coloradosarge
commented
10 months ago An error on my part. I had an old ps script cached that didn't download the regex_features.yaml or winevt_features.yaml. Closing as not an issue.
Closed coloradosarge closed 10 months ago
coloradosarge
commented
10 months ago An error on my part. I had an old ps script cached that didn't download the regex_features.yaml or winevt_features.yaml. Closing as not an issue.
Describe the bug In the most recent commit of Timesketch, the feature extraction has been updated and the data/features.yml file has been removed. However, it appears that the backend code still attempts to process this file when creating or opening and sketch and the user receives a warning banner with a 500 error. Moving a data/features.yml file from the most recent commit to the etc/timesketch folder fixes the issues but it doesn't appear to be the intended process. Timesketch installed using the deploy_timesketch.ps1 script.
To Reproduce Steps to reproduce the behavior:
[2023-11-17 18:25:28 +0000] [11] [ERROR] Error handling request /api/v1/sketches/1/analyzer/ Traceback (most recent call last): File "/usr/local/lib/python3.10/dist-packages/gunicorn/workers/sync.py", line 135, in handle self.handle_request(listener, req, client, addr) File "/usr/local/lib/python3.10/dist-packages/gunicorn/workers/sync.py", line 176, in handle_request respiter = self.wsgi(environ, resp.start_response) File "/usr/local/lib/python3.10/dist-packages/flask/app.py", line 2213, in call return self.wsgi_app(environ, start_response) File "/usr/local/lib/python3.10/dist-packages/flask/app.py", line 2193, in wsgi_app response = self.handle_exception(e) File "/usr/local/lib/python3.10/dist-packages/flask_restful/init.py", line 298, in error_router return original_handler(e) File "/usr/local/lib/python3.10/dist-packages/flask/app.py", line 2190, in wsgi_app response = self.full_dispatch_request() File "/usr/local/lib/python3.10/dist-packages/flask/app.py", line 1486, in full_dispatch_request rv = self.handle_user_exception(e) File "/usr/local/lib/python3.10/dist-packages/flask_restful/init.py", line 298, in error_router return original_handler(e) File "/usr/local/lib/python3.10/dist-packages/flask/app.py", line 1484, in full_dispatch_request rv = self.dispatch_request() File "/usr/local/lib/python3.10/dist-packages/flask/app.py", line 1469, in dispatch_request return self.ensure_sync(self.view_functions[rule.endpoint])(view_args) File "/usr/local/lib/python3.10/dist-packages/flask_restful/init.py", line 489, in wrapper resp = resource(args, kwargs) File "/usr/local/lib/python3.10/dist-packages/flask/views.py", line 109, in view return current_app.ensure_sync(self.dispatch_request)(kwargs) File "/usr/local/lib/python3.10/dist-packages/flask_restful/init.py", line 604, in dispatch_request resp = meth(args, kwargs) File "/usr/local/lib/python3.10/dist-packages/flask_login/utils.py", line 290, in decorated_view return current_app.ensure_sync(func)(*args, **kwargs) File "/usr/local/lib/python3.10/dist-packages/timesketch/api/v1/resources/analysis.py", line 199, in get if len(analyzer_class.get_kwargs()) > 0: File "/usr/local/lib/python3.10/dist-packages/timesketch/lib/analyzers/feature_extraction.py", line 134, in get_kwargs feature_config["plugin_name"] = plugin.NAME.lower() TypeError: 'str' object does not support item assignment
Expected behavior Browing or create a sketch with no 500 error or warning banner.
Screenshots If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
Additional context Can be fixed by adding features.yml file to timesketch/etc/timesketch folder. features.yml must be downloaded from a previous commit. Removed in commit c1e0e55.