seantree
commented
6 years ago Hi @hakawati can you please tell me how did you installed IRMA on the same machine? Because I am also getting some problems
Open hakawati opened 6 years ago
seantree
commented
6 years ago Hi @hakawati can you please tell me how did you installed IRMA on the same machine? Because I am also getting some problems
hakawati
commented
6 years ago Hi @seantree I downloaded pre-packaged appliance. And it installed on the other machine. Probably because it is a new version.
seantree
commented
6 years ago so you have installed only 1 AV on that ? Clam-AV? from where you downloaded pre-packaged appliance ? because I am executing single commands each time
hakawati
commented
6 years ago @seantree I did not install AV, I only installed brain of IRMA. In v2.0, it seems to output calmav detection by default.
seantree
commented
6 years ago @hakawati can you please provide me some link so that I can try that
hakawati
commented
6 years ago @seantree I seen http://irma.quarkslab.com/
seantree
commented
6 years ago I have also tried that they have some steps mentioned have you downloaded the machine from there?
hakawati
commented
6 years ago I just wanted to know how to work with the IRMA. Also, I used nested virtualization and my system was out of memory. So I did not configure AV VMs.
seantree
commented
6 years ago ok I am looking for someone who has configured multiple AV VM's need guidance on that, I think @doomedraven has did that before.
hakawati
commented
6 years ago I am testing many features of Cuckoo Sandbox. If I get a new system in the future, and I can test AV VMs, I will share the methods and share them. Before that, please let me know if you succeed. :)
razuz
commented
6 years ago @hakawati you get this only when IRMA enabled ?
seantree
commented
6 years ago sure @hakawati
hakawati
commented
6 years ago @razuz I tested only IRMA brain v1.5 and v2.0. When I tested v1.5, the above Elasticsearch was not output warning message, but when I tested v2.0, I saw the above warning message.
razuz
commented
6 years ago alright ... I'll take a look @ it
jbremer
commented
6 years ago Any update here?
ch0k0bn
commented
6 years ago Just see this issue and it could be linked to https://github.com/quarkslab/irma/issues/40 using apiv2 on latest version should output indexable json object. maybe its linked to the irma connector still using api v1.1
Thanks for creating an issue! But first: did you read our community guidelines? https://cuckoo.sh/docs/introduction/community.html
My issue is:
When using IRMA 2.0 and cuckoo sandbox, Elasticsearch Warning.
My Cuckoo version and operating system are:
Cuckoo: 2.0.5.3 IRMA: 2.0.4 Ubuntu: 16.04
The log, error, files etc can be found at:
2018-03-27 19:10:25,906 [cuckoo.core.plugins] WARNING: The reporting module "ElasticSearch" returned the following error: Failed to save results in ElasticSearch for task #2: TransportError(400, u'illegal_argument_exception', u"Can't merge a non object mapping [irma.probe_results.results] with an object mapping [irma.probe_results.results]")