The Hive RESETS connection when using the API for creating an Alert

[Xumeiquer]

Request Type

Bug

Work Environment

Question	Answer
OS version (server)	Ubuntu (Trainning OVA)
OS version (client)	Debian 9
TheHive version / git hash	3.0.9
Python version	3.5.3
Package Type
Browser type & version

Problem Description

I have a setup that uses Thehive4py (Python3) that creates alerts with IP artifacts, but sometimes with Files artifacts. I usually use one artifact per alert. When I create an Alert with an IP artifact everything works fine, but unfortunately when I create an alert with File artifact I get an exception (Alert create error: ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer'))). I have also debugged the comunication with Wireshark and I've found that The Hive is sending TCP packages with the reset flag so I am unable to create an Alert.

Steps to Reproduce

In a python shell:

from thehive4py.models import Alert
from thehive4py.models import AlertArtifact
from thehive4py.api import TheHiveApi

api = TheHiveApi("http://192.168.X.X:9000", "xxxxxxxxxxxxxxx")
arti = AlertArtifact(dataType="file", data="/tmp/file.zip")
alert = Alert(title="Testing TheHive", description="Dummy test", source="File", artifacts=[arti], sourceRef="123123", type="File")
api.create_alert(alert)

Complementary information

screenshots

[To-om]

Are there any related logs in application.log ? What is the size of the file ?

[Xumeiquer]

No logs show up in application.conf. About the file size they ara arround 1Mb o 2Mb.

[michlschmid]

Same error here with a ~4MB EML as attachment.

Any news on that? ...or logs to have a look at? ;-)

[michlschmid]

FYI: I also get an error when I try to run the Cortex EmlParser_1_2 on that file: Unexpected Error: 'utf-8' codec can't decode byte 0xd0 in position 0: invalid continuation byte