Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • Jan 31 2019 21:52
    zpriddy edited #860
  • Jan 31 2019 21:52
    zpriddy opened #860
  • Jan 31 2019 20:47
  • Jan 31 2019 14:03
    adl1995 opened #165
  • Jan 31 2019 13:56
    nadouani closed #769
  • Jan 31 2019 13:55

    nadouani on develop

    #769 Add a case template select… Merge branch 'feature/template-… #769 Add case template selector (compare)

  • Jan 31 2019 13:55
    nadouani commented #769
  • Jan 31 2019 13:54
    nadouani milestoned #769
  • Jan 30 2019 18:41
    amr-cossi opened #164
  • Jan 30 2019 16:21
    nadouani edited #271
  • Jan 30 2019 16:20

    nadouani on develop

    #271 Allow merging multiple ale… (compare)

  • Jan 30 2019 16:18

    To-om on develop

    #271 Update alert status when m… (compare)

  • Jan 30 2019 15:53

    To-om on develop

    #271 Add API to merge alert in … (compare)

  • Jan 30 2019 10:44
    nadouani closed #857
  • Jan 30 2019 10:44
    nadouani labeled #857
  • Jan 30 2019 10:44
    Xumeiquer commented #857
  • Jan 30 2019 10:30
    nadouani edited #271
  • Jan 30 2019 10:30
    nadouani edited #271
  • Jan 30 2019 10:30
    nadouani edited #271
  • Jan 30 2019 10:30
    nadouani edited #271
FizaBeg
@FizaBeg
Does anyone know how to resolve the following error when attempting to startup hive web console. the error in logs is - Caused by: java.lang.IllegalArgumentException: Could not instantiate implementation: org.janusgraph.diskstorage.cql.CQLStoreManager .
And also the error - Caused by: com.datastax.oss.driver.api.core.AllNodesFailedException: Could not reach any contact point, make sure you've provided valid addresses (showing first 1 nodes, use getAllErrors() for more): Node(endPoint=/xx.xx.xx.xx:9042, hostId=null, hashCode=aa0609f): [com.datastax.oss.driver.api.core.connection.ConnectionInitException: [JanusGraph Session|control|connecting...] Protocol initialization request, step 1 (OPTIONS): failed to send request (io.netty.channel.StacklessClosedChannelException)]
I cannot access website of hive and also cassandra website. But both services are running on the terminal.
If I am trying to access using curl command then also it's throwing error.
Secshield @ Dave
@sec26
I'd appreciate a response to my following question, When we resolve a case in Hive does it automatically resolve the alert in the hive that is associated with that case ?
Abdul Samad
@AS_Abdul_Samad_twitter
Hello
I am using Thehive4 , it's working fine, but after my ubuntu machine reboot, thehive failed to start
Any help?
hkelley
@hkelley

Can someone share an example of a FilteredEvent webhook trigger? https://github.com/TheHive-Project/TheHive/tree/7575943129324e8d7aad9253030fdba05c00ecf7/thehive/app/org/thp/thehive/services/notification/triggers

We use the AnyEvent trigger today (because that is what is documented) but would like to get more granular so that we only POST on case/task updates and closures.

