To query the
database for types of indicators:
db.indicators.find(
{ "type" : "Account" } )
db.indicators.find(
{ "type" : "IPv4 Address" } )
db.indicators.distinct("type")
"Address - ipv4-addr",
"Win File",
"Address - e-mail",
"URI - URL",
"URI - Domain Name",
"Mutex",
"String",
"Win Registry Key",
"System",
"Win Service",
"Win Mutex",
"UNIX File - regularfile",
"Win Executable File"
To change the name
of the field in CRITS 3 to be compatible with CRITS 4, I ran the following
command in Mongo Shell:
db.indicators.update({'type': 'Address -
ipv4-addr'}, {$set: {'type': 'IPv4 Address'}}, {'multi': 1})
Output from that
command: Cannot use commands write
mode, degrading to compatibility mode
WriteResult({
"nMatched" : 20773, "nUpserted" : 0 })
I took that as an
error so I re-ran the command to see if there would be a different result:
This time the output
was: WriteResult({ "nMatched"
: 0, "nUpserted" : 0 })
I asked Moss to log
in to the GUI and he verified that the IPv4-addr did change to IPv4
Address. Success!
Next
conversion:
db.indicators.update({'type': 'Account'}, {$set: {'type': 'User ID'}},
{'multi': 1})
Copy the production
data to the new version 4 server:
Make a new
directory: Mkdir tmp/crits
dump the DB to it: mongodump -d crits -o tmp/crits
dump the DB to it: mongodump -d crits -o tmp/crits
Use winscp to copy
the DB over to the new server
After schema
upgrade, need to run : python
/data/crits/manage.py upgrade -as
Migrate the Mongo
data that wasn't addressed in the "indicators" category. I.E. Domains, Emails, IP's.
When there is an
issue with a domains formatting, the page will not display. Use Chrome and the debug function to find the
problematic domain. Then in Mongo, do
these commands:
db.domains.count({'domain':'
perezlima.com'}) -- ' perezlima.com' is
the domain with the issue
db.domains.findOne({'domain':'
perezlima.com'}) -- verify this is the
one you want
db.domains.remove({'domain':'
perezlima.com'}) -- delete the record
No comments:
Post a Comment