[!] Error creating options for the datasources custom field.

[goggan]

Heya,

Mine crashes out at the datasources custom field, help!

[] Authenticating to https://[redacted].atlassian.net...
[!] Success!
[] Creating the Att&ck project...
[!] Success!
[*] Creating custom fields ...
[!] Successfully created 'tactic' custom field.
[!] Successfully created 'maturity' custom field.
[!] Successfully created 'url' custom field.
[!] Successfully created 'datasources' custom field.
[!] Successfully created 'id' custom field.
[!] Error creating options for the datasources custom field.

Unfortunately if I try to rerun where it left off, it kicks another error:
[] Authenticating to ...
[!] Success!
[] Creating the Att&ck project...
[!] Error creating Jira project. Does it already exist ?

Cheers,
Glyn.

[mvelazc0]

Thanks for opening this, I will try to replicate it and follow up here.

If you want to re-run it, you will have to manually delete the Project the tool created first.

[mvelazc0]

Hello @goggan. I am actually not getting this error. Are you using the Cloud version of Jira ?

Can you manually log in to Jira, delete the project ( and then delete it from trash ) and try again ?

Thanks

[goggan]

Deleted and trying again now...

[goggan]

Running against our 'something'.atlassian.net
`:~/mitre/attack2jira# python3 ./attack2jira.py -url https://redacted -u Glyn@redacted -a initialize
Jira API Token for Glyn@redacted:
[] Authenticating to https://redacted...
[!] Success!
[] Creating the Att&ck project...
[!] Success!
[!] Found custom fields
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 169, in _new_conn
conn = connection.create_connection(
File "/usr/lib/python3/dist-packages/urllib3/util/connection.py", line 96, in create_connection
raise err
File "/usr/lib/python3/dist-packages/urllib3/util/connection.py", line 86, in create_connection
sock.connect(sa)
ConnectionRefusedError: [Errno 111] Connection refused

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 699, in urlopen
httplib_response = self._make_request(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 382, in _make_request
self._validate_conn(conn)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 1012, in _validate_conn
conn.connect()
File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 353, in connect
conn = self._new_conn()
File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 181, in _new_conn
raise NewConnectionError(
urllib3.exceptions.NewConnectionError: <urllib3.connection.HTTPSConnection object at 0x7f754d2e5be0>: Failed to establish a new connection: [Errno 111] Connection refused

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 439, in send
resp = conn.urlopen(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 755, in urlopen
retries = retries.increment(
File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 573, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='cti-taxii.mitre.org', port=443): Max retries exceeded with url: /stix/collections/95ecc380-afe9-11e4-9b6c-751b66dd541e/ (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f754d2e5be0>: Failed to establish a new connection: [Errno 111] Connection refused'))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/root/mitre/attack2jira/lib/jirahandler.py", line 394, in get_attack_tactics
client = attack_client()
File "/usr/local/lib/python3.8/dist-packages/attackcti/attack_api.py", line 54, in init
self.TC_ENTERPRISE_SOURCE = TAXIICollectionSource(ENTERPRISE_COLLECTION)
File "/usr/local/lib/python3.8/dist-packages/stix2/datastore/taxii.py", line 155, in init
if collection.can_read:
File "/usr/local/lib/python3.8/dist-packages/taxii2client/v20/init.py", line 281, in can_read
self._ensure_loaded()
File "/usr/local/lib/python3.8/dist-packages/taxii2client/v20/init.py", line 353, in _ensure_loaded
self.refresh()
File "/usr/local/lib/python3.8/dist-packages/taxii2client/v20/init.py", line 367, in refresh
response = self.__raw = self._conn.get(self.url,
File "/usr/local/lib/python3.8/dist-packages/taxii2client/common.py", line 296, in get
resp = self.session.get(url, headers=merged_headers, params=params)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 555, in get
return self.request('GET', url, **kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 542, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 655, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 516, in send
raise ConnectionError(e, request=request)
requests.exceptions.ConnectionError: HTTPSConnectionPool(host='cti-taxii.mitre.org', port=443): Max retries exceeded with url: /stix/collections/95ecc380-afe9-11e4-9b6c-751b66dd541e/ (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f754d2e5be0>: Failed to establish a new connection: [Errno 111] Connection refused'))
[!] Error connecting obtaining tactics from Att&ck's API !
`

[mvelazc0]

Thanks !.

I'm getting the same error but this seems to be an error with the attackcti library not being able to reach the ATT&CK API. I will reach out to the maintainers of the library. I'll keep this issue open.

[mvelazc0]

The ATT&CK API is now working, it seems it was an availability issue. Now I see the error you pointed out. It seems that get_data_sources() function in attackcti is returning a list with duplicate data sources. When attack2jira tries to create all the options, Jira does not like it. Should be easy to fix.

{"errorMessages":["Found duplicate option 'Windows Error Reporting'.","Found duplicate option 'Windows Registry'.","Found duplicate option 'File Monitoring'.","Found duplicate option 'SSL/TLS inspection'.","Found duplicate option 'process use of network'.","Found duplicate option 'Sequential Event Recorder'.","Found duplicate option 'Alarm history'."],"errors":{}}
[!] Error creating options for the datasources custom field.

[mvelazc0]

Ok, this is fixed now. Please pull the latest codebase and try it.

There is another issue to fix: I need to think about better presenting techniques vs sub techniques.

[goggan]

Interesting; I’m now getting a permissions error though: [!] Success! [*] Creating the Att&ck project... [!] Unauthorized. Probably not enough permissions :(

[mvelazc0]

Thats weird, the changes I pushed would not affect that.

Please check your Jira environment/permissions/credentials again.

[goggan]

Yeah, I thought it was odd too, getting our admin to check perms but pretty sure nothing has changed (and I'm still able to trash and erase the old project which implies admin I believe)

[goggan]

Confirmed, still admin, and can move to trash & restore projects.

[goggan]

Bah. Disregard. The API reports success on auth based on any valid API key, but if you spell your email address wrong it then spits an error later.

[mvelazc0]

Cool. Everything else worked?

[goggan]

Running now before I give the thumbs up and close!

[mvelazc0]

Did it work ?

I also want to pick your brain on how to show Techniques and Sub-Techniques. Are you on slack or discord ?

[goggan]

It did work! Thanks!

Sorry, thought I closed it.