Hello
When installing cortex I got this error
"from akka.dispatch.Dispatcher in application-akka.actor.default-dispatcher-4 - null java.security.PrivilegedActionException: null"
Steps to Reproduce
step 1
step 2
step 3...
Complementary information
Application.conf
# Cortex application.conf file
## SECRET KEY
#
# The secret key is used to secure cryptographic functions.
#
# IMPORTANT: If you deploy your application to several instances, make
# sure to use the same key.
#play.http.secret.key="***CHANGEME***"
## ElasticSearch
search {
# Name of the index
index = cortex
# ElasticSearch instance address.
# For cluster, join address:port with ',': "http://ip1:9200,ip2:9200,ip3:9200"
uri = "https://10.84.40.21:9200,10.84.40.22:9200,10.84.40.23:9200"
## Advanced configuration
# Scroll keepalive.
# keepalive = 100m
# Scroll page size.
# pagesize = 50
# Number of shards
# nbshards = 5
# Number of replicas
# nbreplicas = 1
# Arbitrary settings
# settings {
# # Maximum number of nested fields
# mapping.nested_fields.limit = 100
# }
### XPack SSL configuration
# Enable SSL to connect to ElasticSearch
ssl.enabled = true
# Path to certificate authority file
ssl.ca = "/etc/elasticsearch/certs/root-ca.pem"
# Path to certificate file
ssl.certificate = "/etc/elasticsearch/certs/elasticsearch.pem"
# Path to key file
ssl.key = "/etc/elasticsearch/certs/elasticsearch-key.pem"
## Authentication configuration
username = "admin"
password = "admin"
## SSL configuration
# keyStore.path = "/etc/elasticsearch/certs/keyStore.pkcs12"
keyStore.path = '/etc/elasticsearch/certs/emptyStore.keystore'
keyStore.type = "JKS"
# JKS or PKCS12
keyStore.password = "***"
#trustStore {
trustStore.path = "/etc/elasticsearch/certs/truststore.jks"
trustStore.type = "JKS"
# JKS or PKCS12
trustStore.password = "***"
}
## Cache
#
# If an analyzer is executed against the same observable, the previous report can be returned without re-executing the
# analyzer. The cache is used only if the second job occurs within cache.job (the default is 10 minutes).
cache.job = 10 minutes
## Authentication
auth {
# "provider" parameter contains the authentication provider(s). It can be multi-valued, which is useful
# for migration.
# The available auth types are:
# - services.LocalAuthSrv : passwords are stored in the user entity within ElasticSearch). No
# configuration are required.
# - ad : use ActiveDirectory to authenticate users. The associated configuration shall be done in
# the "ad" section below.
# - ldap : use LDAP to authenticate users. The associated configuration shall be done in the
# "ldap" section below.
# - oauth2 : use OAuth/OIDC to authenticate users. Configuration is under "auth.oauth2" and "auth.sso" keys
provider = [local]
ad {
# The Windows domain name in DNS format. This parameter is required if you do not use
# 'serverNames' below.
#domainFQDN = "mydomain.local"
# Optionally you can specify the host names of the domain controllers instead of using 'domainFQDN
# above. If this parameter is not set, TheHive uses 'domainFQDN'.
#serverNames = [ad1.mydomain.local, ad2.mydomain.local]
# The Windows domain name using short format. This parameter is required.
#domainName = "MYDOMAIN"
# If 'true', use SSL to connect to the domain controller.
#useSSL = true
}
ldap {
# The LDAP server name or address. The port can be specified using the 'host:port'
# syntax. This parameter is required if you don't use 'serverNames' below.
#serverName = "ldap.mydomain.local:389"
# If you have multiple LDAP servers, use the multi-valued setting 'serverNames' instead.
#serverNames = [ldap1.mydomain.local, ldap2.mydomain.local]
# Account to use to bind to the LDAP server. This parameter is required.
#bindDN = "cn=thehive,ou=services,dc=mydomain,dc=local"
# Password of the binding account. This parameter is required.
#bindPW = "***secret*password***"
# Base DN to search users. This parameter is required.
#baseDN = "ou=users,dc=mydomain,dc=local"
# Filter to search user in the directory server. Please note that {0} is replaced
# by the actual user name. This parameter is required.
#filter = "(cn={0})"
# If 'true', use SSL to connect to the LDAP directory server.
#useSSL = true
}
oauth2 {
# URL of the authorization server
#clientId = "client-id"
#clientSecret = "client-secret"
#redirectUri = "https://my-cortex-instance.example/api/ssoLogin"
#responseType = "code"
#grantType = "authorization_code"
# URL from where to get the access token
#authorizationUrl = "https://auth-site.com/OAuth/Authorize"
#tokenUrl = "https://auth-site.com/OAuth/Token"
# The endpoint from which to obtain user details using the OAuth token, after successful login
#userUrl = "https://auth-site.com/api/User"
#scope = "openid profile"
