[IntelMQ-users] Intelmq-docker v.2.3.3 API

Wed Aug 25 17:52:39 CEST 2021

Hi Sebastian,

Thanks for the reply. Yes, I read about the minor issues about the current release, that’s why I wanted to try out the 2.3.3 version with docker first.
But good to know this will be fixed, thanks!

Kind regards,
Jessica

On 25 Aug 2021, at 17:35, Sebastian Waldbauer <waldbauer at cert.at<mailto:waldbauer at cert.at>> wrote:

Hey Jessica & users :)

First of all, awesome that you're using the dockerized version of intelmq & thanks for the report.

Indeed, this is a bug and we're working on it to be fixed in the intelmq-full:3.x release. But the current 3.x release does face some minor issues aswell, therefor we do not recommend to update at this point.

Sorry for that :(

Kind regards,

Sebastian
On 8/25/21 2:14 PM, Jessica Schumacher wrote:
Hi all,

I recently looked into intelmq-docker [1] and really liked the concept of it. Especially since we currently have IntelMQ in a dockerized setup running, it looks really promising. Thank you for the work you put into it so far!

I do have a question though or more of an issue I ran into. I am currently working with `intelmq-full-dev` to implement our own bots. I use the docker image `certat/intelmq-full:2.3.3` so I am using IntelMQ Version 2.3.3 in my setup. I get the following error messages in IntelMQ Manager:
[cid:F50FA094-45F0-42BB-8E3E-A3504E236BCF]

The file does indeed not exist at this url shown in the image but can be accessed via: http://127.0.0.1:1337/intelmq/v1/api/config?file=positions
My guess is, that an older IntelMQ API is installed where only one of those methods to access the files works. At the moment version 2.3.1 of the IntelMQ API is automatically installed when setting up the docker container. If I compare the api.py of 2.3.1 [2] with the current one [3], I can see, that entries for “runtime” or “positions”  for example are missing in version 2.3.1; therefor the error.
I am not entirely sure if this has something to do with this [4] issue on Github. Is this something that can be fixed on the docker image from your site? Or am I doing something wrong here?

Thank you for your help.

Kind regards,
Jessica

[1] https://github.com/certat/intelmq-docker
[2] https://github.com/certtools/intelmq-api/blob/2.3.1/intelmq_api/api.py
[3] https://github.com/certtools/intelmq-api/blob/develop/intelmq_api/api.py
[4] https://github.com/certat/intelmq-docker/issues/8

--
SWITCH
Jessica Schumacher, SWITCH-CERT
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 15 15, direct +41 44 268 16 33
jessica.schumacher at switch.ch<mailto:jessica.schumacher at switch.ch>, http://www.switch.ch<http://www.switch.ch/>

--
// Sebastian Waldbauer <waldbauer at cert.at><mailto:waldbauer at cert.at> - T: +43 1 5056416 7202
// CERT Austria - https://www.cert.at/
// Eine Initiative der nic.at<http://nic.at> GmbH - https://www.nic.at/
// Firmenbuchnummer 172568b, LG Salzburg

--
List settings:
https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-users
IntelMQ Documentation: https://intelmq.readthedocs.io/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/intelmq-users/attachments/20210825/54805e62/attachment.htm>