search

ail-project / ail-framework

AIL framework - Analysis Information Leak framework
GNU Affero General Public License v3.0
561 stars 80 forks source link

Can't figure out the problem with TheHive pushes? #218

Closed xme closed 5 months ago

xme commented 5 months ago

I re-enabled the creation of alerts in TheHive after my AIL upgrade but, after a first hit, I got that error. Any idea?

Module MISP_Thehive_Auto_Push initialized
Alert create error: HTTPSConnectionPool(host='xxxxxxxxx', port=443): Max retries exceeded with url: /api/alert (Caused by SSLError(SSLEOFError(8, 'EOF occurred in violation of protocol (_ssl.c:2426)')))
hive connection error
Alert Created
--- Logging error ---
Traceback (most recent call last):
  File "/usr/lib/python3.10/logging/__init__.py", line 1100, in emit
    msg = self.format(record)
  File "/usr/lib/python3.10/logging/__init__.py", line 943, in format
    return fmt.format(record)
  File "/usr/lib/python3.10/logging/__init__.py", line 678, in format
    record.message = record.getMessage()
  File "/usr/lib/python3.10/logging/__init__.py", line 368, in getMessage
    msg = msg % self.args
TypeError: not all arguments converted during string formatting
Call stack:
  File "/opt/ail-framework/bin/modules/./MISP_Thehive_Auto_Push.py", line 76, in <module>
    module.run()
  File "/opt/ail-framework/bin/modules/abstract_module.py", line 172, in run
    self.compute(message)
  File "/opt/ail-framework/bin/modules/./MISP_Thehive_Auto_Push.py", line 71, in compute
    self.logger.info('thehive Pushed:', tag, '->', item_id)
Message: 'thehive Pushed:'
Arguments: ('to_thehive', '->', 'urlextract/2024/03/31/xxxxxxxxxxxxxxxxx.gz')
adulau commented 5 months ago

I remember a similar issue with the TLS handshake and I solved it with a python3 -m pip install certifi not sure if it's the same in your infra.

Terrtia commented 5 months ago

Hey @xme !

Shoud be fixed with a282354fce511f3d8af6ed5587d9edb07d94b59a

xme commented 5 months ago

Tx, will test asap!