Reply
Highlighted
L3 Networker
Posts: 50
Registered: ‎09-14-2016
Accepted Solution

Error polling virus total

I'm running into an issue with the virus total miner. Once the API key is set it continues to throw this error:

 

2017-09-08T14:24:58 (2986)basepoller._actor_loop INFO: virustotal_notifications-green - command: 1504880698052 poll
2017-09-08T14:24:58 (2986)basepoller._polling_loop INFO: Polling virustotal_notifications-green
2017-09-08T14:24:58 (2986)connectionpool._new_conn INFO: Starting new HTTPS connection (1): www.virustotal.com
2017-09-08T14:24:58 (2986)basepoller._poll ERROR: Exception in polling loop for virustotal_notifications-green: No JSON object could be decoded
Traceback (most recent call last):
  File "/opt/minemeld/engine/0.9.42/local/lib/python2.7/site-packages/minemeld/ft/basepoller.py", line 721, in _poll
    performed = self._polling_loop()
  File "/opt/minemeld/engine/0.9.42/local/lib/python2.7/site-packages/minemeld/ft/basepoller.py", line 571, in _polling_loop
    iterator = self._build_iterator(now)
  File "/opt/minemeld/engine/0.9.42/local/lib/python2.7/site-packages/minemeld/ft/vt.py", line 88, in _build_iterator
    return super(Notifications, self)._build_iterator(now)
  File "/opt/minemeld/engine/0.9.42/local/lib/python2.7/site-packages/minemeld/ft/json.py", line 135, in _build_iterator
    result = self.extractor.search(r.json())
  File "/opt/minemeld/engine/0.9.42/local/lib/python2.7/site-packages/requests/models.py", line 819, in json
    return json.loads(self.text, **kwargs)
  File "/usr/lib/python2.7/json/__init__.py", line 338, in loads
    return _default_decoder.decode(s)
  File "/usr/lib/python2.7/json/decoder.py", line 366, in decode
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())
  File "/usr/lib/python2.7/json/decoder.py", line 384, in raw_decode
    raise ValueError("No JSON object could be decoded")
ValueError: No JSON object could be decoded
2017-09-08T14:24:59 (2986)basepoller._polling_loop INFO: Polling virustotal_notifications-green
2017-09-08T14:24:59 (2986)connectionpool._new_conn INFO: Starting new HTTPS connection (1): www.virustotal.com
2017-09-08T14:24:59 (2986)basepoller._poll ERROR: Exception in polling loop for virustotal_notifications-green: No JSON object could be decoded
Traceback (most recent call last):
  File "/opt/minemeld/engine/0.9.42/local/lib/python2.7/site-packages/minemeld/ft/basepoller.py", line 721, in _poll
    performed = self._polling_loop()
  File "/opt/minemeld/engine/0.9.42/local/lib/python2.7/site-packages/minemeld/ft/basepoller.py", line 571, in _polling_loop
    iterator = self._build_iterator(now)
  File "/opt/minemeld/engine/0.9.42/local/lib/python2.7/site-packages/minemeld/ft/vt.py", line 88, in _build_iterator
    return super(Notifications, self)._build_iterator(now)
  File "/opt/minemeld/engine/0.9.42/local/lib/python2.7/site-packages/minemeld/ft/json.py", line 135, in _build_iterator
    result = self.extractor.search(r.json())
  File "/opt/minemeld/engine/0.9.42/local/lib/python2.7/site-packages/requests/models.py", line 819, in json
    return json.loads(self.text, **kwargs)
  File "/usr/lib/python2.7/json/__init__.py", line 338, in loads
    return _default_decoder.decode(s)
  File "/usr/lib/python2.7/json/decoder.py", line 366, in decode
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())
  File "/usr/lib/python2.7/json/decoder.py", line 384, in raw_decode
    raise ValueError("No JSON object could be decoded")
ValueError: No JSON object could be decoded
2017-09-08T14:25:04 (2986)basepoller._actor_loop INFO: virustotal_notifications-green - command: 1504880698052 age_out

It's not liking something it's getting however I'm not seeing anything else in the logs to help figure this out. 

L3 Networker
Posts: 48
Registered: ‎11-15-2012

Re: Error polling virus total

[ Edited ]

@chirsf : could you please take a look at the following comment? https://live.paloaltonetworks.com/t5/MineMeld-Articles/Using-MineMeld-as-a-Incident-Response-Platfor...

 

Looks like you VT account lacks "Intelligence" subscription or that you haven't configured any YARA rule in your VT Hunting Panel.

L3 Networker
Posts: 50
Registered: ‎09-14-2016

Re: Error polling virus total

I guess I need to figure out why it won't let me get into the intelligence or hunting sections of the vt website. Thanks for pointing me in the right direction.

L3 Networker
Posts: 50
Registered: ‎09-14-2016

Re: Error polling virus total

Ah it's a paid subscription of some kind and I just have a freebie account. Makes sense.