API-Connect to IBM X-Force

[csoc49]

Hy,

we have a problem by connecting to the IBM X-Force API.
We always get a 401 API error.

We use these URL https://api.xforce.ibmcloud.com/ and take our API-Key and pwd in the Cortex configuration. Is there anybody with an idea??

:-/

[ssstonebraker]

Hey i figured out how to fix this. I had the same problem and spent a couple hours figuring it out

I kept receiving an "API error" when attempting to run TheHive Project Cortex Analyzer for IBM Xforce.

There is currently a bug that is adding an extra / with every request.

To fix this issue you need to modify this file:

/opt/Cortex-Analyzers/analyzers/IBMXForce/ibmxforce_lookup.py

Command to fix the problem:

perl -pi -e 's|%s/|%s|g' /opt/Cortex-Analyzers/analyzers/IBMXForce/ibmxforce_lookup.py

source:
https://brakertech.com/thehive-project-cortex-ibm-xforce-analyzer-is-not-working/

[csoc49]

Hey, thank you, it works!!!
I suspected that, but I was not sure.

[saadkadhi]

@jeromeleonard can you please fix this problem in the upcoming Cortex-Analyzers release?

@csoc49 @ssstonebraker this is an analyzer related problem, not Cortex. Thank you for spotting it and we'd appreciate it if you could open future analyzer/responder related issues on the Cortex-Analyzers repository.

[saadkadhi]

Will be addressed in TheHive-Project/Cortex-Analyzers#487.