Recorded Future 401 access error

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Recorded Future 401 access error

L1 Bithead

Hello,

I am currently in the process of moving our threat feeds into Minemeld.

 

One of our providers is Recorded Future, which i have enabled as a node, and set the API access key.

 

when i go to run a the mode, it gives me a 401 client Error: Unauthorized

 

naturally, i checked if the API key was incorrect, but i am still able to manually grab the feeds i need from recorded future using the API key, so that is not the issue.

 

am i missing something in the setup, or is this an issue with minemeld?

Also, the protoype in minemeld seems to only grab the IPlist from Recorded future; how would one go about grabbing other feeds from Recorded future?

 

Thanks for your time and this excellent product.

 

Jonas

5 REPLIES 5

L7 Applicator

Hi @JonasE,

sorry for the late reply, I have just tested this and it works for me.

Could you double check the API token ?

 

Thanks,

luigi

hi luigi

 

Yes, it is working for me now as well. Sorry but i do not remember exactly what the issue was, but it was on our end not Minemeld's :).

 

Also, I want to add More lists from recorded future in Minemeld, such as domainrisklist.

 

I am currently building a new class in recordedfuture.py that should be able to ingest Domain risklist as well.

 

I have also talked to the Recorded Future, and they mentioned that their version 1 of the api will be depreciated soon, and suggested upgrading to v2 of their api. Based on the code i see, the class IPRiskList still uses v1, is that correct?

 

Thank you for your time and help,

 

Jonas

Hi @JonasE,

thank you for your message, I will talk with RF to add support for APIv2 and more feeds. If you would like to work on it and contribute it back, that would be awesome !

 

luigi

Hey Luigi,

 

Yes, i am currently writing a DomainLists Class and implementing it using Http Requests and v2 of Recorded Future's API.

I will also update the IPRisklist with the new Request call, so that everything is up to date. If everything goes according to plan, i should be pushing the commit by the end of the week.

 

if i have any questions about the way the class is structured, what's the best way to contact you? through the forum?

 

have a nice day,

 

Jonas

Hi @JonasE,

you can:

- ping me over the PAN Community Slack team (http://pan-community.net/) channel #minemeld

- create an issue on the github repo (https://github.com/PaloAltoNetworks/minemeld-core)

- email me at lmori@paloaltonetworks.com

 

Thanks !

luigi

 

  • 5691 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!