A 400 error occurs, preventing the playbook from executing properly

[f47sh33p]

Describe the bug When attempting to execute the playbook, a 400 error occurs.

To Reproduce provide details logs and steps The error occurs when following the steps outlined in the documentation.

$ curl -X POST -H "Content-Type: application/json" -d @./example/http-playbook.json localhost:8080/trigger/playbook
{"downstream-call":"","message":"Failed to decode playbook","original-call":"POST /trigger/playbook","status":"400"}

Expected behavior The process should complete without encountering a 400 error.

Environment information The environment is deployed using Docker.

[lucamrgs]

Hello, thank you for reporting the issue. I'm looking into it but a question to be sure: is the http-playbook.json the one that we provide?

[f47sh33p]

Yes, that's correct. I haven't made any changes to it. Additionally, I encounter the same error with the other two playbooks in the example folder.

[MaartendeKruijf]

We have reproduced it for us it seems to be a DNS issue with docker. Can you give us your trace logs of the soarca_server?

[f47sh33p]

According to the logs, the following error occurred.

{"component":"soarca/models/decoder","level":"error","msg":"jsonschema https://raw.githubusercontent.com/opencybersecurityalliance/cacao-roaster/main/lib/cacao-json-schemas/schemas/playbook.json compilation failed: Get \"https://raw.githubusercontent.com/opencybersecurityalliance/cacao-roaster/main/lib/cacao-json-schemas/schemas/playbook.json\": tls: failed to verify certificate: x509: certificate signed by unknown authority","time":"2024-07-25T02:45:55Z"}

SOARCA is connected under a proxy and decrypts SSL encryption. Therefore, it seems that configuring the proxy certificate might resolve the issue. Could you please advise on how to set it up?

[MaartendeKruijf]

The docker container now only imports the default root CA certificates, if you use your own certificates those are (by design) not trusted and rejected in SOARCA. For the capabilities we created a way to allow self signed certificates. But for getting the schema's we did not make this exception. As we want to move the schema's inside of SOARCA this will be resolved in the future. You could do several things:

1. Remove or make an exception for the url in the proxy
2. Run a SOARCA release on you target system (you'll need to add a database and MQTT server when you need them)
3. Build SOARCA docker from source. You can add your certificates after this line

If you have any further questions let me know

[f47sh33p]

Thank you for the information. I plan to try the third method, but I have a couple of questions: (1) It seems that there is no "bin" directory in the GitHub repository. How should I create it? (2) What should be specified for the VERSION mentioned in the Dockerfile?

[MaartendeKruijf]

You can use make docker to compile and build the docker image. This will create the bin folder with the latest build and add the git version.

[MaartendeKruijf]

@f47sh33p I've updated the schema validation to be local to SOARCA in #199 if that is merged you can use the dockerhub soaca:development tag to use this for your application.