TheHive4py icon indicating copy to clipboard operation
TheHive4py copied to clipboard

Published 20 hours ago verified publisher icon TheHive-Project

Issue importing theHive cases to OpenCTI

Open sho-illuminate opened this issue 4 years ago • 0 comments

Request Type

Bug

Work Environment

Question Answer
OS version (host) Windows 10
OS version (guests) CentOS 7.8
TheHive4py 1.8.1
Docker TheHive4 4.0.5

I am using oracle VM virtualbox and I have two virtual machines. One VM for theHive and the other for OpenCTI. They are both connected using a NAT network. I am able to access the GUIs on either VM. I am using docker for theHive and openCTI. Each have their own reverse proxy.

Problem Description

I am having issues with getting theHive cases imported into openCTI. OpenCTI has a pre-built docker image for theHive which acts as a connector to import theHive cases (https://github.com/OpenCTI-Platform/connectors/tree/master/thehive). I've created a few test cases on theHive and none of them show up on openCTI.

Steps to Reproduce

  1. start theHive and openCTI. The connector automatically sends requests to import cases from theHive.

  2. OpenCTI logs: image

  3. TheHive logs: image

Possible Solutions

I believe the first warning in the logs for theHive is caused by https://github.com/TheHive-Project/TheHive4py/blob/6bd75773889dac6c664310b187d0b264607075cf/thehive4py/query.py#L69 where lines 88-91 need to be updated to.

            {"_gt": {"_field": "tlp", "_value": 1}}
            ```
    """
    return {'_field': field, '_value': value}

Complementary information

I have attached my theHive4 docker-compose: docker-compose.txt

sho-illuminate avatar Apr 05 '21 18:04 sho-illuminate