Closed Securityinfos closed 7 years ago
Hello, could you please tell us if you are using the the archive available at https://dl.bintray.com/cert-bdf/thehive/report-templates.zip or did you cook your own template archive?
Could you please provide the logs from you TheHive log file?
Thanks
Hello, using the zip archive available at https://dl.bintray.com/cert-bdf/thehive/report-templates.zip
2017-03-23 13:56:14,284 [INFO] from org.reflections.Reflections in main - Reflections took 3539 ms to scan 123 urls, producing 7306 keys and 74912 values
2017-03-23 13:56:14,319 [INFO] from module in main - Loading model class connectors.cortex.models.ReportTemplateModel
2017-03-23 13:56:14,321 [INFO] from module in main - Loading model class org.elastic4play.services.AttachmentModel
2017-03-23 13:56:14,322 [INFO] from module in main - Loading model class org.elastic4play.services.DBListModel
2017-03-23 13:56:14,323 [INFO] from module in main - Loading model class models.CaseTemplateModel
2017-03-23 13:56:14,324 [INFO] from module in main - Loading model class models.ArtifactModel
2017-03-23 13:56:14,324 [INFO] from module in main - Loading model class connectors.cortex.models.JobModel
2017-03-23 13:56:14,325 [INFO] from module in main - Loading model class connectors.misp.MispModel
2017-03-23 13:56:14,325 [INFO] from module in main - Loading model class models.ReportTemplateModel
2017-03-23 13:56:14,326 [INFO] from module in main - Loading model class models.TaskModel
2017-03-23 13:56:14,327 [INFO] from module in main - Loading model class models.LogModel
2017-03-23 13:56:14,328 [INFO] from module in main - Loading model class models.UserModel
2017-03-23 13:56:14,328 [INFO] from module in main - Loading model class models.AuditModel
2017-03-23 13:56:14,329 [INFO] from module in main - Loading model class models.CaseModel
2017-03-23 13:56:16,297 [INFO] from org.reflections.Reflections in main - Reflections took 1965 ms to scan 123 urls, producing 7306 keys and 74912 values
2017-03-23 13:56:18,289 [INFO] from org.reflections.Reflections in main - Reflections took 1989 ms to scan 123 urls, producing 7306 keys and 74912 values
2017-03-23 13:56:19,083 [INFO] from akka.event.slf4j.Slf4jLogger in application-akka.actor.default-dispatcher-3 - Slf4jLogger started
2017-03-23 13:56:20,121 [INFO] from org.elasticsearch.plugins in main - [Eric Slaughter] modules [], plugins [], sites []
2017-03-23 13:56:20,828 [INFO] from connectors.cortex.services.CortexClient in main - new Cortex(CORTEX-SERVER-ID, <http://127.0.0.1:8000>, )
2017-03-23 13:56:21,015 [INFO] from play.api.Play in main - Application started (Prod)
2017-03-23 13:56:21,226 [INFO] from play.core.server.NettyServer in main - Listening for HTTP on /0:0:0:0:0:0:0:0:9000
2017-03-23 13:56:32,761 [INFO] from connectors.cortex.services.CortexClient in application-akka.actor.default-dispatcher-3 - Requesting Cortex <http://127.0.0.1:8000>/api/analyzer
2017-03-23 13:56:32,787 [INFO] from application in application-akka.actor.default-dispatcher-3 - GET /api/connector/cortex/analyzer?range=all returned 500
java.lang.NullPointerException: scheme
at org.asynchttpclient.util.Assertions.assertNotNull(Assertions.java:23)
at org.asynchttpclient.uri.Uri.<init>(Uri.java:63)
at org.asynchttpclient.uri.Uri.create(Uri.java:38)
at org.asynchttpclient.uri.Uri.create(Uri.java:31)
at org.asynchttpclient.RequestBuilderBase.setUrl(RequestBuilderBase.java:148)
at play.api.libs.ws.ahc.AhcWSRequest.buildRequest(AhcWS.scala:252)
at play.api.libs.ws.ahc.AhcWSRequest$$anon$2.execute(AhcWS.scala:166)
at play.api.libs.ws.ahc.AhcWSRequest.execute(AhcWS.scala:168)
at play.api.libs.ws.WSRequest$class.get(WS.scala:453)
at play.api.libs.ws.ahc.AhcWSRequest.get(AhcWS.scala:107)
at connectors.cortex.services.CortexClient$$anonfun$listAnalyzer$1.apply(CortexClient.scala:39)
at connectors.cortex.services.CortexClient$$anonfun$listAnalyzer$1.apply(CortexClient.scala:39)
at connectors.cortex.services.CortexClient.request(CortexClient.scala:26)
at connectors.cortex.services.CortexClient.listAnalyzer(CortexClient.scala:39)
at connectors.cortex.services.CortexSrv$$anonfun$listAnalyzer$1.apply(CortexSrv.scala:150)
at connectors.cortex.services.CortexSrv$$anonfun$listAnalyzer$1.apply(CortexSrv.scala:149)
at scala.concurrent.Future$$anonfun$traverse$1.apply(Future.scala:576)
at scala.concurrent.Future$$anonfun$traverse$1.apply(Future.scala:575)
at scala.collection.LinearSeqOptimized$class.foldLeft(LinearSeqOptimized.scala:124)
at scala.collection.immutable.List.foldLeft(List.scala:84)
at scala.concurrent.Future$.traverse(Future.scala:575)
at connectors.cortex.services.CortexSrv.listAnalyzer(CortexSrv.scala:149)
at connectors.cortex.controllers.CortextCtrl$$anonfun$listAnalyzer$1.apply(CortextCtrl.scala:98)
at connectors.cortex.controllers.CortextCtrl$$anonfun$listAnalyzer$1.apply(CortextCtrl.scala:97)
at org.elastic4play.controllers.Authenticated$$anon$1$$anonfun$invokeBlock$1.apply(Authenticated.scala:127)
at org.elastic4play.controllers.Authenticated$$anon$1$$anonfun$invokeBlock$1.apply(Authenticated.scala:125)
at scala.concurrent.Future$$anonfun$flatMap$1.apply(Future.scala:253)
at scala.concurrent.Future$$anonfun$flatMap$1.apply(Future.scala:251)
