metron-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vladimir Shlyakhtin <Vladimir.Shlyakh...@sstech.us>
Subject RE: threatintel_taxii_load.sh throws exception
Date Mon, 10 Jul 2017 14:34:19 GMT
We have both version installed (0.3.1 and 0.4.0), the same exception for both version.
The same for latest (0.4.1)

- Vladimir
________________________________
From: Otto Fowler [ottobackwards@gmail.com]
Sent: Monday, July 10, 2017 9:13 AM
To: dev@metron.apache.org; Vladimir Shlyakhtin
Subject: Re: threatintel_taxii_load.sh throws exception

After upgrading to 0.4.0?  I am not sure you should be running the threatintell_taxii_load.sh
out of /usr/metron/0.3.1.<http://0.3.1.>
What happens when you run it out of /usr/metron/0.4.1 ?




On July 10, 2017 at 08:19:18, Vladimir Shlyakhtin (vladimir.shlyakhtin@sstech.us<mailto:vladimir.shlyakhtin@sstech.us>)
wrote:

Hello,

After upgrading from 0.3.0 version we noticed that taxii loader does not work.

Here is details:

# /usr/metron/0.3.1/bin/threatintel_taxii_load.sh -c /usr/local/opentaxii/etc/connections.conf/guest.phishtank_com.json
-e /usr/local/opentaxii/etc/connections.conf/extractor.json -p 10000
17/07/10 07:35:42 WARN extractor.TransformFilterExtractorDecorator: Unable to setup zookeeper
client - zk_quorum url not provided. **This will limit some Stellar functionality**
Exception in thread "main" java.lang.IllegalStateException: Extractor must be a STIX Extractor
at org.apache.metron.dataloads.nonbulk.taxii.TaxiiLoader.main(TaxiiLoader.java:202)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.hadoop.util.RunJar.run(RunJar.java:233)
at org.apache.hadoop.util.RunJar.main(RunJar.java:148)


# cat /usr/local/opentaxii/etc/connections.conf/guest.phishtank_com.json
{
"endpoint" : "http://10.10.110.23:9000/services/discovery"
,"port" : "9000"
,"type" : "DISCOVER"
,"collection" : "guest.phishtank_com"
,"table" : "threatintel"
,"columnFamily" : "t"
,"allowedIndicatorTypes" : [ "domainname:FQDN", "address:IPV_4_ADDR" ]
}

# cat /usr/local/opentaxii/etc/connections.conf/extractor.json
{
"config": {
"columns": {
"domain": 0
},
"indicator_column": "domain",
"type" : "malicious_domain",
"separator" : ","
},
"extractor" : "STIX"
}


"zk_quorum" parameter we specified as well and got exception (without "Unable to setup zookeeper
client" warning).

Exception is thrown due to false in condition:
```
if(e instanceof StixExtractor) {
```

in file TaxiiLoader.java.

I changed exception message to:
```
throw new IllegalStateException("Extractor must be a STIX Extractor" + " - " + e.getClass().getName());
```

and got:
```
Extractor must be a STIX Extractor - org.apache.metron.dataloads.extractor.TransformFilterExtractorDecorator
```

Seems like it is related to commit c5bbf5acef05de16a18db9397745a6795427f6b8.

Let me know if this is bug and I should open jira issue.

Thank you


- Vladimir

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message