Comments (4)
ninoseki
commented on July 30, 2024
I guess you already have 137.74.131.20 in under the same rule.
You can check it by mihari artifact list "rule.id:575fdb13-c04f-48d2-80a8-c1587e1456a8 AND data:137.74.131.20.
If the command outputs something, my hypothesis is right.
from mihari.
V0lundr
commented on July 30, 2024
Thanks for your quick reply. Actually the rule was new, as I was testing FOFA queries for the first time. In any case, the command you suggested produced the following:
mihari artifact list "rule.id:575fdb13-c04f-48d2-80a8-c1587e1456a8 AND data:137.74.131.20"
{
"total": 0,
"currentPage": 1,
"pageSize": 10,
"results": [
]
}
from mihari.
ninoseki
commented on July 30, 2024
I'm unable to reproduce the issue unfortunately.
$ mihari search 575fdb13-c04f-48d2-80a8-c1587e1456a8
{
"id": 4,
"ruleId": "575fdb13-c04f-48d2-80a8-c1587e1456a8",
"createdAt": "2024-01-03 15:09:41 UTC",
"artifacts": [
{
"id": 4,
"data": "137.74.131.20",
"dataType": "ip",
"source": "fofa",
"query": "ip=\"137.74.131.20\"",
"metadata": null,
"createdAt": "2024-01-03 15:09:41 UTC"
}
],
"tags": [
{
"id": 1,
"name": "FOFATest"
}
]
}from mihari.
V0lundr
commented on July 30, 2024
No worries. I redeployed the system from scratch and tested it. I get the same null value for FOFA.
When I use the same query for censys in the same rule, it works fine. So, there's deff something wrong with FOFA on my side.
Here is the summary:
FOFA query: server=="web.go" && asn="44477" -> returns null + no results
Censys query: services:(services.http.response.headers.Server:web.go) and (autonomous_system.description="STARK-INDUSTRIES")
Overall rule:
id: 575fdb13-c04f-48d2-80a8-c1587e1456a8
title: web.go
description: web.go
tags:
- web
author: web
created_on: '2023-12-31'
queries:
- analyzer: fofa
query: server=="web.go" && asn="44477"
- analyzer: censys
query: services:(services.http.response.headers.Server:web.go) and (autonomous_system.description="STARK-INDUSTRIES")
emitters:
- emitter: database
- emitter: slack
- emitter: misp
enrichers:
- enricher: whois
- enricher: mmdb
- enricher: shodan
- enricher: google_public_dns
data_types:
- hash
- ip
- domain
- url
- mail
falsepositives: []
If you've exhausted all ideas regarding what the issue might be, please feel free to close the issue. And thanks a lot.
from mihari.
Related Issues (20)
- Attribute-Level Tagging for MISP Integration HOT 5
- MISP not configured correctly HOT 1
- [BUG] Mihari ThreatFox webhook is not working HOT 7
- [Axios Error: Request failed with error code 500] HOT 2
- [Feature Request] Suppress Enrichment HOT 1
- [Feature Request] Update Detection Behaviour HOT 2
- [BUG] MISP emitter failing due to the 302 response code HOT 6
- [BUG] WEB APP - Page buttons on the Rules web page don't work HOT 2
- [Feature Request] Obfuscate or hide API keys in the Config page of the Web App HOT 3
- [Feature Request] Creating an emitter to MS Teams HOT 3
- [BUG] Censys `KeyError` HOT 2
- [BUG] - alert.rule_id issues after upgrade from 4.9.0 to 5.2.3 HOT 3
- [BUG] Censys queries hanging within Docker Mihari HOT 2
- [BUG] Exception: TypeError: can't convert NilClass into time interval HOT 5
- [BUG] Issue with Censys rules HOT 2
- PDF in README yields 404 HOT 2
- [BUG] Shodan API Error - 401 HOT 3
- SQLite error[BUG] HOT 1
- no implicit conversion of Mihari::Models::Rule into Hash (TypeError)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mihari.