search

gcrahay / otx_misp

Imports Alienvault OTX pulses to a MISP instance
Other
52 stars 42 forks source link

Time Data mismatch #8

Closed pedromreis closed 7 years ago

pedromreis commented 7 years ago

Hi

Using: otx-misp --otx xxx -s https://x.y.z.a --misp xxxx --discover-tags -v -v -v -n -a -d

I got 4 pulses, excerpt:

AlienVault | Dridex Banking Trojan Returns, Leverages New UAC Bypass Method - 2017-01-26

 - Adding external analysis link: https://www.flashpoint-intel.com/blog-dridex-banking-trojan-returns/
 - Adding domain: 1fevh.top
 - Adding URL: http://1fevh.top/fiscal/
 - Adding MD5 hash: 6233778c733daa00ce5b9b25aae0a3cb
 - Adding MD5 hash: 30bfdcbc94be82c2c3c0553cfa62aa50
 - Adding SHA1 hash: 1bfd0ac86f1bf52a5e8814dafb4a9bc4d3628384
 - Adding ip: 81.130.131.55
 - Adding ip: 179.177.114.30
 - Adding ip: 84.234.75.108

[...]

 - Adding domain: poulsenv.com
 - Adding domain: wthelpdesk.com
 - Adding domain: cloud-maste.com

time data '2017-01-26T15:26:49' does not match format '%Y-%m-%dT%H:%M:%S.%f'

In the MISP I only get 1 event/pulse, and without any attributes:

Attribute warning: This event doesn't contain any attribute. It's strongly advised to populate the event with attributes (indicators, observables or information) to provide a meaningful event

Why do I only get 4 pulses? Why dont I get any attributes in MISP?

Thanks!

Pedro

gcrahay commented 7 years ago

Hi,

Can you post your versions of:

otx-misp PyMISP MISP

pedromreis commented 7 years ago

Hi:

pymisp==2.4.62 OTXv2==1.1 otx-misp==1.1 Powered by MISP 2.4.62

Tks

gcrahay commented 7 years ago

There are a lot of API changes between MISP/PyMISP v2.4.53 (the last version I've tested) and v2.4.62.

I'll try to fix that soon.

pedromreis commented 7 years ago

Humm, ok. And why did I only got 4 pulses from OTX?

gcrahay commented 7 years ago
pedromreis commented 7 years ago

OK, tks.