[Bug] Short templates not used and/or not imported ? #1269
Description
Describe the bug
Some analyzers come with a short.html template. But I can't use it.
As I'm a new user, I wonder if it's my fault or if it's a bug.
-
When I import an zip file containing
long.htmlandshort.html, only 1 model is imported (the long one). -
On a fresh installation of an Analyzer that should have a long and a short template, I can see only the long one in the list of Analyzer template
-
When I inspect the html source code of the short report, it does not look like the short.html file (probably looks like the built-in template for short report).
To Reproduce
Steps to reproduce the "short template not used" behavior:
- Enable IP-API_1_0 analyzer (or any other analyzer that provides a short.html template)
- Run the Analyzer against the 1.2.3.4 IP
- Inspect the result of the short report: we can't see a span with the class="label" whereas we do see such a class in the short.html
Steps to reproduce the "short template not imported" behavior:
-
Enable IP-API_1_0 analyzer (or any other analyzer that provides a short.html template)
-
Import a zip that contains short and long report:
IP-API_1_0.zip -
There is a success message saying that 1 model has been imported (and we can see that this is the long one)
Expected behavior
The short.html template should be used for short report as mentioned in documentation.
We should be able to import it with the "upload zip" feature
Complementary information
N/A
Work environment
I'm using the following docker-compose.yml file :
docker-compose.yml
services:
thehive:
image: strangebee/thehive:5.2
depends_on:
- cassandra
- elasticsearch
- minio
- cortex
ports:
- "9000:9000"
environment:
- JVM_OPTS="-Xms1024M -Xmx1024M"
- HIVE_SECRET="${HIVE_SECRET}"
- CORTEX_KEY="${CORTEX_KEY}"
command:
- --secret
- "${HIVE_SECRET}"
- "--cql-hostnames"
- "cassandra"
- "--index-backend"
- "elasticsearch"
- "--es-hostnames"
- "elasticsearch"
- "--s3-endpoint"
- "http://minio:9000"
- "--s3-access-key"
- "minioadmin"
- "--s3-secret-key"
- "minioadmin"
- "--s3-bucket"
- "thehive"
- "--s3-use-path-access-style"
- "--cortex-hostnames"
- "cortex"
- "--cortex-keys"
# put cortex api key once cortex is bootstraped
- "${CORTEX_KEY}"
restart: on-failure
cassandra:
image: 'cassandra:4'
ports:
- "9042:9042"
environment:
- MAX_HEAP_SIZE=1024M
- HEAP_NEWSIZE=1024M
- CASSANDRA_CLUSTER_NAME=TheHive
volumes:
- cassandradata:/var/lib/cassandra
restart: on-failure
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:7.17.12
ports:
- "9200:9200"
environment:
- discovery.type=single-node
- xpack.security.enabled=false
- "ES_JAVA_OPTS=-Xms${ELASTIC_MEMORY_SIZE} -Xmx${ELASTIC_MEMORY_SIZE}"
volumes:
- elasticsearchdata:/usr/share/elasticsearch/data
restart: on-failure
minio:
image: quay.io/minio/minio
mem_limit: 512m
command: ["minio", "server", "/data", "--console-address", ":9090"]
environment:
- MINIO_ROOT_USER=minioadmin
- MINIO_ROOT_PASSWORD=minioadmin
ports:
- "9090:9090"
volumes:
- "miniodata:/data"
cortex:
image: thehiveproject/cortex:3.1.7
depends_on:
- elasticsearch
environment:
- job_directory=/tmp/cortex-jobs
- HIVE_SECRET="${HIVE_SECRET}"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /tmp/cortex-jobs:/tmp/cortex-jobs
ports:
- "9001:9001"
restart: on-failure
command:
- --secret
- "${HIVE_SECRET}"
kibana:
image: docker.elastic.co/kibana/kibana:7.17.12
ports:
- "5601:5601"
environment:
- ELASTICSEARCH_HOSTS=http://elasticsearch:9200
depends_on:
- elasticsearch
volumes:
miniodata:
cassandradata:
elasticsearchdata:
- Cortex version: Cortex container from Docker file: thehiveproject/cortex:3.1.7
- Cortex Analyzer/Responder name: Any analyzers with short and long template
- Cortex Analyzer/Responder version: Any analyzers version with short and long template
Possible solutions
N/A
Additional context
Looking in Elasticsearch (with Kibana), I can't see anything related to short templates: indices with _label=AnalyzerTemplate are only long ones.
Thanks !