Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • Jan 31 2019 21:52
    zpriddy edited #860
  • Jan 31 2019 21:52
    zpriddy opened #860
  • Jan 31 2019 20:47
  • Jan 31 2019 14:03
    adl1995 opened #165
  • Jan 31 2019 13:56
    nadouani closed #769
  • Jan 31 2019 13:55

    nadouani on develop

    #769 Add a case template select… Merge branch 'feature/template-… #769 Add case template selector (compare)

  • Jan 31 2019 13:55
    nadouani commented #769
  • Jan 31 2019 13:54
    nadouani milestoned #769
  • Jan 30 2019 18:41
    amr-cossi opened #164
  • Jan 30 2019 16:21
    nadouani edited #271
  • Jan 30 2019 16:20

    nadouani on develop

    #271 Allow merging multiple ale… (compare)

  • Jan 30 2019 16:18

    To-om on develop

    #271 Update alert status when m… (compare)

  • Jan 30 2019 15:53

    To-om on develop

    #271 Add API to merge alert in … (compare)

  • Jan 30 2019 10:44
    nadouani closed #857
  • Jan 30 2019 10:44
    nadouani labeled #857
  • Jan 30 2019 10:44
    Xumeiquer commented #857
  • Jan 30 2019 10:30
    nadouani edited #271
  • Jan 30 2019 10:30
    nadouani edited #271
  • Jan 30 2019 10:30
    nadouani edited #271
  • Jan 30 2019 10:30
    nadouani edited #271
Nawarix
@Nawarix
but anyway i'm suppose to get max age : 10 days from logs, right??
garanews
@garanews
if it is set I would say yes
let me see if I can do a fast try
Nawarix
@Nawarix
btw i'm using 4.0.2-1 but the same issue existed in 4.0.1
Ettatabe
@Ettatabe
Hey guys, I just installed thehive4.0.0-1 on a Debian system and the status is up and running on the backend but nothing's happening on the frontend when I go to http://YOUR_SERVER_ADDRESS:9000/. Any ideas how to see the login page on the front end?
al3xj0su3
@al3xj0su3
@garanews Thank you :)
I actually tried to open that url on my browser before (using 'release' instead of 'stable'), but the 403 error made me think I was replacing the word on the wrong resource. After replacing it on the repo it did the job, thank you again!
garanews
@garanews
@Nawarix in logs I confirm "not set" like you
but in my case seems to work
I put max-age = 1 min
and I have sync interval 10min, so I created an event, published it and it didn't return as alert in the hive
@al3xj0su3 you're welcome
jared jennings
@jaredjennings
@nawarix it looks like you wrote "max age" with a space but @garanews put max-age with a dash
lafcabra
@lafcabra
change
Nawarix
@Nawarix
@garanews let me get something, published means when the event shared or when it was sync to our instance???
@jaredjennings I wrote it max-age but the log wrote it max age without dash
garanews
@garanews
published means published
image.png
Nawarix
@Nawarix
@garanews I know, but what I noticed all the events I pulled from feeders have the same published date - the day I configured misp instance - that's why the hive imported 1300 events
I don't know if this a bug or intentional
WingerHusar
@WingerHusar
Hi everyone, I would like to connect my logstash with TheHive, is it possible ?
maximillian42
@maximillian42

Hi all,

Is it possible to create a responder to push/update event for a MISP Instance ?

garanews
@garanews
don't you like the export feature that publish case with observables from the hive to an event in misp with attributes?
maximillian42
@maximillian42
@garanews nop, I want this feature from another responder Trigger like a SIEM Elastic ?
beagnc
@beagnc
@WingerHusar me too! :)
Nic
@nicpenning
@Waltyon and @beagnc what's your use case?
Clinton Dsouza
@cvdsouza
Hi, I installed the latest stable release of theHive. Created a custom field and now trying to delete that field. however I keep getting this error
2020-11-24 21:19:12,348 [ERROR] from org.thp.scalligraph.utils.Retry in application-akka.actor.default-dispatcher-33 [000004c4|34859770] uncaught error, not retrying
org.thp.scalligraph.NotFoundError: CustomField reporting-type not found
at org.thp.scalligraph.services.VertexSrv.$anonfun$getOrFail$1(VertexSrv.scala:35)
at scala.Option.fold(Option.scala:251)
any idea what could be causing this error ? I raised an issue with full log details and a snapshot as well TheHive-Project/TheHive#1684
Nabil Adouani
@nadouani
crackytsi
@crackytsi
Hi! Is there a different data format in ElasticSearch 5 compared to a elasticsearch 6 with migrated ES 5 data (not reindexed)? Or will all ES5 continue to work?
cyberpescadito
@cyberpescadito
@crackytsi i ran a th3.4 on es5, was "working" but with some pains (bugs, crashs)
FLRNKS
@florianakos

Hi,

I was wondering if there is some example how TheHive can be started with cortex configs passed through CLI? It seems no matter what I try, I always get thrown back to CLI Usage message

Miles Florence
@milesflo
Ask in Discord 😄
Rowland-ben
@Rowland-ben
image.png
Hello guys , I was able to install Elasticsearch and Cortex on my Ubuntu 20.04 LTS VM . However, it gives the error above when I try to access the web UI. Please urgently help .
Nabil Adouani
@nadouani
Hello guys, please go to https://chat.thehive-project.org
yevgen92
@yevgen92
Hi guys, my cortex analyzers fail to run with error org.elastic4play.NotFoundError: worker (analyzer) not found. Maybe somebody met this problem before ? thanks
Greg
@LogicalEy3_twitter
Anyway to do MTTR in thehive dashboard?
israel arispe
@israel_arispe_twitter
Hi guys, I'm new in this world of thehive and I have a question, how can I move the data (cases, observables, tasks, etc) from a server that has thehive with cassandra to another one with the same cassandra, the only difference is that one the hive is the 4.0.0-RC3 version and the other is 4.0.1, is it possible to migrate the data?
Please, I've been trying to do it for a while.
brenner421
@brenner421
I'm trying to install a Splunk universal forwarder on the same machine as my hive installation and I was wondering if there's a log file or somewhere that I can pull the case information from?
stoksoz1
@stoksoz1
Hi guys, I am using thehive 3 at the point, but I want to move to thehive4
what would be the best installation steps for me?
vimtechnologies
@vimtechnologies
Good morning i am installing Synapse on UBUNTU just for testing purpose and find out if it is suitable for what i have in mind
however when i install requirements i get the following errors
Building wheels for collected packages: cffi, lxml
Building wheel for cffi (setup.py) ... error
ERROR: Command errored out with exit status 1:
command: /usr/bin/python3 -u -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-f_cfimtx/cffi/setup.py'"'"'; file='"'"'/tmp/pip-install-f_cfimtx/cffi/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(file);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, file, '"'"'exec'"'"'))' bdist_wheel -d /tmp/pip-wheel-laow_bc8
cwd: /tmp/pip-install-f_cfimtx/cffi/
'''Building wheels for collected packages: cffi, lxml
Building wheel for cffi (setup.py) ... error
ERROR: Command errored out with exit status 1:
command: /usr/bin/python3 -u -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-f_cfimtx/cffi/setup.py'"'"'; file='"'"'/tmp/pip-install-f_cfimtx/cffi/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(file);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, file, '"'"'exec'"'"'))' bdist_wheel -d /tmp/pip-wheel-laow_bc8
cwd: /tmp/pip-install-f_cfimtx/cffi/
Complete output (55 lines):
Package libffi was not found in the pkg-config search path.
Perhaps you should add the directory containing `libf'''
how can i fix that error
Kiril Kjiroski
@kiril.kjiroski_gitlab
Hi everyone. I am new to thehive, and I have a question: we are implementing thehive and cortex as a part of a larger installation (including odfees, pdfekibana, nifi, misp...). We want to use keycloak as authentication server. I have followed instructions on the Documentation page (https://github.com/TheHive-Project/TheHiveDocs/blob/master/TheHive4/Administration/Authentication.md), and implemented openidconnect using our info for KEYCLOACK, TENANT, etc... However, when I try to authenticate with self-signed certificates (mind you, these are working for kibana and nifi parts of the whole), it brings me back to the login page. In logs, I am getting following errors:
2020-12-06 11:18:18,576 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-18 [0000000c|] 172.22.0.15 GET /api/ssoLogin took 14ms and returned 302 0 bytes
2020-12-06 11:18:22,638 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-5 [0000000d|] 172.22.0.15 GET /api/ssoLogin?state=608747c0-2480-4949-a592-672c0b6b8a2d&session_state=ee0f82ed-6889-44af-a8b0-b15ed3d31f01&code=a488d421-783a-4261-9c8e-324968b159e5.ee0f82ed-6889-44af-a8b0-b15ed3d31f01.2247607c-0a05-462a-a11a-81e7f7920ffc took 558ms and returned 303 0 bytes
2020-12-06 11:18:22,725 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-5 [0000000e|] 172.22.0.15 GET /?error=User+not+found took 2ms and returned 308 0 bytes
2020-12-06 11:18:22,805 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-22 [0000000f|] 172.22.0.15 GET /index.html took 4ms and returned 304 0 bytes
2020-12-06 11:18:23,203 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-18 [00000012|] 172.22.0.15 GET /api/status took 2ms and returned 200 286 bytes
2020-12-06 11:18:23,203 [WARN] from org.thp.scalligraph.ErrorHandler in application-akka.actor.default-dispatcher-22 [|] GET /api/v1/user/current returned 401: Authentication failure
2020-12-06 11:18:23,205 [WARN] from org.thp.scalligraph.ErrorHandler in application-akka.actor.default-dispatcher-17 [|] GET /api/config/organisation/ui.hideEmptyCaseButton returned 401: Authentication failure
2020-12-06 11:18:23,285 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-5 [00000013|] 172.22.0.15 GET /api/status took 3ms and returned 200 286 bytes
Michael
@ag-michael
Hi all, if anyone is interested in helping me support thehive-falcon ,the falconcustomiocresonder and pyfalcon please let me know. I no longer have access to a Falcon api so it's difficult for me to support these, but it seems some people are using them.
halimB8
@halimB8
Hello everybody, I am new using theHive
I already have an Elasticsearch cluster running and I want to connect it with theHive to test it, and I am getting a tls Handshake errors,
could you tell me please how can I create and add the certificate and key to theHive to be able to connect with the ELasticsearch cluster !
Thanks for your help