Closed amirzargaran closed 2 years ago
LetMeR00t
commented
2 years ago Hello Thank you for submitting your issue It seems that your cortex instance is not found. Did you try to perform a curl on your SH to access to your cortex instance ? Did you have any firewall between the SH and Cortex ? Thank you
LetMeR00t
commented
2 years ago Do you have any proxy server also ? This error is based on requests.exceptions.ConnectionError which occurs when the response from the server is something not expected or malformed. You should test it manually to check what is the HTTP answer
artsec89
commented
2 years ago Hi Dear Amir, Could you please send cortex and thehive configuration here?
LetMeR00t
commented
2 years ago Hello, I can reproduce the bug on my side. I'll work on it today. I close this issue as it's a duplicate of #31 . Thank you for submitting your issue
LetMeR00t
commented
2 years ago I know what the issue is, and it seems to not be linked to the application. HTTPS is mandatory for both TheHive and Cortex now. Is your Cortex instance in HTTP ? If it's the case, then you have to configure Cortex in HTTPS because this is now mandatory. Thank you
LetMeR00t
commented
2 years ago Hi again, After another check, yes, some things were missing in the application. A fix was provided on the github repository (v2.2.0) This version will be pushed to the Splunkbase soon. Thank you to tell me if the issue is now solved with this new version.
amirzargaran
commented
2 years ago perform a curl on your SH to access to your cortex instance
HI @LetMeR00t Thanks for the reply. Yes, all restrictions (Firewall, IPtables, SELinux) have been disabled. But finally, I had to use the "TA-thehive-cortex Version 2.1.0". And now it`s working correctly.
Kindly Regards, Amir
amirzargaran
commented
2 years ago Hi again, After another check, yes, some things were missing in the application. A fix was provided on the github repository (v2.2.0) This version will be pushed to the Splunkbase soon. Thank you to tell me if the issue is now solved with this new version.
Dear @LetMeR00t Do you guarantee that there will be no problem after upgrading the TA-thehive-cortex Add-on from 2.1.0 to the latest version? It`s not an easy process for me.
LetMeR00t
commented
2 years ago Hi @amirzargaran I can ensure you that the modifications are not big so the impact is very low. This should be working but you will not be able to use anymore HTTP request to access your Cortex instance using the last version.
Request Type
Bug
Work Environment
Problem Description
I installed TheHive4 and Cortex3 on Ubuntu 20.04 server. So, I have a Splunk Enterprise as SIEM and I integrated the TheHive/Cortex with that Splunk server using TA-thehive-cortex Add-on. All things work perfect but I get below ERROR when I execute command_cortex_refresh_analyzers via Splunk Searchhead. Just follow the attached image.
Logs (issued from the "command_cortex_refresh_analyzers.log" with logging mode set to DEBUG under Settings/Configuration)
cortex:112 - [C26-ERROR] SERVICE UNAVAILABLE - Cortex service is unavailable, is configuration correct ?