Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Question] How can I send cases from Thehive 4 to MISP 2.5 with no errors?? #2501

Open
b4lh4ck opened this issue Jan 28, 2025 · 2 comments
Open

[Question] How can I send cases from Thehive 4 to MISP 2.5 with no errors?? #2501

b4lh4ck opened this issue Jan 28, 2025 · 2 comments
Labels
question

Comments

@b4lh4ck
Copy link

b4lh4ck commented Jan 28, 2025

Request Type

How can I send cases to MISP with no errors??

Work Environment

Question Answer
OS version (server) RedHat 8.10
Dedicated RAM 32 GB
vCPU 16
TheHive version 4.1.24
Package Type RPM
Database Cassandra
Index type Elasticsearch
Attachments storage Local
Browser type & version Google Chrome

Question

HI everyone I have a problem trying to integrate thehive with MISP in the new version of MISP v2.5.5

I have Thehive 4.1

when I try to send cases from thehive to MISP, it can't send or import the case to MISP I got the following error

Image

Image

I got this in /var/log/thehive/application.log

Image

my configuration in /etc/thehive/application.conf

Image
@b4lh4ck b4lh4ck changed the title [Question] [Question] How can I send cases from Thehive 4 to MISP 2.5 with no errors?? Jan 28, 2025
@blainedw
Copy link

Did you create a case template for misp to use? I didn't see this in your config.

  wsConfig {
    ssl.loose.acceptAnyCertificate: true
  } # HTTP client configuration (SSL and proxy)
  tags = ["misp"]
  caseTemplate = "MISP-EVENT"

@blainedw
Copy link

blainedw commented Feb 24, 2025
edited
Loading

BTW I am having the opposite problem. I cannot get misp to send events into thehive. At first I thought misp 2.5 wasn't supported with thehive 4.x but everything looks good (green OK in about screen). But I get the following error eventually in the log.

2025-02-24 09:40:39,724 [ERROR] from org.thp.thehive.connector.misp.services.MispImportSrv in application-akka.actor.default-dispatcher-16 [|] Unable to get MISP organisation
org.thp.scalligraph.InternalError: MISP server GDLS-MISP is inaccessible
at org.thp.misp.client.MispClient.currentOrganisationName(MispClient.scala:47)
at org.thp.thehive.connector.misp.services.MispImportSrv.syncMispEvents(MispImportSrv.scala:434)
at org.thp.thehive.connector.misp.services.MispActor$$anonfun$receive$2.$anonfun$applyOrElse$5(MispActor.scala:35)
at org.thp.thehive.connector.misp.services.MispActor$$anonfun$receive$2.$anonfun$applyOrElse$5$adapted(MispActor.scala:34)
at scala.collection.Iterator.foreach(Iterator.scala:943)
at scala.collection.Iterator.foreach$(Iterator.scala:943)
at scala.collection.AbstractIterator.foreach(Iterator.scala:1431)
at scala.collection.IterableLike.foreach(IterableLike.scala:74)
at scala.collection.IterableLike.foreach$(IterableLike.scala:73)
at scala.collection.AbstractIterable.foreach(Iterable.scala:56)
at org.thp.thehive.connector.misp.services.MispActor$$anonfun$receive$2.applyOrElse(MispActor.scala:34)
at akka.actor.Actor.aroundReceive(Actor.scala:537)
at akka.actor.Actor.aroundReceive$(Actor.scala:535)
at org.thp.thehive.connector.misp.services.MispActor.aroundReceive(MispActor.scala:12)
at akka.actor.ActorCell.receiveMessage(ActorCell.scala:580)
at akka.actor.ActorCell.invoke(ActorCell.scala:548)
at akka.dispatch.Mailbox.processMailbox(Mailbox.scala:270)
at akka.dispatch.Mailbox.run(Mailbox.scala:231)
at akka.dispatch.Mailbox.exec(Mailbox.scala:243)
at java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:289)
at java.util.concurrent.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1056)
at java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1692)
at java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:175)
Caused by: play.api.libs.json.JsResultException: JsResultException(errors:List((/id,List(JsonValidationError(List(error.expected.jsstring),WrappedArray()))), (/org_id,List(JsonValidationError(List(error.expected.jsstring),WrappedArray())))))
at play.api.libs.json.JsReadable.$anonfun$as$2(JsReadable.scala:25)
at play.api.libs.json.JsError.fold(JsResult.scala:66)
at play.api.libs.json.JsReadable.as(JsReadable.scala:24)
at play.api.libs.json.JsReadable.as$(JsReadable.scala:23)
at play.api.libs.json.JsDefined.as(JsLookup.scala:188)
at org.thp.misp.client.MispClient.$anonfun$getCurrentUser$2(MispClient.scala:140)
at scala.util.Success.$anonfun$map$1(Try.scala:255)
at scala.util.Success.map(Try.scala:213)
at scala.concurrent.Future.$anonfun$map$1(Future.scala:292)
at scala.concurrent.impl.Promise.liftedTree1$1(Promise.scala:33)
at scala.concurrent.impl.Promise.$anonfun$transform$1(Promise.scala:33)
at scala.concurrent.impl.CallbackRunnable.run(Promise.scala:64)
at java.util.concurrent.ForkJoinTask$RunnableExecuteAction.exec(ForkJoinTask.java:1402)
... 4 common frames omitted
2025-02-24 09:40:39,725 [INFO] from org.thp.thehive.connector.misp.services.MispActor in application-akka.actor.default-dispatcher-16 [|] MISP synchronisation is complete

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@blainedw @b4lh4ck