[Bug] Cannot delete ObservabelDataType

[DanteDevil89]

Request Type

Bug

Work Environment

Question	Answer
OS version (server)	Ubuntu
Virtualized Env.	True
Dedicated RAM	4 GB
vCPU	4
TheHive version / git hash	4.1.24,
Package Type	Docker
Database	Cassandra 3.11
Index type	Elasticsearch 7.17.7
Attachments storage	Local

Problem Description

Describe the problem/bug as clearly as possible.

Steps to Reproduce

1. I did a full docker install with Thehive, CassandraDB, ElasticSearch.

2. I have created the New Organization.

3. I Migrated the db from TheHive 3.5.

4. After restarting docker compose I found:

   • the organization of the old DB (set in the migration);
   • the New Organization created before the migration;
   • 2 "admin" organizations with the user admin@thehive.local inside.

5. The observabelDataTypes are all duplicates and if I try to delete it it gives me the following error "AdminObservablesCtrl: Observable Type 4336 is used"

Possible Solutions

Delete the ObservablesDataType directly from the db? How to search it? How to remove it saftely?

Complementary information

DOCKER CONFIG (the commented lines '#' for the migration )

version: '3.8'
services:
  cassandra:
    image: 'cassandra:3.11'
    container_name: cassandra
    environment:
      - MAX_HEAP_SIZE=1G
      - HEAP_NEWSIZE=1G
      - CASSANDRA_CLUSTER_NAME=thp
    volumes:
      - './vol/cassandra/data:/var/lib/cassandra/data'
    networks:
      - proxy
    hostname: cassandra.local

  thehive:
    image: 'thehiveproject/thehive4:latest'
    container_name: thehive4
    #restart: unless-stopped
    depends_on:
      - cassandra
    networks:
      - proxy
    ports:
      #- '0.0.0.0:9999:9000'
      - '0.0.0.0:9000:9000'
    volumes:
      - ./vol/thehive/application.conf:/etc/thehive/application.conf
      - ./vol/thehive/data:/opt/thp/thehive/data
      - ./vol/thehive/index:/opt/thp/thehive/index
    command:
      #- migrate
      #- --output
      #- /etc/thehive/application.conf
      #- --main-organisation
      #- MyOrganisation1
      #- --es-uri
      #- http://IP:9200
      #- --es-index
      #- the_hive
      #- --case-from-date
      #- "20180725"
      #- --alert-from-date
      #- "20210725"
      #- --audit-from-date
      #- "20210725"
      #- --no-config-cortex
      - --no-config

  elasticsearch:
    container_name: elasticsearch
    image: 'elasticsearch:7.17.7'
    environment:
      - ingest.geoip.downloader.enabled=false
      - http.host=0.0.0.0
      - discovery.type=single-node
      - cluster.name=hive
      - script.allowed_types=inline,stored
      - thread_pool.search.queue_size=100000
      - thread_pool.write.queue_size=10000
      - gateway.recover_after_nodes=1
      - xpack.security.enabled=false
      - bootstrap.memory_lock=true
      - 'ES_JAVA_OPTS=-Xms256m -Xmx256m'
    ulimits:
      nofile:
        soft: 65536
        hard: 65536
    networks:
      - proxy
    hostname: elasticsearch.local

networks:
  proxy:
    external: true

THE HIVE APPLICATION CONF

play.http.secret.key="akeyverydifficultbutidontknowwhy"
#play.http.context: "/cortexdev"

auth.defaultUserDomain: "myorgganisation1.com"

storage {
   provider: localfs
   localfs.location: /opt/thp/thehive/data
}

# JanusGraph
db {
  provider: janusgraph
  janusgraph {
    storage {
      backend: cql
      hostname: ["cassandra.local"]

      cql {
        cluster-name: thp       # cluster name
        keyspace: thehive           # name of the keyspace
        read-consistency-level: ONE
        write-consistency-level: ONE
      }
    }

    ## Index configuration
    index {
      search {
        backend : elasticsearch
        hostname : ["elasticsearch.local"]
        index-name : thehive
        elasticsearch {
          http {
            auth {
              type: basic
              basic {
                username: httpuser
                password: httppassword
              }
            }
          }
        }
      }
    }
  }
}