Bug#1032433: prelude-correlator: Not performing correlations (probably because plugins errors)

[Krzysztof Jastrzębski]

Package: prelude-correlator
Version: 5.2.0-1.1
Severity: normal
OS (up2date 2023.03.06): bookworm 6.1.0-5-amd64 #1 SMP PREEMPT_DYNAMIC 
Debian 6.1.12-1 (2023-02-15) x86_64

Running prelude-correlator shows problems with Storm,Sweep,Scan and Worm 
plugins:
***
preludecorrelator.pluginmanager: ERROR: [EventStormPlugin]: exception 
occurred while running#012Traceback (most recent call last):#012  File 
"/usr/lib/python3/dist-packages/preludecorrelator/pluginmanager.py", 
line 250, in run#012    plugin.run_safe(idmef)#012  File 
"/usr/lib/python3/dist-packages/preludecorrelator/pluginmanager.py", 
line 58, in run_safe#012    self.run(idmef)#012  File 
"//etc/prelude-correlator/rules/python/EventStormPlugin.py", line 34, in 
run#012    source = 
idmef.get("alert.source(*).node.address(*).address")#012 
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^#012  File 
"/usr/lib/python3/dist-packages/preludecorrelator/idmef.py", line 55, in 
get#012    value = utils.flatten(value)#012 
^^^^^^^^^^^^^^^^^^^^#012  File 
"/usr/lib/python3/dist-packages/preludecorrelator/utils.py", line 41, in 
flatten#012    if isinstance(el, collections.Iterable) and not 
isinstance(el, str):#012 
^^^^^^^^^^^^^^^^^^^^#012AttributeError: module 'collections' has no 
attribute 'Iterable'
preludecorrelator.pluginmanager: ERROR: [EventSweepPlugin]: exception 
occurred while running#012Traceback (most recent call last):#012  File 
"/usr/lib/python3/dist-packages/preludecorrelator/pluginmanager.py", 
line 250, in run#012    plugin.run_safe(idmef)#012  File 
"/usr/lib/python3/dist-packages/preludecorrelator/pluginmanager.py", 
line 58, in run_safe#012    self.run(idmef)#012  File 
"//etc/prelude-correlator/rules/python/EventSweepPlugin.py", line 35, in 
run#012    source = 
idmef.get("alert.source(*).node.address(*).address")#012 
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^#012  File 
"/usr/lib/python3/dist-packages/preludecorrelator/idmef.py", line 55, in 
get#012    value = utils.flatten(value)#012 
^^^^^^^^^^^^^^^^^^^^#012  File 
"/usr/lib/python3/dist-packages/preludecorrelator/utils.py", line 41, in 
flatten#012    if isinstance(el, collections.Iterable) and not 
isinstance(el, str):#012 
^^^^^^^^^^^^^^^^^^^^#012AttributeError: module 'collections' has no 
attribute 'Iterable'
preludecorrelator.pluginmanager: ERROR: [EventScanPlugin]: exception 
occurred while running#012Traceback (most recent call last):#012  File 
"/usr/lib/python3/dist-packages/preludecorrelator/pluginmanager.py", 
line 250, in run#012    plugin.run_safe(idmef)#012  File 
"/usr/lib/python3/dist-packages/preludecorrelator/pluginmanager.py", 
line 58, in run_safe#012    self.run(idmef)#012  File 
"//etc/prelude-correlator/rules/python/EventScanPlugin.py", line 32, in 
run#012    source = 
idmef.get("alert.source(*).node.address(*).address")#012 
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^#012  File 
"/usr/lib/python3/dist-packages/preludecorrelator/idmef.py", line 55, in 
get#012    value = utils.flatten(value)#012 
^^^^^^^^^^^^^^^^^^^^#012  File 
"/usr/lib/python3/dist-packages/preludecorrelator/utils.py", line 41, in 
flatten#012    if isinstance(el, collections.Iterable) and not 
isinstance(el, str):#012 
^^^^^^^^^^^^^^^^^^^^#012AttributeError: module 'collections' has no 
attribute 'Iterable'
preludecorrelator.pluginmanager: ERROR: [WormPlugin]: exception occurred 
while running#012Traceback (most recent call last):#012  File 
"/usr/lib/python3/dist-packages/preludecorrelator/pluginmanager.py", 
line 250, in run#012    plugin.run_safe(idmef)#012  File 
"/usr/lib/python3/dist-packages/preludecorrelator/pluginmanager.py", 
line 58, in run_safe#012    self.run(idmef)#012  File 
"//etc/prelude-correlator/rules/python/WormPlugin.py", line 46, in 
run#012    for target in 
idmef.get("alert.target(*).node.address(*).address"):#012 
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^#012  File 
"/usr/lib/python3/dist-packages/preludecorrelator/idmef.py", line 55, in 
get#012    value = utils.flatten(value)#012 
^^^^^^^^^^^^^^^^^^^^#012  File 
"/usr/lib/python3/dist-packages/preludecorrelator/utils.py", line 41, in 
flatten#012    if isinstance(el, collections.Iterable) and not 
isinstance(el, str):#012 
^^^^^^^^^^^^^^^^^^^^#012AttributeError: module 'collections' has no 
attribute 'Iterable'
***

I am not sure if this is the main reason why correlations are not 
performed at all.
Due to #996878 it's hard to tell if it worked before (in bullseye).

Under Centos-like distros, prelude-correlator works properly with this 
packages from EPEL8:
prelude-correlator.x86_64            5.2.0-1.el8
python3-prelude-correlator.x86_64    5.2.0-1.el8

Expected behaviour: performing correlations without plugins errors.

--
Pozdrawiam Krzysztof Jastrzębski <><
krzysztof[at]jastrzebscy[dot]pl http://www.jastrzebscy.pl/