python36-stix2 issues (STIX import does not work)

amuehlem / MISP-RPM

RPM packages for MISP

32 stars 14 forks source link

python36-stix2 issues (STIX import does not work) #50

Closed racco42 closed 3 years ago

racco42 commented 3 years ago

Hi,

I have issues to import events from STIX format and I found out that it is probably caused by python36-stix2 package. According to SPEC, the RPM is build from https://github.com/oasis-open/cti-python-stix2, but MISP is carrying its own in https://github.com/MISP/cti-python-stix2, which are not compatible. The incompatibility results in fail of import of STIX2 jsons:

MISP/app/tmp/logs/exec-errors.log:

Traceback (most recent call last): File "/app/MISP/app/files/scripts/stix2/stix2misp.py", line 2061, in main(sys.argv) File "/app/MISP/app/files/scripts/stix2/stix2misp.py", line 2053, in main event = stix2.parse(f.read(), allow_custom=True, interoperability=True)

According to https://github.com/MISP/MISP/issues/3986, the solution is to use the MISP stix2 code.

amuehlem commented 3 years ago

Hi racco42

Thank you for bringing this up. I've created a new package python36-stix2-2.1.0-2 and pushed it to the repository. Can you test if the incompatibility is solved with this package?

racco42 commented 3 years ago

Yes, the import now works. Thanks!

amuehlem commented 3 years ago

Thank you for your feedback!

TanveerAhmad2017 commented 3 years ago

Yes, the import now works. Thanks! @amuehlem

Hi I am very beginner to git thing. Can you please tell me the command to pull in order to fix above mention issue like I have to pull whole MISP or new package36 only. I tried to pul using cd /var/www/MISP git pull origin 2.4 git submodule update cd cti-python-stix2/ /var/www/MISP/venv/bin/pip install .

but it didn't solve the problem.

exec-error.log=

Traceback (most recent call last): File "/var/www/MISP/app/files/scripts/stix2/stix2misp.py", line 2072, in main(sys.argv) File "/var/www/MISP/app/files/scripts/stix2/stix2misp.py", line 2065, in main stix_parser = StixFromMISPParser() if from_misp(event.objects) else ExternalStixParser() File "/var/www/MISP/venv/lib/python3.8/site-packages/stix2/base.py", line 198, in getattr raise AttributeError("'%s' object has no attribute '%s'" % AttributeError: 'Indicator' object has no attribute 'objects'

amuehlem commented 3 years ago

you just have to update the python36-stix2 RPM

yum update python36-stix2

TanveerAhmad2017 commented 3 years ago

you just have to update the python36-stix2 RPM

yum update python36-stix2

i am using ubuntu linux so i am trying to find a way to update python36-stix2. Will let you know if it works

amuehlem commented 3 years ago

This project creates MISP RPMs for Red Hat Linux / CentOS Linux, not Ubuntu

TanveerAhmad2017 commented 3 years ago

This project creates MISP RPMs for Red Hat Linux / CentOS Linux, not Ubuntu

Sorry my bad. i was unaware of that .The problem was related so followed. Thanks np