Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New Action for thehive 5 App #1358

Open
cloudifyopsblog opened this issue Mar 14, 2024 · 6 comments
Open

New Action for thehive 5 App #1358

cloudifyopsblog opened this issue Mar 14, 2024 · 6 comments
Labels
App

Comments

@cloudifyopsblog
Copy link

We need to add a new action for thehive5 App, the action is to Export Case to MISP which uses the POST request to http://your-instance/api/connector/misp/export/{caseId}/{mispName}.

Describe the solution you'd like
Since we already have the action for the cortex connector, we can achieve it in the similar fashion.

Describe alternatives you've considered
As of now we are integrating the thehive with cortex and running the analyzers to get the MISP report, this is the only way we seen which can be automated. But If this feature can be added we can use the shuffle workflow export action which can get us the MISP report and attach it to thehive case.
@frikky frikky added the App label Mar 14, 2024
@frikky
Copy link
Member

frikky commented Mar 14, 2024
edited

We need to add a new action for thehive5 App, the action is to Export Case to MISP which uses the POST request to http://your-instance/api/connector/misp/export/{caseId}/{mispName}.

Describe the solution you'd like Since we already have the action for the cortex connector, we can achieve it in the similar fashion.

Describe alternatives you've considered As of now we are integrating the thehive with cortex and running the analyzers to get the MISP report, this is the only way we seen which can be automated. But If this feature can be added we can use the shuffle workflow export action which can get us the MISP report and attach it to thehive case.

Hey!

If you need more functions for an app, you can fork (copy) it and add it directly yourself. We do this for customers that need actions, but don't have time to add every action to every app for all our users.

You can fork it by going to the app, and clicking "Fork" in the top right corner, OR download the app to your local instance and change it from there. If you need further assistance, please reach out to our support team :)

@cloudifyopsblog
Copy link
Author

Is there any doc/Blog, that we can follow to add action on to the app?

Also, it will helpful if you can share some more info on how to achieve it.

@cloudifyopsblog
Copy link
Author

Not able to add the Action, I followed below steps

  • Downloaded the app from https://shuffler.io/apps/5fefa1911e01a005b54f94dcb6830d82?queryID=48173afcbc26cee2c214d912f459bd39
  • In our self hosted shuffle, Under Apps->Create a new app from OpenAPI / Swagger->Uploaded the file->Continue.
  • Added the new Action,
    • Name: Export case to MISP
    • Description: Export Case to MISP
    • URL path / Curl statement: /api/connector/misp/export/{caseId}/{mispName}
    • Rest of the settings as default.
  • While I save it, getting a below error
    Upload Error: SyntaxError: Expected ',' or '}' after property value in JSON at position 65 (line 1 column 66)

Can you help me out here.

@frikky
Copy link
Member

frikky commented Mar 15, 2024

Not able to add the Action, I followed below steps

  • Downloaded the app from https://shuffler.io/apps/5fefa1911e01a005b54f94dcb6830d82?queryID=48173afcbc26cee2c214d912f459bd39

  • In our self hosted shuffle, Under Apps->Create a new app from OpenAPI / Swagger->Uploaded the file->Continue.

  • Added the new Action,

    • Name: Export case to MISP
    • Description: Export Case to MISP
    • URL path / Curl statement: /api/connector/misp/export/{caseId}/{mispName}
    • Rest of the settings as default.

  • While I save it, getting a below error
    Upload Error: SyntaxError: Expected ',' or '}' after property value in JSON at position 65 (line 1 column 66)

Can you help me out here.

Interesting - you may have stumbled over a generator bug then. What frontend version are you on? (check docker-compose.yml file next to image: ... shuffle-frontend/

Could you verify if the same editing works on our cloud or not? If it works, then you may just have to upgrade to a later version.

@cloudifyopsblog
Copy link
Author

cloudifyopsblog commented Mar 15, 2024
edited

  • We have self-hosted the shuffle on Kubernetes Cluster, so each of these components is running on each pod.
  • We are using the 1.3.1 version for the backend, frontend, and orborus.
  • I did edit the app in cloud and it is working. But when I deploy the latest version of shuffle on my Kubernetes, I am not able to login to the shuffle UI at all.

So I believe it's better if I rectify the issue that I am facing now the issue is with the shuffle-app-builder,

  • I see when I try to build the app and click save, a K8s job is getting created with a node selector added to it.
    • The pod created through the job is failing, below are logs from the pod,
DEBU[0000] Getting source context from dir:///app/generated/TheHive_5_v1-a1c456ec161b42be5c18f9f5a556d1a6/
DEBU[0000] Build context located at /app/generated/TheHive_5_v1-a1c456ec161b42be5c18f9f5a556d1a6/
DEBU[0000] Copying file /app/generated/TheHive_5_v1-a1c456ec161b42be5c18f9f5a556d1a6/Dockerfile to /kaniko/Dockerfile error checking push permissions -- make sure you entered the correct tag name, and that you are authenticated correctly, and try again: checking push permission for "192.168.29.16:5000/frikky/shuffle:thehive_5_v1_1.1.0": creating push check transport for 192.168.29.16:5000 failed: Get "https://192.168.29.16:5000/v2/": dial tcp 192.168.29.16:5000: i/o timeout; Get "http://192.168.29.16:5000/v2/": dial tcp 192.168.29.16:5000: i/o timeout
  • When I describe the job, I see the below args, So here we are using the destination as a local registry, will I be able to use AWS Elastic Container registry?
    Args:
      --verbosity=debug
      --dockerfile=./Dockerfile
      --context=dir:///app/generated/TheHive_5_v1-a1c456ec161b42be5c18f9f5a556d1a6/
      --skip-tls-verify
      --destination=192.168.29.16:5000/frikky/shuffle:thehive_5_v1_1.1.0
  • On my backend pod I see the below logs
2024/03/15 11:08:42 [INFO] Dockerfile: generated/TheHive_5_v1-a1c456ec161b42be5c18f9f5a556d1a6/Dockerfile
2024/03/15 11:08:42 [INFO] Checking for api with ID a1c456ec161b42be5c18f9f5a556d1a6
2024/03/15 11:08:42 [INFO] Updating a user (admin) that has the role admin with 1 apps and 1 orgs. Org updater: true
2024/03/15 11:08:42 [INFO] API LENGTH FOR TheHive_5_v1: 371229, ID: a1c456ec161b42be5c18f9f5a556d1a6
2024/03/15 11:08:42 [INFO] registry name: 192.168.29.16:5000
2024/03/15 11:08:42 contextDir: /app/generated/TheHive_5_v1-a1c456ec161b42be5c18f9f5a556d1a6/
2024/03/15 11:08:42 [INFO] Backend running on: ip-X-X-X-X.us-west-1.compute.internal
2024/03/15 11:09:22 [ERROR] shuffle-app-builder job failed with error: %!s(<nil>)
2024/03/15 11:09:27 [ERROR] Docker build error: [ERROR] failed to fetch shuffle-app-builder status: jobs.batch "shuffle-app-builder" not found

So, how can I rectify this issue?

@cloudifyopsblog
Copy link
Author

cloudifyopsblog commented Mar 21, 2024
edited

Hello @frikky Any update on this?

Can you give me some alternatives on how/where I can store the custom-built apps, when shuffle is deployed on Kubernetes/EKS?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
App
Projects
Shuffle Roadmap
Status: No status
Milestone
No milestone
Development

No branches or pull requests
2 participants
@frikky @cloudifyopsblog