Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • Jan 31 21:52
    zpriddy edited #860
  • Jan 31 21:52
    zpriddy opened #860
  • Jan 31 20:47
    gregcopenhaver forked
    gregcopenhaver/TheHive
  • Jan 31 14:03
    adl1995 opened #165
  • Jan 31 13:56
    nadouani closed #769
  • Jan 31 13:55

    nadouani on develop

    #769 Add a case template select… Merge branch 'feature/template-… #769 Add case template selector (compare)

  • Jan 31 13:55
    nadouani commented #769
  • Jan 31 13:54
    nadouani milestoned #769
  • Jan 30 18:41
    amr-cossi opened #164
  • Jan 30 16:21
    nadouani edited #271
  • Jan 30 16:20

    nadouani on develop

    #271 Allow merging multiple ale… (compare)

  • Jan 30 16:18

    To-om on develop

    #271 Update alert status when m… (compare)

  • Jan 30 15:53

    To-om on develop

    #271 Add API to merge alert in … (compare)

  • Jan 30 10:44
    nadouani closed #857
  • Jan 30 10:44
    nadouani labeled #857
  • Jan 30 10:44
    Xumeiquer commented #857
  • Jan 30 10:30
    nadouani edited #271
  • Jan 30 10:30
    nadouani edited #271
  • Jan 30 10:30
    nadouani edited #271
  • Jan 30 10:30
    nadouani edited #271
maugertg
@maugertg
I'm not sure which it would be. When you're in The Hive and run a Responder when you login to Cortex at thhe Job History page and click "View" for the job it pulls up the "Job Details" and has a "Job report" The first section of the "Job report" for a responder is "Indput Details" which has the JSON sent to the Responder. When I click on "View" for a Job sent to an Analyzer it does not show the "Input details"
S1nglet0n
@dlcindc
anyone run into issues with this line from the debian install?
echo 'deb https://dl.bintray.com/thehive-project/debian-stable any main' | sudo tee -a /etc/apt/sources.list.d/thehive-project.list
apt-get update errors and dl.bintray.com doesn't look to resolve
centralops.net doesn't return anything for domain either
hmm - somewhere binary got replaced for bintray
pbkac
nohcip
@nohcip
Hey guys, on my server, my "/opt/cortex-analyzers/responders/" directory is writable only by root, but when I run one of my responders, I would like to create a temp file somewhere but whoever is running the responder doesn't have the correct permissions. Do you know where I can find which user is running the responders ? In order to give them correct permissions. :) Also, is "/opt/cortex-analyzers" supposed to be owned by root ? or do you recommend something else ? Thanks !
nohcip
@nohcip
Ok, I found the answer. Responder was run by a user called "cortex". Everything working now.
S1nglet0n
@dlcindc
what were some of the steps for troubleshooting the responder?
aacgood
@aacgood
@dlcindc Check application.conf is configured correctly, Check for permissions issues, check that the appropriate python packages are installed, check requirements.txt and look at /var/log/cortex/application.log, also check your using the correct setting for the analyzer/responder in the UI. Hope that helps
suat
@stoksoz_gitlab
hi all
where can I find thehive sample dashboards?
Nic
@nicpenning
Anyone have an issue where Cortex creates a new index for some reason? It should be cortex_4 but it created a cortex_4_4. I tried deleting that index but still no luck for Cortex to grab it. I'm running latest Cortex
aacgood
@aacgood
@stoksoz_gitlab if they aren't on the projects GitHub, pls share the ones you create with the community
kachun55
@kachun55
Hi everyone , i try to make a update for alert from tlp = 1 to tlp =3
i saw that on the internet , they have example of create alert.
https://github.com/TheHive-Project/TheHive4py/tree/master/samples
do there have any sample for update an alert for thehive4py, muhc thanks
s-khariuk-hacken
@s-khariuk-hacken
@aacgood hi. I'm configured your version of Mailer responder, but received an error message:
{
  "errorMessage": "no output",
  "input": null,
  "success": false
}
cyberpescadito
@cyberpescadito
@s-khariuk-hacken check permissions (cortex have to be able to trigger the .py)
aacgood
@aacgood
Can you get the log output from /var/log/cortex/application.log at the time you run it. I'll check it out tomorrow for you.
s-khariuk-hacken
@s-khariuk-hacken
@aacgood im fix it. Little bit later I'm publish it on github. Thank you
suat
@stoksoz_gitlab
hi, how can I change the time on thehive ?
jwilczek
@jwilczek
is there a list of sample templates publicly available?
S1nglet0n
@dlcindc
@aacgood - thanks for that information!

https://github.com/TheHive-Project/TheHive/issues/1092#issuecomment-518705452 <-has anyone tried to use the latest elastic install with thehive 3.4.0? I started with 5.6 from the installation guide, but due to many CVE/vulnerabilities related to XSS/SSRF/exec code file inclusion - I tried to work from the latest version of elastic. I am getting the same issues as previously reported by #1092 - I can only use 6.7.2 elastic stack with my hiveinstance?

https://www.cvedetails.com/vulnerability-list/vendor_id-13554/Elasticsearch.html

S1nglet0n
@dlcindc

hi, how can I change the time on thehive ?

I would think the server you have thehive installed on is responsible for time - ntp - etc.

jdepalma
@jdepalma
Is there a way to automatically kick off Analyzers on Observables in a case or alert?
vimtechnologies
@vimtechnologies
yes webhooks
i am working on it but have not had much luck so far
torsolaso
@torsolaso
someone knows when thehive 4.0 will be released?
vimtechnologies
@vimtechnologies
@cyberpescadito are you available for a quick question
sebz1997
@sebz1997
Hi, How to configure mail server for Mail responders in corex. Any idea about this ??
sebz1997
@sebz1997
@aacgood Hi i just downloaded the reporter responder. I am confused with the api key.How can i generate the Hive api key
Josh Brower
@defensivedepth
@jeromeleonard Any way we can get some eyes on this PR for merging? TheHive-Project/TheHive#1171
aacgood
@aacgood
@sebz1997 you generate an API key under user management in TheHive.
aacgood
@aacgood
https://blog.agood.cloud/posts/2019/12/05/making-thehive-soar-with-microsoft-power-automate-and-cortex/
^^POC for using Microsoft PowerAutomate for SOAR functionality with Cortex.
vimtechnologies
@vimtechnologies
did anyone managed to integrate theHive with ePO via opendxl?
Simon
@xg5-simon
@jwilczek log in to your TheHive instance, Admin > Report Templates
Toby Lerone
@TLerone79_twitter
Hello
Has anyone had any luck getting the Docker image to run with a defined hive application.conf file?
Toby Lerone
@TLerone79_twitter
I'm getting the following error "None of the configured nodes are available"
sebz1997
@sebz1997
Hi, getting this error when I run the Reporter responder, How can I solve this issue.
Invalid output
Traceback (most recent call last):
File "Reporter/reporter.py", line 253, in <module>
Reporter().run()
File "Reporter/reporter.py", line 236, in run
mdFile.create_md_file()
File "/usr/local/lib/python3.6/dist-packages/mdutils/mdutils.py", line 62, in create_md_file
md_file = MarkDownFile(self.file_name)
File "/usr/local/lib/python3.6/dist-packages/mdutils/fileutils/fileutils.py", line 23, in init
self.file = open(self.file_name, 'w+', encoding='UTF-8')
PermissionError: [Errno 13] Permission denied: '/root18.md'
Toby Lerone
@TLerone79_twitter
What the latest version of cortex?
Miles Florence
@milesflo
Does TheHive have a comments feature in the Case model?
aacgood
@aacgood
@sebz1997 the last line tells you the issue. Check the permissions.
@TLerone79_twitter https://github.com/TheHive-Project/Cortex
@milesflo what do you mean?
Nic
@nicpenning
@aacgood Very cool! I might have to try this out. We are about finished with our own custom responders for the phishing use case. We developed a button in house for reporting that gives everything we need as an alert in TheHive and allows us to respond to the clients based on the custom category in TheHive (Phishing Malware, Phishing Credentials, Safe, Encrypted Email, Scam, etc..). Each category has it's own template with action items and what the analysis came out to be. The down side is that we have to code all of the HTML for the email inside of the responder. But it works well for the samples we have used. We dynamically add the subject, and other details from the case as well. Thanks for sharing, as I may use that platform with other integrations with TheHive and Cortex.