}
# Single-Sign On
sso {
# Autocreate user in database?
#autocreate = false
# Autoupdate its profile and roles?
#autoupdate = false
# Autologin user using SSO?
#autologin = false
# Name of mapping class from user resource to backend user ('simple' or 'group')
#mapper = group
#attributes {
# login = "user"
# name = "name"
# groups = "groups"
# organization = "org"
#}
#defaultRoles = ["read"]
#defaultOrganization = "csirt"
#groups {
# # URL to retreive groups (leave empty if you are using OIDC)
# #url = "https://auth-site.com/api/Groups"
# # Group mappings, you can have multiple roles for each group: they are merged
# mappings {
# admin-profile-name = ["admin"]
# editor-profile-name = ["write"]
# reader-profile-name = ["read"]
# }
#}
#mapper = simple
#attributes {
# login = "user"
# name = "name"
# roles = "roles"
# organization = "org"
#}
#defaultRoles = ["read"]
#defaultOrganization = "csirt"
}
}
## ANALYZERS
#
analyzer {
# analyzer location
# url can be point to:
# - directory where analyzers are installed
# - json file containing the list of analyzer descriptions
urls = [
#"https://download.thehive-project.org/analyzers.json"
"/etc/cortex/analyzers.json"
]
# Sane defaults. Do not change unless you know what you are doing.
fork-join-executor {
# Min number of threads available for analysis.
parallelism-min = 2
# Parallelism (threads) ... ceil(available processors * factor).
parallelism-factor = 2.0
# Max number of threads available for analysis.
parallelism-max = 4
}
}
# RESPONDERS
#
responder {
# responder location (same format as analyzer.urls)
urls = [
#"https://download.thehive-project.org/responders.json"
"/etc/cortex/responders.json"
]
# Sane defaults. Do not change unless you know what you are doing.
fork-join-executor {
# Min number of threads available for analysis.
parallelism-min = 2
# Parallelism (threads) ... ceil(available processors * factor).
parallelism-factor = 2.0
# Max number of threads available for analysis.
parallelism-max = 4
}
}
# Proxy configuration to retrieve catalogs
# play.ws.proxy {
# host = proxy.example.com
# port = 3128
# }
# It's the end my friend. Happy hunting!
# Secret key
# ~~~~~
# The secret key is used to secure cryptographics functions.
# If you deploy your application to several instances be sure to use the same key!
play.http.secret.key="****"
#https.port: 9443
#play.server.https.keyStore {
# path: "/path/to/keystore.jks"
# type: "JKS"
# password: "password_of_keystore"
#}
'
Application.log
2021-09-09 04:08:59,536 [INFO] from org.reflections.Reflections in main - Reflections took 118 ms to scan 2 urls, producing 99 keys and 968 values
2021-09-09 04:08:59,563 [INFO] from module in main - Loading model class org.thp.cortex.models.OrganizationModel
2021-09-09 04:08:59,565 [INFO] from module in main - Loading model class org.thp.cortex.models.WorkerModel
2021-09-09 04:08:59,565 [INFO] from module in main - Loading model class org.thp.cortex.models.AuditModel
2021-09-09 04:08:59,565 [INFO] from module in main - Loading model class org.elastic4play.services.AttachmentModel
2021-09-09 04:08:59,566 [INFO] from module in main - Loading model class org.thp.cortex.models.ReportModel
2021-09-09 04:08:59,566 [INFO] from module in main - Loading model class org.thp.cortex.models.JobModel
2021-09-09 04:08:59,566 [INFO] from module in main - Loading model class org.thp.cortex.models.WorkerConfigModel
2021-09-09 04:08:59,566 [INFO] from module in main - Loading model class org.thp.cortex.models.ArtifactModel
2021-09-09 04:08:59,566 [INFO] from module in main - Loading model class org.thp.cortex.models.UserModel
2021-09-09 04:08:59,567 [INFO] from module in main - Loading model class org.elastic4play.services.DBListModel
2021-09-09 04:08:59,574 [INFO] from module in main - Loading authentication module class org.elastic4play.services.auth.ADAuthSrv
2021-09-09 04:08:59,574 [INFO] from module in main - Loading authentication module class org.thp.cortex.services.LocalAuthSrv
2021-09-09 04:08:59,574 [INFO] from module in main - Loading authentication module class org.thp.cortex.services.OAuth2Srv
2021-09-09 04:08:59,574 [INFO] from module in main - Loading authentication module class org.elastic4play.services.auth.LdapAuthSrv
2021-09-09 04:08:59,574 [INFO] from module in main - Loading authentication module class org.thp.cortex.services.KeyAuthSrv
2021-09-09 04:09:00,862 [DEBUG] from play.api.libs.concurrent.ActorSystemProvider in main - Starting application default Akka system: application
2021-09-09 04:09:01,215 [INFO] from akka.event.slf4j.Slf4jLogger in application-akka.actor.default-dispatcher-4 - Slf4jLogger started
2021-09-09 04:09:02,647 [DEBUG] from play.shaded.ahc.io.netty.util.internal.logging.InternalLoggerFactory in main - Using SLF4J as the default logging framework
2021-09-09 04:09:02,650 [DEBUG] from play.shaded.ahc.io.netty.util.ResourceLeakDetector in main - -Dplay.shaded.ahc.io.netty.leakDetection.level: simple
2021-09-09 04:09:02,651 [DEBUG] from play.shaded.ahc.io.netty.util.ResourceLeakDetector in main - -Dplay.shaded.ahc.io.netty.leakDetection.targetRecords: 4
2021-09-09 04:09:02,670 [DEBUG] from play.shaded.ahc.io.netty.util.internal.PlatformDependent0 in main - -Dio.netty.noUnsafe: false
2021-09-09 04:09:02,670 [DEBUG] from play.shaded.ahc.io.netty.util.internal.PlatformDependent0 in main - Java version: 8
2021-09-09 04:09:02,670 [DEBUG] from play.shaded.ahc.io.netty.util.internal.PlatformDependent0 in main - sun.misc.Unsafe.theUnsafe: available
2021-09-09 04:09:02,671 [DEBUG] from play.shaded.ahc.io.netty.util.internal.PlatformDependent0 in main - sun.misc.Unsafe.copyMemory: available
2021-09-09 04:09:02,671 [DEBUG] from play.shaded.ahc.io.netty.util.internal.PlatformDependent0 in main - java.nio.Buffer.address: available
2021-09-09 04:09:02,672 [DEBUG] from play.shaded.ahc.io.netty.util.internal.PlatformDependent0 in main - direct buffer constructor: available
2021-09-09 04:09:02,672 [DEBUG] from play.shaded.ahc.io.netty.util.internal.PlatformDependent0 in main - java.nio.Bits.unaligned: available, true
2021-09-09 04:09:02,672 [DEBUG] from play.shaded.ahc.io.netty.util.internal.PlatformDependent0 in main - jdk.internal.misc.Unsafe.allocateUninitializedArray(int): unavailable prior to Java9
2021-09-09 04:09:02,672 [DEBUG] from play.shaded.ahc.io.netty.util.internal.PlatformDependent0 in main - java.nio.DirectByteBuffer.<init>(long, int): available
2021-09-09 04:09:02,672 [DEBUG] from play.shaded.ahc.io.netty.util.internal.PlatformDependent in main - sun.misc.Unsafe: available
2021-09-09 04:09:02,673 [DEBUG] from play.shaded.ahc.io.netty.util.internal.PlatformDependent in main - -Dio.netty.tmpdir: /tmp (java.io.tmpdir)
2021-09-09 04:09:02,673 [DEBUG] from play.shaded.ahc.io.netty.util.internal.PlatformDependent in main - -Dio.netty.bitMode: 64 (sun.arch.data.model)
2021-09-09 04:09:02,673 [DEBUG] from play.shaded.ahc.io.netty.util.internal.PlatformDependent in main - -Dio.netty.maxDirectMemory: 1810366464 bytes
