We have integrated Azure Sentinel with MISP using Security Graph API.
We are seeing IP field being parsed improperly on MS Azure Sentinel. It could be the issue with Security Graph API. Referring to the screenshot, Value field should be "IP addr" and type should be "ipv4-addr" . Because of this parsing issue, none of our IP feeds are triggering any alerts on sentinel.
Whereas URL field is parsed properly.
Screenshot from Sentinel - Improper IP field parsing
Did anyone else face the same issue ? How do we rectify this issue ?
Related
We are using the following stack :
Kotlin 1.6.0 running on JVM 11
com.netflix.graphql.dgs:graphql-dgs-spring-boot-starter 5.0.4
com.netflix.graphql.dgs:graphql-dgs-subscriptions-websockets 5.0.4
com.netflix.graphql.dgs:graphql-dgs-subscriptions-websockets-autoconfigure 5.0.4
org.springframework.boot:spring-boot-starter-security 2.6.7
org.springframework.boot:spring-boot-starter-oauth2-resource-server 2.6.7
We are authenticating using the Google Identity Platform from the client side and passing the resulting Bearer token to the DGS API.
The pure HTTP requests (DgsQuery, DgsMutation) are able to extract the processed/validated token without an issue - and we are able to determine the userId from this.
Expected Results
When calling a subscription graph call we are expecting to extract the same details from the processed Bearer token - so we can then utilise the User Identification within the business logic.
Actual Results
The SecurityContextHolder returns an authorization value that is null. And passing in an invalid token still correctly returns subscribed results, suggesting that the subscription endpoint is not being hooked into the JWT authentication at all.
Question
What would be the recommended approach in providing the same authentication behavior and availability of Security Context to Subscriptions as is available to both DGSQuery and DGSMutation annotated functions?
From research - I understand that this needs to be performed in the initial handshake and then saved to the session.
Worth mentioning - that when calling the server from the GraphiQL UI - therefore using the newest protocol - the authentication occurs and the Security Context is populated with the correct information. However, this then fails with "Trying to execute subscription on /graphql. Use /subscriptions instead!" - which is to be expected with the incompatible client/server versions.
Integration Siebel - Google geocoding:
the URL requests sent directly from the browser:
https://maps.googleapis.com/maps/api/geocode/xml?address=Landsdorf%20Strasse,,Gr%C3%BCnewald,01945,Deutschland&key=API_key
where API_key = particular API key provided by Google during first registration
Such request is working correctly, the response with geo codes is returned into the browser screen.
However if the same request is sent via Siebel through BS: EAI HTTP Transport
The error is displayed:
SBL-EAI-04116:HTTP Internet Exception during 'Data Send': 'An error
occurred in the secure channel support', code: '12157'.
Described solutions on official Oracle support Web for that error are related to some missing certificate on external Server , (in our case Google Server)
This is a faily generic occuring at the Wininet layer during the SSL handshake.
And action should be: Throughly check the external webserver logs wih increased SSL tracing level on webserver.
but logically it does not make a sense, why URL request directly from the browser (same network) has been successfully sent and response was received
without using any certifications or similar stuff related to SSL handshake
Can someone help with it ?
Thank you
Best regards
I have a hunch here Siebel is sending data in UTF-16 format, and end point is rejecting it. Please check your outgoing trace messages.
I am using the url http://finance.yahoo.com/d/quotes.csv.. in my application to receive the currency conversion rate.Up to yesterday, it was retrieving data with no error.But today it throws exception "The remote server returned an error: (403) Forbidden." in my code.When i paste the url in browser it says "It has come to our attention that this service is being used in violation of the Yahoo Terms of Service. As such, the service is being discontinued. For all future markets and equities data research, please refer to finance.yahoo.com."
What is the actual cause?What are the alternate ways to retrieve the currency conversion from yahoo?Please let me know.
Probably it's all fine with your code - Yahoo just discarded this functionality without any warning to community -.-
https://forums.yahoo.net/t5/Yahoo-Finance-help/http-download-finance-yahoo-com-d-quotes-csv-s-GOOG-amp-f/m-p/387662/highlight/true#M6207
IMO it's worthy to just write new parser using Google services. That's very nasty from Yahoo side to just close some widely used feature so rapidly.
I decided to use this currency calculator: https://finance.google.com/finance/converter
I have this json feed.
I am unable to load this into Appgyver
I have set the following required settings:
- parameter app_name with the correct value
- added the reuired header X-DREAMFACTORY-APPLICATION-NAME
I always get the Oops, Unable to load resource's data model. error
Anyone who has a clue?
I am not very familiar with AppGyver, but I know it's been used with DreamFactory successfully by others. You have not provided enough information, but I will attempt to give you troubleshooting steps from the DreamFactory side.
First, are you definitely authenticating and passing a valid X-DreamFactory-Session-Token header? I can tell that you don't have guest access enabled (to make calls without authentication) because when I navigate to your link I receive a 401 with "There is no valid session for the current request."
Second, what is the call you're making from AppGyver? Is it a GET to simply list resources of a DB called vlaamse_vinyl, or what?
Finally, if you are passing X-DreamFactory-Application-Name in addition to the URI parameter ?app_name=vlaamse_vinyl this is redundant. Perhaps that is preventing your call from succeeding.
I have WSO2 API Manager configured and everything seems to work fine.
The only issues bothering me is that in case of an Auth exception, the API manager always returns the response with XML content type, e.g.,
<ams:fault xmlns:ams="http://wso2.org/apimanager/security"><ams:code>900904</ams:code><ams:message>Access Token Inactive</ams:message><ams:description>Access failure for API: /exchange, version: 1.0 with key: 1139a466ebfd825aca953ad7259b9f45</ams:description></ams:fault>
In case of client communicates with my web service with JSON format, the XML response will look a little bit strange.
Is there any ideas how to make API Manager provide error response in JSON format?
This has been addressed in recent versions of API Manager. Auth errors can be set to json format by adding or updating the error_message_type property in WSO2HOME/repository/deployment/server/synapse-configs/default/sequences/_auth_failure_handler_.xml:
<property name="error_message_type" value="application/json"/>
I've found this also requires JSONBuilder and JSONMessageFormatter to be selected for the json content type in axis2.xml (which is the default setting).
For older versions, this article explains how to manually do the same.