Closed SecurityJill closed 1 year ago
Hi @SecurityJill , In fact it’s weird to have this bug. do you mean that when you load the dashboard by default , selecting your instance then you have your error ? You should have some logs in the search.log of the job, did you checked ? At least I need to have both commands output to the audit logs dashboard too, thanks for this information
it should come from: https://github.com/LetMeR00t/TA-thehive-cortex/blob/c903a040338b88ab5d48f9ffdd80e0524d91e9e1/TA-thehive-cortex/bin/thehive_search_cases.py#L80
but it’s weird as if "" if given, it’s not taking this path. is it possible that you used " " by mistake ?
if you have any log to share, do not hesitate
thank you
I've made from tests, I was able to reproduce the error However, doing the same search again is giving me results. It seems to have an issue in the JSON answer received from the server. Can you try again ? I don't know why I have this issue but it's more linked to TheHive itself rather than the application. Thank you
hey no problem, i have tried numerous times and cant seem to pull back the results. If this is a hive issue then no problem at all!
Hi
No result at all seems weird, did you checked the search.log ? Any error somewhere ? there is a log file under var/log/splunk/command…..log that you can check for errors too
thank you
is this what you are looking for?
ERROR SearchMessages - orig_component="script" app="TA-thehive-cortex" sid="[redacted]" message_key="EXTERN:SCRIPT_NONZERO_RETURN" message=External search command 'thehivecases' returned error code 1.
the command log displays as if it should be working, i see results..
Not really you should have something else for me detailing the error around the end of the search.log file. You can try to enable the DEBUG mode for logging to have more logs in the search.log Thank you
Hello v3.0.2 was released on the Splunkbase but still waiting for the Cloud Vet. If after installing this version, you keep having issues, please reopen this issue. For now, I'm considering it done. Thank you for your comprehension
Request Type
Bug
Work Environment
Problem Description
List Cases dashboard showing the following error when title=*.
External search command 'thehivecases' returned error code 1. .
If text is entered into title field, the query runs fine. In previous version, I followed this issue for last TA version to get the dashboard working.
https://github.com/LetMeR00t/TA-thehive-cortex/issues/6, and it fixed the issue.
Steps to Reproduce
Also not having this issue on the Alerts dashboard as it is working fine
Possible Solutions
-
Logs (issued from the search.log with logging mode set to DEBUG under Settings/Configuration)