Cortex icon indicating copy to clipboard operation
Cortex copied to clipboard
verified publisher icon TheHive-Project

[BUG] Analyzers and Responders not loading in Cortex 3.1.0-RC-1

Open victorhugo-sg opened this issue 5 years ago • 3 comments

Request Type

Bug

Work Environment

Question Answer
OS version (server) Ubuntu 20.04
Cortex version / git hash 3.1.0-RC-1
Package Type Binary

Problem Description

After modifying the application.conf file and restarting the service analyzers and responders are not available via the GUI.

Steps to Reproduce

Downloaded the Analyzers and Responders. Modified the application.conf Restarted the service

Complementary information## ANALYZERS

Here is the section I'm modifying

analyzer {

analyzer location

path = ["/opt/Cortex-Analyzers/analyzers/"]

url can be point to:

- directory where analyzers are installed

- json file containing the list of analyzer descriptions

urls = ["https://dl.bintray.com/thehive-project/cortexneurons/analyzers.json"]

Sane defaults. Do not change unless you know what you are doing.

fork-join-executor { # Min number of threads available for analysis. parallelism-min = 2 # Parallelism (threads) ... ceil(available processors * factor). parallelism-factor = 2.0 # Max number of threads available for analysis. parallelism-max = 4 } }

RESPONDERS

responder {

responder location (same format as analyzer.urls)

path = ["/opt/Cortex-Analyzers/responders/"] urls = ["https://dl.bintray.com/thehive-project/cortexneurons/reponders.json"]

Sane defaults. Do not change unless you know what you are doing.

fork-join-executor { # Min number of threads available for analysis. parallelism-min = 2 # Parallelism (threads) ... ceil(available processors * factor). parallelism-factor = 2.0 # Max number of threads available for analysis. parallelism-max = 4 } }

victorhugo-sg avatar Dec 16 '20 21:12 victorhugo-sg

Hi, your application.conf is wrong as far as i can tell. Why you you have a path = in it?

A working application.conf part for Analyzers looks like this for example:

analyzer {
  urls = [
    "https://download.thehive-project.org/analyzers.json"
    "/opt/cortex/Cortex-Analyzers/analyzers/"
  ]
  fork-join-executor {
    parallelism-min = 2
    parallelism-factor = 2.0
    parallelism-max = 4
  }
}

As Mentioned in the Comment in the application.conf file, the URL Key does point to the .json file and can point to the directory for the Analzyers, so no path = needed. Change that and it should work

JustCodeIt4Head avatar Feb 07 '21 10:02 JustCodeIt4Head

Hi @JustCodeIt4Head I setup Thehive and cortex using docker and while I have analyzers and responders, I can't see a application.conf file in the cortex container at the path- /etc/cortex/conf/application.conf.

How do I get the application.conf file in cortex docker container?

michaelkasede avatar Feb 24 '21 13:02 michaelkasede

Hi @michaelkasede ! If you set up TheHive and cortex with docker, you have to define yourself the application.conf on your docker-compose.yml

When you are on the part Cortex, you have to set a volume like that

volumes:
      #Path the file to host : Path on your container
      - ./files/cortex/application.conf:/etc/cortex/application.conf

You need to have on your host, the application.conf. Use the default application.conf publish by Cortex on Github : https://github.com/TheHive-Project/Cortex/blob/master/conf/application.sample

Nad3s avatar Dec 20 '21 10:12 Nad3s