search

TheHive-Project / Docker-Templates

Docker configurations for TheHive, Cortex and 3rd party tools
https://thehive-project.org
GNU Affero General Public License v3.0
110 stars 89 forks source link

thehive4-berkleydb-cortex31 fails admin creation mapping issue? #35

Closed priamai closed 3 years ago

priamai commented 3 years ago

Hi there, I am following this: https://github.com/TheHive-Project/Docker-Templates/tree/main/docker/thehive4-berkleydb-cortex31

my docker is deployed on 192.168.2.14 so I go to the admin creation page: http://192.168.2.14:9001 it redirects to: http://192.168.2.14:9001/index.html#!/maintenance which is fine I can see the form.

I then input the admin creds, nothing happens so I check the browser debug console:

VM778:1 POST http://192.168.2.14:9001/api/user 500 (Internal Server Error)
(anonymous) @ VM778:1
(anonymous) @ angular.js:13692
D @ angular.js:13418
o @ angular.js:13159
o @ angular.js:18075
(anonymous) @ angular.js:18123
$digest @ angular.js:19241
$apply @ angular.js:19630
(anonymous) @ angular.js:29127
it @ angular.js:3891
e @ angular.js:3879
angular.js:15697 Possibly unhandled rejection: {"data":{"type":"InternalError","message":"Unknown error: ElasticError(mapper_parsing_exception,failed to parse,None,None,None,List(ElasticError(mapper_parsing_exception,failed to parse,None,None,None,null,None,None,None,List())),Some(CausedBy(illegal_argument_exception,unknown join name [user] for field [relations],Map())),None,None,List())"},"status":500,"config":{"method":"POST","transformRequest":[null],"transformResponse":[null],"jsonpCallbackParam":"callback","url":"./api/user","data":{"login":"admin@thehive.local","name":"admin","password":"secret","roles":["superadmin"],"organization":"cortex"},"headers":{"Accept":"application/json, text/plain, */*","Content-Type":"application/json;charset=utf-8","X-CORTEX-XSRF-TOKEN":"5ddad865f4711c9c488900686a2351f20e8c1763-1626505451786-0bdf1c356049105dd517a93f"}},"statusText":"Internal Server Error","xhrStatus":"complete"}

docker logs from cotex:

docker logs -t cortex | grep error
2021-07-17T07:15:45.676344275Z [warn] o.e.d.SearchWithScroll - Search error
2021-07-17T07:15:45.713471917Z Info{architecture=x86_64, clusterStore=null, cgroupDriver=cgroupfs, containers=23, containersRunning=3, containersStopped=20, containersPaused=0, cpuCfsPeriod=true, cpuCfsQuota=true, debug=false, dockerRootDir=/mnt/data/docker, storageDriver=overlay2, driverStatus=[[Backing Filesystem, extfs], [Supports d_type, true], [Native Overlay Diff, true]], executionDriver=null, experimentalBuild=false, httpProxy=, httpsProxy=, id=3ETS:3FZM:DUY5:DR4R:Q5EK:NUBR:BQ72:7B52:YFEX:734C:CY6F:RAAC, ipv4Forwarding=true, images=514, indexServerAddress=https://index.docker.io/v1/, initPath=null, initSha1=null, kernelMemory=true, kernelVersion=5.8.0-59-generic, labels=[], memTotal=67371700224, memoryLimit=true, cpus=16, eventsListener=0, fileDescriptors=42, goroutines=51, name=tigerman, noProxy=, oomKillDisable=true, operatingSystem=Ubuntu 20.04.2 LTS, osType=linux, plugins=Plugins{volumes=[local], networks=[bridge, host, ipvlan, macvlan, null, overlay]}, registryConfig=RegistryConfig{indexConfigs={docker.io=IndexConfig{name=docker.io, mirrors=[], secure=true, official=true}}, insecureRegistryCidrs=[127.0.0.0/8]}, serverVersion=20.10.5, swapLimit=true, swarm=SwarmInfo{cluster=null, controlAvailable=false, error=, localNodeState=inactive, nodeAddr=, nodeId=, nodes=null, managers=null, remoteManagers=null}, systemStatus=[], systemTime=Sat Jul 17 07:15:45 UTC 2021}
2021-07-17T07:15:45.739443498Z [warn] o.e.d.SearchWithScroll - Search error
2021-07-17T07:16:07.153709520Z [error] o.e.d.DBConfiguration - ElasticSearch request failure: POST:/cortex_5/_search?
2021-07-17T07:16:07.167783036Z [error] o.e.d.DBConfiguration - ElasticSearch request failure: POST:/cortex_5/_search?
2021-07-17T07:16:07.535941529Z [error] o.e.d.DBConfiguration - ElasticSearch request failure: POST:/cortex_5/_search?
2021-07-17T07:16:07.686078110Z [error] o.e.d.DBConfiguration - ElasticSearch request failure: POST:/cortex_5/_search?
2021-07-17T07:16:50.468686826Z [error] o.e.d.DBConfiguration - ElasticSearch request failure: PUT:/cortex_5/_doc/admin%40thehive.local?refresh=wait_for&op_type=create&routing=admin@thehive.local
2021-07-17T07:16:50.469404170Z org.elastic4play.InternalError: Unknown error: ElasticError(mapper_parsing_exception,failed to parse,None,None,None,List(ElasticError(mapper_parsing_exception,failed to parse,None,None,None,null,None,None,None,List())),Some(CausedBy(illegal_argument_exception,unknown join name [user] for field [relations],Map())),None,None,List())
2021-07-17T07:17:25.019371132Z [error] o.e.d.DBConfiguration - ElasticSearch request failure: PUT:/cortex_5/_doc/admin%40thehive.local?refresh=wait_for&op_type=create&routing=admin@thehive.local
2021-07-17T07:17:25.020175603Z org.elastic4play.InternalError: Unknown error: ElasticError(mapper_parsing_exception,failed to parse,None,None,None,List(ElasticError(mapper_parsing_exception,failed to parse,None,None,None,null,None,None,None,List())),Some(CausedBy(illegal_argument_exception,unknown join name [user] for field [relations],Map())),None,None,List())

