[Bug] TheHive -> MISP works. MISP -> TheHive not.

[WingerHusar]

Work Environment

Name	Version
MISP	2.4.136
TheHive	4.0.4-1

Problem Description

Hi, I have problem with MISP and TheHive. Export case from TheHive to MISP works. When I published event on MISP, TheHive get nothing.

Note: Event is published to All communities (on MISP side) so it should works.

Configuration

play.modules.enabled += org.thp.thehive.connector.misp.MispModule

misp {
interval: 5m
servers: [
{
name = "MISP" # MISP name
url = "https://x.x.x.x" # URL or MISP
auth {
type = key
key = "API"
}
wsConfig {}
caseTemplate = "MISP-EVENT"
tags = ["MISP"]
}
]
}

LOGS FROM apache2

File -> misp.local_access.log

The only log from a MISP is getting version by TheHive

x.x.x.x - - [25/Jan/2021:10:13:24 +0100] "GET /servers/getVersion HTTP/1.1" 200 805 "-" "AHC/2.1"

[IrArTr]

i have the same error, and when i ran thehive i found this

thehive4_1 | [warn] o.t.t.c.m.s.MispImportSrv [|24ed9208] Unable to create alert from MISP event misp_server#1
thehive4_1 | org.thp.scalligraph.CreateError: Alert misp: ****** :1 already exist in organisation *****
thehive4_1 | at org.thp.thehive.services.AlertSrv.create(AlertSrv.scala:79)
thehive4_1 | at org.thp.thehive.services.AlertSrv.$anonfun$create$2(AlertSrv.scala:65)
thehive4_1 | at scala.util.Success.flatMap(Try.scala:251)
thehive4_1 | at org.thp.thehive.services.AlertSrv.create(AlertSrv.scala:65)
thehive4_1 | at org.thp.thehive.connector.misp.services.MispImportSrv.$anonfun$updateOrCreateAlert$2(MispImportSrv.scala:348)
thehive4_1 | at scala.util.Success.flatMap(Try.scala:251)
thehive4_1 | at org.thp.thehive.connector.misp.services.MispImportSrv.updateOrCreateAlert(MispImportSrv.scala:338)

the problem is that I don't have any alerts in thehive, even if I create new events in misp they don't appear in thehive