at scala.concurrent.impl.CallbackRunnable.run(Promise.scala:32)
at akka.dispatch.BatchingExecutor$AbstractBatch.processBatch(BatchingExecutor.scala:55)
at akka.dispatch.BatchingExecutor$BlockableBatch$$anonfun$run$1.apply$mcV$sp(BatchingExecutor.scala:91)
at akka.dispatch.BatchingExecutor$BlockableBatch$$anonfun$run$1.apply(BatchingExecutor.scala:91)
at akka.dispatch.BatchingExecutor$BlockableBatch$$anonfun$run$1.apply(BatchingExecutor.scala:91)
at scala.concurrent.BlockContext$.withBlockContext(BlockContext.scala:72)
at akka.dispatch.BatchingExecutor$BlockableBatch.run(BatchingExecutor.scala:90)
at akka.dispatch.TaskInvocation.run(AbstractDispatcher.scala:39)
at akka.dispatch.ForkJoinExecutorConfigurator$AkkaForkJoinTask.exec(AbstractDispatcher.scala:409)
at scala.concurrent.forkjoin.ForkJoinTask.doExec(ForkJoinTask.java:260)
at scala.concurrent.forkjoin.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1339)
at scala.concurrent.forkjoin.ForkJoinPool.runWorker(ForkJoinPool.java:1979)
at scala.concurrent.forkjoin.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:107)
2017-03-23 13:56:46,911 [INFO] from connectors.cortex.services.CortexClient in application-akka.actor.default-dispatcher-6 - Requesting Cortex <http://127.0.0.1:8000>/api/analyzer
2017-03-23 13:56:46,912 [INFO] from application in application-akka.actor.default-dispatcher-6 - GET /api/connector/cortex/analyzer?range=all returned 500
java.lang.NullPointerException: scheme
at org.asynchttpclient.util.Assertions.assertNotNull(Assertions.java:23)
at org.asynchttpclient.uri.Uri.<init>(Uri.java:63)
at org.asynchttpclient.uri.Uri.create(Uri.java:38)
at org.asynchttpclient.uri.Uri.create(Uri.java:31)
at org.asynchttpclient.RequestBuilderBase.setUrl(RequestBuilderBase.java:148)
at play.api.libs.ws.ahc.AhcWSRequest.buildRequest(AhcWS.scala:252)
at play.api.libs.ws.ahc.AhcWSRequest$$anon$2.execute(AhcWS.scala:166)
at play.api.libs.ws.ahc.AhcWSRequest.execute(AhcWS.scala:168)
at play.api.libs.ws.WSRequest$class.get(WS.scala:453)
at play.api.libs.ws.ahc.AhcWSRequest.get(AhcWS.scala:107)
at connectors.cortex.services.CortexClient$$anonfun$listAnalyzer$1.apply(CortexClient.scala:39)
at connectors.cortex.services.CortexClient$$anonfun$listAnalyzer$1.apply(CortexClient.scala:39)
at connectors.cortex.services.CortexClient.request(CortexClient.scala:26)
at connectors.cortex.services.CortexClient.listAnalyzer(CortexClient.scala:39)
at connectors.cortex.services.CortexSrv$$anonfun$listAnalyzer$1.apply(CortexSrv.scala:150)
at connectors.cortex.services.CortexSrv$$anonfun$listAnalyzer$1.apply(CortexSrv.scala:149)
at scala.concurrent.Future$$anonfun$traverse$1.apply(Future.scala:576)
at scala.concurrent.Future$$anonfun$traverse$1.apply(Future.scala:575)
at scala.collection.LinearSeqOptimized$class.foldLeft(LinearSeqOptimized.scala:124)
at scala.collection.immutable.List.foldLeft(List.scala:84)
at scala.concurrent.Future$.traverse(Future.scala:575)
at connectors.cortex.services.CortexSrv.listAnalyzer(CortexSrv.scala:149)
at connectors.cortex.controllers.CortextCtrl$$anonfun$listAnalyzer$1.apply(CortextCtrl.scala:98)
at connectors.cortex.controllers.CortextCtrl$$anonfun$listAnalyzer$1.apply(CortextCtrl.scala:97)
at org.elastic4play.controllers.Authenticated$$anon$1$$anonfun$invokeBlock$1.apply(Authenticated.scala:127)
at org.elastic4play.controllers.Authenticated$$anon$1$$anonfun$invokeBlock$1.apply(Authenticated.scala:125)
at scala.concurrent.Future$$anonfun$flatMap$1.apply(Future.scala:253)
at scala.concurrent.Future$$anonfun$flatMap$1.apply(Future.scala:251)
at scala.concurrent.impl.CallbackRunnable.run(Promise.scala:32)
at akka.dispatch.BatchingExecutor$AbstractBatch.processBatch(BatchingExecutor.scala:55)
at akka.dispatch.BatchingExecutor$BlockableBatch$$anonfun$run$1.apply$mcV$sp(BatchingExecutor.scala:91)
at akka.dispatch.BatchingExecutor$BlockableBatch$$anonfun$run$1.apply(BatchingExecutor.scala:91)
at akka.dispatch.BatchingExecutor$BlockableBatch$$anonfun$run$1.apply(BatchingExecutor.scala:91)
at scala.concurrent.BlockContext$.withBlockContext(BlockContext.scala:72)
at akka.dispatch.BatchingExecutor$BlockableBatch.run(BatchingExecutor.scala:90)
at akka.dispatch.TaskInvocation.run(AbstractDispatcher.scala:39)
at akka.dispatch.ForkJoinExecutorConfigurator$AkkaForkJoinTask.exec(AbstractDispatcher.scala:409)
at scala.concurrent.forkjoin.ForkJoinTask.doExec(ForkJoinTask.java:260)
at scala.concurrent.forkjoin.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1339)
at scala.concurrent.forkjoin.ForkJoinPool.runWorker(ForkJoinPool.java:1979)
at scala.concurrent.forkjoin.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:107)
2017-03-23 13:57:16,868 [WARN] from org.elastic4play.services.TempSrv in application-akka.actor.default-dispatcher-14 - Fail to remove temporary files (/tmp/1571195663332538967/play-request) : java.nio.file.NoSuchFileException: /tmp/1571195663332538967/play-request
2017-03-23 13:57:16,960 [INFO] from application in application-akka.actor.default-dispatcher-14 - GET /api/stream/0LwW946zpd returned 500
akka.pattern.AskTimeoutException: Ask timed out on [ActorSelection[Anchor(akka://application/), Path(/user/stream-0LwW946zpd)]] after [62000 ms]. Sender[null] sent message of type "services.StreamActor$GetOperations$".
at akka.pattern.PromiseActorRef$$anonfun$1.apply$mcV$sp(AskSupport.scala:604)
at akka.actor.Scheduler$$anon$4.run(Scheduler.scala:126)
at akka.actor.LightArrayRevolverScheduler$TaskHolder.run(LightArrayRevolverScheduler.scala:340)
at akka.actor.LightArrayRevolverScheduler$$anonfun$close$1.apply(LightArrayRevolverScheduler.scala:144)
at akka.actor.LightArrayRevolverScheduler$$anonfun$close$1.apply(LightArrayRevolverScheduler.scala:143)
at scala.collection.Iterator$class.foreach(Iterator.scala:893)
at scala.collection.AbstractIterator.foreach(Iterator.scala:1336)
at scala.collection.IterableLike$class.foreach(IterableLike.scala:72)
at scala.collection.AbstractIterable.foreach(Iterable.scala:54)
at akka.actor.LightArrayRevolverScheduler.close(LightArrayRevolverScheduler.scala:142)
at akka.actor.ActorSystemImpl.stopScheduler(ActorSystem.scala:712)
at akka.actor.ActorSystemImpl$$anonfun$liftedTree2$1$1.apply$mcV$sp(ActorSystem.scala:646)
at akka.actor.ActorSystemImpl$$anonfun$liftedTree2$1$1.apply(ActorSystem.scala:646)
at akka.actor.ActorSystemImpl$$anonfun$liftedTree2$1$1.apply(ActorSystem.scala:646)
at akka.actor.ActorSystemImpl$$anon$3.run(ActorSystem.scala:662)
at akka.actor.ActorSystemImpl$TerminationCallbacks$$anonfun$addRec$1$1.applyOrElse(ActorSystem.scala:840)
at akka.actor.ActorSystemImpl$TerminationCallbacks$$anonfun$addRec$1$1.applyOrElse(ActorSystem.scala:840)
at scala.concurrent.Future$$anonfun$andThen$1.apply(Future.scala:436)
at scala.concurrent.Future$$anonfun$andThen$1.apply(Future.scala:435)
at scala.concurrent.impl.CallbackRunnable.run(Promise.scala:32)
at akka.dispatch.BatchingExecutor$AbstractBatch.processBatch(BatchingExecutor.scala:55)
at akka.dispatch.BatchingExecutor$BlockableBatch$$anonfun$run$1.apply$mcV$sp(BatchingExecutor.scala:91)
at akka.dispatch.BatchingExecutor$BlockableBatch$$anonfun$run$1.apply(BatchingExecutor.scala:91)
at akka.dispatch.BatchingExecutor$BlockableBatch$$anonfun$run$1.apply(BatchingExecutor.scala:91)
at scala.concurrent.BlockContext$.withBlockContext(BlockContext.scala:72)
at akka.dispatch.BatchingExecutor$BlockableBatch.run(BatchingExecutor.scala:90)
at akka.dispatch.TaskInvocation.run(AbstractDispatcher.scala:39)
at akka.dispatch.ForkJoinExecutorConfigurator$AkkaForkJoinTask.exec(AbstractDispatcher.scala:409)
at scala.concurrent.forkjoin.ForkJoinTask.doExec(ForkJoinTask.java:260)
at scala.concurrent.forkjoin.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1339)
at scala.concurrent.forkjoin.ForkJoinPool.runWorker(ForkJoinPool.java:1979)
at scala.concurrent.forkjoin.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:107)
Well, based on the logs, your TheHive instance seems to not be able to have access to you Cortex instance. Do you have a Cortex running? Could you provide the configuration you used to connect TheHive to your Cortex server?
Thanks
Cortex is running on port 8000
From Thehive application.conf :
## Enable the Cortex module
play.modules.enabled += connectors.cortex.CortexConnector
cortex {
"CORTEX-SERVER-ID" {
# URL of the Cortex server
url = "<http://127.0.0.1:8000>"
}
}
OK, could you double check that your Cortex is correctly returning the list of analyzers?
curl http://127.0.0.1:8000/api/analyzer
and check/provide the logs generated by Cortex?
Thanks
curl http://127.0.0.1:8000/api/analyzer
[{"name":"Msg_Parser","version":"1.0","description":"Outlook .msg file parser","dataTypeList":["file"],"id":"Msg_Parser_1_0"},{"name":"DNSDB_NameHistory","version":"1.0","description":"DNSDB Passive DNS query for domain/host name history : Provides history records for an domain/host","dataTypeList":["fqdn"],"id":"DNSDB_NameHistory_1_0"},{"name":"DNSDB_DomainName","version":"1.1","description":"DNSDB Passive DNS query for Domain Names : Provides history records for a domain","dataTypeList":["domain"],"id":"DNSDB_DomainName_1_1"},{"name":"DNSDB_IPHistory","version":"1.0","description":"DNSDB Passive DNS query for IP history : Provides history records for an IP","dataTypeList":["ip"],"id":"DNSDB_IPHistory_1_0"},{"name":"PhishTank_CheckURL","version":"1.0","description":"Check URL against PhishTank to determine if it's a verified phishing site","dataTypeList":["url"],"id":"PhishTank_CheckURL_1_0"},{"name":"OTXQuery","version":"1.0","description":"Query AlienVault OTX for IPs, Domains, URLs, or File Hashes","dataTypeList":["url","domain","file","hash","ip"],"id":"OTXQuery_1_0"},{"name":"File_Info","version":"1.0","description":"Parse files in several formats such as OLE and OpenXML to detect VBA macros, extract their source code, generate useful information on PE, PDF files and much more.","dataTypeList":["file"],"id":"File_Info_1_0"},{"name":"Abuse_Finder","version":"1.0","description":"Use CERT-SG's Abuse Finder to find the abuse contact associated with domain names, URLs, IP and email addresses.","dataTypeList":["ip","domain","url","email"],"id":"Abuse_Finder_1_0"},{"name":"PassiveTotal_Malware","version":"1.0","description":"PassiveTotal Malware Lookup","dataTypeList":["domain","fqdn","ip"],"id":"PassiveTotal_Malware_1_0"},{"name":"PassiveTotal_Passive_Dns","version":"1.0","description":"PassiveTotal Passive DNS Lookup","dataTypeList":["domain","fqdn","ip"],"id":"PassiveTotal_Passive_Dns_1_0"},{"name":"PassiveTotal_Whois_Details","version":"1.0","description":"PassiveTotal Whois Details Lookup","dataTypeList":["domain","fqdn","ip"],"id":"PassiveTotal_Whois_Details_1_0"},{"name":"PassiveTotal_Osint","version":"1.0","description":"PassiveTotal Osint Lookup","dataTypeList":["domain","fqdn","ip"],"id":"PassiveTotal_Osint_1_0"},{"name":"PassiveTotal_Enrichment","version":"1.0","description":"PassiveTotal Enrichment Lookup","dataTypeList":["domain","fqdn","ip"],"id":"PassiveTotal_Enrichment_1_0"},{"name":"PassiveTotal_Ssl_Certificate_Details","version":"1.0","description":"PassiveTotal