我正在尝试使用 Azure 在 github 上的默认文档将威胁指标从我的 MISP 实例推送到 azure 哨兵:https://github.com/microsoftgraph/security-api-solutions/tree/master/Samples/MISP
我按照文档执行了这些步骤,但是python3 script.py 给了我以下错误:
Traceback (most recent call last):
File "script.py", line 100, in <module>
main()
File "script.py", line 96, in main
request_manager.handle_indicator(request_body)
File "/var/azure/sentinel/security-api-solutions/Samples/MISP/RequestManager.py", line 197, in handle_indicator
self._post_to_graph()
File "/var/azure/sentinel/security-api-solutions/Samples/MISP/RequestManager.py", line 184, in _post_to_graph
self._log_post(response)
File "/var/azure/sentinel/security-api-solutions/Samples/MISP/RequestManager.py", line 98, in _log_post
if len(response['value']) > 0:
KeyError: 'value'
这是在 RequestManager.py 中调用内置方法,用于将指标发布到图形 API
不知道 Python 问题的答案,但是否尝试过直接针对应用使用威胁情报平台连接器? 它目前为公共预览版。