Request Type Bug Work Environment <table r

<a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/us

I also see in TheHive logs: <div class="snippet-clipboard-content notranslate posi

<a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/us

Hi Dear <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-

API: Resource not found by Assets controller about cortex HOT 4 CLOSED

thehive-project commented on May 16, 2024

API: Resource not found by Assets controller

from cortex.

Comments (4)

saadkadhi commented on May 16, 2024

@jschipp-r7 from your logs, TheHive and Cortex seem to be installed on the same host. However, TheHive listens on port 9000. Thus you cannot expect TheHive to act like Cortex. If you make Cortex API calls to TheHive it will fail. Please make sure Cortex listens on a different port than TheHive and adjust your requests accordingly.

Here is the expect output on a test box I am running with Cortex on port 9999:

❯ curl -v http://thehive:9999/api/analyzer
*   Trying 172.16.99.133...
* TCP_NODELAY set
* Connected to thehive (172.16.99.133) port 9999 (#0)
> GET /api/analyzer HTTP/1.1
> Host: thehive:9999
> User-Agent: curl/7.54.0
> Accept: */*
> 
< HTTP/1.1 200 OK
< Content-Length: 13588
< Content-Type: application/json
< Date: Sat, 04 Nov 2017 16:02:54 GMT
< 
[{"name":"Fortiguard_URLCategory","version":"2.0","description":"Check the Fortiguard category of a URL or a domain","dataTypeList":["domain","url"],"author":"Eric Capuano","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"Fortiguard_URLCategory_2_0"},{"name":"JoeSandbox_File_Analysis_Inet","version":"2.0","description":"Joe Sandbox file analysis with Internet access","dataTypeList":["file"],"author":"CERT-BDF","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"JoeSandbox_File_Analysis_Inet_2_0"},{"name":"JoeSandbox_Url_Analysis","version":"2.0","description":"Joe Sandbox URL analysis","dataTypeList":["url"],"author":"CERT-BDF","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"JoeSandbox_Url_Analysis_2_0"},{"name":"JoeSandbox_File_Analysis_Noinet","version":"2.0","description":"Joe Sandbox file analysis without Internet access","dataTypeList":["file"],"author":"CERT-BDF","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"JoeSandbox_File_Analysis_Noinet_2_0"},{"name":"FireHOLBlocklists","version":"2.0","description":"Check IP addresses against the FireHOL blocklists","dataTypeList":["ip"],"author":"Nils Kuhnert, CERT-Bund","url":"https://github.com/BSI-CERT-Bund/cortex-analyzers","license":"AGPL-V3","id":"FireHOLBlocklists_2_0"},{"name":"CuckooSandbox_Url_Analysis","version":"1.0","description":"Cuckoo Sandbox URL analysis","dataTypeList":["url"],"author":"Andrea Garavaglia, LDO-CERT","url":"https://github.com/garanews/Cortex-Analyzers","license":"AGPL-V3","id":"CuckooSandbox_Url_Analysis_1_0"},{"name":"CuckooSandbox_File_Analysis_Inet","version":"1.0","description":"Cuckoo Sandbox file analysis with Internet access","dataTypeList":["file"],"author":"Andrea Garavaglia, LDO-CERT","url":"https://github.com/garanews/Cortex-Analyzers","license":"AGPL-V3","id":"CuckooSandbox_File_Analysis_Inet_1_0"},{"name":"Nessus","version":"2.0","description":"Scan hosts using Tenable's Nessus scanner","dataTypeList":["ip","fqdn"],"author":"Guillaume Rousse","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"Nessus_2_0"},{"name":"Virusshare","version":"2.0","description":"Search for MD5 hashes in Virusshare.com hash list","dataTypeList":["hash","file"],"author":"Nils Kuhnert, CERT-Bund","url":"https://github.com/BSI-CERT-Bund/cortex-analyzers","license":"AGPL-V3","id":"Virusshare_2_0"},{"name":"VMRay","version":"2.0","description":"VMRay Sandbox file analysis","dataTypeList":["hash","file"],"author":"Nils