Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unexpected Error: list index out of range #27

Closed
ghuser0234 opened this issue Oct 2, 2018 · 6 comments
Closed

Unexpected Error: list index out of range #27

ghuser0234 opened this issue Oct 2, 2018 · 6 comments
Assignees
@sim0nx

Comments

@ghuser0234
Copy link

I'm using eml_parser with TheHive project and all analysis fails with

Unexpected Error: list index out of range

I'm not sure where else to find any other logging or info to troubleshoot this.
@sim0nx sim0nx self-assigned this Oct 3, 2018
@sim0nx
Copy link
Member

sim0nx commented Oct 3, 2018

Can you test it outside of thehive? Does that work or produce the same error?

Try increasing the loglevel.

@ghuser0234
Copy link
Author

I ran the script from 'Example on how to use:' quoted here
`import datetime
import json
import eml_parser

def json_serial(obj):
if isinstance(obj, datetime.datetime):
serial = obj.isoformat()
return serial

with open('sample.eml', 'rb') as fhdl:
raw_email = fhdl.read()

parsed_eml = eml_parser.eml_parser.decode_email_b(raw_email)

print(json.dumps(parsed_eml, default=json_serial))`

Running this returns a proper JSON output. However i'm not sure how to run the actual 'parse.py' that comes with the analyzers outside of thehive.

@sim0nx
Copy link
Member

sim0nx commented Oct 3, 2018

Ok so eml_parser does work then, it is more related to the integration to thehive, correct?

I have not worked with it yet, could you give me more pointers on what that "parse.py" is (+link) and what you are trying to do?

@ghuser0234
Copy link
Author

ghuser0234 commented Oct 3, 2018
edited
Loading

Looking at the analyzer requirements here https://github.com/TheHive-Project/CortexDocs/blob/master/analyzer_requirements.md#emlparser it makes me think i'm using this GOVCERT-LU/eml_parser
parser.
However, looking at the actual analyzer that's downloaded https://github.com/TheHive-Project/Cortex-Analyzers/tree/master/analyzers/EmlParser the requirements.txt says to use this GOVCERTLU lib instead. I suppose i'm not sure how this is supposed to work or how to get eml_parser working instead of EmlParser.

@sim0nx
Copy link
Member

sim0nx commented Oct 3, 2018

Ok I see.
So in the-hive, they have various analysers, one of them being that "emlparser".
The project here (https://github.com/GOVCERT-LU/eml_parser) is a library for doing the actual parsing, which they use in their analyser.

I guess it would be best to open an issue regarding your experience with thehive project as this is more related to their analyser than to this library.

Please do reference that issue in this one, as it might help others who land here as well.

@ghuser0234
Copy link
Author

Closing issue - see issue at TheHive-Project/Cortex-Analyzers#352

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sim0nx sim0nx

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sim0nx @ghuser0234