search

LAC-Japan / MISP-CSVImport

CSV import tool for MISP
BSD 2-Clause "Simplified" License
11 stars 3 forks source link

Error: no import events #1

Closed firebitsbr closed 4 years ago

firebitsbr commented 5 years ago

Hi. I am using for testing an MISP VM (MISP_v2.4.113@0f134ee.OVA) and installed MISP-Modules and pyMISP.

I git clone the source code and test the example, but I was unsuccessful, created a user with email sample1@user.email, because I figured it was allowed to access. Please what would be my mistake and what should I do to successfully run these scripts?

Att

Mauro Risonho de Paula Assumpção

Error:

root@misp:~/MISP-tools/MISP-CSVImport# ls const.py MISP-CSVImport.py pycache readme.md LICENSE.txt modules readme_jp.md sample.tsv

root@misp:~/MISP-tools/MISP-CSVImport# python3 ./MISP-CSVImport.py -i ./sample.tsv --skip-header --ls "\r\n" --cs " " Import file parsing skip header invalid formatsample.tsv: 2018/4/3 LAC sample1@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX https://www.lac.co.jp/english/report/2018/01/23_alert_01.html External analysis link
invalid formatsample.tsv: 2018/4/3 LAC sample1@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX https://www.jpcert.or.jp/magazine/acreport-plugx2.html External analysis link
invalid formatsample.tsv: 2018/4/3 LAC sample1@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-operation-quantum-entanglement.pdf External analysis link
invalid formatsample.tsv: 2018/4/3 LAC sample1@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX https://researchcenter.paloaltonetworks.com/2016/08/unit42-aveo-malware-family-targets-japanese-speaking-users/ External analysis link
invalid formatsample.tsv: 2018/4/3 LAC sample1@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX https://researchcenter.paloaltonetworks.com/2017/01/unit42-dragonok-updates-toolset-targets-multiple-geographic-regions/ External analysis link
invalid formatsample.tsv: 2018/4/3 LAC sample1@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX 97763d25af878d73d19deabe9ea2d564 Payload delivery md5 PIPX
invalid formatsample.tsv: 2018/4/3 LAC sample1@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX 29cdae7dc2a7f7376a19e4de91b69c98 Payload delivery md5 PIPX
invalid formatsample.tsv: 2018/4/3 LAC sample1@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX 58ba2c0ed39d5c874a4933677508f5cc Payload delivery md5 PIPX
invalid formatsample.tsv: 2018/4/3 LAC sample1@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX php.marbletemps.com Network activity hostname PIPX
invalid formatsample.tsv: 2018/4/3 LAC sample1@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX bbs.donkeyhaws.info Network activity hostname PIPX 2017.9.20-12.6 invalid formatsample.tsv: 2018/4/3 LAC sample1@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX http.donkeyhaws.info Network activity hostname PIPX
invalid formatsample.tsv: 2018/4/3 LAC sample1@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX https.osakaintec.com Network activity hostname PIPX -2017.12.6 invalid formatsample.tsv: 2018/4/3 LAC sample1@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX 206.161.218.49 Network activity ip-dst PIPX
invalid formatsample.tsv: 2018/4/3 LAC sample1@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX 207.226.137.207 Network activity ip-dst PIPX
invalid formatsample.tsv: 2018/4/3 LAC sample1@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX 118.193.163.133 Network activity ip-dst PIPX
invalid formatsample.tsv: 2018/4/3 LAC sample1@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX 103.226.153.39 Network activity ip-dst PIPX
invalid formatsample.tsv: 2018/4/3 LAC sample2@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX https://www.lac.co.jp/english/report/2018/01/23_alert_01.html External analysis link
invalid formatsample.tsv: 2018/4/3 LAC sample2@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX https://www.jpcert.or.jp/magazine/acreport-plugx2.html External analysis link
invalid formatsample.tsv: 2018/4/3 LAC sample2@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-operation-quantum-entanglement.pdf External analysis link
invalid formatsample.tsv: 2018/4/3 LAC sample2@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX https://researchcenter.paloaltonetworks.com/2016/08/unit42-aveo-malware-family-targets-japanese-speaking-users/ External analysis link
invalid formatsample.tsv: 2018/4/3 LAC sample2@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX https://researchcenter.paloaltonetworks.com/2017/01/unit42-dragonok-updates-toolset-targets-multiple-geographic-regions/ External analysis link
invalid formatsample.tsv: 2018/4/3 LAC sample2@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX 97763d25af878d73d19deabe9ea2d564 Payload delivery md5 PIPX
invalid formatsample.tsv: 2018/4/3 LAC sample2@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX 29cdae7dc2a7f7376a19e4de91b69c98 Payload delivery md5 PIPX
invalid formatsample.tsv: 2018/4/3 LAC sample2@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX 58ba2c0ed39d5c874a4933677508f5cc Payload delivery md5 PIPX
invalid formatsample.tsv: 2018/4/3 LAC sample2@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX php.marbletemps.com Network activity hostname PIPX
invalid formatsample.tsv: 2018/4/3 LAC sample2@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX bbs.donkeyhaws.info Network activity hostname PIPX 2017.9.20-12.6 invalid formatsample.tsv: 2018/4/3 LAC sample2@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX http.donkeyhaws.info Network activity hostname PIPX
invalid formatsample.tsv: 2018/4/3 LAC sample2@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX https.osakaintec.com Network activity hostname PIPX -2017.12.6 invalid formatsample.tsv: 2018/4/3 LAC sample2@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX 206.161.218.49 Network activity ip-dst PIPX
invalid formatsample.tsv: 2018/4/3 LAC sample2@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX 207.226.137.207 Network activity ip-dst PIPX
invalid formatsample.tsv: 2018/4/3 LAC sample2@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX 118.193.163.133 Network activity ip-dst PIPX
invalid formatsample.tsv: 2018/4/3 LAC sample2@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX 103.226.153.39 Network activity ip-dst PIPX
no import event

young2112129 commented 4 years ago

Change "sample2@user.email" in sample.tsv to your account name, then try below command: python3 ./MISP-CSVImport.py -i ./sample.tsv --skip-header --ls "\r\n" (Delete '--cs " "' from the official command example, because the Column delimiter of sample.tsv is "\ t" which is default setting).

ssotoya commented 4 years ago

I'm sorry that I noticed it very late. it is necessary to match the user information in the TSV to be imported with the user information in const.py.

In addition, an error occurred when using this program in combination with the latest pymisp. This time, we have made it compatible with the latest pymisp, so please check with the latest version.