Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot download threat info through neither docker's "bootstrap" nor "build_bron.py" manually. #34

Open
jayzheng98 opened this issue Aug 8, 2022 · 6 comments
Open

Cannot download threat info through neither docker's "bootstrap" nor "build_bron.py" manually. #34

jayzheng98 opened this issue Aug 8, 2022 · 6 comments

Comments

@jayzheng98
Copy link

bootstrap logs:

raise ConnectionError(e, request=request)
requests.exceptions.ConnectionError: HTTPSConnectionPool(host='raw.githubusercontent.com', port=443): Max retries exceeded with url: /mitre/cti/master/enterprise-attack/enterprise-attack.json (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f861a1fe6d0>: Failed to establish a new connection: [Errno 111] Connection refused'))
@hembergerik
Copy link
Contributor

This seems to be a network connection error when downloading threat data. Hopefully it will work if you try again.
You can check if the URL hosting the MITRE ATT&CK enterprise matrix data is accessible by e.g. pasting this URL in your browser https://github.com/mitre/cti/raw/master/enterprise-attack/enterprise-attack.json (This is the ENTERPRISE_ATTACK_URL in download_threat_information/download_threat_data.py )

@jayzheng98
Copy link
Author

Thank you for your reply! Actually, after several times of network check and retry, I still cannot run the open source code. However, I did find another way to construct the BRON cybersecurity graph, that is to download all the "COLLECTIONS" json files from your open ArangoDB web page (http://bron.alfa.csail.mit.edu:8529) one by one manually, and then upload them to my local ArangoDB with types and relationships obtained from your "BRONGraph".
Now I am wondering if this method can achieve the same effect as running your open source code? Can my local graph be useful for subsequent experiments?

@hembergerik
Copy link
Contributor

hembergerik commented Aug 16, 2022
edited

Yes, they are the end result of running the build_bron.py.

  • You can import these collections to your own ArangoDb instance.
  • We have also sometimes use the json files directly to do analysis on as well.

@shaileshmeivel
Copy link

I was able to download the thread data by placing the build_bron.py file outside the tutorials folder. But the data got downloaded only after 3-4 tries.

@hembergerik
Copy link
Contributor

  • I would first check if there is a network connection error when downloading threat data.

  • Do you have any details of where it failed?

@shaileshmeivel
Copy link

No I don't have details of where it failed because I downloaded these files 2-3 months back

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@hembergerik @shaileshmeivel @jayzheng98