Can't enable some "free" Analyzers

[b00lpy]

Can't enable some "free" Analyzers

Request Type

Bug Request

Work Environment

Question	Answer
OS version (server)	Ubuntu 18.04
OS version (client)	Windows 10
Cortex version / git hash	3.0.0-RC3
Package Type	Official docker image
Browser type & version	Chrome/Firefox (latest versions)

Problem Description

Can't enable some analyzers, when I edit configurations which doesn't have any mandatory params Cortex fails to enable it.

Steps to Reproduce

1. Log into Cortex with Admin user privileges for the organization
2. Try to enable URLhaus analyzer with default

Possible Solutions

Maybe an error in backend receiving form parameters

Complementary information

LOG:

0af1f44abeb0_thehiveproject_cortex_1 | [warn] o.e.c.RestClient - request [HEAD http://172.18.0.2:9200/cortex_4] returned 1 warnings: [299 Elasticse
arch-6.8.0-65b6179 "[types removal] The parameter include_type_name should be explicitly specified in get indices requests to prepare for 7.0. In 7
.0 include_type_name will default to 'false', which means responses will omit the type name in mapping definitions."]
**0af1f44abeb0_thehiveprojct_cortex_1 | [info] o.t.c.s.ErrorHandler - POST /api/organization/analyzer/URLhaus_2_0 returned 400
0af1f44abeb0_thehiveproject_cortex_1 | org.elastic4play.AttributeCheckingError: [Attribute baseConfig is missing]**
0af1f44abeb0_thehiveproject_cortex_1 |  at org.elastic4play.services.CreateSrv.$anonfun$checkAttributes$7(CreateSrv.scala:48)
0af1f44abeb0_thehiveproject_cortex_1 |  at org.scalactic.Bad.fold(Or.scala:1387)
0af1f44abeb0_thehiveproject_cortex_1 |  at org.elastic4play.services.CreateSrv.checkAttributes(CreateSrv.scala:48)
0af1f44abeb0_thehiveproject_cortex_1 |  at org.elastic4play.services.CreateSrv.$anonfun$processAttributes$1(CreateSrv.scala:55)
0af1f44abeb0_thehiveproject_cortex_1 |  at scala.concurrent.Future.$anonfun$flatMap$1(Future.scala:307)
0af1f44abeb0_thehiveproject_cortex_1 |  at scala.concurrent.impl.Promise.$anonfun$transformWith$1(Promise.scala:41)
0af1f44abeb0_thehiveproject_cortex_1 |  at scala.concurrent.impl.CallbackRunnable.run(Promise.scala:64)
0af1f44abeb0_thehiveproject_cortex_1 |  at akka.dispatch.BatchingExecutor$AbstractBatch.processBatch(BatchingExecutor.scala:55)
0af1f44abeb0_thehiveproject_cortex_1 |  at akka.dispatch.BatchingExecutor$BlockableBatch.$anonfun$run$1(BatchingExecutor.scala:91)
0af1f44abeb0_thehiveproject_cortex_1 |  at scala.runtime.java8.JFunction0$mcV$sp.apply(JFunction0$mcV$sp.java:23)

NOTE: I tried all kind of combinations of parameters (check/uncheck TLP, enable or not artifacts return... )

Log says an attribute is missing, but I don't know what can be since no mandatory params are required.

[ITServ-DE]

The problem is a missing baseConfig parameter in the Service Interaction File (link).

To fix this for URLhaus, edit .../Cortex-Analyzers/analyzers/URLhaus/URLhaus.json and add the line

"baseConfig":"URLhaus"

(make sure you keep the JSON syntax, namely the commas)

You need to restart cortex to activate the change. After that edit, you can activate the analyzer

[b00lpy]

I did exactly like you said and now I can enable it!

Now it gives errors in response but I think, looking at this experience, I should better investigate in all Analyzers config files.

Thank you @github-pba