Issue with analyzer developement - Specific problem #968
Comments
|
There is an LDAPAnalyzer here and an Elastic one here |
|
@dadokkio: thanks a lot! I did not see this analyzer because when I clone the Cortex analyzers repository, this LDAPAnalyzer does not get downloaded. Anyway I downloaded it manually, tried it (it worked) and compared both codes. There is a small difference in the code which has a huge impact: I did not "jsonized" my input. This line does it: This is clearly related to my issue. Thanks again dadokkio |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
### Request Type
Analyzer
### Work Environment
### Description
I developed three Cortex analyzers. Two of them are stucked because of a very specific issue.
First one:
I coded a standalone python3 program that connects to ActiveDirectory and search users. It works well.
The "same" piece of code inside a Cortex Analyzer class produce an error at the Active Directory connection (not the search).
"Unexpected end-of-input within/between Object entries
at [Source: (sun.nio.ch.ChannelInputStream); line: 1, column: 462]"
Second one:
I coded an analyzer to search observables in Elasticsearch database.
When I launch my code to connect to a localhost ES database, no problem.
When I launch my code to connect to an ES database on my local network, it produces the same issue as before :
"Unexpected end-of-input within/between Object entries
at [Source: (sun.nio.ch.ChannelInputStream); line: 1, column: 462]"
I guess this is specific to the plateform (Cortex configuration, ES version, ES configuration ?)
### Steps to Reproduce
Here comes the code of the Active Directory analyzer.
#!/usr/bin/env python3
# encoding: utf-8
from cortexutils.analyzer import Analyzer
from ldap3 import Server, Connection, ALL, ALL_ATTRIBUTES, ALL_OPERATIONAL_ATTRIBUTES
class PlutoAD(Analyzer):
def init(self):
Analyzer.init(self)
self.ad_srv = self.get_param('config.server', None, 'Active Directory server is missing')
self.ad_user = self.get_param('config.bind_username', None, 'Account is missing')
self.ad_pass = self.get_param('config.bind_password', None, 'Password is missing')
self.ad_base = self.get_param('config.baseDN', None, 'BaseDN is missing')
self.data = self.get_data()
self.ad_query = "(&(objectclass=user)(sAMAccountName=" + self.data + "))"
def run(self):
Analyzer.run(self)
try:
srv = Server(self.ad_server, get_info=ALL)
con = Connection(srv, self.ad_user, self.ad_pass, auto_bind=True)
except Exception as e:
self.error(e)
# Nothing else because it does not work
def summary(self, raw):
taxonomies = []
namespace = 'PlutoAD'
predicate = 'Attributes'
# Nothing else because it does not work
taxonomies.append(self.build_taxonomy(level, namespace, predicate, value))
return {"taxonomies": taxonomies}
if name == 'main':
PlutoAD().run()
### Possible Solutions
I found an ActiveDirectory on github. It seems to work but if I install it in Cortex, the same issue pops up.
Seems to be related to the plateform.
### Complementary information
_cat /etc/cortex/application.conf
search {
index = cortex
uri = "http://127.0.0.1:9200"
}
analyzer {
urls = [
"/opt/cortex/analyzers"
]
fork-join-executor {
parallelism-min = 2
parallelism-factor = 2.0
parallelism-max = 4
}
}
responder {
urls = [
"/opt/cortex/responders"
]
fork-join-executor {
parallelism-min = 2
parallelism-factor = 2.0
parallelism-max = 4
}
}_
cat /etc/elasticsearch/elasticsearch.yml
http.host: 127.0.0.1
http.port: 9200
cluster.name: thp
thread_pool.search.queue_size: 100000
discovery.type: single-node
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
The text was updated successfully, but these errors were encountered: