Work environment
Running Elasticsearch, Cortex and MISP in a docker compose
Cortex version: 3.1.8-1
Cortex Analyzer/Responder name: MISP_2_1
Cortex Analyzer/Responder version: 2.1
Describe the bug
I tested VirusTotal Analyzer and there are no Problems.
But when running the MISP Analyzer i got everytime this error:
Traceback (most recent call last):
File "/usr/local/lib/python3.12/site-packages/urllib3/connection.py", line 203, in _new_conn
sock = connection.create_connection(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/site-packages/urllib3/util/connection.py", line 85, in create_connection
raise err
File "/usr/local/lib/python3.12/site-packages/urllib3/util/connection.py", line 73, in create_connection
sock.connect(sa)
ConnectionRefusedError: [Errno 111] Connection refused
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "/usr/local/lib/python3.12/site-packages/urllib3/connectionpool.py", line 791, in urlopen
response = self._make_request(
^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/site-packages/urllib3/connectionpool.py", line 492, in _make_request
raise new_e
File "/usr/local/lib/python3.12/site-packages/urllib3/connectionpool.py", line 468, in _make_request
self._validate_conn(conn)
File "/usr/local/lib/python3.12/site-packages/urllib3/connectionpool.py", line 1097, in _validate_conn
conn.connect()
File "/usr/local/lib/python3.12/site-packages/urllib3/connection.py", line 611, in connect
self.sock = sock = self._new_conn()
^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/site-packages/urllib3/connection.py", line 218, in _new_conn
raise NewConnectionError(
urllib3.exceptions.NewConnectionError: <urllib3.connection.HTTPSConnection object at 0x7fa68218ffb0>: Failed to establish a new connection: [Errno 111] Connection refused
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "/usr/local/lib/python3.12/site-packages/requests/adapters.py", line 486, in send
resp = conn.urlopen(
^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/site-packages/urllib3/connectionpool.py", line 845, in urlopen
retries = retries.increment(
^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/site-packages/urllib3/util/retry.py", line 515, in increment
raise MaxRetryError(_pool, url, reason) from reason # type: ignore[arg-type]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='localhost', port=443): Max retries exceeded with url: /servers/getVersion (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7fa68218ffb0>: Failed to establish a new connection: [Errno 111] Connection refused'))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.12/site-packages/pymisp/api.py", line 191, in init
response = self.recommended_pymisp_version
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/site-packages/pymisp/api.py", line 248, in recommended_pymisp_version
misp_version = self.misp_instance_version
^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/functools.py", line 995, in get
val = self.func(instance)
^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/site-packages/pymisp/api.py", line 277, in misp_instance_version
response = self._prepare_request('GET', 'servers/getVersion')
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/site-packages/pymisp/api.py", line 3746, in _prepare_request
return self.__session.send(prepped, timeout=self.timeout, settings)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/site-packages/requests/sessions.py", line 703, in send
r = adapter.send(request, kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/site-packages/requests/adapters.py", line 519, in send
raise ConnectionError(e, request=request)
requests.exceptions.ConnectionError: HTTPSConnectionPool(host='localhost', port=443): Max retries exceeded with url: /servers/getVersion (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7fa68218ffb0>: Failed to establish a new connection: [Errno 111] Connection refused'))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/worker/MISP/misp.py", line 80, in
MISPAnalyzer().run()
^^^^^^^^^^^^^^
File "/worker/MISP/misp.py", line 25, in init
self.misp = MISPClient(url=self.get_param('config.url', None, 'No MISP url given.'),
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/worker/MISP/mispclient.py", line 59, in init
self.misp_connections.append(pymisp.ExpandedPyMISP(url=server,
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/site-packages/pymisp/api.py", line 212, in init
raise PyMISPError(f'Unable to connect to MISP ({self.root_url}). Please make sure the API key and the URL are correct (http/https is required): {e}')
pymisp.exceptions.PyMISPError: Unable to connect to MISP (https://localhost/). Please make sure the API key and the URL are correct (http/https is required): HTTPSConnectionPool(host='localhost', port=443): Max retries exceeded with url: /servers/getVersion (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7fa68218ffb0>: Failed to establish a new connection: [Errno 111] Connection refused'))
Work environment Running Elasticsearch, Cortex and MISP in a docker compose
Describe the bug
I tested VirusTotal Analyzer and there are no Problems.
