CIF python client, module not found

[TheDropZone]

Ubuntu 16 LTS

After installing the Python client: pip install 'cifsdk>=5.0b1,<6.0' (also tried 5.0b4), runnig the cif command results in the following error message. It states that it can't find the 'geoip2' module, although all requirements are satisfied.

Figured i'd at least post this in case this wasn't a known issue. It also may be nothing and completely on my end so feel free to dismiss.

[TheDropZone]

On the API side, running a simple "google.com" query on the /indicators [get] endpoint results in the above errors. These errors are seen running itype-tag api queries as well.

[wesyoung]

for the first post, few things:

• cifsdk is missing a dep i need to tweak a bit, i updated the doc to reflect:

  pip3 install geoip2 'cifsdk>=5.0b4,<6.0'

as for the second issue, this is what i get using the sdk:

$ cif -nq google.com
+-----+-------+-------------+-----------+-----+----+----------+---------+-------+------+-------------+------------+-------+----------+-------------+-----------+
| tlp | group | reported_at | indicator | asn | cc | first_at | last_at | count | tags | description | confidence | rdata | provider | probability | reference |
+-----+-------+-------------+-----------+-----+----+----------+---------+-------+------+-------------+------------+-------+----------+-------------+-----------+
+-----+-------+-------------+-----------+-----+----+----------+---------+-------+------+-------------+------------+-------+----------+-------------+-----------+

which should work. that said the client requires python3.6+ to work correctly (eg: ubuntu 18LTS).

how are you running the query? (i'm guessing you're trying to do it outside of the SDK? if so what's the url being run against it) ?

fwiw- i created a sample Vagrantfile which shows how i'm standing up a working Ubuntu 18 LTS box (with docker) to get running. Even if you aren't familiar with vagrant, you should be able to script out those commands to get the right bits installed..

make sense?

[TheDropZone]

@wesyoung thanks for the update. I will give that tweak a try. Also, I was using the swagger API to try out rest calls on the service, when I was receiving those errors. However, I think I may know where the issue is. I was using an Ubuntu 16 LTS instance, as I had read about using that for previous CIF versions. I will spin up an Ubuntu 18 instance and apply that script and hopefully we'll be good to go. Thanks!

[TheDropZone]

@wesyoung I followed your vagrant file, and have an Ubuntu 18LTS instance up on AWS. The CIF server seems to be running great and downloading all the files. However, running actually queries seems to be causing a few issues. Running:

curl -X GET "http://3.20.183.142:5000/indicators?tags=botnet&itype=ipv4" -H "accept: application/json"

from the swagger api results in:

Additionally, following the pip3 install after all Vagrant based imports were made results in:

ubuntu@ip-10-0-9-250:~$ cif

Command 'cif' not found, did you mean:

  command 'kif' from snap kif (0.2.0)
  command 'cil' from deb cil
  command 'cpif' from deb noweb
  command 'caf' from deb open-coarrays-bin
  command 'uif' from deb uif
  command 'ci' from deb rcs
  command 'clif' from deb clif

See 'snap info <snapname>' for additional versions.

It seems as though the server is up and running great, but interacting with it does seem to still be an issue. Thanks!

[wesyoung]

I ran into the same thing too- it installs to your ~/.local/... which gets into your $PATH, but you have to re-login for your ENV to pick it up...

[TheDropZone]

That did it for me!