2021-09-09 04:09:02,674 [DEBUG] from play.shaded.ahc.io.netty.util.internal.PlatformDependent in main - -Dio.netty.uninitializedArrayAllocationThreshold: -1
2021-09-09 04:09:02,674 [DEBUG] from play.shaded.ahc.io.netty.util.internal.CleanerJava6 in main - java.nio.ByteBuffer.cleaner(): available
2021-09-09 04:09:02,674 [DEBUG] from play.shaded.ahc.io.netty.util.internal.PlatformDependent in main - -Dio.netty.noPreferDirect: false
2021-09-09 04:09:02,675 [DEBUG] from play.shaded.ahc.io.netty.util.ResourceLeakDetectorFactory in main - Loaded default ResourceLeakDetector: play.shaded.ahc.io.netty.util.ResourceLeakDetector@21390938
2021-09-09 04:09:02,682 [DEBUG] from play.shaded.ahc.io.netty.util.internal.PlatformDependent in main - org.jctools-core.MpscChunkedArrayQueue: available
2021-09-09 04:09:02,707 [DEBUG] from play.shaded.ahc.io.netty.util.internal.InternalThreadLocalMap in main - -Dio.netty.threadLocalMap.stringBuilder.initialSize: 1024
2021-09-09 04:09:02,707 [DEBUG] from play.shaded.ahc.io.netty.util.internal.InternalThreadLocalMap in main - -Dio.netty.threadLocalMap.stringBuilder.maxSize: 4096
2021-09-09 04:09:02,713 [DEBUG] from play.shaded.ahc.io.netty.channel.MultithreadEventLoopGroup in main - -Dio.netty.eventLoopThreads: 8
2021-09-09 04:09:02,720 [DEBUG] from play.shaded.ahc.io.netty.channel.nio.NioEventLoop in main - -Dio.netty.noKeySetOptimization: false
2021-09-09 04:09:02,720 [DEBUG] from play.shaded.ahc.io.netty.channel.nio.NioEventLoop in main - -Dio.netty.selectorAutoRebuildThreshold: 512
2021-09-09 04:09:02,856 [DEBUG] from play.shaded.ahc.io.netty.buffer.PooledByteBufAllocator in main - -Dio.netty.allocator.numHeapArenas: 8
2021-09-09 04:09:02,856 [DEBUG] from play.shaded.ahc.io.netty.buffer.PooledByteBufAllocator in main - -Dio.netty.allocator.numDirectArenas: 8
2021-09-09 04:09:02,856 [DEBUG] from play.shaded.ahc.io.netty.buffer.PooledByteBufAllocator in main - -Dio.netty.allocator.pageSize: 8192
2021-09-09 04:09:02,856 [DEBUG] from play.shaded.ahc.io.netty.buffer.PooledByteBufAllocator in main - -Dio.netty.allocator.maxOrder: 11
2021-09-09 04:09:02,856 [DEBUG] from play.shaded.ahc.io.netty.buffer.PooledByteBufAllocator in main - -Dio.netty.allocator.chunkSize: 16777216
2021-09-09 04:09:02,856 [DEBUG] from play.shaded.ahc.io.netty.buffer.PooledByteBufAllocator in main - -Dio.netty.allocator.tinyCacheSize: 512
2021-09-09 04:09:02,856 [DEBUG] from play.shaded.ahc.io.netty.buffer.PooledByteBufAllocator in main - -Dio.netty.allocator.smallCacheSize: 256
2021-09-09 04:09:02,856 [DEBUG] from play.shaded.ahc.io.netty.buffer.PooledByteBufAllocator in main - -Dio.netty.allocator.normalCacheSize: 64
2021-09-09 04:09:02,856 [DEBUG] from play.shaded.ahc.io.netty.buffer.PooledByteBufAllocator in main - -Dio.netty.allocator.maxCachedBufferCapacity: 32768
2021-09-09 04:09:02,856 [DEBUG] from play.shaded.ahc.io.netty.buffer.PooledByteBufAllocator in main - -Dio.netty.allocator.cacheTrimInterval: 8192
2021-09-09 04:09:02,856 [DEBUG] from play.shaded.ahc.io.netty.buffer.PooledByteBufAllocator in main - -Dio.netty.allocator.cacheTrimIntervalMillis: 0
2021-09-09 04:09:02,856 [DEBUG] from play.shaded.ahc.io.netty.buffer.PooledByteBufAllocator in main - -Dio.netty.allocator.useCacheForAllThreads: true
2021-09-09 04:09:02,856 [DEBUG] from play.shaded.ahc.io.netty.buffer.PooledByteBufAllocator in main - -Dio.netty.allocator.maxCachedByteBuffersPerChunk: 1023
2021-09-09 04:09:02,865 [DEBUG] from play.shaded.ahc.io.netty.buffer.ByteBufUtil in main - -Dio.netty.allocator.type: pooled
