otx_misp icon indicating copy to clipboard operation
otx_misp copied to clipboard

Published 20 hours ago verified publisher icon gcrahay

Error: 'TypeError' object has no attribute 'message'

Open thejjw opened this issue 3 years ago • 3 comments

Description

Hello, I have trouble setting up otx-misp. I'm using OTX API key that I tested with curl to be working and whole thing is running on rocky linux 8 vm where fresh MISP installation has been done. It seems to run --dry-run just fine but fails to perform actual import when run without. According to error code(21) and its location from cli.py it does seem to communicate with OTX fine (that is.. no wrong api key error or so reported) but create_events() call must be failing somehow. https://github.com/gcrahay/otx_misp/blob/e6c8a42357e00755ebb99a947bbf7428dcd0b746/src/otx_misp/cli.py#L164-L168 Any idea what I can do about it? Thanks.

Versions

  • otx-misp: 1.4.3
  • PyMISP: 2.4.148
  • MISP: 2.4.148
  • Python (Python 2 will not be supported): 3.6 from rocky linux 8 (i.e. rhel 8)
  • Operating system: rocky linux 8 (rhel 8 compatible)

Traceback or error

[user@testmachine ~]$ otx-misp --otx [otx-api-key] --server https://localhost --misp [misp-auth-key] --timestamp "2021-8-25" -vv --dry-run
## Emerging Ransomware Groups: AvosLocker, Hive, HelloKitty, LockBit 2.0 - 2021-08-25
         - Adding external analysis link: https://unit42.paloaltonetworks.com/emerging-ransomware-groups/
         - Adding SHA1 hash: 75f06b636efe53360287c0ff1f51ea7de1e7c8b5
         - Adding SHA1 hash: 488e532e55100da68eaeee30ba342cc05810e296
...
         - Adding SHA256 hash: f453e8ae426133ace544cd4bb1ab2435620a8d4d5f70b936d8f3118e22f254e8
         - Adding domain: monotal.xyz
         - Adding hostname: irc-nbg.v001.com


[user@testmachine ~]$ otx-misp --otx [otx-api-key] --server https://localhost --misp [misp-auth-key] --timestamp "2021-8-25" -vv
Error: 'TypeError' object has no attribute 'message'
[user@testmachine ~]$ echo $?
21

thejjw avatar Aug 26 '21 05:08 thejjw

Same error!

robben-ar avatar Sep 13 '21 22:09 robben-ar

Dear, there is a problem when you build the URL "OTXv2.py" to request the pulses from OTX. It is sending the extra "/" character when consulting the API .. it could be that they modified something in OTX and now they validate the sending of these extra values.

To solve it you have to modify line 8 in the "OTXv2.py" the following value:

"/api/v1/" --> "/api/v1" image

Thanks @BlueJokerr for helping to find the error.

robben-ar avatar Sep 22 '21 14:09 robben-ar

@robben-ar same error. but replacing the value didnt work either. @thejjw did you manage to find the fix?

Naaren128 avatar May 31 '22 05:05 Naaren128