Ssl Certificate Details Lookup","dataTypeList":["hash","ip"],"id":"PassiveTotal_Ssl_Certificate_Details_1_0"},{"name":"PassiveTotal_Unique_Resolutions","version":"1.0","description":"PassiveTotal Unique Resolutions Lookup","dataTypeList":["domain","fqdn","ip"],"id":"PassiveTotal_Unique_Resolutions_1_0"},{"name":"PassiveTotal_Ssl_Certificate_History","version":"1.0","description":"PassiveTotal Ssl Certificate History Lookup","dataTypeList":["hash","ip"],"id":"PassiveTotal_Ssl_Certificate_History_1_0"},{"name":"Hipposcore","version":"1.0","description":"Hippocampe Score report: provides the last report for an IP, domain or a URL","dataTypeList":["ip","domain","fqdn","url"],"id":"Hipposcore_1_0"},{"name":"HippoMore","version":"1.0","description":"Hippocampe detailed report: provides the last detailed report for an IP, domain or a URL","dataTypeList":["ip","domain","fqdn","url"],"id":"HippoMore_1_0"},{"name":"MaxMind_GeoIP","version":"2.0","description":"MaxMind: Geolocation","dataTypeList":["ip"],"id":"MaxMind_GeoIP_2_0"},{"name":"PhishingInitiative_Lookup","version":"1.0","description":"Check URL against Phishing Initiative to determine if it's a verified phishing site","dataTypeList":["url"],"id":"PhishingInitiative_Lookup_1_0"},{"name":"VirusTotal_GetReport","version":"2.0","description":"VirusTotal get report: provides the last report of a file, hash, domain or ip","dataTypeList":["file","hash","domain","ip"],"id":"VirusTotal_GetReport_2_0"},{"name":"VirusTotal_Scan","version":"2.0","description":"VirusTotal scan file or url","dataTypeList":["file","url"],"id":"VirusTotal_Scan_2_0"},{"name":"DomainTools_ReverseWhois","version":"1.0","description":"Domaintools Reverse Whois lookup : provides a list of domain names that share the same Registrant Information.","dataTypeList":["mail","ip","domain","other"],"id":"DomainTools_ReverseWhois_1_0"},{"name":"DomainTools_WhoisHistory","version":"1.0","description":"DomainTools Whois History: provides a list of historic Whois records for a domain name","dataTypeList":["domain"],"id":"DomainTools_WhoisHistory_1_0"},{"name":"DomainTools_ReverseNameServer","version":"1.0","description":"DomainTools Reverse Name server: provides a list of domain names that share the same primary or secondary name server","dataTypeList":["domain"],"id":"DomainTools_ReverseNameServer_1_0"},{"name":"DomainTools_WhoisLookup_IP","version":"1.0","description":"DomainTools Whois Lookup IP: provides the ownership record for a IP address with basic registration details","dataTypeList":["ip"],"id":"DomainTools_WhoisLookup_IP_1_0"},{"name":"DomainTools_ReverseIP","version":"1.0","description":"DomainTools Reverse IP: provides a list of domain names that share the same Internet host","dataTypeList":["ip"],"id":"DomainTools_ReverseIP_1_0"},{"name":"DomainTools_WhoisLookup","version":"1.0","description":"DomainTools Whois Lookup: provides the ownership record for a domain name with basic registration details","dataTypeList":["domain"],"id":"DomainTools_WhoisLookup_1_0"},{"name":"Fortiguard_URLCategory","version":"1.0","description":"URL Category by Fortiguard: checks the category of a specific URL or domain","dataTypeList":["domain","url"],"id":"Fortiguard_URLCategory_1_0"}]
I can see that in your application.conf:
url = "<http://127.0.0.1:8000>"
Please just set the URL without <>
Correct config is:
url = "http://127.0.0.1:8000"
Perfect! Now i am able to see the templates.
Many thanks
i've the same issue: curl http://127.0.0.1:8080/api/analyzer show me all the analyzers but if i put this in config
cortex { "CORTEX-SERVER-ID" {
url = "http://127.0.0.1:8080"
} }
when from web ui i try to upload the template i get
what's the status of Cortex when you open TheHive's About dialog or from the bottom-right corner of the TheHive's UI?
fixed, was msissing play.modules.enabled += connectors.cortex.CortexConnector
Running Ubunutu 18.0.4 Cortex 2.0.4 and TheHive 3.0.10
I am having the exact same issue. For clarification sake, does it matter if I have the Cortex config in the /opt/thehive/conf/application.conf file? Does it have to be located in /etc/thehive/application.conf? I have modified the config to use http://127.0.0.1:9001, http://localhost:9001, and my server IP.
I ran the API curl -H 'Authorization: Bearer **API_KEY**' 'http://CORTEX_APP_URL:9001/api/analyzer'
/w my API key and URL successfully
My /opt/thehive/conf/application.conf file looks like this for the Cortex portion:
`play.modules.enabled += connectors.cortex.CortexConnector
cortex { "1" { url = "http://localhost:9001" key= "qT3/9oLTylVq5AE9O38TG1KDi9MV5L76" } }`
The output of my var/log/thehive/application.log is as follows for the relevant day: 2018-09-10 18:04:59,572 [WARN] from org.elastic4play.services.AuxSrv in application-akka.actor.default-dispatcher-40 - Entity case AWWv8vX2w3BspvBlqL_R not found 2018-09-10 18:04:59,591 [WARN] from org.elastic4play.services.AuxSrv in application-akka.actor.default-dispatcher-47 - Entity case AWWvosrSw3BspvBlqL_E not found 2018-09-10 18:05:42,949 [WARN] from org.elastic4play.services.AuxSrv in application-akka.actor.default-dispatcher-41 - Entity case AWWv8vX2w3BspvBlqL_R not found 2018-09-10 18:05:42,995 [WARN] from org.elastic4play.services.AuxSrv in application-akka.actor.default-dispatcher-46 - Entity case AWWvosrSw3BspvBlqL_E not found 2018-09-10 18:07:17,958 [INFO] from play.core.server.AkkaHttpServer in Thread-9 - Stopping server... 2018-09-10 18:07:17,961 [INFO] from akka.actor.CoordinatedShutdown in application-akka.actor.default-dispatcher-52 - Starting coordinated shutdown from JVM shutdown hook 2018-09-10 18:07:18,025 [INFO] from org.elastic4play.ErrorHandler in application-akka.actor.default-dispatcher-43 - GET /api/stream/l8iJJTflIo returned 500 akka.pattern.AskTimeoutException: Ask timed out on [ActorSelection[Anchor(akka://application/), Path(/user/stream-l8iJJTflIo)]] after [62000 ms]. Sender[null] sent message of type "services.StreamActor$GetOperations$". at akka.pattern.PromiseActorRef$.$anonfun$apply$1(AskSupport.scala:601) at akka.actor.Scheduler$$anon$4.run(Scheduler.scala:140) at akka.actor.LightArrayRevolverScheduler$TaskHolder.run(LightArrayRevolverScheduler.scala:337) at akka.actor.LightArrayRevolverScheduler.$anonfun$close$1(LightArrayRevolverScheduler.scala:141) at akka.actor.LightArrayRevolverScheduler.$anonfun$close$1$adapted(LightArrayRevolverScheduler.scala:140) at scala.collection.Iterator.foreach(Iterator.scala:929) at scala.collection.Iterator.foreach$(Iterator.scala:929) at scala.collection.AbstractIterator.foreach(Iterator.scala:1417) at scala.collection.IterableLike.foreach(IterableLike.scala:71) at scala.collection.IterableLike.foreach$(IterableLike.scala:70) at scala.collection.AbstractIterable.foreach(Iterable.scala:54) at akka.actor.LightArrayRevolverScheduler.close(LightArrayRevolverScheduler.scala:140) at akka.actor.ActorSystemImpl.stopScheduler(ActorSystem.scala:855) at akka.actor.ActorSystemImpl.$anonfun$_start$1(ActorSystem.scala:794) at scala.runtime.java8.JFunction0$mcV$sp.apply(JFunction0$mcV$sp.java:12) at akka.actor.ActorSystemImpl$$anon$3.run(ActorSystem.scala:810) at akka.actor.ActorSystemImpl$TerminationCallbacks$$anonfun$addRec$1$1.applyOrElse(ActorSystem.scala:987) at akka.actor.ActorSystemImpl$TerminationCallbacks$$anonfun$addRec$1$1.applyOrElse(ActorSystem.scala:987) at scala.concurrent.Future.$anonfun$andThen$1(Future.scala:533) at scala.concurrent.impl.Promise.liftedTree1$1(Promise.scala:29) at scala.concurrent.impl.Promise.$anonfun$transform$1(Promise.scala:29) at scala.concurrent.impl.CallbackRunnable.run(Promise.scala:60) at akka.dispatch.BatchingExecutor$AbstractBatch.processBatch(BatchingExecutor.scala:55) at akka.dispatch.BatchingExecutor$BlockableBatch.$anonfun$run$1(BatchingExecutor.scala:91) at scala.runtime.java8.JFunction0$mcV$sp.apply(JFunction0$mcV$sp.java:12) at scala.concurrent.BlockContext$.withBlockContext(BlockContext.scala:81) at akka.dispatch.BatchingExecutor$BlockableBatch.run(BatchingExecutor.scala:91) at akka.dispatch.TaskInvocation.run(AbstractDispatcher.scala:40) at akka.dispatch.ForkJoinExecutorConfigurator$AkkaForkJoinTask.exec(ForkJoinExecutorConfigurator.scala:43) at akka.dispatch.forkjoin.ForkJoinTask.doExec(ForkJoinTask.java:260) at akka.dispatch.forkjoin.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1339) at akka.dispatch.forkjoin.ForkJoinPool.runWorker(ForkJoinPool.java:1979) at akka.dispatch.forkjoin.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:107) 2018-09-10 18:07:23,995 [INFO] from org.reflections.Reflections in main - Reflections took 199 ms to scan 5 urls, producing 116 keys and 1174 values 2018-09-10 18:07:24,030 [INFO] from module in main - Loading model class models.CaseModel 2018-09-10 18:07:24,033 [INFO] from module in main - Loading model class org.elastic4play.services.DBListModel 2018-09-10 18:07:24,033 [INFO] from module in main - Loading model class models.ArtifactModel 2018-09-10 18:07:24,033 [INFO] from module in main - Loading model class models.DashboardModel 2018-09-10 18:07:24,034 [INFO] from module in main - Loading model class models.AlertModel 2018-09-10 18:07:24,034 [INFO] from module in main - Loading model class connectors.cortex.models.JobModel 2018-09-10 18:07:24,034 [INFO] from module in main - Loading model class models.UserModel 2018-09-10 18:07:24,034 [INFO] from module in main - Loading model class org.elastic4play.services.AttachmentModel 2018-09-10 18:07:24,035 [INFO] from module in main - Loading model class models.AuditModel 2018-09-10 18:07:24,035 [INFO] from module in main - Loading model class models.TaskModel 2018-09-10 18:07:24,035 [INFO] from module in main - Loading model class connectors.cortex.models.ReportTemplateModel 2018-09-10 18:07:24,035 [INFO] from module in main - Loading model class models.LogModel 2018-09-10 18:07:24,036 [INFO] from module in main - Loading model class models.CaseTemplateModel 2018-09-10 18:07:25,558 [INFO] from akka.event.slf4j.Slf4jLogger in application-akka.actor.default-dispatcher-2 - Slf4jLogger started 2018-09-10 18:07:26,199 [INFO] from org.elasticsearch.plugins.PluginsService in main - no modules loaded 2018-09-10 18:07:26,203 [INFO] from org.elasticsearch.plugins.PluginsService in main - loaded plugin [org.elasticsearch.index.reindex.ReindexPlugin] 2018-09-10 18:07:26,203 [INFO] from org.elasticsearch.plugins.PluginsService in main - loaded plugin [org.elasticsearch.join.ParentJoinPlugin] 2018-09-10 18:07:26,203 [INFO] from org.elasticsearch.plugins.PluginsService in main - loaded plugin [org.elasticsearch.percolator.PercolatorPlugin] 2018-09-10 18:07:26,203 [INFO] from org.elasticsearch.plugins.PluginsService in main - loaded plugin [org.elasticsearch.script.mustache.MustachePlugin] 2018-09-10 18:07:26,203 [INFO] from org.elasticsearch.plugins.PluginsService in main - loaded plugin [org.elasticsearch.transport.Netty3Plugin] 2018-09-10 18:07:26,203 [INFO] from org.elasticsearch.plugins.PluginsService in main - loaded plugin [org.elasticsearch.transport.Netty4Plugin] 2018-09-10 18:07:27,464 [INFO] from io.netty.util.internal.PlatformDependent in main - Your platform does not provide complete low-level API for accessing direct buffers reliably. Unless explicitly requested, heap buffer will always be preferred to avoid potential system instability. 