So I check the elasticsearch indexes:

http://192.168.2.14:9200/_cat/indices/

and cortex one is there:

yellow open cortex_5 JPIpUnkBRguHhEP-Kac26Q 5 1 1 0 6.5kb 6.5kb

I am trying to guess the error would be that Cortex did not push the right mappings? So I check the mappings:

http://192.168.2.14:9200/cortex_5/_mapping

And they seem to be there:

{"cortex_5":{"mappings":{"date_detection":false,"numeric_detection":false,"properties":{"attachment":{"type":"nested","properties":{"contentType":{"type":"keyword"},"hashes":{"type":"keyword"},"id":{"type":"keyword"},"name":{"type":"keyword"},"size":{"type":"long"}}},"author":{"type":"text","fielddata":true},"avatar":{"type":"binary"},"base":{"type":"boolean"},"baseConfig":{"type":"keyword"},"binary":{"type":"binary"},"cacheTag":{"type":"keyword"},"command":{"type":"text","fielddata":true},"config":{"type":"binary"},"configuration":{"type":"binary"},"createdAt":{"type":"date","format":"epoch_millis||basic_date_time_no_millis"},"createdBy":{"type":"keyword"},"data":{"type":"binary"},"dataType":{"type":"keyword"},"dataTypeList":{"type":"keyword"},"dblist":{"type":"keyword"},"description":{"type":"text","fielddata":true},"details":{"type":"nested","properties":{"_id":{"type":"keyword"},"dataTypeList":{"type":"keyword"},"description":{"type":"text","fielddata":true},"endDate":{"type":"date","format":"epoch_millis||basic_date_time_no_millis"},"errorMessage":{"type":"text","fielddata":true},"input":{"type":"binary"},"jobCache":{"type":"long"},"jobTimeout":{"type":"long"},"label":{"type":"keyword"},"message":{"type":"text","fielddata":true},"name":{"type":"keyword"},"organization":{"type":"keyword"},"pap":{"type":"long"},"parameters":{"type":"binary"},"rate":{"type":"long"},"rateUnit":{"type":"keyword"},"roles":{"type":"keyword"},"startDate":{"type":"date","format":"epoch_millis||basic_date_time_no_millis"},"status":{"type":"keyword"},"tlp":{"type":"long"},"updatedAt":{"type":"date","format":"epoch_millis||basic_date_time_no_millis"},"updatedBy":{"type":"keyword"}}},"dockerImage":{"type":"text","fielddata":true},"endDate":{"type":"date","format":"epoch_millis||basic_date_time_no_millis"},"errorMessage":{"type":"text","fielddata":true},"fromCache":{"type":"boolean"},"full":{"type":"binary"},"input":{"type":"binary"},"jobCache":{"type":"long"},"jobTimeout":{"type":"long"},"key":{"type":"keyword"},"label":{"type":"keyword"},"license":{"type":"text","fielddata":true},"login":{"type":"keyword"},"message":{"type":"text","fielddata":true},"name":{"type":"keyword"},"objectId":{"type":"keyword"},"objectType":{"type":"keyword"},"operation":{"type":"keyword"},"operations":{"type":"binary"},"organization":{"type":"keyword"},"otherDetails":{"type":"text","fielddata":true},"pap":{"type":"long"},"parameters":{"type":"binary"},"password":{"type":"keyword"},"preferences":{"type":"binary"},"rate":{"type":"long"},"rateUnit":{"type":"keyword"},"relations":{"type":"join","eager_global_ordinals":true,"relations":{"dblist":[],"sequence":[],"data":[],"audit":[],"organization":["worker","workerConfig"],"report":"artifact","job":"report","user":[]}},"requestId":{"type":"keyword"},"roles":{"type":"keyword"},"rootId":{"type":"keyword"},"sequenceCounter":{"type":"long"},"startDate":{"type":"date","format":"epoch_millis||basic_date_time_no_millis"},"status":{"type":"keyword"},"summary":{"type":"binary"},"tags":{"type":"keyword"},"tlp":{"type":"long"},"type":{"type":"keyword"},"updatedAt":{"type":"date","format":"epoch_millis||basic_date_time_no_millis"},"updatedBy":{"type":"keyword"},"url":{"type":"text","fielddata":true},"value":{"type":"keyword"},"version":{"type":"keyword"},"workerDefinitionId":{"type":"keyword"},"workerId":{"type":"keyword"},"workerName":{"type":"keyword"}}}}}

Let me know what else should I try.

priamai commented 3 years ago

Elasticsearch version is as defined in docker:

{
  "name" : "9d4f7d41f010",
  "cluster_name" : "hive",
  "cluster_uuid" : "IXpcIl-xQNqYCaTjmWe0wg",
  "version" : {
    "number" : "7.11.1",
    "build_flavor" : "default",
    "build_type" : "docker",
    "build_hash" : "ff17057114c2199c9c1bbecc727003a907c0db7a",
    "build_date" : "2021-02-15T13:44:09.394032Z",
    "build_snapshot" : false,
    "lucene_version" : "8.7.0",
    "minimum_wire_compatibility_version" : "6.8.0",
    "minimum_index_compatibility_version" : "6.0.0-beta1"
  },
  "tagline" : "You Know, for Search"
}
priamai commented 3 years ago

Okay I found the real issue with this and will open a different ticket. Cheers.