Comments (6)
I did some more checks and believe MISP does not like email addresses within this particular (fsisac) STIX format. IPs are no problem and translate into MISP event attributes, email addresses don't. Would anybody know how this can be fixed? I assume buildMISPAttribute.py is where the magic happens...
from misp-taxii-server.
Yeah I see the issue here
I expected AddressObjects
to well... be IP addresses.
It never once states in the STIX docs that email addresses count as that - I was expecting them to be in the EmailMessageAttribute
fields :<
I think I can hack around it by checking category (maybe)
from misp-taxii-server.
Tests pass
I've updated MISP-STIX-Converter to hopefully fix this issue - try re-installing that and trying again
Might work might not
from misp-taxii-server.
Thank you, you are really helpful! I have pulled and re-installed MISP-STIX-Converter but the error persists (event created with no attributes). Could you please try again with the attached samples?
I'm puzzled, it should really be caught by your new line
else:
mispEvent.add_attribute("email-src", ast_eval(str(obj.address_value)),
comment=pkg.title or None)
sorry about the Python, we upgraded the box but it's not having any of it ;-)
Push-success:
root@lbg-cuckoobox:~/MISP-Taxii-Server/FSISAC/stix_files# taxii-push --path http://localhost:9000/services/inbox -f system.Default_STIX111_2018_01_05T11_24_54_703983_00_00.xml --dest collection --username taxii --password xxxxx
2018-01-17 10:34:05,912 INFO: Sending Inbox_Message to http://localhost:9000/services/inbox
2018-01-17 10:34:06,693 INFO: Content block successfully pushed
Gunicorn event log:
{"hooks": "misp_taxii_hooks.hooks", "logger": "opentaxii.server", "event": "signal_hooks.imported", "timestamp": "2018-01-17T10:33:11.767578Z", "level": "info"}
{"timestamp": "2018-01-17T10:33:11.767823Z", "logger": "opentaxii.server", "event": "opentaxii.server_configured", "level": "info"}
("'dGF4aWk6bWlzcHRheGlpMQ=='", 24)
Posting STIX...
/usr/local/lib/pythonlookaunicorn!/dist-packages/stix/utils/deprecated.py:48: UserWarning: The use of this field has been deprecated. Received 'datetime' object.
warnings.warn(msg)
Building Event...
Using title STIX Import
STIX loaded succesfully.
Extracted ['[email protected]']
Checking for existence of [email protected]
/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py:858: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
InsecureRequestWarning)
[email protected] is unique, we'll keep it
Uploading event to MISP with attributes ['[email protected]']
/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py:858: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
InsecureRequestWarning)
not_working.xml.txt
working.xml.txt
from misp-taxii-server.
Bizarrely not_working.xml
does work for me
MISP 2.4.81, but that shouldn't matter
Maybe Python's messing with you, try
sudo pip uninstall misp_stix_converter
cd /path/to/MISP-STIX-Converter
sudo python setup.py install
# Restart TAXII server
might work
from misp-taxii-server.
and it totally does, thank you ever so much! how does this "turn-it-off-and-on-again" thing still work lol
from misp-taxii-server.
Related Issues (20)
- Error 500 when push stix
- Taxii-Push Error: SSL_Wrong_Version_Number HOT 1
- Events not appearing in MISP after successful TAXII data push
- Taxii-push fails HOT 2
- Exception on /services/inbox [POST]: KeyError('response',)
- taxii-push broken after pymisp 2.4.119
- Anomaly STAXX integration with MISP HOT 2
- Foreign key constraint is incorrectly formed HOT 4
- add NameSpace to StixPackage
- TypeError: string indices must be integers
- MISP TAXII 404 not found
- TAXII UNAUTHORIZED HOT 8
- Taxii test Push failing with error HTTP Error: status code 500 HOT 1
- Taxii test file push fails with error status code 500 HOT 1
- HTTP Error: status code 500 HOT 2
- import stix v2.1 to MISP HOT 3
- Command "git reset --hard -q origin/master" failed with error code 128 in /home/misp/MISP-Taxii-Server/src/pymisp
- Error 404 on taxii-discovery and taxii-push HOT 1
- Request/Help needed
- errno: 150 "Foreign key constraint is incorrectly formed" + various other errors
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from misp-taxii-server.