Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] Merging an alert into case with duplicate artifacts does not merge descriptions #357

Closed
BrevilleBro opened this issue Oct 25, 2017 · 3 comments
Closed

[Bug] Merging an alert into case with duplicate artifacts does not merge descriptions #357

BrevilleBro opened this issue Oct 25, 2017 · 3 comments
Assignees
@To-om
Labels
bug
Milestone
3.0.0 (Cerana)

Comments

@BrevilleBro
Copy link

Merging an alert into case with duplicate artifacts does not merge descriptions

Request Type

Bug

Work Environment

Question Answer
OS version (server) Ubuntu
TheHive version / git hash 2.13.1
Package Type From source

Problem Description

Currently working on a feature which allows bulk merging of alerts into cases. However, if a an alert tries to merge with a case which already has all the artifacts listed in the alert, the description of the alert is not merged.

Steps to Reproduce

  1. Using the API, attempt to bulk merge alerts with different case descriptions, but same artifacts (i.e., using the /merge/ API)
  2. Notice in the error logs the error [warn] s.AlertSrv - Create artifact error org.elastic4play.ConflictError: Artifact already exists is present
  3. Notice in the Case the alerts merged into, not all the case descriptions were merged. For some reason some may be merged, while others are not.

Possible Solutions

Allow merging of multiple alert descriptions to a case even if there are duplicate artifacts within the case.

Complementary information

Error message present in log files:
[warn] s.AlertSrv - Create artifact error org.elastic4play.ConflictError: Artifact already exists
@saadkadhi saadkadhi added the bug label Oct 25, 2017
@saadkadhi
Copy link
Contributor

Thanks @BrevilleBro. We will look at it as soon as we can.

@BrevilleBro
Copy link
Author

Much appreciated.

@To-om To-om added this to the 3.0.0 milestone Nov 14, 2017
@To-om To-om closed this as completed Nov 14, 2017
To-om added a commit that referenced this issue Nov 14, 2017
@To-om
#357 Merge descriptions when merging alert into an existing case
a138610
@BrevilleBro
Copy link
Author

BrevilleBro commented Feb 21, 2018
edited
Loading

@To-om , thanks for your work on this. I am still getting the error when trying to merge alerts with duplicate artifacts, but different descriptions.
[warn] s.AlertSrv - Create artifact error org.elastic4play.ConflictError: Artifact already exists

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@To-om To-om

Labels
bug
Projects
None yet
Milestone
3.0.0 (Cerana)
Development

No branches or pull requests
3 participants
@saadkadhi @BrevilleBro @To-om