TheHive-Project / Zerofox2TH

Zerofox Alert Feeder for TheHive, an Open Source and Free Security Incident Response Platform
https://thehive-project.org/
GNU Affero General Public License v3.0
36 stars 9 forks source link

Better logging in case of API call error #4

Open vletoux opened 4 years ago

vletoux commented 4 years ago

I'm going through an error I'm trying to debug. Indeed, when I got an alert, nothing is inserted into TheHive. So I added the debugging. Unfortunately nothing is written

2020-04-08 10:05:03,983 DEBUG    API TheHive - status code: 403
2020-04-08 10:05:03,983 DEBUG    API TheHive - raw error output: b''

The relative code is here: https://github.com/TheHive-Project/Zerofox2TH/blob/master/zf2th.py#L222-L224

Maybe replace the code with: logging.debug('API TheHive - raw error output: {}'.format(vars(response))) can help Indeed, this time I get the full log and then the problem: API TheHive - raw error output: {'_content': b'{"type":"AuthorizationError","message":"Insufficient rights to perform this action"}', '_content_consumed': True, '_next': None, 'status_code': 403, 'headers': {'Date': 'Wed, 08 Apr 2020 11:38:36 GMT', 'Content-Type': 'application/json', 'Content-Length': '84'}, 'raw': <urllib3.response.HTTPResponse object at 0x7f86a3c48780>, 'url': 'http://192.168.0.2:9000/api/alert', 'encoding': None, 'history': [], 'reason': 'Forbidden', 'cookies': <RequestsCookieJar[]>, 'elapsed': datetime.timedelta(0, 0, 6055), 'request': <PreparedRequest [POST]>, 'connection': <requests.adapters.HTTPAdapter object at 0x7f86a3cc22e8>}

vletoux commented 4 years ago

Finally found my root cause problem: the default install of TheHive doesn't allow the admin account to create alert image