ag-michael / thehive-falcon Goto Github PK
View Code? Open in Web Editor NEWFalcon streaming api alert integration for TheHive
License: MIT License
Falcon streaming api alert integration for TheHive
License: MIT License
Hi
I am testing thehive-falcon on a Thehive test machine running RedHat 7.6 with python 2 and python 3. All the config files have been configured but I am getting below error when I ran the command python thehive_falcon.py falcon_config.json thehive_config.json. Please assist me as I am not python expert.
thehive-falcon]$ python thehive_falcon.py falcon_config.json thehive_config.json
TheHive-Falcon: 2020-10-01 17:35:08,924 Starting Falcon streaming api integration script for TheHive...
TheHive-Falcon: 2020-10-01 17:35:08,976 Starting Falcon streaming api script...
TheHive-Falcon: 2020-10-01 17:35:08,976 Connecting to the Falcon streaming api.
TheHive-Falcon: 2020-10-01 17:35:08,976 Connecting to the streaming api with date stamp:Thu, 01 Oct 2020 21:35:08 GMT
TheHive-Falcon: 2020-10-01 17:35:08,983 Connecting to Falcon streaming API using TLS.
TheHive-Falcon: 2020-10-01 17:35:09,300 Errors in data stream response:
{
"errors": [
{
"code": 401,
"message": "Not authorized"
}
]
}
Traceback (most recent call last):
File "/users_home/test_user/thehive-falcon/pyfalcon.py", line 172, in connect
raise
TypeError: exceptions must be old-style classes or derived from BaseException, not NoneType
TheHive-Falcon: 2020-10-01 17:35:09,317 exceptions must be old-style classes or derived from BaseException, not NoneType
Traceback (most recent call last):
File "/users_home/test_user/thehive-falcon/pyfalcon.py", line 172, in connect
raise
TypeError: exceptions must be old-style classes or derived from BaseException, not NoneType
Hi Michael
I find thehive-falcon very useful.
I am trying to integrate CrowdStrike into TheHive using thehive-falcon, but it is not working. Line 148 in the pyfalcon.py shows the code is using authentication method "cs-hmac" which is what the api version 1 uses. This is why I believe I am getting the authentication error returned when thehive-falcon tries to connect to the Crowdstrike API. I am using OAuth2-Based API credentials that is why.
Please can the script be updated with OAuth2-Based API authentication method? Our environment only allows OAuth2-Based API. Also, API Key Based will be decommissioned on 10/29/2020. CrowdStrike is urging all the clients to use OAuth2-Based API.
Below is the error message I get when I run the script:
thehive-falcon]$ python thehive_falcon.py falcon_config.json thehive_config.json
TheHive-Falcon: 2020-10-01 17:35:08,924 Starting Falcon streaming api integration script for TheHive...
TheHive-Falcon: 2020-10-01 17:35:08,976 Starting Falcon streaming api script...
TheHive-Falcon: 2020-10-01 17:35:08,976 Connecting to the Falcon streaming api.
TheHive-Falcon: 2020-10-01 17:35:08,976 Connecting to the streaming api with date stamp:Thu, 01 Oct 2020 21:35:08 GMT
TheHive-Falcon: 2020-10-01 17:35:08,983 Connecting to Falcon streaming API using TLS.
TheHive-Falcon: 2020-10-01 17:35:09,300 Errors in data stream response:
{
"errors": [
{
"code": 401,
"message": "Not authorized"
}
]
}
Traceback (most recent call last):
File "/users_home/test_user/thehive-falcon/pyfalcon.py", line 172, in connect
raise
TypeError: exceptions must be old-style classes or derived from BaseException, not NoneType
TheHive-Falcon: 2020-10-01 17:35:09,317 exceptions must be old-style classes or derived from BaseException, not NoneType
Traceback (most recent call last):
File "/users_home/test_user/thehive-falcon/pyfalcon.py", line 172, in connect
raise
TypeError: exceptions must be old-style classes or derived from BaseException, not NoneType
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.