I am hoping to figure out what is breaking in this process, but I recently set up MISP and we were even successfully able to send about 30 events to Sentinel as of 09/04/24. However, when I try to manually push events, it seems to be seeing the events, but throws the 'Unexpected properties for Identity' error (which shows me that it is in fact able to log into MISP via the API key.. However, it seems to not process anything and sends nothing.
2024-09-12 07:58:29,673 - misp2sentinel - INFO - Start MISP2Sentinel 2024-09-12 07:58:29,673 - misp2sentinel - INFO - Fetching and parsing data from MISP ... 2024-09-12 07:58:29,673 - misp2sentinel - INFO - Using Microsoft Upload Indicator API 2024-09-12 07:58:29,952 - misp2sentinel - DEBUG - Query MISP for events. 2024-09-12 07:58:30,159 - misp2sentinel - INFO - Received MISP events page 1 with 8 events 2024-09-12 07:58:30,159 - misp2sentinel - ERROR - Error when processing data in event 1747 from MISP Unexpected properties for Identity: (interoperability).. Most likely a MISP-STIX conversion problem. 2024-09-12 07:58:30,159 - misp2sentinel - ERROR - Error when processing data in event 1748 from MISP Unexpected properties for Identity: (interoperability).. Most likely a MISP-STIX conversion problem. 2024-09-12 07:58:30,160 - misp2sentinel - ERROR - Error when processing data in event 1749 from MISP Unexpected properties for Identity: (interoperability).. Most likely a MISP-STIX conversion problem. 2024-09-12 07:58:30,160 - misp2sentinel - ERROR - Error when processing data in event 1750 from MISP Unexpected properties for Identity: (interoperability).. Most likely a MISP-STIX conversion problem. 2024-09-12 07:58:30,160 - misp2sentinel - ERROR - Error when processing data in event 1751 from MISP Unexpected properties for Identity: (interoperability).. Most likely a MISP-STIX conversion problem. 2024-09-12 07:58:30,161 - misp2sentinel - ERROR - Error when processing data in event 1752 from MISP Unexpected properties for Identity: (interoperability).. Most likely a MISP-STIX conversion problem. 2024-09-12 07:58:30,161 - misp2sentinel - ERROR - Error when processing data in event 1753 from MISP Unexpected properties for Identity: (interoperability).. Most likely a MISP-STIX conversion problem. 2024-09-12 07:58:30,161 - misp2sentinel - ERROR - Error when processing data in event 1754 from MISP Unexpected properties for Identity: (interoperability).. Most likely a MISP-STIX conversion problem. 2024-09-12 07:58:30,161 - misp2sentinel - INFO - Processed 0 indicators 2024-09-12 07:58:30,255 - misp2sentinel - INFO - Received 0 indicators in MISP 2024-09-12 07:58:30,607 - misp2sentinel - INFO - Start uploading indicators 2024-09-12 07:58:30,607 - misp2sentinel - INFO - Finished uploading indicators 2024-09-12 07:58:30,608 - misp2sentinel - INFO - End MISP2Sentinel
I even check the Enterprise app side of things, and I am actually seeing log successful service principal logins, so it does seem to still connect to the enterprise app with no issue:
We currently have a self-signed certificate to enable SSO to work on the server, but I have "misp_verifycert = False" in config.py. We did set this SSO up last week, and this is the only thing I can think of that might break anything, but I find it strange that it seems to be getting to MISP fine, and even goes out to the Enterprise App fine, but just doesn't seem to process anything to send in the first place.
I am hoping to figure out what is breaking in this process, but I recently set up MISP and we were even successfully able to send about 30 events to Sentinel as of 09/04/24. However, when I try to manually push events, it seems to be seeing the events, but throws the 'Unexpected properties for Identity' error (which shows me that it is in fact able to log into MISP via the API key.. However, it seems to not process anything and sends nothing.
2024-09-12 07:58:29,673 - misp2sentinel - INFO - Start MISP2Sentinel 2024-09-12 07:58:29,673 - misp2sentinel - INFO - Fetching and parsing data from MISP ... 2024-09-12 07:58:29,673 - misp2sentinel - INFO - Using Microsoft Upload Indicator API 2024-09-12 07:58:29,952 - misp2sentinel - DEBUG - Query MISP for events. 2024-09-12 07:58:30,159 - misp2sentinel - INFO - Received MISP events page 1 with 8 events 2024-09-12 07:58:30,159 - misp2sentinel - ERROR - Error when processing data in event 1747 from MISP Unexpected properties for Identity: (interoperability).. Most likely a MISP-STIX conversion problem. 2024-09-12 07:58:30,159 - misp2sentinel - ERROR - Error when processing data in event 1748 from MISP Unexpected properties for Identity: (interoperability).. Most likely a MISP-STIX conversion problem. 2024-09-12 07:58:30,160 - misp2sentinel - ERROR - Error when processing data in event 1749 from MISP Unexpected properties for Identity: (interoperability).. Most likely a MISP-STIX conversion problem. 2024-09-12 07:58:30,160 - misp2sentinel - ERROR - Error when processing data in event 1750 from MISP Unexpected properties for Identity: (interoperability).. Most likely a MISP-STIX conversion problem. 2024-09-12 07:58:30,160 - misp2sentinel - ERROR - Error when processing data in event 1751 from MISP Unexpected properties for Identity: (interoperability).. Most likely a MISP-STIX conversion problem. 2024-09-12 07:58:30,161 - misp2sentinel - ERROR - Error when processing data in event 1752 from MISP Unexpected properties for Identity: (interoperability).. Most likely a MISP-STIX conversion problem. 2024-09-12 07:58:30,161 - misp2sentinel - ERROR - Error when processing data in event 1753 from MISP Unexpected properties for Identity: (interoperability).. Most likely a MISP-STIX conversion problem. 2024-09-12 07:58:30,161 - misp2sentinel - ERROR - Error when processing data in event 1754 from MISP Unexpected properties for Identity: (interoperability).. Most likely a MISP-STIX conversion problem. 2024-09-12 07:58:30,161 - misp2sentinel - INFO - Processed 0 indicators 2024-09-12 07:58:30,255 - misp2sentinel - INFO - Received 0 indicators in MISP 2024-09-12 07:58:30,607 - misp2sentinel - INFO - Start uploading indicators 2024-09-12 07:58:30,607 - misp2sentinel - INFO - Finished uploading indicators 2024-09-12 07:58:30,608 - misp2sentinel - INFO - End MISP2SentinelI even check the Enterprise app side of things, and I am actually seeing log successful service principal logins, so it does seem to still connect to the enterprise app with no issue:
We currently have a self-signed certificate to enable SSO to work on the server, but I have "misp_verifycert = False" in config.py. We did set this SSO up last week, and this is the only thing I can think of that might break anything, but I find it strange that it seems to be getting to MISP fine, and even goes out to the Enterprise App fine, but just doesn't seem to process anything to send in the first place.