Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HX Cloud #115

Closed
jmalbertsanofi opened this issue Sep 29, 2022 · 4 comments
Closed

HX Cloud #115

jmalbertsanofi opened this issue Sep 29, 2022 · 4 comments
Assignees
@B0fH

Comments

@jmalbertsanofi
Copy link

jmalbertsanofi commented Sep 29, 2022
edited
Loading

Hi Elazar,

Could you provide me some help to to manage HX Cloud through HXTool?

When I try to configure it with a URL similar to [REDACTED]-hx-webui-1.hex03.helix.apps.fireeye.com, I obtain this error message:
HTTPSConnectionPool(host='[REDACTED]-hx-webui-1.hex03.helix.apps.fireeye.com', port=443): Max retries exceeded with url: /hx/api/v1/token (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f9ac2ab9e80>: Failed to establish a new connection: [Errno -2] Name or service not known',))

When I use curl with that domain, I obtain the correct HTML webpage:

<!doctype html>
<!--[if IE 8]>    <html class="no-js lt-ie9" lang="en"> <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js" lang="en"> <!--<![endif]-->

<head>
  <meta charset="utf-8">
  <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
  <meta content="authenticity_token" name="csrf-param" />
<meta content="[REDACTED]" name="csrf-token" />
  <meta name="viewport" content="width=device-width">
  <title>[REDACTED]-hx-webui-1.hex03.helix.apps.fireeye.com - Trellix - Please Log in</title>
  <link rel="shortcut icon" href="/assets/images/favicon.ico?v=2" type="image/x-icon">
  <link data-turbolinks-track="true" href="/assets/stylesheets/vendor/fonts.css?1661967908" media="all" rel="stylesheet" type="text/css" />
  <link href="/assets/fabric/css/font-awesome.min.css?1661967908" media="screen" rel="stylesheet" type="text/css" />
  <link href="/assets/fabric/css/fe-helix-dark.min.css?1661967908" media="screen" rel="stylesheet" type="text/css" />
  <link href="/assets/stylesheets/login.css?1661968037" media="screen" rel="stylesheet" type="text/css" />
  <!--[if IE]>
    <script src="/assets/javascripts/ie.js?1661967908" type="text/javascript"></script>
  <![endif]-->
</head>

<body data-appliance-type="hx_ng" class="muse-background">
  <script src="/assets/javascripts/vendor.js?1661967957" type="text/javascript"></script>
  <script src="/assets/javascripts/app.js?1661968037" type="text/javascript"></script>
  <script>
    if(window.top != window) {
      window.top.location = window.location;
    }
    var fireeye = fireeye || {};
    fireeye.page_data = {};

      fireeye.page_data = {"cm_ha":false,"host_name":"[REDACTED]-hx-webui-1.hex03.helix.apps.fireeye.com","product_name":"HX","model_number":"4502","hash_id":"[REDACTED]","login_banner":"\nThis system is for the use of authorized users only. Individuals\nusing this computer system without authority, or in excess of their\nauthority, are subject to having all of their activities on this\nsystem monitored and recorded by system personnel.\n\nIn the course of monitoring individuals improperly using this system,\nor in the course of system maintenance, the activities of authorized\nusers may also be monitored.\n\nAnyone using this system expressly consents to such monitoring and\nis advised that if such monitoring reveals possible evidence of\ncriminal activity, system personnel may provide the evidence of such\nmonitoring to law enforcement officials.\n\n","asset_type":"Purchased (2)","current_year":2022,"upgrading":"","restoring":false,"product_edition":null,"product_series":"HX","logout_message_enable":false,"display_sso":true,"display_cert":false,"display_saml":false,"redirect_saml":false,"display_local":true};
    window.fireeye.features = {};
    window.fireeye.i18n_strings = [REDACTED];
    require('initialize');
    </script>
      <div id="container"> </div>
    </body>
</html>

Having this result with curl make me think server on which HXTool is hosted is having correct access to the HX Cloud console.

Regards,
JM
@B0fH
Copy link
Contributor

B0fH commented Sep 29, 2022

Hi @jmalbertsanofi -
[Errno -2] Name or service not known usually signifies DNS lookup failure. In the controller profile, can you confirm that just the FQDN is there and not anything else, i.e. https?

Thanks,
Elazar

@jmalbertsanofi
Copy link
Author

Hi @B0fH

I can confirm that there is only FQDN, and that I'm using port 443:
image

Because curl test is working as expected, I guess it is not a network issue/DNS lookup failure.

Regards,
JM

@B0fH B0fH self-assigned this Oct 3, 2022
@B0fH
Copy link
Contributor

B0fH commented Oct 3, 2022

Hi @jmalbertsanofi -
Thar is very odd. The error that the Python requests module is throwing indicates a DNS resolution failure. The only other thing I can think of at the moment is that maybe some whitespace characters made their way into the host name. You can confirm what the hostname looks like in the database by opening hxtool.db in a text editor - its simply a JSON text file.

Thanks,
Elazar

@jmalbertsanofi
Copy link
Author

jmalbertsanofi commented Dec 14, 2022
edited
Loading

Hi,

Solution is to add a block named "proxies" at the end of the block named "network", inside ./data/conf.json file:

        "network": {
                "ssl": "enabled",
                "port": 8080,
                "listen_address": "0.0.0.0",
                "session_timeout": 30,
                "proxies": {
                        "https" : "http://[IPADDRESS]:[PORT]"
                }
        },

Regards,
@jmalbertsanofi

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@B0fH B0fH

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@B0fH @jmalbertsanofi