You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Bug Can't create case from an alert with api key with shuffle AuthorizationError: Unauthorized action
Work Environment
Question
Answer
OS version (server)
Ubuntu
OS version (client)
18.04.6
Virtualized Env.
True
Dedicated RAM
32 GB
vCPU
8
TheHive version / git hash
4.1.24-1
Package Type
From source
Database
Cassandra
Index type
Lucene
Attachments storage
Local
Problem Description
I created a workflow on shuffle but when I want to create a case from an alert I get the error AuthorizationError: Unauthorized action while when I perform the action via a curl and the same api key with shuffle it works perfectly
Steps to Reproduce
Launch the workflow with case creation from an alert
Launch the same workflow but with a curl that performs the same action as thehive module and all work correctly
Here are thehive logs when I launch my workflow via thehive module to create a case from an alert
Logs :
2023-04-07 03:14:17,795 [ERROR] from org.thp.scalligraph.utils.Retry in application-akka.actor.default-dispatcher-39 [00000903|16360cb1] uncaught error, not retrying
org.thp.scalligraph.AuthorizationError: Unauthorized action
at org.thp.scalligraph.traversal.TraversalOps$TraversalOpsDefs.existsOrFail(TraversalOps.scala:154)
at org.thp.thehive.controllers.v0.AlertCtrl.$anonfun$createCase$5(AlertCtrl.scala:275)
at scala.Option.map(Option.scala:230)
at org.thp.thehive.controllers.v0.AlertCtrl.$anonfun$createCase$4(AlertCtrl.scala:275)
at scala.util.Success.flatMap(Try.scala:251)
at org.thp.thehive.controllers.v0.AlertCtrl.$anonfun$createCase$3(AlertCtrl.scala:269)
at scala.util.Success.flatMap(Try.scala:251)
at org.thp.thehive.controllers.v0.AlertCtrl.$anonfun$createCase$2(AlertCtrl.scala:268)
at org.thp.scalligraph.controllers.Entrypoint$EntryPointBuilder.$anonfun$authPermittedTransaction$2(Entrypoint.scala:129)
at org.thp.scalligraph.janus.JanusDatabase.$anonfun$tryTransaction$7(JanusDatabase.scala:241)
at scala.util.Try$.apply(Try.scala:213)
at org.thp.scalligraph.janus.JanusDatabase.$anonfun$tryTransaction$6(JanusDatabase.scala:241)
at scala.util.Try$.apply(Try.scala:213)
at org.thp.scalligraph.utils.DelayRetry.withTry(Retry.scala:93)
at org.thp.scalligraph.janus.JanusDatabase.tryTransaction(JanusDatabase.scala:238)
at org.thp.scalligraph.controllers.Entrypoint$EntryPointBuilder.$anonfun$authPermittedTransaction$1(Entrypoint.scala:129)
at org.thp.scalligraph.controllers.Entrypoint$EntryPointBuilder.$anonfun$auth$1(Entrypoint.scala:86)
at org.thp.scalligraph.controllers.Entrypoint$EntryPointBuilder.$anonfun$asyncAuth$4(Entrypoint.scala:108)
at org.scalactic.Good.fold(Or.scala:1229)
at org.thp.scalligraph.controllers.Entrypoint$EntryPointBuilder.$anonfun$asyncAuth$2(Entrypoint.scala:108)
at org.thp.scalligraph.DiagnosticContext$.$anonfun$withRequest$2(ContextPropagatingDisptacher.scala:108)
at org.thp.scalligraph.DiagnosticContext$.saveDiagnosticContext(ContextPropagatingDisptacher.scala:114)
at org.thp.scalligraph.DiagnosticContext$.withRequest(ContextPropagatingDisptacher.scala:99)
at org.thp.scalligraph.controllers.Entrypoint$EntryPointBuilder.$anonfun$asyncAuth$1(Entrypoint.scala:105)
at org.thp.scalligraph.auth.AuthSrvWithActionFunction$$anon$1.$anonfun$invokeBlock$2(AuthSrv.scala:91)
at scala.Option.fold(Option.scala:251)
at org.thp.scalligraph.auth.AuthSrvWithActionFunction$$anon$1.invokeBlock(AuthSrv.scala:90)
at org.thp.scalligraph.auth.AuthSrvWithActionFunction$$anon$1.invokeBlock(AuthSrv.scala:87)
at org.thp.scalligraph.auth.BasicAuthSrv$$anon$1.$anonfun$invokeBlock$1(BasicAuthSrv.scala:54)
at scala.Option.fold(Option.scala:251)
at org.thp.scalligraph.auth.BasicAuthSrv$$anon$1.invokeBlock(BasicAuthSrv.scala:54)
at org.thp.scalligraph.auth.BasicAuthSrv$$anon$1.invokeBlock(BasicAuthSrv.scala:52)
at org.thp.scalligraph.auth.SessionAuthSrv$$anon$1.$anonfun$invokeBlock$1(SessionAuthSrv.scala:98)
at scala.Option.fold(Option.scala:251)
at org.thp.scalligraph.auth.SessionAuthSrv$$anon$1.invokeBlock(SessionAuthSrv.scala:98)
at org.thp.scalligraph.auth.SessionAuthSrv$$anon$1.invokeBlock(SessionAuthSrv.scala:95)
at play.api.mvc.ActionBuilder$$anon$10.$anonfun$invokeBlock$2(Action.scala:408)
at play.api.mvc.ActionBuilderImpl.invokeBlock(Action.scala:441)
at play.api.mvc.ActionBuilderImpl.invokeBlock(Action.scala:439)
at play.api.mvc.ActionBuilder$$anon$10.invokeBlock(Action.scala:408)
at play.api.mvc.ActionBuilder$$anon$10.invokeBlock(Action.scala:404)
at play.api.mvc.ActionBuilder$$anon$9.apply(Action.scala:379)
at play.api.mvc.Action.$anonfun$apply$4(Action.scala:82)
at play.api.libs.streams.StrictAccumulator.$anonfun$mapFuture$4(Accumulator.scala:168)
at scala.util.Try$.apply(Try.scala:213)
at play.api.libs.streams.StrictAccumulator.$anonfun$mapFuture$3(Accumulator.scala:168)
at scala.Function1.$anonfun$andThen$1(Function1.scala:57)
at scala.Function1.$anonfun$andThen$1(Function1.scala:57)
at scala.Function1.$anonfun$andThen$1(Function1.scala:57)
at play.api.libs.streams.StrictAccumulator.run(Accumulator.scala:200)
at play.core.server.AkkaHttpServer.$anonfun$runAction$4(AkkaHttpServer.scala:418)
at akka.http.scaladsl.util.FastFuture$.strictTransform$1(FastFuture.scala:41)
at akka.http.scaladsl.util.FastFuture$.$anonfun$transformWith$3(FastFuture.scala:51)
at scala.concurrent.impl.CallbackRunnable.run(Promise.scala:64)
at org.thp.scalligraph.ContextPropagatingDispatcher$$anon$1.$anonfun$execute$2(ContextPropagatingDisptacher.scala:57)
at scala.runtime.java8.JFunction0$mcV$sp.apply(JFunction0$mcV$sp.java:23)
at org.thp.scalligraph.DiagnosticContext$.$anonfun$withDiagnosticContext$2(ContextPropagatingDisptacher.scala:93)
at org.thp.scalligraph.DiagnosticContext$.saveDiagnosticContext(ContextPropagatingDisptacher.scala:114)
at org.thp.scalligraph.DiagnosticContext$.withDiagnosticContext(ContextPropagatingDisptacher.scala:91)
at org.thp.scalligraph.DiagnosticContext$$anon$2.withContext(ContextPropagatingDisptacher.scala:76)
at org.thp.scalligraph.ContextPropagatingDispatcher$$anon$1.$anonfun$execute$1(ContextPropagatingDisptacher.scala:57)
at akka.dispatch.TaskInvocation.run(AbstractDispatcher.scala:49)
at akka.dispatch.ForkJoinExecutorConfigurator$AkkaForkJoinTask.exec(ForkJoinExecutorConfigurator.scala:48)
at java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:289)
at java.util.concurrent.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1056)
at java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1692)
at java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:175)
2023-04-07 03:14:17,795 [ERROR] from org.thp.scalligraph.models.Database in application-akka.actor.default-dispatcher-39 [00000903|16360cb1] Exception raised, rollback (Unauthorized action)
2023-04-07 03:14:17,795 [WARN] from org.thp.scalligraph.ErrorHandler in application-akka.actor.default-dispatcher-39 [00000903|16360cb1] POST /api/alert/~122978320/createCase returned 403
2023-04-07 03:14:17,796 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-31 [00000903|] 192.168.1.29 POST /api/alert/~122978320/createCase took 29ms and returned 403 61 bytes
And here is thehive logs when i do the same action but via a curl with the same api key
Logs :
2023-04-07 03:38:38,823 [INFO] from org.thp.scalligraph.controllers.Entrypoint in application-akka.actor.default-dispatcher-32 [000009be|] 192.168.1.65 POST /api/v1/query?name=alerts.count
