I'm trying to ingest a TAXII feed from MineMeld into STAXX. After following the guidance found in multiple posts across the community, I'm still unable to get the feed to work. I've tried various tags (anonymous, any, custom) and I've tried both a "feed" user and an admin user for authentication purposes in STAXX. The errors I keep receiving are below:
[2017-08-28 07:52:33,742] [ERROR] STAXX: Failed to get_feeds for site https://[REMOVED].paloaltonetworks-app.com/taxii-discovery-service, response: None
[2017-08-28 07:52:33,742] [ERROR] HTTP/1.1 500 INTERNAL SERVER ERROR
Traceback (most recent call last):
File "taxii_stix.py", line 789, in get_feeds
File "taxii_stix.py", line 708, in get_version_url
File "taxii_stix.py", line 745, in discover_version
File "taxii_stix.py", line 733, in discovery_generic
File "taxii_stix.py", line 509, in make_request
Exception: HTTP/1.1 500 INTERNAL SERVER ERROR
[2017-08-28 07:52:33,742] [ERROR] Discovery failed.
Not yet, since the last STAXX update, I'm no longer getting the internal server error. However, I am now getting an HTTP/1.1 401 UNAUTHORIZED error. To recap, the same feed URL and credentials work fine from other TAXII clients/servers.
Sorry for the delayed response, I keep forgetting to check the forum while working on this. I'm currently using the hosted version of MineMeld (Autofocus app). How do I pull these specific logs? I attempted to access the log dashboard and search for "minemeld-web.log" but it did not return any results.
I've used STAXX just to confirmed whether the PhishTank feeds was actually sending in data. I will give it a try on my test system and will revert back soon.
I think I have found the issue and it could on a lag in the clocks. @soc_enav suggested an improvement in the TAXII Miner logic, we are currently testing and if it works as expected I will introduce it in an HotFix for MineMeld.
I am sorry it took so long, but it's not super easy to reproduce the problem.
it will be released by the end of the next week. In the mean time, if you are in a hurry, you could test the new TAXII MIner external extension: https://github.com/PaloAltoNetworks/minemeld-taxii-ng
It can be installed as any external extension:
- System > External Extensions
- Press on the git button
- Paste the URL https://github.com/PaloAltoNetworks/minemeld-taxii-ng.git
- Select the latest release (0.1b4 at the time of writing) and click install
- Click on the activate button
- After the extension has been activated you will find a new phishtank prototype (taxiing.phishtank) in the prototype list, just clone it into a new node
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!