Skip to content

MISP Connection Error with Cortex/HIVE #371

New issue
New issue
Closed
Closed
MISP Connection Error with Cortex/HIVE#371
@SivaPrem

Description

@SivaPrem
SivaPrem
opened on Nov 8, 2017
Question Answer
OS version (server) Ubuntu, ...
, ...
TheHive version 2.13.1
Cortex Version : 1.1.4
MISP : 2.4.76 /2.4.81 (Two instances)

When I try to Check for IOC from The hive or Cortex in MISP , I have the following issue , It was mentioned there was some fix for this issue , But I have the following error thrown

Error From the HIVE

image

Error From the Cortex:

Error: Invalid output\n/usr/local/lib/python2.7/dist-packages/pymisp/api.py:20: UserWarning: You're using python 2, it is strongly recommended to use python >=3.4\n warnings.warn("You're using python 2, it is strongly recommended to use python >=3.4")\n/usr/local/lib/python2.7/dist-packages/pymisp/mispevent.py:45: UserWarning: You're using python 2, it is strongly recommended to use python >=3.4\n warnings.warn("You're using python 2, it is strongly recommended to use python >=3.4")\n/usr/local/lib/python2.7/dist-packages/pymisp/api.py:39: UserWarning: You're using python 2, it is strongly recommended to use python >=3.4\n warnings.warn("You're using python 2, it is strongly recommended to use python >=3.4")\nTraceback (most recent call last):\n File "./misp.py", line 67, in \n MISPAnalyzer().run()\n File "./misp.py", line 20, in init\n name=name)\n File "/home//analyzers/Cortex-Analyzers-master/analyzers/MISP/mispclient.py", line 40, in init\n ssl=verify))\n File "/usr/local/lib/python2.7/dist-packages/pymisp/api.py", line 118, in init\n raise PyMISPError('Unable to connect to MISP ({}). Please make sure the API key and the URL are correct (http/https is required): {}'.format(self.root_url, e))\npymisp.exceptions.PyMISPError: Unable to connect to MISP (https://XXXXX). Please make sure the API key and the URL are correct (http/https is required): [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)\n",

Conf USED in Cortex : (Application.conf)

MISP{
url=["https://XXXXX/"]
key=["XXXXXX"]
certpath=["/etc/apache2/ssl/"]
}

Hive Conf

misp {
"MISP_CASETEMPLATE" {
# URL of the MISP server
url = "https://XXXXXXXX"

# authentication key
key = "XXXXXXXX"

# tags that must be automatically added to the case corresponding to the imported event
tags = ["misp"]

# truststore configuration using "cert" key is deprecated
cert =" /etc/apache2/ssl/"

# HTTP client configuration, more details in section 8
# ws {
#   proxy {}
#   ssl {}
# }

}
}

misp : ( /etc/apache2/sites-available/misp-ssl.conf)

image

Can you Correct me on this please

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions