search

TheHive-Project / TheHive

TheHive: a Scalable, Open Source and Free Security Incident Response Platform
https://thehive-project.org
GNU Affero General Public License v3.0
3.4k stars 620 forks source link

Custom fields and metrics not present when creating cases from template with API #491

Closed notx11 closed 6 years ago

notx11 commented 6 years ago

Request Type

Bug

Work Environment

Question Answer
OS version (server) Ubuntu 14.04.5 LTS
OS version (client) Windows 10
TheHive version / git hash 3.0.5
Package Type DEB
Browser type & version Chrome 63.0.3239.132 (Official Build) (64-bit)

Problem Description

Custom fields and metrics not present in cases created from template with API. Tasks associated with case template are in tact.

Steps to Reproduce

  1. Manually create case from template that contains custom fields and metrics
  2. Create case using the same template but with the API

Complementary information

-Using custom script to create case from template: https://github.com/dotwayland/urlScan2Hive/blob/master/urlScan.py

Case manipulation begins on line 68.

Screenshot from manual case creation: image

Screenshot from API case creation: image

The following is seen in application.log:

2018-02-12 10:25:25,436 [INFO] from org.elastic4play.ErrorHandler in application-akka.actor.default-dispatcher-12312 - PATCH /api/case/AWGK0CZKS7HgUcB3ldK4 returned 400
org.elastic4play.AttributeCheckingError: [Attribute metrics is missing]
        at org.elastic4play.services.UpdateSrv.$anonfun$checkAttributes$5(UpdateSrv.scala:46)
        at org.scalactic.Bad.fold(Or.scala:1387)
        at org.elastic4play.services.UpdateSrv.checkAttributes(UpdateSrv.scala:46)
        at org.elastic4play.services.UpdateSrv.$anonfun$doUpdate$1(UpdateSrv.scala:52)
        at scala.concurrent.Future.$anonfun$flatMap$1(Future.scala:304)
        at scala.concurrent.impl.Promise.$anonfun$transformWith$1(Promise.scala:37)
        at scala.concurrent.impl.CallbackRunnable.run(Promise.scala:60)
        at akka.dispatch.BatchingExecutor$AbstractBatch.processBatch(BatchingExecutor.scala:55)
        at akka.dispatch.BatchingExecutor$BlockableBatch.$anonfun$run$1(BatchingExecutor.scala:91)
        at scala.runtime.java8.JFunction0$mcV$sp.apply(JFunction0$mcV$sp.java:12)
        at scala.concurrent.BlockContext$.withBlockContext(BlockContext.scala:81)
        at akka.dispatch.BatchingExecutor$BlockableBatch.run(BatchingExecutor.scala:91)
        at akka.dispatch.TaskInvocation.run(AbstractDispatcher.scala:40)
        at akka.dispatch.ForkJoinExecutorConfigurator$AkkaForkJoinTask.exec(ForkJoinExecutorConfigurator.scala:43)
        at akka.dispatch.forkjoin.ForkJoinTask.doExec(ForkJoinTask.java:260)
        at akka.dispatch.forkjoin.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1339)
        at akka.dispatch.forkjoin.ForkJoinPool.runWorker(ForkJoinPool.java:1979)
        at akka.dispatch.forkjoin.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:107)
nadouani commented 6 years ago

What's the name of the template? Email - Suspect Phishing?

notx11 commented 6 years ago

Correct - I forgot to include this info originally.

notx11 commented 6 years ago

The problem was solved for me by explicitly specifying the description field when calling the update_case function in the API.

nadouani commented 6 years ago

So is this resolved?

notx11 commented 6 years ago

Looks good from my perspective. I noticed someone else on the list experienced similar symptoms so I am unsure if this also applies to their situation.