search

badarsebard / terraform-provider-xsoar

Apache License 2.0
9 stars 3 forks source link

Error: Creating Account Integration #9

Closed Xboarder56 closed 1 year ago

Xboarder56 commented 1 year ago

I’m getting a generic xsoar 200 error when trying to make an account level integration identical to this resource example below. Removing account and letting it create at the master tenant however works just fine.

xsoar build 6.10 - multi tenant

resource "xsoar_integration_instance" "threatcentral1" {
  name               = "threatcentral_instance_1"
  integration_name   = "threatcentral"
  propagation_labels = ["all"]
  account            = xsoar_account.acc1.name
  config = {
    APIAddress : "https://threatcentral.io/tc/rest/summaries"
    APIKey : "123"
    useproxy : "true"
  }
}
badarsebard commented 1 year ago

Can you post the output of the error?

Xboarder56 commented 1 year ago

It's just the generic API error you typically get from XSOAR when making a bad request. I see this sometimes in some python scripts I make that utilize the API when something is missing like in the payload/bad API endpoint/method.

Pulled this by enabling debug for terraform and running the apply. Typically without debug it will just loop until it times out trying the request over and over.

2023-02-15T18:18:34.652-0800 [DEBUG] provider.terraform-provider-xsoar_v0.3.61.exe: 2023/02/15 18:18:34 code: 200 status: 200 OK headers: map[Accept-Ranges:[bytes] Content-Type:[text/html; charset=utf-8] Date:[Thu, 16 Feb 2023 02:18:34 GMT] Last-Modified:[Thu, 01 Dec 2022 10:34:58 GMT] Server-Timing:[169] Strict-Transport-Security:[max-age=10886400000000000; includeSubDomains] Vary:[Accept-Encoding] X-Content-Type-Options:[nosniff] X-Frame-Options:[DENY] X-Xss-Protection:[1; mode=block]] body: <!doctype html><html lang="en"><head><title>Cortex XSOAR</title><meta charset="utf-8"><meta name="description" content="Cortex XSOAR"><meta name="keywords" content="security,incident response,attack playback,forensics"><meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=1"><link rel="shortcut icon" href="/favicon.ico?v=1669890354308"><link href="/assets/light-bundle-1669890354308.css?v=1669890354308" rel="stylesheet"></head><body><div id="app"></div><script src="/assets/light-bundle-1669890354308.js?v=1669890354308"></script></body></html>

2023-02-15T18:18:34.652-0800 [DEBUG] provider.terraform-provider-xsoar_v0.3.61.exe: 2023/02/15 18:18:34 undefined response type

badarsebard commented 1 year ago

So the HTML content looks like the redirect you sometimes get with a bad API endpoint. Have you verified the host you're testing on is enabled for MT and the account is there and active? You should also try grabbing the payload in dev tools after creating an integration in the UI. There may be some missing parameters and XSOAR doesn't know what to do with itself. My team is currently using this in production with multi-tenant integrations without issue.

Xboarder56 commented 1 year ago

Are you running 6.10 on any of those MT installations wondering if they tweaked the call at all? It feels like a provider error because the below main.tf file works fine as soon as I remove the account parameter (nothing else changes).

I'm using the same version of the provider to create the accounts just fine (the accounts are on the same XSOAR box so no HA group).

main.tf example of what I'm doing with it failing:

terraform {
  required_version = "~> 1.3.0"

  required_providers {
    xsoar = {
      source  = "badarsebard/xsoar"
      version = "0.3.61"
    }
  }
}

provider "xsoar" {
  main_host = var.host
  api_key   = var.xsoar_api_key
  insecure  = true
}

resource "xsoar_account" "tt1" {
  name            = "TT1"
  account_roles   = ["Administrator"]
  host_group_name = ""
}

resource "xsoar_integration_instance" "example" {
  name               = "foo"
  integration_name   = "threatcentral"
  propagation_labels = ["all"]
  account = xsoar_account.tt1.name
  config = {
    APIAddress : "https://threatcentral.io/tc/rest/summaries"
    APIKey : "123"
    useproxy : "true"
  }
}

