search

TheHive-Project / Cortex-Analyzers

Cortex Analyzers Repository
https://TheHive-Project.github.io/Cortex-Analyzers/
GNU Affero General Public License v3.0
423 stars 372 forks source link

[Bug] Misp Analyzer #1235

Closed Edmomo closed 7 months ago

Edmomo commented 8 months ago

Work environment Running Elasticsearch, Cortex and MISP in a docker compose

Describe the bug

I tested VirusTotal Analyzer and there are no Problems.

But when running the MISP Analyzer i got everytime this error:

Traceback (most recent call last): File "/usr/local/lib/python3.12/site-packages/urllib3/connection.py", line 203, in _new_conn sock = connection.create_connection( ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/urllib3/util/connection.py", line 85, in create_connection raise err File "/usr/local/lib/python3.12/site-packages/urllib3/util/connection.py", line 73, in create_connection sock.connect(sa) ConnectionRefusedError: [Errno 111] Connection refused

The above exception was the direct cause of the following exception:

Traceback (most recent call last): File "/usr/local/lib/python3.12/site-packages/urllib3/connectionpool.py", line 791, in urlopen response = self._make_request( ^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/urllib3/connectionpool.py", line 492, in _make_request raise new_e File "/usr/local/lib/python3.12/site-packages/urllib3/connectionpool.py", line 468, in _make_request self._validate_conn(conn) File "/usr/local/lib/python3.12/site-packages/urllib3/connectionpool.py", line 1097, in _validate_conn conn.connect() File "/usr/local/lib/python3.12/site-packages/urllib3/connection.py", line 611, in connect self.sock = sock = self._new_conn() ^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/urllib3/connection.py", line 218, in _new_conn raise NewConnectionError( urllib3.exceptions.NewConnectionError: <urllib3.connection.HTTPSConnection object at 0x7fa68218ffb0>: Failed to establish a new connection: [Errno 111] Connection refused

The above exception was the direct cause of the following exception:

Traceback (most recent call last): File "/usr/local/lib/python3.12/site-packages/requests/adapters.py", line 486, in send resp = conn.urlopen( ^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/urllib3/connectionpool.py", line 845, in urlopen retries = retries.increment( ^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/urllib3/util/retry.py", line 515, in increment raise MaxRetryError(_pool, url, reason) from reason # type: ignore[arg-type] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='localhost', port=443): Max retries exceeded with url: /servers/getVersion (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7fa68218ffb0>: Failed to establish a new connection: [Errno 111] Connection refused'))

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "/usr/local/lib/python3.12/site-packages/pymisp/api.py", line 191, in init response = self.recommended_pymisp_version ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/pymisp/api.py", line 248, in recommended_pymisp_version misp_version = self.misp_instance_version ^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/functools.py", line 995, in get val = self.func(instance) ^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/pymisp/api.py", line 277, in misp_instance_version response = self._prepare_request('GET', 'servers/getVersion') ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/pymisp/api.py", line 3746, in _prepare_request return self.__session.send(prepped, timeout=self.timeout, settings) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/requests/sessions.py", line 703, in send r = adapter.send(request, kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/requests/adapters.py", line 519, in send raise ConnectionError(e, request=request) requests.exceptions.ConnectionError: HTTPSConnectionPool(host='localhost', port=443): Max retries exceeded with url: /servers/getVersion (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7fa68218ffb0>: Failed to establish a new connection: [Errno 111] Connection refused'))

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "/worker/MISP/misp.py", line 80, in MISPAnalyzer().run() ^^^^^^^^^^^^^^ File "/worker/MISP/misp.py", line 25, in init self.misp = MISPClient(url=self.get_param('config.url', None, 'No MISP url given.'), ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/worker/MISP/mispclient.py", line 59, in init self.misp_connections.append(pymisp.ExpandedPyMISP(url=server, ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/pymisp/api.py", line 212, in init raise PyMISPError(f'Unable to connect to MISP ({self.root_url}). Please make sure the API key and the URL are correct (http/https is required): {e}') pymisp.exceptions.PyMISPError: Unable to connect to MISP (https://localhost/). Please make sure the API key and the URL are correct (http/https is required): HTTPSConnectionPool(host='localhost', port=443): Max retries exceeded with url: /servers/getVersion (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7fa68218ffb0>: Failed to establish a new connection: [Errno 111] Connection refused'))