2023-04-07 03:38:38,823 [INFO] from org.thp.scalligraph.controllers.Entrypoint in application-akka.actor.default-dispatcher-38 [000009ba|] 192.168.1.65 POST /api/v1/query?name=unread-alert-count
2023-04-07 03:38:38,823 [INFO] from org.thp.scalligraph.controllers.Entrypoint in application-akka.actor.default-dispatcher-37 [000009bd|] 192.168.1.65 POST /api/v1/query?name=alerts
2023-04-07 03:38:38,823 [INFO] from org.thp.scalligraph.controllers.Entrypoint in application-akka.actor.default-dispatcher-24 [000009bb|] 192.168.1.65 POST /api/v1/query?name=unread-alert-count
2023-04-07 03:38:38,824 [INFO] from org.thp.scalligraph.controllers.Entrypoint in application-akka.actor.default-dispatcher-39 [000009bc|] 192.168.1.65 POST /api/v1/query?name=alert-count-all
2023-04-07 03:38:38,827 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-37 [000009bd|] 192.168.1.65 POST /api/v1/query?name=alerts took 4ms and returned 200
2023-04-07 03:38:38,905 [INFO] from org.thp.scalligraph.controllers.Entrypoint in application-akka.actor.default-dispatcher-28 [000009bf|] 192.168.1.65 POST /api/v1/query?name=alert-count-all
2023-04-07 03:38:38,955 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-24 [000009ba|] 192.168.1.65 POST /api/v1/query?name=unread-alert-count took 132ms and returned 200 2 bytes
2023-04-07 03:38:38,955 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-38 [000009bb|] 192.168.1.65 POST /api/v1/query?name=unread-alert-count took 132ms and returned 200 2 bytes
2023-04-07 03:38:38,956 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-24 [000009be|] 192.168.1.65 POST /api/v1/query?name=alerts.count took 133ms and returned 200 1 bytes
2023-04-07 03:38:38,956 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-30 [000009bc|] 192.168.1.65 POST /api/v1/query?name=alert-count-all took 133ms and returned 200 2 bytes
2023-04-07 03:38:38,958 [INFO] from org.thp.scalligraph.controllers.Entrypoint in application-akka.actor.default-dispatcher-36 [000009c0|] 192.168.1.65 POST /api/v1/query?name=alerts
2023-04-07 03:38:38,993 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-36 [000009c0|] 192.168.1.65 POST /api/v1/query?name=alerts took 35ms and returned 200
2023-04-07 03:38:38,994 [INFO] from org.thp.scalligraph.controllers.Entrypoint in application-akka.actor.default-dispatcher-38 [000009c1|] 192.168.1.65 POST /api/v1/query?name=alerts.count
2023-04-07 03:38:39,064 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-28 [000009bf|] 192.168.1.65 POST /api/v1/query?name=alert-count-all took 162ms and returned 200 2 bytes
2023-04-07 03:38:39,069 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-38 [000009c1|] 192.168.1.65 POST /api/v1/query?name=alerts.count took 75ms and returned 200 1 bytes
2023-04-07 03:38:40,710 [INFO] from org.thp.scalligraph.controllers.Entrypoint in application-akka.actor.default-dispatcher-24 [000009c4|] 192.168.1.29 POST /api/alert/~41115728/artifact
2023-04-07 03:38:40,731 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-24 [000009c4|] 192.168.1.29 POST /api/alert/~41115728/artifact took 29ms and returned 201 294 bytes
2023-04-07 03:38:40,932 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-32 [000009c2|] 192.168.1.65 GET /api/stream/jKJgDEFt2CMmP8yzuS5n took 1099ms and returned 200 1072 bytes
2023-04-07 03:38:40,932 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-30 [000009c3|] 192.168.1.65 GET /api/stream/SypTB9xku0GmY1hRWzsK took 991ms and returned 200 1072 bytes
2023-04-07 03:38:42,972 [INFO] from org.thp.scalligraph.controllers.Entrypoint in application-akka.actor.default-dispatcher-28 [000009c7|] 192.168.1.29 POST /api/alert/~41115728/createCase
