search

CrowdStrike / MISP-tools

Import CrowdStrike Threat Intelligence into your instance of MISP
MIT License
39 stars 10 forks source link

Obliterate Command returns "Invalid configuration specified, unable to continue." #81

Closed packet-rat closed 1 year ago

packet-rat commented 1 year ago

Running the Obliterate command is returning an invalid error:

[2022-12-17 21:08:41,233] CRITICAL config authentication Invalid API credentials provided

Subsequent -cr, -ci commands work fine...

### (venv) [rx118r@md2nj01di:~/src/crowdstrike/MISP-tools-main]$ python3 misp_import.py --obliterate

😱 😱 😱 😱 😱 😱 😱 😱 😱 😱 😱 😱 😱 😱 😱 😱 😱 😱 😱 😱 😱 😱 😱 😱 😱 

@@@  @@@  @@@   @@@@@@   @@@@@@@   @@@  @@@  @@@  @@@  @@@   @@@@@@@@  @@@
@@@  @@@  @@@  @@@@@@@@  @@@@@@@@  @@@@ @@@  @@@  @@@@ @@@  @@@@@@@@@  @@@
@@!  @@!  @@!  @@!  @@@  @@!  @@@  @@!@!@@@  @@!  @@!@!@@@  !@@        @@!
!@!  !@!  !@!  !@!  @!@  !@!  @!@  !@!!@!@!  !@!  !@!!@!@!  !@!        !@
@!!  !!@  @!@  @!@!@!@!  @!@!!@!   @!@ !!@!  !!@  @!@ !!@!  !@! @!@!@  @!@
!@!  !!!  !@!  !!!@!!!!  !!@!@!    !@!  !!!  !!!  !@!  !!!  !!! !!@!!  !!!
!!:  !!:  !!:  !!:  !!!  !!: :!!   !!:  !!!  !!:  !!:  !!!  :!!   !!:
:!:  :!:  :!:  :!:  !:!  :!:  !:!  :!:  !:!  :!:  :!:  !:!  :!:   !::  :!:
 :::: :: :::   ::   :::  ::   :::   ::   ::   ::   ::   ::   ::: ::::   ::
  :: :  : :     :   : :   :   : :  ::    :   :    ::    :    :: :: :   :::

😱 😱 😱 😱 😱 😱 😱 😱 😱 😱 😱 😱 😱 😱 😱 😱 😱 😱 😱 😱 😱 😱 😱 😱 😱 

Obliterate is a destructive operation that will remove all CrowdStrike data
from your MISP instance. There is no going back once this process completes.

Are you sure you want to do this?

[Enter 'yes' to continue] ==> yes

         _.-^^---....,,---;
     _--/                  `--_
    <                        >)
    |        KA-BOOM!         |
     \._                   _./
        ```--. . , ; .--'''
              | |   |
           .-=||  | |=-.
           `-=#$%&%$#=-'
              | ;  :|
     _____.,-#%&$@%#&#~,._____
         COMMAND  ACCEPTED

