Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Analyzers in TheHive not updating? #1052

Closed
RtKelleher opened this issue Jul 12, 2019 · 4 comments
Closed

Analyzers in TheHive not updating? #1052

RtKelleher opened this issue Jul 12, 2019 · 4 comments
Assignees
@To-om
Labels
invalid

Comments

@RtKelleher
Copy link

RtKelleher commented Jul 12, 2019
edited
Loading

Analyzers in TheHive not updating?

Request Type

Bug

Work Environment

Question Answer
OS version (server) Ubuntu
OS version (client) 18.04 LTS
TheHive version / git hash Hive 3.4 RC2, Cortex 3.0.0-RC4, Devel-Analyzers
Package Type RPM
Browser type & version Chrome Latest

Problem Description

The analyzers in HiveRC2 are not updating from Cortex correctly.

Specifically the following analyzers no longer exist and the catalog has been updated via .sh

  • EMLParser_1
  • FileInfo_5
  • File_Strings

Complementary information

Screen Shot 2019-07-12 at 11 05 32 AM

Screen Shot 2019-07-12 at 11 09 08 AM

Screen Shot 2019-07-12 at 11 12 30 AM

Screen Shot 2019-07-12 at 11 12 01 AM
@nadouani
Copy link
Contributor

If the analyzer has already been enabled in Cortex, then it will be always listed even if you update your catalog.

So, please double check that these analyzers are no longer available on Cortex. TheHive doesn't store the analyzers list.

@RtKelleher
Copy link
Author

RtKelleher commented Jul 19, 2019
edited
Loading

Screen Shot 2019-07-19 at 2 05 02 PM
Screen Shot 2019-07-19 at 2 03 38 PM

@nadouani Where is the Analyzers tab generated from? Without /Cortex_Analyzers present it's still reporting as available.

@RtKelleher RtKelleher mentioned this issue Oct 25, 2019
Closed
@RtKelleher
Copy link
Author

RtKelleher commented Oct 25, 2019
edited
Loading

After finally getting fed up with this issue, I installed Kibana and tracked down the issue. Cortex is storing the analyzers in Elasticsearch and the record isn't being delete, updated, or retired when the analyzer is deleted.

This may only be an issue for people who updated from 5/6, which was our upgrade path. However I had to delete the record of origin for FileInfo_6 in Cortex_4 to remove the entry from the responders due to the FileInfo_7 usage/release in Devel.

@To-om To-om added bug and removed question labels Jan 14, 2020
@To-om To-om self-assigned this Jan 14, 2020
@To-om To-om added invalid and removed bug labels Jan 14, 2020
@To-om
Copy link
Contributor

To-om commented Jan 14, 2020
edited
Loading

This issue is related to Cortex and is similar to TheHive-Project/Cortex#234.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@To-om To-om

Labels
invalid
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@nadouani @RtKelleher @To-om