KeyError in CIF

[ThreatHunterDiary]

Hi Team,

Currently trying to install bearded_avenger in CentOS 7.

I followed Installation Guide (Easy Button) and after that QuickStart [Development Guide] step y step.

But when I try to run

cif -q google.com -d

it is giving me a simple yet complicated python error. Here's the Output:

2017-01-10 08:18:19,166 - INFO - cifsdk.client.client[153][MainThread] - searching for google.com
2017-01-10 08:18:19,191 - DEBUG - requests.packages.urllib3.connectionpool[212][MainThread] - Starting new HTTP connection (1): localhost
2017-01-10 08:18:43,789 - DEBUG - requests.packages.urllib3.connectionpool[400][MainThread] - http://localhost:5000 "GET /search?nolog=False&indicator=google.com&limit=500 HTTP/1.1" 200 68
Traceback (most recent call last):
  File "/usr/bin/cif", line 11, in <module>
    load_entry_point('cifsdk', 'console_scripts', 'cif')()
  File "/usr/lib/python2.7/site-packages/cifsdk/client/client.py", line 158, in main
    'nolog': options['nolog']
  File "/usr/lib/python2.7/site-packages/cifsdk/client/http.py", line 164, in indicators_search
    rv = self._get('/search', params=filters)
  File "/usr/lib/python2.7/site-packages/cifsdk/client/http.py", line 68, in _get
    if isinstance(msgs['data'], list):
KeyError: 'data'

Kindly request you to guide me!

[wesyoung]

which release are you using?

https://github.com/csirtgadgets/bearded-avenger/releases

[ThreatHunterDiary]

Hi @wesyoung ,

I am using the latest release i.e., 3.0.0a14

[wesyoung]

are you using 7.1 or 7.2?

if you ran the easy button, you don't need to run anything from "development guide"; only the steps from here:

https://github.com/csirtgadgets/bearded-avenger/wiki/CentOS7#easybutton [ignore the Vagrant section]

my guess if you re-ran some of those commands, something broke somewhere.. does that make sense?

[ThreatHunterDiary]

Actually i am using CentOS 7.3.1611 (Minimal).

And I did not get that part about the steps! Because in the the [Development Guide] part only it is creating tokens. If so, Are you trying to say that there is no need to create tokens and it will run perfectly without it?

I'll try fresh implementation with only "EasyButton".

And I am still little confused about it's workflow!

[wesyoung]

On Jan 11, 2017, at 7:52 AM, Jeet Ashutosh Pandya notifications@github.com wrote:

Actually i am using CentOS 7.3.1611 (Minimal).

we haven’t tested it with 7.3 yet, only 7.2 (this is this a good learning exp for all of us :))

And I did not get that part about the steps! Because in the the [Development Guide] part only t is creating tokens. If so you are trying to say that there is no need to create tokens and it will run without it?

correct. the easy-button does all the work in getting the tokens generated and building your ~/.cif.yml file

And I'll try installing fresh with only "EasyButton”.

• 1

And I am still little confused about it's workflow!

how so? maybe we can start with; what are you trying to do with CIF?

-- wes wesyoung.me

[ThreatHunterDiary]

how so? maybe we can start with; what are you trying to do with CIF? Firstly I want to get data (Threat Intelligence data) from all public feeds

After it gets successfully implemented and its working fine, I want to integrate it with Kibana and Splunk.

[wesyoung]

ah, do ping the cif-users list as i don't have any great doc for CIFv3 just yet (some users do that kinda setup with CIFv2).. maybe we can get some users to help us work through it and post teh doc somewhere...

[ThreatHunterDiary]

I am going with fresh implementation so don't know about pinging now but i'll keep it in mind.

And anyway if you are having any kind of documentation of CIFv3 that you can provide that would be real great!

Thank you!