Analyzer Configuration Only Showing Global Configuration

[peasead]

Request Type

Bug

Work Environment

Question	Answer
OS version (server)	CentOS
OS version (client)	7.4.1708 (Core)
Cortex version / git hash	2.0.4
Package Type	RPM
Browser type & version	Chrome Version 66.0.3359.139 (Official Build) (64-bit)

Problem Description

When I am logged into Cortex as an Organization Administrator, the only configuration options I have under the Configurations tab is "Global Configuration".

Steps to Reproduce

1. Logged into Cortex
2. Created another Organization
3. Created an Organization Administrator
4. Logged in as that Organization Administrator
5. Enable the VirusTotal Get Report Analyzer (I tried with several others as well)
6. Check in the Configuration tab, but there is no configuration for the Analyzer

Complementary information

Example of what I expect to see .

What I do see

[nadouani]

Do you see rows in the "Organization > Analyzers" tab, but no rows in "Organization > Configurations" tab?

[peasead]

Yes sir, Analyzers is completely populated, Configurations only has "Global Configurations".

Here is my deployment process:

sudo yum install java-1.8.0-openjdk.x86_64 gcc-c++ -y
sudo yum groupinstall "Development Tools" -y
sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
sudo yum install https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.6.0.rpm libffi-devel python-devel python-pip ssdeep-devel ssdeep-libs perl-Image-ExifTool file-devel -y

# Configure Elasticsearch
sudo bash -c 'cat > /etc/elasticsearch/elasticsearch.yml <<EOF
network.host: 127.0.0.1
cluster.name: hive
script.inline: true
thread_pool.index.queue_size: 100000
thread_pool.search.queue_size: 100000
thread_pool.bulk.queue_size: 1000
EOF'

# Collect the Cortex analyzers
sudo git clone https://github.com/capesstack/Cortex-Analyzers.git /opt/cortex/

# Collect the Cortex Report Templates
# This doesn't appear to work in an automated fashion anymore, it must be done manually via the UI. See Post Installation instructions in docs/README.md
# sudo curl -L https://dl.bintray.com/cert-bdf/thehive/report-templates.zip -o /opt/cortex/report-templates.zip

# Install TheHive Project and Cortex
sudo rpm --import https://dl.bintray.com/cert-bdf/rpm/repodata/repomd.xml.key
sudo yum install https://dl.bintray.com/cert-bdf/rpm/thehive-project-release-1.0.0-3.noarch.rpm -y
sudo yum install thehive cortex -y

# Configure TheHive Project secret key
(cat << _EOF_
# Secret key
# ~~~~~
# The secret key is used to secure cryptographics functions.
# If you deploy your application to several instances be sure to use the same key!
play.crypto.secret="$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 64 | head -n 1)"
_EOF_
) | sudo tee -a /etc/thehive/application.conf

# Configure Cortex secret key
(cat << _EOF_
# Secret key
# ~~~~~
# The secret key is used to secure cryptographics functions.
# If you deploy your application to several instances be sure to use the same key!
play.crypto.secret="$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 64 | head -n 1)"
_EOF_
) | sudo tee -a /etc/cortex/application.conf

# Add the future Python package and then install the Cortex Python dependencies
sudo pip install --upgrade pip
sudo pip install future
for d in /opt/cortex/analyzers/*/ ; do (cat $d/requirements.txt >> requirements.staged); done
sort requirements.staged | uniq > requirements.txt
rm requirements.staged
sudo pip install -r requirements.txt
rm requirements.txt

# Update the location of the analyzers
sudo sed -i 's/path\/to\/Cortex\-Analyzers/\/opt\/cortex/' /etc/cortex/application.conf

# Ensure that thehive and cortex users owns it's directories
sudo chown -R thehive:thehive /opt/thehive
sudo chown thehive:thehive /etc/thehive/application.conf
sudo chmod 640 /etc/thehive/application.conf
sudo chown -R cortex:cortex /opt/cortex
sudo chown cortex:cortex /etc/cortex/application.conf
sudo chmod 640 /etc/cortex/application.conf

# Configure Cortex to run on port 9001 instead of the default 9000, which is shared with TheHive
sudo sed -i '16i\\t-Dhttp.port=9001 \\' /etc/systemd/system/cortex.service

# Connect TheHive to Cortex
sudo bash -c 'cat >> /etc/thehive/application.conf <<EOF
# Cortex
play.modules.enabled += connectors.cortex.CortexConnector
cortex {
  "CORTEX-SERVER-ID" {
  url = "http://`hostname -I | sed -e 's/[[:space:]]*$//'`:9001"
  key = Cortex-API-key-see-post-installation-instructions
  }
}
EOF'

# Firewall configuration
sudo firewall-cmd --add-port=9000/tcp --add-port=9001/tcp
sudo firewall-cmd --reload

# Systemd service preparation
sudo systemctl enable thehive.service
sudo systemctl enable cortex.service

# Service start
sudo systemctl start thehive.service
sudo systemctl start cortex.service

# Cleanup
sudo yum -y remove gcc-c++

[saadkadhi]

@nadouani what's next?

[nadouani]

Is your Cortex analyzers folder up to date?

[peasead]

Okay...so, here's an embarrassing story...I forked your Analyzers several months ago (before 2.x)...built my forked analyzers into my install scripts...and never looked back...until now when I was going to post something like

Duh of course my analyzers are up to date...I'm getting them straight from your repo!

But...lesson learned.

Let me unjack myself and I'll reopen another issue if that's not the problem (which I can only assume it is).