[IntelMQ-users] MISP Expert bot

Soni, Drupad drupadsoni at kpmg.com
Tue May 11 11:49:22 CEST 2021 

Hi Bernhard,

I have used MISP-API bot and misp expert bot. I am looking at error as below. I have used auth key and url which are correct. Please guide.

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/intelmq/lib/bot.py", line 164, in __init__
    self.init()
  File "/usr/lib/python3/dist-packages/intelmq/bots/experts/misp/expert.py", line 30, in init
    self.parameters.http_verify_cert)
  File "/usr/local/lib/python3.6/dist-packages/pymisp/api.py", line 181, in __init__
    raise PyMISPError(f'Unable to connect to MISP ({self.root_url}). Please make sure the API key and the URL are correct (http/https is required): {e}')
pymisp.exceptions.PyMISPError: Unable to connect to MISP (https://20.57.10.5/). Please make sure the API key and the URL are correct (http/https is required): HTTPSConnectionPool(host='20.57.10.5', port=443): Max retries exceeded with url: /servers/getPyMISPVersion.json (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)'),))

Regards,
Drupad Soni
KPMG – Cyber Security
Embassy Golf Links Business Park, Pebble Beach, 'B' Block, 
1st & 2nd Floor, Off Intermediate Ring Road 
Mobile : +91 8140283894
Know more about our Cyber Security Services
https://home.kpmg.com/in/en/home/services/advisory/risk-consulting/it-advisory-services/cyber-security.html

-----Original Message-----
From: IntelMQ-users <intelmq-users-bounces at lists.cert.at> On Behalf Of Bernhard Reiter
Sent: Tuesday, May 11, 2021 2:59 PM
To: intelmq-users at lists.cert.at
Subject: Re: [IntelMQ-users] MISP Expert bot

Hi Soni,

https://github.com/certtools/intelmq/blob/master/intelmq/bots/outputs/misp/output_api.py

Am Dienstag 11 Mai 2021 06:18:02 schrieb Soni, Drupad via IntelMQ-users:
> How does MISP-API o/p bot work? I have gone through documentation 
> shared on INTELMQ DOCUMENTATION.

the documentation points to the docstrings of the file for more details, thus see the docstring in https://github.com/certtools/intelmq/blob/master/intelmq/bots/outputs/misp/output_api.py
(or the right one for your version)

> Once it is configured on Intelmq what configurations needs to be done 
> on MISP integration side?

As far as I remember there are no special configuration settings needed in MISP. The Intelmq-misp-output-api bot will just enter new MSIP events (under the documented conditions) to the user with the configured MISP api key.

To see what is happening, check the logfile of the output_api bot (may need to raise logging levels as documented in the general IntelMQ documentation).

Regards,
Bernhard


--
www.intevation.de/~bernhard   +49 541 33 508 3-3 Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998 Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner

**********************************************************************
KPMG (in India) allows reasonable personal use of the e-mail system. Views and opinions expressed in these communications do not necessarily represent those of KPMG (in India).

*******************************************************************************************************
DISCLAIMER
The information in this e-mail is confidential and may be legally privileged. It is intended solely for the addressee. Access to this e-mail by anyone else is unauthorized. If you have received this communication in error, please address with the subject heading "Received in error," send to postmaster1 at kpmg.com, then delete the e-mail and destroy any copies of it. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Any opinions or advice contained in this e-mail are subject to the terms and conditions expressed in the governing KPMG client engagement letter. Opinions, conclusions and other information in this e-mail and any attachments that do not relate to the official business of the firm are neither given nor endorsed by it.

KPMG cannot guarantee that e-mail communications are secure or error-free, as information could be intercepted, corrupted, amended, lost, destroyed, arrive late or incomplete, or contain viruses.

KPMG, an Indian partnership and a member firm of KPMG International Cooperative ("KPMG International"), a Swiss entity that serves as a coordinating entity for a network of independent firms operating under the KPMG name. KPMG International Cooperative (“KPMG International”) provides no services to clients. Each member firm of KPMG International Cooperative (“KPMG International”) is a legally distinct and separate entity and each describes itself as such.

“Notwithstanding anything inconsistent contained in the meeting invite to which this acceptance pertains, this acceptance is restricted solely to confirming my availability for the proposed call and should not be construed in any manner as acceptance of any other terms or conditions. Specifically, nothing contained herein may be construed as an acceptance (or deemed acceptance)  of any request or notification for recording of the call, which  can be done only if it is based on my explicit and written consent and subject to the terms and conditions on which such consent has been granted”
*******************************************************************************************************

More information about the IntelMQ-users mailing list