search

mlsecproject / combine

Tool to gather Threat Intelligence indicators from publicly available sources
https://www.mlsecproject.org/
GNU General Public License v3.0
650 stars 179 forks source link

Finding difficulty Adding Mlsecproject /combine project into CRITs #135

Open ashokmadgenius opened 9 years ago

ashokmadgenius commented 9 years ago

hi hello. i tried running all these separately one by one..

  1. python reaper.py - No issues
  2. python thresher.py - No issues
  3. python winnower.py - Issue (DNSDB API Not Configured) : i would like to know the seriousness of missing this field since waiting for approval from farsightsecurity.com
  4. python baler.py - no issues

but after this i tried to run python combine.py But this is wat i get.. any solutions?

Exception in thread Thread-7: Traceback (most recent call last): File "/usr/lib/python2.7/threading.py", line 810, in bootstrap_inner self.run() File "/usr/lib/python2.7/threading.py", line 763, in run self.__target(_self.args, _self.__kwargs) File "/data/combine-master/baler.py", line 122, in bale_CRITs_indicator res = requests.post(url, data=data, verify=False) File "/data/combine-master/venv/local/lib/python2.7/site-packages/requests/api.py", line 99, in post return request('post', url, data=data, json=json, _kwargs) File "/data/combine-master/venv/local/lib/python2.7/site-packages/requests/api.py", line 49, in request response = session.request(method=method, url=url, _kwargs) File "/data/combine-master/venv/local/lib/python2.7/site-packages/requests/sessions.py", line 447, in request prep = self.prepare_request(req) File "/data/combine-master/venv/local/lib/python2.7/site-packages/requests/sessions.py", line 378, in prepare_request hooks=merge_hooks(request.hooks, self.hooks), File "/data/combine-master/venv/local/lib/python2.7/site-packages/requests/models.py", line 303, in prepare self.prepare_url(url, params) File "/data/combine-master/venv/local/lib/python2.7/site-packages/requests/models.py", line 356, in prepare_url raise InvalidURL(e.args) InvalidURL: Failed to parse: 127.0.0.1:8080ips

ashokmadgenius commented 9 years ago

finally after running the combine.py i got output like : INFO: 538082 indicators to CRITs... but no output on my dashboard

ashokmadgenius commented 9 years ago

i have found the topic opened on ¨Adding data into CRITs #130 ¨ useful at some cases of my configuration. Thanks.. but my problem not solved completely.. i anticipate some faster response from farsightsecurity.com

ashokmadgenius commented 9 years ago

Solution:

  1. Add the inbound and outbound URLs domain address
  2. Grand user permissions to the user (ex: if username is "crits")

Note: I will attach with the screen shots of it in my next posts. soon..

alexcpsec commented 9 years ago

Thanks. I would really appreciate if you can contribute a "short guide" for this integration on the Wiki if you have the bandwidth.

I'll keep this issue open until you can confirm everything is working fine.

PS: sorry for not showing up sooner, RSA Conference week is a killer.

ashokmadgenius commented 9 years ago

@alexcpsec hi, i fixed the issue going through code lines. And now my updates are working fine by receiving from 'combine' proj. I would really like to do a documentation on the same, to make it simple. Thank you :)

alexcpsec commented 9 years ago

Please. If you can get something together and PR it to us, I'd really appreciate it.

Brambopulos commented 3 years ago

Could I bump this just to grab the input of those involved? I'd love to understand that solution that was written out a bit better