search

TheHive-Project / Cortex-Analyzers

Cortex Analyzers Repository
https://TheHive-Project.github.io/Cortex-Analyzers/
GNU Affero General Public License v3.0
431 stars 374 forks source link

[Bug] Cortex Elasticsearch Analyzer Error #1189

Open badentropy opened 1 year ago

badentropy commented 1 year ago

Hi there, gettin an error while running Elasticsearch Analyzer in docker container

Describe the bug When attempting to execute the Cortex Elasticsearch Analyzer, I encountered the following error message:

{
  "errorMessage": "/usr/bin/env: ‘python3\\r’: No such file or directory\n",
  "input": null,
  "success": false
}

I suspect that the error is caused by the presence of the carriage return character ("\r") in the elk.py Python file (analyzers/Elasticsearch/elk.py). This character may be causing the file path to be incorrectly interpreted, resulting in the "No such file or directory" error for the python3 command.

To Reproduce Steps to reproduce the behavior:

Expected behavior The Cortex Elasticsearch Analyzer should execute successfully without any errors related to the python3 command or file paths.

Work environment

Possible solutions I think removing the carriage return character ("\r") from the elk.py Python file (analyzers/Elasticsearch/elk.py). By doing so, the file path should be correctly interpreted, and the error should be eliminated.

1Placebo1 commented 1 year ago

We have this issue to. We see the same error on a clean install of Cortex 3.1.7-1

mgarofano80 commented 1 year ago

Try with dos2unix. Run dos2unix elk.py

NurvX commented 1 year ago

I tried removing "\"manually and using dos2unix both, still same error

jiribartusek-ls commented 11 months ago

How to fix this if I am using an dockerized instance of Cortex? I am not sure if just fixing this would solve the problem for Linux users but break it for Windows platform?

jiribartusek-ls commented 11 months ago

Looks like the fix is waiting to be merged :) https://github.com/TheHive-Project/Cortex-Analyzers/pull/1023