STIX or CyBox library not installed correctly #1669
Comments
|
Hi, Have you any idea about this issue, please? Thanks! |
|
Hi, Have you done the standard installation? Here is the procedure: Let us know if you have any issue. |
adulau
added
the
T: support
|
Hi Adulau, Yes, I did it so. I don't undestand why STIX and CyBOX are not working on MISP. I don't know that do...I'm desperate with this! Thx |
|
If you go to the "Download as..." of an event. Have you tried the STIX JSON or XML export? |
|
Could you run the following line and post the results here?
Thanks! |
|
Hi, The result is "{"cybox": "2.1.0.12", "stix": "1.1.1.4", "success": 1} When I go to "Download as" and select the format "STIX XML" this is the result: This XML file does not appear to have any style information associated with it. The document tree is shown below. STIX and Cybox doesn't want work! Thx |
|
Could you check the file permissions for the python scripts in /var/www/MISP/app/files/scripts/ ? It sounds like MISP may not have access to them. |
|
Hi, Yes, these are:
I think that is fine... Thx |
Any funny business going on in |
|
Yes, you can see it
|
|
Do you any idea about this, please?? |
|
Could you run the following to ensure that it's not a permission issue with your STIX installation? |
|
Hi Iglocska, This is the result: Seem that is fine, ok??? Thx |
|
Hmm it is. Weird. So you get that with the apache user, but misp fails to
ruin the same diagnostic. That's odd.
Will look into what else could cause this.
…On Nov 29, 2016 9:33 AM, "santi10" ***@***.***> wrote:
Hi Iglocska,
This is the result:
[image: image]
<https://cloud.githubusercontent.com/assets/6546107/20702141/e372c872-b616-11e6-8ea5-a6fec4961fc8.png>
Seem that is fine, ok???
Thx
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#1669 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/ADf6wJhPx6D0QzNne3t3KJoaPlGa9-Zeks5rC-NxgaJpZM4KytkP>
.
|
|
Yes, its very odd. I don't know to must do really. I hope that you can help me with this. Regards |
|
We are currently abroad giving a workshop, but will look at this as soon as
I get back.
…On Tue, Nov 29, 2016 at 12:06 PM, santi10 ***@***.***> wrote:
Yes, its very odd. I don't know to must do really. I hope that you can
help me with this.
Regards
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#1669 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/ADf6wMaSvAgtMkrXcXXJZJog_KAvaa6Yks5rDAdDgaJpZM4KytkP>
.
|
|
Great, thanks a lot |
|
hokay, I'm here and python's my thing ;) Can you run a thing for me? Then try downloading the STIX file. It'll still error, but there'll be Paste the contents of that file here. |
|
Hi FloatingGhost! I've done that but I've the same reults. You script has the line "logfile = "STIX_DEBUG.log", I've modified this line with "logfile = "/tmp/STIX_DEBUG.log". I created this file "STIX_DEBUG.log" on /tmp/ with the owner www-data and permissions 777. When I donwload the event in format STX I see the same error. This XML file does not appear to have any style information associated with it. The document tree is shown below. The file "STIX_DEBUG.log" isn't working because I don't see nothing on this file, no events. Sorry but I'm desperate Thanks for you help! |
|
You see nothing? Hm, that seems to imply the libraries aren't installed. Tell me, if you open a python prompt and enter import sys, json, uuid, os, time, datetime, re
from misp2cybox import *
from misp2ciq import *
from dateutil.tz import tzutc
from stix.indicator import Indicator
from stix.indicator.valid_time import ValidTime
from stix.ttp import TTP, Behavior
from stix.ttp.malware_instance import MalwareInstance
from stix.incident import Incident, Time, ImpactAssessment, ExternalID, AffectedAsset
from stix.exploit_target import ExploitTarget, Vulnerability
from stix.incident.history import JournalEntry, History, HistoryItem
from stix.threat_actor import ThreatActor
from stix.core import STIXPackage, STIXHeader
from stix.common import InformationSource, Identity, Confidence
from stix.data_marking import Marking, MarkingSpecification
from stix.extensions.marking.tlp import TLPMarkingStructure
from stix.common.related import *
from stix.common.confidence import Confidence
from stix.common.vocabs import IncidentStatus
from cybox.utils import Namespaceis it happy? |
|
Hi, Give me some error!! This XML file does not appear to have any style information associated with it. The document tree is shown below. I don't konw to do, I'm odd! Regards! |
|
I haven't had any error with python...Do you have some idea about this?? Thx |
|
If you get an internal error, could you check your MISP error log for the stack trace? It's located in: |
|
Hi, This is the message
What I can do, please? Thx |
|
Hmph so it's indeed the python part that's failing, back to square one. You've tried what @FloatingGhost suggested and see if the imports fail in a python script, right? |
|
Yes, I did that and I haven't had any error. |
|
In Server Settings -> Diagnostic, I may see this: STIX and Cybox libraries....STIX or CyBox library not installed correctly |
|
OK, let's try something dirty, running @FloatingGhost from MISP, let's see if it's a permission issue for the apache user. I've pushed a new branch that has a really dirty test script in it. Simply switch to that branch: After that, log in as a site administrator and via the url bar go to: Could you paste the output from the top of the screen? It's really dirty and quick but should give us the feedback we need. |
|
Oh and once you're done simply switch back to the 2.4 branch by typing: |
|
I modified the permisson of cybox and stix again, its works fine. STIX and Cybox libraries Mitre's STIX and Cybox python libraries have to be installed in order for MISP's STIX export to work. Make sure that you install them (as described in the MISP installation instructions) if you receive an error below. STIX and Cybox libraries....OK But I follow with the same error when I go to dolwnload STIX format |
|
I've seen this
is it can be the problem??? |
|
Are you downloading an individual event in stix format? So event view -> download as -> STIX? Or are you trying to generate a full export via the export view? It looks like you don't have background workers running, perhaps? |
|
I'm trying only individual but I did it for full experto a long time too. |
|
Individual should be fine and the cache job shouldn't affect it then. Could you create a new event with a single ip-dst attribute, publish it and see if you can export that as STIX? |
|
Yes, I did it too and I had the same error. This XML file does not appear to have any style information associated with it. The document tree is shown below. |
| An Internal Error Has Occurred. An Internal Error Has Occurred. /events/stix/download/25/true.xml |
|
|
|
How I can kill all the process that these are in Queued???? |
|
administration -> server settings -> workers Each queue should have a counter on pending jobs and a trash icon. Click the trash icon to clear a queue. |
|
Yes, I know that but If I delete the icon I can see as the jobs are on queued go to run again...I want to kill for fully, is it possible? |
|
They are killed, don't worry about them. Think of the jobs screen as a somewhat interactive log of jobs. |
|
Ok, great. I follow with the issue, do you think that it has fix? I want to dowonload STIX format please!! |
|
STIX export works on other instances, so yes, it has a fix. |
|
Honestly I think you've managed to... somehow have a messed up OS. This shouldn't happen at all |
|
I want to believe you but with the help the folks, we can't fix it. |
|
Hold on, working on some additional test scripts so we can debug what's going wrong there. |
|
My OS is Ubuntu 10.04.5 LTS, I follow this manual for the installation of MISP https://github.com/MISP/MISP/blob/2.4/INSTALL/INSTALL.ubuntu1404.txt |
It works on mine, it's not something broken with the code itself |
|
wait. Ubuntu 10!? |
|
Do you recommend other version??? |
|
16.04 for sure! 10.04 is ancient. You sure it isn't a typo? |
|
At least 14, ideally 16. 10 is, well, 6 years old. It's barely even supported |
|
The install procedure you followed is for 14.04. And on new install, you should be using 16.04. And this install procedure: https://github.com/MISP/MISP/blob/2.4/INSTALL/INSTALL.ubuntu1604.txt |
|
ok, I make it right now |
|
Closing then. |
|
Hi!! I've just downloaded the STIX format!! the issue is the operation system version, Ubuntu 16.04 is working properly! Thanks a lot to everybody! |
|
Excellent news, thanks for the feedback! |
| Type of issue | Support
| OS version (server) | Ubuntu 1404
| PHP version | 5.4, 5.5, 5.6, 7.0, 7.1...
| MISP version / git hash | 2.4.53
| Browser | If applicable
Hi,
I have an issue with Cybox and STIX, this is the message what I see, such as:
_Mitre's STIX and Cybox python libraries have to be installed in order for MISP's STIX export to work. Make sure that you install them (as described in the MISP installation instructions) if you receive an error below.
If you run into any issues here, make sure that both STIX and CyBox are installed as described in the INSTALL.txt file. The required versions are:
STIX:
CyBox:
Other versions might work but are not tested / recommended.
STIX and Cybox libraries....STIX or CyBox library not installed correctly_
This is my version Cybox and Stix
STIX: 1.1.1.4
CyBox: 2.1.0.12
So I was installing it and I wasn't anything issue.
Can you help me, please? Let me know if you need more info.
Regards!
The text was updated successfully, but these errors were encountered: