MISP
Crowdstrike_falcon error: "Cannot save log because of validation errors:...
OS: Ubuntu 18.04 MISP: v2.4.123 (55bcc4fa470af0bd24db0128e3b2cf3919af1c7e)
This was, originally, #5710 in the MISP issues but I am opening it, here, instead. I am getting the following errors when I try to test the crowdstrike_falcon module using CURL. The credentials are ok and the data are in Crowdstrike but what is returned is an empty array:
[2020-03-24 10:20:27] main.INFO: got {"queue":"prio","id":"7f08bee11f3c977af36cb1e9b5c238a0","class":"EventShell","args":[["enrichment","2","1393","["crowdstrike_falcon"]","1487"]]} {"type":"got","args":"[object] (Resque_Job: {"queue":"prio","id":"7f08bee11f3c977af36cb1e9b5c238a0","class":"EventShell","args":[["enrichment","2","1393","[\"crowdstrike_falcon\"]","1487"]]})","worker":"XXXX:4333"} [] [2020-03-24 10:20:27] main.INFO: Processing ID:7f08bee11f3c977af36cb1e9b5c238a0 in prio {"type":"process","worker":"XXXX:4333","job_id":"7f08bee11f3c977af36cb1e9b5c238a0"} [] [2020-03-24 10:20:29] main.ERROR: {"queue":"prio","id":"7f08bee11f3c977af36cb1e9b5c238a0","class":"EventShell","args":[["enrichment","2","1393","["crowdstrike_falcon"]","1487"]]} failed: Cannot save log because of validation errors: {"action":["Options : ..."]} {"type":"fail","log":"Cannot save log because of validation errors: {"action":["Options : ..."]}","job_id":"7f08bee11f3c977af36cb1e9b5c238a0","time":1776,"worker":"XXXX:4333"} []
I re-installed MISP Modules but it had no effect. It may be affecting other Enrichments besides Crowdstrikes. I haven't tested. Also, this instance was installed using the Ubunto 18.04 INSTALL script.
