search

cgosec / Blauhaunt

A tool collection for filtering and visualizing logon events. Designed to help answering the "Cotton Eye Joe" question (Where did you come from where did you go) in Security Incidents and Threat Hunts
MIT License
158 stars 10 forks source link

Interaction with Velo Hunts does not check if the hunt is related to Blauhaunt #6

Closed Matthijsy closed 4 months ago

Matthijsy commented 4 months ago

I am just trying out Blauhaunt and experience some issues. When clicking the "Load Root" button the logic in veloAPI.js tries to fetch data from the server. However, this logic does interfere with hunts that are not related to Blauhaunt. I now have a "BLAUHAUNT" cell in every hunt, even if it does not load data for blauhaunt. Furthermore the reload logic fails on this line https://github.com/cgosec/Blauhaunt/blob/main/app/static/js/veloAPI.js#L136 since the data object is empty.

Am I doing something wrong, or is this a bug in Blauhaunt?

cgosec commented 4 months ago

Hi, thank you for creating the issue. This is likely a bug of blauhaunt. The Velo integration was only tested in a small lab so far. I will check the code later based on your description

cgosec commented 4 months ago

The bug when no Blauhaunt Hunt is running should be solved. The data object is checked now too.

Please let me know if it works now.

Matthijsy commented 4 months ago

Great, it indeeds looks to work now