Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The misp > instance name > tags parameter is not honored when importing MISP events #373

Closed
saadkadhi opened this issue Nov 14, 2017 · 1 comment
Closed

The misp > instance name > tags parameter is not honored when importing MISP events #373

saadkadhi opened this issue Nov 14, 2017 · 1 comment
Assignees
@saadkadhi
Labels
bug

Comments

@saadkadhi
Copy link
Contributor

Request Type

Bug

Work Environment

Question Answer
OS version (server) Ubuntu
OS version (client) macOS
TheHive version / git hash 2.13.2

Problem Description

When configuring MISP instances in the misp section in TheHive's application.conf, the administrator can specify one or multiple tags that are added to cases when importing MISP events.

This setting is not honored.

Complementary information

Configuration Excerpt

# MISP
## Enable the MISP connector to import and/or export events.
play.modules.enabled += connectors.misp.MispConnector

misp {
  "REBEL MISP" {
    # URL of the MISP instance.
    url = "http://misp"

    # Authentication key.
    key = "MYKEY"

    # Name of the case template in TheHive that shall be used to import
    # MISP events as cases by
    # default.
    caseTemplate = "MISP-EVENT"

    # Tags to add when importing events.
    tags = ["rebel-misp"]

    # Truststore to use to validate the X.509 certificate of the MISP
    # instance if the default
    # truststore is not sufficient.
    #ws.ssl.trustManager.stores = [
    #{
    #  type: "JKS"
    #  path: "/path/to/truststore.jks"
    #}
    #]
  }

  # Interval between two MISP event synchronization.
  interval = 1h
}

Tags Not Honored

According to the configuration excerpt above, TheHive must add the rebel-misp tag upon import. However, the tag does not appear as expected in the case:
screen shot 2017-11-14 at 07 37 01
@saadkadhi saadkadhi added the bug label Nov 14, 2017
@To-om To-om added this to the 3.0.0 milestone Nov 14, 2017
@saadkadhi saadkadhi assigned saadkadhi and unassigned To-om Nov 14, 2017
@saadkadhi saadkadhi removed this from the 3.0.0 milestone Nov 14, 2017
@saadkadhi
Copy link
Contributor Author

This is a documentation problem.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@saadkadhi saadkadhi

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@saadkadhi @To-om