[Bug] Can't create case from an alert with api key with shuffle #2462
Comments
Blood78
changed the title
|
I had the same error, you have to set a template in "Case Template" in Shuffle. I know it says "optional" but it is not. Sorry for the late answer |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Request Type
Bug Can't create case from an alert with api key with shuffle AuthorizationError: Unauthorized action
Work Environment
Problem Description
I created a workflow on shuffle but when I want to create a case from an alert I get the error AuthorizationError: Unauthorized action while when I perform the action via a curl and the same api key with shuffle it works perfectly
Steps to Reproduce
Here are thehive logs when I launch my workflow via thehive module to create a case from an alert
Logs :
2023-04-07 03:14:17,795 [ERROR] from org.thp.scalligraph.utils.Retry in application-akka.actor.default-dispatcher-39 [00000903|16360cb1] uncaught error, not retrying
org.thp.scalligraph.AuthorizationError: Unauthorized action
at org.thp.scalligraph.traversal.TraversalOps$TraversalOpsDefs.existsOrFail(TraversalOps.scala:154)
at org.thp.thehive.controllers.v0.AlertCtrl.$anonfun$createCase$5(AlertCtrl.scala:275)
at scala.Option.map(Option.scala:230)
at org.thp.thehive.controllers.v0.AlertCtrl.$anonfun$createCase$4(AlertCtrl.scala:275)
at scala.util.Success.flatMap(Try.scala:251)
at org.thp.thehive.controllers.v0.AlertCtrl.$anonfun$createCase$3(AlertCtrl.scala:269)
at scala.util.Success.flatMap(Try.scala:251)
at org.thp.thehive.controllers.v0.AlertCtrl.$anonfun$createCase$2(AlertCtrl.scala:268)
at org.thp.scalligraph.controllers.Entrypoint$EntryPointBuilder.$anonfun$authPermittedTransaction$2(Entrypoint.scala:129)
at org.thp.scalligraph.janus.JanusDatabase.$anonfun$tryTransaction$7(JanusDatabase.scala:241)
at scala.util.Try$.apply(Try.scala:213)
at org.thp.scalligraph.janus.JanusDatabase.$anonfun$tryTransaction$6(JanusDatabase.scala:241)
at scala.util.Try$.apply(Try.scala:213)
at org.thp.scalligraph.utils.DelayRetry.withTry(Retry.scala:93)
at org.thp.scalligraph.janus.JanusDatabase.tryTransaction(JanusDatabase.scala:238)
at org.thp.scalligraph.controllers.Entrypoint$EntryPointBuilder.$anonfun$authPermittedTransaction$1(Entrypoint.scala:129)
at org.thp.scalligraph.controllers.Entrypoint$EntryPointBuilder.$anonfun$auth$1(Entrypoint.scala:86)
at org.thp.scalligraph.controllers.Entrypoint$EntryPointBuilder.$anonfun$asyncAuth$4(Entrypoint.scala:108)
at org.scalactic.Good.fold(Or.scala:1229)
at org.thp.scalligraph.controllers.Entrypoint$EntryPointBuilder.$anonfun$asyncAuth$2(Entrypoint.scala:108)
at org.thp.scalligraph.DiagnosticContext$.$anonfun$withRequest$2(ContextPropagatingDisptacher.scala:108)
at org.thp.scalligraph.DiagnosticContext$.saveDiagnosticContext(ContextPropagatingDisptacher.scala:114)
at org.thp.scalligraph.DiagnosticContext$.withRequest(ContextPropagatingDisptacher.scala:99)
at org.thp.scalligraph.controllers.Entrypoint$EntryPointBuilder.$anonfun$asyncAuth$1(Entrypoint.scala:105)
at org.thp.scalligraph.auth.AuthSrvWithActionFunction$$anon$1.$anonfun$invokeBlock$2(AuthSrv.scala:91)
at scala.Option.fold(Option.scala:251)
at org.thp.scalligraph.auth.AuthSrvWithActionFunction$$anon$1.invokeBlock(AuthSrv.scala:90)
at org.thp.scalligraph.auth.AuthSrvWithActionFunction$$anon$1.invokeBlock(AuthSrv.scala:87)
at org.thp.scalligraph.auth.BasicAuthSrv$$anon$1.$anonfun$invokeBlock$1(BasicAuthSrv.scala:54)
at scala.Option.fold(Option.scala:251)
at org.thp.scalligraph.auth.BasicAuthSrv$$anon$1.invokeBlock(BasicAuthSrv.scala:54)
at org.thp.scalligraph.auth.BasicAuthSrv$$anon$1.invokeBlock(BasicAuthSrv.scala:52)
