thehive-falcon is not working #2
Description
Hi Michael
I find thehive-falcon very useful.
I am trying to integrate CrowdStrike into TheHive using thehive-falcon, but it is not working. Line 148 in the pyfalcon.py shows the code is using authentication method "cs-hmac" which is what the api version 1 uses. This is why I believe I am getting the authentication error returned when thehive-falcon tries to connect to the Crowdstrike API. I am using OAuth2-Based API credentials that is why.
Please can the script be updated with OAuth2-Based API authentication method? Our environment only allows OAuth2-Based API. Also, API Key Based will be decommissioned on 10/29/2020. CrowdStrike is urging all the clients to use OAuth2-Based API.
Below is the error message I get when I run the script:
thehive-falcon]$ python thehive_falcon.py falcon_config.json thehive_config.json
TheHive-Falcon: 2020-10-01 17:35:08,924 Starting Falcon streaming api integration script for TheHive...
TheHive-Falcon: 2020-10-01 17:35:08,976 Starting Falcon streaming api script...
TheHive-Falcon: 2020-10-01 17:35:08,976 Connecting to the Falcon streaming api.
TheHive-Falcon: 2020-10-01 17:35:08,976 Connecting to the streaming api with date stamp:Thu, 01 Oct 2020 21:35:08 GMT
TheHive-Falcon: 2020-10-01 17:35:08,983 Connecting to Falcon streaming API using TLS.
TheHive-Falcon: 2020-10-01 17:35:09,300 Errors in data stream response:
{
"errors": [
{
"code": 401,
"message": "Not authorized"
}
]
}
Traceback (most recent call last):
File "/users_home/test_user/thehive-falcon/pyfalcon.py", line 172, in connect
raise
TypeError: exceptions must be old-style classes or derived from BaseException, not NoneType
TheHive-Falcon: 2020-10-01 17:35:09,317 exceptions must be old-style classes or derived from BaseException, not NoneType
Traceback (most recent call last):
File "/users_home/test_user/thehive-falcon/pyfalcon.py", line 172, in connect
raise
TypeError: exceptions must be old-style classes or derived from BaseException, not NoneType