Trace Error:

xsoar_integration_instance.example1: Still creating... [7m30s elapsed]
2023-02-15T19:08:16.317-0800 [TRACE] dag/walk: vertex "root" is waiting for "provider[\"registry.terraform.io/badarsebard/xsoar\"] (close)"
2023-02-15T19:08:16.317-0800 [TRACE] dag/walk: vertex "provider[\"registry.terraform.io/badarsebard/xsoar\"] (close)" is waiting for "xsoar_integration_instance.example1"
2023-02-15T19:08:21.322-0800 [TRACE] dag/walk: vertex "provider[\"registry.terraform.io/badarsebard/xsoar\"] (close)" is waiting for "xsoar_integration_instance.example1"
2023-02-15T19:08:21.322-0800 [TRACE] dag/walk: vertex "root" is waiting for "provider[\"registry.terraform.io/badarsebard/xsoar\"] (close)"
2023-02-15T19:08:25.319-0800 [DEBUG] provider.terraform-provider-xsoar_v0.3.61.exe: 2023/02/15 19:08:25 code: 200 status: 200 OK headers: map[Accept-Ranges:[bytes] Content-Type:[text/html; charset=utf-8] Date:[Thu, 16 Feb 2023 03:08:25 GMT] Last-Modified:[Thu, 01 Dec 2022 10:34:58 GMT] Server-Timing:[169] Strict-Transport-Security:[max-age=10886400000000000; includeSubDomains] Vary:[Accept-Encoding] X-Content-Type-Options:[nosniff] X-Frame-Options:[DENY] X-Xss-Protection:[1; mode=block]] body: <!doctype html><html lang="en"><head><title>Cortex XSOAR</title><meta charset="utf-8"><meta name="description" content="Cortex XSOAR"><meta name="keywords" content="security,incident response,attack playback,forensics"><meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=1"><link rel="shortcut icon" href="/favicon.ico?v=1669890354308"><link href="/assets/light-bundle-1669890354308.css?v=1669890354308" rel="stylesheet"></head><body><div id="app"></div><script src="/assets/light-bundle-1669890354308.js?v=1669890354308"></script></body></html>
2023-02-15T19:08:25.319-0800 [DEBUG] provider.terraform-provider-xsoar_v0.3.61.exe: 2023/02/15 19:08:25 undefined response type
xsoar_integration_instance.example1: Still creating... [7m40s elapsed]
2023-02-15T19:08:26.335-0800 [TRACE] dag/walk: vertex "provider[\"registry.terraform.io/badarsebard/xsoar\"] (close)" is waiting for "xsoar_integration_instance.example1"
2023-02-15T19:08:26.335-0800 [TRACE] dag/walk: vertex "root" is waiting for "provider[\"registry.terraform.io/badarsebard/xsoar\"] (close)"
2023-02-15T19:08:31.349-0800 [TRACE] dag/walk: vertex "root" is waiting for "provider[\"registry.terraform.io/badarsebard/xsoar\"] (close)"
2023-02-15T19:08:31.350-0800 [TRACE] dag/walk: vertex "provider[\"registry.terraform.io/badarsebard/xsoar\"] (close)" is waiting for "xsoar_integration_instance.example1"
xsoar_integration_instance.example1: Still creating... [7m50s elapsed]
2023-02-15T19:08:36.353-0800 [TRACE] dag/walk: vertex "provider[\"registry.terraform.io/badarsebard/xsoar\"] (close)" is waiting for "xsoar_integration_instance.example1"
2023-02-15T19:08:36.353-0800 [TRACE] dag/walk: vertex "root" is waiting for "provider[\"registry.terraform.io/badarsebard/xsoar\"] (close)"
2023-02-15T19:08:41.363-0800 [TRACE] dag/walk: vertex "root" is waiting for "provider[\"registry.terraform.io/badarsebard/xsoar\"] (close)"
2023-02-15T19:08:41.363-0800 [TRACE] dag/walk: vertex "provider[\"registry.terraform.io/badarsebard/xsoar\"] (close)" is waiting for "xsoar_integration_instance.example1"
xsoar_integration_instance.example1: Still creating... [8m0s elapsed]
2023-02-15T19:08:46.373-0800 [TRACE] dag/walk: vertex "provider[\"registry.terraform.io/badarsebard/xsoar\"] (close)" is waiting for "xsoar_integration_instance.example1"
2023-02-15T19:08:46.373-0800 [TRACE] dag/walk: vertex "root" is waiting for "provider[\"registry.terraform.io/badarsebard/xsoar\"] (close)"
2023-02-15T19:08:51.384-0800 [TRACE] dag/walk: vertex "root" is waiting for "provider[\"registry.terraform.io/badarsebard/xsoar\"] (close)"
2023-02-15T19:08:51.385-0800 [TRACE] dag/walk: vertex "provider[\"registry.terraform.io/badarsebard/xsoar\"] (close)" is waiting for "xsoar_integration_instance.example1"
Xboarder56 commented 1 year ago

Manually creating the integration with dev tools (chrome):

Request URL: https://$IP/acc_TT1/settings/integration
Request Method: PUT

{"name":"foo","id":"","engine":"","engineGroup":"","defaultIgnore":false,"configuration":{"display":"Threat Central","canGetSamples":false,"packName":"","itemVersion":"","brand":"","modified":"2023-02-16T00:32:36.357237722Z","isPasswordProtected":true,"shouldCommit":false,"hidden":false,"fromServerVersion":"","name":"threatcentral","detailedDescription":"For an API key, go to your user profile at your ThreatCentral account, and press Manage API Keys, where you can generate a new API key.","definitionId":"","vcShouldKeepItemLegacyProdMachine":false,"commitMessage":"","vcShouldIgnore":false,"packID":"","configuration":[{"hiddenUsername":false,"display":"Server URL (e.g. https://192.168.0.1)","hiddenPassword":false,"hidden":false,"name":"APIAddress","info":"","defaultValue":"https://threatcentral.io/tc/rest/summaries","type":0,"displayPassword":"","options":null,"required":true,"value":"https://threatcentral.io/tc/rest/summaries","hasvalue":true},{"hiddenUsername":false,"display":"API Key","hiddenPassword":false,"hidden":false,"name":"APIKey","info":"","defaultValue":"","type":4,"displayPassword":"","options":null,"required":true,"value":"asdf","hasvalue":true},{"hiddenUsername":false,"display":"Do not validate server certificate (insecure)","hiddenPassword":false,"hidden":false,"name":"tcIgnoreTLS","info":"","defaultValue":"","type":8,"displayPassword":"","options":null,"required":false},{"hiddenUsername":false,"display":"Use system proxy settings","hiddenPassword":false,"hidden":false,"name":"useproxy","info":"","defaultValue":"true","type":8,"displayPassword":"","options":null,"required":false,"value":"true","hasvalue":true}],"version":1,"icon":"tc.png","toServerVersion":"","id":"threatcentral","image":"","cacheVersn":0,"description":"Get actionable threat analysis and intelligence from HPE’s cloud-based, standards-compliant sharing platform","category":"Data Enrichment & Threat Intelligence","prevName":"threatcentral","integrationScript":null,"instances":[]},"enabled":"true","propagationLabels":["all"],"data":[{"name":"APIAddress","value":"https://threatcentral.io/tc/rest/summaries","hasvalue":true,"type":0,"defaultValue":"","required":true,"options":null},{"name":"APIKey","value":"asdf","hasvalue":true,"type":4,"defaultValue":"","required":true,"options":null},{"name":"tcIgnoreTLS","type":8,"defaultValue":"","required":false,"options":null},{"name":"useproxy","value":"true","hasvalue":true,"type":8,"defaultValue":"","required":false,"options":null}],"brand":"threatcentral","canSample":false,"category":"Data Enrichment & Threat Intelligence","version":0,"isIntegrationScript":false,"isLongRunning":false,"passwordProtected":false,"mappingId":"","incomingMapperId":"","outgoingMapperId":"","resetContext":false,"integrationLogLevel":""}
Xboarder56 commented 1 year ago

@badarsebard so I spent time and sent the traffic through a proxy. It's a bug with the API call having a double slashes. //. Most of the calls with a double slash are auto redirected but at the tenant level I get a /#/404 redirection. Making a proxy rule to find and replace the double slashes allows terraform to complete the request.

