Open david-rundle-xor opened 7 years ago
cvdsouza
commented
7 years ago What version of passivetotal are you running ? I believe you should have version 1.0.23 , pip install passivetotal==1.0.23
the higher versions error out , haven't figured out why.
ghost
commented
7 years ago Yes confirm. Same behavior. If i do only a : pip install passivetotal ==> NOK ! so : pip install passivetotal==1.0.23 correct the thing and service is available.
david-rundle-xor
commented
7 years ago Thx - crits failed our proof of concept in many places. Not scaleable, could not implement Mitre's own Stix/taxii standards.
Sent from my Galaxy Tab® S2 -------- Original message --------From: action09 notifications@github.com Date: 8/26/17 9:21 PM (GMT-05:00) To: crits/crits_services crits_services@noreply.github.com Cc: david-rundle-xor david.rundle@xorsecurity.com, Author author@noreply.github.com Subject: Re: [crits/crits_services] Passivetotal_service: cannot import name DnsResponse (#316) Yes confirm. Same behavior. If i do only a :
pip install passivetotal
==> NOK !
so :
pip install passivetotal==1.0.23
correct the thing and service is available.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.
{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/crits/crits_services","title":"crits/crits_services","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/crits/crits_services"}},"updates":{"snippets":[{"icon":"PERSON","message":"@action09 in #316: Yes confirm. Same behavior. If i do only a :\r\npip install passivetotal\r\n==\u003e NOK !\r\nso :\r\npip install passivetotal==1.0.23\r\ncorrect the thing and service is available.\r\n\r\n"}],"action":{"name":"View Issue","url":"https://github.com/crits/crits_services/issues/316#issuecomment-325171093"}}}
iglocska
commented
7 years ago could not implement Mitre's own Stix/taxii standards.
CRITS having its own sane format isn't necessarily a bad thing at all.
mgoffin
commented
7 years ago It also does support those (no longer MITRE) standards, just not natively because the community didn’t want it forced upon them. Just need to install the TAXII service.
Also scales fairly well with mongo so not sure about hat either.
On Sun, Aug 27, 2017 at 2:54 AM Andras Iklody notifications@github.com wrote:
could not implement Mitre's own Stix/taxii standards.
CRITS having its own sane format isn't necessarily a bad thing at all.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/crits/crits_services/issues/316#issuecomment-325180823, or mute the thread https://github.com/notifications/unsubscribe-auth/AAP7CUyPOs7DzrL12kXj_k8RGSXMbtS5ks5scRK-gaJpZM4NVkoi .
david-rundle-xor
commented
7 years ago No, even with the taxii service, there's large parts of the standard implemented incorrectly which strip out data and drop context about campaigns, actors, and interrelationships. Trust me - ran these dead ends into brick walls at speed face first too many times. Sent from my Galaxy Tab® S2 -------- Original message --------From: Mike Goffin notifications@github.com Date: 8/27/17 9:19 AM (GMT-05:00) To: crits/crits_services crits_services@noreply.github.com Cc: david-rundle-xor david.rundle@xorsecurity.com, Author author@noreply.github.com Subject: Re: [crits/crits_services] Passivetotal_service: cannot import name DnsResponse (#316) It also does support those (no longer MITRE) standards, just not natively
because the community didn’t want it forced upon them. Just need to install
the TAXII service.
Also scales fairly well with mongo so not sure about hat either.
On Sun, Aug 27, 2017 at 2:54 AM Andras Iklody notifications@github.com
wrote:
could not implement Mitre's own Stix/taxii standards.
CRITS having its own sane format isn't necessarily a bad thing at all.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
https://github.com/crits/crits_services/issues/316#issuecomment-325180823,
or mute the thread
.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.
{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/crits/crits_services","title":"crits/crits_services","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/crits/crits_services"}},"updates":{"snippets":[{"icon":"PERSON","message":"@mgoffin in #316: It also does support those (no longer MITRE) standards, just not natively\nbecause the community didn’t want it forced upon them. Just need to install\nthe TAXII service.\n\nAlso scales fairly well with mongo so not sure about hat either.\n\nOn Sun, Aug 27, 2017 at 2:54 AM Andras Iklody \u003cnotifications@github.com\u003e\nwrote:\n\n\u003e could not implement Mitre's own Stix/taxii standards.\n\u003e\n\u003e CRITS having its own sane format isn't necessarily a bad thing at all.\n\u003e\n\u003e —\n\u003e You are receiving this because you are subscribed to this thread.\n\u003e Reply to this email directly, view it on GitHub\n\u003e \u003chttps://github.com/crits/crits_services/issues/316#issuecomment-325180823\u003e,\n\u003e or mute the thread\n\u003e \u003chttps://github.com/notifications/unsubscribe-auth/AAP7CUyPOs7DzrL12kXj_k8RGSXMbtS5ks5scRK-gaJpZM4NVkoi\u003e\n\u003e .\n\u003e\n"}],"action":{"name":"View Issue","url":"https://github.com/crits/crits_services/issues/316#issuecomment-325197896"}}}
iglocska
commented
7 years ago In my experience,, pretty much anything that claims to do STIX will have a < 100% correct ingest for other STIX sources out there, which is an inherent issue with standards that allow many different ways to describe the same thing (just have a look at how many ways you can describe something as simple as an IP address in STIX 1.x). If you have one specific source of STIX data, then you can get away with simply finding the tool that ingests with the highest success rate, but that's about it.
Alternatively, you can look for a tool (such as Soltra) that simply ingests an xml document as is, but doesn't allow you to do much with it.
Crits is a tool that allows you to do much more with your ingested data, but this of course comes at a cost of < 100% perfect mapping.
mgoffin
commented
7 years ago The TAXII service is also something supported by folks in the community that use the standard. If there’s something not working, missing, etc. feel free to drop an issue or a PR on Github! We love hearing from other devs who want to contribute.
As for not being 100% compliant I would agree with Andras that it is literally impossible. The standard gives you the ability to create your own custom object which requires someone to know how it is built to parse it correctly. That requires custom code and that to me sucks.
On Sun, Aug 27, 2017 at 11:58 AM Andras Iklody notifications@github.com wrote:
In my experience,, pretty much anything that claims to do STIX will have a < 100% correct ingest for other STIX sources out there, which is an inherent issue with standards that allow many different ways to describe the same thing (just have a look at how many ways you can describe something as simple as an IP address in STIX 1.x). If you have one specific source of STIX data, then you can get away with simply finding the tool that ingests with the highest success rate, but that's about it.
Alternatively, you can look for a tool (such as Soltra) that simply ingests an xml document as is, but doesn't allow you to do much with it.
Crits is a tool that allows you to do much more with your ingested data, but this of course comes at a cost of < 100% perfect mapping.
— You are receiving this because you commented.
Reply to this email directly, view it on GitHub https://github.com/crits/crits_services/issues/316#issuecomment-325207142, or mute the thread https://github.com/notifications/unsubscribe-auth/AAP7CS332Z-kj3eKHZ9b_rx86Qe6mgE5ks5scZJAgaJpZM4NVkoi .
![https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open](https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open){kind=link}
crits.log reporting: crits.services.core Failed to import service (passivetotal_service): cannot import name DnsResponse
Validated that passivetotal module is installed correctly.