[Bug] MISP integration alert link generated incorrectly

[patriziotufarolo]

Request Type

Bug

Work Environment

Question	Answer
OS version (server)	Red Hat
OS version (client)	N/A
TheHive version / git hash	4.0.3 RC-3
Package Type	RPM
Browser type & version	N/A

Problem Description

When you receive an event from MISP integration and an alert is created on The Hive 4, the link to the MISP instance is generated incorrectly: looking at
frontend/app/views/partials/alert/list.html
it seems that it takes $vm.urls[event.source] that previously (eg. TH-3) was used to identify the MISP instance from which the event was coming from, now represents the source organization. Therefore $vm.urls[event.source] is not resolved and remains empty, so the url becomes relative on Hive instance's URL.

Steps to Reproduce

1. Install The Hive 4
2. Install MISP and generate API key
3. Configure MISP integration

    {
      name = "misp"
      url = "https://misp"
      auth {
        type = key
        key = "[API_KEY_HERE]"
      }
      ws {
        ssl.trustManager.stores = [ {
        path = "ks.jks"
        } ]
      }
      whitelist.tags = ["cti:info_flow_dst=\"thehive\""]
      includedTheHiveOrganisations = ["mytestorg"]
    }

4. Receive some alerts
5. Click on the arrow icon that brings to MISP
   It will redirect you to http:///events/
   rather than http:///events/

Possible Solutions

Workaround
I named the MISP integration in application.conf at the same way of my organization. in this way I tricked the array Lookup in the Hive. Of course in a multi-org setup this is not feasible, so we need to fix it :)
Solution
Use the right property as array key when loading MISP instance's address

[nadouani]

In TheHive 4 we added a field called externalLink to the alert object, allowing any alert to have its own external link, not only MISP alerts. We will rely on this field.