2023-04-07 03:38:43,107 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-24 [000009c7|] 192.168.1.29 POST /api/alert/~41115728/createCase took 142ms and returned 201 742 bytes
2023-04-07 03:38:43,265 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-16 [000009c5|] 192.168.1.65 GET /api/stream/jKJgDEFt2CMmP8yzuS5n took 1317ms and returned 200 1528 bytes
2023-04-07 03:38:43,265 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-37 [000009c6|] 192.168.1.65 GET /api/stream/SypTB9xku0GmY1hRWzsK took 314ms and returned 200 1528 bytes
2023-04-07 03:38:43,268 [INFO] from org.thp.scalligraph.controllers.Entrypoint in application-akka.actor.default-dispatcher-39 [000009c9|] 192.168.1.65 POST /api/v1/query?name=alert-count-all
2023-04-07 03:38:43,268 [INFO] from org.thp.scalligraph.controllers.Entrypoint in application-akka.actor.default-dispatcher-34 [000009c8|] 192.168.1.65 POST /api/v1/query?name=unread-alert-count
2023-04-07 03:38:43,269 [INFO] from org.thp.scalligraph.controllers.Entrypoint in application-akka.actor.default-dispatcher-36 [000009ca|] 192.168.1.65 POST /api/v1/query?name=alerts
2023-04-07 03:38:43,270 [INFO] from org.thp.scalligraph.controllers.Entrypoint in application-akka.actor.default-dispatcher-37 [000009cb|] 192.168.1.65 POST /api/v1/query?name=alerts.count
2023-04-07 03:38:43,271 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-36 [000009ca|] 192.168.1.65 POST /api/v1/query?name=alerts took 2ms and returned 200
2023-04-07 03:38:43,485 [INFO] from org.thp.scalligraph.controllers.Entrypoint in application-akka.actor.default-dispatcher-16 [000009cc|] 192.168.1.65 POST /api/v1/query?name=unread-alert-count
2023-04-07 03:38:43,494 [INFO] from org.thp.scalligraph.controllers.Entrypoint in application-akka.actor.default-dispatcher-38 [000009cd|] 192.168.1.65 POST /api/v1/query?name=alert-count-all
2023-04-07 03:38:43,576 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-34 [000009c8|] 192.168.1.65 POST /api/v1/query?name=unread-alert-count took 308ms and returned 200 2 bytes
2023-04-07 03:38:43,580 [INFO] from org.thp.scalligraph.controllers.Entrypoint in application-akka.actor.default-dispatcher-24 [000009ce|] 192.168.1.65 POST /api/v1/query?name=alerts
2023-04-07 03:38:43,582 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-24 [000009ce|] 192.168.1.65 POST /api/v1/query?name=alerts took 3ms and returned 200
2023-04-07 03:38:43,656 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-39 [000009c9|] 192.168.1.65 POST /api/v1/query?name=alert-count-all took 388ms and returned 200 2 bytes
2023-04-07 03:38:43,657 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-37 [000009cb|] 192.168.1.65 POST /api/v1/query?name=alerts.count took 388ms and returned 200 1 bytes
2023-04-07 03:38:43,726 [INFO] from org.thp.scalligraph.controllers.Entrypoint in application-akka.actor.default-dispatcher-37 [000009cf|] 192.168.1.65 POST /api/v1/query?name=alerts.count
2023-04-07 03:38:43,827 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-38 [000009cd|] 192.168.1.65 POST /api/v1/query?name=alert-count-all took 334ms and returned 200 2 bytes
2023-04-07 03:38:43,828 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-16 [000009cc|] 192.168.1.65 POST /api/v1/query?name=unread-alert-count took 344ms and returned 200 2 bytes
2023-04-07 03:38:43,831 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-37 [000009cf|] 192.168.1.65 POST /api/v1/query?name=alerts.count took 106ms and returned 200 1 bytes
I really don't understand the problem. Has anyone had the same problem before?
