I'm getting this error when submitting an alert to ace using ace_api. I've attached a copy of the ace alert I'm trying to submit as alert.zip (it's really a 7z type but github barked at the attachment extension).
Traceback (most recent call last):
File "./sipcbrace.py", line 132, in <module>
main()
File "./sipcbrace.py", line 125, in main
submitted_alerts.append(Alert.submit())
File "/usr/local/lib/python3.6/dist-packages/ace_api.py", line 1200, in submit
raise submission_error
File "/usr/local/lib/python3.6/dist-packages/ace_api.py", line 1145, in submit
*self.submit_args, **self.submit_kwargs)
File "/usr/local/lib/python3.6/dist-packages/ace_api.py", line 320, in submit
}, files=files_params, method=METHOD_POST, *args, **kwargs).json()
File "/usr/local/lib/python3.6/dist-packages/ace_api.py", line 155, in _execute_api_call
r.raise_for_status()
File "/data/home/smcfeely/.local/lib/python3.6/site-packages/requests/models.py", line 940, in raise_for_status
raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 500 Server Error: INTERNAL SERVER ERROR for url: https://<addr>/api/analysis/submit
From apache_2019-07-19.log on ace box I'm submitting to:
Traceback (most recent call last):
File "/usr/local/lib/python3.6/dist-packages/flask/app.py", line 2292, in wsgi_app
response = self.full_dispatch_request()
File "/usr/local/lib/python3.6/dist-packages/flask/app.py", line 1815, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/usr/local/lib/python3.6/dist-packages/flask/app.py", line 1718, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/usr/local/lib/python3.6/dist-packages/flask/_compat.py", line 35, in reraise
raise value
File "/usr/local/lib/python3.6/dist-packages/flask/app.py", line 1813, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/local/lib/python3.6/dist-packages/flask/app.py", line 1799, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
File "/opt/ace/api/analysis/__init__.py", line 219, in submit
raise e
File "/opt/ace/api/analysis/__init__.py", line 120, in submit
observable = root.add_observable(o_type, o_value, o_time=o_time)
File "/opt/ace/lib/saq/analysis/__init__.py", line 956, in add_observable
return self._add_observable_by_spec(*args, **kwargs)
File "/opt/ace/lib/saq/analysis/__init__.py", line 988, in _add_observable_by_spec
observable.fetch_tags()
File "/opt/ace/lib/saq/analysis/__init__.py", line 1556, in fetch_tags
if self.tag_mapping_type is None or self.tag_mapping_md5_hex is None:
File "/opt/ace/lib/saq/analysis/__init__.py", line 1546, in tag_mapping_md5_hex
return self.md5_hex
File "/opt/ace/lib/saq/analysis/__init__.py", line 1287, in md5_hex
md5_hasher.update(self.value)
TypeError: object supporting the buffer API required
Submit code:
Alert = ace_api.Analysis(description='CbR - SIP:{}'.format(i['value']), analysis_mode='correlation', tool='SipCbrAce')
Alert.add_indicator(i['id'])
# get sip tags and tag Alert
i_details = sc.get('/indicators/{}'.format(i['id']))
for tag in i_details['tags']:
Alert.add_tag(tag)
alert_details = {}
alert_details['total_results'] = len(procs)
max_results = config['GLOBAL'].getint('alert_max_results')
alert_details['included_results'] = 0
alert_details['process_details'] = []
for proc in procs:
if alert_details['included_results'] > max_results:
break
alert_details['process_details'].append(str(proc))
alert_details['included_results'] += 1
Alert.add_hostname(proc.hostname)
Alert.add_md5(proc.process_md5)
Alert.add_ipv4(proc.comms_ip)
Alert.add_ipv4(proc.interface_ip)
Alert.add_process_guid(proc.id)
Alert.add_user(proc.username)
Alert.add_file_name(proc.process_name)
Alert.add_file_path(proc.path)
#Alert.add_file_location('{}@{}'.format(proc.hostname, proc.path))
Alert.submit_kwargs['details'] = alert_details
Alert.submit()
I'm getting this error when submitting an alert to ace using ace_api. I've attached a copy of the ace alert I'm trying to submit as alert.zip (it's really a 7z type but github barked at the attachment extension).
alert.zip
Traceback submitting alert to ace:
From apache_2019-07-19.log on ace box I'm submitting to:
Submit code: