Comments (4)
@jschipp-r7 from your logs, TheHive and Cortex seem to be installed on the same host. However, TheHive listens on port 9000. Thus you cannot expect TheHive to act like Cortex. If you make Cortex API calls to TheHive it will fail. Please make sure Cortex listens on a different port than TheHive and adjust your requests accordingly.
Here is the expect output on a test box I am running with Cortex on port 9999:
❯ curl -v http://thehive:9999/api/analyzer
* Trying 172.16.99.133...
* TCP_NODELAY set
* Connected to thehive (172.16.99.133) port 9999 (#0)
> GET /api/analyzer HTTP/1.1
> Host: thehive:9999
> User-Agent: curl/7.54.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Content-Length: 13588
< Content-Type: application/json
< Date: Sat, 04 Nov 2017 16:02:54 GMT
<
[{"name":"Fortiguard_URLCategory","version":"2.0","description":"Check the Fortiguard category of a URL or a domain","dataTypeList":["domain","url"],"author":"Eric Capuano","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"Fortiguard_URLCategory_2_0"},{"name":"JoeSandbox_File_Analysis_Inet","version":"2.0","description":"Joe Sandbox file analysis with Internet access","dataTypeList":["file"],"author":"CERT-BDF","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"JoeSandbox_File_Analysis_Inet_2_0"},{"name":"JoeSandbox_Url_Analysis","version":"2.0","description":"Joe Sandbox URL analysis","dataTypeList":["url"],"author":"CERT-BDF","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"JoeSandbox_Url_Analysis_2_0"},{"name":"JoeSandbox_File_Analysis_Noinet","version":"2.0","description":"Joe Sandbox file analysis without Internet access","dataTypeList":["file"],"author":"CERT-BDF","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"JoeSandbox_File_Analysis_Noinet_2_0"},{"name":"FireHOLBlocklists","version":"2.0","description":"Check IP addresses against the FireHOL blocklists","dataTypeList":["ip"],"author":"Nils Kuhnert, CERT-Bund","url":"https://github.com/BSI-CERT-Bund/cortex-analyzers","license":"AGPL-V3","id":"FireHOLBlocklists_2_0"},{"name":"CuckooSandbox_Url_Analysis","version":"1.0","description":"Cuckoo Sandbox URL analysis","dataTypeList":["url"],"author":"Andrea Garavaglia, LDO-CERT","url":"https://github.com/garanews/Cortex-Analyzers","license":"AGPL-V3","id":"CuckooSandbox_Url_Analysis_1_0"},{"name":"CuckooSandbox_File_Analysis_Inet","version":"1.0","description":"Cuckoo Sandbox file analysis with Internet access","dataTypeList":["file"],"author":"Andrea Garavaglia, LDO-CERT","url":"https://github.com/garanews/Cortex-Analyzers","license":"AGPL-V3","id":"CuckooSandbox_File_Analysis_Inet_1_0"},{"name":"Nessus","version":"2.0","description":"Scan hosts using Tenable's Nessus scanner","dataTypeList":["ip","fqdn"],"author":"Guillaume Rousse","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"Nessus_2_0"},{"name":"Virusshare","version":"2.0","description":"Search for MD5 hashes in Virusshare.com hash list","dataTypeList":["hash","file"],"author":"Nils Kuhnert, CERT-Bund","url":"https://github.com/BSI-CERT-Bund/cortex-analyzers","license":"AGPL-V3","id":"Virusshare_2_0"},{"name":"VMRay","version":"2.0","description":"VMRay Sandbox file analysis","dataTypeList":["hash","file"],"author":"Nils Kuhnert, CERT-Bund","url":"https://github.com/BSI-CERT-Bund/cortex-analyzers","license":"AGPL-V3","id":"VMRay_2_0"},{"name":"Abuse_Finder","version":"2.0","description":"Find abuse contacts associated with domain names, URLs, IPs and email addresses","dataTypeList":["ip","domain","url","mail"],"author":"CERT-BDF","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"Abuse_Finder_2_0"},{"name":"Msg_Parser","version":"2.0","description":"Parse Outlook MSG files and extract the main artifacts","dataTypeList":["file"],"author":"CERT-BDF","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"Msg_Parser_2_0"},{"name":"PassiveTotal_Ssl_Certificate_History","version":"2.0","description":"PassiveTotal Ssl Certificate History Lookup","dataTypeList":["hash","ip"],"author":"CERT-BDF","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"PassiveTotal_Ssl_Certificate_History_2_0"},{"name":"PassiveTotal_Passive_Dns","version":"2.0","description":"PassiveTotal Passive DNS Lookup","dataTypeList":["domain","fqdn","ip"],"author":"CERT-BDF","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"PassiveTotal_Passive_Dns_2_0"},{"name":"PassiveTotal_Malware","version":"2.0","description":"PassiveTotal Malware Lookup","dataTypeList":["domain","fqdn","ip"],"author":"CERT-BDF","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"PassiveTotal_Malware_2_0"},{"name":"PassiveTotal_Osint","version":"2.0","description":"PassiveTotal Osint Lookup","dataTypeList":["domain","fqdn","ip"],"author":"CERT-BDF","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"PassiveTotal_Osint_2_0"},{"name":"PassiveTotal_Unique_Resolutions","version":"2.0","description":"PassiveTotal Unique Resolutions Lookup","dataTypeList":["domain","fqdn","ip"],"author":"CERT-BDF","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"PassiveTotal_Unique_Resolutions_2_0"},{"name":"PassiveTotal_Whois_Details","version":"2.0","description":"PassiveTotal Whois Details Lookup","dataTypeList":["domain","fqdn","ip"],"author":"CERT-BDF","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"PassiveTotal_Whois_Details_2_0"},{"name":"PassiveTotal_Enrichment","version":"2.0","description":"PassiveTotal Enrichment Lookup","dataTypeList":["domain","fqdn","ip"],"author":"CERT-BDF","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"PassiveTotal_Enrichment_2_0"},{"name":"PassiveTotal_Ssl_Certificate_Details","version":"2.0","description":"PassiveTotal Ssl Certificate Details Lookup","dataTypeList":["hash","ip"],"author":"CERT-BDF","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"PassiveTotal_Ssl_Certificate_Details_2_0"},{"name":"CIRCLPassiveSSL","version":"2.0","description":"Check CIRCL's Passive SSL for a given IP address or a X509 certificate hash","dataTypeList":["ip","certificate_hash","hash"],"author":"Nils Kuhnert, CERT-Bund","url":"https://github.com/BSI-CERT-Bund/cortex-analyzers","license":"AGPL-V3","id":"CIRCLPassiveSSL_2_0"},{"name":"HippoMore","version":"2.0","description":"Get the Hippocampe detailed report for an IP address, a domain or a URL","dataTypeList":["ip","domain","fqdn","url"],"author":"CERT-BDF","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"HippoMore_2_0"},{"name":"Hipposcore","version":"2.0","description":"Get the Hippocampe Score report associated with an IP address, a domain or a URL","dataTypeList":["ip","domain","fqdn","url"],"author":"CERT-BDF","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"Hipposcore_2_0"},{"name":"CIRCLPassiveDNS","version":"2.0","description":"Check CIRCL's Passive DNS for a given domain or URL","dataTypeList":["domain","url"],"author":"Nils Kuhnert, CERT-Bund","url":"https://github.com/BSI-CERT-Bund/cortex-analyzers","license":"AGPL-V3","id":"CIRCLPassiveDNS_2_0"},{"name":"Yara","version":"2.0","description":"Check files against YARA rules","dataTypeList":["file"],"author":"Nils Kuhnert, CERT-Bund","url":"https://github.com/BSI-CERT-Bund/cortex-analyzers","license":"AGPL-V3","id":"Yara_2_0"},{"name":"MaxMind_GeoIP","version":"3.0","description":"Geolocate an IP Address via MaxMind","dataTypeList":["ip"],"author":"CERT-BDF","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"MaxMind_GeoIP_3_0"},{"name":"File_Info","version":"2.0","description":"Parse files in several formats such as OLE and OpenXML to detect VBA macros, extract their source code, generate useful information on PE, PDF files and much more","dataTypeList":["file"],"author":"CERT-BDF","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"File_Info_2_0"},{"name":"WOT_Lookup","version":"1.0","description":"Check a Domain against Web of Trust (WOT) a website reputation service","dataTypeList":["domain","fqdn"],"author":"Andrea Garavaglia - LDO-CERT","url":"https://github.com/garanews/Cortex-Analyzers","license":"AGPL-V3","id":"WOT_Lookup_1_0"},{"name":"PhishingInitiative_Lookup","version":"2.0","description":"Check a URL against Phishing Initiative to determine if it's a verified phishing site","dataTypeList":["url"],"author":"CERT-BDF","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"PhishingInitiative_Lookup_2_0"},{"name":"GoogleSafebrowsing","version":"2.0","description":"Check URLs and domain names against Google Safebrowsing","dataTypeList":["url","domain"],"author":"Nils Kuhnert, CERT-Bund","url":"https://github.com/BSI-CERT-Bund/cortex-analyzers","license":"AGPL-V3","id":"GoogleSafebrowsing_2_0"},{"name":"OTXQuery","version":"2.0","description":"Query AlienVault OTX for IPs, domains, URLs, or file hashes","dataTypeList":["url","domain","file","hash","ip"],"author":"Eric Capuano","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"OTXQuery_2_0"},{"name":"VirusTotal_Scan","version":"3.0","description":"Scan a file or URL using VirusTotal","dataTypeList":["file","url"],"author":"CERT-BDF","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"VirusTotal_Scan_3_0"},{"name":"VirusTotal_GetReport","version":"3.0","description":"Get the latest VirusTotal report for a file, hash, domain or an IP address","dataTypeList":["file","hash","domain","ip"],"author":"CERT-BDF","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"VirusTotal_GetReport_3_0"},{"name":"PhishTank_CheckURL","version":"2.0","description":"Check a URL against PhishTank to determine if it's a verified phishing site","dataTypeList":["url"],"author":"Eric Capuano","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"PhishTank_CheckURL_2_0"},{"name":"DNSDB_DomainName","version":"2.0","description":"Provide history records for a domain using DNSDB Passive DNS service","dataTypeList":["domain"],"author":"CERT-BDF","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"DNSDB_DomainName_2_0"},{"name":"DNSDB_NameHistory","version":"2.0","description":"Provide history records for a fully-qualified domain name using DNSDB Passive DNS","dataTypeList":["fqdn"],"author":"CERT-BDF","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"DNSDB_NameHistory_2_0"},{"name":"DNSDB_IPHistory","version":"2.0","description":"Provide history records for an IP address using DNSDB Passive DNS service","dataTypeList":["ip"],"author":"CERT-BDF","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"DNSDB_IPHistory_2_0"},{"name":"Yeti","version":"1.0","description":"Fetch observable details from a Yeti","dataTypeList":["domain","fqdn","ip","url","hash"],"author":"CERT-BDF","url":"https://github.com/CERT/cortex-analyzers","license":"AGPL-V3","id":"Yeti_1_0"},{"name":"DomainTools_WhoisHistory","version":"2.0","description":"Get a list of historic Whois records associated with a domain name through DomainTools Whois History service","dataTypeList":["domain"],"author":"CERT-BDF","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"DomainTools_WhoisHistory_2_0"},{"name":"DomainTools_WhoisLookup","version":"2.0","description":"Get the ownership record for a domain with basic registration details using DomainTools Whois Lookup service","dataTypeList":["domain"],"author":"CERT-BDF","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"DomainTools_WhoisLookup_2_0"},{"name":"DomainTools_WhoisLookup_IP","version":"2.0","description":"Get the ownership record for an IP address with basic registration details using DomainTools Whois Lookup IP service","dataTypeList":["ip"],"author":"CERT-BDF","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"DomainTools_WhoisLookup_IP_2_0"},{"name":"DomainTools_ReverseNameServer","version":"2.0","description":"Use DomainTools Reverse Name Server service to get a list of domain names that share the same primary or secondary name server","dataTypeList":["domain"],"author":"CERT-BDF","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"DomainTools_ReverseNameServer_2_0"},{"name":"DomainTools_ReverseIP","version":"2.0","descrip* Connection #0 to host thehive left intact
