[IntelMQ-users] mispfeedoutput bot feed
Sebastian Wagner
wagner at cert.at
Fri Apr 30 18:36:12 CEST 2021
Hi,
I am not very familiar with the MISP feeds, but it looks like the pymisp
libary tries to read the file
/var/lib/intelmq/bots/mispfeed-output/276c9aa3-abb6-4983-8fc7-34e4810e6951.json
as JSON, but there seems to be a syntax error just at the beginning. I
did a quick test here and it worked. For a more debugging, the start of
the mentioned file, as well as the pymisp version that you are using,
might help
Sebastian
On 4/29/21 10:33 AM, Soni, Drupad via IntelMQ-users wrote:
>
> HI,
>
>
>
> o/p of .current file is
>
>
>
> /var/lib/intelmq/bots/mispfeed-output/276c9aa3-abb6-4983-8fc7-34e4810e6951.json
>
>
>
> Regards,
>
> Drupad Soni
>
> *KPMG – Cyber Security*
>
> Embassy Golf Links Business Park, Pebble Beach, 'B' Block,
>
> 1st & 2nd Floor, Off Intermediate Ring Road
>
> Mobile : +91 8140283894
>
> Know more about our *Cyber Security Services*
>
> https://home.kpmg.com/in/en/home/services/advisory/risk-consulting/it-advisory-services/cyber-security.html
>
>
>
> *From:* Sebastian Wagner <wagner at cert.at>
> *Sent:* Thursday, April 29, 2021 2:02 PM
> *To:* Soni, Drupad <drupadsoni at kpmg.com>; intelmq-users at lists.cert.at
> *Subject:* Re: [IntelMQ-users] mispfeedoutput bot feed
>
>
>
> Hi,
>
> To see hidden files, you need to use `ls -a`.
>
> On 4/29/21 10:30 AM, Soni, Drupad wrote:
>
> Hi Sebastian,
>
>
>
> It was running previously. I am not able to locate any .current
> file Please see,
>
>
>
>
>
>
>
> root at intelmqelk:/var/lib/intelmq/bots/mispfeed-output# ls
>
> b34c5dfb-af4c-441c-bffe-60842ec4d35f.json hashes.csv manifest.json
>
>
>
> Regards,
>
> Drupad Soni
>
> *KPMG – Cyber Security*
>
> Embassy Golf Links Business Park, Pebble Beach, 'B' Block,
>
> 1st & 2nd Floor, Off Intermediate Ring Road
>
> Mobile : +91 8140283894
>
> Know more about our *Cyber Security Services*
>
> https://home.kpmg.com/in/en/home/services/advisory/risk-consulting/it-advisory-services/cyber-security.html
>
>
>
> *From:* Sebastian Wagner <wagner at cert.at> <mailto:wagner at cert.at>
> *Sent:* Thursday, April 29, 2021 1:53 PM
> *To:* Soni, Drupad <drupadsoni at kpmg.com>
> <mailto:drupadsoni at kpmg.com>; intelmq-users at lists.cert.at
> <mailto:intelmq-users at lists.cert.at>
> *Subject:* Re: [IntelMQ-users] mispfeedoutput bot feed
>
>
>
> Hi Drupad,
>
> Was the bot running previously already, or is this the first run?
> In your configured output directory, there is a file called
> ".current", can you show the very beginning of it (to check the
> format)?
>
> Sebsatian
>
> On 4/29/21 9:31 AM, Soni, Drupad via IntelMQ-users wrote:
>
> Hi Sebastian/Bernhard,
>
>
>
> Mispfeed-output bot failed. Error is as below,
>
>
>
> Bot initialization failed.
