search

StrangeBeeCorp / TheHive-feedback

TheHive 5 feedback repository
https://www.strangebee.com/thehive
5 stars 0 forks source link

[Bug] Issue exporting cases to MISP #16

Closed stacsirt closed 1 year ago

stacsirt commented 2 years ago

Request Type

Bug

Work Environment

Question Answer
OS version (server) Debian
Virtualized Env. True
TheHive version 5.0.15-1
Database Cassandra
Index type Elasticsearch
Browser type & version Not applicable

Problem Description

We have our MISP connections set up within our new instance of TheHive5. The connections are stable and working, as its showing green in the bottom left MISP connection and imports are working. However, when we attempt to export anything via a case, the button is greyed out and not clickable. There isn't any error message to go along with this, or a suggestion why its greyed out. Any ideas? Our MISP configurations in TheHive are set up to both import and export, and our API keys from our MISPs also support this.

I'm unsure whether this is a bug, or whether it's an issue with our license.

Steps to Reproduce

  1. Set up MISP connections in thehive admin.
  2. Open a case and create some observables.
  3. Attempt to export using the 'export' button in the case ribbon.

Complementary information

Screenshot of the button in question is below. When hovering over the button, it is greyed out with a 'No Entry' type symbol showing which is not captured in the screenshot.

Screenshot 2022-10-04 at 09 31 49
mehdi-dalil commented 1 year ago

Hi @stacsirt ! Thanks for your feedback !

I'm closing this issue as it has been fixed in TheHive 5.0.16.

Do not hesitate to reopen it if you see the bug again.

Thanks !

stacsirt commented 1 year ago

Hi @stacsirt ! Thanks for your feedback !

I'm closing this issue as it has been fixed in TheHive 5.0.16.

Do not hesitate to reopen it if you see the bug again.

Thanks !

Hey, thanks for getting back in touch.

Sorry - we've just upgraded and our button is still greyed out (basically like nothing has changed).

I modified our MISP settings (we have 3 set up). Two are Import and Export and one is Export only and no change. Tried it on multiple different cases and the same thing persists.

mehdi-dalil commented 1 year ago

Hi ! Sorry for this ! Can you send me a screenshot of your About drawer ? accessible here =>

image
stacsirt commented 1 year ago

No problem - I've attached what you are looking for below. I've blanked out the names of some of our MISPs, but if you need to know these for whatever reason, just let me know :)

Screenshot 2022-10-10 at 11 42 20
mehdi-dalil commented 1 year ago

No no keep'em like this, you did well. Can you send me the result of the query api/v1/status please ?

stacsirt commented 1 year ago

Thanks! Sure thing - I think what you're looking for is below:

{"version":"5.0.16-1","connectors":{"cortex":{"enabled":true,"status":"OK","servers":[{"name":"****","version":"3.1.6-1","status":"OK","alerts":[]}]},"misp":{"enabled":true,"servers":[{"name":"****","version":"2.4.144","status":"OK","url":"****","purpose":"ImportAndExport"}, 
{"name":"****","version":"2.4.158","status":"OK","url":"****","purpose":"ImportAndExport"},{"name":"****","version":"2.4.159","status":"OK","url":"****","purpose":"ExportOnly"}],"status":"OK"}},"config":{"protectDownloadsWith":"malware","authType": 
["session","basic","local","key"],"capabilities": 
["changePassword","setPassword","authByKey","mfa"],"ssoAutoLogin":false,"pollingDuration":1000,"freeTagDefaultColour":"#000000"},"license":{"id":"96b334ce-d881-4ef4-bb20-b36e36181a5c","customer":"University of St Andrews","instance":"30d939df-47b9-4195-8819-5b0e2a1b20ea","plan":"Community","kind":"Regular","validFrom":1663939636043,"expiresAt":1690588800000,"capabilities": 
["auth.key","notification.webhook","auth.session","auth.local","misp","resetPassword","cortex","notification.emailerToAddr","auth.basic","admin.setConfiguration","auth.basicSession","notification.emailerToUser","auth.htpasswd"],"isValid":true,"quotas":{"users.readonly":{"current":0,"quota":-1},"dashboards":{"current":13,"quota":-1},"users.normal": {"current":4,"quota":5},"users.service":{"current":0,"quota":-1},"case.template":{"current":15,"quota":-1},"misp":{"current":3,"quota":5},"cluster.nodes":{"current":1,"quota":1},"cortex":{"current":1,"quota":1},"organisations":{"current":1,"quota":1}}}}
mehdi-dalil commented 1 year ago

I think i saw the problem, thanks for sharing this ! I'll push a fix to the 5.0.17 (we should release it tomorrow or wednesday at best).

Thanks for your time and sorry for the inconvenience !

stacsirt commented 1 year ago

I think i saw the problem, thanks for sharing this ! I'll push a fix to the 5.0.17 (we should release it tomorrow or wednesday at best).

Thanks for your time and sorry for the inconvenience !

Thank you - I really appreciate your help and time with this :)

mehdi-dalil commented 1 year ago

Hello @stacsirt !

The problem has been fixed in TheHive 5.0.17 (released yesterday). Thanks again for your feedback and your help ! I'm closing the issue but keep us posted on this !

stacsirt commented 1 year ago

Hello @stacsirt !

The problem has been fixed in TheHive 5.0.17 (released yesterday). Thanks again for your feedback and your help ! I'm closing the issue but keep us posted on this !

Hey - just tested and it works! All looking good - thanks so much for your help :)