.egg/misp_taxii_hooks/hooks.py", line 76, in post_stix
    MISP.add_event(package._json_full())
opentaxii.taxii.exceptions.FailureStatus: 'MISPEvent' object has no attribute '_json_full', logger=opentaxii.middleware}

`

Any suggestion?
Thanks in advance.

Regards

please close, resolved.

Hello,
I have a problem during the execution of sync from TAXII to MISP.

The taxii-discovery and taxii-poll command from CLI works without problem.

Below the log from poll.log file

main - ERROR - FAILED TO PUSH BLOCK!
2018-04-09 07:06:59,067 - main - ERROR - <cabby.entities.ContentBlock object at 0x7fe213138cc0>
2018-04-09 07:06:59,067 - main - ERROR - FAILURE: There was a failure while executing the message handler
Traceback (most recent call last):
File "run-taxii-poll.py", line 147, in
uri=localInbox)
File "/usr/local/lib/python3.5/dist-packages/cabby/client11.py", line 332, in push
service_type=const.SVC_INBOX)
File "/usr/local/lib/python3.5/dist-packages/cabby/abstract.py", line 190, in _execute_request
timeout=self.timeout)
File "/usr/local/lib/python3.5/dist-packages/cabby/dispatcher.py", line 63, in send_taxii_request
raise UnsuccessfulStatusError(obj)
cabby.exceptions.UnsuccessfulStatusError: FAILURE: There was a failure while executing the message handler

Many thanks for your help

If someone want to evaluate this version of the misp_taxii_hook

-- davidonzo@b558f0b

Preamble
The purpose is to improve the STIX import via TAXII on MISP.
Actually the import system, before importing the IoC, checks for its existence in any event. If the item has been found, it will be discarded.
If MISP receives the same IoC qualified for differents reasons in two or more STIX reports or if it has been imported before in others ways, it will be imported just the first time the system checks for it, and it will be discarded for the future in any other STIX report.

From a Security Analyst point of view, I think it's better add the attribute, even if it has been yet imported by a previous import.
From a Data Analyst point of view, I don't want to duplicate informations, because relationships check should result in deprecated performances and false positives.

The new "misp_taxii_hook"
The new hook try to define a title and a correspondent filename for the STIX report (def detect_title) using the stix:Title and the stix:Description header's elements.
If this operation successed, it performs a search to detect if the STIX file has been imported before. It searchs for a MISP event having the correspondent "title" and an attachment attribute named as the "filename". It must have it boths!

If nothing found, a new event will be created with the previous defined title, attachment and the attributes included in the report.

But, if these search conditions (title and attachment) are true, the hook try to update the detected event. If new attributes are detected, it will be pushed and a the STIX report will be attached.

If the STIX report has no title and description in the stix_header element, the hook will import the file using the old hook code.

Received the following error when pushing sample stix file to MISP:
Pushed file:
taxii-push --path http://localhost:9000/services/inbox -f /home/user/MISP-Taxii-Server/tests/sample.xml -v --dest collection --user user --password password

Alert when file pushed to opentaxii-run-dev:
UnauthorizedException: UNAUTHORIZED, level=warning, timestamp=2017-11-06, logger=opentaxii.middleware, event=Status exception}
127.0.0.1 - - [06/Nov/2017 ] "POST /services/inbox HTTP/1.1" 200 -

`
2017-11-06 requests.packages.urllib3.connectionpool DEBUG: Starting new HTTP connection (1): localhost
2017-11-06 requests.packages.urllib3.connectionpool DEBUG: http://localhost:9000 "POST /services/inbox HTTP/1.1" 200 306
2017-11-06 cabby.dispatcher DEBUG: Response:
<taxii_11:Status_Message xmlns:taxii="http://taxii.mitre.org/messages/taxii_xml_binding-1" xmlns:taxii_11="http://taxii.mitre.org/messages/taxii_xml_binding-1.1" xmlns:tdq="http://taxii.mitre.org/query/taxii_default_query-1" message_id="7149768213953236338" in_response_to="0" status_type="UNAUTHORIZED"/>

2017-11-06 cabby.cli.commons ERROR: UNAUTHORIZED:
Traceback (most recent call last):
File "build/bdist.linux-x86_64/egg/cabby/cli/commons.py", line 171, in run_client
run_func(client, args.uri, args)
File "build/bdist.linux-x86_64/egg/cabby/cli/push.py", line 51, in _runner
client.push(content, binding, collection_names=args.collections, uri=path)
File "build/bdist.linux-x86_64/egg/cabby/client11.py", line 332, in push
service_type=const.SVC_INBOX)
File "build/bdist.linux-x86_64/egg/cabby/abstract.py", line 205, in _execute_request
timeout=self.timeout)
File "build/bdist.linux-x86_64/egg/cabby/dispatcher.py", line 91, in send_taxii_request
raise UnsuccessfulStatusError(obj)
UnsuccessfulStatusError: UNAUTHORIZED:
`
Added taxii auth user to config.yaml:

domain: "localhost:9000"
support_basic_auth: yes

persistence_api:
class: opentaxii.persistence.sqldb.SQLDatabaseAPI
parameters:
db_connection: mysql://user:password@localhost/taxiipersist
create_tables: yes

auth_api:
class: opentaxii.auth.sqldb.SQLDatabaseAPI
parameters:
db_connection: mysql://user:password@localhost/taxiiauth
create_tables: yes
secret: SupersecretstringforOpenTaxiiserverinsertedhere

logging:
opentaxii: info
root: info

hooks: misp_taxii_hooks.hooks

Sample configuration for misp_taxii_server

zmq:
host: localhost
port: 50000

misp:
url: "https://xx.xx.xx.xx"
api: apikey
verifySSL: False

taxii:
auth:
username: user
password: password
collections:
- collection

`
Added another taxii user and updated config.yaml and same "Unauthorized" error.
(Used same credentials for taxii auth as in taxiiauthDB and taxiipersistDB)

Config env:
OPENTAXII_CONFIG=/home/user/MISP-Taxii-Server/config/config.yaml

Adding new taxii auth accounts and update config.yaml file to test fails, what is the next step?
(Username and password checked each time)

In the installation instructions after setting up the databases you tell us to edit config.yaml, but if you do a simple find for it there is no such file. The only files that exist are config.default.yaml and config.travis.yaml, both located in /config/. New users should know which one to edit.

If you're referring to the OpenTAXII config.yml, I believe that has changed to be defaults.yml.

Thanks for the beautiful program! I love it and I'll continue reporting issues as I see them!

Hi to all,

I wrote a Python script using Cabby API. The script retrieves some content from a source and writes it to a collection (basically a taxii-proxy is executed but i had to develop a custom script beacuse of the taxii-proxy command does not accept some auth-options).

The problem is, while if I execute a taxii-push command from CLI (getting content from a file) an event appears on the MISP platform, if I execute my custom script the event does not appear.

Do you have any tips?

Dears,

With MISP 2.4.80, Objects were introduced. It seems that push_published_to_taxii.py doesn't include the objects and subsequent attributes, only first level attributes are included.
Would you have any idea / plans to update it?

Thanks a lot in advance!

BR's
irving

The following command cannot be run when no changes were made to the services file.
opentaxii-create-services -c config/services.yaml

It fails on the following function in the hooks.py file

MISP = pymisp.PyMISP(
                        CONFIG["misp"]["url"],
                        CONFIG["misp"]["api"],
                        ssl = config["misp"].get("verifySSL", True) #line 43
                )

The hooks config error is shown below:

opentaxii-create-services -c config/services.yaml
2017-05-22T14:57:48.486818Z [opentaxii.utils] info: api.initialized {event=api.initialized, timestamp=2017-05-22T14:57:48.486818Z, api=opentaxii.persistence.sqldb.SQLDatabaseAPI, logger=opentaxii.utils, level=info}
2017-05-22T14:57:48.497640Z [opentaxii.utils] info: api.initialized {event=api.initialized, timestamp=2017-05-22T14:57:48.497640Z, api=opentaxii.auth.sqldb.SQLDatabaseAPI, logger=opentaxii.utils, level=info}
Using config from /home/ubuntu/MISP-Taxii-Server/config/config.yaml
Traceback (most recent call last):
  File "/usr/local/bin/opentaxii-create-services", line 9, in <module>
    load_entry_point('opentaxii==0.1.9a1', 'console_scripts', 'opentaxii-create-services')()
  File "/usr/lib/python3/dist-packages/pkg_resources.py", line 351, in load_entry_point
    return get_distribution(dist).load_entry_point(group, name)
  File "/usr/lib/python3/dist-packages/pkg_resources.py", line 2363, in load_entry_point
    return ep.load()
  File "/usr/lib/python3/dist-packages/pkg_resources.py", line 2088, in load
    entry = __import__(self.module_name, globals(),globals(), ['__name__'])
  File "/usr/local/lib/python3.4/dist-packages/opentaxii-0.1.9a1-py3.4.egg/opentaxii/cli/__init__.py", line 10, in <module>
    server = TAXIIServer(config)
  File "/usr/local/lib/python3.4/dist-packages/opentaxii-0.1.9a1-py3.4.egg/opentaxii/server.py", line 45, in __init__
    importlib.import_module(signal_hooks)
  File "/usr/lib/python3.4/importlib/__init__.py", line 109, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
  File "<frozen importlib._bootstrap>", line 2254, in _gcd_import
  File "<frozen importlib._bootstrap>", line 2237, in _find_and_load
  File "<frozen importlib._bootstrap>", line 2226, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 1191, in _load_unlocked
  File "<frozen importlib._bootstrap>", line 1161, in _load_backward_compatible
  File "/usr/local/lib/python3.4/dist-packages/misp_taxii_hooks-0.2-py3.4.egg/misp_taxii_hooks/hooks.py", line 43, in <module>
NameError: name 'config' is not defined

I've completed the steps up to running opentaxii-create-services -c config/services.yaml. Now I'm trying to run and here is the error:

2017-09-26T22:25:53.594891Z [opentaxii.utils] info: api.initialized {timestamp=2017-09-26T22:25:53.594891Z, logger=opentaxii.utils, api=opentaxii.persistence.sqldb.SQLDatabaseAPI, event=api.initialized, level=info}
Traceback (most recent call last):
  File "/usr/local/bin/opentaxii-create-services", line 9, in <module>
    load_entry_point('opentaxii==0.1.10a1', 'console_scripts', 'opentaxii-create-services')()
  File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 542, in load_entry_point
    return get_distribution(dist).load_entry_point(group, name)
  File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 2569, in load_entry_point
    return ep.load()
  File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 2229, in load
    return self.resolve()
  File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 2235, in resolve
    module = __import__(self.module_name, fromlist=['__name__'], level=0)
  File "/usr/local/lib/python2.7/dist-packages/opentaxii-0.1.10a1-py2.7.egg/opentaxii/cli/__init__.py", line 10, in <module>
    server = TAXIIServer(config)
  File "/usr/local/lib/python2.7/dist-packages/opentaxii-0.1.10a1-py2.7.egg/opentaxii/server.py", line 41, in __init__
    api=initialize_api(config['auth_api']))
  File "/usr/local/lib/python2.7/dist-packages/opentaxii-0.1.10a1-py2.7.egg/opentaxii/utils.py", line 36, in initialize_api
    instance = cls(**params)
  File "/usr/local/lib/python2.7/dist-packages/opentaxii-0.1.10a1-py2.7.egg/opentaxii/auth/sqldb/api.py", line 41, in __init__
    self.db.create_all_tables()
  File "/usr/local/lib/python2.7/dist-packages/opentaxii-0.1.10a1-py2.7.egg/opentaxii/sqldb_helper.py", line 60, in create_all_tables
    self.metadata.create_all(bind=self.engine)
  File "build/bdist.linux-x86_64/egg/sqlalchemy/sql/schema.py", line 3981, in create_all
  File "build/bdist.linux-x86_64/egg/sqlalchemy/engine/base.py", line 1929, in _run_visitor
  File "build/bdist.linux-x86_64/egg/sqlalchemy/engine/base.py", line 1538, in _run_visitor
  File "build/bdist.linux-x86_64/egg/sqlalchemy/sql/visitors.py", line 121, in traverse_single
  File "build/bdist.linux-x86_64/egg/sqlalchemy/sql/ddl.py", line 757, in visit_metadata
  File "build/bdist.linux-x86_64/egg/sqlalchemy/sql/visitors.py", line 121, in traverse_single
  File "build/bdist.linux-x86_64/egg/sqlalchemy/sql/ddl.py", line 791, in visit_table
  File "build/bdist.linux-x86_64/egg/sqlalchemy/engine/base.py", line 945, in execute
  File "build/bdist.linux-x86_64/egg/sqlalchemy/sql/ddl.py", line 68, in _execute_on_connection
  File "build/bdist.linux-x86_64/egg/sqlalchemy/engine/base.py", line 1002, in _execute_ddl
  File "build/bdist.linux-x86_64/egg/sqlalchemy/engine/base.py", line 1189, in _execute_context
  File "build/bdist.linux-x86_64/egg/sqlalchemy/engine/base.py", line 1402, in _handle_dbapi_exception
  File "build/bdist.linux-x86_64/egg/sqlalchemy/util/compat.py", line 203, in raise_from_cause
  File "build/bdist.linux-x86_64/egg/sqlalchemy/engine/base.py", line 1182, in _execute_context
  File "build/bdist.linux-x86_64/egg/sqlalchemy/engine/default.py", line 504, in do_execute
  File "/usr/local/lib/python2.7/dist-packages/MySQLdb/cursors.py", line 250, in execute
    self.errorhandler(self, exc, value)
  File "/usr/local/lib/python2.7/dist-packages/MySQLdb/connections.py", line 50, in defaulterrorhandler
    raise errorvalue
sqlalchemy.exc.OperationalError: (_mysql_exceptions.OperationalError) (1071, 'Specified key was too long; max key length is 767 bytes') [SQL: u'\nCREATE TABLE accounts (\n\tid INTEGER NOT NULL AUTO_INCREMENT, \n\tusername VARCHAR(256), \n\tpassword_hash VARCHAR(256), \n\tPRIMARY KEY (id), \n\tUNIQUE (username)\n)\n\n']

Does this have to do with error handling or does it have to do with my MYSQL settings?

Dates miss tzinfo just by providing %Y-%m-%d and error gets raised:

    raise ValueError('%s.tzinfo must not be None!' % varname)

Fixed it with

import pytz
[...]
poll_from = datetime.strptime(args.start, "%Y-%m-%d%Z").replace(tzinfo=pytz.utc)

But then only UTC can be selected. Would this be okay? Then I'll submit this as PR.

Kind regards!

Once I created the variable and tried to run opentaxii-create-services -c config/services.yaml - I received this:

root@ubuntu:/var/www/MISP/MISP-Taxii-Server/config# opentaxii-create-services -c services.yaml
2017-05-12T17:24:19.481792Z [opentaxii.utils] info: api.initialized {level=info, api=opentaxii.persistence.sqldb.SQLDatabaseAPI, event=api.initialized, logger=opentaxii.utils, timestamp=2017-05-12T17:24:19.481792Z}
2017-05-12T17:24:19.516831Z [opentaxii.utils] info: api.initialized {level=info, api=opentaxii.auth.sqldb.SQLDatabaseAPI, event=api.initialized, logger=opentaxii.utils, timestamp=2017-05-12T17:24:19.516831Z}
Using config from /var/www/MISP/MISP-Taxii-Server/config/config.yaml
Starting new HTTPS connection (1): 10.20.10.18
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 560, in urlopen
body=body, headers=headers)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 346, in _make_request
self._validate_conn(conn)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 787, in validate_conn
conn.connect()
File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 252, in connect
ssl_version=resolved_ssl_version)
File "/usr/lib/python3/dist-packages/urllib3/util/ssl.py", line 305, in ssl_wrap_socket
return context.wrap_socket(sock, server_hostname=server_hostname)
File "/usr/lib/python3.5/ssl.py", line 377, in wrap_socket
_context=self)
File "/usr/lib/python3.5/ssl.py", line 752, in init
self.do_handshake()
File "/usr/lib/python3.5/ssl.py", line 988, in do_handshake
self._sslobj.do_handshake()
File "/usr/lib/python3.5/ssl.py", line 633, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 376, in send
timeout=timeout
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 589, in urlopen
raise SSLError(e)
requests.packages.urllib3.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/local/lib/python3.5/dist-packages/pymisp-2.4.71-py3.5.egg/pymisp/api.py", line 112, in init
response = self.get_recommended_api_version()
File "/usr/local/lib/python3.5/dist-packages/pymisp-2.4.71-py3.5.egg/pymisp/api.py", line 1074, in get_recommended_api_version
response = session.get(url)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 480, in get
return self.request('GET', url, **kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 468, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 576, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 447, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/local/bin/opentaxii-create-services", line 9, in
load_entry_point('opentaxii==0.1.9a1', 'console_scripts', 'opentaxii-create-services')()
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 542, in load_entry_point
return get_distribution(dist).load_entry_point(group, name)
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 2569, in load_entry_point
return ep.load()
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 2229, in load
return self.resolve()
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 2235, in resolve
module = import(self.module_name, fromlist=['name'], level=0)
File "/usr/local/lib/python3.5/dist-packages/opentaxii-0.1.9a1-py3.5.egg/opentaxii/cli/init.py", line 10, in
server = TAXIIServer(config)
File "/usr/local/lib/python3.5/dist-packages/opentaxii-0.1.9a1-py3.5.egg/opentaxii/server.py", line 45, in init
importlib.import_module(signal_hooks)
File "/usr/lib/python3.5/importlib/init.py", line 126, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
File "", line 986, in _gcd_import
File "", line 969, in _find_and_load
File "", line 958, in _find_and_load_unlocked
File "", line 664, in _load_unlocked
File "", line 634, in _load_backward_compatible
File "/usr/local/lib/python3.5/dist-packages/misp_taxii_hooks-0.2-py3.5.egg/misp_taxii_hooks/hooks.py", line 42, in
File "/usr/local/lib/python3.5/dist-packages/pymisp-2.4.71-py3.5.egg/pymisp/api.py", line 124, in init
raise PyMISPError('Unable to connect to MISP ({}). Please make sure the API key and the URL are correct (http/https is required): {}'.format(self.root_url, e))
pymisp.exceptions.PyMISPError: Unable to connect to MISP (https://10.20.10.18). Please make sure the API key and the URL are correct (http/https is required): [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)

I checked, my cert is valid and has not expired
PyMISP setup:
misp_verifycert = "False":
my misp_key = the key received from the automation section of my MISP server
misp_url = the url of my MISP server

Tested this: python3 last -l 10m works properly to pull in the information

The misp key and url were also added in at the bottom of the config.yaml file.

I am not sure where I could be going wrong.
I have been researching on why this can be happening for quite a few days now, but have had no luck.

Hi,

Could you please include a timestamp in the poll.log?

Thanks!
Steffen

root@misp:~# cat poll.log
INFO:__main__:Connecting to local server...
CRITICAL:__main__:Could not connect to local server
CRITICAL:__main__:HTTP Error: status code 500

Hello,

I am running a Ubuntu 16.04.2 LTS and trying to run the push_published_to_taxii.py file.
When running the file I receive the output below:

root@POM-MISP:/var/www/MISP/MISP-Taxii-Server/scripts# push_published_to_taxii.p y
Traceback (most recent call last):
File "/usr/local/bin/push_published_to_taxii.py", line 4, in
import('pkg_resources').run_script('misp-taxii-hooks==0.2', 'push_publis hed_to_taxii.py')
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 2927, in
@_call_aside
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 2913, in _call_aside
f(*args, **kwargs)
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 2940, in _initialize_master_working_set
working_set = WorkingSet._build_master()
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 635, in _build_master
ws.require(requires)
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 943, in require
needed = self.resolve(parse_requirements(requirements))
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 829, in resolve
raise DistributionNotFound(req, requirers)
pkg_resources.DistributionNotFound: The 'mysqlclient>=1.3.9' distribution was no t found and is required by misp-taxii-hooks
root@POM-MISP:/var/www/MISP/MISP-Taxii-Server/scripts# The 'mysqlclient>=1.3.9' distribution was no t found

If I try to perform an apt-get install "mysql-client", It will install the latest 5.x.x version, but it will still provide the same error when running the push_published_to_taxii.py and it also breaks MISP by displaying "An Internal Error has Occurred" message when I do install the mysql-client.

Hi guys,
I am able to execute
opentaxii-run-dev
without error. In fact service-discovery and push work correctly.
Now I would like to start the server not in localhost so I can get to the server from external taxii client.
I changed the config.yaml file with my domain server.
Now I see in the log that the services are: my_domain/service/discovery for example and not localhost/service/discovery
However the server is running in 127.0.0.1:9000
How I solve this problem?
Many thanks for your help.

I have the MISP-Taxii-Server running on the same box as my MISP instance. I am able to test with sample.xml and I get Content block successfully pushed but no MISP event is created.

Not sure what to do. You can hit me up on Gitter if needed.

Whenever I run the remote poll script I get feed not found. But the feed does exisit when I pull it pull collections. What gives?

collection_information_client respoinse:

Message Type: Collection_Information_Request
Message ID: 6863940986663948709

Response:

Message Type: Collection_Information_Response
Message ID: 748964006333316359; In Response To: 6863940986663948709
Contains 2 Collection Informations
  === Data Collection Information ===
    Collection Name: system.Default
    Collection Type: DATA_FEED
    Available: True
    Collection Description: system.Default
    Supported Content:     urn:stix.mitre.org:xml:1.0
    === Polling Service Instance ===
      Poll Protocol: urn:taxii.mitre.org:protocol:https:1.0
      Poll Address: https://xxx.xxx.xxx.xxx/taxii-data
      Message Binding: urn:taxii.mitre.org:message:xml:1.1
  ==================================

  === Data Collection Information ===
    Collection Name: ronixon.past7days
    Collection Type: DATA_FEED
    Available: True
    Collection Description: ronixon.past7days
    Supported Content:     urn:stix.mitre.org:xml:1.0
    === Polling Service Instance ===
      Poll Protocol: urn:taxii.mitre.org:protocol:https:1.0
      Poll Address: https://xxx.xxx.xxx.xxx/taxii-data
      Message Binding: urn:taxii.mitre.org:message:xml:1.1
  ==================================

Error on run-taxii-poll.py

2018-01-31 17:16:38,497 - __main__ - DEBUG - Polling collection ronixon.past7days
2018-01-31 17:16:39,237 - __main__ - ERROR - FAILED TO POLL collection ronixon.past7days
2018-01-31 17:16:39,237 - __main__ - ERROR - NOT_FOUND: Feed not found
Traceback (most recent call last):
  File "./run-taxii-poll.py", line 103, in <module>
    for content_block in cli.poll(collection_name=collection):
  File "/usr/local/lib/python3.5/dist-packages/cabby/client11.py", line 485, in poll
    service_type=const.SVC_POLL)
  File "/usr/local/lib/python3.5/dist-packages/cabby/abstract.py", line 205, in _execute_request
    timeout=self.timeout)
  File "/usr/local/lib/python3.5/dist-packages/cabby/dispatcher.py", line 91, in send_taxii_request
    raise UnsuccessfulStatusError(obj)
cabby.exceptions.UnsuccessfulStatusError: NOT_FOUND: Feed not found
2018-01-31 17:16:39,239 - __main__ - INFO - Finished!

Hello
i am trying to do the following command without user & password
taxii-poll --host xx.xx.xx.xx --port 9000 --path /services/poll --collection collection --username yyy --password ffff

• i set the parameter authentication_required to no in the config.yaml ,but it does not work.
  someone can advise me please.
  thank you

Hi there,

Sorry to bother you. Might not be an issue as you're pulling a specific commit from them, but the instructions are invalid as of 3 days ago; opentaxii changed their architecture so that the accounts are now stored in a yml file, the same one which now also stores the services and collections data.

In addition they no longer have the opentaxii-create-accounts function. Now you have to put the details for each account into the yml file and then use opentaxii-sync-data. Hope this helps!

Hi,

I noticed that some events (specifically from hailataxii) are still producing events with empty attributes as the attributes is not formatted properly.

I am sure that the feeds should normalized at the source but I thought that it's not a bad idea to do a check after the adding just incase.

Note: If yout think this is useful I can request pull.

if (len(package.attributes) > 0):
        e = MISP.add_event(package._json_full())
        print('Event (' + e['Event']['id']  + ') Added to MISP.')

        if e['Event']['attribute_count'] == '0':
            print('Event (' + e['Event']['id']  + ') Deleted from MISP - missing attributes...')
            MISP.delete_event(e['Event']['id'])

Regards,
MAstarux

Just a question. Is there anything to consider if you are running the Taxii Server on the same box as MISP? We are trying to pull in indicators from external entities.

Hello,
Thanks for putting this plugin together. I am running into an error when executing opentaxii-run-dev after completing the preceding steps for installation.

When running the opentaxii-run-dev command, I get the following

2017-01-03T22:08:21.578403Z [opentaxii.utils] info: api.initialized {level=info, timestamp=2017-01-03T22:08:21.578403Z, api=opentaxii.persistence.sqldb.SQLDatabaseAPI, logger=opentaxii.utils, event=api.initialized}
2017-01-03T22:08:21.597029Z [opentaxii.utils] info: api.initialized {level=info, timestamp=2017-01-03T22:08:21.597029Z, api=opentaxii.auth.sqldb.SQLDatabaseAPI, logger=opentaxii.utils, event=api.initialized}
2017-01-03T22:08:21.597194Z [opentaxii.server] info: taxiiserver.configured {timestamp=2017-01-03T22:08:21.597194Z, level=info, logger=opentaxii.server, event=taxiiserver.configured}
Traceback (most recent call last):
  File "/usr/bin/opentaxii-run-dev", line 9, in <module>
    load_entry_point('opentaxii==0.1.8a1', 'console_scripts', 'opentaxii-run-dev')()
  File "/usr/lib/python3.4/site-packages/opentaxii-0.1.8a1-py3.4.egg/opentaxii/cli/run.py", line 6, in run_in_dev_mode
    app.run(port=9000)
  File "/usr/lib/python3.4/site-packages/Flask-0.11.1-py3.4.egg/flask/app.py", line 843, in run
    run_simple(host, port, self, **options)
  File "/usr/lib/python3.4/site-packages/Werkzeug-0.11.11-py3.4.egg/werkzeug/serving.py", line 677, in run_simple
    s.bind((hostname, port))
OSError: [Errno 98] Address already in use

I ran ss -anp|grep 9000 to see what process is running on the port and found the following

tcp    LISTEN     0      128    127.0.0.1:9000                  *:*                   users:(("php-fpm",pid=2612,fd=0),("php-fpm",pid=2247,fd=0),("php-fpm",pid=2246,fd=0),("php-fpm",pid=2245,fd=0),("php-fpm",pid=2244,fd=0),("php-fpm",pid=2243,fd=0),("php-fpm",pid=981,fd=6))

If I attempt to end these processes and then retry I am able to get the server running. But when trying to push a STIX document to it using taxii-push command, I get the following.

2017-01-03 17:15:06,097 INFO: Sending Inbox_Message to http://localhost:9000/services/inbox
2017-01-03 17:15:06,103 ERROR: HTTPConnectionPool(host='localhost', port=9000): Max retries exceeded with url: /services/inbox (Caused by NewConnectionError('<requests.packages.urllib3.connection.HTTPConnection object at 0x7f994a1860b8>: Failed to establish a new connection: [Errno 111] Connection refused',))

Thank you for your help.

Can i pull data(IOC's) from MISP using a taxii client once i configured this?

Original error when using config.default.yaml:

Traceback (most recent call last):
  File "/usr/local/bin/push_published_to_taxii.py", line 48, in <module>
    cli.set_auth(username = config["taxii"]["auth"]["username"],
KeyError: 'taxii'

see: config.travis.yaml

copy config from there.

Originally posted by @FloatingGhost in #4 (comment)

Error when using config.travis.yaml:

Traceback (most recent call last):
  File "../MISP-Taxii-Server/scripts/push_published_to_taxii.py", line 48, in <module>
    cli.set_auth(username = config["auth"]["username"],
KeyError: 'auth'

Can you amend the script "push_published_to_taxii.py"?

Hello ,
I'm trying to push Taxii messages to MISP , when running run-taxii-poll.py i'm getting the unauthorized error message
Server log is attached.
Poll.log shows the following :

INFO:main:Connecting to local server...
CRITICAL:main:Could not connect to local server
CRITICAL:main:UNAUTHORIZED:
server.log

I think the failing part is connection to Taxii but i can't find where to define the credentials

Any advise ?

Work environment

Expected behavior

Pushing the example STIX file (OpenTAXII/examples/stix/stuxnet.stix.xml) MISP via TAXII using "taxii-push <args>" converts the STIX and publishes the info as an event on the target MISP instance.

Actual behavior

When the example STIX is pushed with "taxii-push <args>", TAXII reports "Content block successfully pushed" (as expected), but the event does not appear on MISP. The log reports "Type not syncing <class 'cybox.objects.win_driver_object.WinDriver'>", four times, followed by a 200 response from the server.

Steps to reproduce the behavior

• Install & configure MISP 2.4.75 using guide
• Install & configure MISP-TAXII-Server using guide (also changed logging level to 'debug')
• Attempt to upload example stix with:
  # taxii-push --path http://localhost:9000/taxii/inbox -f ./MISP-Taxii-Server/OpenTAXII/examples/stix/stuxnet.stix.xml --dest <collection> --username <taxii_user> --password <taxii_password>

Logs, screenshots, configuration dump, ...

Console:
# taxii-push --path http://localhost:9000/taxii/inbox -f ./MISP-Taxii-Server/OpenTAXII/examples/stix/stuxnet.stix.xml --dest <collection> --username <taxii_user> --password <taxii_password>
2017-06-19 10:01:57,995 INFO: Sending Inbox_Message to http://localhost:9000/taxii/inbox
2017-06-19 10:01:58,103 INFO: Content block successfully pushed

Log:
'b3RheGlpOmNsWUJhaFpiWXVxS1pGcnR0c3V1' 36
2017-06-19T10:01:58.057743Z [opentaxii.taxii.services.inbox.InboxService] debug: Processing message {level=debug, service_id=inbox, message_version=urn:taxii.mitre.org:message:xml:1.1, timestamp=2017-06-19T10:01:58.057743Z, message_id=e6e06260-0b19-41d6-b359-ada1ac9588fb, logger=opentaxii.taxii.services.inbox.InboxService, event=Processing message, message_type=Inbox_Message}
2017-06-19T10:01:58.075250Z [opentaxii.persistence.sqldb.api] debug: Content block added to collections {content_block=11, level=debug, timestamp=2017-06-19T10:01:58.075250Z, collections=1, logger=opentaxii.persistence.sqldb.api, event=Content block added to collections}
Building Event...
STIX Import
Type not syncing <class 'cybox.objects.win_driver_object.WinDriver'>
Type not syncing <class 'cybox.objects.win_driver_object.WinDriver'>
Type not syncing <class 'cybox.objects.win_driver_object.WinDriver'>
Type not syncing <class 'cybox.objects.win_driver_object.WinDriver'>
127.0.0.1 - - [19/Jun/2017 10:01:58] "POST /taxii/inbox HTTP/1.1" 200 -

Hi,

I've been following your guide and everything was honkey dorey until I hit the portion to create tables for opentaxii. I hope you can help, or point me in the right direction :)

Summary

Specifically, this command fails:
opentaxii-create-services -c config/services.yaml
The following command also fails:
opentaxii-create-collections -c config/collections.yaml

The traceback ends similarly for both (same error - full traceback at bottom of post):

sqlalchemy.exc.OperationalError: (_mysql_exceptions.OperationalError) (1071, 'Specified key was too long; max key length is 767 bytes') [SQL: '\nCREATE TABLE accounts (\n\tid INTEGER NOT NULL AUTO_INCREMENT, \n\tusername VARCHAR(256), \n\tpassword_hash VARCHAR(256), \n\tPRIMARY KEY (id), \n\tUNIQUE (username)\n)\n\n']

I'm using MySQL Ver 15.1 in a MISP Docker container:

# mysql --version
mysql Ver 15.1 Distrib 10.0.29-MariaDB, for debian-linux-gnu (x86_64) using readline 5.2

Databases

Here's my databases as they exist at the moment:

MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| misp |
| mysql |
| performance_schema |
| taxiiauth |
| taxiipersist |
+--------------------+
6 rows in set (0.00 sec)

MariaDB [(none)]> show tables from taxiipersist;
+-----------------------------+
| Tables_in_taxiipersist |
+-----------------------------+
| collection_to_content_block |
| content_blocks |
| data_collections |
| inbox_messages |
| result_sets |
| service_to_collection |
| services |
| subscriptions |
+-----------------------------+
8 rows in set (0.00 sec)

MariaDB [(none)]> show tables from taxiiauth;
Empty set (0.00 sec)`

I'm no expert in MySQL, but after some digging around I thought this might be due to utf8mb4 encoding reducing the max key length, but both the taxii databases are in utf8 already:

MariaDB [(none)]> SELECT default_character_set_name FROM information_schema.SCHEMATA S WHERE schema_name = "taxiipersist";
+----------------------------+
| default_character_set_name |
+----------------------------+
| utf8 |
+----------------------------+
1 row in set (0.00 sec)
MariaDB [(none)]> SELECT default_character_set_name FROM information_schema.SCHEMATA S WHERE schema_name = "taxiiauth";
+----------------------------+
| default_character_set_name |
+----------------------------+
| utf8 |
+----------------------------+
1 row in set (0.00 sec)

The misp database is in utf8mb4, but I assume this is irrelevant to the opentaxii databases:

MariaDB [(none)]> SELECT default_character_set_name FROM information_schema.SCHEMATA S WHERE schema_name = "misp";
+----------------------------+
| default_character_set_name |
+----------------------------+
| utf8mb4 |
+----------------------------+
1 row in set (0.00 sec)

Here's the rest of the MySQL encoding options I could find:

MariaDB [(none)]> SHOW VARIABLES LIKE 'character_set%';
+--------------------------+----------------------------+
| Variable_name | Value |
+--------------------------+----------------------------+
| character_set_client | utf8mb4 |
| character_set_connection | utf8mb4 |
| character_set_database | utf8mb4 |
| character_set_filesystem | binary |
| character_set_results | utf8mb4 |
| character_set_server | utf8mb4 |
| character_set_system | utf8 |
| character_sets_dir | /usr/share/mysql/charsets/ |
+--------------------------+----------------------------+
8 rows in set (0.00 sec)

Tracebacks

opentaxii-create-services -c config/services.yaml

# opentaxii-create-services -c config/services.yaml
2017-03-28T10:31:31.164099Z [opentaxii.utils] info: api.initialized {event=api.initialized, timestamp=2017-03-28T10:31:31.164099Z, level=info, api=opentaxii.persistence.sqldb.SQLDatabaseAPI, logger=opentaxii.utils}
Traceback (most recent call last):
File "/usr/local/lib/python3.5/dist-packages/SQLAlchemy-1.1.7-py3.5-linux-x86_64.egg/sqlalchemy/engine/base.py", line 1182, in _execute_context
context)
File "/usr/local/lib/python3.5/dist-packages/SQLAlchemy-1.1.7-py3.5-linux-x86_64.egg/sqlalchemy/engine/default.py", line 470, in do_execute
cursor.execute(statement, parameters)
File "/usr/lib/python3/dist-packages/MySQLdb/cursors.py", line 226, in execute
self.errorhandler(self, exc, value)
File "/usr/lib/python3/dist-packages/MySQLdb/connections.py", line 36, in defaulterrorhandler
raise errorvalue
File "/usr/lib/python3/dist-packages/MySQLdb/cursors.py", line 217, in execute
res = self._query(query)
File "/usr/lib/python3/dist-packages/MySQLdb/cursors.py", line 378, in _query
rowcount = self._do_query(q)
File "/usr/lib/python3/dist-packages/MySQLdb/cursors.py", line 341, in _do_query
db.query(q)
File "/usr/lib/python3/dist-packages/MySQLdb/connections.py", line 280, in query
_mysql.connection.query(self, query)
_mysql_exceptions.OperationalError: (1071, 'Specified key was too long; max key length is 767 bytes')

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
File "/usr/local/bin/opentaxii-create-services", line 9, in
load_entry_point('opentaxii==0.1.8a1', 'console_scripts', 'opentaxii-create-services')()
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 542, in load_entry_point
return get_distribution(dist).load_entry_point(group, name)
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 2569, in load_entry_point
return ep.load()
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 2229, in load
return self.resolve()
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 2235, in resolve
module = import(self.module_name, fromlist=['name'], level=0)
File "/usr/local/lib/python3.5/dist-packages/opentaxii-0.1.8a1-py3.5.egg/opentaxii/cli/init.py", line 10, in
server = TAXIIServer(config)
File "/usr/local/lib/python3.5/dist-packages/opentaxii-0.1.8a1-py3.5.egg/opentaxii/server.py", line 40, in init
api=initialize_api(config['auth_api']))
File "/usr/local/lib/python3.5/dist-packages/opentaxii-0.1.8a1-py3.5.egg/opentaxii/utils.py", line 36, in initialize_api
instance = cls(**params)
File "/usr/local/lib/python3.5/dist-packages/opentaxii-0.1.8a1-py3.5.egg/opentaxii/auth/sqldb/api.py", line 41, in init
self.db.create_all_tables()
File "/usr/local/lib/python3.5/dist-packages/opentaxii-0.1.8a1-py3.5.egg/opentaxii/sqldb_helper.py", line 60, in create_all_tables
self.metadata.create_all(bind=self.engine)
File "/usr/local/lib/python3.5/dist-packages/SQLAlchemy-1.1.7-py3.5-linux-x86_64.egg/sqlalchemy/sql/schema.py", line 3885, in create_all
tables=tables)
File "/usr/local/lib/python3.5/dist-packages/SQLAlchemy-1.1.7-py3.5-linux-x86_64.egg/sqlalchemy/engine/base.py", line 1921, in _run_visitor
conn._run_visitor(visitorcallable, element, **kwargs)
File "/usr/local/lib/python3.5/dist-packages/SQLAlchemy-1.1.7-py3.5-linux-x86_64.egg/sqlalchemy/engine/base.py", line 1530, in _run_visitor
**kwargs).traverse_single(element)
File "/usr/local/lib/python3.5/dist-packages/SQLAlchemy-1.1.7-py3.5-linux-x86_64.egg/sqlalchemy/sql/visitors.py", line 121, in traverse_single
return meth(obj, **kw)
File "/usr/local/lib/python3.5/dist-packages/SQLAlchemy-1.1.7-py3.5-linux-x86_64.egg/sqlalchemy/sql/ddl.py", line 733, in visit_metadata
_is_metadata_operation=True)
File "/usr/local/lib/python3.5/dist-packages/SQLAlchemy-1.1.7-py3.5-linux-x86_64.egg/sqlalchemy/sql/visitors.py", line 121, in traverse_single
return meth(obj, **kw)
File "/usr/local/lib/python3.5/dist-packages/SQLAlchemy-1.1.7-py3.5-linux-x86_64.egg/sqlalchemy/sql/ddl.py", line 767, in visit_table
include_foreign_key_constraints=include_foreign_key_constraints
File "/usr/local/lib/python3.5/dist-packages/SQLAlchemy-1.1.7-py3.5-linux-x86_64.egg/sqlalchemy/engine/base.py", line 945, in execute
return meth(self, multiparams, params)
File "/usr/local/lib/python3.5/dist-packages/SQLAlchemy-1.1.7-py3.5-linux-x86_64.egg/sqlalchemy/sql/ddl.py", line 68, in _execute_on_connection
return connection._execute_ddl(self, multiparams, params)
File "/usr/local/lib/python3.5/dist-packages/SQLAlchemy-1.1.7-py3.5-linux-x86_64.egg/sqlalchemy/engine/base.py", line 1002, in _execute_ddl
compiled
File "/usr/local/lib/python3.5/dist-packages/SQLAlchemy-1.1.7-py3.5-linux-x86_64.egg/sqlalchemy/engine/base.py", line 1189, in _execute_context
context)
File "/usr/local/lib/python3.5/dist-packages/SQLAlchemy-1.1.7-py3.5-linux-x86_64.egg/sqlalchemy/engine/base.py", line 1394, in _handle_dbapi_exception
exc_info
File "/usr/local/lib/python3.5/dist-packages/SQLAlchemy-1.1.7-py3.5-linux-x86_64.egg/sqlalchemy/util/compat.py", line 203, in raise_from_cause
reraise(type(exception), exception, tb=exc_tb, cause=cause)
File "/usr/local/lib/python3.5/dist-packages/SQLAlchemy-1.1.7-py3.5-linux-x86_64.egg/sqlalchemy/util/compat.py", line 186, in reraise
raise value.with_traceback(tb)
File "/usr/local/lib/python3.5/dist-packages/SQLAlchemy-1.1.7-py3.5-linux-x86_64.egg/sqlalchemy/engine/base.py", line 1182, in _execute_context
context)
File "/usr/local/lib/python3.5/dist-packages/SQLAlchemy-1.1.7-py3.5-linux-x86_64.egg/sqlalchemy/engine/default.py", line 470, in do_execute
cursor.execute(statement, parameters)
File "/usr/lib/python3/dist-packages/MySQLdb/cursors.py", line 226, in execute
self.errorhandler(self, exc, value)
File "/usr/lib/python3/dist-packages/MySQLdb/connections.py", line 36, in defaulterrorhandler
raise errorvalue
File "/usr/lib/python3/dist-packages/MySQLdb/cursors.py", line 217, in execute
res = self._query(query)
File "/usr/lib/python3/dist-packages/MySQLdb/cursors.py", line 378, in _query
rowcount = self._do_query(q)
File "/usr/lib/python3/dist-packages/MySQLdb/cursors.py", line 341, in _do_query
db.query(q)
File "/usr/lib/python3/dist-packages/MySQLdb/connections.py", line 280, in query
_mysql.connection.query(self, query)
sqlalchemy.exc.OperationalError: (_mysql_exceptions.OperationalError) (1071, 'Specified key was too long; max key length is 767 bytes') [SQL: '\nCREATE TABLE accounts (\n\tid INTEGER NOT NULL AUTO_INCREMENT, \n\tusername VARCHAR(256), \n\tpassword_hash VARCHAR(256), \n\tPRIMARY KEY (id), \n\tUNIQUE (username)\n)\n\n']

# opentaxii-create-collections -c config/collections.yaml

2017-03-28T10:31:39.951289Z [opentaxii.utils] info: api.initialized {timestamp=2017-03-28T10:31:39.951289Z, api=opentaxii.persistence.sqldb.SQLDatabaseAPI, logger=opentaxii.utils, level=info, event=api.initialized}
Traceback (most recent call last):
File "/usr/local/lib/python3.5/dist-packages/SQLAlchemy-1.1.7-py3.5-linux-x86_64.egg/sqlalchemy/engine/base.py", line 1182, in _execute_context
context)
File "/usr/local/lib/python3.5/dist-packages/SQLAlchemy-1.1.7-py3.5-linux-x86_64.egg/sqlalchemy/engine/default.py", line 470, in do_execute
cursor.execute(statement, parameters)
File "/usr/lib/python3/dist-packages/MySQLdb/cursors.py", line 226, in execute
self.errorhandler(self, exc, value)
File "/usr/lib/python3/dist-packages/MySQLdb/connections.py", line 36, in defaulterrorhandler
raise errorvalue
File "/usr/lib/python3/dist-packages/MySQLdb/cursors.py", line 217, in execute
res = self._query(query)
File "/usr/lib/python3/dist-packages/MySQLdb/cursors.py", line 378, in _query
rowcount = self._do_query(q)
File "/usr/lib/python3/dist-packages/MySQLdb/cursors.py", line 341, in _do_query
db.query(q)
File "/usr/lib/python3/dist-packages/MySQLdb/connections.py", line 280, in query
_mysql.connection.query(self, query)
_mysql_exceptions.OperationalError: (1071, 'Specified key was too long; max key length is 767 bytes')