2018-09-10 18:07:29,536 [INFO] from play.api.Play in main - Application started (Prod) 2018-09-10 18:07:30,003 [INFO] from play.core.server.AkkaHttpServer in main - Listening for HTTPS on /0:0:0:0:0:0:0:0:9443 2018-09-10 18:07:56,689 [WARN] from org.elastic4play.services.AuxSrv in application-akka.actor.default-dispatcher-27 - Entity case AWWv8vX2w3BspvBlqL_R not found 2018-09-10 18:07:56,721 [WARN] from org.elastic4play.services.AuxSrv in application-akka.actor.default-dispatcher-8 - Entity case AWWvosrSw3BspvBlqL_E not found 2018-09-10 18:17:15,149 [INFO] from org.elastic4play.ErrorHandler in application-akka.actor.default-dispatcher-51 - POST /api/login returned 401 org.elastic4play.AuthenticationError: Authentication failure at org.elastic4play.services.auth.MultiAuthSrv$$anonfun$authenticate$3.applyOrElse(MultiAuthSrv.scala:57) at org.elastic4play.services.auth.MultiAuthSrv$$anonfun$authenticate$3.applyOrElse(MultiAuthSrv.scala:57) at scala.concurrent.Future.$anonfun$recoverWith$1(Future.scala:414) at scala.concurrent.impl.Promise.$anonfun$transformWith$1(Promise.scala:37) at scala.concurrent.impl.CallbackRunnable.run(Promise.scala:60) at akka.dispatch.BatchingExecutor$AbstractBatch.processBatch(BatchingExecutor.scala:55) at akka.dispatch.BatchingExecutor$BlockableBatch.$anonfun$run$1(BatchingExecutor.scala:91) at scala.runtime.java8.JFunction0$mcV$sp.apply(JFunction0$mcV$sp.java:12) at scala.concurrent.BlockContext$.withBlockContext(BlockContext.scala:81) at akka.dispatch.BatchingExecutor$BlockableBatch.run(BatchingExecutor.scala:91) at akka.dispatch.TaskInvocation.run(AbstractDispatcher.scala:40) at akka.dispatch.ForkJoinExecutorConfigurator$AkkaForkJoinTask.exec(ForkJoinExecutorConfigurator.scala:43) at akka.dispatch.forkjoin.ForkJoinTask.doExec(ForkJoinTask.java:260) at akka.dispatch.forkjoin.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1339) at akka.dispatch.forkjoin.ForkJoinPool.runWorker(ForkJoinPool.java:1979) at akka.dispatch.forkjoin.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:107) 2018-09-10 18:18:18,251 [INFO] from org.elastic4play.ErrorHandler in application-akka.actor.default-dispatcher-51 - POST /api/login returned 401 org.elastic4play.AuthenticationError: Authentication failure at org.elastic4play.services.auth.MultiAuthSrv$$anonfun$authenticate$3.applyOrElse(MultiAuthSrv.scala:57) at org.elastic4play.services.auth.MultiAuthSrv$$anonfun$authenticate$3.applyOrElse(MultiAuthSrv.scala:57) at scala.concurrent.Future.$anonfun$recoverWith$1(Future.scala:414) at scala.concurrent.impl.Promise.$anonfun$transformWith$1(Promise.scala:37) at scala.concurrent.impl.CallbackRunnable.run(Promise.scala:60) at akka.dispatch.BatchingExecutor$AbstractBatch.processBatch(BatchingExecutor.scala:55) at akka.dispatch.BatchingExecutor$BlockableBatch.$anonfun$run$1(BatchingExecutor.scala:91) at scala.runtime.java8.JFunction0$mcV$sp.apply(JFunction0$mcV$sp.java:12) at scala.concurrent.BlockContext$.withBlockContext(BlockContext.scala:81) at akka.dispatch.BatchingExecutor$BlockableBatch.run(BatchingExecutor.scala:91) at akka.dispatch.TaskInvocation.run(AbstractDispatcher.scala:40) at akka.dispatch.ForkJoinExecutorConfigurator$AkkaForkJoinTask.exec(ForkJoinExecutorConfigurator.scala:43) at akka.dispatch.forkjoin.ForkJoinTask.doExec(ForkJoinTask.java:260) at akka.dispatch.forkjoin.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1339) at akka.dispatch.forkjoin.ForkJoinPool.runWorker(ForkJoinPool.java:1979) at akka.dispatch.forkjoin.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:107) 2018-09-10 18:18:21,855 [INFO] from org.elastic4play.ErrorHandler in application-akka.actor.default-dispatcher-58 - POST /api/login returned 401 org.elastic4play.AuthenticationError: Authentication failure at org.elastic4play.services.auth.MultiAuthSrv$$anonfun$authenticate$3.applyOrElse(MultiAuthSrv.scala:57) at org.elastic4play.services.auth.MultiAuthSrv$$anonfun$authenticate$3.applyOrElse(MultiAuthSrv.scala:57) at scala.concurrent.Future.$anonfun$recoverWith$1(Future.scala:414) at scala.concurrent.impl.Promise.$anonfun$transformWith$1(Promise.scala:37) at scala.concurrent.impl.CallbackRunnable.run(Promise.scala:60) at akka.dispatch.BatchingExecutor$AbstractBatch.processBatch(BatchingExecutor.scala:55) at akka.dispatch.BatchingExecutor$BlockableBatch.$anonfun$run$1(BatchingExecutor.scala:91) at scala.runtime.java8.JFunction0$mcV$sp.apply(JFunction0$mcV$sp.java:12) at scala.concurrent.BlockContext$.withBlockContext(BlockContext.scala:81) at akka.dispatch.BatchingExecutor$BlockableBatch.run(BatchingExecutor.scala:91) at akka.dispatch.TaskInvocation.run(AbstractDispatcher.scala:40) at akka.dispatch.ForkJoinExecutorConfigurator$AkkaForkJoinTask.exec(ForkJoinExecutorConfigurator.scala:43) at akka.dispatch.forkjoin.ForkJoinTask.doExec(ForkJoinTask.java:260) at akka.dispatch.forkjoin.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1339) at akka.dispatch.forkjoin.ForkJoinPool.runWorker(ForkJoinPool.java:1979) at akka.dispatch.forkjoin.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:107) 2018-09-10 18:21:13,417 [INFO] from play.core.server.AkkaHttpServer in Thread-9 - Stopping server... 2018-09-10 18:21:13,422 [INFO] from akka.actor.CoordinatedShutdown in application-akka.actor.default-dispatcher-45 - Starting coordinated shutdown from JVM shutdown hook 2018-09-10 18:21:13,504 [INFO] from org.elastic4play.ErrorHandler in application-akka.actor.default-dispatcher-66 - GET /api/stream/Y4842qjqBF returned 500 akka.pattern.AskTimeoutException: Ask timed out on [ActorSelection[Anchor(akka://application/), Path(/user/stream-Y4842qjqBF)]] after [62000 ms]. Sender[null] sent message of type "services.StreamActor$GetOperations$". at akka.pattern.PromiseActorRef$.$anonfun$apply$1(AskSupport.scala:601) at akka.actor.Scheduler$$anon$4.run(Scheduler.scala:140) at akka.actor.LightArrayRevolverScheduler$TaskHolder.run(LightArrayRevolverScheduler.scala:337) at akka.actor.LightArrayRevolverScheduler.