2021-09-09 04:09:02,865 [DEBUG] from play.shaded.ahc.io.netty.buffer.ByteBufUtil in main - -Dio.netty.threadLocalDirectBufferSize: 0
2021-09-09 04:09:02,865 [DEBUG] from play.shaded.ahc.io.netty.buffer.ByteBufUtil in main - -Dio.netty.maxThreadLocalCharBufferSize: 16384
2021-09-09 04:09:03,959 [INFO] from org.thp.cortex.services.DockerJobRunnerSrv in application-akka.actor.default-dispatcher-5 - Docker is available:
Info{architecture=x86_64, clusterStore=null, cgroupDriver=cgroupfs, containers=2, containersRunning=0, containersStopped=2, containersPaused=0, cpuCfsPeriod=true, cpuCfsQuota=true, debug=false, dockerRootDir=/var/lib/docker, storageDriver=overlay2, driverStatus=[[Backing Filesystem, xfs], [Supports d_type, true], [Native Overlay Diff, true], [userxattr, false]], executionDriver=null, experimentalBuild=false, httpProxy=, httpsProxy=, id=ZKN3:JVQR:HJKR:WHAV:ZZWI:PXZF:SSIO:FDWL:Q5ZV:3ISV:LPUE:MJ6D, ipv4Forwarding=true, images=2, indexServerAddress=https://index.docker.io/v1/, initPath=null, initSha1=null, kernelMemory=true, kernelVersion=4.18.0-305.12.1.el8_4.x86_64, labels=[], memTotal=8144953344, memoryLimit=true, cpus=4, eventsListener=0, fileDescriptors=27, goroutines=37, name=FRPARCOROSOCMON1, noProxy=, oomKillDisable=true, operatingSystem=Rocky Linux 8.4 (Green Obsidian), osType=linux, plugins=Plugins{volumes=[local], networks=[bridge, host, ipvlan, macvlan, null, overlay]}, registryConfig=RegistryConfig{indexConfigs={docker.io=IndexConfig{name=docker.io, mirrors=[], secure=true, official=true}}, insecureRegistryCidrs=[127.0.0.0/8]}, serverVersion=20.10.8, swapLimit=true, swarm=SwarmInfo{cluster=null, controlAvailable=false, error=, localNodeState=inactive, nodeAddr=, nodeId=, nodes=null, managers=null, remoteManagers=null}, systemStatus=[], systemTime=Thu Sep 09 04:09:03 EDT 2021}
2021-09-09 04:09:03,977 [WARN] from org.thp.cortex.services.JobRunnerSrv in application-akka.actor.default-dispatcher-5 - The package cortexutils for python hasn't been found
2021-09-09 04:09:03,977 [WARN] from org.thp.cortex.services.JobRunnerSrv in main - The package cortexutils for python hasn't been found
2021-09-09 04:09:04,363 [INFO] from org.thp.cortex.services.JobRunnerSrv in main - The package cortexutils for python2 has valid version: 2.1.0
2021-09-09 04:09:04,363 [INFO] from org.thp.cortex.services.JobRunnerSrv in application-akka.actor.default-dispatcher-5 - The package cortexutils for python2 has valid version: 2.1.0
2021-09-09 04:09:04,764 [INFO] from org.thp.cortex.services.JobRunnerSrv in application-akka.actor.default-dispatcher-5 - The package cortexutils for python3 has valid version: 2.1.0
2021-09-09 04:09:04,764 [INFO] from org.thp.cortex.services.JobRunnerSrv in main - The package cortexutils for python3 has valid version: 2.1.0
2021-09-09 04:09:04,771 [INFO] from org.thp.cortex.services.WorkerSrv in application-akka.actor.default-dispatcher-4 - New worker list:
IPVoid 1.0
SEKOIAIntelligenceCenter_Indicators 1.0
Shuffle 1.0
SEKOIAIntelligenceCenter_Context 1.0
HIBP_Query 2.0
CheckPoint_Unlock 1.0
DNSSinkhole 1.0
DomainToolsIris_Investigate 1.0
Autofocus_SearchJSON 1.0
DomainTools_Reputation 2.0
VirusTotal_GetReport 3.0
AMPforEndpoints_SCDAdd 1.0
MaxMind_GeoIP 4.0
Crowdstrike_Falcon_Custom_IOC_API 1.0
FileInfo 8.0
PaloAltoNGFW_block_external_user 1.0.0
CheckPoint_Lock 1.0
FireEyeiSight 1.0
Malwares_GetReport 1.0
Mnemonic_pDNS_Public 3.0
THOR_Thunderstorm_ScanSample 0.3.1
VirusTotal_Rescan 3.0
DomainTools_Risk 2.0
PassiveTotal_Osint 2.0
CIRCLPassiveDNS 2.0
CyberChef_FromHex 1.0
PaloAltoNGFW_block_port_for_external_communication 2.0.0
PassiveTotal_Passive_Dns 2.1
Shodan_Host 1.0
SendGrid 1.0
DomainTools_WhoisLookupUnparsed 2.0
Hashdd_Detail 2.0
PassiveTotal_Host_Pairs 2.0
Hunterio_DomainSearch 1.0
CyberChef_FromCharCode 1.0
MISPWarningLists 2.0
Gmail_BlockDomain 1.0
DomainTools_ReverseIPWhois 2.0
AbuseIPDB 1.0
TorProject 1.0
Redmine_Issue 1.0
CIRCLPassiveSSL 2.0
Inoitsu 1.0
Fortiguard_URLCategory 2.1
Splunk_Search_User_Agent 3.0
Yara 2.0
EmergingThreats_DomainInfo 1.0
DNSDB_DomainName 2.0
PhishTank_CheckURL 2.1
DNS-RPZ 1.0
MailIncidentStatus 1.0
CIRCLHashlookup 1.0
PaloAltoNGFW_block_internal_domain 2.0.0
StamusNetworks_HostID 1.0
IPinfo_Hosted_Domains 1.0
SpamhausDBL 1.0
SophosIntelix_GetReport 0.3
PassiveTotal_Trackers 2.0
ThreatResponse 1.0
VirusTotal_DownloadSample 3.0
Gmail_BlockSender 1.0
Maltiverse_Report 1.0
SophosIntelix_Submit_Dynamic 0.1
BackscatterIO_GetObservations 1.0
OTXQuery 2.0
Investigate_Sample 1.0
PaloAltoNGFW_unblock_port_for_internal_communication 1.0.0
MetaDefenderCloud_Reputation 1.0
Autofocus_SearchIOC 1.0
Splunk_Search_Mail_Email 3.0
LastInfoSec 1.0
Patrowl_GetReport 1.0
NSRL 1.0
AMPforEndpoints_MoveGUID 1.0
RT4-CreateTicket 1.0
PhishingInitiative_Scan 1.0
Mailer 1.0
C1fApp 1.0
Diario_Scan 1.0
RecordedFuture_risk 1.0
OpenCTI_SearchObservables 2.0
Nessus 2.0
KnowBe4 1.0
SecurityTrails_Passive_DNS 1.0
JoeSandbox_File_Analysis_Inet 2.0
Virusshare 2.0
Velociraptor_Flow 0.1
EmlParser 2.0
DomainTools_ReverseIP 2.0
Yeti 1.0
StaxxSearch 1.0
PaloAltoNGFW_unblock_external_domain 1.0.0
SinkDB 1.1
PaloAltoNGFW_unblock_external_IP_address 1.0.0
MalwareBazaar 1.0
DomainToolsIris_AddRiskyDNSTag 1.0
Robtex_Forward_PDNS_Query 1.0
WOT_Lookup 2.0
Elasticsearch_Analysis 1.0
Splunk_Search_Hash 3.0
Autofocus_GetSampleAnalysis 1.0
Virustotal_Downloader 0.1
DuoUnlockUserAccount 1.0
PaloAltoNGFW_unblock_internal_user 1.0.0
VirusTotal_Scan 3.0
EmergingThreats_IPInfo 1.0
Shodan_ReverseDNS 1.0
Shodan_Host_History 1.0
Wazuh 1.0
PassiveTotal_Whois_Details 2.0
Urlscan.io_Search 0.1.1
PaloAltoNGFW_block_external_IP_address 2.0.0
DomainTools_WhoisLookup 2.0
PaloAltoNGFW_block_internal_IP_address 2.0.0
GRR 0.1
Cyberprotect_ThreatScore 3.0
PaloAltoNGFW_block_external_domain 2.0.0
ZEROFOX_Close_alert 1.0
Minemeld 1.0
PassiveTotal_Malware 2.0
DomainTools_ReverseNameServer 2.0
IntezerCommunity 1.0
DNSDB_IPHistory 2.0
Ldap_Query 2.0
PaloAltoNGFW_unblock_internal_domain 1.0.0
GoogleSafebrowsing 2.0
PassiveTotal_Enrichment 2.0
PayloadSecurity_File_Analysis 1.0
Triage 1.0
Msg_Parser 3.0
DomainMailSPFDMARC_Analyzer 1.1
PassiveTotal_Unique_Resolutions 2.0
Splunk_Search_User 3.0
CuckooSandbox_Url_Analysis 1.2
BackscatterIO_Enrichment 1.0
DomainTools_ReverseWhois 2.0
SophosIntelix_Submit_Static 0.1
Threatcrowd 1.0
Umbrella_Blacklister 1.1
ZEROFOX_Takedown_request 1.0
CyberCrime-Tracker 1.0
Gmail_DeleteMessage 1.0
EmailRep 1.0
URLhaus 2.0
MISP 2.1
TeamCymruMHR 1.0
DShield_lookup 1.0
EmergingThreats_MalwareInfo 1.0
StopForumSpam 1.0
DomainTools_HostingHistory 2.0
CyberChef_FromBase64 1.0
Abuse_Finder 3.0
Investigate_Categorization 1.0
SecurityTrails_Whois 1.0
DomainTools_WhoisHistory 2.0
MetaDefenderCloud_Scan 1.0
PassiveTotal_Ssl_Certificate_History 2.0
Splunk_Search_Other 3.0
Malpedia 1.0
MetaDefenderCore_Scan 1.0
Splunk_Search_Registry 3.0
Crt_sh_Transparency_Logs 1.0
IPinfo_Details 1.0
CERTatPassiveDNS 2.0
Urlscan.io_Scan 0.1.0
DomainToolsIris_CheckMaliciousTags 1.0
ProofPoint_Lookup 1.0
PayloadSecurity_Url_Analysis 1.0
Shodan_DNSResolve 1.0
Splunk_Search_Mail_Subject 3.0
VMRay 4.1
GoogleDNS_resolve 1.0.0
DomainToolsIris_Pivot 1.0
MetaDefenderCloud_GetReport 1.0
OpenCTI_SearchExactObservable 2.0
Hipposcore 2.0
Shodan_InfoDomain 1.0
CuckooSandbox_File_Analysis_Inet 1.2
DNS_Lookingglass 1.0
JoeSandbox_File_Analysis_Noinet 2.0
GoogleVisionAPI_WebDetection 1.0.0
Valhalla_GetRuleMatches 0.3.1
TalosReputation 1.0
Vulners_CVE 1.0
Splunk_Search_IP 3.0
TorBlutmagie 1.0
SpamAssassin 1.0
Splunk_Search_Domain_FQDN 3.0
FireHOLBlocklists 2.0
Vulners_IOC 1.0
NERD 1.0
ThreatGrid 1.0
Robtex_Reverse_PDNS_Query 1.0
Gmail_UnblockDomain 1.0
PassiveTotal_Ssl_Certificate_Details 2.0
PaloAltoNGFW_block_internal_user 1.0.0
AMPforEndpoints_IsolationStart 1.0
Hashdd_Status 2.0
PaloAltoNGFW_unblock_port_for_external_communication 1.0.0
PaloAltoNGFW_unblock_internal_IP_address 1.0.0
DNSDB_NameHistory 2.0
PhishingInitiative_Lookup 2.0
AMPforEndpoints_IsolationStop 1.0
SoltraEdge 1.0
Pulsedive_GetIndicator 1.0
QRadar_Auto_Closing_Offense 1.0
IBMXForce_Lookup 1.0
Gmail_UnblockSender 1.0
Splunk_Search_URL_URI_Path 3.0
IVRE 1.0
JoeSandbox_Url_Analysis 2.0
GreyNoise 3.1
Censys 1.0
Malwares_Scan 1.0
Robtex_IP_Query 1.0
HippoMore 2.0
PaloAltoNGFW_unblock_external_user 1.0.0
HybridAnalysis_GetReport 1.0
DuoLockUserAccount 1.0
AMPforEndpoints_SCDRemove 1.0
ClamAV_FileInfo 1.1
PaloAltoNGFW_block_port_for_internal_communication 2.0.0
ForcepointWebsensePing 1.0
Shodan_Search 2.0
Umbrella_Report 1.0
PassiveTotal_Components 2.0
AzureTokenRevoker 1.0
MetaDefenderCore_GetReport 1.0
Diario_GetReport 1.0
MalwareClustering_Search 1.0
Mnemonic_pDNS_Closed 3.0
Splunk_Search_File_Filename 3.0
UnshortenLink 1.2
Onyphe_Summary 1.0
AnyRun_Sandbox_Analysis 1.0
2021-09-09 04:09:04,862 [INFO] from com.sksamuel.elastic4s.http.JavaClient$ in application-akka.actor.default-dispatcher-4 - Creating HTTP client on https://10.84.40.21:9200,https://10.84.40.22:9200,https://10.84.40.23:9200
2021-09-09 04:09:04,881 [INFO] from com.sksamuel.elastic4s.http.JavaClient$ in main - Creating HTTP client on https://10.84.40.21:9200,https://10.84.40.22:9200,https://10.84.40.23:9200
2021-09-09 04:09:04,884 [ERROR] from akka.dispatch.Dispatcher in application-akka.actor.default-dispatcher-4 - null
java.security.PrivilegedActionException: null
at java.security.AccessController.doPrivileged(Native Method)
at org.elasticsearch.client.RestClientBuilder.build(RestClientBuilder.java:191)
at com.sksamuel.elastic4s.http.JavaClient$.apply(JavaClient.scala:132)
at org.elastic4play.database.DBConfiguration.$anonfun$getClient$1(DBConfiguration.scala:132)
at scala.collection.immutable.Map$EmptyMap$.getOrElse(Map.scala:110)
at org.elastic4play.database.DBConfiguration.getClient(DBConfiguration.scala:132)
at org.elastic4play.database.DBConfiguration.execute(DBConfiguration.scala:149)
at org.elastic4play.database.SearchWithScroll.<init>(DBFind.scala:139)
at org.elastic4play.database.DBFind.searchWithScroll(DBFind.scala:62)
at org.elastic4play.database.DBFind.apply(DBFind.scala:105)
at org.elastic4play.services.FindSrv.apply(FindSrv.scala:58)
at org.thp.cortex.services.WorkerSrv.find(WorkerSrv.scala:128)
at org.thp.cortex.services.WorkerSrv.$anonfun$rescan$4(WorkerSrv.scala:137)
at org.thp.cortex.services.UserSrv.inInitAuthContext(UserSrv.scala:102)
at org.thp.cortex.services.WorkerSrv.$anonfun$rescan$3(WorkerSrv.scala:136)
at scala.concurrent.impl.CallbackRunnable.run(Promise.scala:64)