Thank you in advance for your help
The text was updated successfully, but these errors were encountered:
Blood78
changed the title
[Bug] Can't create case from an alert with api key with shuffle : AuthorizationError: Unauthorized action
[Bug] Can't create case from an alert with api key with shuffle
Apr 7, 2023
Request Type
Bug Can't create case from an alert with api key with shuffle AuthorizationError: Unauthorized action
Work Environment
Problem Description
I created a workflow on shuffle but when I want to create a case from an alert I get the error AuthorizationError: Unauthorized action while when I perform the action via a curl and the same api key with shuffle it works perfectly
Steps to Reproduce
Here are thehive logs when I launch my workflow via thehive module to create a case from an alert
Logs :
2023-04-07 03:14:17,795 [ERROR] from org.thp.scalligraph.utils.Retry in application-akka.actor.default-dispatcher-39 [00000903|16360cb1] uncaught error, not retrying
org.thp.scalligraph.AuthorizationError: Unauthorized action
at org.thp.scalligraph.traversal.TraversalOps$TraversalOpsDefs.existsOrFail(TraversalOps.scala:154)
at org.thp.thehive.controllers.v0.AlertCtrl.$anonfun$createCase$5(AlertCtrl.scala:275)
at scala.Option.map(Option.scala:230)
at org.thp.thehive.controllers.v0.AlertCtrl.$anonfun$createCase$4(AlertCtrl.scala:275)
at scala.util.Success.flatMap(Try.scala:251)
at org.thp.thehive.controllers.v0.AlertCtrl.$anonfun$createCase$3(AlertCtrl.scala:269)
at scala.util.Success.flatMap(Try.scala:251)
at org.thp.thehive.controllers.v0.AlertCtrl.$anonfun$createCase$2(AlertCtrl.scala:268)
at org.thp.scalligraph.controllers.Entrypoint$EntryPointBuilder.$anonfun$authPermittedTransaction$2(Entrypoint.scala:129)
at org.thp.scalligraph.janus.JanusDatabase.$anonfun$tryTransaction$7(JanusDatabase.scala:241)
at scala.util.Try$.apply(Try.scala:213)
at org.thp.scalligraph.janus.JanusDatabase.$anonfun$tryTransaction$6(JanusDatabase.scala:241)
at scala.util.Try$.apply(Try.scala:213)
at org.thp.scalligraph.utils.DelayRetry.withTry(Retry.scala:93)
at org.thp.scalligraph.janus.JanusDatabase.tryTransaction(JanusDatabase.scala:238)
at org.thp.scalligraph.controllers.Entrypoint$EntryPointBuilder.$anonfun$authPermittedTransaction$1(Entrypoint.scala:129)
at org.thp.scalligraph.controllers.Entrypoint$EntryPointBuilder.$anonfun$auth$1(Entrypoint.scala:86)
at org.thp.scalligraph.controllers.Entrypoint$EntryPointBuilder.$anonfun$asyncAuth$4(Entrypoint.scala:108)
at org.scalactic.Good.fold(Or.scala:1229)
at org.thp.scalligraph.controllers.Entrypoint$EntryPointBuilder.$anonfun$asyncAuth$2(Entrypoint.scala:108)
at org.thp.scalligraph.DiagnosticContext$.$anonfun$withRequest$2(ContextPropagatingDisptacher.scala:108)
at org.thp.scalligraph.DiagnosticContext$.saveDiagnosticContext(ContextPropagatingDisptacher.scala:114)
at org.thp.scalligraph.DiagnosticContext$.withRequest(ContextPropagatingDisptacher.scala:99)
at org.thp.scalligraph.controllers.Entrypoint$EntryPointBuilder.$anonfun$asyncAuth$1(Entrypoint.scala:105)
at org.thp.scalligraph.auth.AuthSrvWithActionFunction$$anon$1.$anonfun$invokeBlock$2(AuthSrv.scala:91)
at scala.Option.fold(Option.scala:251)
at org.thp.scalligraph.auth.AuthSrvWithActionFunction$$anon$1.invokeBlock(AuthSrv.scala:90)
at org.thp.scalligraph.auth.AuthSrvWithActionFunction$$anon$1.invokeBlock(AuthSrv.scala:87)
at org.thp.scalligraph.auth.BasicAuthSrv$$anon$1.$anonfun$invokeBlock$1(BasicAuthSrv.scala:54)
at scala.Option.fold(Option.scala:251)
at org.thp.scalligraph.auth.BasicAuthSrv$$anon$1.invokeBlock(BasicAuthSrv.scala:54)
at org.thp.scalligraph.auth.BasicAuthSrv$$anon$1.invokeBlock(BasicAuthSrv.scala:52)
