Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Question] how to take data from artifact or observable thehive case wazuh responder #2478

Open
romarito90 opened this issue Jan 26, 2024 · 0 comments
Open

[Question] how to take data from artifact or observable thehive case wazuh responder #2478

romarito90 opened this issue Jan 26, 2024 · 0 comments
Labels
question

Comments

@romarito90
Copy link

Hello everyone I'm trying to get fix the problem in the wazuh responder to active response from Thehive to Wazuh

How can I get the data from an artifact or observable in a case ?

I created one new observable "agent_id" this is visible in my list of observables in the case in Thehive

300105780-8acee147-7f01-4930-9acc-458b6dbf1c23

How can I get the data from that field and pass to the payload to run the command firewalldrop

300108441-0111f6f4-1130-413e-8644-261e1f098e6d

300106251-e0759ea0-8bda-49cf-ac93-1b3c02b88e1a

If I run the command like above this It works

300108703-1d7d7779-33e4-468b-a416-ca4e0da4dc14

When I change the code to the following the analyzer failed

300108932-542a8562-813d-49eb-a336-a3c5734b93ff

300108364-138abd29-98fb-4ce7-853a-098de3cf777f

what command or code I need to get that data from that field "agent_id " in this case 12079 ??

Work Environment

Question Answer
OS version (client) Windows 11
Dedicated RAM 32 GB
vCPU 16
TheHive version / git hash 4.1
Package Type RPM
Database Cassandra
Index type Elasticsearch
Attachments storage Local
Browser type & version Firefox
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@romarito90