bm11100
commented
3 years ago I am also seeing empty results on my enrichments, also on 2.4.148, using CentOS 7 https://github.com/MISP/MISP/issues/7836
Open fink08 opened 3 years ago
bm11100
commented
3 years ago I am also seeing empty results on my enrichments, also on 2.4.148, using CentOS 7 https://github.com/MISP/MISP/issues/7836
adulau
commented
3 years ago What's the input value and type? It seems the value format is different than for the type expected.
bm11100
commented
3 years ago @adulau i've tested IP's, urls, hashes, etc.. Here's one example type - ip-dst
Upon clicking the hover on any IP or url -
I'm not getting any errors running the service, just empty results in everything I want to enrich.
Any specific logs that would be helpful in identifying the issue?
bm11100
commented
3 years ago FYI - I just tested on a brand new cloud instance of MISP, Ubuntu this time, enabled xforceexchange, and still get the empty results when clicking on the hover. I figured I'd rule out my instance and start fresh, but the problem seems to persist.
chrisr3d
commented
3 years ago I just pushed be5635b0a4e5bb306bb596681180d0b96a751c26 that should fix the issue described with the python logs.
This should fix the hover enrichment issues at least for the yara_query module as mentioned in the logs.
Now concerning the different other modules mentioned here, I tested with the IP addresses provided here on the screenshot:
Let me know if you still face issues
waldeckerthefirst
commented
1 year ago Hello, i face the same issue with Greynoise and MISP version 2.4.166 on Redhat 8.6 with Proxy and feeds synchronisation is working fine.
requests.exceptions.ConnectionError: HTTPSConnectionPool(host='api.greynoise.io', port=443): Max retries exceeded with url: /v3/community/8.8.8.8 (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f121b0f19d0>: Failed to establish a new connection: [Errno -2] Name or service not known'))
Dec 14 14:37:07 misp-modules[69667]: return request("get", url, params=params, kwargs) Dec 14 14:37:07 misp-modules[69667]: File "/opt/misp/www/MISP/venv/lib/python3.8/site-packages/requests/api.py", line 59, in request Dec 14 14:37:07 misp-modules[69667]: return session.request(method=method, url=url, kwargs) Dec 14 14:37:07 misp-modules[69667]: File "/opt/misp/www/MISP/venv/lib/python3.8/site-packages/requests/sessions.py", line 587, in request Dec 14 14:37:07 misp-modules[69667]: resp = self.send(prep, send_kwargs) Dec 14 14:37:07 misp-modules[69667]: File "/opt/misp/www/MISP/venv/lib/python3.8/site-packages/requests/sessions.py", line 701, in send Dec 14 14:37:07 misp-modules[69667]: r = adapter.send(request, kwargs) Dec 14 14:37:07 misp-modules[69667]: File "/opt/misp/www/MISP/venv/lib/python3.8/site-packages/requests/adapters.py", line 565, in send Dec 14 14:37:07 misp-modules[69667]: raise ConnectionError(e, request=request)
OS : CentOS 8 Instance behind a corporate Proxy PHP 7.4.22 MISP 2.4.148
Hi, I've had a few problems with the misp-modules, mainly that the misp-modules service initially works fine right after the install but refuses to start again after a reboot. This is what I have as a result :
Any attempt at restarting/stopping the service has failed.
This resulted is no plugins being available. I have gone around this by manually launching the modules (with help from issue #354) :
sudo -u apache /var/www/MISP/venv/bin/misp-modules -l 127.0.0.1 -s
The output indicates that all modules were succesfully loaded. In the UI, the plugin settings appear and I can use "Enrich event", for example to generate yara rules from hash values. This works fine. However, as soon as I try using hover enrichment on a single attribute, I only get errors :
In the python logs, I see the following :
I'm not sure what else I can do to fix this, I didn't have this problem when I tested the install on my personal computer so I don't know if this is somehow related to the proxy. I'd be grateful if anyone has any idea on this one. Mainly, how is it that I get results when I enrich the entire event with "Enrich Event" but the single hover enrichment for one attribute doesn't work ?
Thank you !