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
File "/usr/local/bin/opentaxii-create-collections", line 9, in
load_entry_point('opentaxii==0.1.8a1', 'console_scripts', 'opentaxii-create-collections')()
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 542, in load_entry_point
return get_distribution(dist).load_entry_point(group, name)
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 2569, in load_entry_point
return ep.load()
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 2229, in load
return self.resolve()
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 2235, in resolve
module = import(self.module_name, fromlist=['name'], level=0)
File "/usr/local/lib/python3.5/dist-packages/opentaxii-0.1.8a1-py3.5.egg/opentaxii/cli/init.py", line 10, in
server = TAXIIServer(config)
File "/usr/local/lib/python3.5/dist-packages/opentaxii-0.1.8a1-py3.5.egg/opentaxii/server.py", line 40, in init
api=initialize_api(config['auth_api']))
File "/usr/local/lib/python3.5/dist-packages/opentaxii-0.1.8a1-py3.5.egg/opentaxii/utils.py", line 36, in initialize_api
instance = cls(**params)
File "/usr/local/lib/python3.5/dist-packages/opentaxii-0.1.8a1-py3.5.egg/opentaxii/auth/sqldb/api.py", line 41, in init
self.db.create_all_tables()
File "/usr/local/lib/python3.5/dist-packages/opentaxii-0.1.8a1-py3.5.egg/opentaxii/sqldb_helper.py", line 60, in create_all_tables
self.metadata.create_all(bind=self.engine)
File "/usr/local/lib/python3.5/dist-packages/SQLAlchemy-1.1.7-py3.5-linux-x86_64.egg/sqlalchemy/sql/schema.py", line 3885, in create_all
tables=tables)
File "/usr/local/lib/python3.5/dist-packages/SQLAlchemy-1.1.7-py3.5-linux-x86_64.egg/sqlalchemy/engine/base.py", line 1921, in _run_visitor
conn._run_visitor(visitorcallable, element, **kwargs)
File "/usr/local/lib/python3.5/dist-packages/SQLAlchemy-1.1.7-py3.5-linux-x86_64.egg/sqlalchemy/engine/base.py", line 1530, in _run_visitor
**kwargs).traverse_single(element)
File "/usr/local/lib/python3.5/dist-packages/SQLAlchemy-1.1.7-py3.5-linux-x86_64.egg/sqlalchemy/sql/visitors.py", line 121, in traverse_single
return meth(obj, **kw)
File "/usr/local/lib/python3.5/dist-packages/SQLAlchemy-1.1.7-py3.5-linux-x86_64.egg/sqlalchemy/sql/ddl.py", line 733, in visit_metadata
_is_metadata_operation=True)
File "/usr/local/lib/python3.5/dist-packages/SQLAlchemy-1.1.7-py3.5-linux-x86_64.egg/sqlalchemy/sql/visitors.py", line 121, in traverse_single
return meth(obj, **kw)
File "/usr/local/lib/python3.5/dist-packages/SQLAlchemy-1.1.7-py3.5-linux-x86_64.egg/sqlalchemy/sql/ddl.py", line 767, in visit_table
include_foreign_key_constraints=include_foreign_key_constraints
File "/usr/local/lib/python3.5/dist-packages/SQLAlchemy-1.1.7-py3.5-linux-x86_64.egg/sqlalchemy/engine/base.py", line 945, in execute
return meth(self, multiparams, params)
File "/usr/local/lib/python3.5/dist-packages/SQLAlchemy-1.1.7-py3.5-linux-x86_64.egg/sqlalchemy/sql/ddl.py", line 68, in _execute_on_connection
return connection._execute_ddl(self, multiparams, params)
File "/usr/local/lib/python3.5/dist-packages/SQLAlchemy-1.1.7-py3.5-linux-x86_64.egg/sqlalchemy/engine/base.py", line 1002, in _execute_ddl
compiled
File "/usr/local/lib/python3.5/dist-packages/SQLAlchemy-1.1.7-py3.5-linux-x86_64.egg/sqlalchemy/engine/base.py", line 1189, in _execute_context
context)
File "/usr/local/lib/python3.5/dist-packages/SQLAlchemy-1.1.7-py3.5-linux-x86_64.egg/sqlalchemy/engine/base.py", line 1394, in _handle_dbapi_exception
exc_info
File "/usr/local/lib/python3.5/dist-packages/SQLAlchemy-1.1.7-py3.5-linux-x86_64.egg/sqlalchemy/util/compat.py", line 203, in raise_from_cause
reraise(type(exception), exception, tb=exc_tb, cause=cause)
File "/usr/local/lib/python3.5/dist-packages/SQLAlchemy-1.1.7-py3.5-linux-x86_64.egg/sqlalchemy/util/compat.py", line 186, in reraise
raise value.with_traceback(tb)
File "/usr/local/lib/python3.5/dist-packages/SQLAlchemy-1.1.7-py3.5-linux-x86_64.egg/sqlalchemy/engine/base.py", line 1182, in _execute_context
context)
File "/usr/local/lib/python3.5/dist-packages/SQLAlchemy-1.1.7-py3.5-linux-x86_64.egg/sqlalchemy/engine/default.py", line 470, in do_execute
cursor.execute(statement, parameters)
File "/usr/lib/python3/dist-packages/MySQLdb/cursors.py", line 226, in execute
self.errorhandler(self, exc, value)
File "/usr/lib/python3/dist-packages/MySQLdb/connections.py", line 36, in defaulterrorhandler
raise errorvalue
File "/usr/lib/python3/dist-packages/MySQLdb/cursors.py", line 217, in execute
res = self._query(query)
File "/usr/lib/python3/dist-packages/MySQLdb/cursors.py", line 378, in _query
rowcount = self._do_query(q)
File "/usr/lib/python3/dist-packages/MySQLdb/cursors.py", line 341, in _do_query
db.query(q)
File "/usr/lib/python3/dist-packages/MySQLdb/connections.py", line 280, in query
_mysql.connection.query(self, query)
sqlalchemy.exc.OperationalError: (_mysql_exceptions.OperationalError) (1071, 'Specified key was too long; max key length is 767 bytes') [SQL: '\nCREATE TABLE accounts (\n\tid INTEGER NOT NULL AUTO_INCREMENT, \n\tusername VARCHAR(256), \n\tpassword_hash VARCHAR(256), \n\tPRIMARY KEY (id), \n\tUNIQUE (username)\n)\n\n']

I'm having a tough time getting opentaxii services/collections created. Should i post here or in opentaxii's github?

I've followed the MISP instructions and have it running with Ubuntu 16.04

When I run opentaxii-create-services -c config/services.yaml, I get a huge list of errors. I've tried changing multiple items in MySQL, but am not getting anywhere.

I have db_connection parameters and auth_api -> parameters -> secret configured properly. Along with the MISP server's URL and API key at the bottom. Can you help?

error.txt

Hi,

After installation, the SQL DB's that have been created by myself and with the appropriate permissions added to the DB, no tables are created. I have made sure that the services and collections have been successfully created (no errors) and all setup files run, but still no tables.

MariaDB [taxiiauth]> show tables;
Empty set (0.00 sec)

MariaDB [taxiipersist]> show tables;
Empty set (0.00 sec)

Any ideas?

Hi,
My goal is to connect the MISP to the local Taxii_Server and then after that feed a SIEM to correlate with network traffic.

I configure everything like the tutorial and Taxii server is running. However, I would like to bind address on all interfaces like 0.0.0.0:9000 instead of only localhost:9000.

I put that config in config.yaml and it seems that opentaxii-run-dev discard that info.

Thank you in advance.

Best Regards
Tiago Santos

opentaxii-run-dev
(..) SIP (...)
Using config from /var/www/MISP/MISP-Taxii-Server/config/config.yaml
Starting new HTTPS connection (1): misp**.******.pt
Starting new HTTPS connection (1): misp**.*******.pt
2018-03-01T10:48:05.078051Z [opentaxii.server] info: signal_hooks.imported {logger=opentaxii.server, level=info, event=signal_hooks.imported, hooks=misp_taxii_hooks.hooks, timestamp=2018-03-01T10:48:05.078051Z}
2018-03-01T10:48:05.078376Z [opentaxii.server] info: opentaxii.server_configured {logger=opentaxii.server, level=info, timestamp=2018-03-01T10:48:05.078376Z, event=opentaxii.server_configured}
 *** **Running on http://127.0.0.1:9000/ (Press CTRL+C to quit)****
 * Restarting with stat
(..) SIP (...)
 * Debugger is active!
 * Debugger PIN: 314-595-638

cat  /var/www/MISP/MISP-Taxii-Server/config/config.yaml

domain: "0.0.0.0:9000"
support_basic_auth: yes
(...) SIP (...)

Using MISP with a self signed certificate leads to crash of the Taxii-Server

I followed the installation doc but i get this error when i try to create the services

# opentaxii-create-services -c config/services.yaml
2019-01-16T14:38:02.474182Z [opentaxii.utils] info: api.initialized {logger=opentaxii.utils, level=info, api=opentaxii.persistence.sqldb.SQLDatabaseAPI, event=api.initialized, timestamp=2019-01-16T14:38:02.474182Z}
2019-01-16T14:38:02.525408Z [opentaxii.utils] info: api.initialized {logger=opentaxii.utils, level=info, api=opentaxii.auth.sqldb.SQLDatabaseAPI, event=api.initialized, timestamp=2019-01-16T14:38:02.525408Z}
Using config from /var/www/Taxii-Server/config/config.yaml
Traceback (most recent call last):
  File "/var/www/Taxii-Server/venv/lib/python3.5/site-packages/urllib3/connectionpool.py", line 594, in urlopen
    self._prepare_proxy(conn)
  File "/var/www/Taxii-Server/venv/lib/python3.5/site-packages/urllib3/connectionpool.py", line 805, in _prepare_proxy
    conn.connect()
  File "/var/www/Taxii-Server/venv/lib/python3.5/site-packages/urllib3/connection.py", line 344, in connect
    ssl_context=context)
  File "/var/www/Taxii-Server/venv/lib/python3.5/site-packages/urllib3/util/ssl_.py", line 344, in ssl_wrap_socket
    return context.wrap_socket(sock, server_hostname=server_hostname)
  File "/usr/lib/python3.5/ssl.py", line 385, in wrap_socket
    _context=self)
  File "/usr/lib/python3.5/ssl.py", line 760, in __init__
    self.do_handshake()
  File "/usr/lib/python3.5/ssl.py", line 996, in do_handshake
    self._sslobj.do_handshake()
  File "/usr/lib/python3.5/ssl.py", line 641, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:720)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/var/www/Taxii-Server/venv/lib/python3.5/site-packages/requests/adapters.py", line 449, in send
    timeout=timeout
  File "/var/www/Taxii-Server/venv/lib/python3.5/site-packages/urllib3/connectionpool.py", line 638, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/var/www/Taxii-Server/venv/lib/python3.5/site-packages/urllib3/util/retry.py", line 398, in increment
    raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='misp.test.local', port=443): Max retries exceeded with url: /servers/getPyMISPVersion.json (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:720)'),))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/var/www/Taxii-Server/venv/lib/python3.5/site-packages/pymisp/api.py", line 112, in __init__
    response = self.get_recommended_api_version()
  File "/var/www/Taxii-Server/venv/lib/python3.5/site-packages/pymisp/api.py", line 1099, in get_recommended_api_version
    response = session.get(url)
  File "/var/www/Taxii-Server/venv/lib/python3.5/site-packages/requests/sessions.py", line 546, in get
    return self.request('GET', url, **kwargs)
  File "/var/www/Taxii-Server/venv/lib/python3.5/site-packages/requests/sessions.py", line 533, in request
    resp = self.send(prep, **send_kwargs)
  File "/var/www/Taxii-Server/venv/lib/python3.5/site-packages/requests/sessions.py", line 668, in send
    history = [resp for resp in gen] if allow_redirects else []
  File "/var/www/Taxii-Server/venv/lib/python3.5/site-packages/requests/sessions.py", line 668, in <listcomp>
    history = [resp for resp in gen] if allow_redirects else []
  File "/var/www/Taxii-Server/venv/lib/python3.5/site-packages/requests/sessions.py", line 247, in resolve_redirects
    **adapter_kwargs
  File "/var/www/Taxii-Server/venv/lib/python3.5/site-packages/requests/sessions.py", line 646, in send
    r = adapter.send(request, **kwargs)
  File "/var/www/Taxii-Server/venv/lib/python3.5/site-packages/requests/adapters.py", line 514, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='misp.test.local', port=443): Max retries exceeded with url: /servers/getPyMISPVersion.json (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:720)'),))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/var/www/Taxii-Server/venv/bin/opentaxii-create-services", line 11, in <module>
    load_entry_point('opentaxii==0.1.10a1', 'console_scripts', 'opentaxii-create-services')()
  File "/var/www/Taxii-Server/venv/lib/python3.5/site-packages/pkg_resources/__init__.py", line 561, in load_entry_point
    return get_distribution(dist).load_entry_point(group, name)
  File "/var/www/Taxii-Server/venv/lib/python3.5/site-packages/pkg_resources/__init__.py", line 2631, in load_entry_point
    return ep.load()
  File "/var/www/Taxii-Server/venv/lib/python3.5/site-packages/pkg_resources/__init__.py", line 2291, in load
    return self.resolve()
  File "/var/www/Taxii-Server/venv/lib/python3.5/site-packages/pkg_resources/__init__.py", line 2297, in resolve
    module = __import__(self.module_name, fromlist=['__name__'], level=0)
  File "/var/www/Taxii-Server/venv/lib/python3.5/site-packages/opentaxii-0.1.10a1-py3.5.egg/opentaxii/cli/__init__.py", line 10, in <module>
    server = TAXIIServer(config)
  File "/var/www/Taxii-Server/venv/lib/python3.5/site-packages/opentaxii-0.1.10a1-py3.5.egg/opentaxii/server.py", line 45, in __init__
    importlib.import_module(signal_hooks)
  File "/var/www/Taxii-Server/venv/lib/python3.5/importlib/__init__.py", line 126, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
  File "/var/www/Taxii-Server/misp_taxii_hooks/hooks.py", line 47, in <module>
    ssl = CONFIG["misp"].get("verifySSL", True)
  File "/var/www/Taxii-Server/venv/lib/python3.5/site-packages/pymisp/api.py", line 126, in __init__
    raise PyMISPError('Unable to connect to MISP ({}). Please make sure the API key and the URL are correct (http/https is required): {}'.format(self.root_url, e))
pymisp.exceptions.PyMISPError: Unable to connect to MISP (http://misp.test.local). Please make sure the API key and the URL are correct (http/https is required): HTTPSConnectionPool(host='misp.test.local', port=443): Max retries exceeded with url: /servers/getPyMISPVersion.json (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:720)'),))

Hi all,

when i try to pushing my events from MISP to Taxii with the script "push_published_to_taxii.py" i receive this message:

root@misp:/MISP-Taxii-Server/scripts# push_published_to_taxii.py
INFO [push_published_to_taxii.py:20 - () ] Starting...
INFO [push_published_to_taxii.py:35 - () ] Subscribing to tcp://localhost:50000
INFO [push_published_to_taxii.py:57 - () ] Recieved a message!
INFO [push_published_to_taxii.py:61 - () ] Ignoring misp_json_self...
INFO [push_published_to_taxii.py:57 - () ] Recieved a message!
INFO [push_published_to_taxii.py:61 - () ] Ignoring misp_json_self...
INFO [push_published_to_taxii.py:57 - () ] Recieved a message!
INFO [push_published_to_taxii.py:61 - () ] Ignoring misp_json_self...
INFO [push_published_to_taxii.py:57 - () ] Recieved a message!
INFO [push_published_to_taxii.py:61 - () ] Ignoring misp_json_self...
INFO [push_published_to_taxii.py:57 - () ] Recieved a message!
INFO [push_published_to_taxii.py:61 - () ] Ignoring misp_json_self...
INFO [push_published_to_taxii.py:57 - () ] Recieved a message!
INFO [push_published_to_taxii.py:61 - () ] Ignoring misp_json_self...
INFO [push_published_to_taxii.py:57 - () ] Recieved a message!
INFO [push_published_to_taxii.py:61 - () ] Ignoring misp_json_self...
INFO [push_published_to_taxii.py:57 - () ] Recieved a message!
INFO [push_published_to_taxii.py:61 - () ] Ignoring misp_json_self...
INFO [push_published_to_taxii.py:57 - () ] Recieved a message!
INFO [push_published_to_taxii.py:61 - () ] Ignoring misp_json_self...
INFO [push_published_to_taxii.py:57 - () ] Recieved a message!
INFO [push_published_to_taxii.py:61 - () ] Ignoring misp_json_self...
INFO [push_published_to_taxii.py:57 - () ] Recieved a message!
INFO [push_published_to_taxii.py:61 - () ] Ignoring misp_json_self...
INFO [push_published_to_taxii.py:57 - () ] Recieved a message!
INFO [push_published_to_taxii.py:61 - () ] Ignoring misp_json_self...
INFO [push_published_to_taxii.py:57 - () ] Recieved a message!
INFO [push_published_to_taxii.py:61 - () ] Ignoring misp_json_self...
INFO [push_published_to_taxii.py:57 - () ] Recieved a message!
INFO [push_published_to_taxii.py:61 - () ] Ignoring misp_json_self...
INFO [push_published_to_taxii.py:57 - () ] Recieved a message!
INFO [push_published_to_taxii.py:61 - () ] Ignoring misp_json_self...

This message continue until I stop the script...

Any suggestion is welcome!
Thank you

Hello
i need that my opentaxii server will work with https and not http .
i can not find any details information how to do it.
can someone explain me how to do it.
i am using gunicorn.
example for the poll command:
taxii-poll --host localhost --port 9000 --path /services/poll --collection collection --username xxxx --password xxxx
result:
INFO: Sending Poll_Fulfillment to http://xx.xx.xx.xx:9000/services/poll

thank you
dp

Hi,

Can someone help me with an issue I am having with populating MISP events with attributes please?

I successfully installed the repo and managed to pull stix files. However, when pushing them out to my MISP instance, some events have no attributes assigned.

I suspected this might be related to this issue but my hooks.py already takes events with >0 attributes into consideration.

Interestingly, some STIX files populate just fine like this one
<cybox:Observable id="example:observable-b57aa65f-9598-04fb-a9d1-5094c36d5dc4"> <cybox:Object id="example:object-f4fac80a-1239-47cc-b0e6-771b1a73f817"> <cybox:Properties xsi:type="AddressObject:AddressObjectType" category="ipv4-addr"> <AddressObject:Address_Value>198.51.100.17</AddressObject:Address_Value> </cybox:Properties> </cybox:Object>

While others don't like this one
<stix:Observables cybox_major_version="2" cybox_minor_version="1" cybox_update_version="0"> <cybox:Observable id="fsisac:Observable-711fd835-067f-4d7f-9f5b-d16ad5a7034f"> <cybox:Title>Address: [email protected]</cybox:Title> <cybox:Description>Malicious Email Address</cybox:Description> <cybox:Object id="fsisac:Address-7e43d07c-952d-42b0-83ca-31cf1715e3f0"> <cybox:Properties xsi:type="AddressObj:AddressObjectType" category="e-mail"> <AddressObj:Address_Value condition="Equals">[email protected]</AddressObj:Address_Value> </cybox:Properties> </cybox:Object> </cybox:Observable> </stix:Observables>

The second states an "AddressObj:Address_Value condition="Equals" for each attribute - would that cause any issues?

Output of the debugger mode of gunicorn:
Posting STIX... /usr/local/lib/python2.7/dist-packages/stix/utils/deprecated.py:48: UserWarning: The use of this field has been deprecated. Received 'datetime' object. warnings.warn(msg) Building Event... Using title STIX Import STIX loaded succesfully. Extracted ['[email protected]'] Checking for existence of [email protected] /usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py:858: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings InsecureRequestWarning) [email protected] is unique, we'll keep it Uploading event to MISP with attributes ['[email protected]'] /usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py:858: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings InsecureRequestWarning)

I re-pulled the repo but it says it's already up-to-date. Sorry if I missed any log information, please let me know. Is there anything that can be done to fix this?

services.yaml.txt
config.yaml.txt
hooks.py.txt

Hi There,

Kinda new at this. When testing if my taxii server can push, it responds with:

2017-10-17 15:10:40,869 INFO: Sending Inbox_Message to http://localhost:9000/services/inbox
2017-10-17 15:10:40,998 ERROR: HTTP Error: status code 504

Command (also tried with user/pass)
"taxii-push --path http://localhost:9000/services/inbox -f sample.xml"

Please help on getting by this error. Thanks

Disclaimer: I am no expert, but this is an issue I had and fixed it with the change below.

The duplication check was always saying the value was a duplicate and will be ignored.
I found the logic in the misp_taxii_hook/hooks.py not evaluating correctly.
Starting at line 66:
for attrib in values:
log.info("Checking for existence of %s", attrib)
search = MISP.search("attributes", values=str(attrib))
if search["response"] != []:
# This means we have it!
log.info("%s is a duplicate, we'll ignore it.", attrib)
package.attributes.pop([x.value for x in package.attributes].index(attrib))
else:
log.info("%s is unique, we'll keep it", attrib)

When I looked at the json response it is always "not empty" because the object attribute is in the response object. Example for empty responses: {'response': {'Attribute': []}}

I fixed this by adding evaluating the attribute object as well.
for attrib in values:
log.info("Checking for existence of %s", attrib)
search = MISP.search("attributes", values=str(attrib))
if search["response"]["Attribute"]:
# This means we have it!
log.info("%s is a duplicate, we'll ignore it.", attrib)
package.attributes.pop([x.value for x in package.attributes].index(attrib))
else:
log.info("%s is unique, we'll keep it", attrib)

So far the issue of it saying everything is duplicate is gone and if there is a duplication, it appropriately does not add it.

Please review and see if this is the proper way to fix the hooks script.

Hi,

I read on the documentation that you are implementing duplicate data detection and I just wanted to know how long it takes to do this and eventually I can help with this.

Thanks

Getting this annoying generic error message, just can't put my finger on it if it has to do with hooks.py or something else. Here are the details, hope I haven't missed anything. Appreciate your help!

Config file:
config.txt

Command run:
taxii-push --path http://localhost:9000/services/inbox -f sample.xml -v
\ --dest collection --username xxxxx --password xxxxx

Output:
...
2018-01-04 15:20:16,560 urllib3.connectionpool DEBUG: Starting new HTTP connection (1): localhost
2018-01-04 15:20:16,669 urllib3.connectionpool DEBUG: http://localhost:9000 "POST /services/inbox HTTP/1.1" 200 457
2018-01-04 15:20:16,670 cabby.dispatcher DEBUG: Response:
<taxii_11:Status_Message xmlns:taxii="http://taxii.mitre.org/messages/taxii_xml_binding-1" xmlns:taxii_11="http://taxii.mitre.org/messages/taxii_xml_binding-1.1" xmlns:tdq="http://taxii.mitre.org/query/taxii_default_query-1" message_id="5995687554560328764" in_response_to="70e3d7d8-6098-4b3b-9a38-b61c4912a94d" status_type="FAILURE">
<taxii_11:Message>There was a failure while executing the message handler</taxii_11:Message>
</taxii_11:Status_Message>

2018-01-04 15:20:16,671 cabby.cli.commons ERROR: FAILURE: There was a failure while executing the message handler
Traceback (most recent call last):
File "/usr/local/lib/python3.4/dist-packages/cabby-0.1.18-py3.4.egg/cabby/cli/commons.py", line 171, in run_client
run_func(client, args.uri, args)
File "/usr/local/lib/python3.4/dist-packages/cabby-0.1.18-py3.4.egg/cabby/cli/push.py", line 51, in _runner
client.push(content, binding, collection_names=args.collections, uri=path)
File "/usr/local/lib/python3.4/dist-packages/cabby-0.1.18-py3.4.egg/cabby/client11.py", line 332, in push
service_type=const.SVC_INBOX)
File "/usr/local/lib/python3.4/dist-packages/cabby-0.1.18-py3.4.egg/cabby/abstract.py", line 205, in _execute_request
timeout=self.timeout)
File "/usr/local/lib/python3.4/dist-packages/cabby-0.1.18-py3.4.egg/cabby/dispatcher.py", line 91, in send_taxii_request
raise UnsuccessfulStatusError(obj)
cabby.exceptions.UnsuccessfulStatusError: FAILURE: There was a failure while executing the message handler

At finishing stages of installing MISP-TAXII-Server, error message appears stating not supported cybox version for MISP with reequired for MISP-TAXII:

Installed /usr/local/lib/python2.7/dist-packages/misp_taxii_hooks-0.2-py2.7.egg
Processing dependencies for misp-taxii-hooks==0.2
error: cybox 2.1.0.12 is installed but cybox<2.1.1.0,>=2.1.0.13.dev1 is required by set(['stix'])

Is this specific to python2.7 only or python3 too?
Can Cybox be upgraded without impacting MISP as a required version to run?

I had no problems following the instructions until I tried the 'opentaxii-create-services -c services.yaml' command. You will probably chastise me for using python 2.7, but that's how my environment was initially set up when I installed MISP. I looked at the other closed topic on this issue and updated mariadb accordingly to the latest version (10.1.22). Unfortunately, the problem persists:

$ opentaxii-create-services -c services.yaml

/usr/local/lib/python2.7/dist-packages/SQLAlchemy-1.1.9-py2.7-linux-x86_64.egg/sqlalchemy/engine/default.py:470: Warning: Specified key was too long; max key length is 767 bytes
2017-04-04T20:49:53.864728Z [opentaxii.utils] info: api.initialized {timestamp=2017-04-04T20:49:53.864728Z, logger=opentaxii.utils, api=opentaxii.persistence.sqldb.SQLDatabaseAPI, event=api.initialized, level=info}
Traceback (most recent call last):
File "/usr/local/bin/opentaxii-create-services", line 9, in
load_entry_point('opentaxii==0.1.9a1', 'console_scripts', 'opentaxii-create-services')()
File "/usr/lib/python2.7/dist-packages/pkg_resources/init.py", line 542, in load_entry_point
return get_distribution(dist).load_entry_point(group, name)
File "/usr/lib/python2.7/dist-packages/pkg_resources/init.py", line 2569, in load_entry_point
return ep.load()
File "/usr/lib/python2.7/dist-packages/pkg_resources/init.py", line 2229, in load
return self.resolve()
File "/usr/lib/python2.7/dist-packages/pkg_resources/init.py", line 2235, in resolve
module = import(self.module_name, fromlist=['name'], level=0)
File "/usr/local/lib/python2.7/dist-packages/opentaxii-0.1.9a1-py2.7.egg/opentaxii/cli/init.py", line 10, in
server = TAXIIServer(config)
File "/usr/local/lib/python2.7/dist-packages/opentaxii-0.1.9a1-py2.7.egg/opentaxii/server.py", line 41, in init
api=initialize_api(config['auth_api']))
File "/usr/local/lib/python2.7/dist-packages/opentaxii-0.1.9a1-py2.7.egg/opentaxii/utils.py", line 36, in initialize_api
instance = cls(**params)
File "/usr/local/lib/python2.7/dist-packages/opentaxii-0.1.9a1-py2.7.egg/opentaxii/auth/sqldb/api.py", line 41, in init
self.db.create_all_tables()
File "/usr/local/lib/python2.7/dist-packages/opentaxii-0.1.9a1-py2.7.egg/opentaxii/sqldb_helper.py", line 60, in create_all_tables
self.metadata.create_all(bind=self.engine)
File "build/bdist.linux-x86_64/egg/sqlalchemy/sql/schema.py", line 3885, in create_all
File "build/bdist.linux-x86_64/egg/sqlalchemy/engine/base.py", line 1929, in _run_visitor
File "build/bdist.linux-x86_64/egg/sqlalchemy/engine/base.py", line 1538, in _run_visitor
File "build/bdist.linux-x86_64/egg/sqlalchemy/sql/visitors.py", line 121, in traverse_single
File "build/bdist.linux-x86_64/egg/sqlalchemy/sql/ddl.py", line 733, in visit_metadata
File "build/bdist.linux-x86_64/egg/sqlalchemy/sql/visitors.py", line 121, in traverse_single
File "build/bdist.linux-x86_64/egg/sqlalchemy/sql/ddl.py", line 767, in visit_table
File "build/bdist.linux-x86_64/egg/sqlalchemy/engine/base.py", line 945, in execute
File "build/bdist.linux-x86_64/egg/sqlalchemy/sql/ddl.py", line 68, in _execute_on_connection
File "build/bdist.linux-x86_64/egg/sqlalchemy/engine/base.py", line 1002, in _execute_ddl
File "build/bdist.linux-x86_64/egg/sqlalchemy/engine/base.py", line 1189, in _execute_context
File "build/bdist.linux-x86_64/egg/sqlalchemy/engine/base.py", line 1402, in _handle_dbapi_exception
File "build/bdist.linux-x86_64/egg/sqlalchemy/util/compat.py", line 203, in raise_from_cause
File "build/bdist.linux-x86_64/egg/sqlalchemy/engine/base.py", line 1182, in _execute_context
File "build/bdist.linux-x86_64/egg/sqlalchemy/engine/default.py", line 470, in do_execute
File "/usr/lib/python2.7/dist-packages/MySQLdb/cursors.py", line 226, in execute
self.errorhandler(self, exc, value)
File "/usr/lib/python2.7/dist-packages/MySQLdb/connections.py", line 36, in defaulterrorhandler
raise errorvalue
sqlalchemy.exc.OperationalError: (_mysql_exceptions.OperationalError) (1071, 'Specified key was too long; max key length is 767 bytes') [SQL: u'\nCREATE TABLE accounts (\n\tid INTEGER NOT NULL AUTO_INCREMENT, \n\tusername VARCHAR(256), \n\tpassword_hash VARCHAR(256), \n\tPRIMARY KEY (id), \n\tUNIQUE (username)\n)\n\n']

The output of my services.yaml file is as follows:

$ cat config.yaml

domain: "localhost:9000"
support_basic_auth: yes

persistence_api:
class: opentaxii.persistence.sqldb.SQLDatabaseAPI
parameters:
db_connection: mysql://taxii:[PASSWORD]@localhost/taxiipersist
create_tables: yes

auth_api:
class: opentaxii.auth.sqldb.SQLDatabaseAPI
parameters:
db_connection: mysql://taxii:[PASSWORD]@localhost/taxiiauth
create_tables: yes
secret: [Random secret string]

logging:
opentaxii: info
root: info

hooks: misp_taxii_hooks.hooks

zmq:
host: localhost
port: 50000

misp:
url: "https://[FQDN of local MISP instance]"
api: [API key]

I'm coming across a "[Errno 110] Connection timed out" error when running the following command against a remote server:

/var/git/MISP-Taxii-Server/scripts$ sudo python3 run-taxii-poll.py

I verified that I am able to successfully connect to the remote server and retrieve data using the following command:

/var/git/MISP-Taxii-Server/scripts$ sudo taxii-poll --path https://MY.REMOTE.SERVER/taxii-discovery-service --cert /etc/ssl/private/MYCERT.crt --username MYUSERNAME --password MYPASSWORD--key /etc/ssl/private/MYSECURITYKEY.key --key-password MYKEYPASSWORD --verify no -c system.Default

The 'taxi-push' test command also worked. I was able to see the sample STIX event appear my MISP instance's event list.

After spending a few days (hopelessly) tinkering, I cannot get past the timeout error. I tried adding date-time values in run-taxii-poll.py to create a shortened poll request (didn't work) and a few other things I am too embarrassed to mention (invoking the dark arts, anyone?). Please let me know if there is a fix.