Request Payload (Tenant Level Integration):

PUT //acc_TT1/settings/integration HTTP/1.1
Host: 192.168.50.50
User-Agent: OpenAPI-Generator/1.0.0/go
Content-Length: 8149
Accept: application/json
Accept: application/json,*/*
Authorization: 57E827B989A1FC1C3D2FF77186A479DE
Content-Type: application/json
Accept-Encoding: gzip, deflate
Connection: close

{"brand":"threatcentral","canSample":false,"category":"Data Enrichment \u0026 Threat Intelligence","configuration":{"brand":"","cacheVersn":0,"canGetSamples":false,"category":"Data Enrichment \u0026 Threat Intelligence","commitMessage":"","configuration":[{"defaultValue":"https://threatcentral.io/tc/rest/summaries","display":"Server URL (e.g. https://192.168.0.1)","displayPassword":"","hasvalue":true,"hidden":false,"hiddenPassword":false,"hiddenUsername":false,"info":"","name":"APIAddress","options":null,"required":true,"type":0,"value":"https://threatcentral.io/tc/rest/summaries"},{"defaultValue":"","display":"API Key","displayPassword":"","hasvalue":true,"hidden":false,"hiddenPassword":false,"hiddenUsername":false,"info":"","name":"APIKey","options":null,"required":true,"type":4,"value":"123"},{"defaultValue":"","display":"Do not validate server certificate (insecure)","displayPassword":"","hasvalue":false,"hidden":false,"hiddenPassword":false,"hiddenUsername":false,"info":"","name":"tcIgnoreTLS","options":null,"required":false,"type":8},{"defaultValue":"true","display":"Use system proxy settings","displayPassword":"","hasvalue":true,"hidden":false,"hiddenPassword":false,"hiddenUsername":false,"info":"","name":"useproxy","options":null,"required":false,"type":8,"value":"false"}],"definitionId":"","description":"Get actionable threat analysis and intelligence from HPE’s cloud-based, standards-compliant sharing platform","detailedDescription":"For an API key, go to your user profile at your ThreatCentral account, and press Manage API Keys, where you can generate a new API key.","display":"Threat Central","fromServerVersion":"","hidden":false,"icon":"tc.png","id":"threatcentral","image":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAHgAAAAaCAYAAAB8WJiDAAAOF0lEQVR42u1aB3ST5Roue5SCgLK5eFkeWYJMERBRliBDQAUZFxFU8AriRVEuyLmKzEJLS/eku013upJ0l9KZpLuZTdrs0ew0acZ/3y9tSpuyrnruAU7fc3KS//v+//v+P8/7Pu/zvonTw8xsNg/OJmW73XJ1V8bF4PCKVsUYpz57cUyn043z9faX3LjqirnfdMeEAuHbTn324pjVau1fWlJ2zsvTWxodEVMEgA936rMXz7Qa7eR7hfcu0xrp7zn12fNtdbX1y+rrGpY6jisVylnpaRkBer3exanPnk+jNdL2eLh5auGlYTKY2x3nqWTqt2Qy9Z/oM4Zh/Zz67PmyuFicz7Xfr2NXL13DSFmkADTWHcy2trbRTeymLfZxjsY0tFzcNkrSZu5vH6uRGxb+TpatceqzZ8/4fP6iyPBIcmjw3XskQrZnfm7+meqq6vGO58WzNfO/zBe6bk3nla5K4tbvIfCJv1bKTlbJDCMbFMbRP5ZIAnYT+FnJTZqNT9rTaDAOYNAY71Eo1D3V1OqPYL8d8L6zilq9C157xCLx2Nqa2tlEAjFMIBCscHqGLIWjmXOVIj965r74tHt164H6VuOUZ0Y3tVuGnC+T3gxuVH7dY8JkMo2Qy+XDQDEPaGxoPJiZnhlSkF94sN1oHILmM5q1216LZAlHBdKxEQE0zCWAjjnD++ggOrYB31xEbNH+Td1uGb4praVsTDAD+yJP6AsP/kqHKu9N6xq1ZgguBnfv5vVbmIebh8Xd9Tbmfut252d3rLqqZhewyVuoTAN9cKiTUfo7pgh0bH9/2NyTxh3nFArFa2UlZWfVKvWkHpVF53kJbM3HU8OYinGhDOyNuCYRfG47XSzxe9p9Hee7z8Wy1PshOHY7nutw/WOfQW20OC+Ka+LuI/Hxj/UEtVo95V7R/WMA+EtF4rY3Zkey5C4A7rgQhvWVEAZmf6Hj4QD0jgxeTpvZMrhC2rZiQijT6AwOsAnfXFok1C9+1B5KpXK6RCJZyGnibPR0v6NPw6fHyGWyuWKxZLFGo3HOJuWs9vLwMtNp9D3/P7FZt+3WDTeMz+P3uu8WrWnSnBi26E1cEwuea61QZ5rIUhlnMVXtM/6Kvbekt+Rvy+Bl/Zk1NBBkqxK5dV/kCmOf+iKg5Yjh/jQE6CNfLoE0LJapPoDO35nJI7qgSAeQ58EXktSkef9x6wOYfwOAddnEHJ/u48Qs0lpvT18DfOmHCwuKvgz0CwpJx2ec1ev0L6F5kVA8MS8n/zg443gqtWpHPnzWarWD0RyZTNkeHBgS6O8dEHG/uOSgVqcbaHNclWYCMYv4L0hH/rBeKDjVORaLPc22nkg0PTE+KQLEpgX2vp2Xm39Ch/bqtES2ZvdIeK5opvrQQ1Od1tTPp06xY0k8JwieO/w6VX5Aojfb9iVLDbMvlsu+oKuM048Xis5C9Id8d098Umey2HoMHjWKT+fHsjlL4zk1X+WLfoS91qHxa1T5QWCNhZnN2kVfF4h+osgMEyulhunAkP9eHs8JAGcLPnVP/B1b3T7O9l3Cem8ncuuP5ArjOhQyhbqNkEkIYbOaHtqt4mraxy+MY/OAdh8L8AgA+JtCUTi65pdy6W+IvlF0IyqfCyCTeNqVjwK4mdsy485tLx2RQPLvPg4U/Y6vl6/Oz8dfEB0Zcz8mMqbS9epNLDc7zxvNM+jMpd6ePqaIu5EUeFfHRsflc7ncoQD2kdu3PLDkxOSszPSsWHAeEzRufkbX8Hj8VTFRsffxKWnp8Mry8vDWhYWG14CTjOXxeMv8fQM4bq7u1pDA0EZIIQVQJk6338+NKvnZ8SEMS6XEsAwdWxxSj1et4utJdxnY/mx+JoAROzWMZXKrbj2L5tK52p1TwpjWxbgm9taMlmJIaxTkLCBMf0Xz50olnuNDGcbZUWzFmmQuBXL7uVy+btD7qc3VyxO4DQtimwRAvc3EFt2bMUz19o345pJj+aLUgzmCHEgTFtBDWdp263Bg0UE9APb18mtB6hm8nQ2e/CHQ5QZ4/4DDYm+Ra3Qumfy2+TMimPqxTwAYReyuLH62bc16xYmXguhdc+hB4AZ5TOXDqay2pm4GAKQjOQAMx2sAeCtQ9VU+TzAchJdzXDSuAN1rfV39UFD281G04WLi85FQhLGRQoHIJSwkvAGfgu+iKEIm0ScoIJhjNBpHoDzefQ8KmbrLzdUNYzFZ29BxcVHxUdjTAs6zSi6TD4W+fBeI58okV6aFs8x3ahULe5WSIDRXJHBpR/KE0fYxcHjfxThOk8FsHUDi6Ta9DN/FhTLpRTh3aJmkbdRaAHJNEre2QKAbAvpl0PrU5sp/5ApSQbQ6o2O4xnldSjP57xEsJaFFuxOieAykiQGQZ3s8wzWK/OTku0wzVWpYZDRb+9sAznsAMPsqlEhB/sFs1J4sLyv/obKi8vsqCvVbhVrzcpXCNHVOFEs2Npj+RIo+nCtMRGu617R+B6B2zTn707HPwaOURgvQXW+DBssjAM5+5w7kYAaDucM+lpVBCEEAU8gUZwSw+83bWE1V7dFu2mE6rKVAEQt0PdnejfO54yvT69tslQE48bxsYvYpfDL+ArCXF6xhaahv+AzN0RpohyAHW0VC0XLH+/y5VHp1WjgTAfyG4xxQ5MwZAMStqtazIr1pshBe/6mQXXktii1TGszORJ5208RQhimHr9tgv2YviZ+2IoFDAwFro2kAuHxvN3FEBIChWqnbS+SnOe6XL9AvO1EgOnMgW3D+EwI/DO7LcF+kX2k0Yz0Bhoddn5ud6wkPtMTpIWbBsIG7IaeCcn4swMMgR8OD/4CuOV0svmPL2RD1Q/wasU+I/FTwSBc090cABlW/zz6WkZYZAfTJAhoebgeYXEk5aZ9HIg166Epfbz8pitpA/6Bm7zs+iuiI6AqtVjcMGjlbYa/WmKiYMqBvHNB1EaJkaPbsRddDvj4M9G4V8AW9UsoVivw8qGcrCMmlvVio1TBveiRL9Xo0WwZ5kYPodFYkSwFUXAGly2AE8IRQhhnA7HLWPQRe1spETkNWi3YYOgY6rkCgdwd4NUT4bgKPYLZau5gkjKY88mo4S/9RJq/gqwIRbn1qSznQv6FUrF/hAPDTWSpXu3sMUO4YexQ7qGgUrUiaC3XmKUBHw1YlcepGBnSIrEM5AlyFpM0WuX8C4L1PC7AKlDkCtCC/4CJQ7ExQ6QskIsk8EHI2IQWApscCqFAW2so/sVi8GABth5p8b+f6h1FaEAqFvSIYct9elIriWOp9jnMsVfusmQDwxXLpBZrCOKtablhQLTfOa1K3v2pLEzztB50Ab3cEGMa6AO5e3pC6AWwfAxYcAmN1R/OEMRgEHxq7S1Nth9TRViLSv4UAXpnIbUDzjwUVlOrgoqL7B5h05gpUZ12ulF0aCyC7dItkRNsoUmdFscTghZvRdYENyuODIWon3WUaL5PlvwLgQ5/kQECPCGCtI8BAo+94dQD8aRfA6ZnhDwDmzHMEGAAbCQqZFgu/Y7NZ7EGOe0VFRBMTcInZ9mOoeY9BBGMMehfAR0CUYU1NnNWO1zJUxhkQOWrIneUMpXEm1P5DKqVto6E0GYVy8FsJHDpUECkghAY6Xkto0dkB3mYf+5jAz0TRBnQ7zALf8dqUZup+kiCDo2635VgQWc6Qo2uQgHogek1D4RoaVDYhtpSiNPa7QZWfR/RfBhFssmD9QKTVw33E97gBoUDo0thAm2OLqPqGJYQs4u2y0rKLUAdPtp/jV6/YD+qteGo4U4tudmYkW3ogR5BYKtHbVKV/vWId5CHFuynNxdk83canZYia6prZHm53rJkZWXe7j0OzZR0CEMqkQ11skoxPCPANFFRWkJ2ZDNZC12s3sfKyijM91quqQaBZQGxRU5JTcXHRcUTozt3oFFVfoTo3PjaeGB+bkBocENyAKBoE2qEOZ2tcA8KtPTQotD4tJS0acnrX83eUM61nkJPPiWZL303mli6Ma2IcyxdGoblQmvLoKyF0K4BCOZgtwEFNS/ypVGrbF8/V7kDRD12w3fa1tmW0FCwCOlcZzbb0BeVRGAgx84fpPCJ0oo7m8HQDoWxiQn1cZOpG0b9Vyn5DbLqHIMADC2QsT+AwUMAVCHW2VjE4SQoEWPs+kiCqo3vT2joOSgwSCC55PC4hqjC/8BYU+j08WCqTDzZq1f3IoPDAGxdQZW2rwRtnQO1n87ZikX4JqMYg3zrF0XsivbPT/2Ctra2jqihV33A4nA09GgvNLZMgOk/LpLLX7WOoKQIOcUwilgxSqdRjyJXkU6Cue+kHoO/NyYkpHmmp6eEpSanuHDZnc+dv3QOgNDyQFJ8UXFJc8gs49cy6mrojvBbeXHu3DFhrZzo+3Rec/BL04cc4dqPwHO1WKEPcoRYNPlEoulwk1L37IFK1Wz4jCTyO5AnCQQC5g6Nv7oy8aZ61iu+ZEPn2c9OBrsPpqs+NFuuQzn7+JKidL0D0BaXAHp1p4QD0ET7u0Y6EWjewQXECGCAUzj8FpeyrQY3K42x1R8u0QKCffTBHeAlaxz/Zv4ytqFS6+vs1LMAvUGAwGEZ2teg6PQdU6Xm5VDb/USBBQT9BZ7I6O/XZM/kXnfGIsm67eapKS0rPO85DLltfkFd4w2KxDHjens2xV+s492fXftQc6r//kfUtDtf8ZffG5XBHCYWiuYjCuo+rlKp+IHZ8gD5fd+qzF8vgZ7t10M5zp1Dgx/4+e7EMiRmoB/XXL9/A4GfDa33/5HjBDH5sP3b9iit27fJ1LDEhKRP909Kpz14MQ9EqlUpHQ1MABzUnHbo6bzr12XNp/wVjj79pOGZ+DwAAAABJRU5ErkJggg==","integrationScript":null,"isPasswordProtected":true,"itemVersion":"","modified":"2023-02-08T01:36:42.806157503Z","name":"threatcentral","packID":"","packName":"","prevName":"threatcentral","shouldCommit":false,"toServerVersion":"","vcShouldIgnore":false,"vcShouldKeepItemLegacyProdMachine":false,"version":1},"data":[{"defaultValue":"https://threatcentral.io/tc/rest/summaries","display":"Server