search

TheHive-Project / Cortex

Cortex: a Powerful Observable Analysis and Active Response Engine
https://thehive-project.org
GNU Affero General Public License v3.0
1.32k stars 226 forks source link

Worker cannot be run #470

Open marriv99 opened 4 months ago

marriv99 commented 4 months ago

Request Type

Bug

Work Environment

Question Answer
OS version (server) Windows 10
Cortex version 3.1.8-1
Package Type Kubernetes

Problem Description

I started Cortex through a Kubernetes configuration file but I'm getting this error when I try to use an analyzer like VirusTotal or MalwareBazaar.

{
  "errorMessage": "Worker cannot be run",
  "input": "{\"data\":\"4f1600295371e629aea746047ce5b3a6441978023e11154dec9ad872597d9d7e\",\"dataType\":\"hash\",\"tlp\":2,\"pap\":2,\"message\":\"\",\"parameters\":{},\"config\":{\"proxy_https\":null,\"cacerts\":null,\"rescan_hash_older_than_days\":30,\"check_tlp\":true,\"max_tlp\":2,\"download_sample_if_highlighted\":null,\"auto_extract_artifacts\":true,\"download_sample\":null,\"jobCache\":10,\"highlighted_antivirus\":[null],\"check_pap\":true,\"max_pap\":2,\"jobTimeout\":30,\"service\":\"get\",\"proxy_http\":null,\"polling_interval\":60,\"key\"MY_KEY"}}",
  "success": false
}

Complementary information

To run Cortex I only used this file so I don't know what I can change to solve the problem.

kind: Deployment
apiVersion: apps/v1
metadata:
  name: cortex
  labels:
    app: cortex
spec:
  replicas: 1
  selector:
    matchLabels:
      app: cortex
  template:
    metadata:
      labels:
        app: cortex
    spec:
      containers:
      - name: cortex
        image: thehiveproject/cortex:3.1.8-1
        ports:
          - containerPort: 9001
        env:
        - name: es_uri
          value: http://10.224.0.66:9200
        - name: start_docker
          value: "1"
        securityContext:
          privileged: true
      #   volumeMounts:
      #       - name: config
      #         mountPath: /etc/docker/daemon.json
      #         subPath: daemon.json
      # volumes:
      #   - name: config
      #     configMap:
      #       name: cortex-docker-daemon
---
apiVersion: v1
kind: Service
metadata:
  name: cortex
spec:
  selector:
    app: cortex
  type: NodePort
  ports:
    - port: 9001
      nodePort: 30004
kevP-Sirius commented 2 months ago

Hello i've solved this problem by installing docker on the host machine and mount volume with docker.sock between host and container to execute docker as a result it look like this :

       volumeMounts:
        - name: docker-sock-volume
          mountPath: /var/run/docker.sock

  volumes:
            - hostPath:
        path: "/var/run/docker.sock"
      name: "docker-sock-volume"