You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Status
Yes, all services on all nodes are running OK
Salt Status
No, there are no failures
Logs
When we use analyzer :
malwarehashregistry :
{
"error": "exit status 1",
"output": "Traceback (most recent call last):\n File "", line 198, in _run_module_as_main\n File "", line 88, in _run_code\n File "/opt/sensoroni/analyzers/malwarehashregistry/malwarehashregistry.py", line 5, in \n from whois import NICClient\nModuleNotFoundError: No module named 'whois'\n",
"status": "caution",
"summary": "internal_failure"
}
spamhaus :
{
"error": "exit status 1",
"output": "Traceback (most recent call last):\n File "", line 198, in _run_module_as_main\n File "", line 88, in _run_code\n File "/opt/sensoroni/analyzers/spamhaus/spamhaus.py", line 2, in \n import dns.resolver\nModuleNotFoundError: No module named 'dns'\n",
"status": "caution",
"summary": "internal_failure"
}
whois
{
"error": "exit status 1",
"output": "Traceback (most recent call last):\n File "", line 198, in _run_module_as_main\n File "", line 88, in _run_code\n File "/opt/sensoroni/analyzers/whoislookup/whoislookup.py", line 4, in \n import whoisit\nModuleNotFoundError: No module named 'whoisit'\n",
"status": "caution",
"summary": "internal_failure"
}
and Threatfox :
{
"error": "exit status 1",
"output": "Traceback (most recent call last):\n File "/usr/local/lib/python3.12/site-packages/urllib3/connectionpool.py", line 775, in urlopen\n self._prepare_proxy(conn)\n File "/usr/local/lib/python3.12/site-packages/urllib3/connectionpool.py", line 1044, in _prepare_proxy\n conn.connect()\n File "/usr/local/lib/python3.12/site-packages/urllib3/connection.py", line 710, in connect\n self._tunnel()\n File "/usr/local/lib/python3.12/http/client.py", line 979, in _tunnel\n raise OSError(f"Tunnel connection failed: {code} {message.strip()}")\nOSError: Tunnel connection failed: 403 Forbidden\n\nThe above exception was the direct cause of the following exception:\n\nurllib3.exceptions.ProxyError: ('Unable to connect to proxy', OSError('Tunnel connection failed: 403 Forbidden'))\n\nThe above exception was the direct cause of the following exception:\n\nTraceback (most recent call last):\n File "/usr/local/lib/python3.12/site-packages/requests/adapters.py", line 667, in send\n resp = conn.urlopen(\n ^^^^^^^^^^^^^\n File "/usr/local/lib/python3.12/site-packages/urllib3/connectionpool.py", line 843, in urlopen\n retries = retries.increment(\n ^^^^^^^^^^^^^^^^^^\n File "/usr/local/lib/python3.12/site-packages/urllib3/util/retry.py", line 519, in increment\n raise MaxRetryError(_pool, url, reason) from reason # type: ignore[arg-type]\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\nurllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='threatfox-api.abuse.ch', port=443): Max retries exceeded with url: /api/v1/ (Caused by ProxyError('Unable to connect to proxy', OSError('Tunnel connection failed: 403 Forbidden')))\n\nDuring handling of the above exception, another exception occurred:\n\nTraceback (most recent call last):\n File "", line 198, in _run_module_as_main\n File "", line 88, in _run_code\n File "/opt/sensoroni/analyzers/threatfox/threatfox.py", line 74, in \n main()\n File "/opt/sensoroni/analyzers/threatfox/threatfox.py", line 67, in main\n results = analyze(sys.argv[1])\n ^^^^^^^^^^^^^^^^^^^^\n File "/opt/sensoroni/analyzers/threatfox/threatfox.py", line 61, in analyze\n response = sendReq(meta, query)\n ^^^^^^^^^^^^^^^^^^^^\n File "/opt/sensoroni/analyzers/threatfox/threatfox.py", line 19, in sendReq\n response = requests.post(url, json.dumps(query))\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File "/usr/local/lib/python3.12/site-packages/requests/api.py", line 115, in post\n return request("post", url, data=data, json=json, **kwargs)\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File "/usr/local/lib/python3.12/site-packages/requests/api.py", line 59, in request\n return session.request(method=method, url=url, **kwargs)\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File "/usr/local/lib/python3.12/site-packages/requests/sessions.py", line 589, in request\n resp = self.send(prep, **send_kwargs)\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File "/usr/local/lib/python3.12/site-packages/requests/sessions.py", line 703, in send\n r = adapter.send(request, **kwargs)\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File "/usr/local/lib/python3.12/site-packages/requests/adapters.py", line 694, in send\n raise ProxyError(e, request=request)\nrequests.exceptions.ProxyError: HTTPSConnectionPool(host='threatfox-api.abuse.ch', port=443): Max retries exceeded with url: /api/v1/ (Caused by ProxyError('Unable to connect to proxy', OSError('Tunnel connection failed: 403 Forbidden')))\n",
"status": "caution",
"summary": "internal_failure"
}
Hello, we encountered an issue when we attempt to use analyzer, we have error described above.
For the first three I wonder if the dependencies are actually installed in the container sensoroni, if we look in the script
we have a line to download the different dependencies (line 15), but no instruction to install these dependencies
Or does this job is make in other location ?
For the last one, do we need to add an API key for Threatfox, I don't see this option in the sensoroni configuration ?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Version
2.4.110
Installation Method
Security Onion ISO image
Description
configuration
Installation Type
Distributed
Location
on-prem with Internet access
Hardware Specs
Exceeds minimum requirements
CPU
8
RAM
32
Storage for /
500
Storage for /nsm
500
Network Traffic Collection
span port
Network Traffic Speeds
Less than 1Gbps
Status
Yes, all services on all nodes are running OK
Salt Status
No, there are no failures
Logs
When we use analyzer :
malwarehashregistry :
{
"error": "exit status 1",
"output": "Traceback (most recent call last):\n File "", line 198, in _run_module_as_main\n File "", line 88, in _run_code\n File "/opt/sensoroni/analyzers/malwarehashregistry/malwarehashregistry.py", line 5, in \n from whois import NICClient\nModuleNotFoundError: No module named 'whois'\n",
"status": "caution",
"summary": "internal_failure"
}
spamhaus :
{
"error": "exit status 1",
"output": "Traceback (most recent call last):\n File "", line 198, in _run_module_as_main\n File "", line 88, in _run_code\n File "/opt/sensoroni/analyzers/spamhaus/spamhaus.py", line 2, in \n import dns.resolver\nModuleNotFoundError: No module named 'dns'\n",
"status": "caution",
"summary": "internal_failure"
}
whois
{
"error": "exit status 1",
"output": "Traceback (most recent call last):\n File "", line 198, in _run_module_as_main\n File "", line 88, in _run_code\n File "/opt/sensoroni/analyzers/whoislookup/whoislookup.py", line 4, in \n import whoisit\nModuleNotFoundError: No module named 'whoisit'\n",
"status": "caution",
"summary": "internal_failure"
}
and Threatfox :
{
"error": "exit status 1",
"output": "Traceback (most recent call last):\n File "/usr/local/lib/python3.12/site-packages/urllib3/connectionpool.py", line 775, in urlopen\n self._prepare_proxy(conn)\n File "/usr/local/lib/python3.12/site-packages/urllib3/connectionpool.py", line 1044, in _prepare_proxy\n conn.connect()\n File "/usr/local/lib/python3.12/site-packages/urllib3/connection.py", line 710, in connect\n self._tunnel()\n File "/usr/local/lib/python3.12/http/client.py", line 979, in _tunnel\n raise OSError(f"Tunnel connection failed: {code} {message.strip()}")\nOSError: Tunnel connection failed: 403 Forbidden\n\nThe above exception was the direct cause of the following exception:\n\nurllib3.exceptions.ProxyError: ('Unable to connect to proxy', OSError('Tunnel connection failed: 403 Forbidden'))\n\nThe above exception was the direct cause of the following exception:\n\nTraceback (most recent call last):\n File "/usr/local/lib/python3.12/site-packages/requests/adapters.py", line 667, in send\n resp = conn.urlopen(\n ^^^^^^^^^^^^^\n File "/usr/local/lib/python3.12/site-packages/urllib3/connectionpool.py", line 843, in urlopen\n retries = retries.increment(\n ^^^^^^^^^^^^^^^^^^\n File "/usr/local/lib/python3.12/site-packages/urllib3/util/retry.py", line 519, in increment\n raise MaxRetryError(_pool, url, reason) from reason # type: ignore[arg-type]\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\nurllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='threatfox-api.abuse.ch', port=443): Max retries exceeded with url: /api/v1/ (Caused by ProxyError('Unable to connect to proxy', OSError('Tunnel connection failed: 403 Forbidden')))\n\nDuring handling of the above exception, another exception occurred:\n\nTraceback (most recent call last):\n File "", line 198, in _run_module_as_main\n File "", line 88, in _run_code\n File "/opt/sensoroni/analyzers/threatfox/threatfox.py", line 74, in \n main()\n File "/opt/sensoroni/analyzers/threatfox/threatfox.py", line 67, in main\n results = analyze(sys.argv[1])\n ^^^^^^^^^^^^^^^^^^^^\n File "/opt/sensoroni/analyzers/threatfox/threatfox.py", line 61, in analyze\n response = sendReq(meta, query)\n ^^^^^^^^^^^^^^^^^^^^\n File "/opt/sensoroni/analyzers/threatfox/threatfox.py", line 19, in sendReq\n response = requests.post(url, json.dumps(query))\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File "/usr/local/lib/python3.12/site-packages/requests/api.py", line 115, in post\n return request("post", url, data=data, json=json, **kwargs)\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File "/usr/local/lib/python3.12/site-packages/requests/api.py", line 59, in request\n return session.request(method=method, url=url, **kwargs)\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File "/usr/local/lib/python3.12/site-packages/requests/sessions.py", line 589, in request\n resp = self.send(prep, **send_kwargs)\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File "/usr/local/lib/python3.12/site-packages/requests/sessions.py", line 703, in send\n r = adapter.send(request, **kwargs)\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File "/usr/local/lib/python3.12/site-packages/requests/adapters.py", line 694, in send\n raise ProxyError(e, request=request)\nrequests.exceptions.ProxyError: HTTPSConnectionPool(host='threatfox-api.abuse.ch', port=443): Max retries exceeded with url: /api/v1/ (Caused by ProxyError('Unable to connect to proxy', OSError('Tunnel connection failed: 403 Forbidden')))\n",
"status": "caution",
"summary": "internal_failure"
}
Hello, we encountered an issue when we attempt to use analyzer, we have error described above.
For the first three I wonder if the dependencies are actually installed in the container sensoroni, if we look in the script
we have a line to download the different dependencies (line 15), but no instruction to install these dependencies
Or does this job is make in other location ?
For the last one, do we need to add an API key for Threatfox, I don't see this option in the sensoroni configuration ?
Have a nice day !
Beta Was this translation helpful? Give feedback.
All reactions