CAPEv2
CAPEv2 copied to clipboard
kevoreilly
Cannot integrate MISP with CAPE
About accounts on capesandbox.com
- Issues isn't the way to ask for account activation. Ping capesandbox in Twitter with your username
This is open source and you are getting free support so be friendly!
Prerequisites
Please answer the following questions for yourself before submitting an issue.
- [Y] I am running the latest version
- [Y] I did read the README!
- [Y] I checked the documentation and found no answer
- [Y] I checked to make sure that this issue has not already been filed
- [Y] I'm reporting the issue to the correct repository (for multi-repository projects)
- [Y] I have read and checked all configs (with all optional parts)
Expected Behavior
Data from report of Cape sandbox to move to MISP in the form of an event
Current Behavior
What is the current behavior? Hello, I am running two instances MISP and Cape sandbox as virtual machines.I have provided API key and IP of MISP instance in processing.conf and reporting.conf , data is not being sent to MISP, I have made similar changes for a different cape instance and it works fine, its not working for the latest cape version.
| Question | Answer |
|---|---|
| Git commit | Type $ git log | head -n1 to find out |
| OS version | Ubuntu 22.04 |
as header says
# Disclaimer this code is not maintained by core devs
# pymisp is known to break api on updates.
# So you need it? You fix it!
https://github.com/CAPESandbox/community/blob/master/lib/cuckoo/common/integrations/misp.py
Yeah I narrowed it down to following log i got from running an analysis: [Task 82] [lib.cuckoo.core.plugins] ERROR: Failed to run the reporting module "MISP": name 'PyMISP' is not defined Traceback (most recent call last): File "/opt/CAPEv2/utils/../lib/cuckoo/core/plugins.py", line 715, in process current.run(self.results) File "/opt/CAPEv2/utils/../modules/reporting/misp.py", line 228, in run self.misp = PyMISP(url, apikey, False, "json") NameError: name 'PyMISP' is not defined
I also get following log while loading the sandbox: [modules.processing.network] INFO: Loading maxmind database from /data/GeoLite2-Country.mmdb pip3 install pymisp=2.4.144 I installed the requires version of pymisp but its still not working.
How did you install it? Just as pip or as poetry run pip?
El vie, 10 may 2024, 13:08, MU-03 @.***> escribió:
Yeah I narrowed it down to following log i got from running an analysis: [Task 82] [lib.cuckoo.core.plugins] ERROR: Failed to run the reporting module "MISP": name 'PyMISP' is not defined Traceback (most recent call last): File "/opt/CAPEv2/utils/../lib/cuckoo/core/plugins.py", line 715, in process current.run(self.results) File "/opt/CAPEv2/utils/../modules/reporting/misp.py", line 228, in run self.misp = PyMISP(url, apikey, False, "json") NameError: name 'PyMISP' is not defined
I also get following log while loading the sandbox: [modules.processing.network] INFO: Loading maxmind database from /data/GeoLite2-Country.mmdb pip3 install pymisp=2.4.144 I installed the requires version of pymisp but its still not working.
— Reply to this email directly, view it on GitHub https://github.com/kevoreilly/CAPEv2/issues/2110#issuecomment-2104418169, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAOFH36HIJQHJJZM5HHWHKDZBSTDPAVCNFSM6AAAAABHMYLVTCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMBUGQYTQMJWHE . You are receiving this because you commented.Message ID: @.***>
Its added in poetry and i installed it through pip3 Following is pymisp in poetry: pymisp 2.4.144 Python API for MISP. ├── deprecated >=1.2.12,<2.0.0 │ └── wrapt >=1.10,<2 ├── jsonschema >=3.2.0,<4.0.0 │ ├── attrs >=17.4.0 │ ├── pyrsistent >=0.14.0 │ ├── setuptools * │ └── six >=1.11.0 ├── python-dateutil >=2.8.1,<3.0.0 │ └── six >=1.5 └── requests >=2.25.1,<3.0.0 ├── certifi >=2017.4.17 ├── charset-normalizer >=2,<4 ├── idna >=2.5,<4 ├── pysocks >=1.5.6,<1.5.7 || >1.5.7
and by command pip3 show pymisp I get : Name: pymisp Version: 2.4.144
then idk, you will need to figurate what is wrong, as disclaimer says, they update pymisp and breaks it frequently i got tired of supporting that over the years.
as clue for start investigating, it might be that latest misp server is not compatible anymore with this pymisp version. You might try to install latest pymismp, but i can-t guarantee that it will work, due to what i told before
I tried latest installed also , anyways, i'll try to troubleshoot this. Thank you
let us know if you find the solution so that others can save time there