search

gcrahay / otx_misp

Imports Alienvault OTX pulses to a MISP instance
Other
52 stars 42 forks source link

OTX-MISP Error - Update Environment #38

Open guioday83 opened 4 years ago

guioday83 commented 4 years ago

Description

otx-misp appers to be not working to publish event on updated environment.

runing otx-misp with "-d" options runs smoothly, but when removing (real publishing) we got following error..

Error: 'TypeError' object has no attribute 'message'

Versions

Traceback or error

/var/www/MISP/venv/bin/otx-misp -o ** -s "http://127.0.0.1:8080/" -m **** -a -u --discover-tags --to-ids --distribution connected --author-tag --bulk-tag OTX --dedup-titles

Error: 'TypeError' object has no attribute 'message'

davecabio commented 4 years ago

I'm getting the same error

crypto-cypher commented 4 years ago

There's a hot-fix here... https://github.com/obert01/otx_misp/tree/fix-api

git clone -b fix-api https://github.com/obert01/otx_misp.git
cd otx_misp
pip3 install .
guioday83 commented 4 years ago

Thanks... running smoothly with this fix.

image

milannshrestha commented 4 years ago

Description

otx-misp appers to be not working to publish event on updated environment.

runing otx-misp with "-d" options runs smoothly, but when removing (real publishing) we got following error..

Error: 'TypeError' object has no attribute 'message'

Versions

* otx-misp: 1.4.3

* PyMISP: 2.4.123

* MISP:  v2.4.123

* Python (Python 2 will not be supported): Python 3.6.9

* Operating system: Ubuntu 18.04.3 LTS

Traceback or error

/var/www/MISP/venv/bin/otx-misp -o ** -s "http://127.0.0.1:8080/" -m **** -a -u --discover-tags --to-ids --distribution connected --author-tag --bulk-tag OTX --dedup-titles

Error: 'TypeError' object has no attribute 'message'

Same error here,

otx-misp -o XXXXXXXXXXXXXXXXXX-s http://misp.XXXXX.XXX -m XXXXXXXXXXXXXXXXXXXXXXXX Error: 'TypeError' object has no attribute 'message'

rustybrooks commented 4 years ago

Note, a fork of otx-misp has fixed this problem I believe: https://github.com/obert01/otx_misp

I myself did not go down this road. Here's the problem as I see it

  1. MISP and pymisp (which otx-misp uses) are tightly coupled - you generally need a newish version of pymisp to interact with MISP or things don't work
  2. pymisp underwent a fairly large change to how it works a few months ago - it created enough incompatibility that it's a pretty big job to update otx-misp - look at the last commit in the repo above. It's a bit rude to have an API change this large in such a minor release of pymisp
  3. because MISP and pymisp are tightly coupled you can't even just roll back to an older version of pymisp, because it won't work with new MISP server installs.
  4. because of this, even though it's now fixed in the repo above, that repo might not work with older MISP servers.

I kind of gave up on fixing this and I'm going to instead, I think, make MISP feeds for OTX. I did the first one here, which lets you get a MISP feed from a group, as a POC https://otx.alienvault.com/api/groups/GROUPID/misp_feed you can add this as a feed in MISP, you'll need to give X-OTX-API-KEY: YOURKEYHERE in the headers box.

I will probably add more MISP feed support in the near future

V1D1AN commented 4 years ago

There's a hot-fix here... https://github.com/obert01/otx_misp/tree/fix-api

git clone -b fix-api https://github.com/obert01/otx_misp.git
cd otx_misp
pip3 install .

Thanks, it's work for me :)

milannshrestha commented 4 years ago

There's a hot-fix here... https://github.com/obert01/otx_misp/tree/fix-api

git clone -b fix-api https://github.com/obert01/otx_misp.git
cd otx_misp
pip3 install .

Thanks, it's work for me :)

  File "/home/xxxxx/.local/lib/python3.6/site-packages/pymisp/api.py", line 92, in __init__
    self._current_user, self._current_role, self._current_user_settings = self.get_user(pythonify=True, expanded=True)
  File "/home/xxxx/.local/lib/python3.6/site-packages/pymisp/api.py", line 1266, in get_user
    role.from_dict(**user_j['Role'])
KeyError: 'Role'
Error: Cannot connect to MISP instance: Unable to connect to MISP (https://misp.xxxx.xxxx). Please make sure the API key and the URL are correct (http/https is required): 'Role'

I got this err. although the url and api are correct, Any fix?

crypto-cypher commented 4 years ago

There's a hot-fix here... https://github.com/obert01/otx_misp/tree/fix-api

git clone -b fix-api https://github.com/obert01/otx_misp.git
cd otx_misp
pip3 install .

Thanks, it's work for me :)

  File "/home/xxxxx/.local/lib/python3.6/site-packages/pymisp/api.py", line 92, in __init__
    self._current_user, self._current_role, self._current_user_settings = self.get_user(pythonify=True, expanded=True)
  File "/home/xxxx/.local/lib/python3.6/site-packages/pymisp/api.py", line 1266, in get_user
    role.from_dict(**user_j['Role'])
KeyError: 'Role'
Error: Cannot connect to MISP instance: Unable to connect to MISP (https://misp.xxxx.xxxx). Please make sure the API key and the URL are correct (http/https is required): 'Role'

I got this err. although the url and api are correct, Any fix?

Did you add http:// or https:// in front of your server IP or domain?

milannshrestha commented 4 years ago

Did you add http:// or https:// in front of your server IP or domain? Ya!