Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Analyzer Running Issues : Invalid Output error on Cortex GUI #302

Closed
s-shubh opened this issue Jul 12, 2018 · 5 comments
Closed

Analyzer Running Issues : Invalid Output error on Cortex GUI #302

s-shubh opened this issue Jul 12, 2018 · 5 comments
Assignees
@3c7
Labels
scope:question

Comments

@s-shubh
Copy link

s-shubh commented Jul 12, 2018
edited by nadouani
Loading

Got an error while running analyzer "FireHOLBlocklists_2_0" on Cortex.

OS version (server) | CentOS 7 (with python3.6.5)
Cortex Analyzers Names | FireHOLBlocklists_2_0, TorBlutmagie_1_0, TorProject_1_0

Description

I have configured reported analyzers in my server and found that while querying them for IP then they shows error as "Invalid Output".

I am beginner in python, so kindly help me to understand this error and solve that.

Kindly find the below logs while running an analyzers against IP address as Data Type.

---------------------------------------------------------------------
### **FireHOLBlocklists_2_0
'Invalid output
Traceback (most recent call last):
  File "FireHOLBlocklists/firehol_blocklists.py", line 146, in <module>
    FireholBlocklistsAnalyzer().run()
  File "FireHOLBlocklists/firehol_blocklists.py", line 30, in __init__
    os.mkdir(self.path, 0o0700)
OSError: [Errno 2] No such file or directory: "https://iplists.firehol.org/?ipset=bambenek_c2"**

I have also used various firehol IPsets such as "https://iplists.firehol.org/files/firehol_level1.netset" but things did not get worked for me.
---------------------------------------------------------------------
TorProject_1_0
Invalid output
/usr/bin/env: python3: No such file or directory
---------------------------------------------------------------------
TorBlutmagie_1_0
Invalid output
/usr/bin/env: python3: No such file or directory
---------------------------------------------------------------------

Kindly help...! :)
@s-shubh
Copy link
Author

s-shubh commented Jul 12, 2018

Guys, Issues related to "TorBlutmagie_1_0" and "TorProject_1_0" have been resolved after just changing python to python3 in analyzer.py config files.

But issue related FireHOLBlocklists_2_0 still persists. Kindly help.

@3c7
Copy link
Contributor

3c7 commented Jul 12, 2018

It seems like you added an URL as path to the blocklists, but you have to clone the blocklist repository (see https://blog.thehive-project.org/2017/05/22/vmray-firehol-joe-sandbox-fortiguard-analyzers/) and add the directory in the analyzer configuration in cortex.

The Tor_* analyzer errors are related to not having python3 installed or python3 binary not linked to /usr/bin/python3.

@3c7 3c7 self-assigned this Jul 12, 2018
@s-shubh
Copy link
Author

s-shubh commented Jul 13, 2018

Thank you so much for your prompt and valuable response. Have a great time ahead..! :)

@s-shubh
Copy link
Author

s-shubh commented Jul 13, 2018
edited
Loading

It gets worked... Thank you so much for this. @3c7

@3c7
Copy link
Contributor

3c7 commented Jul 13, 2018

You're welcome

@3c7 3c7 closed this as completed Jul 13, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@3c7 3c7

Labels
scope:question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@3c7 @s-shubh