Comments (10)
It's done. Pull and try that.
from misp-taxii-server.
@FloatingGhost , can you please tell me in which part of source code it's implemented?
from misp-taxii-server.
Here ya dummy
from misp-taxii-server.
There's no need to insult by the way. I was asking because I pulled the FSISAC repository twice and I have two or more same events.
from misp-taxii-server.
All ya silly native English speakers with your colloquialisms...
@Danko90 : I don't think @FloatingGhost means anything mean by it ;)
from misp-taxii-server.
Hey, don't murder me for bringing this up again, but I'm having a problem with duplicates and events with zero attributes. This is what my MISP instance looks like after running this a few days unattended to pull FS-ISAC data:
I updated this repo along with MISP, PyMISP, and MISP_STIX_Converter today and I'm still experiencing this problem. Here's the kind of logs I'm getting after running run-taxii-poll.py:
2017-06-30` 16:52:11,687 - main - DEBUG - Pushing block <cabby.entities.ContentBlock object at 0x7f929a152f98>
2017-06-30 16:52:11,777 - main - DEBUG - Pushing block <cabby.entities.ContentBlock object at 0x7f929a161358>
2017-06-30 16:52:11,864 - main - DEBUG - Pushing block <cabby.entities.ContentBlock object at 0x7f929a159828>
2017-06-30 16:52:11,949 - main - ERROR - FAILED TO PUSH BLOCK!
2017-06-30 16:52:11,950 - main - ERROR - <cabby.entities.ContentBlock object at 0x7f929a159828>
2017-06-30 16:52:11,950 - main - ERROR - FAILURE: There was a failure while executing the message handler
Traceback (most recent call last):
File "/var/git/MISP-Taxii-Server/scripts/run-taxii-poll.py", line 109, in
uri=localInbox)
File "/usr/local/lib/python3.5/dist-packages/cabby/client11.py", line 332, in push
service_type=const.SVC_INBOX)
File "/usr/local/lib/python3.5/dist-packages/cabby/abstract.py", line 205, in _execute_request
timeout=self.timeout)
File "/usr/local/lib/python3.5/dist-packages/cabby/dispatcher.py", line 91, in send_taxii_request
raise UnsuccessfulStatusError(obj)
cabby.exceptions.UnsuccessfulStatusError: FAILURE: There was a failure while executing the message handler
2017-06-30 16:52:11,951 - main - DEBUG - Pushing block <cabby.entities.ContentBlock object at 0x7f929a2bf978>
2017-06-30 16:52:12,033 - main - ERROR - FAILED TO PUSH BLOCK!
2017-06-30 16:52:12,033 - main - ERROR - <cabby.entities.ContentBlock object at 0x7f929a2bf978>
Any ideas, besides the obvious (abandoning STIX altogether)?
from misp-taxii-server.
@obsidianpentesting I was trying to get an FS-ISAC feed for testing but without success until now. Do you know if you could share the feed with us? to make some tests.
from misp-taxii-server.
I can't do much without the server log :P
The error will be in there
from misp-taxii-server.
@FloatingGhost Sorry for the wait. Had minimal computer access over the past few days. So the MISP server logs are interesting. It looks like some attributes are labeled incorrectly as "ip-src" when they should be email addresses:
Validation errors: {"value":["IP address has an invalid format."]} Full Attribute: {"value":"[email protected]","comment":"Address : [email protected]","to_ids":true,"disable_correlation":false,"category":"Network activity","type":"ip-src","distribution":"5","AttributeTag":[],"event_id":"32888"}
So this is the reason I'm seeing empty attributes for these FS-ISAC events. Does this need to be changed in MISP-STIX-Converter/misp_stix_converter/converters/buildMISPAttribute.py for data type validation?
Edit: Looks like this should probably be in a different thread. My bad!
from misp-taxii-server.
@adulau I can't give you direct access to the feed, but If I can find a way to obfuscate the IOCs (some are pretty revealing by themselves) and just keep the rest of the JSON output the same, I will share that output with you.
from misp-taxii-server.
Related Issues (20)
- Error 500 when push stix
- Taxii-Push Error: SSL_Wrong_Version_Number HOT 1
- Events not appearing in MISP after successful TAXII data push
- Taxii-push fails HOT 2
- Exception on /services/inbox [POST]: KeyError('response',)
- taxii-push broken after pymisp 2.4.119
- Anomaly STAXX integration with MISP HOT 2
- Foreign key constraint is incorrectly formed HOT 4
- add NameSpace to StixPackage
- TypeError: string indices must be integers
- MISP TAXII 404 not found
- TAXII UNAUTHORIZED HOT 8
- Taxii test Push failing with error HTTP Error: status code 500 HOT 1
- Taxii test file push fails with error status code 500 HOT 1
- HTTP Error: status code 500 HOT 2
- import stix v2.1 to MISP HOT 3
- Command "git reset --hard -q origin/master" failed with error code 128 in /home/misp/MISP-Taxii-Server/src/pymisp
- Error 404 on taxii-discovery and taxii-push HOT 1
- Request/Help needed
- errno: 150 "Foreign key constraint is incorrectly formed" + various other errors
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from misp-taxii-server.