Error polling virus total

Reply
L3 Networker

Error polling virus total

I'm running into an issue with the virus total miner. Once the API key is set it continues to throw this error:

 

2017-09-08T14:24:58 (2986)basepoller._actor_loop INFO: virustotal_notifications-green - command: 1504880698052 poll
2017-09-08T14:24:58 (2986)basepoller._polling_loop INFO: Polling virustotal_notifications-green
2017-09-08T14:24:58 (2986)connectionpool._new_conn INFO: Starting new HTTPS connection (1): www.virustotal.com
2017-09-08T14:24:58 (2986)basepoller._poll ERROR: Exception in polling loop for virustotal_notifications-green: No JSON object could be decoded
Traceback (most recent call last):
  File "/opt/minemeld/engine/0.9.42/local/lib/python2.7/site-packages/minemeld/ft/basepoller.py", line 721, in _poll
    performed = self._polling_loop()
  File "/opt/minemeld/engine/0.9.42/local/lib/python2.7/site-packages/minemeld/ft/basepoller.py", line 571, in _polling_loop
    iterator = self._build_iterator(now)
  File "/opt/minemeld/engine/0.9.42/local/lib/python2.7/site-packages/minemeld/ft/vt.py", line 88, in _build_iterator
    return super(Notifications, self)._build_iterator(now)
  File "/opt/minemeld/engine/0.9.42/local/lib/python2.7/site-packages/minemeld/ft/json.py", line 135, in _build_iterator
    result = self.extractor.search(r.json())
  File "/opt/minemeld/engine/0.9.42/local/lib/python2.7/site-packages/requests/models.py", line 819, in json
    return json.loads(self.text, **kwargs)
  File "/usr/lib/python2.7/json/__init__.py", line 338, in loads
    return _default_decoder.decode(s)
  File "/usr/lib/python2.7/json/decoder.py", line 366, in decode
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())
  File "/usr/lib/python2.7/json/decoder.py", line 384, in raw_decode
    raise ValueError("No JSON object could be decoded")
ValueError: No JSON object could be decoded
2017-09-08T14:24:59 (2986)basepoller._polling_loop INFO: Polling virustotal_notifications-green
2017-09-08T14:24:59 (2986)connectionpool._new_conn INFO: Starting new HTTPS connection (1): www.virustotal.com
2017-09-08T14:24:59 (2986)basepoller._poll ERROR: Exception in polling loop for virustotal_notifications-green: No JSON object could be decoded
Traceback (most recent call last):
  File "/opt/minemeld/engine/0.9.42/local/lib/python2.7/site-packages/minemeld/ft/basepoller.py", line 721, in _poll
    performed = self._polling_loop()
  File "/opt/minemeld/engine/0.9.42/local/lib/python2.7/site-packages/minemeld/ft/basepoller.py", line 571, in _polling_loop
    iterator = self._build_iterator(now)
  File "/opt/minemeld/engine/0.9.42/local/lib/python2.7/site-packages/minemeld/ft/vt.py", line 88, in _build_iterator
    return super(Notifications, self)._build_iterator(now)
  File "/opt/minemeld/engine/0.9.42/local/lib/python2.7/site-packages/minemeld/ft/json.py", line 135, in _build_iterator
    result = self.extractor.search(r.json())
  File "/opt/minemeld/engine/0.9.42/local/lib/python2.7/site-packages/requests/models.py", line 819, in json
    return json.loads(self.text, **kwargs)
  File "/usr/lib/python2.7/json/__init__.py", line 338, in loads
    return _default_decoder.decode(s)
  File "/usr/lib/python2.7/json/decoder.py", line 366, in decode
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())
  File "/usr/lib/python2.7/json/decoder.py", line 384, in raw_decode
    raise ValueError("No JSON object could be decoded")
ValueError: No JSON object could be decoded
2017-09-08T14:25:04 (2986)basepoller._actor_loop INFO: virustotal_notifications-green - command: 1504880698052 age_out

It's not liking something it's getting however I'm not seeing anything else in the logs to help figure this out. 

L5 Sessionator

Re: Error polling virus total

@chirss : could you please take a look at the following comment? https://live.paloaltonetworks.com/t5/MineMeld-Articles/Using-MineMeld-as-a-Incident-Response-Platfor...

 

Looks like you VT account lacks "Intelligence" subscription or that you haven't configured any YARA rule in your VT Hunting Panel.

L3 Networker

Re: Error polling virus total

I guess I need to figure out why it won't let me get into the intelligence or hunting sections of the vt website. Thanks for pointing me in the right direction.

L3 Networker

Re: Error polling virus total

Ah it's a paid subscription of some kind and I just have a freebie account. Makes sense.

L1 Bithead

Re: Error polling virus total

I have VT intelligent account and created YARA rule but, still get the same error. When I access link

https://www.virustotal.com/intelligence/hunting/notifications-feed/?key=289dca4190400946e5078ffdccb2...

it is blank.

Here are my YARA rulesets:

error no json object could be decoded.png

L7 Applicator

Re: Error polling virus total

Hi @Nupagazy,

MineMeld doesn't support v3 API yet, I have opened an issue on github to track this: https://github.com/PaloAltoNetworks/minemeld-core/issues/308

 

Luigi

L1 Bithead

Re: Error polling virus total

Hi Luigi,

Thank you so much. I log in virustotal agaian and it turned back to old API version ( have no idea why) . It works now

Best REgards,

An

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!