search

TheHive-Project / TheHive

TheHive: a Scalable, Open Source and Free Security Incident Response Platform
https://thehive-project.org
GNU Affero General Public License v3.0
3.43k stars 623 forks source link

[Bug?] impossible to launch because of cortex.connector module not found #1321

Closed matthieuferon closed 4 years ago

matthieuferon commented 4 years ago

Hello all,

I don't know if it's really a bug but as I'm not a java dev I'can't solve the problem

I'm trying to setup The Hive 4 but it fails to start saying:

Cannot load module[Module [connectors.cortex.CortexConnector] cannot be instantiated

I look at the modules loaded in the java process module list and found:

/opt/thehive/lib/org.thp.thehive-cortex-4.0.0-RC1.jar
/opt/thehive/lib/org.thp.cortex-client-4.0.0-RC1.jar
/opt/thehive/lib/org.thp.cortex-dto-4.0.0-RC1.jar

As it is working with the version 3 of The Hive, I looked at the loaded modules and only found:

/opt/thehive/lib/org.thehive-project.thehivecortex-3.3.0-1.jar

I've checked the connection to my cortex server with:

curl -H 'Authorization: Bearer OBFUSCATED' http://OBFUSCATED:9001/api/analyzer

It works

I hop someone could help because I'm completely stuck. Thanks in advance

Here's my application.conf

play.http.secret.key = OBFUSCATED

# Authentication
auth {
        # ad : use ActiveDirectory to authenticate users. Configuration is under "auth.ad" key
        provider = [local]
}

# Maximum time between two requests without requesting authentication
session {
  warning = 5m
  inactivity = 1h
}

play.http.parser.maxMemoryBuffer= 1M
play.http.parser.maxDiskBuffer = 1D

# Cortex
play.modules.enabled += connectors.cortex.CortexConnector

cortex {
  "CORTEX-SERVER-ID" {
    url = "https://OBFUSCATED:9001/"
    key = "OBFUSCATED"
  }
  refreshDelay = 1 minute
  maxRetryOnError = 3
  statusCheckInterval = 1 minute
}

https.port: 9000
play.server.https.keyStore {
      path: /etc/thehive/keystore.jks
      type: JKS
      password: OBFUSCATED
    }
http.port: disabled
auth.method.basic = true

db {
  provider: janusgraph
  janusgraph {
    storage {
      backend: cql
      hostname: [
        "127.0.0.1"
      ] # seed node ip addresses

      #username: "<cassandra_username>"       # login to connect to database (if configured in Cassandra)
      #password: "<cassandra_passowrd"

      cql {
        cluster-name: thehivedb       # cluster name
        keyspace: thehive           # name of the keyspace
        local-datacenter: datacenter1   # name of the datacenter where TheHive runs (relevant only on multi datacenter setup)
        # replication-factor: 2 # number of replica
        read-consistency-level: ONE
        write-consistency-level: ONE
      }
    }
  }
}
storage {
  provider: hdfs
  hdfs {
    root: "hdfs://thehive1:10000" # namenode server
    location: "/thehive"
    username: thehive
  }
}
To-om commented 4 years ago

The correct module name is org.thp.thehive.connector.cortex.CortexModule (cf. documenation)

connectors.cortex.CortexConnector is only for TheHive 3

matthieuferon commented 4 years ago

I don't decide which module to load, it loads it by itself. Can you explain how to modify this behaviour?

To-om commented 4 years ago

See the key "play.modules.enabled" in application.conf. Replace play.modules.enabled += connectors.cortex.CortexConnector by play.modules.enabled += org.thp.thehive.connector.cortex.CortexModule

matthieuferon commented 4 years ago

Thank you for your help, it starts.

ssstonebraker commented 3 years ago

Thank you @To-om this works!