search

TheHive-Project / Cortex

Cortex: a Powerful Observable Analysis and Active Response Engine
https://thehive-project.org
GNU Affero General Public License v3.0
1.32k stars 226 forks source link

Cortex Analyzers return JSON error when run #441

Open zJvco opened 1 year ago

zJvco commented 1 year ago

EDIT THIS TITLE BEFORE POSTING. Use this template for bug reports. If you'd like to request a feature, please be as descriptive as possible and delete the template except the first section (Request Type)

Request Type

Bug

Work Environment

Question Answer
OS version (server) Ubuntu
OS version (client) 22.04 LTS
Cortex version / git hash Docker Latest
Package Type Docker, docker-compose
Browser type & version If applicable

Problem Description

I'm using docker and docker-compose, and I installed the Virtustotal_GetReport_3_1 but when I run it returns me a JSON error.

This is my docker-compose cortex cfg:

cortex.local:
    image: thehiveproject/cortex:latest
    container_name: cortex
    restart: unless-stopped
    environment:
      - job_directory=/opt/cortex/jobs
      - docker_job_directory=/tmp/cortex-jobs
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /tmp/cortex-jobs:/tmp/cortex-jobs
      - ./cortex/logs:/var/log/cortex
      - ./cortex/application.conf:/cortex/application.conf
    depends_on:
      - elasticsearch
    ports:
      - "0.0.0.0:9001:9001"

Complementary information

Traceback (most recent call last):
  File "/worker/VirusTotal/virustotal.py", line 404, in <module>
    VirusTotalAnalyzer().run()
    ^^^^^^^^^^^^^^^^^^^^
  File "/worker/VirusTotal/virustotal.py", line 23, in __init__
    Analyzer.__init__(self)
  File "/usr/local/lib/python3.11/site-packages/cortexutils/analyzer.py", line 18, in __init__
    Worker.__init__(self, job_directory, secret_phrases)
  File "/usr/local/lib/python3.11/site-packages/cortexutils/worker.py", line 35, in __init__
    self._input = json.load(sys.stdin)
                  ^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/json/__init__.py", line 293, in load
    return loads(fp.read(),
           ^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/json/__init__.py", line 346, in loads
    return _default_decoder.decode(s)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/json/decoder.py", line 337, in decode
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/json/decoder.py", line 355, in raw_decode
    raise JSONDecodeError("Expecting value", s, err.value) from None
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
kevP-Sirius commented 2 months ago

i've solved this issue by putting job_directory and docker_job_directory with the same value but i get another error now => "message": "('NotFoundError', 'URL \"ZGF0YTpodHRwczovL2NvcnRleC5zaG93dGltZS1hcHAuY2xpY2svaW5kZXguaHRtbCMhL2pvYnM\" not found')" so not sure if that will resolve your problem but i share , try and tell me