[2022-12-17 21:08:41,224] INFO     misp_tools    
[2022-12-17 21:08:41,224] INFO     misp_tools    '##::::'##:'####::'######::'########:::::'########::'#######:::'#######::'##::::::::'######::
[2022-12-17 21:08:41,224] INFO     misp_tools     ###::'###:. ##::'##... ##: ##.... ##::::... ##..::'##.... ##:'##.... ##: ##:::::::'##... ##:
[2022-12-17 21:08:41,224] INFO     misp_tools     ####'####:: ##:: ##:::..:: ##:::: ##::::::: ##:::: ##:::: ##: ##:::: ##: ##::::::: ##:::..::
[2022-12-17 21:08:41,224] INFO     misp_tools     ## ### ##:: ##::. ######:: ########:::::::: ##:::: ##:::: ##: ##:::: ##: ##:::::::. ######::
[2022-12-17 21:08:41,224] INFO     misp_tools     ##. #: ##:: ##:::..... ##: ##.....::::::::: ##:::: ##:::: ##: ##:::: ##: ##::::::::..... ##:
[2022-12-17 21:08:41,224] INFO     misp_tools     ##:.:: ##:: ##::'##::: ##: ##:::::::::::::: ##:::: ##:::: ##: ##:::: ##: ##:::::::'##::: ##:
[2022-12-17 21:08:41,224] INFO     misp_tools     ##:::: ##:'####:. ######:: ##:::::::::::::: ##::::. #######::. #######:: ########:. ######::
[2022-12-17 21:08:41,224] INFO     misp_tools    ..:::::..::....:::......:::..:::::::::::::::..::::::.......::::.......:::........:::......:::
[2022-12-17 21:08:41,224] INFO     misp_tools               _____
[2022-12-17 21:08:41,224] INFO     misp_tools                /  '
[2022-12-17 21:08:41,224] INFO     misp_tools             ,-/-,__ __
[2022-12-17 21:08:41,224] INFO     misp_tools            (_/  (_)/ (_
[2022-12-17 21:08:41,225] INFO     misp_tools                         _______                        __ _______ __        __ __
[2022-12-17 21:08:41,225] INFO     misp_tools                        |   _   .----.-----.--.--.--.--|  |   _   |  |_.----|__|  |--.-----.
[2022-12-17 21:08:41,225] INFO     misp_tools                        |.  1___|   _|  _  |  |  |  |  _  |   1___|   _|   _|  |    <|  -__|
[2022-12-17 21:08:41,225] INFO     misp_tools                        |.  |___|__| |_____|________|_____|____   |____|__| |__|__|__|_____|
[2022-12-17 21:08:41,225] INFO     misp_tools                        |:  1   |                         |:  1   |
[2022-12-17 21:08:41,225] INFO     misp_tools                        |::.. . |                         |::.. . |  Threat Intelligence v0.6.5
[2022-12-17 21:08:41,225] INFO     misp_tools                        `-------'                         `-------'
[2022-12-17 21:08:41,225] INFO     misp_tools    
[2022-12-17 21:08:41,225] INFO     config  
[2022-12-17 21:08:41,225] INFO     config  _______ _     _ _______ _______ _     _      _______  _____  __   _ _______ _____  ______
[2022-12-17 21:08:41,225] INFO     config  |       |_____| |______ |       |____/       |       |     | | \  | |______   |   |  ____
[2022-12-17 21:08:41,225] INFO     config  |_____  |     | |______ |_____  |    \_      |_____  |_____| |  \_| |       __|__ |_____|
[2022-12-17 21:08:41,225] INFO     config  
[2022-12-17 21:08:41,226] WARNING  config  misp_enable_ssl                             SSL is disabled for MISP API requests
[2022-12-17 21:08:41,233] CRITICAL config  authentication                              Invalid API credentials provided
[2022-12-17 21:08:41,233] INFO     config  1 configuration error found (1 warning)
[2022-12-17 21:08:41,233] ERROR    config  
[2022-12-17 21:08:41,233] ERROR    config  ____ _  _ ____ ____ _  _ ____    ____ ____ _ _    ____ ___
[2022-12-17 21:08:41,233] ERROR    config  |    |__| |___ |    |_/  [__     |___ |__| | |    |___ |  \
[2022-12-17 21:08:41,233] ERROR    config  |___ |  | |___ |___ | \_ ___]    |    |  | | |___ |___ |__/
[2022-12-17 21:08:41,233] ERROR    config  
[2022-12-17 21:08:41,233] INFO     misp_tools    
[2022-12-17 21:08:41,233] INFO     misp_tools     _______  __  .__   __.  __       _______. __    __   _______  _______
[2022-12-17 21:08:41,233] INFO     misp_tools    |   ____||  | |  \ |  | |  |     /       ||  |  |  | |   ____||       \
[2022-12-17 21:08:41,233] INFO     misp_tools    |  |__   |  | |   \|  | |  |    |   (----`|  |__|  | |  |__   |  .--.  |
[2022-12-17 21:08:41,233] INFO     misp_tools    |   __|  |  | |  . `  | |  |     \   \    |   __   | |   __|  |  |  |  |
[2022-12-17 21:08:41,233] INFO     misp_tools    |  |     |  | |  |\   | |  | .----)   |   |  |  |  | |  |____ |  '--'  |
[2022-12-17 21:08:41,233] INFO     misp_tools    |__|     |__| |__| \__| |__| |_______/    |__|  |__| |_______||_______/
[2022-12-17 21:08:41,233] INFO     misp_tools    
Invalid configuration specified, unable to continue.
packet-rat commented 1 year ago

Note repeating the -cr a second leads to the same Invalid API credentials provided

packet-rat commented 1 year ago

It turns out that every other invocation of a command works. In other words, when I run the --obliterate a secod time it does not fail with the Invalid API credentials provided error. Same for the other commands, every other time works.

jshcodes commented 1 year ago

Can you confirm your INI file (misp_import.ini) was correctly provided (or the one in the executing folder was correct) when you encountered this issue? I was able to recreate this error but I had to provide the default INI file (without customizations), not the one configured for my testing environment.

packet-rat commented 1 year ago

I copied my previously working ini file. If memory serves correctly there was one new parameter I needed to add.

jshcodes commented 1 year ago

This one is pretty weird. Are you able to consistently cause this to happen now that you have the latest INI version?

jshcodes commented 1 year ago

Closing this one as resolved. Please reopen if you encounter this again. 😄