Giter Site home page Giter Site logo

ag-michael / thehive-falcon Goto Github PK

View Code? Open in Web Editor NEW
2.0 1.0 2.0 21 KB

Falcon streaming api alert integration for TheHive

License: MIT License

Python 100.00%
thehive thehive-project crowdstrike falcon falcon-api streaming api python python-2

thehive-falcon's Introduction

thehive-falcon

thehive-falcon is a Crowdstrike Falcon streaming api alert integration script for TheHive.

Features

  • Alert creation for TheHive
  • Granular black/white list support (see included white/black lists for reference).
  • Email alerting
  • Elasticsearch logging of streaming data

Requirements

elasticsearch is required for elasticsearch logging. smtplib is a requirement for email alerting.

Usage

To start with, edit falcon_config.json and thehive_config.json and review each field to make sure it is correct for your environment.

Stand-alone script execution:

python thehive_falcon.py falcon_config.json thehive_config.json

It uses logging to log events.

There is a systemd unit file included which expects you to place the script and configuration files in /opt/thehive-falcon. Copy the unit file thehive-falcon.service to /etc/systemd/system run systemctl enable thehive-falcon to install it as a service. Run systemctl start thehive-falcon to start the service.

thehive-falcon's People

Contributors

ag-michael avatar

Stargazers

avatar avatar

Watchers

avatar

Forkers

mjleesment aremai

thehive-falcon's Issues

TypeError: exceptions must be old-style classes or derived from BaseException, not NoneType

Hi

I am testing thehive-falcon on a Thehive test machine running RedHat 7.6 with python 2 and python 3. All the config files have been configured but I am getting below error when I ran the command python thehive_falcon.py falcon_config.json thehive_config.json. Please assist me as I am not python expert.

thehive-falcon]$ python thehive_falcon.py falcon_config.json thehive_config.json
TheHive-Falcon: 2020-10-01 17:35:08,924 Starting Falcon streaming api integration script for TheHive...
TheHive-Falcon: 2020-10-01 17:35:08,976 Starting Falcon streaming api script...
TheHive-Falcon: 2020-10-01 17:35:08,976 Connecting to the Falcon streaming api.
TheHive-Falcon: 2020-10-01 17:35:08,976 Connecting to the streaming api with date stamp:Thu, 01 Oct 2020 21:35:08 GMT
TheHive-Falcon: 2020-10-01 17:35:08,983 Connecting to Falcon streaming API using TLS.
TheHive-Falcon: 2020-10-01 17:35:09,300 Errors in data stream response:
{
"errors": [
{
"code": 401,
"message": "Not authorized"
}
]
}
Traceback (most recent call last):
File "/users_home/test_user/thehive-falcon/pyfalcon.py", line 172, in connect
raise
TypeError: exceptions must be old-style classes or derived from BaseException, not NoneType
TheHive-Falcon: 2020-10-01 17:35:09,317 exceptions must be old-style classes or derived from BaseException, not NoneType
Traceback (most recent call last):
File "/users_home/test_user/thehive-falcon/pyfalcon.py", line 172, in connect
raise
TypeError: exceptions must be old-style classes or derived from BaseException, not NoneType

thehive-falcon is not working

Hi Michael

I find thehive-falcon very useful.

I am trying to integrate CrowdStrike into TheHive using thehive-falcon, but it is not working. Line 148 in the pyfalcon.py shows the code is using authentication method "cs-hmac" which is what the api version 1 uses. This is why I believe I am getting the authentication error returned when thehive-falcon tries to connect to the Crowdstrike API. I am using OAuth2-Based API credentials that is why.

Please can the script be updated with OAuth2-Based API authentication method? Our environment only allows OAuth2-Based API. Also, API Key Based will be decommissioned on 10/29/2020. CrowdStrike is urging all the clients to use OAuth2-Based API.

Below is the error message I get when I run the script:
thehive-falcon]$ python thehive_falcon.py falcon_config.json thehive_config.json
TheHive-Falcon: 2020-10-01 17:35:08,924 Starting Falcon streaming api integration script for TheHive...
TheHive-Falcon: 2020-10-01 17:35:08,976 Starting Falcon streaming api script...
TheHive-Falcon: 2020-10-01 17:35:08,976 Connecting to the Falcon streaming api.
TheHive-Falcon: 2020-10-01 17:35:08,976 Connecting to the streaming api with date stamp:Thu, 01 Oct 2020 21:35:08 GMT
TheHive-Falcon: 2020-10-01 17:35:08,983 Connecting to Falcon streaming API using TLS.
TheHive-Falcon: 2020-10-01 17:35:09,300 Errors in data stream response:
{
"errors": [
{
"code": 401,
"message": "Not authorized"
}
]
}
Traceback (most recent call last):
File "/users_home/test_user/thehive-falcon/pyfalcon.py", line 172, in connect
raise
TypeError: exceptions must be old-style classes or derived from BaseException, not NoneType
TheHive-Falcon: 2020-10-01 17:35:09,317 exceptions must be old-style classes or derived from BaseException, not NoneType
Traceback (most recent call last):
File "/users_home/test_user/thehive-falcon/pyfalcon.py", line 172, in connect
raise
TypeError: exceptions must be old-style classes or derived from BaseException, not NoneType

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.