search

gcrahay / otx_misp

Imports Alienvault OTX pulses to a MISP instance
Other
52 stars 42 forks source link

500 Server Error: Internal Server Error for url: https://misp/tags #13

Open SparkyNZL opened 7 years ago

SparkyNZL commented 7 years ago

Description

Im trying to pull evens from OTX AlienVault . I am useing the folling command

otx-misp -o -s https://misp -m -u --discover-tags --threat-level low --bulk-tag OTX --dedup-titles

I get the following error

500 Server Error: Internal Server Error for url: https://misp/tags

Versions

Traceback or error

None

gcrahay commented 7 years ago

Thanks for reporting. The PyMISP or MISP API might have changed. I'll check that soon.

SparkyNZL commented 7 years ago

Cheers thanks :)

gcrahay commented 7 years ago

I can't reproduce the bug with otx-misp 1.2.1 or 1.3.0. Can you check with the 1.3.0 version?

CQRuu commented 7 years ago

Hi, I'm having the same error as well for --discover-tags

500 Server Error: Internal Server Error for url: https://my-url/tags

Versions

otx-misp: 1.4.0 PyMISP: 2.4.77 MISP: 2.4.76 Python: 2.7 & 3.5 Operating system: Ubuntu 16.04

please advise? thank you!

Foneman38 commented 7 years ago

I am having the same issue. Has there been any resolution to this?

Versions: otx-misp: 1.4.1 PyMISP: 2.4.80 Python: 2.7.13 & 3.5.3 OS: Debian 9.1

TheDr1ver commented 6 years ago

So I think this is an issue where the MISP tags controller spits out an error if you try tagging an event with the same tag twice.

A possible OTX-based workaround would be to check if a given tag already exists on the event in question prior to adding the tag. Then, if it exists already, skip the add.

I tried working on fixing this earlier today but have run out of time to mess with it, so feel free to pick this up and run with it in a PR:

Add this function (might be broken, but the general idea is there) to ../otx_misp/__init__.py

def check_tag(misp, event, tag):
    """
    Checks if a tag exists for a given event.

    :param misp: MISP connection object
    :type misp: :class:`pymisp.PyMISP` 
    :param event: a MISP event
    :param tag: tag to check
    :return: None
    """
    raw_tags = misp.get_all_tags()

    for exist_tag in raw_tags['Tag']:
        if exist_tag['name']==tag:
            tag_id = exist_tag['id']
    for evt_tag in event['EventTag']:
        if tag_id==evt_tag['id']:
            return True

    return False

Then this section should look like the following:

    if author_tag:
        if not check_tag(misp, event, pulse['author_name']):
            tag_event(misp, event, pulse['author_name'])
        else:
            log.info("\t - Tag already exists. Skipping:".format(pulse['author_name']))

    if bulk_tag is not None:
        if not check_tag(misp, event, bulk_tag):
            tag_event(misp, event, bulk_tag)
        else:
            log.info("\t - Tag already exists. Skipping:".format(bulk_tag))

And something similar should probably be implemented before the final tag_event.