Seeing some strangeness
etheruler opened this issue · 2 comments
Hello DeTT&CT Team - I am seeing some strangeness that I do not understand. Is the latest version of DeTTECT okay? Here is what I am seeing...
If I use a locally installed copy of DETTECT from 25-Jan-2024, the command "python dettect.py generic -ds" works fine.
If I use the latest docker version that I pulled down on 13-Mar-2024 and run the same command, I get the error:
[!] Cannot connect to MITRE's CTI TAXII server: https://cti-taxii.mitre.org/stix/collections/95ecc380-afe9-11e4-9b6c-751b66dd541e/
If if I use a new locally installed copy of DETTECT fomr 13-Mar-2024, and run the same command, I get the error
[!] Cannot connect to MITRE's CTI TAXII server: https://cti-taxii.mitre.org/stix/collections/95ecc380-afe9-11e4-9b6c-751b66dd541e/
At first, I thought I was having proxy or firewall issues, but since one of the application instance ran fine I that ruled out. Any help would be apprecicated.
Thanks...
hi @etheruler
MITRE's TAXII server is down for already a couple of days... I can't help that.
To fix this for now, and also in the future and also to make your runs run faster: you can use the --local-stix-path command line parameter. You can clone the CTI STIX repository (https://github.com/mitre/cti) and use it in DeTT&CT as offline ATT&CK source instead of the TAXII server.
The DeTT&CT code base of January 25 uses the same TAXII server... but probably it's working because of cached data. DeTT&CT caches information from TAXII server in the cache folder, so maybe your January 25 version still has a filled cache folder and thus working.