Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] TheHive can't execute Analyser on multi-organization Cortex #938

Closed
EulogyMondata opened this issue Feb 9, 2021 · 1 comment
Closed

[Bug] TheHive can't execute Analyser on multi-organization Cortex #938

EulogyMondata opened this issue Feb 9, 2021 · 1 comment

Comments

@EulogyMondata
Copy link

#[Bug] TheHive can't execute Analyser on multi-organization Cortex

When we have multi organizations connected to Cortex from TheHive. The Hive can execute only the first organization will be able to execute the the "first" organization on the connection liste.

Expected behavior

We need to connect Thehive to multi-organization Cortex for differents Analyser environnements variables.

##Complementary information

TheHive cortex config

## CORTEX configuration
# More information at https://github.com/TheHive-Project/TheHiveDocs/TheHive4/Administration/Connectors.md
# Enable Cortex connector
play.modules.enabled += org.thp.thehive.connector.cortex.CortexModule
cortex {
 servers: [
#   {
#     name: "local"                # Cortex name
#     url: "http://localhost:9001" # URL of Cortex instance
#     auth {
#       type: "bearer"
#       key: "1KNV9xyxtFUMEynhqX5Qwb+bxeMhOgbA"                 # Cortex API key
#     }
     # wsConfig {}                  # HTTP client configuration (SSL and proxy)
#   }
   {
     name: "organizationTest"                # Cortex name
     url: "http://localhost:9001" # URL of Cortex instance
     auth {
       type: "bearer"
       key: "keyorgnanizationtestxxx"                 # Cortex API key
     }
     includedTheHiveOrganisations = ["organizationTest"]
     # wsConfig {}                  # HTTP client configuration (SSL and proxy)
    },
    {
     name: "Mondata"                # Cortex name
     url: "http://localhost:9001" # URL of Cortex instance
     auth {
       type: "bearer"
       key: "keymondataxxx"                 # Cortex API key
     }
     includedTheHiveOrganisations = ["Mondata"]
     # wsConfig {}                  # HTTP client configuration (SSL and proxy)
   }
 ]
}

Capture d’écran 2021-02-09 092827
Capture d’écran 2021-02-09 093627
Capture d’écran 2021-02-09 094213

Work environment

  • Server OS: Ubuntu 20.04

  • Browse type and version: Edge Chrominiom And Chrome

  • Cortex version: 3.1.0-1

  • TheHive version: 4.0.2-1

  • Cortex Analyzer/Responder name: [All]

  • Cortex Analyzer/Responder version: [All]

Additional context

If we switch the Cortex Connexion, then Mondata can initiate Analyser, but not the organizationTest.
@EulogyMondata
Copy link
Author

Transfer in Cortex repo.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@EulogyMondata