Kuhnert, CERT-Bund","url":"https://github.com/BSI-CERT-Bund/cortex-analyzers","license":"AGPL-V3","id":"VMRay_2_0"},{"name":"Abuse_Finder","version":"2.0","description":"Find abuse contacts associated with domain names, URLs, IPs and email addresses","dataTypeList":["ip","domain","url","mail"],"author":"CERT-BDF","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"Abuse_Finder_2_0"},{"name":"Msg_Parser","version":"2.0","description":"Parse Outlook MSG files and extract the main artifacts","dataTypeList":["file"],"author":"CERT-BDF","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"Msg_Parser_2_0"},{"name":"PassiveTotal_Ssl_Certificate_History","version":"2.0","description":"PassiveTotal Ssl Certificate History Lookup","dataTypeList":["hash","ip"],"author":"CERT-BDF","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"PassiveTotal_Ssl_Certificate_History_2_0"},{"name":"PassiveTotal_Passive_Dns","version":"2.0","description":"PassiveTotal Passive DNS Lookup","dataTypeList":["domain","fqdn","ip"],"author":"CERT-BDF","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"PassiveTotal_Passive_Dns_2_0"},{"name":"PassiveTotal_Malware","version":"2.0","description":"PassiveTotal Malware Lookup","dataTypeList":["domain","fqdn","ip"],"author":"CERT-BDF","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"PassiveTotal_Malware_2_0"},{"name":"PassiveTotal_Osint","version":"2.0","description":"PassiveTotal Osint Lookup","dataTypeList":["domain","fqdn","ip"],"author":"CERT-BDF","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"PassiveTotal_Osint_2_0"},{"name":"PassiveTotal_Unique_Resolutions","version":"2.0","description":"PassiveTotal Unique Resolutions Lookup","dataTypeList":["domain","fqdn","ip"],"author":"CERT-BDF","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"PassiveTotal_Unique_Resolutions_2_0"},{"name":"PassiveTotal_Whois_Details","version":"2.0","description":"PassiveTotal Whois Details Lookup","dataTypeList":["domain","fqdn","ip"],"author":"CERT-BDF","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"PassiveTotal_Whois_Details_2_0"},{"name":"PassiveTotal_Enrichment","version":"2.0","description":"PassiveTotal Enrichment Lookup","dataTypeList":["domain","fqdn","ip"],"author":"CERT-BDF","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"PassiveTotal_Enrichment_2_0"},{"name":"PassiveTotal_Ssl_Certificate_Details","version":"2.0","description":"PassiveTotal Ssl Certificate Details Lookup","dataTypeList":["hash","ip"],"author":"CERT-BDF","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"PassiveTotal_Ssl_Certificate_Details_2_0"},{"name":"CIRCLPassiveSSL","version":"2.0","description":"Check CIRCL's Passive SSL for a given IP address or a X509 certificate hash","dataTypeList":["ip","certificate_hash","hash"],"author":"Nils Kuhnert, CERT-Bund","url":"https://github.com/BSI-CERT-Bund/cortex-analyzers","license":"AGPL-V3","id":"CIRCLPassiveSSL_2_0"},{"name":"HippoMore","version":"2.0","description":"Get the Hippocampe detailed report for an IP address, a domain or a URL","dataTypeList":["ip","domain","fqdn","url"],"author":"CERT-BDF","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"HippoMore_2_0"},{"name":"Hipposcore","version":"2.0","description":"Get the Hippocampe Score report associated with an IP address, a domain or a URL","dataTypeList":["ip","domain","fqdn","url"],"author":"CERT-BDF","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"Hipposcore_2_0"},{"name":"CIRCLPassiveDNS","version":"2.0","description":"Check CIRCL's Passive DNS for a given domain or URL","dataTypeList":["domain","url"],"author":"Nils Kuhnert, CERT-Bund","url":"https://github.com/BSI-CERT-Bund/cortex-analyzers","license":"AGPL-V3","id":"CIRCLPassiveDNS_2_0"},{"name":"Yara","version":"2.0","description":"Check