search

LetMeR00t / TA-thehive-cortex

Technical add-on for Splunk related to TheHive/Cortex from TheHive project
GNU Lesser General Public License v3.0
47 stars 11 forks source link

[Error] Creating case #32

Closed BlueNG01 closed 2 years ago

BlueNG01 commented 2 years ago

Request Type

Error 60

Work Environment

Question Answer
OS version (server) ubuntu server
TheHive version / git hash 4

Problem Description

After configuring accounts and instances on splunk I'm getting error code 60 creating new cases

errorhive_cortex

Steps to Reproduce

Possible Solutions

-

Logs (issued from the search.log with logging mode set to DEBUG under Settings/Configuration)

-producing this logs

thehive application.log 2022-04-28 14:49:33,489 [WARN] from akka.actor.ActorSystemImpl in application-akka.actor.default-dispatcher-16 [|] Illegal request, responding with status '400 Bad Request': Unsupported HTTP method: The HTTP method started with 0x16 rather than any known HTTP method from "mysplunkip:port". Perhaps this was an HTTPS request sent to an HTTP endpoint?

splunk command_thehive_create_cases ERROR thehive:135 - [TH60-GENERIC-ERROR] THE_HIVE_CONNECTION_ERROR - Error: Error: HTTPSConnectionPool(host='myhiveip', port=9000): Max retries exceeded with url: //api/case/_search?range=all (Caused by SSLError(SSLError(1, '[SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:1091)')))

LetMeR00t commented 2 years ago

Hi @BlueNG01, Are you configuring the Splunk app directly to your TheHive instance ? You have to know that TheHive must be using HTTPS and this is not offered by the product itself, it needs to be behind a proxy to be under HTTPS. Without HTTPS, this application will not work unfortunately (it's a mandatory condition for Cloud applications)

BlueNG01 commented 2 years ago

Hi @BlueNG01, Are you configuring the Splunk app directly to your TheHive instance ? You have to know that TheHive must be using HTTPS and this is not offered by the product itself, it needs to be behind a proxy to be under HTTPS. Without HTTPS, this application will not work unfortunately (it's a mandatory condition for Cloud applications)

Thank You for answering this message. No actually I'm testing but TheHive and Splunk are on two separated machines. So in order to work with ssl, have I to use something like a reverse proxy? (ngnix for example)

LetMeR00t commented 2 years ago

Hi @BlueNG01 , Indeed, you have to use a reverse proxy between TheHive and Splunk that will handle the HTTPS

LetMeR00t commented 2 years ago

Hi @BlueNG01 , I close this issue as it's not linked to an internal bug of this app. Thank you