at org.thp.scalligraph.auth.SessionAuthSrv$$anon$1.$anonfun$invokeBlock$1(SessionAuthSrv.scala:98)
at scala.Option.fold(Option.scala:251)
at org.thp.scalligraph.auth.SessionAuthSrv$$anon$1.invokeBlock(SessionAuthSrv.scala:98)
at org.thp.scalligraph.auth.SessionAuthSrv$$anon$1.invokeBlock(SessionAuthSrv.scala:95)
at play.api.mvc.ActionBuilder$$anon$10.$anonfun$invokeBlock$2(Action.scala:408)
at play.api.mvc.ActionBuilderImpl.invokeBlock(Action.scala:441)
at play.api.mvc.ActionBuilderImpl.invokeBlock(Action.scala:439)
at play.api.mvc.ActionBuilder$$anon$10.invokeBlock(Action.scala:408)
at play.api.mvc.ActionBuilder$$anon$10.invokeBlock(Action.scala:404)
at play.api.mvc.ActionBuilder$$anon$9.apply(Action.scala:379)
at play.api.mvc.Action.$anonfun$apply$4(Action.scala:82)
at play.api.libs.streams.StrictAccumulator.$anonfun$mapFuture$4(Accumulator.scala:168)
at scala.util.Try$.apply(Try.scala:213)
at play.api.libs.streams.StrictAccumulator.$anonfun$mapFuture$3(Accumulator.scala:168)
at scala.Function1.$anonfun$andThen$1(Function1.scala:57)
at scala.Function1.$anonfun$andThen$1(Function1.scala:57)
at scala.Function1.$anonfun$andThen$1(Function1.scala:57)
at play.api.libs.streams.StrictAccumulator.run(Accumulator.scala:200)
at play.core.server.AkkaHttpServer.$anonfun$runAction$4(AkkaHttpServer.scala:418)
at akka.http.scaladsl.util.FastFuture$.strictTransform$1(FastFuture.scala:41)
at akka.http.scaladsl.util.FastFuture$.$anonfun$transformWith$3(FastFuture.scala:51)
at scala.concurrent.impl.CallbackRunnable.run(Promise.scala:64)
at org.thp.scalligraph.ContextPropagatingDispatcher$$anon$1.$anonfun$execute$2(ContextPropagatingDisptacher.scala:57)
at scala.runtime.java8.JFunction0$mcV$sp.apply(JFunction0$mcV$sp.java:23)
at org.thp.scalligraph.DiagnosticContext$.$anonfun$withDiagnosticContext$2(ContextPropagatingDisptacher.scala:93)
at org.thp.scalligraph.DiagnosticContext$.saveDiagnosticContext(ContextPropagatingDisptacher.scala:114)
at org.thp.scalligraph.DiagnosticContext$.withDiagnosticContext(ContextPropagatingDisptacher.scala:91)
at org.thp.scalligraph.DiagnosticContext$$anon$2.withContext(ContextPropagatingDisptacher.scala:76)
at org.thp.scalligraph.ContextPropagatingDispatcher$$anon$1.$anonfun$execute$1(ContextPropagatingDisptacher.scala:57)
at akka.dispatch.TaskInvocation.run(AbstractDispatcher.scala:49)
at akka.dispatch.ForkJoinExecutorConfigurator$AkkaForkJoinTask.exec(ForkJoinExecutorConfigurator.scala:48)
at java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:289)
at java.util.concurrent.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1056)
at java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1692)
at java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:175)
2023-04-07 03:14:17,795 [ERROR] from org.thp.scalligraph.models.Database in application-akka.actor.default-dispatcher-39 [00000903|16360cb1] Exception raised, rollback (Unauthorized action)
2023-04-07 03:14:17,795 [WARN] from org.thp.scalligraph.ErrorHandler in application-akka.actor.default-dispatcher-39 [00000903|16360cb1] POST /api/alert/~122978320/createCase returned 403
2023-04-07 03:14:17,796 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-31 [00000903|] 192.168.1.29 POST /api/alert/~122978320/createCase took 29ms and returned 403 61 bytes
And here is thehive logs when i do the same action but via a curl with the same api key
Logs :
2023-04-07 03:38:38,823 [INFO] from org.thp.scalligraph.controllers.Entrypoint in application-akka.actor.default-dispatcher-32 [000009be|] 192.168.1.65 POST /api/v1/query?name=alerts.count
2023-04-07 03:38:38,823 [INFO] from org.thp.scalligraph.controllers.Entrypoint in application-akka.actor.default-dispatcher-38 [000009ba|] 192.168.1.65 POST /api/v1/query?name=unread-alert-count
2023-04-07 03:38:38,823 [INFO] from org.thp.scalligraph.controllers.Entrypoint in application-akka.actor.default-dispatcher-37 [000009bd|] 192.168.1.65 POST /api/v1/query?name=alerts
2023-04-07 03:38:38,823 [INFO] from org.thp.scalligraph.controllers.Entrypoint in application-akka.actor.default-dispatcher-24 [000009bb|] 192.168.1.65 POST /api/v1/query?name=unread-alert-count
2023-04-07 03:38:38,824 [INFO] from org.thp.scalligraph.controllers.Entrypoint in application-akka.actor.default-dispatcher-39 [000009bc|] 192.168.1.65 POST /api/v1/query?name=alert-count-all
2023-04-07 03:38:38,827 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-37 [000009bd|] 192.168.1.65 POST /api/v1/query?name=alerts took 4ms and returned 200
2023-04-07 03:38:38,905 [INFO] from org.thp.scalligraph.controllers.Entrypoint in application-akka.actor.default-dispatcher-28 [000009bf|] 192.168.1.65 POST /api/v1/query?name=alert-count-all
2023-04-07 03:38:38,955 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-24 [000009ba|] 192.168.1.65 POST /api/v1/query?name=unread-alert-count took 132ms and returned 200 2 bytes
2023-04-07 03:38:38,955 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-38 [000009bb|] 192.168.1.65 POST /api/v1/query?name=unread-alert-count took 132ms and returned 200 2 bytes
2023-04-07 03:38:38,956 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-24 [000009be|] 192.168.1.65 POST /api/v1/query?name=alerts.count took 133ms and returned 200 1 bytes
2023-04-07 03:38:38,956 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-30 [000009bc|] 192.168.1.65 POST /api/v1/query?name=alert-count-all took 133ms and returned 200 2 bytes
2023-04-07 03:38:38,958 [INFO] from org.thp.scalligraph.controllers.Entrypoint in application-akka.actor.default-dispatcher-36 [000009c0|] 192.168.1.65 POST /api/v1/query?name=alerts
2023-04-07 03:38:38,993 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-36 [000009c0|] 192.168.1.65 POST /api/v1/query?name=alerts took 35ms and returned 200
2023-04-07 03:38:38,994 [INFO] from org.thp.scalligraph.controllers.Entrypoint in application-akka.actor.default-dispatcher-38 [000009c1|] 192.168.1.65 POST /api/v1/query?name=alerts.count
2023-04-07 03:38:39,064 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-28 [000009bf|] 192.168.1.65 POST /api/v1/query?name=alert-count-all took 162ms and returned 200 2 bytes
2023-04-07 03:38:39,069 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-38 [000009c1|] 192.168.1.65 POST /api/v1/query?name=alerts.count took 75ms and returned 200 1 bytes
2023-04-07 03:38:40,710 [INFO] from org.thp.scalligraph.controllers.Entrypoint in application-akka.actor.default-dispatcher-24 [000009c4|] 192.168.1.29 POST /api/alert/~41115728/artifact
2023-04-07 03:38:40,731 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-24 [000009c4|] 192.168.1.29 POST /api/alert/~41115728/artifact took 29ms and returned 201 294 bytes
2023-04-07 03:38:40,932 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-32 [000009c2|] 192.168.1.65 GET /api/stream/jKJgDEFt2CMmP8yzuS5n took 1099ms and returned 200 1072 bytes
2023-04-07 03:38:40,932 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-30 [000009c3|] 192.168.1.65 GET /api/stream/SypTB9xku0GmY1hRWzsK took 991ms and returned 200 1072 bytes
2023-04-07 03:38:42,972 [INFO] from org.thp.scalligraph.controllers.Entrypoint in application-akka.actor.default-dispatcher-28 [000009c7|] 192.168.1.29 POST /api/alert/~41115728/createCase
2023-04-07 03:38:43,107 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-24 [000009c7|] 192.168.1.29 POST /api/alert/~41115728/createCase took 142ms and returned 201 742 bytes
2023-04-07 03:38:43,265 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-16 [000009c5|] 192.168.1.65 GET /api/stream/jKJgDEFt2CMmP8yzuS5n took 1317ms and returned 200 1528 bytes
2023-04-07 03:38:43,265 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-37 [000009c6|] 192.168.1.65 GET /api/stream/SypTB9xku0GmY1hRWzsK took 314ms and returned 200 1528 bytes
2023-04-07 03:38:43,268 [INFO] from org.thp.scalligraph.controllers.Entrypoint in application-akka.actor.default-dispatcher-39 [000009c9|] 192.168.1.65 POST /api/v1/query?name=alert-count-all
2023-04-07 03:38:43,268 [INFO] from org.thp.scalligraph.controllers.Entrypoint in application-akka.actor.default-dispatcher-34 [000009c8|] 192.168.1.65 POST /api/v1/query?name=unread-alert-count
2023-04-07 03:38:43,269 [INFO] from org.thp.scalligraph.controllers.Entrypoint in application-akka.actor.default-dispatcher-36 [000009ca|] 192.168.1.65 POST /api/v1/query?name=alerts
2023-04-07 03:38:43,270 [INFO] from org.thp.scalligraph.controllers.Entrypoint in application-akka.actor.default-dispatcher-37 [000009cb|] 192.168.1.65 POST /api/v1/query?name=alerts.count
2023-04-07 03:38:43,271 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-36 [000009ca|] 192.168.1.65 POST /api/v1/query?name=alerts took 2ms and returned 200
2023-04-07 03:38:43,485 [INFO] from org.thp.scalligraph.controllers.Entrypoint in application-akka.actor.default-dispatcher-16 [000009cc|] 192.168.1.65 POST /api/v1/query?name=unread-alert-count
2023-04-07 03:38:43,494 [INFO] from org.thp.scalligraph.controllers.Entrypoint in application-akka.actor.default-dispatcher-38 [000009cd|] 192.168.1.65 POST /api/v1/query?name=alert-count-all
2023-04-07 03:38:43,576 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-34 [000009c8|] 192.168.1.65 POST /api/v1/query?name=unread-alert-count took 308ms and returned 200 2 bytes
2023-04-07 03:38:43,580 [INFO] from org.thp.scalligraph.controllers.Entrypoint in application-akka.actor.default-dispatcher-24 [000009ce|] 192.168.1.65 POST /api/v1/query?name=alerts
2023-04-07 03:38:43,582 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-24 [000009ce|] 192.168.1.65 POST /api/v1/query?name=alerts took 3ms and returned 200
2023-04-07 03:38:43,656 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-39 [000009c9|] 192.168.1.65 POST /api/v1/query?name=alert-count-all took 388ms and returned 200 2 bytes
2023-04-07 03:38:43,657 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-37 [000009cb|] 192.168.1.65 POST /api/v1/query?name=alerts.count took 388ms and returned 200 1 bytes
2023-04-07 03:38:43,726 [INFO] from org.thp.scalligraph.controllers.Entrypoint in application-akka.actor.default-dispatcher-37 [000009cf|] 192.168.1.65 POST /api/v1/query?name=alerts.count
2023-04-07 03:38:43,827 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-38 [000009cd|] 192.168.1.65 POST /api/v1/query?name=alert-count-all took 334ms and returned 200 2 bytes
2023-04-07 03:38:43,828 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-16 [000009cc|] 192.168.1.65 POST /api/v1/query?name=unread-alert-count took 344ms and returned 200 2 bytes
2023-04-07 03:38:43,831 [INFO] from org.thp.scalligraph.AccessLogFilter in application-akka.actor.default-dispatcher-37 [000009cf|] 192.168.1.65 POST /api/v1/query?name=alerts.count took 106ms and returned 200 1 bytes
I really don't understand the problem. Has anyone had the same problem before?
Thank you in advance for your help
The text was updated successfully, but these errors were encountered: