[BUG] VT module not working

[crugg2020]

Describe the bug
The VT module does not create any output. When applied to an ioc manually or automatically it does not create tags nor reports. No DIM tasks are shown in the DIM tasks section. Searching for error logs the only thing i could find is:

{"log":"server=192.168.102.15//socket.io/ client=172.21.0.2:44856 socket shutdown error: [Errno 9] Bad file descriptorserver=192.168.102.15//socket.io/ client=172.21.0.2:44914 socket shutdown error: [Errno 9] Bad file descriptor2024-06-28 10:25:22 :: INFO :: module_handler :: call_modules_hook :: Calling module iris_vt_module asynchronously for hook on_manual_trigger_ioc :: Get VT insight\n","stream":"stderr","time":"2024-06-28T10:25:22.247207496Z"}

which seemed very similar to this bug:
[(https://github.com//issues/307)]

In the comments it is suggested that the problem might be the rabbitmq container not up. In my case all the containers are up and working.

There is no internal firewall on the machine.
Made a clean install of iris on ubuntu server 22 insted of 20.04. There the VT module works fine.

Another error that shows up is related to the self signed certificate but i don't think it's releted to this issue.

(the api key is correctly configured)

When selecting "Get VT insight" the message "queued task" shows up.

Nothing shows up in the dim tasks section and neither in the tags of the ioc:

the same thing happens if the vt insight is automatic.

To Reproduce
Steps to reproduce the behavior:

1. Go to 'CASE > IOC'
2. Click on 'Get VT insight on any IOC'
3. No tags show up - No DIM task show up

Expected behavior
A clear and concise description of what you expected to happen.

Desktop (used to connect to the iris web interface):

• OS: Windows 10
• Browser Chrome & Firefox
• Version Chrome: 126.0.6478.127
• Version Firefox: 127.0

Additional context
IRIS VERSION: 2.4.7
VT Module version : 1.2.1
VT Interface version : 1.2.0

IRIS installed on:
Description: Ubuntu (server) 20.04.6 LTS
Release: 20.04
Codename: focal

Docker version 24.0.7, build 24.0.7-0ubuntu2~20.04.1

[crugg2020]

Today i came back to this error. I have tested again the installation of iris, this time on another virtual machine (Ubuntu 20.04) in my local network:

Tested the VT module and it worked fine:

iriswebapp_app | server=192.168.1.32//socket.io/ client=172.19.0.3:45280 socket shutdown error: [Errno 9] Bad file descriptorserver=192.168.1.32//socket.io/ client=172.19.0.3:45288 socket shutdown error: [Errno 9] Bad file descriptor2024-07-15 15:09:33 :: INFO :: tracker :: track_activity :: administrator [#1] :: Case 1 :: Added ioc "47.128.38.255"
iriswebapp_nginx | 192.168.1.7 - - [15/Jul/2024:15:09:33 +0000] "POST /case/ioc/add?cid=1 HTTP/1.1" 200 562 "https://192.168.1.32/case/ioc?cid=1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36" "-"
iriswebapp_nginx | 192.168.1.7 - - [15/Jul/2024:15:09:33 +0000] "GET /case/ioc/list?cid=1 HTTP/1.1" 200 427 "https://192.168.1.32/case/ioc?cid=1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36" "-"
iriswebapp_nginx | 192.168.1.7 - - [15/Jul/2024:15:09:33 +0000] "GET /dim/hooks/options/ioc/list?cid=1 HTTP/1.1" 200 160 "https://192.168.1.32/case/ioc?cid=1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36" "-"
iriswebapp_nginx | 127.0.0.1 - - [15/Jul/2024:15:09:34 +0000] "GET / HTTP/1.1" 302 207 "-" "curl/7.64.0" "-"
iriswebapp_nginx | 2024/07/15 15:09:34 [info] 9#9: *556 client 127.0.0.1 closed keepalive connection
iriswebapp_nginx | 192.168.1.7 - - [15/Jul/2024:15:09:34 +0000] "GET /case/ioc/state?cid=1 HTTP/1.1" 200 117 "https://192.168.1.32/case/ioc?cid=1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36" "-"
iriswebapp_nginx | 192.168.1.7 - - [15/Jul/2024:15:09:35 +0000] "GET /case/ioc/list?cid=1 HTTP/1.1" 200 427 "https://192.168.1.32/case/ioc?cid=1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36" "-"
iriswebapp_nginx | 192.168.1.7 - - [15/Jul/2024:15:09:35 +0000] "GET /dim/hooks/options/ioc/list?cid=1 HTTP/1.1" 200 160 "https://192.168.1.32/case/ioc?cid=1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36" "-"
iriswebapp_app | 2024-07-15 15:09:37 :: INFO :: module_handler :: call_modules_hook :: Calling module iris_vt_module asynchronously for hook on_manual_trigger_ioc :: Get VT insight
iriswebapp_rabbitmq | 2024-07-15 15:09:37.308509+00:00 [info] <0.957.0> accepting AMQP connection <0.957.0> (172.18.0.4:54912 -> 172.18.0.3:5672)
iriswebapp_rabbitmq | 2024-07-15 15:09:37.311333+00:00 [info] <0.957.0> connection <0.957.0> (172.18.0.4:54912 -> 172.18.0.3:5672): user 'guest' authenticated and granted access to vhost '/'
iriswebapp_worker | [2024-07-15 15:09:37,316: INFO/MainProcess] Task app.iris_engine.module_handler.module_handler.task_hook_wrapper[fa2e361e-eb61-4292-897d-7a0cf2e0b1ca] received
iriswebapp_nginx | 192.168.1.7 - - [15/Jul/2024:15:09:37 +0000] "POST /dim/hooks/call?cid=1 HTTP/1.1" 200 74 "https://192.168.1.32/case/ioc?cid=1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36" "-"
iriswebapp_worker | [2024-07-15 15:09:37,339: INFO/ForkPoolWorker-2] Calling module iris_vt_module for hook on_manual_trigger_ioc
iriswebapp_worker | [2024-07-15 15:09:37,347: INFO/ForkPoolWorker-2] Retrieved server configuration
iriswebapp_worker | [2024-07-15 15:09:37,350: INFO/ForkPoolWorker-2] Module has initiated
iriswebapp_worker | [2024-07-15 15:09:37,351: INFO/ForkPoolWorker-2] Received on_manual_trigger_ioc
iriswebapp_worker | [2024-07-15 15:09:37,351: INFO/ForkPoolWorker-2] Retrieved server configuration
iriswebapp_worker | [2024-07-15 15:09:37,361: INFO/ForkPoolWorker-2] Getting IP report for 47.128.38.255
iriswebapp_nginx | 192.168.1.7 - - [15/Jul/2024:15:09:37 +0000] "GET /case/ioc/state?cid=1 HTTP/1.1" 200 117 "https://192.168.1.32/case/ioc?cid=1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36" "-"
iriswebapp_nginx | 2024/07/15 15:09:37 [info] 9#9: *544 client 192.168.1.7 closed keepalive connection
iriswebapp_worker | [2024-07-15 15:09:37,924: INFO/ForkPoolWorker-2] VT report fetched.
iriswebapp_worker | [2024-07-15 15:09:37,925: INFO/ForkPoolWorker-2] Assigning new ASN tag to IOC.
iriswebapp_worker | [2024-07-15 15:09:37,925: INFO/ForkPoolWorker-2] Adding new attribute VT IP Report to IOC
iriswebapp_worker | [2024-07-15 15:09:37,944: INFO/ForkPoolWorker-2] Successfully processed hook on_manual_trigger_ioc

I added a new ioc and then the manual vt module call.
The error "socket shutdown error: [Errno 9] Bad file descriptor" come up but the vt module call worked fine regardless. So the problem is not that. I tried to compare the log from the prod environment (where the module does not work) and the virtual machine, the only difference is that after the module manual call there are no logs at all from iriswebapp_rabbitmq:

iriswebapp_app | 2024-07-15 15:52:19 :: INFO :: module_handler :: call_modules_hook :: Calling module iris_vt_module asynchronously for hook on_manual_trigger_ioc :: Get VT insight
iriswebapp_nginx | 192.168.102.1 - - [15/Jul/2024:15:52:19 +0000] "POST /dim/hooks/call?cid=6 HTTP/1.1" 200 74 "https://192.168.102.15/case/ioc?cid=6" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36" "-"
iriswebapp_nginx | 192.168.102.1 - - [15/Jul/2024:15:52:20 +0000] "GET /case/ioc/state?cid=6 HTTP/1.1" 200 117 "https://192.168.102.15/case/ioc?cid=6" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36" "-"
iriswebapp_nginx | 192.168.102.1 - - [15/Jul/2024:15:52:21 +0000] "GET /case/ioc/list?cid=6 HTTP/1.1" 200 798 "https://192.168.102.15/case/ioc?cid=6" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36" "-"
iriswebapp_nginx | 192.168.102.1 - - [15/Jul/2024:15:52:21 +0000] "GET /dim/hooks/options/ioc/list?cid=6 HTTP/1.1" 200 160 "https://192.168.102.15/case/ioc?cid=6" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36" "-"
iriswebapp_nginx | 192.168.102.1 - - [15/Jul/2024:15:52:21 +0000] "GET /case/ioc/list?cid=6 HTTP/1.1" 200 798 "https://192.168.102.15/case/ioc?cid=6" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36" "-"
iriswebapp_nginx | 192.168.102.1 - - [15/Jul/2024:15:52:21 +0000] "GET /dim/hooks/options/ioc/list?cid=6 HTTP/1.1" 200 160 "https://192.168.102.15/case/ioc?cid=6" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36" "-"
iriswebapp_nginx | 192.168.102.1 - - [15/Jul/2024:15:52:22 +0000] "GET /case/ioc/list?cid=6 HTTP/1.1" 200 798 "https://192.168.102.15/case/ioc?cid=6" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36" "-" ...

so yeah, i have no idea on what could cause this (probably some problems with rabbitmq). I will try to reinstall everything in the prod environment.

[crugg2020]

Ok i have reinstalled everything. First only iris. Reinstalled it and i came out with the error mantioned in this post #315 (comment)
i did like the last comment suggests. Reinstalled iris and docker, for some reason it all worked and now to module works as intended. No idea on what could have coused this issue.