09-08-2017 07:41 AM
I'm running into an issue with the virus total miner. Once the API key is set it continues to throw this error:
2017-09-08T14:24:58 (2986)basepoller._actor_loop INFO: virustotal_notifications-green - command: 1504880698052 poll
2017-09-08T14:24:58 (2986)basepoller._polling_loop INFO: Polling virustotal_notifications-green
2017-09-08T14:24:58 (2986)connectionpool._new_conn INFO: Starting new HTTPS connection (1): www.virustotal.com
2017-09-08T14:24:58 (2986)basepoller._poll ERROR: Exception in polling loop for virustotal_notifications-green: No JSON object could be decoded
Traceback (most recent call last):
File "/opt/minemeld/engine/0.9.42/local/lib/python2.7/site-packages/minemeld/ft/basepoller.py", line 721, in _poll
performed = self._polling_loop()
File "/opt/minemeld/engine/0.9.42/local/lib/python2.7/site-packages/minemeld/ft/basepoller.py", line 571, in _polling_loop
iterator = self._build_iterator(now)
File "/opt/minemeld/engine/0.9.42/local/lib/python2.7/site-packages/minemeld/ft/vt.py", line 88, in _build_iterator
return super(Notifications, self)._build_iterator(now)
File "/opt/minemeld/engine/0.9.42/local/lib/python2.7/site-packages/minemeld/ft/json.py", line 135, in _build_iterator
result = self.extractor.search(r.json())
File "/opt/minemeld/engine/0.9.42/local/lib/python2.7/site-packages/requests/models.py", line 819, in json
return json.loads(self.text, **kwargs)
File "/usr/lib/python2.7/json/__init__.py", line 338, in loads
return _default_decoder.decode(s)
File "/usr/lib/python2.7/json/decoder.py", line 366, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "/usr/lib/python2.7/json/decoder.py", line 384, in raw_decode
raise ValueError("No JSON object could be decoded")
ValueError: No JSON object could be decoded
2017-09-08T14:24:59 (2986)basepoller._polling_loop INFO: Polling virustotal_notifications-green
2017-09-08T14:24:59 (2986)connectionpool._new_conn INFO: Starting new HTTPS connection (1): www.virustotal.com
2017-09-08T14:24:59 (2986)basepoller._poll ERROR: Exception in polling loop for virustotal_notifications-green: No JSON object could be decoded
Traceback (most recent call last):
File "/opt/minemeld/engine/0.9.42/local/lib/python2.7/site-packages/minemeld/ft/basepoller.py", line 721, in _poll
performed = self._polling_loop()
File "/opt/minemeld/engine/0.9.42/local/lib/python2.7/site-packages/minemeld/ft/basepoller.py", line 571, in _polling_loop
iterator = self._build_iterator(now)
File "/opt/minemeld/engine/0.9.42/local/lib/python2.7/site-packages/minemeld/ft/vt.py", line 88, in _build_iterator
return super(Notifications, self)._build_iterator(now)
File "/opt/minemeld/engine/0.9.42/local/lib/python2.7/site-packages/minemeld/ft/json.py", line 135, in _build_iterator
result = self.extractor.search(r.json())
File "/opt/minemeld/engine/0.9.42/local/lib/python2.7/site-packages/requests/models.py", line 819, in json
return json.loads(self.text, **kwargs)
File "/usr/lib/python2.7/json/__init__.py", line 338, in loads
return _default_decoder.decode(s)
File "/usr/lib/python2.7/json/decoder.py", line 366, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "/usr/lib/python2.7/json/decoder.py", line 384, in raw_decode
raise ValueError("No JSON object could be decoded")
ValueError: No JSON object could be decoded
2017-09-08T14:25:04 (2986)basepoller._actor_loop INFO: virustotal_notifications-green - command: 1504880698052 age_out
It's not liking something it's getting however I'm not seeing anything else in the logs to help figure this out.
09-08-2017 07:49 AM - edited 09-08-2017 08:07 AM
@chirss : could you please take a look at the following comment? https://live.paloaltonetworks.com/t5/MineMeld-Articles/Using-MineMeld-as-a-Incident-Response-Platfor...
Looks like you VT account lacks "Intelligence" subscription or that you haven't configured any YARA rule in your VT Hunting Panel.
09-08-2017 07:49 AM - edited 09-08-2017 08:07 AM
@chirss : could you please take a look at the following comment? https://live.paloaltonetworks.com/t5/MineMeld-Articles/Using-MineMeld-as-a-Incident-Response-Platfor...
Looks like you VT account lacks "Intelligence" subscription or that you haven't configured any YARA rule in your VT Hunting Panel.
09-08-2017 08:02 AM
I guess I need to figure out why it won't let me get into the intelligence or hunting sections of the vt website. Thanks for pointing me in the right direction.
09-08-2017 08:12 AM
Ah it's a paid subscription of some kind and I just have a freebie account. Makes sense.
01-12-2019 10:26 PM
I have VT intelligent account and created YARA rule but, still get the same error. When I access link
it is blank.
Here are my YARA rulesets:
01-13-2019 12:42 AM - edited 01-13-2019 12:46 AM
Hi @Nupagazy,
MineMeld doesn't support v3 API yet, I have opened an issue on github to track this: https://github.com/PaloAltoNetworks/minemeld-core/issues/308
Luigi
01-13-2019 01:54 AM
Hi Luigi,
Thank you so much. I log in virustotal agaian and it turned back to old API version ( have no idea why) . It works now
Best REgards,
An
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