But when running the MISP Analyzer i got everytime this error:
Traceback (most recent call last): File "/usr/local/lib/python3.12/site-packages/urllib3/connection.py", line 203, in _new_conn sock = connection.create_connection( ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/urllib3/util/connection.py", line 85, in create_connection raise err File "/usr/local/lib/python3.12/site-packages/urllib3/util/connection.py", line 73, in create_connection sock.connect(sa) ConnectionRefusedError: [Errno 111] Connection refused
The above exception was the direct cause of the following exception:
Traceback (most recent call last): File "/usr/local/lib/python3.12/site-packages/urllib3/connectionpool.py", line 791, in urlopen response = self._make_request( ^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/urllib3/connectionpool.py", line 492, in _make_request raise new_e File "/usr/local/lib/python3.12/site-packages/urllib3/connectionpool.py", line 468, in _make_request self._validate_conn(conn) File "/usr/local/lib/python3.12/site-packages/urllib3/connectionpool.py", line 1097, in _validate_conn conn.connect() File "/usr/local/lib/python3.12/site-packages/urllib3/connection.py", line 611, in connect self.sock = sock = self._new_conn() ^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/urllib3/connection.py", line 218, in _new_conn raise NewConnectionError( urllib3.exceptions.NewConnectionError: <urllib3.connection.HTTPSConnection object at 0x7fa68218ffb0>: Failed to establish a new connection: [Errno 111] Connection refused
The above exception was the direct cause of the following exception:
Traceback (most recent call last): File "/usr/local/lib/python3.12/site-packages/requests/adapters.py", line 486, in send resp = conn.urlopen( ^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/urllib3/connectionpool.py", line 845, in urlopen retries = retries.increment( ^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/urllib3/util/retry.py", line 515, in increment raise MaxRetryError(_pool, url, reason) from reason # type: ignore[arg-type] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='localhost', port=443): Max retries exceeded with url: /servers/getVersion (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7fa68218ffb0>: Failed to establish a new connection: [Errno 111] Connection refused'))
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "/usr/local/lib/python3.12/site-packages/pymisp/api.py", line 191, in init response = self.recommended_pymisp_version ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/pymisp/api.py", line 248, in recommended_pymisp_version misp_version = self.misp_instance_version ^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/functools.py", line 995, in get val = self.func(instance) ^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/pymisp/api.py", line 277, in misp_instance_version response = self._prepare_request('GET', 'servers/getVersion') ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/pymisp/api.py", line 3746, in _prepare_request return self.__session.send(prepped, timeout=self.timeout, settings) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/requests/sessions.py", line 703, in send r = adapter.send(request, kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/requests/adapters.py", line 519, in send raise ConnectionError(e, request=request) requests.exceptions.ConnectionError: HTTPSConnectionPool(host='localhost', port=443): Max retries exceeded with url: /servers/getVersion (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7fa68218ffb0>: Failed to establish a new connection: [Errno 111] Connection refused'))
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "/worker/MISP/misp.py", line 80, in
MISPAnalyzer().run()
^^^^^^^^^^^^^^
File "/worker/MISP/misp.py", line 25, in init
self.misp = MISPClient(url=self.get_param('config.url', None, 'No MISP url given.'),
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/worker/MISP/mispclient.py", line 59, in init
self.misp_connections.append(pymisp.ExpandedPyMISP(url=server,
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/site-packages/pymisp/api.py", line 212, in init
raise PyMISPError(f'Unable to connect to MISP ({self.root_url}). Please make sure the API key and the URL are correct (http/https is required): {e}')
pymisp.exceptions.PyMISPError: Unable to connect to MISP (https://localhost/). Please make sure the API key and the URL are correct (http/https is required): HTTPSConnectionPool(host='localhost', port=443): Max retries exceeded with url: /servers/getVersion (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7fa68218ffb0>: Failed to establish a new connection: [Errno 111] Connection refused'))