dockers icon indicating copy to clipboard operation
dockers copied to clipboard

Published 20 hours ago verified publisher icon xme

Suggested Update for Imap2TheHive

Open vi-or-die opened this issue 6 years ago • 0 comments

Summary:

After updating theHive server, Elastic-search, and then removing unused packages I broke Imap2thehive authentication into TheHive. During my troubleshooting I happened to stumble on using the API key for authentication instead of the Username Password combination and that seemed to resolve the bug.

Error:

[ERROR]: Cannot create alert: 401 ({"type":"AuthenticationError","message":"Authentication failure"})

Testing Method

To test this solution I put the API key in the password field and reformatted TheHiveAPI call's configuration line.

OLD api = TheHiveApi(config['thehiveURL'], config['thehiveUser'], config['thehivePassword'], {'http': '', 'https': ''})

Temporary Replacement api = TheHiveApi(config['thehiveURL'], config['thehivePassword'])

Full Replacement process

I think this might be the full process to update the script. I am still working to figure out how the whole pull request system works.

  1. Modify .conf file's [thehive] section to add apikey: field, then remove the user: and password: fields.
  2. Remove lines 62-63 in imap2thehive.py and add apikey line
  3. Modify line 273 in imap2thehive.py, to remove config['thehiveUser'], config['thehivePassword'], {'http': '', 'https': ''} and add config['apikey']

vi-or-die avatar Dec 19 '18 14:12 vi-or-die