Hi, Can anyone give guidance to why Maltego client receives an error

To clarify things:1. Docker installation guide [here](<a href="https://

Local MISP sends an error message to Maltego client about misp-maltego HOT 11 CLOSED

misp commented on June 9, 2024

Local MISP sends an error message to Maltego client

from misp-maltego.

Comments (11)

cvandeplas commented on June 9, 2024

Hi, can you explain a bit more your setup?
More specifically why you chose to install the docker image. Do you have a local transform server?
How did you install the transforms? (transform hub, locally installed, through your own transform server)

from misp-maltego.

TickledBlueB commented on June 9, 2024

Hi! The purchase from Maltego only included a docker image container. I ask multiple times for a .ova file, to ease the installation and further setup, but they claim that its deprecated. Their new thing i guess. Setup is as follows: 1. Docker containers with Maltego server "CTAS "(transform and dispatcher, PostgreSQL). 2. Local MISP installation via Github script (automated install, no changes made except passwords). 3. Logged in to local MISP, added a user x and gave user rights. 4. On a Maltego XL Client added a new local transform via GUI. See attachment. (Offline clients) 4a Added the API key of the user 4b. Tested with a IP address and got the error message. Any guesses what could be missing or wrong. I contacted the Maltego support also and the sent me to you. Sincerely Sent with [ProtonMail](https://protonmail.com) Secure Email. ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐

…

On Wednesday, August 26, 2020 8:51 AM, Christophe Vandeplas ***@***.***> wrote: Hi, can you explain a bit more your setup? More specifically why you chose to install the docker image. Do you have a local transform server? How did you install the transforms? (transform hub, locally installed, through your own transform server) — You are receiving this because you authored the thread. Reply to this email directly, [view it on GitHub](#41 (comment)), or [unsubscribe](https://github.com/notifications/unsubscribe-auth/AQPRWZZTMX2HXZW5IQUKQA3SCSPE7ANCNFSM4PTG7AJQ).

from misp-maltego.

cvandeplas commented on June 9, 2024

Ok, so you're running your own CTAS server? Interesting. I believe you're the first one. I'm not familiar with running your own CTAS server, but I'm sure we'll get to something that works.

Is this for a single user, or a group of users?

for a single user I highly recommend to run misp-maltego in local transform mode. That's much easier. You can connect to any MISP server you want (also local), and can easily update the code.
for many users I guess configuring everything though your local CTAS and local transform servers would be the best. (see questions below)

So can you confirm you have:
1/ a client with Maltego GUI
2/ a server VM (docker) with CTAS
3/ a server VM (or docker) with MISP-maltego running in transform server mode
In relation to point 2: I expect you also created a configuration in CTAS referencing MISP maltego? How did you do this?

In relation to point 3: Test if your misp-maltego transform server is running:

Can you enter your MISP-maltego transform server (VM or docker) and confirm /usr/bin/python3 /usr/local/bin/twistd is running?
Can you curl -vv -k https://<your_misp-maltego_transform_server>/MISP_maltego.SearchInMISP. This should return a HTTP 200 OK response with Yes? as response body.

from misp-maltego.

TickledBlueB commented on June 9, 2024

To clarify things: 1. Docker installation guide [here](https://docs.maltego.com/support/solutions/articles/15000034188-deploying-with-docker) with what was the guide. // your point 1 and 2 answer Yes, running a CTAS server (docker container - up/running). An address https://<ctas_server_ip>/remotetas.xml is configured to get and send data to 2 Maltego XL clients. There is actually no more configuration needed to be done there. Local CTAS server requires a license and then its functional, acting as a proxy for the clients (in my understanding). 2. Local MISP installation was done with [this guide](https://github.com/MISP/MISP-maltego#local-transform-installation). // you point 3 misp-maltego server A VM installation as instructed. Ubuntu 20.04 (updated a month ago) Can locate - python3.8 (/usr/bin/python3.8) Not present twistd (did not get installed with misp-maltego dependencies) misp@misp:~$ curl -vv -k [https://](https://X.X.X.X/MISP_maltego.SearchInMISP)<your_misp-maltego_transform_server>[/MISP_maltego.SearchInMISP](https://X.X.X.X/MISP_maltego.SearchInMISP) * Trying <your_misp-maltego_transform_server>:443... * TCP_NODELAY set * Connected to <your_misp-maltego_transform_server> (<your_misp-maltego_transform_server>) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: /etc/ssl/certs * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.3 (IN), TLS handshake, CERT verify (15): * TLSv1.3 (IN), TLS handshake, Finished (20): * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.3 (OUT), TLS handshake, Finished (20): * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 * ALPN, server accepted to use http/1.1 * Server certificate: * subject: C=LU; ST=State; L=Location; O=Organization; OU=Organizational Unit; CN=misp.local; [email protected] * start date: Jul 24 08:42:19 2020 GMT * expire date: Jul 24 08:42:19 2021 GMT * issuer: C=LU; ST=State; L=Location; O=Organization; OU=Organizational Unit; CN=misp.local; [email protected] * SSL certificate verify result: self signed certificate (18), continuing anyway.

GET /MISP_maltego.SearchInMISP HTTP/1.1 Host: <your_misp-maltego_transform_server> User-Agent: curl/7.68.0 Accept: */*

* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * old SSL session ID is stale, removing * Mark bundle as not supporting multiuse < HTTP/1.1 302 Found < Date: Wed, 26 Aug 2020 08:43:08 GMT < Server: Apache/2.4.41 (Ubuntu) < Strict-Transport-Security: max-age=31536000; includeSubdomains; < X-Content-Type-Options: nosniff < X-Frame-Options: SAMEORIGIN < Set-Cookie: MISP-ea8eb3d6-56e7-4398-99c3-70ba73c9e9d3=umj5gu77tabhmt62cnjaqre2a6; expires=Fri, 28-Aug-2020 20:43:08 GMT; Max-Age=216000; path=/; secure; HttpOnly < X-XSS-Protection: 1; mode=block < Location: https://X.X.X.X/users/login < Content-Length: 0 < Content-Type: text/html; charset=UTF-8 < * Connection #0 to host <your_misp-maltego_transform_server> left intact So curl does not accept that I don't have a certificate installed, sorry for that. But copied the address given to the browser and the MISP login windows appears after Chrome confirms a understand the risks :) Sent with [ProtonMail](https://protonmail.com) Secure Email. ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐

…

On Wednesday, August 26, 2020 10:54 AM, Christophe Vandeplas ***@***.***> wrote: Ok, so you're running your own CTAS server? Interesting. I believe you're the first one. I'm not familiar with running your own CTAS server, but I'm sure we'll get to something that works. Is this for a single user, or a group of users? - for a single user I highly recommend to run misp-maltego in local transform mode. That's much easier. You can connect to any MISP server you want (also local), and can easily update the code. - for many users I guess configuring everything though your local CTAS and local transform servers would be the best. (see questions below) So can you confirm you have: 1/ a client with Maltego GUI 2/ a server VM (docker) with CTAS 3/ a server VM (or docker) with MISP-maltego running in transform server mode In relation to point 2: I expect you also created a configuration in CTAS referencing MISP maltego? How did you do this? In relation to point 3: Test if your misp-maltego transform server is running: - Can you enter your MISP-maltego transform server (VM or docker) and confirm /usr/bin/python3 /usr/local/bin/twistd is running? - Can you curl -vv -k https://<your_misp-maltego_transform_server>/MISP_maltego.SearchInMISP. This should return a HTTP 200 OK response with Yes? as response body. — You are receiving this because you authored the thread. Reply to this email directly, [view it on GitHub](#41 (comment)), or [unsubscribe](https://github.com/notifications/unsubscribe-auth/AQPRWZ3UDVITKCCWTKL5VEDSCS5UFANCNFSM4PTG7AJQ).

from misp-maltego.

cvandeplas commented on June 9, 2024

OK, local install. I was on a completely different path. Forget everything about remote transforms and MISP-maltego transform server now. CTAS also has nothing to do with what happens.

Something seems to be wrong with your local MISP-maltego installation.
On which system did you do the sudo pip3 install MISP-maltego? your own computer or the docker VM?

from misp-maltego.

TickledBlueB commented on June 9, 2024

On which system did you do the sudo pip3 install MISP-maltego? your own computer or the docker VM? On local misp-maltego server (VM). Sent with [ProtonMail](https://protonmail.com) Secure Email. ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐

…

On Wednesday, August 26, 2020 12:28 PM, Christophe Vandeplas ***@***.***> wrote: OK, local install. I was on a completely different path. Forget everything about remote transforms and MISP-maltego transform server now. CTAS also has nothing to do with what happens. Something seems to be wrong with your local MISP-maltego installation. On which system did you do the sudo pip3 install MISP-maltego? your own computer or the docker VM? — You are receiving this because you authored the thread. Reply to this email directly, [view it on GitHub](#41 (comment)), or [unsubscribe](https://github.com/notifications/unsubscribe-auth/AQPRWZ57Q3L53TPTLQIFUNDSCTITRANCNFSM4PTG7AJQ).

from misp-maltego.

cvandeplas commented on June 9, 2024

Is this setup for a single user, or a group of users? (which one is your use-case?)

for a single user I highly recommend to run misp-maltego in local transform mode. That's much easier. You can connect to any MISP server you want (also local), and can easily update the code. In this case you install it on your own system, no server is needed, even if you have your own local CTAS. To install: https://github.com/MISP/MISP-maltego#local-transform-installation
for many users I guess configuring everything though your local CTAS and local transform servers would be the best. (see questions below)
- in this case you will indeed need to install the misp maltego server. While there's a docker config (that worked fine last time I used it, some time ago), the most recent method I used is with ansible. Have a look at the ansible playbook to understand what's going on in that misp-maltego server. (see https://github.com/MISP/MISP-maltego/blob/master/ansible/plume.yaml)
- you will also need to do "stuff" on your CTAS server. I have absolutely no idea what as I do not have licenses for that.

from misp-maltego.

TickledBlueB commented on June 9, 2024

Thank you for you reply. It seems to be a miscommunication on my side. Had someone else look at you letters and it seems I was wrong. In my defence I'm new to this. A new deployment of CTAS server (transform server is now up and running) and by the guide installed pip3 install MISP_Maltego and then canari create-profile MISP_maltego and getting this output: root@2eb668f69e59:/code# canari create-profile MISP_maltego Loading Canari configuration file '/root/.canari/canari.conf' Looking for transforms in MISP_maltego... Traceback (most recent call last): File "/usr/local/bin/canari", line 9, in <module> load_entry_point('canari==3.3.10', 'console_scripts', 'canari')() File "/usr/local/lib/python3.5/dist-packages/click/core.py", line 764, in __call__ return self.main(*args, **kwargs) File "/usr/local/lib/python3.5/dist-packages/click/core.py", line 717, in main rv = self.invoke(ctx) File "/usr/local/lib/python3.5/dist-packages/click/core.py", line 1135, in invoke sub_ctx = cmd.make_context(cmd_name, args, parent=ctx) File "/usr/local/lib/python3.5/dist-packages/click/core.py", line 641, in make_context self.parse_args(ctx, args) File "/usr/local/lib/python3.5/dist-packages/click/core.py", line 940, in parse_args value, args = param.handle_parse_result(ctx, opts, args) File "/usr/local/lib/python3.5/dist-packages/click/core.py", line 1469, in handle_parse_result value = self.full_process_value(ctx, value) File "/usr/local/lib/python3.5/dist-packages/click/core.py", line 1438, in full_process_value value = self.process_value(ctx, value) File "/usr/local/lib/python3.5/dist-packages/click/core.py", line 1428, in process_value return self.type_cast_value(ctx, value) File "/usr/local/lib/python3.5/dist-packages/click/core.py", line 1417, in type_cast_value return _convert(value, (self.nargs != 1) + bool(self.multiple)) File "/usr/local/lib/python3.5/dist-packages/click/core.py", line 1415, in _convert return self.type(value, self, ctx) File "/usr/local/lib/python3.5/dist-packages/click/types.py", line 39, in __call__ return self.convert(value, param, ctx) File "/usr/local/lib/python3.5/dist-packages/canari/commands/framework.py", line 132, in convert return TransformDistribution(value) File "/usr/local/lib/python3.5/dist-packages/canari/pkgutils/transform.py", line 90, in __init__ self.import_package(self._package) File "/usr/local/lib/python3.5/dist-packages/canari/pkgutils/transform.py", line 215, in import_package TransformDistribution.import_package(pkg) File "/usr/local/lib/python3.5/dist-packages/canari/pkgutils/transform.py", line 211, in import_package pkg = importlib.import_module(module_name) File "/usr/lib/python3.5/importlib/__init__.py", line 126, in import_module return _bootstrap._gcd_import(name[level:], package, level) File "<frozen importlib._bootstrap>", line 986, in _gcd_import File "<frozen importlib._bootstrap>", line 969, in _find_and_load File "<frozen importlib._bootstrap>", line 958, in _find_and_load_unlocked File "<frozen importlib._bootstrap>", line 673, in _load_unlocked File "<frozen importlib._bootstrap_external>", line 665, in exec_module File "<frozen importlib._bootstrap>", line 222, in _call_with_frames_removed File "/usr/local/lib/python3.5/dist-packages/MISP_maltego/transforms/attributetoevent.py", line 4, in <module> from MISP_maltego.transforms.common.util import check_update, MISPConnection, event_to_entity, get_attribute_in_event, get_attribute_in_object, attribute_to_entity, get_entity_property, search_galaxy_cluster, galaxycluster_to_entity File "/usr/local/lib/python3.5/dist-packages/MISP_maltego/transforms/common/util.py", line 7, in <module> from pymisp import ExpandedPyMISP as PyMISP File "/usr/local/lib/python3.5/dist-packages/pymisp/__init__.py", line 26, in <module> from .abstract import AbstractMISP, MISPEncode, pymisp_json_default, MISPTag, Distribution, ThreatLevel, Analysis # noqa File "/usr/local/lib/python3.5/dist-packages/pymisp/abstract.py", line 116 self.__edited: bool = True # As we create a new object, we assume it is edited ^ SyntaxError: invalid syntax I'm going to write to Maltego, questioning why the container downloaded is Ubuntu 16.04 and the tech guy said that pymisp need python3.6 and above to function correctly. Sent with [ProtonMail](https://protonmail.com) Secure Email. ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐

…

On Thursday, August 27, 2020 10:05 AM, Christophe Vandeplas ***@***.***> wrote: Is this setup for a single user, or a group of users? (which one is your use-case?) - for a single user I highly recommend to run misp-maltego in local transform mode. That's much easier. You can connect to any MISP server you want (also local), and can easily update the code. In this case you install it on your own system, no server is needed, even if you have your own local CTAS. To install: https://github.com/MISP/MISP-maltego#local-transform-installation - for many users I guess configuring everything though your local CTAS and local transform servers would be the best. (see questions below) - in this case you will indeed need to install the misp maltego server. While there's a docker config (that worked fine last time I used it, some time ago), the most recent method I used is with ansible. Have a look at the ansible playbook to understand what's going on in that misp-maltego server. (see https://github.com/MISP/MISP-maltego/blob/master/ansible/plume.yaml) - you will also need to do "stuff" on your CTAS server. I have absolutely no idea what as I do not have licenses for that. — You are receiving this because you authored the thread. Reply to this email directly, [view it on GitHub](#41 (comment)), or [unsubscribe](https://github.com/notifications/unsubscribe-auth/AQPRWZ27WORXJPVVFSZ5US3SCYAU7ANCNFSM4PTG7AJQ).

from misp-maltego.

cvandeplas commented on June 9, 2024

I'm not sure installing misp-maltego on your CTAS server is the right thing to do. Either install it as a local install (on the analyst workstation), either install it on a separate machine, and configure the transforms on your CTAS to talk to it.

from misp-maltego.

TickledBlueB commented on June 9, 2024

OK, so we tried adding MISP-maltego to CTAS transform server - which not working- will not continue with that. First deployment which was that MISP-maltego was deployed on local server. Is that also a bad idea? But how to "configure the transforms on your CTAS to talk to it" ? Sent with [ProtonMail](https://protonmail.com) Secure Email. ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐

…

On Thursday, August 27, 2020 1:49 PM, Christophe Vandeplas ***@***.***> wrote: I'm not sure installing misp-maltego on your CTAS server is the right thing to do. Either install it as a local install (on the analyst workstation), either install it on a separate machine, and configure the transforms on your CTAS to talk to it. — You are receiving this because you authored the thread. Reply to this email directly, [view it on GitHub](#41 (comment)), or [unsubscribe](https://github.com/notifications/unsubscribe-auth/AQPRWZYSS7GESJ7THSSA333SCY24ZANCNFSM4PTG7AJQ).

from misp-maltego.

cvandeplas commented on June 9, 2024

But how to "configure the transforms on your CTAS to talk to it" ?

I believe this question is about CTAS functionality and usage, which is specific to Paterva's software. I would expect you can find this in Paterva's documentation about CTAS.

from misp-maltego.

Local MISP sends an error message to Maltego client about misp-maltego HOT 11 CLOSED

Comments (11)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent