New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Hybrid Analysis returns success when filename query didn't work #223

Closed
srilumpa opened this Issue Apr 6, 2018 · 0 comments

Comments

Projects
None yet
4 participants
@srilumpa
Contributor

srilumpa commented Apr 6, 2018

Request Type

Bug

Work Environment

Question Answer
OS version (server) Debian
OS version (client) N/A
Cortex Analyzer Name Hybrid Analysis
Cortex Analyzer Version 1.0,
Cortex Version 1.1.4
Browser type & version N/A

Description

See TheHive-Project/TheHive#530 for more information about how to trigger the error but, when the Hybrid Analysis analyzer was not able to query (build properly the filename query?), the HA API sends back an error which is not handled by the script which set the job status to success.

Steps to Reproduce

  1. Submit a filename to be analyzed by the Hybrid Analysis analyzer from TheHive
  2. Job will be shown as successful but content displays an error

Possible solution

  • Use the response_code field to set the job status (-1 seems to be error)

Complementary information

See TheHive-Project/TheHive#530 for more details on how to trigger the error.

Report when the error is triggered

{
  "artifacts": [],
  "full": {
    "results": {
      "response_code": -1,
      "response": {
        "error": "Phrase 'toto.txt' should be in double quote."
      }
    }
  },
  "summary": {},
  "success": true
}

@3c7 3c7 self-assigned this Apr 13, 2018

@3c7 3c7 added this to the 1.9.4 milestone Apr 13, 2018

@3c7 3c7 closed this in 8b4c669 Apr 13, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment