Uploaded image for project: 'Metron (Retired)'
  1. Metron (Retired)
  2. METRON-1026

threatintel_taxii_load.sh throws exception

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Done
    • Major
    • Resolution: Done
    • 0.3.1, 0.3.2, 0.4.0
    • 0.4.1
    • None

    Description

      For version 0.3.1 and later taxii loader does not work.

      Here is details:

      # /usr/metron/0.3.1/bin/threatintel_taxii_load.sh -c /usr/local/opentaxii/etc/connections.conf/guest.phishtank_com.json -e /usr/local/opentaxii/etc/connections.conf/extractor.json -p 10000
17/07/10 07:35:42 WARN extractor.TransformFilterExtractorDecorator: Unable to setup zookeeper client - zk_quorum url not provided. **This will limit some Stellar functionality**
Exception in thread "main" java.lang.IllegalStateException: Extractor must be a STIX Extractor
at org.apache.metron.dataloads.nonbulk.taxii.TaxiiLoader.main(TaxiiLoader.java:202)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.hadoop.util.RunJar.run(RunJar.java:233)
at org.apache.hadoop.util.RunJar.main(RunJar.java:148)

      Configs:

      # cat /usr/local/opentaxii/etc/connections.conf/guest.phishtank_com.json
{
"endpoint" : "http://10.10.110.23:9000/services/discovery"
,"port" : "9000"
,"type" : "DISCOVER"
,"collection" : "guest.phishtank_com"
,"table" : "threatintel"
,"columnFamily" : "t"
,"allowedIndicatorTypes" : [ "domainname:FQDN", "address:IPV_4_ADDR" ]
}

      and

      # cat /usr/local/opentaxii/etc/connections.conf/extractor.json
{
"config": {
"columns": {
"domain": 0
},
"indicator_column": "domain",
"type" : "malicious_domain",
"separator" : ","
},
"extractor" : "STIX"
}

      The same exception with "zk_quorum" parameter (but without "Unable to setup zookeeper client" warning).

      Exception is thrown due to false in condition:

      if(e instanceof StixExtractor) {

      in file TaxiiLoader.java.

      I changed exception message to:

      throw new IllegalStateException("Extractor must be a STIX Extractor" + " - " + e.getClass().getName());

      and got:

      Extractor must be a STIX Extractor - org.apache.metron.dataloads.extractor.TransformFilterExtractorDecorator

      Attachments

        Issue Links

          links to

          Web Link GitHub Pull Request #643

          Activity

            People

              cestella Casey Stella
              vladmir Vladimir
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: