Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cortex jobs from thehive fail silently #219

Closed
crackytsi opened this issue May 22, 2017 · 2 comments
Closed

Cortex jobs from thehive fail silently #219

crackytsi opened this issue May 22, 2017 · 2 comments
Assignees
@To-om
Labels
bug
Milestone
2.11.2

Comments

@crackytsi
Copy link

crackytsi commented May 22, 2017
edited
Loading

Request Type

Bug

Work Environment

Question Answer
OS version (server) Debian 8
TheHive version / git hash 2.11.1
Package Type Debian package

Problem Description

I installed the debian package, configured thehive and cortex.
I also installed the latest Cortex-Analyzers.
If I do an analysis from within Cortex, everything is fine.

After that I tried to submit a job to Cortex. This fails in the GUI silently (it seems as the job was never submitted), meanwhile in the log the following errors appear:

May 22 12:26:31 debian-8-user thehive[8603]: [#033[37minfo#033[0m] application - POST /api/connector/cortex/job returned 500
May 22 12:26:31 debian-8-user thehive[8603]: play.api.libs.json.JsResultException: JsResultException(errors:List((/attributes,List(ValidationError(List(error.path.missing),WrappedArray())))))
May 22 12:26:31 debian-8-user thehive[8603]: at play.api.libs.json.JsReadable$$anonfun$2.apply(JsReadable.scala:23)
May 22 12:26:31 debian-8-user thehive[8603]: at play.api.libs.json.JsReadable$$anonfun$2.apply(JsReadable.scala:23)
May 22 12:26:31 debian-8-user thehive[8603]: at play.api.libs.json.JsResult$class.fold(JsResult.scala:73)
May 22 12:26:31 debian-8-user thehive[8603]: at play.api.libs.json.JsError.fold(JsResult.scala:13)
May 22 12:26:31 debian-8-user thehive[8603]: at play.api.libs.json.JsReadable$class.as(JsReadable.scala:21)
May 22 12:26:31 debian-8-user thehive[8603]: at play.api.libs.json.JsObject.as(JsValue.scala:76)
May 22 12:26:31 debian-8-user thehive[8603]: at connectors.cortex.services.CortexSrv$$anonfun$submitJob$1$$anonfun$apply$37$$anonfun$apply$38.apply(CortexSrv.scala:265)
May 22 12:26:31 debian-8-user thehive[8603]: at connectors.cortex.services.CortexSrv$$anonfun$submitJob$1$$anonfun$apply$37$$anonfun$apply$38.apply(CortexSrv.scala:264)
May 22 12:26:31 debian-8-user thehive[8603]: at scala.util.Success$$anonfun$map$1.apply(Try.scala:237)
May 22 12:26:31 debian-8-user thehive[8603]: at scala.util.Try$.apply(Try.scala:192)
May 22 12:26:31 debian-8-user cortex[8493]: [#033[37minfo#033[0m] s.ExternalAnalyzerSrv - Execute sh -c "./otxquery.py"  in OTXQuery
May 22 12:26:31 debian-8-user cortex[8493]: [#033[37minfo#033[0m] s.ExternalAnalyzerSrv - Execute sh -c "./geo.py"  in MaxMind
May 22 12:26:31 debian-8-user thehive[8603]: [#033[37minfo#033[0m] application - POST /api/connector/cortex/job returned 500
May 22 12:26:31 debian-8-user thehive[8603]: play.api.libs.json.JsResultException: JsResultException(errors:List((/attributes,List(ValidationError(List(error.path.missing),WrappedArray())))))
May 22 12:26:31 debian-8-user thehive[8603]: at play.api.libs.json.JsReadable$$anonfun$2.apply(JsReadable.scala:23)
May 22 12:26:31 debian-8-user thehive[8603]: at play.api.libs.json.JsReadable$$anonfun$2.apply(JsReadable.scala:23)
May 22 12:26:31 debian-8-user thehive[8603]: at play.api.libs.json.JsResult$class.fold(JsResult.scala:73)
May 22 12:26:31 debian-8-user thehive[8603]: at play.api.libs.json.JsError.fold(JsResult.scala:13)
May 22 12:26:31 debian-8-user thehive[8603]: at play.api.libs.json.JsReadable$class.as(JsReadable.scala:21)
May 22 12:26:31 debian-8-user thehive[8603]: at play.api.libs.json.JsObject.as(JsValue.scala:76)
May 22 12:26:31 debian-8-user thehive[8603]: at connectors.cortex.services.CortexSrv$$anonfun$submitJob$1$$anonfun$apply$37$$anonfun$apply$38.apply(CortexSrv.scala:265)
May 22 12:26:31 debian-8-user thehive[8603]: at connectors.cortex.services.CortexSrv$$anonfun$submitJob$1$$anonfun$apply$37$$anonfun$apply$38.apply(CortexSrv.scala:264)
May 22 12:26:31 debian-8-user thehive[8603]: at scala.util.Success$$anonfun$map$1.apply(Try.scala:237)
May 22 12:26:31 debian-8-user thehive[8603]: at scala.util.Try$.apply(Try.scala:192)

My config in Thehive looks like this (noe the port in the URL):

## Enable the Cortex module
play.modules.enabled += connectors.cortex.CortexConnector

cortex {
  "1" {
    # URL of the Cortex server
    url = "http://192.168.1.2:9001"
  }
}
@saadkadhi
Copy link
Contributor

Hi @crackytsi,

This is a known issue and it has been fixed in the development branch. See TheHive-Project/Cortex#27.

We are going to release a hotfix in the next few days.

@crackytsi
Copy link
Author

Thanks a lot, we can close it :)

@nadouani nadouani added the bug label May 24, 2017
@nadouani nadouani added this to the 2.11.2 milestone May 24, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@To-om To-om

Labels
bug
Projects
None yet
Milestone
2.11.2
Development

No branches or pull requests
4 participants
@nadouani @saadkadhi @crackytsi @To-om