Wazuh and Sophos SIEM
209 views
Skip to first unread message
G Gao
Oct 19, 2023, 1:10:08 PM10/19/23
to Wazuh | Mailing List
Hi,
I have wazuh 4.5 installed.
I've followed the instructions and setup the system on the wazuh manager machine.
I am trying to use the python3.9 that comes with the Wazuh package, version 4.5, to run the siem.py, but I get this error message:
[root@localhost Sophos-Central-SIEM-Integration]# /var/ossec/framework/python/bin/python3.9 siem.pySophos state file not foundConfig endpoint=/siem/v1/events, filename='result.txt' and format='json'Fetching the tenants/customers list by calling the Sophos Cental APIfetching access_token from sophosbody :: {'grant_type': 'client_credentials', 'scope': 'token', 'client_id': 'xxxxxxxxxxxxxxxxxxxxx', 'client_secret': 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxx'}Error :: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)>JWT token not found for client id :: 7b84d231-ad81-4e4c-a75a-4c64d02f1339Error :: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)>Traceback (most recent call last): File "/Sophos-Central-SIEM-Integration/siem.py", line 413, in <module> main() File "/Sophos-Central-SIEM-Integration/siem.py", line 410, in main run(options, config_data, state_data) File "/Sophos-Central-SIEM-Integration/siem.py", line 401, in run get_alerts_or_events( File "/Sophos-Central-SIEM-Integration/siem.py", line 376, in get_alerts_or_events results = api_client_obj.get_alerts_or_events() File "/Sophos-Central-SIEM-Integration/api_client.py", line 241, in get_alerts_or_events raise Exception(tenant_obj["error"])Exception: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)>
is this an issue with Wazuh's python installation?
Thank you.
Luis Enrique Chico Capistrano
Oct 21, 2023, 12:25:27 AM10/21/23
to Wazuh | Mailing List
Hello,
Sorry for the delayed response. Currently, I've been trying to reproduce your issue. Unfortunately, I couldn't pinpoint the exact reason. It seems that the Python 3.9 version utilized by Wazuh requires some dependencies that are also used by Sophos-Central-SIEM-Integration. On the other hand, when I use the Python 3.9 version installed via apt, it works seamlessly.
I'm planning to continue my investigation, and I'll make sure to keep you updated with any developments.
Best,
Luis
I'm planning to continue my investigation, and I'll make sure to keep you updated with any developments.
Best,
Luis
Luis Enrique Chico Capistrano
Oct 23, 2023, 4:02:49 PM10/23/23
to Wazuh | Mailing List
Hi,
Finally, I was able to find the solution. Could you please try adding these lines:
import ssl
# Bypass SSL certificate verification
ssl._create_default_https_context = ssl._create_unverified_context
Into the api_client.py file located at /Sophos-Central-SIEM-Integration/, right after:
import config
I hope this helps you. Please let me know if you have any doubts
Best,
Luis
Finally, I was able to find the solution. Could you please try adding these lines:
import ssl
# Bypass SSL certificate verification
ssl._create_default_https_context = ssl._create_unverified_context
Into the api_client.py file located at /Sophos-Central-SIEM-Integration/, right after:
import config
I hope this helps you. Please let me know if you have any doubts
Best,
Luis
Reply all
Reply to author
Forward
0 new messages