Comments (15)
Hm, weird - can you post a redacted version of ~/.misptaxii/remote-servers.yml"?
Just wanna make sure nothing funny is going on in there
from misp-taxii-server.
Sure thing...
- name: 'NICKNAME'
host: MY.REMOTE.SERVER
port: 9000
discovery_path: /taxii-discovery-service
use_https: True
taxii_version: '1.1'
headers:
auth:
username: MYUSERNAME
password: MYPASSWORD
cacert_path:
jwt_auth_url:
cert_file: /etc/ssl/private/MYCERT.crt
key_file: /etc/ssl/private/MYKEY.key
key_password: MYKEYPASSWORD
verify_ssl: False
collections:
- system.Default
from misp-taxii-server.
- name: 'LOCAL'
host: 127.0.0.1
port: 9000
discovery_path: /services/discovery
use_https: False
taxii_version: '1.1'
headers:
auth:
username: root
password: root
cacert_path:
jwt_auth_url:
cert_file:
key_file:
key_password:
verify_ssl: False
collections:
- collection
- name: 'HailATaxii'
host: hailataxii.com
port: 80
discovery_path: /taxii-discovery-service
use_https: False
taxii_version: '1.1'
headers:
auth:
username: guest
password: guest
cacert_path:
cert_file:
key_file:
key_password:
jwt_auth_url:
verify_ssl: True
collections:
- guest.phishtank_com
I'm running with this config for testing and it seems to work 100% fine.
system.Default
suggests soltra, right? We don't have a licence for that, so I can't test it, but are you sure you've
- Got the right port open on the server you're polling
- Are actually accessing the right port - when I was testing this, I tried to hit hailataxii on 9000, which didn't work!
- Have IP whitelist if you use that
from misp-taxii-server.
You're right, it's for FS-ISAC. Looks like changing the port to 443 did something...so far I'm still getting a bunch of output to the screen. It might be pulling every event from the repository. I'll let you know if this works out. This is what I'm getting back so far:
127.0.0.1 - - [21/Jun/2017 09:40:15] "POST /services/inbox HTTP/1.1" 200 -
'cm9vdDpyb290' 12
127.0.0.1 - - [21/Jun/2017 09:40:15] "POST /services/inbox HTTP/1.1" 200 -
'cm9vdDpyb290' 12
127.0.0.1 - - [21/Jun/2017 09:40:15] "POST /services/inbox HTTP/1.1" 200 -
'cm9vdDpyb290' 12
127.0.0.1 - - [21/Jun/2017 09:40:15] "POST /services/inbox HTTP/1.1" 200 -
'cm9vdDpyb290' 12
127.0.0.1 - - [21/Jun/2017 09:40:15] "POST /services/inbox HTTP/1.1" 200 -
'cm9vdDpyb290' 12
127.0.0.1 - - [21/Jun/2017 09:40:15] "POST /services/inbox HTTP/1.1" 200 -
'cm9vdDpyb290' 12
127.0.0.1 - - [21/Jun/2017 09:40:16] "POST /services/inbox HTTP/1.1" 200 -
'cm9vdDpyb290' 12
127.0.0.1 - - [21/Jun/2017 09:40:16] "POST /services/inbox HTTP/1.1" 200 -
'cm9vdDpyb290' 12
127.0.0.1 - - [21/Jun/2017 09:40:16] "POST /services/inbox HTTP/1.1" 200 -
'cm9vdDpyb290' 12
127.0.0.1 - - [21/Jun/2017 09:40:16] "POST /services/inbox HTTP/1.1" 200 -
'cm9vdDpyb290' 12
127.0.0.1 - - [21/Jun/2017 09:40:16] "POST /services/inbox HTTP/1.1" 200 -
'cm9vdDpyb290' 12
And so on, and so on...
from misp-taxii-server.
Yeah that's working as intended!
Taxii servers sync to eachother, so it'll cache everything to your database - it'll take much less time next time around!
from misp-taxii-server.
THANK YOU!!!!! It looks like it hasn't pushed anything to MISP yet, but hopefully that works too ;]
from misp-taxii-server.
If you look at your local TAXII server log (the one you ran with opentaxii-run-dev), you'll see if it's managing to do stuff or if it's erroring out
from misp-taxii-server.
If it's not pushing anything, you likely ran it without exporting OPENTAXII_CONFIG
from misp-taxii-server.
Awesome....I'm working on a remote server ATM, so I don't want to interrupt or put this into background just yet. I'll wait until this gets done and see what happens.
from misp-taxii-server.
Ok, it apparently came across a problem...not sure what this is:
Traceback (most recent call last):
File "run-taxii-poll.py", line 86, in <module>
for content_block in cli.poll(collection):
File "/usr/local/lib/python3.5/dist-packages/cabby-0.1.17-py3.5.egg/cabby/client11.py", line 487, in poll
File "/usr/local/lib/python3.5/dist-packages/cabby-0.1.17-py3.5.egg/cabby/dispatcher.py", line 219, in _parse_response
File "/usr/local/lib/python3.5/dist-packages/cabby-0.1.17-py3.5.egg/cabby/dispatcher.py", line 118, in _stream_poll_response
File "src/lxml/iterparse.pxi", line 208, in lxml.etree.iterparse.__next__ (src/lxml/lxml.etree.c:148588)
File "src/lxml/iterparse.pxi", line 193, in lxml.etree.iterparse.__next__ (src/lxml/lxml.etree.c:148286)
File "src/lxml/iterparse.pxi", line 228, in lxml.etree.iterparse._read_more_events (src/lxml/lxml.etree.c:148925)
File "src/lxml/parser.pxi", line 1339, in lxml.etree._FeedParser.feed (src/lxml/lxml.etree.c:113649)
File "src/lxml/parser.pxi", line 586, in lxml.etree._ParserContext._handleParseResult (src/lxml/lxml.etree.c:104990)
File "src/lxml/parser.pxi", line 595, in lxml.etree._ParserContext._handleParseResultDoc (src/lxml/lxml.etree.c:105109)
File "src/lxml/parser.pxi", line 706, in lxml.etree._handleParseResult (src/lxml/lxml.etree.c:106817)
File "src/lxml/parser.pxi", line 635, in lxml.etree._raiseParseError (src/lxml/lxml.etree.c:105671)
File "https://analysis.fsisac.com/taxii-data", line 211526
lxml.etree.XMLSyntaxError: StartTag: invalid element name, line 211526, column 2
from misp-taxii-server.
Oooh, bizarre.
Sounds like a corrupted or otherwise invalid (as per python-stix) block
I'll try-catch the whole thing to stop that from happening
from misp-taxii-server.
Ok, try a git pull and try again
It'll log to a file this time, poll.log
and theoretically in the case that it fails to poll for any reason, it should move on cleanly.
from misp-taxii-server.
Running well so far....;]
from misp-taxii-server.
ahhh, it looks like it finished, but nothing shows up in MISP. I'll try exporting OPENTAXII_CONFIG again to be sure this isn't the problem.
Here's the output from poll.log:
> INFO:main:Connecting to local server...
> INFO:main:Connected
> INFO:main:== FS-ISAC ==
> INFO:cabby.client11.Client11:3 services discovered
> ERROR:main:FAILED TO POLL system.Default
> ERROR:main:StartTag: invalid element name, line 211526, column 2 (taxii-data, line 211526)
> Traceback (most recent call last):
> File "run-taxii-poll.py", line 103, in <module>
> for content_block in cli.poll(collection_name=collection):
> File "/usr/local/lib/python3.5/dist-packages/cabby-0.1.17-py3.5.egg/cabby/client11.py", line 487, in poll
> for obj in stream:
> File "/usr/local/lib/python3.5/dist-packages/cabby-0.1.17-py3.5.egg/cabby/dispatcher.py", line 219, in _parse_response
> for obj in _stream_poll_response(namespace, gen):
> File "/usr/local/lib/python3.5/dist-packages/cabby-0.1.17-py3.5.egg/cabby/dispatcher.py", line 118, in _stream_poll_response
> for action, elem in stream:
> File "src/lxml/iterparse.pxi", line 208, in lxml.etree.iterparse.next (src/lxml/lxml.etree.c:148588)
> File "src/lxml/iterparse.pxi", line 193, in lxml.etree.iterparse.next (src/lxml/lxml.etree.c:148286)
> File "src/lxml/iterparse.pxi", line 228, in lxml.etree.iterparse._read_more_events (src/lxml/lxml.etree.c:148925)
> File "src/lxml/parser.pxi", line 1339, in lxml.etree._FeedParser.feed (src/lxml/lxml.etree.c:113649)
> File "src/lxml/parser.pxi", line 586, in lxml.etree._ParserContext._handleParseResult (src/lxml/lxml.etree.c:104990)
> File "src/lxml/parser.pxi", line 595, in lxml.etree._ParserContext._handleParseResultDoc (src/lxml/lxml.etree.c:105109)
> File "src/lxml/parser.pxi", line 706, in lxml.etree._handleParseResult (src/lxml/lxml.etree.c:106817)
> File "src/lxml/parser.pxi", line 635, in lxml.etree._raiseParseError (src/lxml/lxml.etree.c:105671)
> File "https://analysis.fsisac.com/taxii-data", line 211526
> lxml.etree.XMLSyntaxError: StartTag: invalid element name, line 211526, column 2
> INFO:main:Finished!
from misp-taxii-server.
As per gitter, it seems to be working~
So that's nice
Closing
from misp-taxii-server.
Related Issues (20)
- Error 500 when push stix
- Taxii-Push Error: SSL_Wrong_Version_Number HOT 1
- Events not appearing in MISP after successful TAXII data push
- Taxii-push fails HOT 2
- Exception on /services/inbox [POST]: KeyError('response',)
- taxii-push broken after pymisp 2.4.119
- Anomaly STAXX integration with MISP HOT 2
- Foreign key constraint is incorrectly formed HOT 4
- add NameSpace to StixPackage
- TypeError: string indices must be integers
- MISP TAXII 404 not found
- TAXII UNAUTHORIZED HOT 8
- Taxii test Push failing with error HTTP Error: status code 500 HOT 1
- Taxii test file push fails with error status code 500 HOT 1
- HTTP Error: status code 500 HOT 2
- import stix v2.1 to MISP HOT 3
- Command "git reset --hard -q origin/master" failed with error code 128 in /home/misp/MISP-Taxii-Server/src/pymisp
- Error 404 on taxii-discovery and taxii-push HOT 1
- Request/Help needed
- errno: 150 "Foreign key constraint is incorrectly formed" + various other errors
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from misp-taxii-server.