Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Cagri
Explorer

I can't add csv file to mgmt-cli tool

I have a CSV file with MD5 hashes. I want to upload this CSV file with the help of the mgmt_cli tool.

this is cli wrote;

mgmt_cli add-threat-indicator name my_indicator_1 observa bles-raw-data /home/admin/md5.csv

this is error message;

[Expert@xc-cp-mgmt:0]# mgmt_cli add-threat-indicator name my_indicator_1 observa bles-raw-data /home/admin/md5.csv
Username: admin
Password:


---------------------------------------------
Time: [12:08:12] 2/11/2020
---------------------------------------------
"Add Indicator" in progress (20%)


---------------------------------------------
Time: [12:08:22] 2/11/2020
---------------------------------------------
"Add Indicator" failed (100%)
tasks:
- uid: "3b5e0b45-d63d-4dc0-a7aa-b03b7710984e"
type: "task"
domain:
uid: "41e821a0-3720-11e3-aa6e-0800200c9fde"
name: "SMC User"
domain-type: "domain"
task-id: "5409932c-d0ff-4c3a-bdff-d96573eba98b"
task-name: "Add Indicator"
status: "failed"
progress-percentage: 100
start-time:
posix: 1604308091084
iso-8601: "2020-11-02T12:08+0300"
last-update-time:
posix: 1604308091084
iso-8601: "2020-11-02T12:08+0300"
suppressed: false
task-details:
- request-status: "failed"
request-status-description: "status element returned error: - Indicator in r ow 1 has less fields than expected\n"
comments: "status element returned error: - Indicator in row 1 has less fields than expected\n"
color: "black"
icon: "General/globalsNa"
tags: []
meta-info:
lock: "unlocked"
validation-state: "ok"
last-modify-time:
posix: 1604308092333
iso-8601: "2020-11-02T12:08+0300"
last-modifier: "admin"
creation-time:
posix: 1604308091092
iso-8601: "2020-11-02T12:08+0300"
creator: "admin"
read-only: false

Executed command failed. Changes are discarded.

 

 

this is CSV file;

[Expert@xc-cp-mgmt:0]# cat MD5.csv
Name,Value,Type,Confidence,Severity,Product,Comments
deneme1,166ED84E38FA294D489D791B211685AB,MD5,medium,low,AB,deneme
deneme2,293DE194F503BC734A801FA49D948B32,MD5,medium,low,AB,deneme
deneme3,17DB2B5A95D6DBB6CDDBA2342F8474D1,MD5,medium,low,AB,deneme
deneme4,EF9A98671CC89AE67F9A7FCD07F622D7,MD5,medium,low,AB,deneme
deneme5,01867DE7BEB1CDBFC3D9900B7CED23CF,MD5,medium,low,AB,deneme

 

 

0 Kudos
7 Replies
PhoneBoy
Admin
Admin

0 Kudos
Cagri
Explorer

I have another question;

I have 12000 md5 hash file and this file is always updated. I want these hash files sent to the management server. How can these processes?

0 Kudos
PhoneBoy
Admin
Admin

You can script the same command above as well as a policy install for it to take effect. 

0 Kudos
Nir_Naaman
Collaborator

Is your objective loading the hashes into the management server, or enforcing them on the gateway? If the latter, have you considered using sk132193 Custom Intelligence Feeds? Instead of pushing policy from your management, you can configure your gateways to pull indicators from a feed. And, if you're looking for a managed facility, you could pull the input feed into Infinity NDR, and configure your gateways to pull from there.

0 Kudos
pfilipe
Contributor

Hello Cagri, 

 

Could you provide the CSV you implemented so i can see the correct file format?

I keep getting the error Indicator in r ow 1 has less fields than expected as well.

 

 

0 Kudos
the_rock
Legend
Legend

This is what TAC provided me couple years ago when I was trying same thing. We could not get it working with CSV file, so they suggested create file with extension .csv on mgmt server and try below. I actually like this approach...see if it works for you, as I tried it many times and never had an issue. I know its lots of manual typing, but once file is ready, works like a charm.

 

So say you wanted to block 3 IP addresses...you could do this:

cd /var/log

touch blocked_ip_addresses.csv

vi blocked_ip_addresses

name,ip-address

bad_ip_1.1.1.1,1.1.1.1

bad_ip_1.1.1.2,1.1.1.2

bad_ip_1.1.1.3,1.1.1.3

and do on

then you run mgmt_cli add host --batch blocked_ip_addresses.csv

--->To add address-range via API:mgmt_cli add address-range --batch address-ranges_full.csv#cat address-ranges_full.csvname,ip-address-first,ip-address-lastrange1,10.0.0.0,10.0.0.100---> To add a network via API:mgmt_cli add network --batch networks.csv#cat networks.csvname,subnet,subnet-masknetwork1,10.10.10.0,255.255.255.0network2,20.20.20.0,255.255.255.0network3,30.30.30.0,255.255.255.0---> To add a host mgmt_cli add host --batch test.csv#cat test.csvname,ip-addressobj1,192.168.1.1

pfilipe
Contributor

Will try and see!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events