CAPEv2
CAPEv2 copied to clipboard
kevoreilly
Cannot integrate MISP with CAPE
About accounts on capesandbox.com
- Issues isn't the way to ask for account activation. Ping capesandbox in Twitter with your username
This is open source and you are getting free support so be friendly!
Prerequisites
Please answer the following questions for yourself before submitting an issue.
- [Y] I am running the latest version
- [Y] I did read the README!
- [Y] I checked the documentation and found no answer
- [Y] I checked to make sure that this issue has not already been filed
- [Y] I'm reporting the issue to the correct repository (for multi-repository projects)
- [Y] I have read and checked all configs (with all optional parts)
Expected Behavior
Data from report of Cape sandbox to move to MISP in the form of an event
Current Behavior
What is the current behavior? Hello, I am running two instances MISP and Cape sandbox as virtual machines.I have provided API key and IP of MISP instance in processing.conf and reporting.conf , data is not being sent to MISP, I have made similar changes for a different cape instance and it works fine, its not working for the latest cape version.
| Question | Answer |
|---|---|
| Git commit | Type $ git log | head -n1 to find out |
| OS version | Ubuntu 22.04 |
as header says
# Disclaimer this code is not maintained by core devs
# pymisp is known to break api on updates.
# So you need it? You fix it!
https://github.com/CAPESandbox/community/blob/master/lib/cuckoo/common/integrations/misp.py
Yeah I narrowed it down to following log i got from running an analysis: [Task 82] [lib.cuckoo.core.plugins] ERROR: Failed to run the reporting module "MISP": name 'PyMISP' is not defined Traceback (most recent call last): File "/opt/CAPEv2/utils/../lib/cuckoo/core/plugins.py", line 715, in process current.run(self.results) File "/opt/CAPEv2/utils/../modules/reporting/misp.py", line 228, in run self.misp = PyMISP(url, apikey, False, "json") NameError: name 'PyMISP' is not defined
I also get following log while loading the sandbox: [modules.processing.network] INFO: Loading maxmind database from /data/GeoLite2-Country.mmdb pip3 install pymisp=2.4.144 I installed the requires version of pymisp but its still not working.
How did you install it? Just as pip or as poetry run pip?
El vie, 10 may 2024, 13:08, MU-03 @.***> escribió:
Yeah I narrowed it down to following log i got from running an analysis: [Task 82] [lib.cuckoo.core.plugins] ERROR: Failed to run the reporting module "MISP": name 'PyMISP' is not defined Traceback (most recent call last): File "/opt/CAPEv2/utils/../lib/cuckoo/core/plugins.py", line 715, in process current.run(self.results) File "/opt/CAPEv2/utils/../modules/reporting/misp.py", line 228, in run self.misp = PyMISP(url, apikey, False, "json") NameError: name 'PyMISP' is not defined
I also get following log while loading the sandbox: [modules.processing.network] INFO: Loading maxmind database from /data/GeoLite2-Country.mmdb pip3 install pymisp=2.4.144 I installed the requires version of pymisp but its still not working.
— Reply to this email directly, view it on GitHub https://github.com/kevoreilly/CAPEv2/issues/2110#issuecomment-2104418169, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAOFH36HIJQHJJZM5HHWHKDZBSTDPAVCNFSM6AAAAABHMYLVTCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMBUGQYTQMJWHE . You are receiving this because you commented.Message ID: @.***>
Its added in poetry and i installed it through pip3 Following is pymisp in poetry: pymisp 2.4.144 Python API for MISP. ├── deprecated >=1.2.12,<2.0.0 │ └── wrapt >=1.10,<2 ├── jsonschema >=3.2.0,<4.0.0 │ ├── attrs >=17.4.0 │ ├── pyrsistent >=0.14.0 │ ├── setuptools * │ └── six >=1.11.0 ├── python-dateutil >=2.8.1,<3.0.0 │ └── six >=1.5 └── requests >=2.25.1,<3.0.0 ├── certifi >=2017.4.17 ├── charset-normalizer >=2,<4 ├── idna >=2.5,<4 ├── pysocks >=1.5.6,<1.5.7 || >1.5.7
and by command pip3 show pymisp I get : Name: pymisp Version: 2.4.144
then idk, you will need to figurate what is wrong, as disclaimer says, they update pymisp and breaks it frequently i got tired of supporting that over the years.
as clue for start investigating, it might be that latest misp server is not compatible anymore with this pymisp version. You might try to install latest pymismp, but i can-t guarantee that it will work, due to what i told before
I tried latest installed also , anyways, i'll try to troubleshoot this. Thank you
let us know if you find the solution so that others can save time there
@MU-03 I am trying to troubleshoot this as well. Were you ever able to figure out how to get the MISP integration working?
@MU-03 I am trying to troubleshoot this as well. Were you ever able to figure out how to get the MISP integration working?
No, I was occupied else where so i could not work on it dedicatedly , will share the solution if found.
as i told, we dont support misp integration due to their frequent break of api, so if you find solution and want to share with community you are welcome to update misp.py, closing this
For anyone running into this issue of pymisp still missing even after installing with pip try :
source /home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.10/bin/activate pip install pymisp verify that is install with pip show pymisp
done
Instead of that you can just do poetry shell instead of source or poetry run pip install ditectly
as someone who has been trying to setup the misp integration for the last week , doing poetry run pip install pymisp doesnt actually work, I still get the error of pymisp not being installed. Even after going into poetry shell and verifying it is installed i still face the same error however when i do the command "source /home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.10/bin/activate" the venv inside doesnt have pymisp installed hence why I'm posting this just incase anyone faced a similar issue. that's all
Appreciate the work you guys have done with capev2
Wow that's interesting
Ya, we don't support/maintain misp due to to frequent API changes, at least in past, that gave us too much headache