New stix/taxii miner using cabby

Reply
L2 Linker

New stix/taxii miner using cabby

I created a new stix/taxii miner for MineMeld, it can be found on github: https://github.com/mr-torgue/mmcabby.

It was created because I encountered severel problems with the default taxii miner and the ng miner. In general mmcabby is more stable because it uses cabby (from eclecticIQ developers of stix/taxii). It also contains support for certificate based authentication.

 

Improvements/remarks/bug notifications are appreciated.

 

L7 Applicator

Re: New stix/taxii miner using cabby

Awesome! Are you planning to add UI to it?

L2 Linker

Re: New stix/taxii miner using cabby

Yes, that is one of the things I want to add in a future version. For now everything seems to be working well, so I don't know when I will work on it.

Highlighted
L2 Linker

Re: New stix/taxii miner using cabby

Hi @folmer i tried to get this going as according to your github instructions and doesn't work, i get a lot of errors. For example:

oader._initialize_entry_point_group ERROR: minemeld.ft.local.YamlURLFT not loadable: pytz==2019.3 not compatible with pytz==2015.4, libtaxii==1.1.114 not compatible with libtaxii==1.1.107

 

also the engine now is FATAL and doesnt load properly and i do not see this as an available prototype.

L2 Linker

Re: New stix/taxii miner using cabby

Hello Carlos, did you change the entries for pytz and libtaxii in requirements.txt? Usually requirements.txt contains "pytz==2015.4" and libtaxii"=="1.1.107". However for cabby to work these need to be newer versions. So the requirements have to be changed to "pytz>=2015.4" and libtaxii>="1.1.107". You can probably just restart the service and it should work. 

L2 Linker

Re: New stix/taxii miner using cabby

@folmer Correct. i actually didnt have the folder core under opt/minemeld/engine/ so i created to match your instructions. I created the requirements.txt as per minemeld file in their github and changed the requirements for pytz to pytz==2019.3 and libtaxii to libtaxii==1.1.114, i think below its what you meant to write.

The errors in minemeld.engine log below as example i get that for every prototype.

(26093)loader._initialize_entry_point_group ERROR: minemeld.ft.taxii.TaxiiClient not loadable: pytz==2019.3 not compatible with pytz==2015.4, libtaxii==1.1.114 not compatible with libtaxii==1.1.107

 

I can try this again but havent had much luck leveraging cabby, i was try to do that as with AlienVault OTX i am getting sslv3 handshake failures.

 

(26093)config._load_and_validate_config_from_file ERROR: Invalid config /opt/minemeld/local/config/committed-config.yml: Class minemeld.ft.taxii.TaxiiClient in Cyrebro10_OTX_Pulses not safe to load

 

L2 Linker

Re: New stix/taxii miner using cabby

@folmer i ended up uninstalling minemeld, upgraded to Ubuntu 18.04 and then deployed minemeld-ansible instead or minemeld-core

now working a treat with cabby needed. sslv3 handshake errors gone.

i cannot start minemeld-web service but that is a different issue altogether for another post.

thank you for your reply and help.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!