Generic failure to push IOCs to my client from staxx


#1

I have a 2.0 client that I’m trying to push data to from stax.

I am able to discover without problems and see my collections showing for the server, but whenever I try and push (manual or scheduled), I get the same error, which provides absolutely no help as to WHY it’s failing.

I also see no traffic at all using TCPDUMP going between the STAXX server and my client, so I don’t think it’s getting a bad response. Maybe something in the discovery did not get added correctly?

[2019-08-28 11:50:38,336] [INFO ] Start one time push: bbbb
[2019-08-28 11:50:38,407] [INFO ] 192.168.56.1 - - [28/Aug/2019:11:50:38] “POST /browse/onetimepush/ HTTP/1.1” 200 25469 “https://192.168.56.105:8080/search/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36”
[2019-08-28 11:50:38,774] [ERROR] Failed during one-time intels push to server: ‘taxii collection 1-1’
Traceback (most recent call last):
File “webapp/services/feed_publisher_service.py”, line 271, in push_once
File “webapp/services/feed_publisher_service.py”, line 261, in _fetch_and_publish_intels
File “webapp/services/feed_publisher_service.py”, line 408, in publish_to_taxii2_site
PushError: Failed during one-time intels push to server: ‘taxii collection 1-1’
[2019-08-28 11:50:39,500] [INFO ] 192.168.56.1 - - [28/Aug/2019:11:50:39] “GET /browse/getpushstatus/?push_id=7 HTTP/1.1” 200 25548 “https://192.168.56.105:8080/search/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36”


#2

Never mind. The collection must be “can_read” evidently before you can write to it.

Having can_read=false and can_write=true does not let you write to a collection.