Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cortex Connector Not Found #256

Closed
peasead opened this issue Jul 12, 2017 · 4 comments
Closed

Cortex Connector Not Found #256

peasead opened this issue Jul 12, 2017 · 4 comments
Labels
bug

Comments

@peasead
Copy link

peasead commented Jul 12, 2017

Request Type

Bug

Work Environment

Question Answer
OS version (server) CentOS
OS version (client) 7.3.1611 (Core)
TheHive version / git hash 2.12.0
Package Type RPM
Browser type & version Chrome 59.0.3071.115

Problem Description

When trying to import the report template, I get an error when visiting the "Report Templates" page stating I cannot that the Cortex connector isn't present.

Steps to Reproduce

  1. When visiting the "Report Templates" page that states ReportTemplate: connector cortex not found.
  2. When I try to upload the report-templates.zip I get the following error AdminReportTemplateImportCtrl: connector cortex not found.
  3. I went into /etc/thehive/application.conf and noticed that play.modules.enabled += connectors.cortex.CortexConnector wasn't present, so I added it right above the Cortex section.
  4. After restarting TheHive, when trying to browsing to, and trying to import, I get the following message for both ReportTemplates: Connection refused: localhost/0:0:0:0:0:0:0:1:9001.

Possible Solutions

I don't think it's selinux or firewalld as I took them both out of the equation when I was troubleshooting. The source version on GH could be different than the RPM version...?

Complementary information

Cortex is running on port 9001 and I can access it and perform analysis manually.

There are no files in /var/log/thehive.

/etc/thehive/application.log

play.modules.enabled += connectors.cortex.CortexConnector

# Cortex
cortex {
  "CORTEX-SERVER-ID" {
  #  # URL of MISP server
    url = "http://localhost:9001"
  }
}
@nadouani
Copy link
Contributor

Hi @peasead, thanks for this detailed bug report. I'll start by answering the latest question: Yes the RPM uses the same sources that the master branch.

The following error is a bit clear, TheHive is not able to reach Cortex server

ReportTemplates: Connection refused: localhost/0:0:0:0:0:0:0:1:9001

Can you please try this curl call:

curl -u username:password http://localhost:9000/api/connector/cortex/analyzer?range=all

This is a TheHive API call that will call Cortex to list the analyzers, if this call fails, you can take a look to the logs of TheHive and share the stacktrace

@nadouani nadouani added the bug label Jul 12, 2017
@peasead
Copy link
Author

peasead commented Jul 13, 2017

Hello @nadouani, thanks for the response.

Wwwwwwwhelp...that's embarrassing. I think during my troubleshooting I caused the error above.

I re-ran my build script on a fresh VM and everything is working as expected.

Thanks again!

@peasead peasead closed this as completed Jul 13, 2017
@subdriven
Copy link
Contributor

For what it's worth, I too ran into this issue today where
play.modules.enabled += connectors.cortex.CortexConnector
was not in the config file /etc/thehive/application.conf
Adding it in manually then restarting the service fixed this for me.

@nadouani
Copy link
Contributor

This is not an issue, TheHive doesn't enable Cortex by default. If you want to, you need to enable the connector as said at:

https://github.com/CERT-BDF/TheHiveDocs/blob/master/admin/configuration.md#6-cortex

Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@nadouani @subdriven @peasead