-
Notifications
You must be signed in to change notification settings - Fork 21
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use PyMISP instead of ExpandedPyMISP #97
Conversation
- ExpandedPyMISP has superseded PyMISP and has been renamed - The alias ExpandedPyMISP throws deprecation errors at this point - blind change, still needs to see if it completely fixes the issue, as @UFOSmuggler pointed out in the chat, from pymisp import * might still lead to deprecation warnings om script.py
Thank you for the update and change. Will have a look in the Gitter conversation shortly. |
Cheers, there are some more questions over there in regards to misp2sentinel if you are having a lot of downtime (sorry, bad joke :)) |
Thankyou for the update. The script now runs without any error but, I don't see any data forwarded to Sentinel. Is there any particular log file that captures error while running the script.py file ? |
I was able to find the log file and it says the indicators sent to Microsoft Graph security as below but, I don't see any indicators in Sentinel --------2024-07-02 19:18:27,196 - misp2sentinel - INFO - Sending security indicators to Microsoft Graph Security |
Hello @rahulb123acc , can you use this Kusto query to check if there are new indicators in Sentinel?
|
Hi @cudeso |
Hello, urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='sentinelus.azure-api.net', port=443): Max retries exceeded with url: /551840fc-9571-4acb-8de9-96f1c63909fd/threatintelligence:upload-indicators?api-version=2022-07-01 (Caused by SSLError(SSLEOFError(8, 'EOF occurred in violation of protocol (_ssl.c:997)'))) Regards, |
Hi, I guess this is then related to a proxy blocking/intercepting the request? |
yes! the communication to the endpoint - "sentinelus.azure-api.net" on port 443 was blocked at firewall level |
@rahulb123acc good; I'll also add a list of domains that need whitelisting to the documentation; started tracking them in #99 |
ExpandedPyMISP has superseded PyMISP and has been renamed
The alias ExpandedPyMISP throws deprecation errors at this point
blind change, still needs to see if it completely fixes the issue, as @UFOSmuggler pointed out in the chat, from pymisp import * might still lead to deprecation warnings om script.py
See more about the discussion on MISP/Support on gitter