search

LetMeR00t / TA-thehive-cortex

Technical add-on for Splunk related to TheHive/Cortex from TheHive project
GNU Lesser General Public License v3.0
47 stars 11 forks source link

[BUG] error code 1 in integrating thehive with splunk #61

Closed pariarajaee closed 1 year ago

pariarajaee commented 1 year ago

Request Type

Bug

Work Environment

Question Answer
OS version (server) ubuntu 20.04
TheHive version / git hash 5

Problem Description

I had the problem mentioned in issue #52 the solution worked for cortex but still exists for thehive I I used a proxy to secure instance with https it worked for cortex but the error still exists for thehive

image

image

image

Steps to Reproduce

Possible Solutions

-

Logs (issued from the search.log with logging mode set to DEBUG under Settings/Configuration)

-

LetMeR00t commented 1 year ago

Hi You may have the same error code but still I don’t see the relevance with #52 as we are talking about HTTPS issue and not custom fields with none values raising an issue. Did you mean #51 ? Which version are you using ? Could you detail the custom field you have in TheHive ? Which type is it ?

Thank you

LetMeR00t commented 1 year ago

Hi @pariarajaee, Any update ?

pariarajaee commented 1 year ago

Hi @pariarajaee, Any update ?

I updated the title. it was wrong . the problem is what I described in the issue body. the problem is not related to custom fields.

app version 3.0.2

thank you

LetMeR00t commented 1 year ago

Hi I’ll need more than that to help you solve this. Did you checked on the Audit logs dashboard to see if any error is raised ? If the error is managed by my script (most of the time it’s the case) then the audit logs dashboard will help you to find out the issue (you can enable the DEBUG mode on your loggings too to activate more logs especially on the audit dashboard)

If you don’t find anything , try to rerun your search and check the search.log file for any ERROR message showing up, try to run it several time if you don’t have anything as sometimes the error isn’t shown systematically.

Thank you

pariarajaee commented 1 year ago

Hi I’ll need more than that to help you solve this. Did you checked on the Audit logs dashboard to see if any error is raised ? If the error is managed by my script (most of the time it’s the case) then the audit logs dashboard will help you to find out the issue (you can enable the DEBUG mode on your loggings too to activate more logs especially on the audit dashboard)

If you don’t find anything , try to rerun your search and check the search.log file for any ERROR message showing up, try to run it several time if you don’t have anything as sometimes the error isn’t shown systematically.

Thank you

there is no error in the logs

this is the log file named command_thehive_search_cases.log

image

I also set debug mode

image

but got no log in any of the audit log categories on this page

image

image

LetMeR00t commented 1 year ago

Did you tried the search.log of the job running the command too ?

pariarajaee commented 1 year ago

Did you tried the search.log of the job running the command too ?

would you please explain more. where is that log saved? which command do you mean?

LetMeR00t commented 1 year ago

On the panel, open the search that is raising an error and click on the top right to check the job details then click on the search.log link

A link to help: https://docs.splunk.com/Documentation/Splunk/9.0.5/Search/ViewsearchjobpropertieswiththeJobInspector

pariarajaee commented 1 year ago

searchlog.txt

On the panel, open the search that is raising an error and click on the top right to check the job details then click on the search.log link

A link to help: https://docs.splunk.com/Documentation/Splunk/9.0.5/Search/ViewsearchjobpropertieswiththeJobInspector

image

searchlog.txt

the problem is with certificate I think I am changing it now to check if the problem resolves or not

LetMeR00t commented 1 year ago

Hi The issue is on your certificate it seems :

requests.exceptions.SSLError: HTTPSConnectionPool(host='192.168.22.76', port=4446): Max retries exceeded with url: /api/v1/user/current (Caused by SSLError(SSLCertVerificationError("hostname '192.168.22.76' doesn't match '192.168.22.74'")))

This issue isn't linked to the application

pariarajaee commented 1 year ago

the problem is

Hi The issue is on your certificate it seems :

requests.exceptions.SSLError: HTTPSConnectionPool(host='192.168.22.76', port=4446): Max retries exceeded with url: /api/v1/user/current (Caused by SSLError(SSLCertVerificationError("hostname '192.168.22.76' doesn't match '192.168.22.74'")))

This issue isn't linked to the application

the problem was the certificate and it resolved when I regenerated the certificate thanks you