Hail-a-taxii PhishTank Taxii Issues

Reply
L1 Bithead

Hail-a-taxii PhishTank Taxii Issues

Hi,

 

Just wanted to ask whether the hail-a-taxii miner for Phishtank is broken or not. What I'm experiencing is that, on first creation it pulls the data for the first time, and then nothing from there on - no new data being pulled. I ran a pull on hail-a-taxii PhishTank taxii feed using Anomali STAXX and confirm there were new URLs provided each day - just that it's not being pulled by MineMeld. I'm seeing in all of my MineMeld installations (test env and production env).

 

Below is screen shot of my test system and the first pull (Oct 2nd) and nothing newer than that comes out.

 

PhishTank-miner-log.PNGFrom the log, only the first pull was captured and nothing after that.PhishTank-miner.PNGToday's pull was a success but didn't yield any new data and logs doesn't show them either.

L7 Applicator

Re: Hail-a-taxii PhishTank Taxii Issues

Hi @vedd3r,

thanks for reporting this. I will check this (I need some days to wait for the updates) and let you know.

 

luigi

L1 Bithead

Re: Hail-a-taxii PhishTank Taxii Issues

Thanks @lmori! I'm activating the rest of Hail-a-taxii prototypes as well and monitoring the output.

L1 Bithead

Re: Hail-a-taxii PhishTank Taxii Issues

I've checked on the status for all the Hail-A-Taxii (HAT) feeds and it seemed it's not limited to PhishTank only. None of the HAT prototypes are pulling new data.

L7 Applicator

Re: Hail-a-taxii PhishTank Taxii Issues

Hi @vedd3r,

my phishtank miner is pulling updates, may I know the MM release you are running on ?

 

Thanks,

luigi

L1 Bithead

Re: Hail-a-taxii PhishTank Taxii Issues

Capture.PNG

Hi @lmori

 

I'm using 0.9.42 for all my installations. All of them are not pulling the updates after the initial pull. I've also asked a couple of my friends who uses MM and they confirmed they're experiencing the same issue as well.

 

 

L7 Applicator

Re: Hail-a-taxii PhishTank Taxii Issues

Hi @vedd3r,

thanks for the feedback. I will check everything again as soon as hailataxii comes back online (it's returning 500s now) and let you know about my findings.

 

luigi

L7 Applicator

Re: Hail-a-taxii PhishTank Taxii Issues

Hi @vedd3r,

I have monitored phishtank miner for some days and I have seen updates. This is my graph:

Screen Shot 2017-10-25 at 13.00.16.png

 

This is the number of indicators over time in the graph, green bars below are the updates generated by the Miner:

Screen Shot 2017-10-25 at 12.20.21.png

 

Would you mind sending me the minemeld-engine.log ? I am reachable at lmori@paloaltonetworks.com.

 

Thanks!

luigi

L1 Bithead

Re: Hail-a-taxii PhishTank Taxii Issues

Hi @lmori

 

I've sent an email to you with the logs. There was a power trip on 25th Oct which caused the vm host and Minemeld guest vm to restart - 95 new indicators were pulled by the PhishTank prototype on that day and after that it went silent again as if nothing new is there.

 

Let me know if you need additional logs/data.

 

Thanks.

L7 Applicator

Re: Hail-a-taxii PhishTank Taxii Issues

Hi @vedd3r,

thaks, I am pretty sure we have isolated the issue - if all the tests goes as expected we will release an HF for this.

 

Thanks !

Luigi

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!