Jun 21, 2023 @ 20:35:17.000 wazuh-integratord ERROR Unable to run integration for custom-misp.py -> integrations
Jun 21, 2023 @ 20:35:17.000 wazuh-integratord ERROR While running custom-misp.py -> integrations. Output: KeyError: 'data'
MISP integration is limited to type 3 and 22 at this time.
Attempts to rectify the issue.
Check MISP Application logs for API access - correct
Script is correct in relation to URL and API key
Check Sysmon installation on all Windows Endpoints - configuration file not iaw with this repository
Change configuration file to one SOCFortress uses and restart endpoints (miles out of date - yours no changes 2 years)
Rewatch your YouTube video and confirm that, Rule.Groups is correct iaw python script - yes
Access local MISP server - search for malicious domains and ping them. No alerts
Replace the entire custom-misp.py file with raw copy changing URL and API Key and issuing reboot commmand
Wazuh version v4.4.3
MISP version - Latest via MSIP WebUI
Current API calls since implementation = 110500
Taylor,
Sorry to bother you again - but have issue with Python script here.
https://github.com/socfortress/Wazuh-Rules/blob/main/MISP/custom-misp.py
Wazuh logs is reporting an error as below.
Jun 21, 2023 @ 20:35:17.000 wazuh-integratord ERROR Unable to run integration for custom-misp.py -> integrations Jun 21, 2023 @ 20:35:17.000 wazuh-integratord ERROR While running custom-misp.py -> integrations. Output: KeyError: 'data'
MISP integration is limited to type 3 and 22 at this time.
Attempts to rectify the issue.
Wazuh version v4.4.3 MISP version - Latest via MSIP WebUI Current API calls since implementation = 110500