Comments (15)
emalderson
commented on July 28, 2024
1
The version is the right one, so it seems it was a problem of RBAC, right? As explained in the documentation, the TheHive user must have the OrgAdmin role.
from thephish.
mgrant0
commented on July 28, 2024
1
It does seem to be an RBAC as you say. I see why we didn't read that page. We installed it straight on an instance. We haven't used the docker image yet. But we did create an OrgAdmin, we just did not initially use the OrgAdmin user in ThePhish config, only the real Admin.
I definitely think it's worth mentioning in your instructions to use a user with OrgAdmin.
from thephish.
emalderson
commented on July 28, 2024
Hello, I know. However, the case_from_email module should automatically create a case template named "ThePhish" if it does not exist yet, as you can see in the following lines of code:
ThePhish/app/case_from_email.py
Lines 302 to 320 in 603eca6
from thephish.
mgrant0
commented on July 28, 2024
Any suggestions on how to proceed?
from thephish.
emalderson
commented on July 28, 2024
As I said earlier, ThePhish automatically creates a case template named "ThePhish" if it does not exist yet. Check if the problem is on your side, maybe due to your configuration or work environment. Don't forget to specify your work environment following this Issue Template when opening issues related to possible bugs.
from thephish.
janjaom
commented on July 28, 2024
About this problem is not having created the template, but I create the template manually with 3 tasks and it works fine!
from thephish.
emalderson
commented on July 28, 2024
This is odd, the tool should create the template on its own. What version of TheHive4py do you have installed?
from thephish.
mgrant0
commented on July 28, 2024
# apt policy thehive4
thehive4:
Installed: 4.1.11-1
Candidate: 4.1.11-1
Version table:
*** 4.1.11-1 500
500 https://deb.thehive-project.org release/main amd64 Packages
100 /var/lib/dpkg/status
from thephish.
mgrant0
commented on July 28, 2024
One thing we discovered is that the Cortex user needs to have OrgAdmin permissions. Then it'll create the template.
from thephish.
emalderson
commented on July 28, 2024
The version on which ThePhish has been tested is TheHive 4.1.9.
Anyway, I was asking for the version of TheHive4py, which is the Python API module used to interact with TheHive.
from thephish.
mgrant0
commented on July 28, 2024
Seems to be thehive4py-1.8.1
from thephish.
emalderson
commented on July 28, 2024
One thing we discovered is that the Cortex user needs to have OrgAdmin permissions. Then it'll create the template.
Maybe you mean the TheHive user, since the template is created on TheHive and it has nothing to do with Cortex. The fact that it must have the OrgAdmin permission is explained here.
from thephish.
mgrant0
commented on July 28, 2024
sorry, yes
from thephish.
emalderson
commented on July 28, 2024
I will highlight this fact in the documentation for sure in the next commit, thanks for the suggestion!
from thephish.
emalderson
commented on July 28, 2024
This problem has been fixed in the documentation, closed.
from thephish.
Related Issues (20)
- [ERROR]: Error while trying to create the case HOT 4
- [Error] Imap connection
- TheHive5 analysis in alert HOT 3
- ERROR: Version in "./docker-compose.yml" is unsupported HOT 2
- [Question] HOT 1
- [Question]CaseTemplate not found HOT 1
- [BUG] TheHive, Cortex and MISP instances are not reachable on thephish HOT 1
- AttributeError: 'NoneType' object has no attribute 'span' HOT 3
- How to change the email message that thephish sends. HOT 1
- [BUG] - Docker compose - java.lang.IllegalArgumentException: Could not instantiate implementation: org.janusgraph.diskstorage.cql.CQLStoreManager HOT 1
- Ciao non riesco nell'installazione [Question] HOT 1
- [BUG] - Crowdsec_Analyzer_1_0: Job AobGi4wB0KV4xh-jmuSh has be updated (JsDefined("Failure")) HOT 1
- There are no e-mails to read HOT 8
- [ERROR]: Error during the analysis task - Why does this happen? HOT 1
- [Question] authentication/login page for ThePhish HOT 1
- Do you have a working ISO Image for the Phish ? HOT 1
- ModuleNotFoundError: No module named 'flask' HOT 1
- Issue regarding configuration HOT 2
- [Problème de réception d'email au niveau de la BAL ThePhish] HOT 1
- Come è possibiole modificare la pagina iniziale e le risposte dell'email HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from thephish.