search

LetMeR00t / TA-thehive-cortex

Technical add-on for Splunk related to TheHive/Cortex from TheHive project
GNU Lesser General Public License v3.0
47 stars 11 forks source link

[BUG] Failed to establish the connections to Thehive/Cortex #33

Closed wolf0x closed 1 year ago

wolf0x commented 2 years ago

I am sure that I created 2 accounts with correct APIKey in Thehive4 and Cortext, also created instance without HTTPS, but I always get errors on C26 and TH60.

Tried both 2.20 and 2.21, same results.

2022-05-20 10:04:48,885 DEBUG common:185 - [S40] this instance id (b6ae4119) returns: authentication_type=api_key 2022-05-20 10:04:48,885 DEBUG common:185 - [S40] this instance id (b6ae4119) returns: proxies=None 2022-05-20 10:04:48,885 DEBUG common:185 - [S40] this instance id (b6ae4119) returns: client_cert=- 2022-05-20 10:04:48,885 DEBUG common:185 - [S40] this instance id (b6ae4119) returns: verify=False 2022-05-20 10:04:48,885 DEBUG common:185 - [S40] this instance id (b6ae4119) returns: organisation=test 2022-05-20 10:04:48,885 DEBUG common:185 - [S40] this instance id (b6ae4119) returns: type=Cortex3 2022-05-20 10:04:48,885 DEBUG cortex:79 - [C8] Cortex instance will be initialized with an API Key (not a password) 2022-05-20 10:04:48,885 DEBUG cortex:102 - [C20] Cortex object instanciated 2022-05-20 10:04:48,915 ERROR cortex:112 - [C26-ERROR] SERVICE UNAVAILABLE - Cortex service is unavailable, is configuration correct ?

2022-05-20 10:22:45,034 DEBUG common:185 - [S40] this instance id (c7d3cb0b) returns: authentication_type=api_key 2022-05-20 10:22:45,034 DEBUG common:185 - [S40] this instance id (c7d3cb0b) returns: proxies=None 2022-05-20 10:22:45,034 DEBUG common:185 - [S40] this instance id (c7d3cb0b) returns: client_cert=- 2022-05-20 10:22:45,034 DEBUG common:185 - [S40] this instance id (c7d3cb0b) returns: verify=False 2022-05-20 10:22:45,034 DEBUG common:185 - [S40] this instance id (c7d3cb0b) returns: organisation=test 2022-05-20 10:22:45,034 DEBUG common:185 - [S40] this instance id (c7d3cb0b) returns: type=TheHive4 2022-05-20 10:22:45,034 DEBUG thehive:57 - [TH16] TheHive instance will be initialized with an API Key (not a password) 2022-05-20 10:22:45,034 DEBUG thehive:76 - [TH25] TheHive version is 4.x 2022-05-20 10:22:45,034 DEBUG thehive:112 - [TH35] TheHive instance is initialized 2022-05-20 10:22:45,061 ERROR thehive:135 - [TH60-GENERIC-ERROR] THE_HIVE_CONNECTION_ERROR - Error: Error: HTTPSConnectionPool(host='192.168.7.189', port=9000): Max retries exceeded with url: /api/case/_search?range=all (Caused by SSLError(SSLError(1, '[SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:1106)')))

LetMeR00t commented 2 years ago

Hi @wolf0x, As mentionned here https://github.com/LetMeR00t/TA-thehive-cortex/issues/32, this application was designed to work only with HTTPS instances (as it's mandatory for Splunk Cloud). I invite you to install a local proxy that will handle the HTTPS connection for TheHive. Regards

LetMeR00t commented 1 year ago

If you need any further help, let me know