Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CortexJobID #2

Closed
jcandiat opened this issue Oct 13, 2021 · 5 comments
Closed

CortexJobID #2

jcandiat opened this issue Oct 13, 2021 · 5 comments

Comments

@jcandiat
Copy link

Hi!!

First of all, thank you with all my heart for the development you launched, because I was doing something similar, but you already had everything practically done.

Second, I would like to see if you can help me with an error, since I do not know if I am misconfiguring the system.

When I send the email to be analyzed, it creates the case in thehive and sends me a notification email. M error lies when calling parsers ... it throws me the following error:

image

How could I solve this error?

Regards from Chile.
@emalderson
Copy link
Owner

emalderson commented Oct 13, 2021
edited

Hello, I have never encountered this error. However, it may be due either to the version of Cortex that you are using (the tool has been tested with the versions listed in the guide related to docker) or to the fact that one of the analyzers that you have enabled is not working properly, so the JSON representation of the job does not contain the keys needed for ThePhish to work. Try enabling only the analyzers that have been tested, as explained in the guide.
P.S. Also check if the configuration with the API KEY of Cortex is working.

@jcandiat
Copy link
Author

Thank you very much for the information!
I think my mistake may be in the settings. Previously, I had already installed and running thehive with the cortex integrated into the MISP.
My version of Cortex is: 3.1.1-1

And looking at the documentation, I think the ID of the cortex is wrong and I don't know where to get it from.

image

@jcandiat
Copy link
Author

Dear, problem solved! indeed, the problem was in that part of the configuration. I knew where to get that info and it worked! Again, grateful for such excellent work.

This was referenced Oct 22, 2021
Closed
Closed
@mgrant0
Copy link

mgrant0 commented Oct 24, 2021

I'm also hitting this error. I have tried using the login id of the cortex user. Is that the 'id'? I don't see anything else that looks like it could be an id associated with the account that I created the api key for. Another ticket, a user said they got this from the About page but I see nothing like an ID on that page, even logged in as that user. If this ID is not the string which is the Cortex user's login, what ID do I put in the conf file with this API key?

@emalderson
Copy link
Owner

As I said before, it is in the part related to Cortex in the "application.conf" file used by TheHive. Alternatively, it can be found in the "About" window of TheHive. Here an image taken from the internet is attached showing that ID:

The ID to use for Cortex here is literally the string "CORTEX-SERVER". Similarly, for MISP you have to use the ID that is literally "MISP-SERVER".

@emalderson emalderson reopened this Oct 24, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mgrant0 @jcandiat @emalderson