Open baymax1908 opened 3 years ago
Only working with the makeresults command. When use own query, fail to send alert.
Error message: 04-21-2021 05:14:11.725 ERROR sendmodalert - action=thehive_ce_alert STDERR - Traceback (most recent call last): 04-21-2021 05:14:11.725 ERROR sendmodalert - action=thehive_ce_alert STDERR - File "/opt/splunk/etc/apps/TA_thehive_ce/bin/../lib/alert_actions_base.py", line 197, in prepare_meta_for_cam 04-21-2021 05:14:11.725 ERROR sendmodalert - action=thehive_ce_alert STDERR - rf = gzip.open(self.results_file, 'rt') 04-21-2021 05:14:11.725 ERROR sendmodalert - action=thehive_ce_alert STDERR - File "/opt/splunk/lib/python3.7/gzip.py", line 58, in open 04-21-2021 05:14:11.725 ERROR sendmodalert - action=thehive_ce_alert STDERR - binary_file = GzipFile(filename, gz_mode, compresslevel) 04-21-2021 05:14:11.725 ERROR sendmodalert - action=thehive_ce_alert STDERR - File "/opt/splunk/lib/python3.7/gzip.py", line 168, in init 04-21-2021 05:14:11.725 ERROR sendmodalert - action=thehive_ce_alert STDERR - fileobj = self.myfileobj = builtins.open(filename, mode or 'rb') 04-21-2021 05:14:11.725 ERROR sendmodalert - action=thehive_ce_alert STDERR - FileNotFoundError: [Errno 2] No such file or directory: '/opt/splunk/var/run/splunk/dispatch/1618982048.2470040_72E2D830-D7FE-4A2D-9FFE-F0C0FF8B6169/sendalert_temp_results.csv.gz' 04-21-2021 05:14:11.725 ERROR sendmodalert - action=thehive_ce_alert STDERR - During handling of the above exception, another exception occurred: 04-21-2021 05:14:11.725 ERROR sendmodalert - action=thehive_ce_alert STDERR - Traceback (most recent call last): 04-21-2021 05:14:11.725 ERROR sendmodalert - action=thehive_ce_alert STDERR - File "/opt/splunk/etc/apps/TA_thehive_ce/bin/thehive_ce_alert.py", line 65, in 04-21-2021 05:14:11.725 ERROR sendmodalert - action=thehive_ce_alert STDERR - ).run(sys.argv) 04-21-2021 05:14:11.725 ERROR sendmodalert - action=thehive_ce_alert STDERR - File "/opt/splunk/etc/apps/TA_thehive_ce/bin/../lib/alert_actions_base.py", line 217, in run 04-21-2021 05:14:11.725 ERROR sendmodalert - action=thehive_ce_alert STDERR - self.prepare_meta_for_cam() 04-21-2021 05:14:11.725 ERROR sendmodalert - action=thehive_ce_alert STDERR - File "/opt/splunk/etc/apps/TA_thehive_ce/bin/../lib/alert_actions_base.py", line 206, in prepare_meta_for_cam 04-21-2021 05:14:11.725 ERROR sendmodalert - action=thehive_ce_alert STDERR - if rf: 04-21-2021 05:14:11.725 ERROR sendmodalert - action=thehive_ce_alert STDERR - UnboundLocalError: local variable 'rf' referenced before assignment 04-21-2021 05:14:11.897 INFO sendmodalert - action=thehive_ce_alert - Alert action script completed in duration=1285 ms with exit code=1 04-21-2021 05:14:11.897 WARN sendmodalert - action=thehive_ce_alert - Alert action script returned error code=1 04-21-2021 05:14:11.897 ERROR sendmodalert - Error in 'sendalert' command: Alert script returned error code 1.
Thehive 4.1.2-1 Splunk 8.0.8
Same problem here.
Koploseus
commented
2 years ago Koploseus
commented
2 years ago
Only working with the makeresults command. When use own query, fail to send alert.
Error message: 04-21-2021 05:14:11.725 ERROR sendmodalert - action=thehive_ce_alert STDERR - Traceback (most recent call last): 04-21-2021 05:14:11.725 ERROR sendmodalert - action=thehive_ce_alert STDERR - File "/opt/splunk/etc/apps/TA_thehive_ce/bin/../lib/alert_actions_base.py", line 197, in prepare_meta_for_cam 04-21-2021 05:14:11.725 ERROR sendmodalert - action=thehive_ce_alert STDERR - rf = gzip.open(self.results_file, 'rt') 04-21-2021 05:14:11.725 ERROR sendmodalert - action=thehive_ce_alert STDERR - File "/opt/splunk/lib/python3.7/gzip.py", line 58, in open 04-21-2021 05:14:11.725 ERROR sendmodalert - action=thehive_ce_alert STDERR - binary_file = GzipFile(filename, gz_mode, compresslevel) 04-21-2021 05:14:11.725 ERROR sendmodalert - action=thehive_ce_alert STDERR - File "/opt/splunk/lib/python3.7/gzip.py", line 168, in init 04-21-2021 05:14:11.725 ERROR sendmodalert - action=thehive_ce_alert STDERR - fileobj = self.myfileobj = builtins.open(filename, mode or 'rb') 04-21-2021 05:14:11.725 ERROR sendmodalert - action=thehive_ce_alert STDERR - FileNotFoundError: [Errno 2] No such file or directory: '/opt/splunk/var/run/splunk/dispatch/1618982048.2470040_72E2D830-D7FE-4A2D-9FFE-F0C0FF8B6169/sendalert_temp_results.csv.gz' 04-21-2021 05:14:11.725 ERROR sendmodalert - action=thehive_ce_alert STDERR - During handling of the above exception, another exception occurred: 04-21-2021 05:14:11.725 ERROR sendmodalert - action=thehive_ce_alert STDERR - Traceback (most recent call last): 04-21-2021 05:14:11.725 ERROR sendmodalert - action=thehive_ce_alert STDERR - File "/opt/splunk/etc/apps/TA_thehive_ce/bin/thehive_ce_alert.py", line 65, in
04-21-2021 05:14:11.725 ERROR sendmodalert - action=thehive_ce_alert STDERR - ).run(sys.argv)
04-21-2021 05:14:11.725 ERROR sendmodalert - action=thehive_ce_alert STDERR - File "/opt/splunk/etc/apps/TA_thehive_ce/bin/../lib/alert_actions_base.py", line 217, in run
04-21-2021 05:14:11.725 ERROR sendmodalert - action=thehive_ce_alert STDERR - self.prepare_meta_for_cam()
04-21-2021 05:14:11.725 ERROR sendmodalert - action=thehive_ce_alert STDERR - File "/opt/splunk/etc/apps/TA_thehive_ce/bin/../lib/alert_actions_base.py", line 206, in prepare_meta_for_cam
04-21-2021 05:14:11.725 ERROR sendmodalert - action=thehive_ce_alert STDERR - if rf:
04-21-2021 05:14:11.725 ERROR sendmodalert - action=thehive_ce_alert STDERR - UnboundLocalError: local variable 'rf' referenced before assignment
04-21-2021 05:14:11.897 INFO sendmodalert - action=thehive_ce_alert - Alert action script completed in duration=1285 ms with exit code=1
04-21-2021 05:14:11.897 WARN sendmodalert - action=thehive_ce_alert - Alert action script returned error code=1
04-21-2021 05:14:11.897 ERROR sendmodalert - Error in 'sendalert' command: Alert script returned error code 1.
Thehive 4.1.2-1 Splunk 8.0.8