1 reply
Nikhil Verma
@nikhil14aug_twitter
anyone facing issue in running analyzers in Cortex 3.1.6?
even google DNS ending in ...
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
Nikhil Verma
@nikhil14aug_twitter
it seems to be dir permission issue on cortex job folder ... only mapping /tmp from host OS seems to have the job dir available to cortex docker container and analyzer container
image.png
but now I encountered another issue ... kind of ghost alerts in thehive probably pushed from misp but cannot be deleted as shown above ... anyone encountered above? using hive 4.1.23
Nikhil Verma
@nikhil14aug_twitter
the ghost cases were resolved/gone by dropping elasticsearch index and rebuilding it
zurgutt
@zurgutt
In 4.1, is it possible to change value of some fields (owner, resolution etc) when mass closing from list level, either directly or to default by configuration? (newbie)
zurgutt
@zurgutt
goodmorning vietnaam!
zurgutt
@zurgutt
bingo bango?
SrijanNandi
@SrijanNandi
Facing issues using the Wazuh Responder, keep getting the error Agent ID Missing, even when running it on an IP Observable
According to the documentation it requires the following as custome fields:
wazuh_agent_id
wazuh_alert_id
wazuh_rule_id
image.png
But in Cortex I see it as wazuh-agent-id. Now sure where and what is wrong?
nieivan
@nieivan
Hi All, I’m trying to integrate Wazuh with TheHive with following this instruction: https://wazuh.com/blog/using-wazuh-and-thehive-for-threat-protection-and-incident-response/
I have completed everything in the document, however, I get the error of “ModuleNotFoundError: No module named ‘thehive4py.api’” it seems embedded python can’t find thehive4py,
I totally ensure that I have installed thehive4py on the Wazuh manager server, anything I can do to fix this?
Thanks
Alexander Tiemann
@alexandertiemann83_gitlab
module.PNG
Hello everyone, i have setup misp on centos 8 and everything works apart from cortex
any ideas? Thanks in advance for your help
cortex.PNG
Alexander Tiemann
@alexandertiemann83_gitlab
ok it is working changed from port 9000 to 6666
Hack Include
@HackInclude_twitter
image.png
Hi , i am not sure where to see the log on what is wrong with this, i am not able to run any analyzer
Marc Schweiz
@gru3zi
@HackInclude_twitter im having the exact same issue
Marc Schweiz
@gru3zi

You can add comments here to consolidate if you wanted

TheHive-Project/Cortex#434

Marc Schweiz
@gru3zi
@HackInclude_twitter i solved the issue. Check my ticket for a work around
SrijanNandi
@SrijanNandi
Anyway to disable SSL Certificate verification on thehive application.conf file
Chaos
@haroldLuiz
hi
image.png
why cant i sort by id? could someone help me please? <3
Carlo Husmillo
@carlokohan
Anyone know how to change the occur date in Alert model via thehive4py? it always default to 1970. when I force the date variable in Alert model, it only changes the created date
image.png
trite2k3
@trite2k3
https://hub.docker.com/r/thehiveproject/thehive
anyone know why this docker compose cannot connect to the elasticsearch instance in docker?
trite2k3
@trite2k3
im assuming its because of nftables. like docker iptables doesnt understand nftables
trite2k3
@trite2k3
what environment variable to pass into cortex docker image for it to change what path it tries to communicate with docker socket? it doesnt seem to listen to "DOCKER_HOST"
trite2k3
@trite2k3
halp :D
trite2k3
@trite2k3
eh nvm i found new strangebee site ill try that one instead.....
you should prob. fix yout docker hub description since it doesnt even run
trite2k3
@trite2k3
the strangebee instructions is better thank god, can someone please update docker hub description so no more poor souls falls into the trap of troubleshooting a 2 year old setup which doesnt work anymore?
Atchyuth-P
@Atchyuth-P
Hi everyone I am unable to resolve the error while creating analyzers
{
"errorMessage": "Something went wrong",
"input": "{\"data\":\"www.google.com\",\"dataType\":\"domain\",\"tlp\":2,\"pap\":2,\"message\":\"\",\"parameters\":{},\"config\":{\"proxy_https\":null,\"cacerts\":null,\"max_pap\":2,\"jobTimeout\":30,\"service\":\"get\",\"check_tlp\":true,\"proxy_http\":null,\"max_tlp\":2,\"auto_extract_artifacts\":false,\"jobCache\":10,\"check_pap\":true}}",
"success": false
}
need quick help on this
Soldier2003
@Soldier2003
Hi All, I'm sorry for the stupid question, but which version of The Hive is used in this container https://hub.docker.com/r/thehiveproject/thehive
1 reply
SrijanNandi
@SrijanNandi
Screenshot 2022-12-02 at 4.19.59 PM.png

Hello All, I recently moved the index from Lucene to Elasticsearch. Faced a lot of issues, therefore had to configure Cassandra and theHive from scratch.

Now I am seeing the Alerts, however the Alerts counter on the top of the page is not increasing