STIX and TAXII support

Reply
Highlighted
L7 Applicator

Re: STIX and TAXII support

This has been implemented in MineMeld v0.9.14 (minemeld-core ER #18)

Highlighted
L2 Linker

Re: STIX and TAXII support

Hey Luigi,

 

Has the deployment changed on vmware?  I was trying to do a fresh deployment and can't get it to play ball today.

 

I was working from this https://live.paloaltonetworks.com/t5/MineMeld-Articles/Running-MineMeld-on-VMWare-desktop/ta-p/72038

 

using the 0.9.4 iso and it bombs out during the install after initial login with nothing in the autoupdate log to tell me what went wrong.

 

I've used this method probably half a dozen times in the last few months with out issue - but its failed 3 times in a row today?

 

Cheers,

 

Scotty

Highlighted
L7 Applicator

Re: STIX and TAXII support

Hi ScottyAU,

I have just retested it and works in my environment.

Please, could you take a look at the contents of the file /var/log/cloud-config-output.log ?

 

Thanks,

luigi

Highlighted
L2 Linker

Re: STIX and TAXII support

Hey Luigi,

 

Looks reasonably ok in there - only 1 error around:

 

Errors were encountered while processing:
libksi0
libksi1

 

All of the minemeld stuff comes down ok looking at the log,  but hitting the box on 443 gives me a 404 from nginix.

 

Looking in /opt/minemeld/www/ that directory is empty - which is what is casuing the 404 (no /current/index.html or anything else).

 

Cheers!

Highlighted
L2 Linker

Re: STIX and TAXII support

So after fixing the host with an apt-get install -f (which removes libksi0 and keeps libksi1)  i tried a manual reinstall of all the minemeld lib debs listed in the log.

 

I then get this:

 

Selecting previously unselected package libksi0.
dpkg: regarding libksi0_3.2.2.0-0adiscon3trusty1_amd64.deb containing libksi0:
libksi0 breaks libksi1
libksi1 (version 3.4.0.5.adiscon1-0adiscon1trusty1) is present and installed.

 

Not sure if this *the* problem or just *a* problem.  If i pick adiscon based on libksi1 and go with that (remove libksi0 and the adiscon based on it), and then grab and install https://s3-us-west-2.amazonaws.com/minemeld/minemeld_0.9.4_amd64.deb

 

I get no errors - but still nothing under /opt/minemeld/www/

 

I think there should be a symlink for current in there?  (and /engine and /prototype)?

 

Scotty

Highlighted
L7 Applicator

Re: STIX and TAXII support

Hi ScottyAU,

please could you unicast me the cloud-config-output.log file ?

 

Thanks !

luigi

Highlighted
L2 Linker

Re: STIX and TAXII support

Emailed - thanks mate.

Highlighted
L2 Linker

Re: STIX and TAXII support

Hey Luigi,

 

Did that log give you any leads as to the issue?

 

Cheers,

 

Scotty

Highlighted
L1 Bithead

Re: STIX and TAXII support

I am trying to implement a feed using  (Stix  and Taxii) and I am having a hard time pulling the feeds. I used a prototype for taxii as an example. And I am still retrieving an error. I have included the password and username in the node config but once again I am still receiving an error. 

Highlighted
L7 Applicator

Re: STIX and TAXII support

Hi @pjames_ucla,

would you mind sending me the minemeld-engine.log file over at lmori@paloaltonetworks.com ?

I would like to take a look at the error. Or we can set up a webmeeting to troubleshoot it.

 

Thanks,

luigi

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!