Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] cannot add account into instance configuration #97

Open
RuthLMeng opened this issue Aug 19, 2024 · 13 comments
Open

[BUG] cannot add account into instance configuration #97

RuthLMeng opened this issue Aug 19, 2024 · 13 comments
Labels
bug Something isn't working confidence_level:low Low level of confidence that related tags are relevant

Comments

@RuthLMeng
Copy link

Request Type

Bug

Work Environment

Question Answer
OS version (server) Splunk 9
TheHive version / git hash theHive5

Problem Description

Describe your problem here

Steps to Reproduce

  1. On the page "Instances"
  2. Select "add a new insatnce" button
  3. No global account could be selelcted.

Possible Solutions

  • Any requests for Splunk capabilities for this addon? I am using Splunk user´s capabilities, must it be Splunk Admin?

Logs (issued from the search.log with logging mode set to DEBUG under Settings/Configuration)

image
@RuthLMeng RuthLMeng added the bug Something isn't working label Aug 19, 2024
@RuthLMeng
Copy link
Author

The search to add instance to the csv table not working:
image

@LetMeR00t
Copy link
Owner

Hello,
You need to create a global account by having the admin capability.
You are missing this part of the documentation: https://github.com/LetMeR00t/TA-thehive-cortex/blob/main/docs/installation.md#accounts

Thank you

@LetMeR00t LetMeR00t added the confidence_level:low Low level of confidence that related tags are relevant label Sep 6, 2024
@LetMeR00t
Copy link
Owner

Hello
Any update on your side ?

@RuthLMeng
Copy link
Author

RuthLMeng commented Sep 17, 2024 via email

@LetMeR00t
Copy link
Owner

Hello,
Any update?
Thank you

@RuthLMeng
Copy link
Author

Hello,

The instance still not added into the table. When we searched the errors for this TA, we got following error message:

ERROR AdminManagerExternal [1837517 TcpChannelThread] - Stack trace from python handler:\nTraceback (most recent call last):\n File "/opt/splunk/etc/apps/TA-thehive-cortex/bin/ta_thehive_cortex/aob_py3/splunktaucclib/rest_handler/handler.py", line 117, in wrapper\n for name, data, acl in meth(self, *args, **kwargs):\n File "/opt/splunk/etc/apps/TA-thehive-cortex/bin/ta_thehive_cortex/aob_py3/splunktaucclib/rest_handler/handler.py", line 172, in all\n **query\n File "/opt/splunk/etc/apps/TA-thehive-cortex/bin/ta_thehive_cortex/aob_py3/splunklib/binding.py", line 291, in wrapper\n return request_fun(self, *args, **kwargs)\n File "/opt/splunk/etc/apps/TA-thehive-cortex/bin/ta_thehive_cortex/aob_py3/splunklib/binding.py", line 72, in new_f\n val = f(*args, **kwargs)\n File "/opt/splunk/etc/apps/TA-thehive-cortex/bin/ta_thehive_cortex/aob_py3/splunklib/binding.py", line 697, in get\n response = self.http.get(path, all_headers, **query)\n File "/opt/splunk/etc/apps/TA-thehive-cortex/bin/ta_thehive_cortex/aob_py3/splunklib/binding.py", line 1230, in get\n return self.request(url, { 'method': "GET", 'headers': headers })\n File "/opt/splunk/etc/apps/TA-thehive-cortex/bin/ta_thehive_cortex/aob_py3/splunklib/binding.py", line 1302, in request\n raise HTTPError(response)\nsplunklib.binding.HTTPError: HTTP 404 Not Found -- b'{"messages":[{"type":"ERROR","text":"Not Found"}]}'\n\nDuring handling of the above exception, another exception occurred:\n\nTraceback (most recent call last):\n File "/opt/splunk/lib/python3.7/site-packages/splunk/admin.py", line 114, in init_persistent\n hand.execute(info)\n File "/opt/splunk/lib/python3.7/site-packages/splunk/admin.py", line 647, in execute\n if self.requestedAction == ACTION_LIST: self.handleList(confInfo)\n File "/opt/splunk/etc/apps/TA-thehive-cortex/bin/ta_thehive_cortex/aob_py3/splunk_aoblib/rest_migration.py", line 39, in handleList\n AdminExternalHandler.handleList(self, confInfo)\n File "/opt/splunk/etc/apps/TA-thehive-cortex/bin/ta_thehive_cortex/aob_py3/splunktaucclib/rest_handler/admin_external.py", line 51, in wrapper\n for entity in result:\n File "/opt/splunk/etc/apps/TA-thehive-cortex/bin/ta_thehive_cortex/aob_py3/splunktaucclib/rest_handler/handler.py", line 122, in wrapper\n raise RestError(exc.status, str(exc))\nsplunktaucclib.rest_handler.error.RestError: REST Error [404]: Not Found -- HTTP 404 Not Found -- b'{"messages":[{"type":"ERROR","text":"Not Found"}]}'\n

@RuthLMeng
Copy link
Author

We saved the account, but cannot correctly use the button "add an instance" into lookup table.

@LetMeR00t
Copy link
Owner

I don’t get what you mean
You just have to select the « Add an instance » and fullfill the fields to populate the lookup.

@RuthLMeng
Copy link
Author

Hello,

some points found for this addon:

  1. The current package didn´t provide csv lookup. The lookup defination thehive_cortex_instances is existed but thehive_cortex_instances.csv not inclusived in this addon.
  2. The view instances:
  3. When submitButton turned to true, but still I got some error msgs about a deprecated method:
    10-30-2024 11:42:20.969 +0000 ERROR PersistentScript [1874756 PersistentScriptIo] - From {/opt/splunk/bin/python3.9 /opt/splunk/etc/apps/TA-thehive-cortex/bin/TA_thehive_cortex_rh_account.py persistent}: /opt/splunk/etc/apps/TA-thehive-cortex/bin/ta_thehive_cortex/aob_py3/solnlib/utils.py:153: UserWarning: _get_all_passwords is deprecated, please use get_all_passwords_in_realm instead.

@LetMeR00t
Copy link
Owner

Hello,

some points found for this addon:

  1. The current package didn´t provide csv lookup. The lookup defination thehive_cortex_instances is existed but thehive_cortex_instances.csv not inclusived in this addon.
  2. The view instances:
  3. When submitButton turned to true, but still I got some error msgs about a deprecated method:
    10-30-2024 11:42:20.969 +0000 ERROR PersistentScript [1874756 PersistentScriptIo] - From {/opt/splunk/bin/python3.9 /opt/splunk/etc/apps/TA-thehive-cortex/bin/TA_thehive_cortex_rh_account.py persistent}: /opt/splunk/etc/apps/TA-thehive-cortex/bin/ta_thehive_cortex/aob_py3/solnlib/utils.py:153: UserWarning: _get_all_passwords is deprecated, please use get_all_passwords_in_realm instead.

Hello

Lookups are forbidden by Splunkbase in applications so we can't create this upfront. If the file doesn't exist, the python script will be creating it.

Thanks for the 3rd comment, I'll check that.

@RuthLMeng
Copy link
Author

On Splunk Cloud 9.2, it cannot add a csv automatically. The query for "add an instance" always waiting for input, but never runnable.
add_an_instance_err1

@LetMeR00t
Copy link
Owner

Hello
Did you tried to enter a value in all input fields on the top of this dashboard ? Especially on the blank ones.
thank you

@RuthLMeng
Copy link
Author

Thank you for your comment, I found why the record not inserted into lookup. The comment field was missing, so the lookup table never there.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working confidence_level:low Low level of confidence that related tags are relevant
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@LetMeR00t @RuthLMeng