at akka.dispatch.BatchingExecutor$AbstractBatch.processBatch(BatchingExecutor.scala:56)
at akka.dispatch.BatchingExecutor$BlockableBatch.$anonfun$run$1(BatchingExecutor.scala:93)
at scala.runtime.java8.JFunction0$mcV$sp.apply(JFunction0$mcV$sp.java:23)
at scala.concurrent.BlockContext$.withBlockContext(BlockContext.scala:85)
at akka.dispatch.BatchingExecutor$BlockableBatch.run(BatchingExecutor.scala:93)
at akka.dispatch.TaskInvocation.run(AbstractDispatcher.scala:48)
at akka.dispatch.ForkJoinExecutorConfigurator$AkkaForkJoinTask.exec(ForkJoinExecutorConfigurator.scala:48)
at java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:289)
at java.util.concurrent.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1056)
at java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1692)
at java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:175)
Caused by: java.nio.file.NoSuchFileException: '/etc/elasticsearch/certs/emptyStore.keystore'
at sun.nio.fs.UnixException.translateToIOException(UnixException.java:86)
at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102)
at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107)
at sun.nio.fs.UnixFileSystemProvider.newByteChannel(UnixFileSystemProvider.java:214)
at java.nio.file.Files.newByteChannel(Files.java:361)
at java.nio.file.Files.newByteChannel(Files.java:407)
at java.nio.file.spi.FileSystemProvider.newInputStream(FileSystemProvider.java:384)
at java.nio.file.Files.newInputStream(Files.java:152)
at org.elastic4play.database.DBConfiguration.$anonfun$sslContextMaybe$1(DBConfiguration.scala:80)
at scala.Option.map(Option.scala:230)
at org.elastic4play.database.DBConfiguration.sslContextMaybe$lzycompute(DBConfiguration.scala:76)
at org.elastic4play.database.DBConfiguration.sslContextMaybe(DBConfiguration.scala:76)
at org.elastic4play.database.DBConfiguration.$anonfun$httpClientConfig$1(DBConfiguration.scala:117)
at org.elasticsearch.client.RestClientBuilder.createHttpClient(RestClientBuilder.java:215)
... 27 common frames omitted
2021-09-09 04:09:04,891 [WARN] from org.thp.cortex.services.JobRunnerSrv in main - The package cortexutils for python hasn't been found
2021-09-09 04:09:05,247 [INFO] from org.thp.cortex.services.JobRunnerSrv in main - The package cortexutils for python2 has valid version: 2.1.0
2021-09-09 04:09:05,642 [INFO] from org.thp.cortex.services.JobRunnerSrv in main - The package cortexutils for python3 has valid version: 2.1.0
2021-09-09 04:09:05,643 [INFO] from com.sksamuel.elastic4s.http.JavaClient$ in main - Creating HTTP client on https://10.84.40.21:9200,https://10.84.40.22:9200,https://10.84.40.23:9200
2021-09-09 04:09:05,684 [WARN] from org.thp.cortex.services.JobRunnerSrv in main - The package cortexutils for python hasn't been found
2021-09-09 04:09:06,045 [INFO] from org.thp.cortex.services.JobRunnerSrv in main - The package cortexutils for python2 has valid version: 2.1.0
2021-09-09 04:09:06,451 [INFO] from org.thp.cortex.services.JobRunnerSrv in main - The package cortexutils for python3 has valid version: 2.1.0
2021-09-09 04:09:06,452 [INFO] from com.sksamuel.elastic4s.http.JavaClient$ in main - Creating HTTP client on https://10.84.40.21:9200,https://10.84.40.22:9200,https://10.84.40.23:9200
Request Type
Bug
Work Environment
Problem Description
Hello When installing cortex I got this error "from akka.dispatch.Dispatcher in application-akka.actor.default-dispatcher-4 - null java.security.PrivilegedActionException: null"
Steps to Reproduce
Complementary information
Application.conf
Application.log