Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug] Cannot delete ObservabelDataType #2470

Open
DanteDevil89 opened this issue Aug 8, 2023 · 0 comments
Open

[Bug] Cannot delete ObservabelDataType #2470

DanteDevil89 opened this issue Aug 8, 2023 · 0 comments
Labels
bug TheHive4 TheHive4 related issues

Comments

@DanteDevil89
Copy link

DanteDevil89 commented Aug 8, 2023

Request Type

Bug

Work Environment

Question Answer
OS version (server) Ubuntu
Virtualized Env. True
Dedicated RAM 4 GB
vCPU 4
TheHive version / git hash 4.1.24,
Package Type Docker
Database Cassandra 3.11
Index type Elasticsearch 7.17.7
Attachments storage Local

Problem Description

Describe the problem/bug as clearly as possible.

Steps to Reproduce

  1. I did a full docker install with Thehive, CassandraDB, ElasticSearch.

  2. I have created the New Organization.

  3. I Migrated the db from TheHive 3.5.

  4. After restarting docker compose I found:

    • the organization of the old DB (set in the migration);
    • the New Organization created before the migration;
    • 2 "admin" organizations with the user [email protected] inside.
  5. The observabelDataTypes are all duplicates and if I try to delete it it gives me the following error "AdminObservablesCtrl: Observable Type 4336 is used"

Possible Solutions

Delete the ObservablesDataType directly from the db?
How to search it?
How to remove it saftely?

Complementary information

DOCKER CONFIG (the commented lines '#' for the migration )

version: '3.8'
services:
  cassandra:
    image: 'cassandra:3.11'
    container_name: cassandra
    environment:
      - MAX_HEAP_SIZE=1G
      - HEAP_NEWSIZE=1G
      - CASSANDRA_CLUSTER_NAME=thp
    volumes:
      - './vol/cassandra/data:/var/lib/cassandra/data'
    networks:
      - proxy
    hostname: cassandra.local

  thehive:
    image: 'thehiveproject/thehive4:latest'
    container_name: thehive4
    #restart: unless-stopped
    depends_on:
      - cassandra
    networks:
      - proxy
    ports:
      #- '0.0.0.0:9999:9000'
      - '0.0.0.0:9000:9000'
    volumes:
      - ./vol/thehive/application.conf:/etc/thehive/application.conf
      - ./vol/thehive/data:/opt/thp/thehive/data
      - ./vol/thehive/index:/opt/thp/thehive/index
    command:
      #- migrate
      #- --output
      #- /etc/thehive/application.conf
      #- --main-organisation
      #- MyOrganisation1
      #- --es-uri
      #- http://IP:9200
      #- --es-index
      #- the_hive
      #- --case-from-date
      #- "20180725"
      #- --alert-from-date
      #- "20210725"
      #- --audit-from-date
      #- "20210725"
      #- --no-config-cortex
      - --no-config


  elasticsearch:
    container_name: elasticsearch
    image: 'elasticsearch:7.17.7'
    environment:
      - ingest.geoip.downloader.enabled=false
      - http.host=0.0.0.0
      - discovery.type=single-node
      - cluster.name=hive
      - script.allowed_types=inline,stored
      - thread_pool.search.queue_size=100000
      - thread_pool.write.queue_size=10000
      - gateway.recover_after_nodes=1
      - xpack.security.enabled=false
      - bootstrap.memory_lock=true
      - 'ES_JAVA_OPTS=-Xms256m -Xmx256m'
    ulimits:
      nofile:
        soft: 65536
        hard: 65536
    networks:
      - proxy
    hostname: elasticsearch.local

networks:
  proxy:
    external: true

THE HIVE APPLICATION CONF

play.http.secret.key="akeyverydifficultbutidontknowwhy"
#play.http.context: "/cortexdev"

auth.defaultUserDomain: "myorgganisation1.com"

storage {
   provider: localfs
   localfs.location: /opt/thp/thehive/data
}

# JanusGraph
db {
  provider: janusgraph
  janusgraph {
    storage {
      backend: cql
      hostname: ["cassandra.local"]

      cql {
        cluster-name: thp       # cluster name
        keyspace: thehive           # name of the keyspace
        read-consistency-level: ONE
        write-consistency-level: ONE
      }
    }

    ## Index configuration
    index {
      search {
        backend : elasticsearch
        hostname : ["elasticsearch.local"]
        index-name : thehive
        elasticsearch {
          http {
            auth {
              type: basic
              basic {
                username: httpuser
                password: httppassword
              }
            }
          }
        }
      }
    }
  }
}

image

@DanteDevil89 DanteDevil89 added bug TheHive4 TheHive4 related issues labels Aug 8, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug TheHive4 TheHive4 related issues
Projects
None yet
Development

No branches or pull requests

1 participant