> Traceback (most recent call last):
> File "/usr/lib/python3/dist-packages/intelmq/lib/bot.py", line 164, in __init__
> self.init()
> File "/usr/lib/python3/dist-packages/intelmq/bots/outputs/misp/output_feed.py", line 65, in init
> self.current_event.load_file(self.current_file)
> File "/usr/local/lib/python3.6/dist-packages/pymisp/mispevent.py", line 1598, in load_file
> self.load(f, validate, metadata_only)
> File "/usr/local/lib/python3.6/dist-packages/pymisp/mispevent.py", line 1606, in load
> json_event = json.loads(json_event)
> File "/usr/lib/python3.6/json/__init__.py", line 354, in loads
> return _default_decoder.decode(s)
> File "/usr/lib/python3.6/json/decoder.py", line 339, in decode
> obj, end = self.raw_decode(s, idx=_w(s, 0).end())
> File "/usr/lib/python3.6/json/decoder.py", line 357, in raw_decode
> raise JSONDecodeError("Expecting value", s, err.value) from None
> json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
>
>
>
> Regards,
>
> Drupad Soni
>
> *KPMG – Cyber Security*
>
> Embassy Golf Links Business Park, Pebble Beach, 'B' Block,
>
> 1st & 2nd Floor, Off Intermediate Ring Road
>
> Mobile : +91 8140283894
>
> Know more about our *Cyber Security Services*
>
> https://home.kpmg.com/in/en/home/services/advisory/risk-consulting/it-advisory-services/cyber-security.html
>
>
>
> ------------------------------------------------------------------------
>
> KPMG (in India) allows reasonable personal use of the e-mail
> system. Views and opinions expressed in these communications
> do not necessarily represent those of KPMG (in India).
>
> *******************************************************************************************************
> DISCLAIMER
> The information in this e-mail is confidential and may be
> legally privileged. It is intended solely for the addressee.
> Access to this e-mail by anyone else is unauthorized. If you
> have received this communication in error, please address with
> the subject heading "Received in error," send to
> postmaster1 at kpmg.com <mailto:postmaster1 at kpmg.com>, then
> delete the e-mail and destroy any copies of it. If you are not
> the intended recipient, any disclosure, copying, distribution
> or any action taken or omitted to be taken in reliance on it,
> is prohibited and may be unlawful. Any opinions or advice
> contained in this e-mail are subject to the terms and
> conditions expressed in the governing KPMG client engagement
> letter. Opinions, conclusions and other information in this
> e-mail and any attachments that do not relate to the official
> business of the firm are neither given nor endorsed by it.
>
> KPMG cannot guarantee that e-mail communications are secure or
> error-free, as information could be intercepted, corrupted,
> amended, lost, destroyed, arrive late or incomplete, or
> contain viruses.
>
> KPMG, an Indian partnership and a member firm of KPMG
> International Cooperative ("KPMG International"), a Swiss
> entity that serves as a coordinating entity for a network of
> independent firms operating under the KPMG name. KPMG
> International Cooperative (“KPMG International”) provides no
> services to clients. Each member firm of KPMG International
> Cooperative (“KPMG International”) is a legally distinct and
> separate entity and each describes itself as such.
>
> “Notwithstanding anything inconsistent contained in the
> meeting invite to which this acceptance pertains, this
> acceptance is restricted solely to confirming my availability
> for the proposed call and should not be construed in any
> manner as acceptance of any other terms or conditions.
> Specifically, nothing contained herein may be construed as an
> acceptance (or deemed acceptance) of any request or
> notification for recording of the call, which can be done only
> if it is based on my explicit and written consent and subject
> to the terms and conditions on which such consent has been
> granted”
> *******************************************************************************************************
>
>
>
> --
>
> // Sebastian Wagner <wagner at cert.at> <mailto:wagner at cert.at> - T: +43 676 898 298 7201
>
> // CERT Austria - https://www.cert.at/
>
> // Eine Initiative der nic.at GmbH - https://www.nic.at/
>
> // Firmenbuchnummer 172568b, LG Salzburg
>
> --
> // Sebastian Wagner <wagner at cert.at> <mailto:wagner at cert.at> - T: +43 676 898 298 7201
> // CERT Austria - https://www.cert.at/
> // Eine Initiative der nic.at GmbH - https://www.nic.at/
> // Firmenbuchnummer 172568b, LG Salzburg
>
--
// Sebastian Wagner <wagner at cert.at> - T: +43 676 898 298 7201
// CERT Austria - https://www.cert.at/
// Eine Initiative der nic.at GmbH - https://www.nic.at/
// Firmenbuchnummer 172568b, LG Salzburg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/intelmq-users/attachments/20210430/f54999f2/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/intelmq-users/attachments/20210430/f54999f2/attachment.sig>
More information about the IntelMQ-users
mailing list