TheHive4py icon indicating copy to clipboard operation
TheHive4py copied to clipboard

Published 20 hours ago verified publisher icon TheHive-Project

TheHiveApi.find_alerts cannot find alerts with specific custom field

Open wloody54 opened this issue 4 years ago • 3 comments

Request Type

Bug

Work Environment

Question Answer
OS version (server) Ubuntu
OS version (client) 10, Ubuntu
TheHive4py 1.8.1

Problem Description

When I am using find_alerts with specific customField in query, the result is empty. I tried find_cases and API request and both works without problem.

Steps to Reproduce: in attach files find_cases find_alerts API

wloody54 avatar Jan 19 '21 12:01 wloody54

+1 I have updated my thehive for the v4 and I am using thehive4py 1.8.1. Since thehive update, the query with In("customFields.client.string", CLIENT) does not retrieve anything, but I am sure there are alerts. CLIENT is an array The query worked before, maybe there is some change that I have to do for the new version...

CapaoAzul avatar Jan 21 '21 09:01 CapaoAzul

@wloody54 your query in curl is wrong. Look at the example in code: image

mnmnc avatar Feb 18 '21 18:02 mnmnc

My code is equal. The datatype is "customFields.client.string" and the CLIENT is an array.

I think the problem is datatype being a customField

CapaoAzul avatar Apr 08 '21 14:04 CapaoAzul