This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Hail-a-taxii PhishTank Taxii Issues

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Hail-a-taxii PhishTank Taxii Issues

vedd3r
L2 Linker

‎10-05-2017 07:20 PM

Hi,

 

Just wanted to ask whether the hail-a-taxii miner for Phishtank is broken or not. What I'm experiencing is that, on first creation it pulls the data for the first time, and then nothing from there on - no new data being pulled. I ran a pull on hail-a-taxii PhishTank taxii feed using Anomali STAXX and confirm there were new URLs provided each day - just that it's not being pulled by MineMeld. I'm seeing in all of my MineMeld installations (test env and production env).

 

Below is screen shot of my test system and the first pull (Oct 2nd) and nothing newer than that comes out.

 

From the log, only the first pull was captured and nothing after that.From the log, only the first pull was captured and nothing after that.Today's pull was a success but didn't yield any new data and logs doesn't show them either.Today's pull was a success but didn't yield any new data and logs doesn't show them either.

0 Likes Likes
9 REPLIES 9

lmori
L7 Applicator

‎10-06-2017 02:21 AM

Hi @vedd3r,

thanks for reporting this. I will check this (I need some days to wait for the updates) and let you know.

 

luigi

vedd3r
L2 Linker
In response to lmori

‎10-08-2017 11:22 PM

Thanks @lmori! I'm activating the rest of Hail-a-taxii prototypes as well and monitoring the output.

0 Likes Likes

vedd3r
L2 Linker
In response to lmori

‎10-12-2017 07:36 PM

I've checked on the status for all the Hail-A-Taxii (HAT) feeds and it seemed it's not limited to PhishTank only. None of the HAT prototypes are pulling new data.

0 Likes Likes

lmori
L7 Applicator
In response to vedd3r

‎10-15-2017 09:17 PM

Hi @vedd3r,

my phishtank miner is pulling updates, may I know the MM release you are running on ?

 

Thanks,

luigi

0 Likes Likes

vedd3r
L2 Linker
In response to lmori

‎10-15-2017 11:49 PM - edited ‎10-15-2017 11:51 PM

Capture.PNG

Hi @lmori

 

I'm using 0.9.42 for all my installations. All of them are not pulling the updates after the initial pull. I've also asked a couple of my friends who uses MM and they confirmed they're experiencing the same issue as well.

 

 

0 Likes Likes

lmori
L7 Applicator
In response to vedd3r

‎10-16-2017 12:23 AM

Hi @vedd3r,

thanks for the feedback. I will check everything again as soon as hailataxii comes back online (it's returning 500s now) and let you know about my findings.

 

luigi

0 Likes Likes

lmori
L7 Applicator
In response to lmori

‎10-26-2017 07:26 AM

Hi @vedd3r,

I have monitored phishtank miner for some days and I have seen updates. This is my graph:

Screen Shot 2017-10-25 at 13.00.16.png

 

This is the number of indicators over time in the graph, green bars below are the updates generated by the Miner:

Screen Shot 2017-10-25 at 12.20.21.png

 

Would you mind sending me the minemeld-engine.log ? I am reachable at lmori@paloaltonetworks.com.

 

Thanks!

luigi

0 Likes Likes

vedd3r
L2 Linker
In response to lmori

‎10-29-2017 11:15 PM

Hi @lmori

 

I've sent an email to you with the logs. There was a power trip on 25th Oct which caused the vm host and Minemeld guest vm to restart - 95 new indicators were pulled by the PhishTank prototype on that day and after that it went silent again as if nothing new is there.

 

Let me know if you need additional logs/data.

 

Thanks.

0 Likes Likes

lmori
L7 Applicator
In response to vedd3r

‎11-09-2017 01:03 AM

Hi @vedd3r,

thaks, I am pretty sure we have isolated the issue - if all the tests goes as expected we will release an HF for this.

 

Thanks !

Luigi

0 Likes Likes
  • 10862 Views
  • 9 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks