Closed kmendell closed 1 week ago
Hey @kmendell - that error is Graylog stating that the index prefix cannot contain any uppercase letters, which is the case with duo-OFKMSEC
...I will make a fix to this and update you
Fixed in https://github.com/socfortress/CoPilot/commit/d49b5685941e1807913fd24f3930123ae7e4bbe2
Not apart of main build yet but should get that pushed out over the next few days
Describe the bug When trying to deploy the duo integration it fails when provisioning the Index/Streams.
Graylog Version: 6.0.3 Latest Version of CoPilot Wazuh Version 4.8.0
To Reproduce Add Duo Integration for Customer, and Click Deploy.
Expected behavior Streams / Indexes get created.
Screenshots![image](https://github.com/socfortress/CoPilot/assets/25576967/35d8e81c-c32d-4aad-8eff-31f71fe39240)
**Container Logs
copilot-backend-1 | 2024-06-22 17:13:19.416 | INFO | app.integrations.duo.services.provision:send_index_set_creation_request:91 - json_index_set set: {"title": "OFKM Security - DUO", "description": "OFKMSEC - DUO", "index_prefix": "duo-OFKMSEC", "rotation_strategy_class": "org.graylog2.indexer.rotation.strategies.TimeBasedRotationStrategy", "rotation_strategy": {"type": "org.graylog2.indexer.rotation.strategies.TimeBasedRotationStrategyConfig", "rotation_period": "P1D"}, "retention_strategy_class": "org.graylog2.indexer.retention.strategies.DeletionRetentionStrategy", "retention_strategy": {"type": "org.graylog2.indexer.retention.strategies.DeletionRetentionStrategyConfig", "max_number_of_indices": 30}, "creation_date": "2024-06-22T17:13:19.407333Z", "index_analyzer": "standard", "shards": 1, "replicas": 0, "index_optimization_max_num_segments": 1, "index_optimization_disabled": false, "writable": true, "field_type_refresh_interval": 5000} copilot-backend-1 | 2024-06-22 17:13:19.416 | INFO | app.connectors.graylog.utils.universal:send_post_request:141 - Sending POST request to /api/system/indices/index_sets copilot-backend-1 | 2024-06-22 17:13:19.416 | INFO | app.db.db_session:get_db_session:181 - DB session created copilot-backend-1 | 2024-06-22 17:13:19.416 | INFO | app.connectors.utils:get_connector_info_from_db:29 - Fetching connector Graylog from database copilot-backend-1 | 2024-06-22 17:13:19.419 | INFO | app.db.db_session:get_db_session:189 - Closing DB session copilot-backend-1 | 2024-06-22 17:13:19.489 | INFO | app.connectors.graylog.utils.universal:send_postrequest:162 - Response from POST request: 400 must match "^[a-z0-9][a-z0-9+-]*$" (path = IndexSetsResource.save.arg0.indexPrefix, invalidValue = duo-OFKMSEC) copilot-backend-1 | copilot-backend-1 | 2024-06-22 17:13:19.489 | ERROR | app.db.db_session:get_db_session:185 - Error during DB session: copilot-backend-1 | 2024-06-22 17:13:19.490 | INFO | app.db.db_session:get_db_session:189 - Closing DB sessio