Integrate AlientVault feeds into minemeld

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Integrate AlientVault feeds into minemeld

L0 Member

I have been trying to add the alienvault otx feeds to minemeld and followed the steps mentioned in:
https://live.paloaltonetworks.com/t5/MineMeld-Discussions/AlienVault-taxii-miner-versus-prebuilt-rep...

 

However, I get this error while polling:

<urlopen error [Errno 1]_ssl.c:510: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure>

 

Any ideas as to what might be failing? 

2 REPLIES 2

L1 Bithead

I have the same issue here, Did anyone figureout a solution

<urlopen error Errno 1_ssl.c:510 errir:140770FC:SSL
routines:SSL23_Get_Server_Hello:Unkown protocol

2021-05-04T17:50:57 (18963)table._query_by_index INFO: Deleted in scan of _age_out: 0
2021-05-04T17:51:13 (18964)basepoller._huppable_wait INFO: hup is clear: False
2021-05-04T17:51:13 (18964)basepoller._actor_loop INFO: EFG-Alienvault-miner-TAXII - command: 1620150673194 poll
2021-05-04T17:51:13 (18964)basepoller._polling_loop INFO: Polling EFG-Alienvault-miner-TAXII
2021-05-04T17:51:13 (18964)basepoller._poll ERROR: Exception in polling loop for EFG-Alienvault-miner-TAXII: <urlopen error [Errno 1] _ssl.c:510: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol>
Traceback (most recent call last):
File "/opt/minemeld/engine/0.9.52.post1/local/lib/python2.7/site-packages/minemeld/ft/basepoller.py", line 721, in _poll
performed = self._polling_loop()
File "/opt/minemeld/engine/0.9.52.post1/local/lib/python2.7/site-packages/minemeld/ft/basepoller.py", line 571, in _polling_loop
iterator = self._build_iterator(now)
File "/opt/minemeld/engine/0.9.52.post1/local/lib/python2.7/site-packages/minemeld/ft/taxii.py", line 1131, in _build_iterator
self._discover_services(tc)
File "/opt/minemeld/engine/0.9.52.post1/local/lib/python2.7/site-packages/minemeld/ft/taxii.py", line 292, in _discover_services
resp = self._call_taxii_service(self.discovery_service, tc, request)
File "/opt/minemeld/engine/0.9.52.post1/local/lib/python2.7/site-packages/minemeld/ft/taxii.py", line 282, in _call_taxii_service
port=port
File "/opt/minemeld/engine/0.9.52.post1/local/lib/python2.7/site-packages/libtaxii/clients.py", line 337, in call_taxii_service2
response = urllib.request.urlopen(req)
File "/usr/lib/python2.7/urllib2.py", line 127, in urlopen
return _opener.open(url, data, timeout)
File "/usr/lib/python2.7/urllib2.py", line 404, in open
response = self._open(req, data)
File "/usr/lib/python2.7/urllib2.py", line 422, in _open
'_open', req)
File "/usr/lib/python2.7/urllib2.py", line 382, in _call_chain
result = func(*args)
File "/opt/minemeld/engine/0.9.52.post1/local/lib/python2.7/site-packages/libtaxii/clients.py", line 363, in https_open
return self.do_open(self.get_connection, req)
File "/usr/lib/python2.7/urllib2.py", line 1184, in do_open
raise URLError(err)
URLError: <urlopen error [Errno 1] _ssl.c:510: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol>
2021-05-04T17:51:17 (18964)basepoller._polling_loop INFO: Polling EFG-Alienvault-miner-TAXII
2021-05-04T17:51:17 (18964)basepoller._poll ERROR: Exception in polling loop for EFG-Alienvault-miner-TAXII: <urlopen error [Errno 1] _ssl.c:510: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol>
Traceback (most recent call last):
File "/opt/minemeld/engine/0.9.52.post1/local/lib/python2.7/site-packages/minemeld/ft/basepoller.py", line 721, in _poll
performed = self._polling_loop()
File "/opt/minemeld/engine/0.9.52.post1/local/lib/python2.7/site-packages/minemeld/ft/basepoller.py", line 571, in _polling_loop
iterator = self._build_iterator(now)
File "/opt/minemeld/engine/0.9.52.post1/local/lib/python2.7/site-packages/minemeld/ft/taxii.py", line 1131, in _build_iterator
self._discover_services(tc)
File "/opt/minemeld/engine/0.9.52.post1/local/lib/python2.7/site-packages/minemeld/ft/taxii.py", line 292, in _discover_services
resp = self._call_taxii_service(self.discovery_service, tc, request)
File "/opt/minemeld/engine/0.9.52.post1/local/lib/python2.7/site-packages/minemeld/ft/taxii.py", line 282, in _call_taxii_service
port=port
File "/opt/minemeld/engine/0.9.52.post1/local/lib/python2.7/site-packages/libtaxii/clients.py", line 337, in call_taxii_service2
response = urllib.request.urlopen(req)
File "/usr/lib/python2.7/urllib2.py", line 127, in urlopen
return _opener.open(url, data, timeout)
File "/usr/lib/python2.7/urllib2.py", line 404, in open
response = self._open(req, data)
File "/usr/lib/python2.7/urllib2.py", line 422, in _open
'_open', req)
File "/usr/lib/python2.7/urllib2.py", line 382, in _call_chain
result = func(*args)
File "/opt/minemeld/engine/0.9.52.post1/local/lib/python2.7/site-packages/libtaxii/clients.py", line 363, in https_open
return self.do_open(self.get_connection, req)
File "/usr/lib/python2.7/urllib2.py", line 1184, in do_open
raise URLError(err)
URLError: <urlopen error [Errno 1] _ssl.c:510: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol>
2021-05-04T17:51:20 (18964)basepoller._actor_loop INFO: EFG-Alienvault-miner-TAXII - command: 1620150673194 age_out

  • 2998 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!