If cortex modules fails in some way, it is permanently repolled by TheHive #324
Comments
|
Thanks @crackytsi we will look into it. Please note that MISP expansion modules should only be used if no Cortex analyzer is available to handle the analysis you are trying to achieve. |
To-om
added a commit
that referenced
this issue
Jul 11, 2018
To-om
added a commit
that referenced
this issue
Aug 27, 2018
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Request Type
Bug
Work Environment
Problem Description
I installed Cortex and TheHive and MISP with misp-modules.
I enabled misp-modules support in Cortex.
When I try to do an IP analysis for any ip, with the (MISP-) module geoip-country it loops permanently and floods /var/log/cortex/application.log until the system storage is full.
If I instead start the analysis with Cortex, it fails, but is not restarted and therefore the loop and log-flood does not appear.
I really wonder that no other people are faced with this issue!? Seems that nobody else tried this ;)
best regards
Chris
Here an excerpt of the logs:
2017-09-26 13:39:51,797 [INFO] from application in application-akka.actor.default-dispatcher-6 - GET /api/job/vfBAOTyCWEIYxZBY/waitreport?atMost=1%20minute returned 500 com.fasterxml.jackson.core.JsonParseException: Unexpected character ('-' (code 45)): Expected space separating root-level values at [Source: 2017-09-26 13:39:51,608 - geoip_country - DEBUG - 10.1.137.180 {"error": "GeoIP resolving error"} ; line: 1, column: 6] at com.fasterxml.jackson.core.JsonParser._constructError(JsonParser.java:1586) at com.fasterxml.jackson.core.base.ParserMinimalBase._reportError(ParserMinimalBase.java:521) at com.fasterxml.jackson.core.base.ParserMinimalBase._reportUnexpectedChar(ParserMinimalBase.java:450) at com.fasterxml.jackson.core.base.ParserMinimalBase._reportMissingRootWS(ParserMinimalBase.java:466) at com.fasterxml.jackson.core.json.ReaderBasedJsonParser._verifyRootSpace(ReaderBasedJsonParser.java:1598) at com.fasterxml.jackson.core.json.ReaderBasedJsonParser._parsePosNumber(ReaderBasedJsonParser.java:1248) at com.fasterxml.jackson.core.json.ReaderBasedJsonParser.nextToken(ReaderBasedJsonParser.java:705) at com.fasterxml.jackson.databind.ObjectMapper._initForReading(ObjectMapper.java:3847) at com.fasterxml.jackson.databind.ObjectMapper._readValue(ObjectMapper.java:3765) at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:2050) at play.api.libs.json.jackson.JacksonJson$.parseJsValue(JacksonJson.scala:238) at play.api.libs.json.Json$.parse(Json.scala:21) at services.MispSrv$$anonfun$analyze$1.apply(MispSrv.scala:156) at services.MispSrv$$anonfun$analyze$1.apply(MispSrv.scala:154) at scala.concurrent.impl.Future$PromiseCompletingRunnable.liftedTree1$1(Future.scala:24) at scala.concurrent.impl.Future$PromiseCompletingRunnable.run(Future.scala:24) at akka.dispatch.TaskInvocation.run(AbstractDispatcher.scala:39) at akka.dispatch.ForkJoinExecutorConfigurator$AkkaForkJoinTask.exec(AbstractDispatcher.scala:409) at scala.concurrent.forkjoin.ForkJoinTask.doExec(ForkJoinTask.java:260) at scala.concurrent.forkjoin.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1339) at scala.concurrent.forkjoin.ForkJoinPool.runWorker(ForkJoinPool.java:1979) at scala.concurrent.forkjoin.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:107) 2017-09-26 13:39:51,810 [INFO] from application in application-akka.actor.default-dispatcher-8 - GET /api/job/vfBAOTyCWEIYxZBY/waitreport?atMost=1%20minute returned 500 com.fasterxml.jackson.core.JsonParseException: Unexpected character ('-' (code 45)): Expected space separating root-level values at [Source: 2017-09-26 13:39:51,608 - geoip_country - DEBUG - 10.1.137.180 {"error": "GeoIP resolving error"} ; line: 1, column: 6] at com.fasterxml.jackson.core.JsonParser._constructError(JsonParser.java:1586) at com.fasterxml.jackson.core.base.ParserMinimalBase._reportError(ParserMinimalBase.java:521) at com.fasterxml.jackson.core.base.ParserMinimalBase._reportUnexpectedChar(ParserMinimalBase.java:450) at com.fasterxml.jackson.core.base.ParserMinimalBase._reportMissingRootWS(ParserMinimalBase.java:466) at com.fasterxml.jackson.core.json.ReaderBasedJsonParser._verifyRootSpace(ReaderBasedJsonParser.java:1598) at com.fasterxml.jackson.core.json.ReaderBasedJsonParser._parsePosNumber(ReaderBasedJsonParser.java:1248) at com.fasterxml.jackson.core.json.ReaderBasedJsonParser.nextToken(ReaderBasedJsonParser.java:705) at com.fasterxml.jackson.databind.ObjectMapper._initForReading(ObjectMapper.java:3847) at com.fasterxml.jackson.databind.ObjectMapper._readValue(ObjectMapper.java:3765) at com.fasterxml.jackson.daThe text was updated successfully, but these errors were encountered: