Skip to content

TheHive and Cortex Compose scripts #2652

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 22 commits into from
Nov 8, 2022
Merged

TheHive and Cortex Compose scripts #2652

merged 22 commits into from
Nov 8, 2022

Conversation

rdettai
Copy link
Contributor

@rdettai rdettai commented Oct 25, 2022
edited
Loading

This is a complete revamp of the #2532 with a more stable init script.

📝 Reviewer Checklist

Review this pull request by ensuring the following items:

  • All user-facing changes have changelog entries
  • User-facing changes are reflected on vast.io

Todo:

  • Add TheHive orgadmin
  • Configure analyzer
  • replace pyvast with the new bindings To be done separately to close this off

@rdettai rdettai self-assigned this Oct 25, 2022
@rdettai rdettai added the feature New functionality label Oct 25, 2022
@rdettai rdettai changed the title Add init script that gets Cortex API key TheHive and Cortex Docker scripts Oct 25, 2022
@rdettai rdettai changed the title TheHive and Cortex Docker scripts TheHive and Cortex Compose scripts Oct 25, 2022
@rdettai rdettai force-pushed the story/sc-37376/thehive-init-revamp branch from c71d775 to 4b4ce3b Compare November 1, 2022 12:37
rdettai and others added 13 commits November 3, 2022 14:04
@rdettai @dispanser
Add init script that gets Cortex API key
6a50a31
@rdettai @dispanser
Fix config issue
b537683
@rdettai @dispanser
Add TheHive user initialization
2b7d410
@dispanser
Integrate Cortex Analyzer for VAST [WIP]
0746815 
This almost works, however the container that runs the actual query
(tenzir/vast-neuron) doesn't find the `input.json` in the expected place
(`/job/input/input.json`). I checked that the `input.json` is correctly
creatd in the cortex container with proper contents, and when the
container is started an actual log message indicates that that very
volume is mounted to `/job` on the neuron.

```
thehive-cortex-1         |   timeout: 30 minutes
thehive-cortex-1         |   image  : tenzir/vast-neuron
thehive-cortex-1         |   volume : /opt/cortex/jobs/cortex-job-yfueFYQBc4_qCE3nWixQ-7660690682055716688:/job
```

However, when logging into the neuron /job is empty. I've run out of
ideas. It does seem to work for Kaans set of images, maybe some sort of
permission problem.
@dispanser
Enable docker host noetwork mode and fix jobs directory
c73662c
@rdettai @dispanser
Cleanup VAST Cortex neuron
6ae0e2d
@rdettai @dispanser
Fix lint
9b1b017
@rdettai @dispanser
Add tests for neuron
1c807ab
@rdettai @dispanser
Add host network mode to compose
b256a52
@rdettai @dispanser
Cleanup output before running tests
99c8a58
@rdettai @dispanser
Connect to VAST as Compose service
14536ad 
It works when running the neuron independently,
("./vast-cortex-neuron/tests/test service")
but fails when it is executed from Cortex
("Container could not be started")
@rdettai @dispanser
Fix analyzer start from cortex by using container network mode
2981934
@dispanser
Add missing compose overlay file for VAST + TheHive in test script
f6be72a
@dispanser dispanser force-pushed the story/sc-37376/thehive-init-revamp branch from 9412983 to f6be72a Compare November 3, 2022 13:05
@rdettai rdettai marked this pull request as ready for review November 7, 2022 09:52
rdettai
rdettai commented Nov 7, 2022
View reviewed changes
@rdettai rdettai requested a review from dispanser November 7, 2022 15:35
@rdettai
Copy link
Contributor Author

rdettai commented Nov 7, 2022
edited
Loading

It will be easier to write some high level tests and documentation once the full usecase is implemented, so I think we can merge this now.

dispanser
dispanser approved these changes Nov 8, 2022
View reviewed changes
Copy link
Contributor

@dispanser dispanser left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested and we can successfully interact between VAST, Cortex, and TheHive.

I'm not a docker compose expert by any means, so take that approval with a grain of salt.

@rdettai rdettai merged commit 82d68e0 into master Nov 8, 2022
@rdettai rdettai deleted the story/sc-37376/thehive-init-revamp branch November 8, 2022 14:15
@rdettai rdettai mentioned this pull request Nov 11, 2022
Closed
2 tasks
@rdettai rdettai mentioned this pull request Nov 23, 2022
Merged
dominiklohmann added a commit that referenced this pull request Nov 25, 2022
@dominiklohmann
Fix TheHive compose tests (#2710)
f2d3e83 
This is addressing multiple issues that bubbled up after #2652
- There was a `$` missing before `exit_code`
- Lint issues
- A transient failure in the Cortex init script due to concurrent access 
  to a mounted volume
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dispanser dispanser dispanser approved these changes

@dominiklohmann dominiklohmann Awaiting requested review from dominiklohmann

Assignees

@rdettai rdettai

Labels
feature New functionality
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rdettai @dispanser