I am trying to integrate CrowdStrike into TheHive using thehive-falcon, but it is not working. Line 148 in the pyfalcon.py shows the code is using authentication method "cs-hmac" which is what the api version 1 uses. This is why I believe I am getting the authentication error returned when thehive-falcon tries to connect to the Crowdstrike API. I am using OAuth2-Based API credentials that is why.
Please can the script be updated with OAuth2-Based API authentication method? Our environment only allows OAuth2-Based API. Also, API Key Based will be decommissioned on 10/29/2020. CrowdStrike is urging all the clients to use OAuth2-Based API.
Below is the error message I get when I run the script:
thehive-falcon]$ python thehive_falcon.py falcon_config.json thehive_config.json
TheHive-Falcon: 2020-10-01 17:35:08,924 Starting Falcon streaming api integration script for TheHive...
TheHive-Falcon: 2020-10-01 17:35:08,976 Starting Falcon streaming api script...
TheHive-Falcon: 2020-10-01 17:35:08,976 Connecting to the Falcon streaming api.
TheHive-Falcon: 2020-10-01 17:35:08,976 Connecting to the streaming api with date stamp:Thu, 01 Oct 2020 21:35:08 GMT
TheHive-Falcon: 2020-10-01 17:35:08,983 Connecting to Falcon streaming API using TLS.
TheHive-Falcon: 2020-10-01 17:35:09,300 Errors in data stream response:
{
"errors": [
{
"code": 401,
"message": "Not authorized"
}
]
}
Traceback (most recent call last):
File "/users_home/test_user/thehive-falcon/pyfalcon.py", line 172, in connect
raise
TypeError: exceptions must be old-style classes or derived from BaseException, not NoneType
TheHive-Falcon: 2020-10-01 17:35:09,317 exceptions must be old-style classes or derived from BaseException, not NoneType
Traceback (most recent call last):
File "/users_home/test_user/thehive-falcon/pyfalcon.py", line 172, in connect
raise
TypeError: exceptions must be old-style classes or derived from BaseException, not NoneType
Hi Michael
I find thehive-falcon very useful.
I am trying to integrate CrowdStrike into TheHive using thehive-falcon, but it is not working. Line 148 in the pyfalcon.py shows the code is using authentication method "cs-hmac" which is what the api version 1 uses. This is why I believe I am getting the authentication error returned when thehive-falcon tries to connect to the Crowdstrike API. I am using OAuth2-Based API credentials that is why.
Please can the script be updated with OAuth2-Based API authentication method? Our environment only allows OAuth2-Based API. Also, API Key Based will be decommissioned on 10/29/2020. CrowdStrike is urging all the clients to use OAuth2-Based API.
Below is the error message I get when I run the script: thehive-falcon]$ python thehive_falcon.py falcon_config.json thehive_config.json TheHive-Falcon: 2020-10-01 17:35:08,924 Starting Falcon streaming api integration script for TheHive... TheHive-Falcon: 2020-10-01 17:35:08,976 Starting Falcon streaming api script... TheHive-Falcon: 2020-10-01 17:35:08,976 Connecting to the Falcon streaming api. TheHive-Falcon: 2020-10-01 17:35:08,976 Connecting to the streaming api with date stamp:Thu, 01 Oct 2020 21:35:08 GMT TheHive-Falcon: 2020-10-01 17:35:08,983 Connecting to Falcon streaming API using TLS. TheHive-Falcon: 2020-10-01 17:35:09,300 Errors in data stream response: { "errors": [ { "code": 401, "message": "Not authorized" } ] } Traceback (most recent call last): File "/users_home/test_user/thehive-falcon/pyfalcon.py", line 172, in connect raise TypeError: exceptions must be old-style classes or derived from BaseException, not NoneType TheHive-Falcon: 2020-10-01 17:35:09,317 exceptions must be old-style classes or derived from BaseException, not NoneType Traceback (most recent call last): File "/users_home/test_user/thehive-falcon/pyfalcon.py", line 172, in connect raise TypeError: exceptions must be old-style classes or derived from BaseException, not NoneType