Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

OpenCTI can't get MISP Events

See original GitHub issue

Description

MISP Connector is working and connecting to MISP - as I see it - but no events returned.

Environment

  1. OS (where OpenCTI server runs): Ubuntu 20.04 / VM Temp.
  2. OpenCTI version: 4.0.3
  3. MISP version: v2.4.136
  4. PyMISP Status: OK

MISP Connector Config:

  connector-misp:
    image: opencti/connector-misp:4.0.3
    environment:
      - OPENCTI_URL=http://opencti:8080
      - OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
      - CONNECTOR_ID=${CONNECTOR_MISP_ID}
      - CONNECTOR_TYPE=EXTERNAL_IMPORT
      - CONNECTOR_NAME=MISP
      - CONNECTOR_SCOPE=misp
      - CONNECTOR_CONFIDENCE_LEVEL=3
      - CONNECTOR_UPDATE_EXISTING_DATA=false
      - CONNECTOR_LOG_LEVEL=info
      - MISP_URL=${CONNECTOR_MISP_URL} # Required
      - MISP_KEY=${CONNECTOR_MISP_API} # Required
      - MISP_SSL_VERIFY=False # Required
      - MISP_CREATE_REPORTS=True # Required, create report for MISP event
      - MISP_REPORT_CLASS=MISP Event # Optional, report_class if creating report for event
      - MISP_IMPORT_FROM_DATE=2000-01-01 # Optional, import all event from this date
      - MISP_IMPORT_TAGS=opencti:import,type:osint,C2,osint:source-type*,ecsirt:intrusions* # Optional, list of tags used for import events
      - MISP_INTERVAL=1 # Required, in minutes
    restart: always

Environment variables:

image

Service Log:

2021-01-07T13:50:03.831874258Z INFO:root:Reporting work update_received opencti-work--56a45273-c45b-4523-8775-77b92d1415ee,
2021-01-07T13:49:03.482065217Z INFO:root:MISP returned 0 events.,
2021-01-07T13:49:03.482150701Z INFO:root:Connector successfully run (0 events have been processed), storing last_run as 1610027343,
2021-01-07T13:49:03.482195225Z INFO:root:Reporting work update_received opencti-work--821668f9-5f26-4e64-bc83-22d3b8175f99,
2021-01-07T13:51:03.941814882Z INFO:root:Initiate work for 48e257b7-1c80-4cb9-9ea1-433eff4057eb,
2021-01-07T13:51:04.190585525Z INFO:root:Reporting work update_received opencti-work--d9267337-d719-41fb-8969-abdaa95b1f6a,
2021-01-07T13:51:04.190441257Z INFO:root:MISP returned 0 events.,
2021-01-07T13:51:04.190462892Z INFO:root:Connector successfully run (0 events have been processed), storing last_run as 1610027463,
2021-01-07T13:51:04.118686033Z INFO:root:Connector last run: 2021-01-07 13:50:03,
2021-01-07T13:51:04.118771497Z INFO:root:Fetching MISP events with args: {"tags": {"OR": ["opencti:import", "type:osint", "C2", "osint:source-type*", "ecsirt:intrusions*"]}, "timestamp": 1610027403, "limit": 50, "page": 1},
2021-01-07T13:50:03.831770059Z INFO:root:Connector successfully run (0 events have been processed), storing last_run as 1610027403,
2021-01-07T13:50:03.831739666Z INFO:root:MISP returned 0 events.

OpenCTI:

image

MISP Events:

image

Regards. Khalid Rehan

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Comments:5 (2 by maintainers)

github_iconTop GitHub Comments

1reaction
Ken-Abruzzicommented, Jul 2, 2021

@khalidrehan Thank you!

0reactions
khalidrehancommented, Jun 23, 2021

@khalidrehan Hello, bro! What is the Organization UUID? How can I get it? Thank you.

  1. Create a Sync account in MISP, than login to it.
  2. Go to “Create Sync”, and you will find it.
Read more comments on GitHub >

github_iconTop Results From Across the Web

[MISP] Errors on event recovery · Issue #263 - GitHub
On we Environment OS (where OpenCTI server runs): { Red Hat Enter... ... MISP connector (version 4.2.4) sometimes fails to recover events.
Read more >
Ingesting MISP Events Into Your OpenCTI Stack! - YouTube
Join me as we import MISP events into OpenCTI via a data connector. Bring value to your OpenCTI ... Your browser can't play...
Read more >
Add Data Connectors to Your OpenCTI Stack! - YouTube
Join me as we deploy OpenCTI data connectors. ... Cyber Threat Intelligence Explained and How Install MISP Threat Intelligence Platform with ...
Read more >
Adding MISP to OpenCTI - Blog
To add the MISP connector, login to Portainer and select Stacks , opencti . Select the Editor tab. portainer-opencti-editor. Now, we need to...
Read more >
MISP/Support - Gitter
I cannot get data from MISP instance. The MISP connector says fetching new events but not receiving any data? I cannot get data...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

[MISP] Errors on event recovery

Next page

Custom connector fails to start. Unable to reach OpenCTI API