tion":"Use DomainTools Reverse IP service to provide a list of domain names sharing the same IP address","dataTypeList":["ip"],"author":"CERT-BDF","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"DomainTools_ReverseIP_2_0"},{"name":"DomainTools_ReverseWhois","version":"2.0","description":"Get a list of domain names which share the same registrant information through Domaintools Reverse Whois service","dataTypeList":["mail","ip","domain","other"],"author":"CERT-BDF","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"DomainTools_ReverseWhois_2_0"},{"name":"MISP","version":"2.0","description":"Query multiple MISP instances for events containing an observable.","dataTypeList":["domain","ip","url","fqdn","uri_path","user-agent","hash","email","mail","mail_subject","registry","regexp","other","filename"],"author":"Nils Kuhnert, CERT-Bund","url":"https://github.com/BSI-CERT-Bund/cortex-analyzers","license":"AGPL-V3","id":"MISP_2_0"},{"name":"CERTatPassiveDNS","version":"2.0","description":"Checks CERT.at Passive DNS for a given domain, API Key via cert.at.","dataTypeList":["domain","fqdn"],"author":"Nils Kuhnert, CERT-Bund","url":"https://github.com/BSI-CERT-Bund/cortex-analyzers","license":"AGPL-V3","id":"CERTatPassiveDNS_2_0"}]
from cortex.
I also see in TheHive logs:
from connectors.cortex.services.CortexClient in main - new Cortex(LOCAL CORTEX, http://localhost:9999, ) Basic Auth enabled: false
Cortex seems to be listening on port 9999 and not 9000 hence curl fails.
from cortex.
@saadkadhi Oh, silly me. Got it, sorry for the bug report and thanks for your swift help!
from cortex.
Hi Dear @saadkadhi
I installed TheHive and Cortex on the same host and they talk to each other :
thehive : http://x.x.x.x:9000
cortex : http://x.x.x.x:9001
but when i go to Observables tab of Alert section an
![image](https://user-images.githubusercontent.com/35430014/120268516-d0271700-c25a-11eb-80ad-68cbea555d73.pn
d select Run analyzer this message is appeared :
and also when i execute the /api/connector/cortex/analyzer to List all analyzers i get this error :
this is the log of my thehive/application.log :
this is the log of my cortex/application.log :
from cortex.
Related Issues (20)
- MSdefender in a Standalone Cortex with caseID as mandatory
- Cortex Analyzers return JSON error when run
- SSL Connection to Elasticsearch got error HOT 1
- Cortex Censys Analyzer failed to authenticate
- Cortex - Getting UserMgmtCtrl error on update database page | cortex | 2023
- Cortex INFO] from play.api.Play in main - Application started (Prod) (no global state)
- Analyzers & Responders not showing in my web panel. i did configuration analyzers showing the log file but not showing my panel.
- [Question] Cortex has compatibility with Opensearch new versions? HOT 1
- MailIncidentStatus Responder Error: argument None type
- ERROR CONNECTING REFUSED OR CLOSED CORTEX WITH OPENSEARCH
- I get no route to host alert and 500 HTTP response HOT 1
- Analyzers/Responders not getting downloaded when using trustStore
- Passwords stored in plaintext.
- Error Activation licence free on theHive 5.2.X Encrypted JWT rejected: No JWE key selector is configured
- [BUG] Virustotal Get Report / Scan Docker Fails silently / "In Progress" HOT 14
- forgot cortex admin password HOT 1
- Unable to integrate Keycloack SSO in cortex HOT 6
- Could supply an arm64 container image?
- problem running Cortex on RHEL
- File Name and Extension Lost After Analysis in Cortex
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cortex.