Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"errorMessage": "Missing dataType field" #481

Closed
rykers84 opened this issue May 14, 2019 · 1 comment
Closed

"errorMessage": "Missing dataType field" #481

rykers84 opened this issue May 14, 2019 · 1 comment
Labels
category:feature-request Issue is related to a feature request

Comments

@rykers84
Copy link

Hi,

i get the following Error Message: "errorMessage": "Missing dataType field"

I rly dont know where it comes from and i didnt find anything on google or here the could bring me forward. I think i overseeing something, sr in advance.

I want to take a Alert/Case and get the IOCs out of the JSON. I just want to print it at the moment but later save it to a file. I rly dont know, where my mistake is.

If anyone could help me, even a link to a doku, i would be a little bit happy.

The Code is the following:

#!/usr/bin/env python3
# encoding: utf-8

from cortexutils.responder import Responder
import json



class Thor(Responder):
    def __init__(self):
        Responder.__init__(self)

    def run(self):
        Responder.run(self)

        if self.data_type == 'thehive:case':
            data = self.get_param('data.artifacts', None, 'No IOCs')
            data = json.load(data)

            print(json.dumps('data[hash]'))
            
        
        elif self.data_type == 'thehive:alert':
            data = self.get_param('data.artifacts', None, 'No IOcs')
            data = json.dumps(data)

            print(json.dumps('data[hash]'))

        else:
            self.error("WTF")

if __name__ == '__main__':
    Thor().run()

The json i work with:

{
  "date": 1557822582000,
  "severity": 1,
  "_routing": "9405f01864f8c85d337c606118eb8119",
  "customFields": {},
  "caseTemplate": "MISP",
  "_type": "alert",
  "description": "Imported from MISP Event #140, created at Tue May 14 08:29:42 UTC 2019",
  "lastSyncDate": 1557822582000,
  "source": "MISP-SERVER-ID",
  "follow": true,
  "title": "#140 Malicious ELF binary (Mirai) - 2018-12-22 (collected on a router)",
  "type": "misp",
  "tags": [
    "src:CIRCL",
    "misp-galaxy:tool=\"Mirai\"",
    "misp-galaxy:malpedia=\"Mirai\"",
    "misp-galaxy:botnet=\"Mirai\""
  ],
  "createdAt": 1557830650205,
  "_parent": null,
  "createdBy": "init",
  "tlp": 0,
  "_id": "9405f01864f8c85d337c606118eb8119",
  "id": "9405f01864f8c85d337c606118eb8119",
  "sourceRef": "140",
  "_version": 1,
  "status": "New",
  "artifacts": [
    {
      "data": "22c6b6bd77ee2fcd16dcbb3f2ae400eafd741a4fc92a5ee167445334145e4242",
      "dataType": "hash",
      "tlp": 2,
      "message": "related samples collected the 2018-12-22",
      "startDate": 1545466345000,
      "tags": [
        "MISP:type=sha256",
        "MISP:category=Payload delivery",
        "src:MISP-SERVER-ID",
        "OSINT"
      ]
    }    
  ]
}
@rykers84 rykers84 added the category:feature-request Issue is related to a feature request label May 14, 2019
@rykers84
Copy link
Author

So i found the error:

Im just an Idiot that did not find the "missing" field in the json...

Sr for wasting your time

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
category:feature-request Issue is related to a feature request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rykers84