[Bug] Wrong dataType sent to Cortex (responders)

[Skypex]

Request Type

Bug

Work Environment

Question	Answer
OS version (server)	Ubuntu 18.04.4 LTS (Bionic Beaver)
TheHive version	4.0.0-RC1
Package Type	DEB
Cortex version	3.0.1-1

Problem Description

I wanted to try out a simple responder and so I started to configure the Mailer responder.

However, whenever I run the Mailer (e.g. on a case) it returned an error Invalid dataType.

I started to investigate the code and it works as following:

if self.data_type == 'thehive:case':
    # do something
elif self.data_type == 'thehive:alert':
    # do something else
else:
    self.error('Invalid dataType')

Although I run the responder on an Case it seems the responder itself does not get the expected dataType. The expceted dateType is fine accourding to the Docs.

I simply added a print and this is the value that is sent to the responder: thehive:Case. Notice that for some reason the C in case is uppercase. So I assume TheHive sends the dataType in a wrong format and this leads to the Cortex/responder issue.

As there were no bigger changes in Cortex recently and this issue seems to appear with TheHive v4 I assume the issue is located on TheHive side.

Steps to Reproduce

1. Cortex: Enable and setup Mailer responder
2. TheHive: Trigger Mailer responder on the case or alert
3. Cortex: Check job for errors

Possible Solutions

• Adapt TheHive to send dataType in lower case (as intial?)
• Adapt Cortex to cast dataType to lower case before passing it to responders
• Adapt all reponders to check the dataType in a different way (like expecting uppercase as well