Using docker to deploy thehive stack with cassandra, elasticsearch and minio. Can successfully login to thehive with default creds admin/secret on master node. When another thehive instance is connected to the master seed in cluster, it starts showing Authentication Failure message on default creds.
Below are the logs on auth failure.
Complementary information
root-thehive-1 | [info] o.t.t.c.c.s.CortexDataImportActor [|] Analyzer templates already present (found 215), skipping
root-thehive-1 | [warn] o.t.s.m.Database [a84dc17c3f2af381|53c0620acb105433] Index refers to the non-existent vertex ~24816. Removing the document from index.
root-thehive-1 | [warn] o.t.s.u.Retry [a84dc17c3f2af381|8c78e8b23fa34143] An error occurs (org.thp.scalligraph.models.DatabaseException: org.thp.scalligraph.MissingLabelError: Missing label on vertex ~24816 (expected: User)), retrying (1/6)
root-thehive-1 | [warn] o.t.t.s.TOTPAuthSrv [a84dc17c3f2af381|8c78e8b23fa34143] session fails: org.thp.scalligraph.NotSupportedError: Operation not supported
root-thehive-1 | [warn] o.t.t.s.TOTPAuthSrv [a84dc17c3f2af381|8c78e8b23fa34143] basic fails: org.thp.scalligraph.NotSupportedError: Operation not supported
root-thehive-1 | [warn] o.t.t.s.TOTPAuthSrv [a84dc17c3f2af381|8c78e8b23fa34143] local fails: org.thp.scalligraph.AuthenticationError: Authentication failure
root-thehive-1 | [warn] o.t.t.s.TOTPAuthSrv [a84dc17c3f2af381|8c78e8b23fa34143] key fails: org.thp.scalligraph.NotSupportedError: Operation not supported
root-thehive-1 | [error] o.t.s.auth [a84dc17c3f2af381|6128dfcfaba4a738] Failed password for admin
root-thehive-1 | [info] o.t.s.AccessLogFilter [a84dc17c3f2af381|36583d3c18f57c94] 192.168.0.143 POST /api/v1/login took 2306ms and returned 401 65 bytes
root-thehive-1 | [info] o.t.s.AccessLogFilter [248e23a83a3586e7|52e68723eb5e3318] 192.168.0.143 GET /api/v1/user/current took 1ms and returned 401 65 bytes
root-thehive-1 | [info] o.t.s.AccessLogFilter [7642db5b9b676ed0|e19c752d800fad15] 192.168.0.143 GET /static/fonts/Montserrat/Montserrat-SemiBold.ttf took 13ms and returned 304 0 bytes
Request Type
Bug
Work Environment
Problem Description
Using docker to deploy thehive stack with cassandra, elasticsearch and minio. Can successfully login to thehive with default creds admin/secret on master node. When another thehive instance is connected to the master seed in cluster, it starts showing Authentication Failure message on default creds.
Below are the logs on auth failure.
Complementary information
docker-compose.yml
application.conf