URL (e.g. https://192.168.0.1)","displayPassword":"","hasvalue":true,"hidden":false,"hiddenPassword":false,"hiddenUsername":false,"info":"","name":"APIAddress","options":null,"required":true,"type":0,"value":"https://threatcentral.io/tc/rest/summaries"},{"defaultValue":"","display":"API Key","displayPassword":"","hasvalue":true,"hidden":false,"hiddenPassword":false,"hiddenUsername":false,"info":"","name":"APIKey","options":null,"required":true,"type":4,"value":"123"},{"defaultValue":"","display":"Do not validate server certificate (insecure)","displayPassword":"","hasvalue":false,"hidden":false,"hiddenPassword":false,"hiddenUsername":false,"info":"","name":"tcIgnoreTLS","options":null,"required":false,"type":8},{"defaultValue":"true","display":"Use system proxy settings","displayPassword":"","hasvalue":true,"hidden":false,"hiddenPassword":false,"hiddenUsername":false,"info":"","name":"useproxy","options":null,"required":false,"type":8,"value":"false"}],"defaultIgnore":false,"enabled":"true","incomingMapperId":"","isIntegrationScript":false,"mappingId":"","name":"foo","propagationLabels":null,"version":-1}

Response Payload:

HTTP/1.1 303 See Other
Location: /#/404
Server-Timing: 167
Strict-Transport-Security: max-age=10886400000000000; includeSubDomains
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Xss-Protection: 1; mode=block
Date: Thu, 16 Feb 2023 18:32:42 GMT
Content-Length: 0
Connection: close
Xboarder56 commented 1 year ago

Example of some of the other double slash calls that get properly redirected by XSOAR. I'm not sure if this is a regression in the latest server build but this is 100% the issue of why the integration creation is failing at the tenant level.

It looks like lots of requests are done with double slashes in the provider. Example of a few below.

image

Xboarder56 commented 1 year ago

So checking my XSOAR host value again. I left a trailing slash which is exactly why I'm getting the double slashes. Closing this as resolved but leaving it for others to reference potentially.

badarsebard commented 1 year ago

Ah interesting. Thanks for digging into it. I'll add into my notes this behavior. Next release I'll put in something to strip any trailing slashes off the host value. Thanks.