Soltra Edge Feed to Minemeld Question

Reply
L0 Member

Soltra Edge Feed to Minemeld Question

Hello, 

 

I am having some trouble pulling a feed from a Soltra Edge (NH-ISAC) into a local minemeld instance and I am not entirely sure how to go about troubleshooting it since the visibile errors with the minemeld console are a unfamiliar to me. 

 

Based on what I've read on the minemeld docs and another forum post asking a similiar question I've performed the following steps:

 

Created a new prototype using the class "minemeld.ft.taxii.TaxiiClient"

Popoulated that protype with the collection name, the discovery service url, the source name, and a couple attributes (share level and cofidence)

Created a new node with this protoype and populated the username and password I use to access the Soltra instance

 

After this node begins to poll I recieve the error " <urlopen error [Errno 0]_ssl.c:344 Error:00000000:lib(0):func(0):reason(0)> " which I believe is related to the certificate (the feed is published using SSL/TLS instead of http) store. I've imported the certificiate from the discovery service host into the node but perhaps I am missing a step. 

 

Any help would be appreciated, I'm happy to do the research but thus far I'm not having too much success finding resources for my particular use case. 

 

If there are any relevant log files I should be examing please point me in that direction. I would like to be able to understand and troubleshoot this going forward, at the moment I am unsure where to start.

 

Thank you!

L0 Member

Re: Soltra Edge Feed to Minemeld Question

Hello again,

 

If I missing any details that would make my issue easier to understand please feel free to ask. I haven't been able to find any additional information thus far but am still actively looking.

 

Thanks again,

David

L0 Member

Re: Soltra Edge Feed to Minemeld Question

We are also having issues similar to this. The server CA passes but then the Last Run gives us the following error:

urlopen error [Errno 1] _ssl.c:510: error:14090086: SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Our soltra node is also showing the same error. I didn't set these nodes up, but am attempting to fix them since we want to use them for dynamic lists. Any advice is appreciated.

L7 Applicator

Re: Soltra Edge Feed to Minemeld Question

Hi @jessagramenz,

is there a device doing SSL inspection between MineMeld and Soltra?

 

luigi

L2 Linker

Re: Soltra Edge Feed to Minemeld Question

I am seeing same thing. Any update on this?

L7 Applicator

Re: Soltra Edge Feed to Minemeld Question

Hi @akapucu,

do you have SSL inspection between MM and Soltra?

 

luigi

L2 Linker

Re: Soltra Edge Feed to Minemeld Question

I have PAN at the border but this traffic is not getting SSL inspection.

 

I am trying to get NH-ISAC soltra instance on https://members.nhisac.org/

 

Error i am seeing in the log file. I did upload the cert from "http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl"

 

 

URLError: <urlopen error [Errno 1] _ssl.c:510: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed>
2018-03-07T08:13:49 (7608)basepoller._polling_loop INFO: Polling nh-isac-soltra-feed
2018-03-07T08:13:49 (7608)basepoller._poll ERROR: Exception in polling loop for nh-isac-soltra-feed: <urlopen error [Errno 1] _ssl.c:510: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed>
Traceback (most recent call last):
  File "/opt/minemeld/engine/0.9.44/local/lib/python2.7/site-packages/minemeld/ft/basepoller.py", line 721, in _poll
    performed = self._polling_loop()
  File "/opt/minemeld/engine/0.9.44/local/lib/python2.7/site-packages/minemeld/ft/basepoller.py", line 571, in _polling_loop
    iterator = self._build_iterator(now)
  File "/opt/minemeld/engine/0.9.44/local/lib/python2.7/site-packages/minemeld/ft/taxii.py", line 1097, in _build_iterator
    self._discover_services(tc)
  File "/opt/minemeld/engine/0.9.44/local/lib/python2.7/site-packages/minemeld/ft/taxii.py", line 268, in _discover_services
    resp = self._call_taxii_service(self.discovery_service, tc, request)
  File "/opt/minemeld/engine/0.9.44/local/lib/python2.7/site-packages/minemeld/ft/taxii.py", line 258, in _call_taxii_service
    port=port
  File "/opt/minemeld/engine/0.9.44/local/lib/python2.7/site-packages/libtaxii/clients.py", line 337, in call_taxii_service2
    response = urllib.request.urlopen(req)
  File "/usr/lib/python2.7/urllib2.py", line 127, in urlopen
    return _opener.open(url, data, timeout)
  File "/usr/lib/python2.7/urllib2.py", line 404, in open
    response = self._open(req, data)
  File "/usr/lib/python2.7/urllib2.py", line 422, in _open
    '_open', req)
  File "/usr/lib/python2.7/urllib2.py", line 382, in _call_chain
    result = func(*args)
  File "/opt/minemeld/engine/0.9.44/local/lib/python2.7/site-packages/libtaxii/clients.py", line 363, in https_open
    return self.do_open(self.get_connection, req)
  File "/usr/lib/python2.7/urllib2.py", line 1184, in do_open
    raise URLError(err)

L2 Linker

Re: Soltra Edge Feed to Minemeld Question

Somehow it started working. I was uploading the public cert and did not upload for the new miner and that way it worked.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!