[Bug] MISP analyzer does not connect to MISP #480
Comments
|
Did not reproduced the pb. On my side it works with pymisp 2.4.103 and MISP 2.4.105. If this works with un updated version of pymisp so this is not a bug as the analyzer is using The shared error is related to an authentication pb. Are you sure to use valid API key (and allowed to make API requests) ? Thx. |
|
I am using the same APIKey for TheHive and Cortex and it is working for TheHive so there is no issues on the APIKey. In addition, I have created another user with user permissions as well as sync user and it is still failing, same error even upgrading MISP to 2.4.106. |
|
are you sure your user belong the group allowed to read the data you are requesting ? |
|
Yes, I am quite sure that user has enough permissions to perform the search query. But just in case a did a short test. The PyMISP version I used is pymisp==2.4.106 #!/usr/bin/env python
# -*- coding: utf-8 -*-
from pymisp import PyMISP
import argparse
import os
import json
def init():
return PyMISP("https://...", "yK...KR", True, 'json')
def searchall(m, search, quiet, url, out=None):
result = m.search_all(search)
if quiet:
for e in result['response']:
print('{}{}{}\n'.format(url, '/events/view/', e['Event']['id']))
elif out is None:
print(json.dumps(result['response']))
else:
with open(out, 'w') as f:
f.write(json.dumps(result['response']))
if __name__ == '__main__':
parser = argparse.ArgumentParser(description='Get all the events matching a value.')
parser.add_argument("-s", "--search", required=True, help="String to search.")
parser.add_argument("-q", "--quiet", action='store_true', help="Only display URLs to MISP")
parser.add_argument("-o", "--output", help="Output file")
args = parser.parse_args()
if args.output is not None and os.path.exists(args.output):
print('Output file already exists, abord.')
exit(0)
misp = init()
searchall(misp, args.search, args.quiet, "https://...", args.output)The results: λ (misp) user [~/Devel/misp] → python main.py -s "1.1.1.1" -o output.txt
λ (misp) user [~/Devel/misp] → ls -la
total 1752
drwxr-xr-x 2 user user 4096 may 31 12:29 .
drwxr-xr-x 13 user user 4096 nov 6 2018 ..
-rw-r--r-- 1 user user 1237 may 31 12:26 main.py
-rw-r--r-- 1 user user 1780168 may 31 12:29 output.txtin addition to this I attach some screenshots. |
|
Made a new check with latest version of pymisp and MISP, everything works fine. closing the issue. |
Describe the bug
When running the MISP analyzer an empty result is always retrieved and no errors where found in Cortex, but checking out the MISP logs I saw the following
To Reproduce
Steps to reproduce the behavior:
Expected behavior
A result from MISP as the observable is in the MISP instance
Complementary information
I check out that pymisp is outdated and this could be the main couse.
Work environment
Possible solutions
Update the pymisp to the latest version
The text was updated successfully, but these errors were encountered: