External search command 'cortexjobs' returned error code 1. .

LetMeR00t / TA-thehive-cortex

Technical add-on for Splunk related to TheHive/Cortex from TheHive project

GNU Lesser General Public License v3.0

49 stars 11 forks source link

External search command 'cortexjobs' returned error code 1. . #52

Closed razipoor closed 1 year ago

razipoor commented 1 year ago

Request Type

Bug When executing the "cortexjobs" command in Cortex, you encounter an error with code 1 This error indicates that the external search command "cortexjobs" cannot be executed and has encountered an issue.

Work Environment

	Question	Answer
OS version (ubunto 20.04)
cortex version 3.2/ git hash

Problem Description

Describe your problem here

Steps to Reproduce

Possible Solutions

Logs (issued from the search.log with logging mode set to DEBUG under Settings/Configuration)

LetMeR00t commented 1 year ago

Hi @razipoor,

Few questions to help you investigate this:

Which version of the plugin are you using ? On which version of Splunk ?
Is it the first install or an update of the application ? Did it worked before the upgrade if so ?

Thank you

razipoor commented 1 year ago

hi @LetMeR00t ta-thehive/cortex version v3.0.2 version splunk 9 install ubuntu 20.04 Yes first install and not upgraded

razipoor commented 1 year ago

@LetMeR00t hiii ???

LetMeR00t commented 1 year ago

Hi, I noticed some issues for the cortex part that I need to fix. I’ll work on a next release (v3.0.3) as soon as possible. Everything on the TheHive side is working as expected for your information

razipoor commented 1 year ago

hi @LetMeR00t When will the new version be ready?

LetMeR00t commented 1 year ago

Hi, I can’t tell you for sure. I’m managing this app on my personal time and it’s not always easy to find time for it. I’ll keep you posted as soon as it’s solved.

LetMeR00t commented 1 year ago

Hi @razipoor , I've just ran some tests on my side. No major issue was encountered and after reviewing your configuration, I noticed that you are using HTTP instead of HTTPS. You have to know that, since the v3.x.x, HTTPS became mandatory and you must have a valid HTTPS configuration accordingly (everything is described in the documentation).

Thank you

LetMeR00t commented 1 year ago

Hello

can you provide me any update ?

Thank you

razipoor commented 1 year ago

hello @LetMeR00t

I didn't find any documentation for using https. Thank you for guiding me further on how I can do this configuration. If you have any documentation, I would appreciate it.

LetMeR00t commented 1 year ago

TheHive is not supporting natively HTTPS so you must use a proxy to secure your instance with HTTPS. A Google search would let you have it quickly: https://docs.strangebee.com/thehive/setup/configuration/ssl/

As it's not concerning an issue directly to this Splunk app, I close this issue. Thank you for your comprehension