search

socfortress / CoPilot

SOCFortress CoPilot
https://www.socfortress.co
GNU Affero General Public License v3.0
155 stars 25 forks source link

Duo Integration Not Provisioning #250

Closed kmendell closed 1 week ago

kmendell commented 1 week ago

Describe the bug When trying to deploy the duo integration it fails when provisioning the Index/Streams.

Graylog Version: 6.0.3 Latest Version of CoPilot Wazuh Version 4.8.0

To Reproduce Add Duo Integration for Customer, and Click Deploy.

Expected behavior Streams / Indexes get created.

Screenshots image

**Container Logs

copilot-backend-1 | 2024-06-22 17:13:19.416 | INFO | app.integrations.duo.services.provision:send_index_set_creation_request:91 - json_index_set set: {"title": "OFKM Security - DUO", "description": "OFKMSEC - DUO", "index_prefix": "duo-OFKMSEC", "rotation_strategy_class": "org.graylog2.indexer.rotation.strategies.TimeBasedRotationStrategy", "rotation_strategy": {"type": "org.graylog2.indexer.rotation.strategies.TimeBasedRotationStrategyConfig", "rotation_period": "P1D"}, "retention_strategy_class": "org.graylog2.indexer.retention.strategies.DeletionRetentionStrategy", "retention_strategy": {"type": "org.graylog2.indexer.retention.strategies.DeletionRetentionStrategyConfig", "max_number_of_indices": 30}, "creation_date": "2024-06-22T17:13:19.407333Z", "index_analyzer": "standard", "shards": 1, "replicas": 0, "index_optimization_max_num_segments": 1, "index_optimization_disabled": false, "writable": true, "field_type_refresh_interval": 5000} copilot-backend-1 | 2024-06-22 17:13:19.416 | INFO | app.connectors.graylog.utils.universal:send_post_request:141 - Sending POST request to /api/system/indices/index_sets copilot-backend-1 | 2024-06-22 17:13:19.416 | INFO | app.db.db_session:get_db_session:181 - DB session created copilot-backend-1 | 2024-06-22 17:13:19.416 | INFO | app.connectors.utils:get_connector_info_from_db:29 - Fetching connector Graylog from database copilot-backend-1 | 2024-06-22 17:13:19.419 | INFO | app.db.db_session:get_db_session:189 - Closing DB session copilot-backend-1 | 2024-06-22 17:13:19.489 | INFO | app.connectors.graylog.utils.universal:send_postrequest:162 - Response from POST request: 400 must match "^[a-z0-9][a-z0-9+-]*$" (path = IndexSetsResource.save.arg0.indexPrefix, invalidValue = duo-OFKMSEC) copilot-backend-1 | copilot-backend-1 | 2024-06-22 17:13:19.489 | ERROR | app.db.db_session:get_db_session:185 - Error during DB session: copilot-backend-1 | 2024-06-22 17:13:19.490 | INFO | app.db.db_session:get_db_session:189 - Closing DB sessio

taylorwalton commented 1 week ago

Hey @kmendell - that error is Graylog stating that the index prefix cannot contain any uppercase letters, which is the case with duo-OFKMSEC...I will make a fix to this and update you

taylorwalton commented 1 week ago

Fixed in https://github.com/socfortress/CoPilot/commit/d49b5685941e1807913fd24f3930123ae7e4bbe2

Not apart of main build yet but should get that pushed out over the next few days