Here is the complete traceback:

/var/git/MISP-Taxii-Server/scripts$ sudo python3 run-taxii-poll.py 
'cm9vdDpyb290' 12
127.0.0.1 - - [20/Jun/2017 13:42:51] "POST /services/discovery HTTP/1.1" 200 -
Traceback (most recent call last):
  File "/usr/lib/python3.5/urllib/request.py", line 1254, in do_open
    h.request(req.get_method(), req.selector, req.data, headers)
  File "/usr/lib/python3.5/http/client.py", line 1106, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python3.5/http/client.py", line 1151, in _send_request
    self.endheaders(body)
  File "/usr/lib/python3.5/http/client.py", line 1102, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python3.5/http/client.py", line 934, in _send_output
    self.send(msg)
  File "/usr/lib/python3.5/http/client.py", line 877, in send
    self.connect()
  File "/usr/lib/python3.5/http/client.py", line 1252, in connect
    super().connect()
  File "/usr/lib/python3.5/http/client.py", line 849, in connect
    (self.host,self.port), self.timeout, self.source_address)
  File "/usr/lib/python3.5/socket.py", line 711, in create_connection
    raise err
  File "/usr/lib/python3.5/socket.py", line 702, in create_connection
    sock.connect(sa)
TimeoutError: [Errno 110] Connection timed out

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "run-taxii-poll.py", line 86, in <module>
    for content_block in cli.poll(collection):
  File "/usr/local/lib/python3.5/dist-packages/cabby-0.1.17-py3.5.egg/cabby/client11.py", line 485, in poll
  File "/usr/local/lib/python3.5/dist-packages/cabby-0.1.17-py3.5.egg/cabby/abstract.py", line 167, in _execute_request
  File "/usr/local/lib/python3.5/dist-packages/cabby-0.1.17-py3.5.egg/cabby/abstract.py", line 210, in _get_service
  File "/usr/local/lib/python3.5/dist-packages/cabby-0.1.17-py3.5.egg/cabby/abstract.py", line 259, in get_services
  File "/usr/local/lib/python3.5/dist-packages/cabby-0.1.17-py3.5.egg/cabby/abstract.py", line 304, in discover_services
  File "/usr/local/lib/python3.5/dist-packages/cabby-0.1.17-py3.5.egg/cabby/client11.py", line 27, in _discovery_request
  File "/usr/local/lib/python3.5/dist-packages/cabby-0.1.17-py3.5.egg/cabby/abstract.py", line 195, in _execute_request
  File "/usr/local/lib/python3.5/dist-packages/cabby-0.1.17-py3.5.egg/cabby/dispatcher.py", line 58, in send_taxii_request
  File "/usr/local/lib/python3.5/dist-packages/cabby-0.1.17-py3.5.egg/cabby/dispatcher.py", line 408, in get_response_using_key_pass
  File "/usr/lib/python3.5/urllib/request.py", line 466, in open
    response = self._open(req, data)
  File "/usr/lib/python3.5/urllib/request.py", line 484, in _open
    '_open', req)
  File "/usr/lib/python3.5/urllib/request.py", line 444, in _call_chain
    result = func(*args)
  File "/usr/lib/python3.5/urllib/request.py", line 1297, in https_open
    context=self._context, check_hostname=self._check_hostname)
  File "/usr/lib/python3.5/urllib/request.py", line 1256, in do_open
    raise URLError(err)
urllib.error.URLError: <urlopen error [Errno 110] Connection timed out>

Tested on two separated engine.
I used the MISP VM available at the latest version.

{"timestamp": "2017-07-27T10:53:00.496235Z", "exception": "Traceback (most recent call last):
  File \"/usr/local/lib/python3.5/dist-packages/opentaxii-0.1.10a1-py3.5.egg/opentaxii/taxii/services/abstract.py\", line 83, in process
    response_message = handler.handle_message(self, message)
  File \"/usr/local/lib/python3.5/dist-packages/opentaxii-0.1.10a1-py3.5.egg/opentaxii/taxii/services/handlers/inbox_message_handlers.py\", line 126, in handle_message
    return InboxMessage11Handler.handle_message(service, request)
  File \"/usr/local/lib/python3.5/dist-packages/opentaxii-0.1.10a1-py3.5.egg/opentaxii/taxii/services/handlers/inbox_message_handlers.py\", line 29, in handle_message
    request, service_id=service.id, version=11))
  File \"/usr/local/lib/python3.5/dist-packages/opentaxii-0.1.10a1-py3.5.egg/opentaxii/persistence/manager.py\", line 131, in create_inbox_message
    INBOX_MESSAGE_CREATED.send(self, inbox_message=entity)
  File \"/usr/local/lib/python3.5/dist-packages/blinker-1.4-py3.5.egg/blinker/base.py\", line 267, in send
    for receiver in self.receivers_for(sender)]
  File \"/usr/local/lib/python3.5/dist-packages/blinker-1.4-py3.5.egg/blinker/base.py\", line 267, in <listcomp>
    for receiver in self.receivers_for(sender)]
  File \"/usr/local/lib/python3.5/dist-packages/misp_taxii_hooks-0.2-py3.5.egg/misp_taxii_hooks/hooks.py\", line 63, in post_stix
    package = pymisp.tools.stix.load_stix(content_block.content)
NameError: name 'content_block' is not defined

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File \"/usr/local/lib/python3.5/dist-packages/Flask-0.12.2-py3.5.egg/flask/app.py\", line 1612, in full_dispatch_request
    rv = self.dispatch_request()
  File \"/usr/local/lib/python3.5/dist-packages/Flask-0.12.2-py3.5.egg/flask/app.py\", line 1598, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File \"/usr/local/lib/python3.5/dist-packages/opentaxii-0.1.10a1-py3.5.egg/opentaxii/middleware.py\", line 76, in wrapper
    return _process_with_service(service)
  File \"/usr/local/lib/python3.5/dist-packages/opentaxii-0.1.10a1-py3.5.egg/opentaxii/middleware.py\", line 154, in _process_with_service
    response_message = service.process(request.headers, taxii_message)
  File \"/usr/local/lib/python3.5/dist-packages/opentaxii-0.1.10a1-py3.5.egg/opentaxii/taxii/services/abstract.py\", line 89, in process
    in_response_to=message.message_id)
  File \"/usr/local/lib/python3.5/dist-packages/opentaxii-0.1.10a1-py3.5.egg/opentaxii/taxii/exceptions.py\", line 48, in raise_failure
    tb=tb)
  File \"/usr/local/lib/python3.5/dist-packages/six.py\", line 685, in reraise
    raise value.with_traceback(tb)
  File \"/usr/local/lib/python3.5/dist-packages/opentaxii-0.1.10a1-py3.5.egg/opentaxii/taxii/services/abstract.py\", line 83, in process
    response_message = handler.handle_message(self, message)
  File \"/usr/local/lib/python3.5/dist-packages/opentaxii-0.1.10a1-py3.5.egg/opentaxii/taxii/services/handlers/inbox_message_handlers.py\", line 126, in handle_message
    return InboxMessage11Handler.handle_message(service, request)
  File \"/usr/local/lib/python3.5/dist-packages/opentaxii-0.1.10a1-py3.5.egg/opentaxii/taxii/services/handlers/inbox_message_handlers.py\", line 29, in handle_message
    request, service_id=service.id, version=11))
  File \"/usr/local/lib/python3.5/dist-packages/opentaxii-0.1.10a1-py3.5.egg/opentaxii/persistence/manager.py\", line 131, in create_inbox_message
    INBOX_MESSAGE_CREATED.send(self, inbox_message=entity)
  File \"/usr/local/lib/python3.5/dist-packages/blinker-1.4-py3.5.egg/blinker/base.py\", line 267, in send
    for receiver in self.receivers_for(sender)]
  File \"/usr/local/lib/python3.5/dist-packages/blinker-1.4-py3.5.egg/blinker/base.py\", line 267, in <listcomp>
    for receiver in self.receivers_for(sender)]
  File \"/usr/local/lib/python3.5/dist-packages/misp_taxii_hooks-0.2-py3.5.egg/misp_taxii_hooks/hooks.py\", line 63, in post_stix
    package = pymisp.tools.stix.load_stix(content_block.content)
opentaxii.taxii.exceptions.FailureStatus: name 'content_block' is not defined", "level": "warning", "event": "Status exception", "logger": "opentaxii.middleware"}

Similar error using "taxii-push" on the local server.

PS: finally the TAXII stream seems to work fine, many thanks for this! :-)

.
Can i poll data from MISP by making it as a taxii server

Trying to push a 70+MB file to MISP with OpenTaxii but fails with the following error message:

taxii-push --path http://localhost:9000/services/inbox -f lmx2.xml -v --dest collection --username xxxx --password xxxx

`2017-11-07 urllib3.connectionpool DEBUG: Starting new HTTP connection (1): localhost
2017-11-07 urllib3.connectionpool DEBUG: http://localhost:9000 "POST /services/inbox HTTP/1.1" 200 457
2017-11-07 cabby.dispatcher DEBUG: Response:
<taxii_11:Status_Message xmlns:taxii="http://taxii.mitre.org/messages/taxii_xml_binding-1" xmlns:taxii_11="http://taxii.mitre.org/messages/taxii_xml_binding-1.1" xmlns:tdq="http://taxii.mitre.org/query/taxii_default_query-1" message_id="8116567896521802236" in_response_to="1a5b1228-d28e-4d54-aae9-8470e3e6c275" status_type="FAILURE">
<taxii_11:Message>There was a failure while executing the message handler</taxii_11:Message>
</taxii_11:Status_Message>

2017-11-07 cabby.cli.commons ERROR: FAILURE: There was a failure while executing the message handler
Traceback (most recent call last):
File "/usr/local/lib/python3.5/dist-packages/cabby-0.1.18-py3.5.egg/cabby/cli/commons.py", line 171, in run_client
run_func(client, args.uri, args)
File "/usr/local/lib/python3.5/dist-packages/cabby-0.1.18-py3.5.egg/cabby/cli/push.py", line 51, in _runner
client.push(content, binding, collection_names=args.collections, uri=path)
File "/usr/local/lib/python3.5/dist-packages/cabby-0.1.18-py3.5.egg/cabby/client11.py", line 332, in push
service_type=const.SVC_INBOX)
File "/usr/local/lib/python3.5/dist-packages/cabby-0.1.18-py3.5.egg/cabby/abstract.py", line 205, in _execute_request
timeout=self.timeout)
File "/usr/local/lib/python3.5/dist-packages/cabby-0.1.18-py3.5.egg/cabby/dispatcher.py", line 91, in send_taxii_request
raise UnsuccessfulStatusError(obj)
cabby.exceptions.UnsuccessfulStatusError: FAILURE: There was a failure while executing the message handler
Error from OpenTaxii Server:
File "src/lxml/etree.pyx", line 3441, in lxml.etree.parse
File "src/lxml/parser.pxi", line 1855, in lxml.etree._parseDocument
File "src/lxml/parser.pxi", line 1875, in lxml.etree._parseFilelikeDocument
File "src/lxml/parser.pxi", line 1770, in lxml.etree._parseDocFromFilelike
File "src/lxml/parser.pxi", line 1185, in lxml.etree._BaseParser._parseDocFromFilelike
File "src/lxml/parser.pxi", line 598, in lxml.etree._ParserContext._handleParseResultDoc
File "src/lxml/parser.pxi", line 709, in lxml.etree._handleParseResult
File "src/lxml/parser.pxi", line 638, in lxml.etree._raiseParseError
opentaxii.taxii.exceptions.FailureStatus: AttValue: ' expected, line 610, column 891 (, line 610)}
127.0.0.1 - - [07/Nov/2017] "POST /services/inbox HTTP/1.1" 200 -
`
File itself:

-rw-r--r-- 1 root root 70435985 Nov 2 17:52 lmx2.xml

Can the file size be an issue with limit on size of pushed file (FSISAC STIX File)?
Or other?

Hello all,
I have planed to use MISP-Taxii-Server to interconnect my MISP platform with a SIEM solution,
so that the SIEM solution polls indicators out of MISP.

Somehow I got lost in the setup and currently I question myself if that even works. Starting with that MISP-Taxii-Serveronly runs on 127.0.0.1 (even when I change to 0.0.0.0).

Any hint or guidance?