Comments (7)
json.query submit_ioc
indicates that you don't quote submit_ioc
.
You have to double or single quote it.
from mihari.
@ninoseki Sorry, I pasted the wrong logs before, I tried with both double or single quotes, but the error exists for both cases.
/var/lib/gems/3.0.0/gems/rack-3.0.8/lib/rack/auth/digest.rb:8: warning: Rack::Auth::Digest is deprecated and will be removed in Rack 3.1
2024-04-06 07:50:04.179412 I [2189:8000] Mihari -- Emission by Mihari::Emitters::Database is succeeded
2024-04-06 07:50:04.179815 I [2189:8000] Mihari -- Emission by Mihari::Emitters::Webhook is failed: 809: unexpected token at 'json.query "submit_ioc"
json.threat_type "botnet_cc"
json.ioc_type "ip:port"
json.malware "win.icedid"
json.confidence_level 60
json.anonymous 0
json.iocs artifacts.map(&:data)
'
from mihari.
Now I think your setup is wrong or broken.
You said you are using Mihari v7.5.0. But Mihari v7.5.0 is shipped with Rack v3.0.10. (https://github.com/ninoseki/mihari/blob/master/mihari.gemspec#L100)
So there is no way to have /var/lib/gems/3.0.0/gems/rack-3.0.8
.
from mihari.
Okay, I fixed the issue with the latest version not pulling the latest Rack. Now, I'm not seeing the warnings I mentioned before, but the IoCs are still not being pushed to ThreatFox. I checked the generated alerts, and they are not listed on the ThreatFox website.
I tried to run mihari using --debug
mode but it's not generating debug logs.
from mihari.
You set ip:port
as an IOC type but you sent ip
IOCs. So ThreatFox denies your submission I guess.
You have to provide proper data. This may help you to customize the Jbuilder template for that.
from mihari.
You set
ip:port
as an IOC type but you sentip
IOCs. So ThreatFox denies your submission I guess.
Ah, now I understand. Thanks for the heads-up and help! @ninoseki
from mihari.
Can you provide me with an example?
Ok I did something like this
this one for associating IPs with only those ports for which they have been matched (not worked)
json.threat_type "botnet_cc"
json.ioc_type "ip:port"
json.malware "win.icedid"
json.confidence_level 60
json.anonymous 0
json.iocs artifacts.map { |artifact|
artifact.metadata['matched_services'].map do |service|
"#{artifact.data}:#{service['port']}"
end
}.flatten
and this one for all the ports associated with IPs (this worked!)
json.query "submit_ioc"
json.threat_type "botnet_cc"
json.ioc_type "ip:port"
json.malware "win.icedid"
json.confidence_level 60
json.anonymous 0
json.iocs artifacts.map { |artifact|
artifact.ports.map do |port|
"#{artifact.data}:#{port.number}"
end
}.flatten
and this is for fixed port: (not worked)
json.query "submit_ioc"
json.threat_type "botnet_cc"
json.ioc_type "ip:port"
json.malware "win.icedid"
json.confidence_level 60
json.anonymous 0
json.iocs artifacts.map { |artifact|
"#{artifact.data}:443"
}
Can you guide? Thanks
from mihari.
Related Issues (20)
- Attribute-Level Tagging for MISP Integration HOT 5
- MISP not configured correctly HOT 1
- [Feature Request] Consider Adding Hudson Rock Cybercrime Intelligence Integration HOT 2
- [Feature Request] Suppress Enrichment HOT 1
- [Feature Request] Update Detection Behaviour HOT 2
- [BUG] MISP emitter failing due to the 302 response code HOT 6
- [BUG] WEB APP - Page buttons on the Rules web page don't work HOT 2
- [Feature Request] Obfuscate or hide API keys in the Config page of the Web App HOT 3
- [Feature Request] Creating an emitter to MS Teams HOT 3
- [BUG] Censys `KeyError` HOT 2
- [BUG] - alert.rule_id issues after upgrade from 4.9.0 to 5.2.3 HOT 3
- [BUG] Censys queries hanging within Docker Mihari HOT 2
- [BUG] Exception: TypeError: can't convert NilClass into time interval HOT 5
- [BUG] Issue with Censys rules HOT 2
- PDF in README yields 404 HOT 2
- [BUG] Shodan API Error - 401 HOT 3
- SQLite error[BUG] HOT 1
- no implicit conversion of Mihari::Models::Rule into Hash (TypeError)
- FOFA rule returns null HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mihari.