files against YARA rules","dataTypeList":["file"],"author":"Nils Kuhnert, CERT-Bund","url":"https://github.com/BSI-CERT-Bund/cortex-analyzers","license":"AGPL-V3","id":"Yara_2_0"},{"name":"MaxMind_GeoIP","version":"3.0","description":"Geolocate an IP Address via MaxMind","dataTypeList":["ip"],"author":"CERT-BDF","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"MaxMind_GeoIP_3_0"},{"name":"File_Info","version":"2.0","description":"Parse files in several formats such as OLE and OpenXML to detect VBA macros, extract their source code, generate useful information on PE, PDF files and much more","dataTypeList":["file"],"author":"CERT-BDF","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"File_Info_2_0"},{"name":"WOT_Lookup","version":"1.0","description":"Check a Domain against Web of Trust (WOT) a website reputation service","dataTypeList":["domain","fqdn"],"author":"Andrea Garavaglia - LDO-CERT","url":"https://github.com/garanews/Cortex-Analyzers","license":"AGPL-V3","id":"WOT_Lookup_1_0"},{"name":"PhishingInitiative_Lookup","version":"2.0","description":"Check a URL against Phishing Initiative to determine if it's a verified phishing site","dataTypeList":["url"],"author":"CERT-BDF","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"PhishingInitiative_Lookup_2_0"},{"name":"GoogleSafebrowsing","version":"2.0","description":"Check URLs and domain names against Google Safebrowsing","dataTypeList":["url","domain"],"author":"Nils Kuhnert, CERT-Bund","url":"https://github.com/BSI-CERT-Bund/cortex-analyzers","license":"AGPL-V3","id":"GoogleSafebrowsing_2_0"},{"name":"OTXQuery","version":"2.0","description":"Query AlienVault OTX for IPs, domains, URLs, or file hashes","dataTypeList":["url","domain","file","hash","ip"],"author":"Eric Capuano","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"OTXQuery_2_0"},{"name":"VirusTotal_Scan","version":"3.0","description":"Scan a file or URL using VirusTotal","dataTypeList":["file","url"],"author":"CERT-BDF","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"VirusTotal_Scan_3_0"},{"name":"VirusTotal_GetReport","version":"3.0","description":"Get the latest VirusTotal report for a file, hash, domain or an IP address","dataTypeList":["file","hash","domain","ip"],"author":"CERT-BDF","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"VirusTotal_GetReport_3_0"},{"name":"PhishTank_CheckURL","version":"2.0","description":"Check a URL against PhishTank to determine if it's a verified phishing site","dataTypeList":["url"],"author":"Eric Capuano","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"PhishTank_CheckURL_2_0"},{"name":"DNSDB_DomainName","version":"2.0","description":"Provide history records for a domain using DNSDB Passive DNS service","dataTypeList":["domain"],"author":"CERT-BDF","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"DNSDB_DomainName_2_0"},{"name":"DNSDB_NameHistory","version":"2.0","description":"Provide history records for a fully-qualified domain name using DNSDB Passive DNS","dataTypeList":["fqdn"],"author":"CERT-BDF","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"DNSDB_NameHistory_2_0"},{"name":"DNSDB_IPHistory","version":"2.0","description":"Provide history records for an IP address using DNSDB Passive DNS service","dataTypeList":["ip"],"author":"CERT-BDF","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"DNSDB_IPHistory_2_0"},{"name":"Yeti","version":"1.0","description":"Fetch observable details from a Yeti","dataTypeList":["domain","fqdn","ip","url","hash"],"author":"CERT-BDF","url":"https://github.com/CERT/cortex-analyzers","license":"AGPL-V3","id":"Yeti_1_0"},{"name":"DomainTools_WhoisHistory","version":"2.0","description":"Get a list of historic