Who Me Too'd this topic

Who Me Too'd this topic

L0 Member

LogRhythm Threat Intelligence Service crashes MineMeld TAXII

I have a LogRhythm Appliance and the Threat Intelligence service is able to register my TAXII datafeed.  However when I try and donwload the feed, the minemeld web server crashes.

 

The feed also crashes using PostMan ... same thing, rabbitmq crashes and restarts.

 

127.0.0.1 - - [18/Nov/2016:20:53:55 +0000] "POST /taxii-poll-service HTTP/1.0" 200 582 "-" "-"
DEBUG:amqp:Start from server, version: 0.9, properties: {u'information': u'Licensed under the MPL. See http://www.rabbitmq.com/', u'product': u'RabbitMQ', u'copyright': u'Copyright (C) 20 07-2013 GoPivotal, Inc.', u'capabilities': {u'exchange_exchange_bindings': True, u'connection. blocked': True, u'authentication_failure_close': True, u'basic.nack': True, u'consumer_priorit ies': True, u'consumer_cancel_notify': True, u'publisher_confirms': True}, u'platform': u'Erla ng/OTP', u'version': u'3.2.4'}, mechanisms: [u'AMQPLAIN', u'PLAIN'], locales: [u'en_US']
DEBUG:amqp:Open OK!
DEBUG:amqp:using channel_id: 1
DEBUG:amqp:Channel open
DEBUG:amqp:Start from server, version: 0.9, properties: {u'information': u'Licensed under the MPL. See http://www.rabbitmq.com/', u'product': u'RabbitMQ', u'copyright': u'Copyright (C) 20 07-2013 GoPivotal, Inc.', u'capabilities': {u'exchange_exchange_bindings': True, u'connection. blocked': True, u'authentication_failure_close': True, u'basic.nack': True, u'consumer_priorit ies': True, u'consumer_cancel_notify': True, u'publisher_confirms': True}, u'platform': u'Erla ng/OTP', u'version': u'3.2.4'}, mechanisms: [u'AMQPLAIN', u'PLAIN'], locales: [u'en_US']
DEBUG:amqp:Open OK!
DEBUG:minemeld.comm.amqp:sending {'reply_to': u'amq.gen-CtlcZUWQMrN1HZ6f_6Yfqw', 'params': {}, 'method': 'status', 'id': '23bc7e8a-add1-11e6-a79d-000d3a153a4f'} to mbus:master:rpc
DEBUG:minemeld.comm.amqp:start draining events on connection 0
DEBUG:minemeld.comm.amqp:start draining events on connection None
DEBUG:amqp:Closed channel #1

 

 

the STIXX service is configured by a yml file ... the MineMeld section looks like this (IPs removed):

 

"StixProviders": [
{
     "NumofBackDaysData": 7,
     "SourceURL": "https://<minemeld server>/taxii-collection-management-service",
     "UserName": "",
     "Password": "",
     "LastFullDownloadOn": null,
     "ProviderName": "MineMeld",
     "Enabled": true,
     "Retired": false,
     "StixFeedTypes": [
     {
          "Name": "blacklist_taxiiDataFeed",
          "Enabled": true,
          "FeedPollAddress": "https://<minemeld server>/taxii-poll-service"
     }
],

 

Any assistance is greatly appreciated

 

-Kevin

Who Me Too'd this topic