combine icon indicating copy to clipboard operation
combine copied to clipboard

Published 20 hours ago verified publisher icon mlsecproject

Finding difficulty Adding Mlsecproject /combine project into CRITs

Open ashokmadgenius opened this issue 9 years ago • 7 comments

hi hello. i tried running all these separately one by one..

  1. python reaper.py - No issues
  2. python thresher.py - No issues
  3. python winnower.py - Issue (DNSDB API Not Configured) : i would like to know the seriousness of missing this field since waiting for approval from farsightsecurity.com
  4. python baler.py - no issues

but after this i tried to run python combine.py But this is wat i get.. any solutions?

Exception in thread Thread-7: Traceback (most recent call last): File "/usr/lib/python2.7/threading.py", line 810, in __bootstrap_inner self.run() File "/usr/lib/python2.7/threading.py", line 763, in run self.__target(_self.__args, *_self.__kwargs) File "/data/combine-master/baler.py", line 122, in bale_CRITs_indicator res = requests.post(url, data=data, verify=False) File "/data/combine-master/venv/local/lib/python2.7/site-packages/requests/api.py", line 99, in post return request('post', url, data=data, json=json, *_kwargs) File "/data/combine-master/venv/local/lib/python2.7/site-packages/requests/api.py", line 49, in request response = session.request(method=method, url=url, *_kwargs) File "/data/combine-master/venv/local/lib/python2.7/site-packages/requests/sessions.py", line 447, in request prep = self.prepare_request(req) File "/data/combine-master/venv/local/lib/python2.7/site-packages/requests/sessions.py", line 378, in prepare_request hooks=merge_hooks(request.hooks, self.hooks), File "/data/combine-master/venv/local/lib/python2.7/site-packages/requests/models.py", line 303, in prepare self.prepare_url(url, params) File "/data/combine-master/venv/local/lib/python2.7/site-packages/requests/models.py", line 356, in prepare_url raise InvalidURL(*e.args) InvalidURL: Failed to parse: 127.0.0.1:8080ips

ashokmadgenius avatar Apr 13 '15 09:04 ashokmadgenius

finally after running the combine.py i got output like : INFO: 538082 indicators to CRITs... but no output on my dashboard

ashokmadgenius avatar Apr 13 '15 10:04 ashokmadgenius

i have found the topic opened on ¨Adding data into CRITs #130 ¨ useful at some cases of my configuration. Thanks.. but my problem not solved completely.. i anticipate some faster response from farsightsecurity.com

ashokmadgenius avatar Apr 13 '15 10:04 ashokmadgenius

Solution:

  1. Add the inbound and outbound URLs domain address
  2. Grand user permissions to the user (ex: if username is "crits")

Note: I will attach with the screen shots of it in my next posts. soon..

ashokmadgenius avatar Apr 23 '15 07:04 ashokmadgenius

Thanks. I would really appreciate if you can contribute a "short guide" for this integration on the Wiki if you have the bandwidth.

I'll keep this issue open until you can confirm everything is working fine.

PS: sorry for not showing up sooner, RSA Conference week is a killer.

alexcpsec avatar Apr 26 '15 01:04 alexcpsec

@alexcpsec hi, i fixed the issue going through code lines. And now my updates are working fine by receiving from 'combine' proj. I would really like to do a documentation on the same, to make it simple. Thank you :)

ashokmadgenius avatar May 03 '15 13:05 ashokmadgenius

Please. If you can get something together and PR it to us, I'd really appreciate it.

alexcpsec avatar May 06 '15 21:05 alexcpsec

Could I bump this just to grab the input of those involved? I'd love to understand that solution that was written out a bit better

Brambopulos avatar Aug 18 '20 18:08 Brambopulos