Passivetotal_service: cannot import name DnsResponse

[david-rundle-xor]

crits.log reporting:
crits.services.core Failed to import service (passivetotal_service): cannot import name DnsResponse

Validated that passivetotal module is installed correctly.

[cvdsouza]

What version of passivetotal are you running ?
I believe you should have version 1.0.23 ,
pip install passivetotal==1.0.23

the higher versions error out , haven't figured out why.

[ghost]

Yes confirm. Same behavior. If i do only a :
pip install passivetotal
==> NOK !
so :
pip install passivetotal==1.0.23
correct the thing and service is available.

[david-rundle-xor]

Thx - crits failed our proof of concept in many places. Not scaleable, could not implement Mitre's own Stix/taxii standards. Sent from my Galaxy Tab® S2 -------- Original message --------From: action09 <[email protected]> Date: 8/26/17 9:21 PM (GMT-05:00) To: crits/crits_services <[email protected]> Cc: david-rundle-xor <[email protected]>, Author <[email protected]> Subject: Re: [crits/crits_services] Passivetotal_service: cannot import name   DnsResponse (#316) Yes confirm. Same behavior. If i do only a : pip install passivetotal ==> NOK ! so : pip install passivetotal==1.0.23 correct the thing and service is available. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread. {"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/crits/crits_services","title":"crits/crits_services","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/crits/crits_services"}},"updates":{"snippets":[{"icon":"PERSON","message":"@action09 in #316: Yes confirm. Same behavior. If i do only a :\r\npip install passivetotal\r\n==\u003e NOK !\r\nso :\r\npip install passivetotal==1.0.23\r\ncorrect the thing and service is available.\r\n\r\n"}],"action":{"name":"View Issue","url":"#316 (comment)"}}}

[iglocska]

could not implement Mitre's own Stix/taxii standards.

CRITS having its own sane format isn't necessarily a bad thing at all.

[mgoffin]

It also does support those (no longer MITRE) standards, just not natively because the community didn’t want it forced upon them. Just need to install the TAXII service. Also scales fairly well with mongo so not sure about hat either.

…

On Sun, Aug 27, 2017 at 2:54 AM Andras Iklody ***@***.***> wrote: could not implement Mitre's own Stix/taxii standards. CRITS having its own sane format isn't necessarily a bad thing at all. — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#316 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAP7CUyPOs7DzrL12kXj_k8RGSXMbtS5ks5scRK-gaJpZM4NVkoi> .

[david-rundle-xor]

No, even with the taxii service, there's large parts of the standard implemented incorrectly which strip out data and drop context about campaigns, actors, and interrelationships.  Trust me - ran these dead ends into brick walls at speed face first too many times. Sent from my Galaxy Tab® S2 -------- Original message --------From: Mike Goffin <[email protected]> Date: 8/27/17 9:19 AM (GMT-05:00) To: crits/crits_services <[email protected]> Cc: david-rundle-xor <[email protected]>, Author <[email protected]> Subject: Re: [crits/crits_services] Passivetotal_service: cannot import name   DnsResponse (#316) It also does support those (no longer MITRE) standards, just not natively because the community didn’t want it forced upon them. Just need to install the TAXII service. Also scales fairly well with mongo so not sure about hat either. On Sun, Aug 27, 2017 at 2:54 AM Andras Iklody <[email protected]> wrote:

could not implement Mitre's own Stix/taxii standards. CRITS having its own sane format isn't necessarily a bad thing at all. — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#316 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAP7CUyPOs7DzrL12kXj_k8RGSXMbtS5ks5scRK-gaJpZM4NVkoi> .

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread. {"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/crits/crits_services","title":"crits/crits_services","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/crits/crits_services"}},"updates":{"snippets":[{"icon":"PERSON","message":"@mgoffin in #316: It also does support those (no longer MITRE) standards, just not natively\nbecause the community didn’t want it forced upon them. Just need to install\nthe TAXII service.\n\nAlso scales fairly well with mongo so not sure about hat either.\n\nOn Sun, Aug 27, 2017 at 2:54 AM Andras Iklody \[email protected]\u003e\nwrote:\n\n\u003e could not implement Mitre's own Stix/taxii standards.\n\u003e\n\u003e CRITS having its own sane format isn't necessarily a bad thing at all.\n\u003e\n\u003e —\n\u003e You are receiving this because you are subscribed to this thread.\n\u003e Reply to this email directly, view it on GitHub\n\u003e \u003chttps://github.com/crits/crits_services/issues/316#issuecomment-325180823\u003e,\n\u003e or mute the thread\n\u003e \u003chttps://github.com/notifications/unsubscribe-auth/AAP7CUyPOs7DzrL12kXj_k8RGSXMbtS5ks5scRK-gaJpZM4NVkoi\u003e\n\u003e .\n\u003e\n"}],"action":{"name":"View Issue","url":"#316 (comment)"}}}

[iglocska]

In my experience,, pretty much anything that claims to do STIX will have a < 100% correct ingest for other STIX sources out there, which is an inherent issue with standards that allow many different ways to describe the same thing (just have a look at how many ways you can describe something as simple as an IP address in STIX 1.x). If you have one specific source of STIX data, then you can get away with simply finding the tool that ingests with the highest success rate, but that's about it.

Alternatively, you can look for a tool (such as Soltra) that simply ingests an xml document as is, but doesn't allow you to do much with it.

Crits is a tool that allows you to do much more with your ingested data, but this of course comes at a cost of < 100% perfect mapping.

[mgoffin]

The TAXII service is also something supported by folks in the community that use the standard. If there’s something not working, missing, etc. feel free to drop an issue or a PR on Github! We love hearing from other devs who want to contribute. As for not being 100% compliant I would agree with Andras that it is literally impossible. The standard gives you the ability to create your own custom object which requires someone to know how it is built to parse it correctly. That requires custom code and that to me sucks.

…

On Sun, Aug 27, 2017 at 11:58 AM Andras Iklody ***@***.***> wrote: In my experience,, pretty much anything that claims to do STIX will have a < 100% correct ingest for other STIX sources out there, which is an inherent issue with standards that allow many different ways to describe the same thing (just have a look at how many ways you can describe something as simple as an IP address in STIX 1.x). If you have one specific source of STIX data, then you can get away with simply finding the tool that ingests with the highest success rate, but that's about it. Alternatively, you can look for a tool (such as Soltra) that simply ingests an xml document as is, but doesn't allow you to do much with it. Crits is a tool that allows you to do much more with your ingested data, but this of course comes at a cost of < 100% perfect mapping. — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#316 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAP7CS332Z-kj3eKHZ9b_rx86Qe6mgE5ks5scZJAgaJpZM4NVkoi> .