TheHive
TheHive copied to clipboard
Published
20 hours ago •
TheHive-Project
TheHive-Project
[Bug] Cannot delete ObservabelDataType
Request Type
Bug
Work Environment
| Question | Answer |
|---|---|
| OS version (server) | Ubuntu |
| Virtualized Env. | True |
| Dedicated RAM | 4 GB |
| vCPU | 4 |
| TheHive version / git hash | 4.1.24, |
| Package Type | Docker |
| Database | Cassandra 3.11 |
| Index type | Elasticsearch 7.17.7 |
| Attachments storage | Local |
Problem Description
Describe the problem/bug as clearly as possible.
Steps to Reproduce
-
I did a full docker install with Thehive, CassandraDB, ElasticSearch.
-
I have created the New Organization.
-
I Migrated the db from TheHive 3.5.
-
After restarting docker compose I found:
- the organization of the old DB (set in the migration);
- the New Organization created before the migration;
- 2 "admin" organizations with the user [email protected] inside.
-
The observabelDataTypes are all duplicates and if I try to delete it it gives me the following error "AdminObservablesCtrl: Observable Type 4336 is used"
Possible Solutions
Delete the ObservablesDataType directly from the db? How to search it? How to remove it saftely?
Complementary information
DOCKER CONFIG (the commented lines '#' for the migration )
version: '3.8'
services:
cassandra:
image: 'cassandra:3.11'
container_name: cassandra
environment:
- MAX_HEAP_SIZE=1G
- HEAP_NEWSIZE=1G
- CASSANDRA_CLUSTER_NAME=thp
volumes:
- './vol/cassandra/data:/var/lib/cassandra/data'
networks:
- proxy
hostname: cassandra.local
thehive:
image: 'thehiveproject/thehive4:latest'
container_name: thehive4
#restart: unless-stopped
depends_on:
- cassandra
networks:
- proxy
ports:
#- '0.0.0.0:9999:9000'
- '0.0.0.0:9000:9000'
volumes:
- ./vol/thehive/application.conf:/etc/thehive/application.conf
- ./vol/thehive/data:/opt/thp/thehive/data
- ./vol/thehive/index:/opt/thp/thehive/index
command:
#- migrate
#- --output
#- /etc/thehive/application.conf
#- --main-organisation
#- MyOrganisation1
#- --es-uri
#- http://IP:9200
#- --es-index
#- the_hive
#- --case-from-date
#- "20180725"
#- --alert-from-date
#- "20210725"
#- --audit-from-date
#- "20210725"
#- --no-config-cortex
- --no-config
elasticsearch:
container_name: elasticsearch
image: 'elasticsearch:7.17.7'
environment:
- ingest.geoip.downloader.enabled=false
- http.host=0.0.0.0
- discovery.type=single-node
- cluster.name=hive
- script.allowed_types=inline,stored
- thread_pool.search.queue_size=100000
- thread_pool.write.queue_size=10000
- gateway.recover_after_nodes=1
- xpack.security.enabled=false
- bootstrap.memory_lock=true
- 'ES_JAVA_OPTS=-Xms256m -Xmx256m'
ulimits:
nofile:
soft: 65536
hard: 65536
networks:
- proxy
hostname: elasticsearch.local
networks:
proxy:
external: true
THE HIVE APPLICATION CONF
play.http.secret.key="akeyverydifficultbutidontknowwhy"
#play.http.context: "/cortexdev"
auth.defaultUserDomain: "myorgganisation1.com"
storage {
provider: localfs
localfs.location: /opt/thp/thehive/data
}
# JanusGraph
db {
provider: janusgraph
janusgraph {
storage {
backend: cql
hostname: ["cassandra.local"]
cql {
cluster-name: thp # cluster name
keyspace: thehive # name of the keyspace
read-consistency-level: ONE
write-consistency-level: ONE
}
}
## Index configuration
index {
search {
backend : elasticsearch
hostname : ["elasticsearch.local"]
index-name : thehive
elasticsearch {
http {
auth {
type: basic
basic {
username: httpuser
password: httppassword
}
}
}
}
}
}
}
}
