reconinfosec / graylog2thehive Goto Github PK
View Code? Open in Web Editor NEWCreate alerts in The Hive from your Graylog alerts, to be turned into Hive cases.
Create alerts in The Hive from your Graylog alerts, to be turned into Hive cases.
After using
pip install -r requirements.txt
Have an error:
ERROR: Could not find a version that satisfies the requirement json (from -r requirements.txt (line 3)) (from versions: none)
ERROR: No matching distribution found for json (from -r requirements.txt (line 3))
Removing json from requirements.txt and all work fine.
Python has a built-in JSON module. If that's what you're looking for. Just import in your script or shell
git clone https://github.com/ReconInfoSec/graylog2thehive.git /opt/graylog2thehive
Add a run_as user/group ie: myusername
root@thehive:/opt/graylog2thehive# adduser myusername
root@thehive:/opt/graylog2thehive# chown myusername:myusername /opt/graylog2thehive/ -R
Update the .service file with the local username/group, and change to python3
cat init.d/graylog2thehive.service
[Unit]
Description=graylog2thehive
After=multi-user.target[Service]
Type=idle
Environment="HIVE_SECRET_KEY=blahblahblah"
User=myusername
Group=myusernameWorkingDirectory=/opt/graylog2thehive
ExecStart=/usr/bin/python3 app.py runserverStandardOutput=journal
StandardError=journal
[Install]
WantedBy=multi-user.target
root@thehive:/opt/graylog2thehive#
root@thehive:/opt/graylog2thehive#cp init.d/graylog2thehive.service /etc/systemd/system/graylog2thehive.service
Change the requirements file to look like this, and run the pip update (if needed, apt install python-pip3):
thehive4py==1.6.0
requests
#json
#logging
flask
root@thehive:/opt/graylog2thehive# pip install -r requirements.txt
Then tell linux the world has changed, and start your service.
root@thehive:/opt/graylog2thehive# systemctl daemon-reload
root@thehive:/opt/graylog2thehive# systemctl enable graylog2thehive.service
root@thehive:/opt/graylog2thehive# systemctl start graylog2thehive.service
Had to change:
sudo git clone https://github.com/ReconInfoSec/graylog2thehive.git /opt/graylog2thehive
sudo cp /opt/graylog2thehiveinit.d/graylog2thehive.service /etc/systemd/system/graylog2thehive.service
cd /opt/graylog2thehive
sudo touch /var/log/graylog2thehive.log
sudo chown username:groupname /var/log/graylog2thehive.log
cd /opt/graylog2thehive
root@theserver:/opt/graylog2thehive# nano /etc/systemd/system/graylog2thehive.service
[Unit]
Description=graylog2thehive
After=multi-user.target
[Service]
Type=idle
Environment="HIVE_SECRET_KEY=somethingrandomthatacatdraggedin"
WorkingDirectory=/opt/graylog2thehive
ExecStart=/usr/bin/python3 app.py runserver
User=user1
# Connects standard output to /dev/null
StandardOutput=journal
# Connects standard error to journal
StandardError=journal
[Install]
WantedBy=multi-user.target
root@theserver:/opt/graylog2thehive# nano config.py
import os
import json
basedir = os.path.abspath(os.path.dirname(__file__))
class Config(object):
API_KEY=os.environ.get('HIVE_SECRET_KEY')
HIVE_URL='http://192.168.0.100:9000'
LOG_FILE='/var/log/graylog2thehive.log'
GRAYLOG_URL='http://192.168.0.100:9000'
root@theserver:/opt/graylog2thehive# nano app.py
from app import app
import json
#import ssl
#context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
#context.options |= ssl.OP_NO_SSLv2
#context.options |= ssl.OP_NO_SSLv3
#context.load_cert_chain('cert.pem', 'privkey.pem')
#context.load_verify_locations('fullchain.pem')
app.run(debug = False, threaded=True, host='192.168.0.100', port=5000, passthrough_errors=True)
root@theserver:/opt/graylog2thehive# nano requirements.txt
thehive4py
requests
#json
#logging
flask
apt install python3-pip -y
pip3 install -r requirements.txt
root@theserver:/opt/graylog2thehive# systemctl daemon-reload
root@theserver:/opt/graylog2thehive# systemctl restart graylog2thehive
root@theserver:/opt/graylog2thehive# lsof -i | grep 5000
python3 3041 user1 3u IPv4 32788 0t0 TCP *:5000 (LISTEN)
root@theserver:/opt/graylog2thehive#
Traceback (most recent call last):
File "/home/socadmin/.local/lib/python3.10/site-packages/flask/app.py", line 1455, in wsgi_app
response = self.full_dispatch_request()
File "/home/socadmin/.local/lib/python3.10/site-packages/flask/app.py", line 869, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/home/socadmin/.local/lib/python3.10/site-packages/flask/app.py", line 867, in full_dispatch_request
rv = self.dispatch_request()
File "/home/socadmin/.local/lib/python3.10/site-packages/flask/app.py", line 852, in dispatch_request
return self.ensure_sync(self.view_functions[rule.endpoint])(view_args)
File "/opt/graylog2thehive/app/init.py", line 142, in create_alert_http
# description=description+"\n"+key+":** "+json.dumps(message_flattened[key], ensure_ascii=False, encoding="utf8")+"\n"
File "/usr/lib/python3.10/json/init.py", line 234, in dumps
return cls(
Workaround:
/opt/graylog2thehive/app$ nano _ _ init_ _ .py
-- description=description+"\n**"+key+":** "+json.dumps(message_flattened[key], ensure_ascii=False, encoding="utf8")+"\n"
++ description=description+"\n**"+key+":** "+json.dumps(message_flattened[key], ensure_ascii=False)+"\n"
AND
-- description=description+"\n**"+key+":** "+json.dumps(message_flattened[key], ensure_ascii=False, encoding="utf8")+"\n"
++ description=description+"\n**"+key+":** "+json.dumps(message_flattened[key], ensure_ascii=False)+"\n"
Hi,
Thank you for creating this.
It seems that it fails to start with thehive4py 1.7.1
it works fine when we install with "pip install thehive4py==1.6.0"
Jun 08 08:29:22 thehive4 systemd[1]: Started graylog2thehive.
Jun 08 08:29:22 thehive4 python[2608]: Traceback (most recent call last):
Jun 08 08:29:22 thehive4 python[2608]: File "app.py", line 1, in
Jun 08 08:29:22 thehive4 python[2608]: from app import app
Jun 08 08:29:22 thehive4 python[2608]: File "/opt/graylog2thehive/app/init.py", line 10, in
Jun 08 08:29:22 thehive4 python[2608]: from thehive4py.api import TheHiveApi
Jun 08 08:29:22 thehive4 python[2608]: File "/usr/local/lib/python2.7/dist-packages/thehive4py/api.py", line 22
Jun 08 08:29:22 thehive4 python[2608]: def init(self, url: str, principal: str, organisation=None, password=None, proxies={}
Regards,
Kris
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.