Whois records associated with a domain name through DomainTools Whois History service","dataTypeList":["domain"],"author":"CERT-BDF","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"DomainTools_WhoisHistory_2_0"},{"name":"DomainTools_WhoisLookup","version":"2.0","description":"Get the ownership record for a domain with basic registration details using DomainTools Whois Lookup service","dataTypeList":["domain"],"author":"CERT-BDF","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"DomainTools_WhoisLookup_2_0"},{"name":"DomainTools_WhoisLookup_IP","version":"2.0","description":"Get the ownership record for an IP address with basic registration details using DomainTools Whois Lookup IP service","dataTypeList":["ip"],"author":"CERT-BDF","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"DomainTools_WhoisLookup_IP_2_0"},{"name":"DomainTools_ReverseNameServer","version":"2.0","description":"Use DomainTools Reverse Name Server service to get a list of domain names that share the same primary or secondary name server","dataTypeList":["domain"],"author":"CERT-BDF","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"DomainTools_ReverseNameServer_2_0"},{"name":"DomainTools_ReverseIP","version":"2.0","descrip* Connection #0 to host thehive left intact
tion":"Use DomainTools Reverse IP service to provide a list of domain names sharing the same IP address","dataTypeList":["ip"],"author":"CERT-BDF","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"DomainTools_ReverseIP_2_0"},{"name":"DomainTools_ReverseWhois","version":"2.0","description":"Get a list of domain names which share the same registrant information through Domaintools Reverse Whois service","dataTypeList":["mail","ip","domain","other"],"author":"CERT-BDF","url":"https://github.com/CERT-BDF/Cortex-Analyzers","license":"AGPL-V3","id":"DomainTools_ReverseWhois_2_0"},{"name":"MISP","version":"2.0","description":"Query multiple MISP instances for events containing an observable.","dataTypeList":["domain","ip","url","fqdn","uri_path","user-agent","hash","email","mail","mail_subject","registry","regexp","other","filename"],"author":"Nils Kuhnert, CERT-Bund","url":"https://github.com/BSI-CERT-Bund/cortex-analyzers","license":"AGPL-V3","id":"MISP_2_0"},{"name":"CERTatPassiveDNS","version":"2.0","description":"Checks CERT.at Passive DNS for a given domain, API Key via cert.at.","dataTypeList":["domain","fqdn"],"author":"Nils Kuhnert, CERT-Bund","url":"https://github.com/BSI-CERT-Bund/cortex-analyzers","license":"AGPL-V3","id":"CERTatPassiveDNS_2_0"}]

from cortex.

saadkadhi commented on May 16, 2024

I also see in TheHive logs:

from connectors.cortex.services.CortexClient in main - new Cortex(LOCAL CORTEX, http://localhost:9999, ) Basic Auth enabled: false

Cortex seems to be listening on port 9999 and not 9000 hence curl fails.

from cortex.

jschipp-r7 commented on May 16, 2024

@saadkadhi Oh, silly me. Got it, sorry for the bug report and thanks for your swift help!

from cortex.

alisp7 commented on May 16, 2024

Hi Dear @saadkadhi
I installed TheHive and Cortex on the same host and they talk to each other :
thehive : http://x.x.x.x:9000
cortex : http://x.x.x.x:9001

but when i go to Observables tab of Alert section an
![image](https://user-images.githubusercontent.com/35430014/120268516-d0271700-c25a-11eb-80ad-68cbea555d73.pn
d select Run analyzer this message is appeared :

and also when i execute the /api/connector/cortex/analyzer to List all analyzers i get this error :

this is the log of my thehive/application.log :

this is the log of my cortex/application.log :

from cortex.

API: Resource not found by Assets controller about cortex HOT 4 CLOSED

Comments (4)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent