search

TheHive-Project / TheHive

TheHive: a Scalable, Open Source and Free Security Incident Response Platform
https://thehive-project.org
GNU Affero General Public License v3.0
3.39k stars 618 forks source link

Taxonomies are not showing in new case #2310

Open priamai opened 2 years ago

priamai commented 2 years ago

Request Type

Bug

Work Environment

Ubuntu

Scalligraph0.1.0-SNAPSHOT TheHive4.1.16-1 Play2.8.7 CORTEX local - 3.1.1-1 (OK)

Problem Description

I have imported several taxonomies from the MISP repositories but when I create a Case they are not visible.

Steps to Reproduce

  1. Import MISP taxonomies as the admin
  2. Verify that they are imported
  3. Log into an organization
  4. Create a new case
  5. Select tags, import library
  6. Observe there is no such list

Possible Solutions

I also restarted thehive but no luck.

Complementary information

See screenshots.

image

image

image

priamai commented 2 years ago

I believe it was related to this change.

Request URL: http://[yourip]:9000/api/v1/query?name=list-taxonomies-cache
Response: []

Because the API returns an empty list:

image

image

image

ATCATT commented 2 years ago

I just had this same issue.

I stood up 4.1.18 and it was working, then had to stand it up again on a different OS and it wasn't working. Out of curiosity I gave something a try and it fixed the problem for me.

Here's what happened and how I fixed it: I created a custom ZIP of taxonomies, which I uploaded to the 2nd Hive 4 instance, but I did NOT upload the misp library of taxonomies. Once I also imported the misp library of taxonomies -- didn't even need to turn any of them on -- my custom list (which I'd already enabled) started showing up as expected in cases.

Unconfirmed Possible Cause: I suspect the files I copied out of the misp archive to create my custom one still had a reference to something only in the original misp one. That or there's a bug in TheHive where it's expecting something that isn't in the custom collection.

I created the custom archive by copying the misp one in its entirety, deleting all the subfolders, creating my own (with json), and then modifying the MANIFEST.json and summary.md.

nrrpinto commented 2 years ago

I've created custom taxonomies. With root MINIFEST.json, schema_mapping.json, and schema.json. Then several folders with the custom taxonomy following the MISP Taxonomy format: https://tools.ietf.org/id/draft-dulaunoy-misp-taxonomy-format-07.html

The first time I did it, it worked. Now when I make changes to the taxonomy, the changes are not reflected on the frontend of the application.

priamai commented 2 years ago

I just had this same issue.

I stood up 4.1.18 and it was working, then had to stand it up again on a different OS and it wasn't working. Out of curiosity I gave something a try and it fixed the problem for me.

Here's what happened and how I fixed it: I created a custom ZIP of taxonomies, which I uploaded to the 2nd Hive 4 instance, but I did NOT upload the misp library of taxonomies. Once I also imported the misp library of taxonomies -- didn't even need to turn any of them on -- my custom list (which I'd already enabled) started showing up as expected in cases.

Unconfirmed Possible Cause: I suspect the files I copied out of the misp archive to create my custom one still had a reference to something only in the original misp one. That or there's a bug in TheHive where it's expecting something that isn't in the custom collection.

I created the custom archive by copying the misp one in its entirety, deleting all the subfolders, creating my own (with json), and then modifying the MANIFEST.json and summary.md.

That is quite elaborate, would you mind uploading the file structure of the working solution?