$anonfun$close$1(LightArrayRevolverScheduler.scala:141) at akka.actor.LightArrayRevolverScheduler.$anonfun$close$1$adapted(LightArrayRevolverScheduler.scala:140) at scala.collection.Iterator.foreach(Iterator.scala:929) at scala.collection.Iterator.foreach$(Iterator.scala:929) at scala.collection.AbstractIterator.foreach(Iterator.scala:1417) at scala.collection.IterableLike.foreach(IterableLike.scala:71) at scala.collection.IterableLike.foreach$(IterableLike.scala:70) at scala.collection.AbstractIterable.foreach(Iterable.scala:54) at akka.actor.LightArrayRevolverScheduler.close(LightArrayRevolverScheduler.scala:140) at akka.actor.ActorSystemImpl.stopScheduler(ActorSystem.scala:855) at akka.actor.ActorSystemImpl.$anonfun$_start$1(ActorSystem.scala:794) at scala.runtime.java8.JFunction0$mcV$sp.apply(JFunction0$mcV$sp.java:12) at akka.actor.ActorSystemImpl$$anon$3.run(ActorSystem.scala:810) at akka.actor.ActorSystemImpl$TerminationCallbacks$$anonfun$addRec$1$1.applyOrElse(ActorSystem.scala:987) at akka.actor.ActorSystemImpl$TerminationCallbacks$$anonfun$addRec$1$1.applyOrElse(ActorSystem.scala:987) at scala.concurrent.Future.$anonfun$andThen$1(Future.scala:533) at scala.concurrent.impl.Promise.liftedTree1$1(Promise.scala:29) at scala.concurrent.impl.Promise.$anonfun$transform$1(Promise.scala:29) at scala.concurrent.impl.CallbackRunnable.run(Promise.scala:60) at akka.dispatch.BatchingExecutor$AbstractBatch.processBatch(BatchingExecutor.scala:55) at akka.dispatch.BatchingExecutor$BlockableBatch.$anonfun$run$1(BatchingExecutor.scala:91) at scala.runtime.java8.JFunction0$mcV$sp.apply(JFunction0$mcV$sp.java:12) at scala.concurrent.BlockContext$.withBlockContext(BlockContext.scala:81) at akka.dispatch.BatchingExecutor$BlockableBatch.run(BatchingExecutor.scala:91) at akka.dispatch.TaskInvocation.run(AbstractDispatcher.scala:40) at akka.dispatch.ForkJoinExecutorConfigurator$AkkaForkJoinTask.exec(ForkJoinExecutorConfigurator.scala:43) at akka.dispatch.forkjoin.ForkJoinTask.doExec(ForkJoinTask.java:260) at akka.dispatch.forkjoin.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1339) at akka.dispatch.forkjoin.ForkJoinPool.runWorker(ForkJoinPool.java:1979) at akka.dispatch.forkjoin.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:107) 2018-09-10 18:21:20,434 [INFO] from org.reflections.Reflections in main - Reflections took 183 ms to scan 5 urls, producing 116 keys and 1174 values 2018-09-10 18:21:20,468 [INFO] from module in main - Loading model class models.CaseModel 2018-09-10 18:21:20,470 [INFO] from module in main - Loading model class org.elastic4play.services.DBListModel 2018-09-10 18:21:20,470 [INFO] from module in main - Loading model class models.ArtifactModel 2018-09-10 18:21:20,471 [INFO] from module in main - Loading model class models.DashboardModel 2018-09-10 18:21:20,471 [INFO] from module in main - Loading model class models.AlertModel 2018-09-10 18:21:20,471 [INFO] from module in main - Loading model class connectors.cortex.models.JobModel 2018-09-10 18:21:20,471 [INFO] from module in main - Loading model class models.UserModel 2018-09-10 18:21:20,472 [INFO] from module in main - Loading model class org.elastic4play.services.AttachmentModel 2018-09-10 18:21:20,472 [INFO] from module in main - Loading model class models.AuditModel 2018-09-10 18:21:20,472 [INFO] from module in main - Loading model class models.TaskModel 2018-09-10 18:21:20,472 [INFO] from module in main - Loading model class connectors.cortex.models.ReportTemplateModel 2018-09-10 18:21:20,473 [INFO] from module in main - Loading model class models.LogModel 2018-09-10 18:21:20,473 [INFO] from module in main - Loading model class models.CaseTemplateModel 2018-09-10 18:21:22,457 [INFO] from akka.event.slf4j.Slf4jLogger in application-akka.actor.default-dispatcher-3 - Slf4jLogger started 2018-09-10 18:21:23,074 [INFO] from org.elasticsearch.plugins.PluginsService in main - no modules loaded 2018-09-10 18:21:23,078 [INFO] from org.elasticsearch.plugins.PluginsService in main - loaded plugin [org.elasticsearch.index.reindex.ReindexPlugin] 2018-09-10 18:21:23,079 [INFO] from org.elasticsearch.plugins.PluginsService in main - loaded plugin [org.elasticsearch.join.ParentJoinPlugin] 2018-09-10 18:21:23,080 [INFO] from org.elasticsearch.plugins.PluginsService in main - loaded plugin [org.elasticsearch.percolator.PercolatorPlugin] 2018-09-10 18:21:23,080 [INFO] from org.elasticsearch.plugins.PluginsService in main - loaded plugin [org.elasticsearch.script.mustache.MustachePlugin] 2018-09-10 18:21:23,080 [INFO] from org.elasticsearch.plugins.PluginsService in main - loaded plugin [org.elasticsearch.transport.Netty3Plugin] 2018-09-10 18:21:23,080 [INFO] from org.elasticsearch.plugins.PluginsService in main - loaded plugin [org.elasticsearch.transport.Netty4Plugin] 2018-09-10 18:21:24,281 [INFO] from io.netty.util.internal.PlatformDependent in main - Your platform does not provide complete low-level API for accessing direct buffers reliably. Unless explicitly requested, heap buffer will always be preferred to avoid potential system instability. 2018-09-10 18:21:26,028 [INFO] from play.api.Play in main - Application started (Prod) 2018-09-10 18:21:26,490 [INFO] from play.core.server.AkkaHttpServer in main - Listening for HTTPS on /0:0:0:0:0:0:0:0:9443
Any help would be greatly appreciated.
@XiQshoner is TheHive running? Do you see the little green outer circle surrounding the Cortex logo at the bottom right side of TheHive's Web UI after authenticating? Do you see its name and version when clicking on your username on TheHive's Web UI and clicking on About after authenticating on TheHive?
Thanks for the reply @saadkadhi. TheHive is running, I do not see a green outer circle surrounding the Cortex logo at the bottom right side of TheHive's UI after authenticating. See below screenshot for the about page:
Edit:
Adding the Cortex about page as well if relevant:
That means that TheHive does not load your custom config file /opt/thehive/conf/application.conf
. To do so, call TheHive using the following command line or customise your service file to do something similar:
$ sudo bin/thehive -Dconfig.file=/opt/thehive/conf/application.conf
Hi Saad,
This is where I really get confused. Should I be using the configuration file located at /opt/thehive/conf/application.conf? Or /etc/thehive/application.conf? When I run TheHive instance I run the following command: sudo bin/thehive -Dconfig.file=/etc/thehive/application.conf
However all of the elasticsearch and default params are located at /opt/thehive/conf/application.conf
I am so confused. The documentation tells me to use the etc/thehive/application.conf file yet you are telling em to use the opt/thehive/conf/application.conf.
Thanks, Eddie
On Mon, Sep 10, 2018 at 10:01 PM Saad Kadhi notifications@github.com wrote:
That means that TheHive does not load your custom config file /opt/thehive/conf/application.conf. To do so, call TheHive using the following command line or customise your service file to do something similar:
$ sudo bin/thehive -Dconfig.file=/opt/thehive/conf/application.conf
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/TheHive-Project/TheHive/issues/154#issuecomment-420139120, or mute the thread https://github.com/notifications/unsubscribe-auth/AOnmCyzVH1KNqUf1Yv_efPFMS7bB5KNoks5uZzWJgaJpZM4Mmvou .
@XiQshoner either use /etc/thehive/application.conf
for simplicity and put everything there or store the file in any other location and give TheHive the -Dconfig.file
directive to point it to your conf file. TheHive can use only one config file and it uses by default, unless specified otherwise, /etc/thehive/application.conf
Ok. I have been using the etc/thehive/application.conf. However, anytime I add any of the parameters from the installation guide it breaks the server....
My config file currently looks like this:
search {
index = the_hive
cluster = hive
host = ["127.0.0.1:9300"]
keepalive = 1m
pagesize = 50
nbshards = 5
nbreplicas = 1
settings {
mapping.nested_fields.limit = 100
}
datastore { name = data
chunksize = 50k hash {
main = "SHA-256"
# Additional hash algorithms (used in attachments)
extra = ["SHA-1", "MD5"]
} attachment.password = "malware" }
play.modules.enabled += connectors.cortex.CortexConnector
cortex { "CORTEX-SERVER-ID" {
url = "http://localhost:9001"
# Key of the Cortex user, mandatory for Cortex 2
key = "qT3/9oLTylVq5AE9O38TG1KDi9MV5L76"
}
same key! play.http.secret.key=""
http.port=disabled
https.port: 9443 play.server.https.keyStore { path: "/opt/thehive/keystore.jks" type: "JKS" password: "thehive" }
On Tue, Sep 11, 2018 at 10:03 AM Saad Kadhi notifications@github.com wrote:
@XiQshoner https://github.com/XiQshoner either use /etc/thehive/application.conf for simplicity and put everything there or store the file in any other location and give TheHive the -Dconfig.file directive to point it to your conf file. TheHive can use only one config file and it uses by default, unless specified otherwise, /etc/thehive/application.conf
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/TheHive-Project/TheHive/issues/154#issuecomment-420326886, or mute the thread https://github.com/notifications/unsubscribe-auth/AOnmC3ECI5UVvAspjpTf2nKldqGJGPZWks5uZ97FgaJpZM4Mmvou .
When run the sudo bin/thehive -Dconfig.file=/etc/thehive/application.conf with the above config i receive the following error message:
Oops, cannot start the server. Configuration error: Configuration error[/etc/thehive/application.conf: 69: expecting a close parentheses ')' here, not: end of file]
I added another closed "}" at line 68 but it still complains. I am sorry to keep harping you with this. My Linux skill set isn't good and I am learning at every step.
On Tue, Sep 11, 2018 at 10:24 AM Edward Brown eddie.brown1986@gmail.com wrote:
Ok. I have been using the etc/thehive/application.conf. However, anytime I add any of the parameters from the installation guide it breaks the server....
My config file currently looks like this:
Elasticsearch
search {
Name of the index
index = the_hive
Name of the Elasticsearch cluster
cluster = hive
Address of the Elasticsearch instance
host = ["127.0.0.1:9300"]
Scroll keepalive
keepalive = 1m
Size of the page for scroll
pagesize = 50
Number of shards
nbshards = 5
Number of replicas
nbreplicas = 1
Arbitrary settings
settings {
Maximum number of nested fields
mapping.nested_fields.limit = 100
}
Datastore
datastore { name = data
Size of stored data chunks
chunksize = 50k hash {
Main hash algorithm /!\ Don't change this value
main = "SHA-256" # Additional hash algorithms (used in attachments) extra = ["SHA-1", "MD5"]
} attachment.password = "malware" }
Enable the Cortex module
play.modules.enabled += connectors.cortex.CortexConnector
cortex { "CORTEX-SERVER-ID" {
URL of the Cortex server
url = "http://localhost:9001" # Key of the Cortex user, mandatory for Cortex 2 key = "qT3/9oLTylVq5AE9O38TG1KDi9MV5L76"
}
Secret key
~The secret key is used to secure cryptographics functions.
If you deploy your application to several instances be sure to use the
same key!
play.http.secret.key="DzEgZ8CgCNdzkskImkt9jdEjLtOJsAK1bZQa2i2kfMW2p53WDtfPDLhwbS0Ue0IF"
http.port=disabled
https.port: 9443 play.server.https.keyStore { path: "/opt/thehive/keystore.jks" type: "JKS" password: "thehive" }
On Tue, Sep 11, 2018 at 10:03 AM Saad Kadhi notifications@github.com wrote:
@XiQshoner https://github.com/XiQshoner either use /etc/thehive/application.conf for simplicity and put everything there or store the file in any other location and give TheHive the -Dconfig.file directive to point it to your conf file. TheHive can use only one config file and it uses by default, unless specified otherwise, /etc/thehive/application.conf
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/TheHive-Project/TheHive/issues/154#issuecomment-420326886, or mute the thread https://github.com/notifications/unsubscribe-auth/AOnmC3ECI5UVvAspjpTf2nKldqGJGPZWks5uZ97FgaJpZM4Mmvou .
There's a }
missing in the search section, I think. You've removed the X-Pack settings etc. but also the last }
.
Sorry for editing your comment, thought I can add markdown, but thats completely disabled for email answers.
@XiQshoner please post further questions on Gitter or our Google user group as this is clearly a troubleshooting problem rather than a bug.
@saadkadhi I can't thank you enough for sticking with me. Really do appreciate you assistance on this.
Hi! i have this output
{"type":"AuthenticationError","message":"Authentication failure"}r
Hi! i have this output
{"type":"AuthenticationError","message":"Authentication failure"}r
I have the same error
Request Type
Bug
Work Environment
Problem Description
Importing report-templates.zip in report templates management page is not working. Zip file is uploaded but no reports are shown
Steps to Reproduce