Cortex icon indicating copy to clipboard operation
Cortex copied to clipboard

Published 20 hours ago verified publisher icon TheHive-Project

No analyzers found even though analyzer path is given

Open The-A-codes opened this issue 2 years ago • 2 comments

No analyzers found even though analyzer path is given

Request Type

Bug

Work Environment

Question Answer
Distributor ID: Ubuntu
Description: Ubuntu 20.04.5 LTS
Release: 20.0

Problem Description

I've installed Cortex and cortex analyzer. did exactly as asked in documentation on cortex GitHub page. updated database as the first step, created user. Installed cortex analyzer, changed that directory in application.conf file as well. now that i've restarted cortex the analyzer tab is not showing up. hence I can't enable them also.

Steps to Reproduce

application.conf file analyzer section

ANALYZERS

analyzer {

analyzer location

url can be point to:

- directory where analyzers are installed

- json file containing the list of analyzer descriptions

urls = [ #"https://download.thehive-project.org/analyzers.json" "/opt/cortex/Cortex-Analyzers/analyzers" ] # Sane defaults. Do not change unless you know what you are doing. fork-join-executor { # Min number of threads available for analysis. parallelism-min = 2 # Parallelism (threads) ... ceil(available processors * factor). parallelism-factor = 2.0 # Max number of threads available for analysis. parallelism-max = 4 } }

RESPONDERS

responder {

responder location (same format as analyzer.urls)

urls = [ #"https://download.thehive-project.org/responders.json" #"/absolute/path/of/responders" "/opt/cortex/Cortex-Analyzers/analyzers" ]

Sane defaults. Do not change unless you know what you are doing.

fork-join-executor { # Min number of threads available for analysis. parallelism-min = 2 # Parallelism (threads) ... ceil(available processors * factor). parallelism-factor = 2.0 # Max number of threads available for analysis. parallelism-max = 4 } }

Proxy configuration to retrieve catalogs

play.ws.proxy {

host = proxy.example.com

port = 3128

}

for now I'm just trying to get cortex up and running including analyzers, connecting it with ELK and hive is not mandatory for me as of now.

The-A-codes avatar Sep 06 '22 06:09 The-A-codes

Have you tried adding a comma between your paths ?

urls = [
#"https://download.thehive-project.org/responders.json",
#"/absolute/path/of/responders",
"/opt/cortex/Cortex-Analyzers/analyzers"
]

louismaxx avatar Dec 20 '22 15:12 louismaxx

i tried, and nothing happen

Kunniii avatar May 17 '23 13:05 Kunniii