at org.thp.scalligraph.auth.SessionAuthSrv$$anon$1.$anonfun$invokeBlock$1(SessionAuthSrv.scala:98)
at scala.Option.fold(Option.scala:251)
at org.thp.scalligraph.auth.SessionAuthSrv$$anon$1.invokeBlock(SessionAuthSrv.scala:98)
at org.thp.scalligraph.auth.SessionAuthSrv$$anon$1.invokeBlock(SessionAuthSrv.scala:95)
at play.api.mvc.ActionBuilder$$anon$10.$anonfun$invokeBlock$2(Action.scala:408)
at play.api.mvc.ActionBuilderImpl.invokeBlock(Action.scala:441)
at play.api.mvc.ActionBuilderImpl.invokeBlock(Action.scala:439)
at play.api.mvc.ActionBuilder$$anon$10.invokeBlock(Action.scala:408)
at play.api.mvc.ActionBuilder$$anon$10.invokeBlock(Action.scala:404)
at play.api.mvc.ActionBuilder$$anon$9.apply(Action.scala:379)
at play.api.mvc.Action.$anonfun$apply$4(Action.scala:82)
at play.api.libs.streams.StrictAccumulator.$anonfun$mapFuture$4(Accumulator.scala:168)
at scala.util.Try$.apply(Try.scala:213)
at play.api.libs.streams.StrictAccumulator.$anonfun$mapFuture$3(Accumulator.scala:168)
at scala.Function1.$anonfun$andThen$1(Function1.scala:57)
at scala.Function1.$anonfun$andThen$1(Function1.scala:57)
at scala.Function1.$anonfun$andThen$1(Function1.scala:57)
at play.api.libs.streams.StrictAccumulator.run(Accumulator.scala:200)
at play.core.server.AkkaHttpServer.$anonfun$runAction$4(AkkaHttpServer.scala:418)
at akka.http.scaladsl.util.FastFuture$.strictTransform$1(FastFuture.scala:41)
at akka.http.scaladsl.util.FastFuture$.$anonfun$transformWith$3(FastFuture.scala:51)
at scala.concurrent.impl.CallbackRunnable.run(Promise.scala:64)
at org.thp.scalligraph.ContextPropagatingDispatcher$$anon$1.$anonfun$execute$2(ContextPropagatingDisptacher.scala:57)
at scala.runtime.java8.JFunction0$mcV$sp.apply(JFunction0$mcV$sp.java:23)
at org.thp.scalligraph.DiagnosticContext$.$anonfun$withDiagnosticContext$2(ContextPropagatingDisptacher.scala:93)
at org.thp.scalligraph.DiagnosticContext$.saveDiagnosticContext(ContextPropagatingDisptacher.scala:114)
at org.thp.scalligraph.DiagnosticContext$.withDiagnosticContext(ContextPropagatingDisptacher.scala:91)
at org.thp.scalligraph.DiagnosticContext$$anon$2.withContext(ContextPropagatingDisptacher.scala:76)
at org.thp.scalligraph.ContextPropagatingDispatcher$$anon$1.$anonfun$execute$1(ContextPropagatingDisptacher.scala:57)
at akka.dispatch.TaskInvocation.run(AbstractDispatcher.scala:49)
at akka.dispatch.ForkJoinExecutorConfigurator$AkkaForkJoinTask.exec(ForkJoinExecutorConfigurator.scala:48)
at java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:289)
at java.util.concurrent.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1056)
at java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1692)
at java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:175)
2023-04-07 03:14:17,795 [ERROR] from org.thp.scalligraph.models.Database in application-akka.actor.default-dispatcher-39 [00000903|16360cb1] Exception raised, rollback (Unauthorized action)
2023-04-07 03:14:17,795 [WARN] from org.thp.scalligraph.ErrorHandler in application-akka.actor.default-dispatcher-39 [00000903|16360cb1] POST /api/alert/~122978320/createCase returned 403
2023-04-07 03:14:17,796 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-31 [00000903|] 192.168.1.29 POST /api/alert/~122978320/createCase took 29ms and returned 403 61 bytes
And here is thehive logs when i do the same action but via a curl with the same api key
Logs :
2023-04-07 03:38:38,823 [INFO] from org.thp.scalligraph.controllers.Entrypoint in application-akka.actor.default-dispatcher-32 [000009be|] 192.168.1.65 POST /api/v1/query?name=alerts.count
2023-04-07 03:38:38,823 [INFO] from org.thp.scalligraph.controllers.Entrypoint in application-akka.actor.default-dispatcher-38 [000009ba|] 192.168.1.65 POST /api/v1/query?name=unread-alert-count
2023-04-07 03:38:38,823 [INFO] from org.thp.scalligraph.controllers.Entrypoint in application-akka.actor.default-dispatcher-37 [000009bd|] 192.168.1.65 POST /api/v1/query?name=alerts
2023-04-07 03:38:38,823 [INFO] from org.thp.scalligraph.controllers.Entrypoint in application-akka.actor.default-dispatcher-24 [000009bb|] 192.168.1.65 POST /api/v1/query?name=unread-alert-count
2023-04-07 03:38:38,824 [INFO] from org.thp.scalligraph.controllers.Entrypoint in application-akka.actor.default-dispatcher-39 [000009bc|] 192.168.1.65 POST /api/v1/query?name=alert-count-all
2023-04-07 03:38:38,827 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-37 [000009bd|] 192.168.1.65 POST /api/v1/query?name=alerts took 4ms and returned 200
2023-04-07 03:38:38,905 [INFO] from org.thp.scalligraph.controllers.Entrypoint in application-akka.actor.default-dispatcher-28 [000009bf|] 192.168.1.65 POST /api/v1/query?name=alert-count-all
2023-04-07 03:38:38,955 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-24 [000009ba|] 192.168.1.65 POST /api/v1/query?name=unread-alert-count took 132ms and returned 200 2 bytes
2023-04-07 03:38:38,955 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-38 [000009bb|] 192.168.1.65 POST /api/v1/query?name=unread-alert-count took 132ms and returned 200 2 bytes
2023-04-07 03:38:38,956 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-24 [000009be|] 192.168.1.65 POST /api/v1/query?name=alerts.count took 133ms and returned 200 1 bytes
2023-04-07 03:38:38,956 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-30 [000009bc|] 192.168.1.65 POST /api/v1/query?name=alert-count-all took 133ms and returned 200 2 bytes
2023-04-07 03:38:38,958 [INFO] from org.thp.scalligraph.controllers.Entrypoint in application-akka.actor.default-dispatcher-36 [000009c0|] 192.168.1.65 POST /api/v1/query?name=alerts
2023-04-07 03:38:38,993 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-36 [000009c0|] 192.168.1.65 POST /api/v1/query?name=alerts took 35ms and returned 200
2023-04-07 03:38:38,994 [INFO] from org.thp.scalligraph.controllers.Entrypoint in application-akka.actor.default-dispatcher-38 [000009c1|] 192.168.1.65 POST /api/v1/query?name=alerts.count
2023-04-07 03:38:39,064 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-28 [000009bf|] 192.168.1.65 POST /api/v1/query?name=alert-count-all took 162ms and returned 200 2 bytes
2023-04-07 03:38:39,069 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-38 [000009c1|] 192.168.1.65 POST /api/v1/query?name=alerts.count took 75ms and returned 200 1 bytes
2023-04-07 03:38:40,710 [INFO] from org.thp.scalligraph.controllers.Entrypoint in application-akka.actor.default-dispatcher-24 [000009c4|] 192.168.1.29 POST /api/alert/~41115728/artifact
2023-04-07 03:38:40,731 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-24 [000009c4|] 192.168.1.29 POST /api/alert/~41115728/artifact took 29ms and returned 201 294 bytes
2023-04-07 03:38:40,932 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-32 [000009c2|] 192.168.1.65 GET /api/stream/jKJgDEFt2CMmP8yzuS5n took 1099ms and returned 200 1072 bytes
2023-04-07 03:38:40,932 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-30 [000009c3|] 192.168.1.65 GET /api/stream/SypTB9xku0GmY1hRWzsK took 991ms and returned 200 1072 bytes
2023-04-07 03:38:42,972 [INFO] from org.thp.scalligraph.controllers.Entrypoint in application-akka.actor.default-dispatcher-28 [000009c7|] 192.168.1.29 POST /api/alert/~41115728/createCase
2023-04-07 03:38:43,107 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-24 [000009c7|] 192.168.1.29 POST /api/alert/~41115728/createCase took 142ms and returned 201 742 bytes
2023-04-07 03:38:43,265 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-16 [000009c5|] 192.168.1.65 GET /api/stream/jKJgDEFt2CMmP8yzuS5n took 1317ms and returned 200 1528 bytes
2023-04-07 03:38:43,265 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-37 [000009c6|] 192.168.1.65 GET /api/stream/SypTB9xku0GmY1hRWzsK took 314ms and returned 200 1528 bytes
2023-04-07 03:38:43,268 [INFO] from org.thp.scalligraph.controllers.Entrypoint in application-akka.actor.default-dispatcher-39 [000009c9|] 192.168.1.65 POST /api/v1/query?name=alert-count-all
2023-04-07 03:38:43,268 [INFO] from org.thp.scalligraph.controllers.Entrypoint in application-akka.actor.default-dispatcher-34 [000009c8|] 192.168.1.65 POST /api/v1/query?name=unread-alert-count
2023-04-07 03:38:43,269 [INFO] from org.thp.scalligraph.controllers.Entrypoint in application-akka.actor.default-dispatcher-36 [000009ca|] 192.168.1.65 POST /api/v1/query?name=alerts
2023-04-07 03:38:43,270 [INFO] from org.thp.scalligraph.controllers.Entrypoint in application-akka.actor.default-dispatcher-37 [000009cb|] 192.168.1.65 POST /api/v1/query?name=alerts.count
2023-04-07 03:38:43,271 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-36 [000009ca|] 192.168.1.65 POST /api/v1/query?name=alerts took 2ms and returned 200
2023-04-07 03:38:43,485 [INFO] from org.thp.scalligraph.controllers.Entrypoint in application-akka.actor.default-dispatcher-16 [000009cc|] 192.168.1.65 POST /api/v1/query?name=unread-alert-count
2023-04-07 03:38:43,494 [INFO] from org.thp.scalligraph.controllers.Entrypoint in application-akka.actor.default-dispatcher-38 [000009cd|] 192.168.1.65 POST /api/v1/query?name=alert-count-all
2023-04-07 03:38:43,576 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-34 [000009c8|] 192.168.1.65 POST /api/v1/query?name=unread-alert-count took 308ms and returned 200 2 bytes
2023-04-07 03:38:43,580 [INFO] from org.thp.scalligraph.controllers.Entrypoint in application-akka.actor.default-dispatcher-24 [000009ce|] 192.168.1.65 POST /api/v1/query?name=alerts
2023-04-07 03:38:43,582 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-24 [000009ce|] 192.168.1.65 POST /api/v1/query?name=alerts took 3ms and returned 200
2023-04-07 03:38:43,656 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-39 [000009c9|] 192.168.1.65 POST /api/v1/query?name=alert-count-all took 388ms and returned 200 2 bytes
2023-04-07 03:38:43,657 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-37 [000009cb|] 192.168.1.65 POST /api/v1/query?name=alerts.count took 388ms and returned 200 1 bytes
2023-04-07 03:38:43,726 [INFO] from org.thp.scalligraph.controllers.Entrypoint in application-akka.actor.default-dispatcher-37 [000009cf|] 192.168.1.65 POST /api/v1/query?name=alerts.count
2023-04-07 03:38:43,827 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-38 [000009cd|] 192.168.1.65 POST /api/v1/query?name=alert-count-all took 334ms and returned 200 2 bytes
2023-04-07 03:38:43,828 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-16 [000009cc|] 192.168.1.65 POST /api/v1/query?name=unread-alert-count took 344ms and returned 200 2 bytes
2023-04-07 03:38:43,831 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-37 [000009cf|] 192.168.1.65 POST /api/v1/query?name=alerts.count took 106ms and returned 200 1 bytes
I really don't understand the problem. Has anyone had the same problem before?
Thank you in advance for your help
The text was updated successfully, but these errors were encountered: