• Support
  • Forums
  • Blogs

There was an error downloading your OTX susbcriptions.

MikelMikel

New Life Form
+1

Hello.

I have a SIEM OSSIM deployed in my lab since months ago. The last 2 months
I'm getting this message:


image1
I have been talking with the people of the networking and the firewalling
and they say that there are not connections dropped to otx.alienvault.com, but
I continue having this kind of messages every hour.

Besides that I noticed
time ago that in my dashboard the OTX widget looks like this since the
beginning:


image2

This is a problem for me cause I see no solution. At the end I reinstalled
the SIEM OSSIM again with the 5.6 iso, but the issue continues there or even
worse.

My question is, I can update/upgrade the system, so I think I reach
otx.alienvault.com, am I wrong?

I have an OTX account and I linked it to my OSSIM deployment since
the first instalation, months ago

Can you help me to research this issue?

Thanks in advance. Bye.

Tagged:

Share post:

Answers

  • Mikel,

    Updates and OTX are reaching out to different servers, so beign able to update is not a good indicator of connectivity to OTX.

    This sounds like a DNS or firewall/routing issue preventing connection, which seems to be confirmed by the issue persisting a reinstall. Please jailbreak the system, and confirm whether you can reach and connect to otx.alienvault.com on port 443.
    Mikel
  • Thankyou for answering so fast....and, the day you answered you made my day and it was my birthday too......:)

    When you say: "confirm whether you can reach and connect to otx.alienvault.com on port 443"

    What do you mean? I jailbreak and ping otx.alienvault.com, then I see that the DNS resolution is being done well, but...the ping is lossing 100% of the paquets sent, but that's normal in the network segment in which the alienvault server is placed.

    My problem is that I can't understand how to connect via jailbreak. What do you mean with connect? what command would you suggest me to use?

    Thanks a lot as always, kcoe. 
  • Hi again. Sorry for so many noob questions in my previous post.

    I have done a little research over this issue in my recently fresh install of SIEM OSSIM 5.6.

    I tryed what you told me and these are the results:

    I jailbreak the OSSIM and I see the DNS resolution being done, 100% of paquet lost but that's normal in that segment, as I told you. Here the evidence.
    Image1
    So....no DNS issue.

    I have been talking with the firewalling team and they say that nothing is being stoped for my administration IP. They have seen a lot of allowed communications with 35.166.132.194 everyday.

    As a tactic to see if I can access from the jailbreak console of the OSSIM to otx.alienvault.com I used the text web browser CURL. When i curl https://otx.alienvault.com everything looks fine. See the evidence.


    Image2

    Looks like I reach https://otx.alienvault.com but my system is not aware of that, perhaps there is a flag that is not being read......(crazy noob idea.)

    My theory is that: I reach the url but the system is not aware of that.

    Why? 

    This is my idea.

    I have been in webGUI, CONFIGURATION -> OPEN OTX -> EDIT OTX KEY. There I had my OTX key registered months ago, but the form gives the opportunity to press the button CONNECT OTX ACCOUNT. I pressed, then I had this message.

    Image3

    As you can see there are neither subscriptions nor pulses. And the last update is never.
    But when I give some time, not very much, just seconds, and I refresh the form I see 460 subscriptions (460 pulses) comming from one of the 4 groups I am subscripted to, Metadefender.com. But the funny thing is that the Last update is never yet. See the evidence.


    Image4

    I can show you my profile in OTX in the web browser.


    Image5

    I wonder why the SIEM OSSIM confirm I can't reach otx.alienvault.com and Last update in the OTX view in the GUI is always NEVER  but, in spite of those two things, I download pulses and the firewalling team sees no problem in the connection with otx.alienvault.com

    I can't understand that....

    Thanks in advance.....thanks a lot. Bye.
Sign In or Register to comment.