Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] Click on short report resolves outdated long report #1350

Closed
m-delai opened this issue May 22, 2020 · 2 comments
Closed

[Bug] Click on short report resolves outdated long report #1350

m-delai opened this issue May 22, 2020 · 2 comments
Assignees
@nadouani
Labels
invalid TheHive3
Milestone
3.5.0

Comments

@m-delai
Copy link

m-delai commented May 22, 2020

Request Type

Bug

Work Environment

Question Answer
OS version (server) Ubuntu Server 16.04
OS version (client) Windows 10
TheHive version TheHive 3.4.0-1
Package Type Docker
Browser type & version Firefox 68.8.0

Problem Description

Expected behavior:
In case a Cortex Analyzer is run multiple time, the different reports versions are saved. The latest short report is displayed under the observable. When you click on it the corresponding long report shall be opened.

Actual behavior:
When you click on the short report, an older long report is opened (not the latest).

Cause:
The following API is not always returning the most recent case_artifact_job "id".

Endpoint: /api/connector/cortex/job/_search

Post:
{"sort":"-startDate","range":"0-1","query":{"_and":[{"_parent":{"_type":"case_artifact","_query":{"_id":"e05e45f5842f5aeae1b4d3401456ca1d"}}},{"_or":[{"analyzerId":"AaaA_ppppp_1_1"},{"_like":{"_field":"analyzerDefinition","_value":"AaaA_ppppp_1_1"}}]}]}}
@m-delai m-delai changed the title [BUG] Click on short report resolves outdated long report [Bug] Click on short report resolves outdated long report May 22, 2020
@nadouani nadouani added this to the 3.5.0-RC1 milestone May 25, 2020
@nadouani nadouani self-assigned this May 29, 2020
@To-om To-om modified the milestones: 3.5.0-RC1, 3.5.0-RC2 Aug 12, 2020
@nadouani
Copy link
Contributor

Hello, I wasn't able to reproduce this issue. The job listing API is correctly called:

POST /api/connector/cortex/job/_search

with the following body asking for the latest job (sorting by desc date and getting the top 1)

{
    "sort": "-startDate",
    "range": "0-1",
    "query": {
        "_and": [
            {
                "_parent": {
                    "_type": "case_artifact",
                    "_query": {
                        "_id": "2f3628ee12a16cb3303838ffae4b86a3"
                    }
                }
            },
            {
                "_or": [
                    {
                        "analyzerId": "Abuse_Finder_3_0"
                    },
                    {
                        "_like": {
                            "_field": "analyzerDefinition",
                            "_value": "Abuse_Finder_3_0"
                        }
                    }
                ]
            }
        ]
    }
}

@nadouani nadouani added invalid and removed bug labels Oct 14, 2020
@nadouani
Copy link
Contributor

I'll close this issue as invalid, but please if you have more details to reproduce this, happy to reopen.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nadouani nadouani

Labels
invalid TheHive3
Projects
None yet
Milestone
3.5.0
Development

No branches or pull requests
3 participants
@nadouani @To-om @m-delai