Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] Wazuh responder not working. #778

Closed
abhijeetasawant opened this issue May 26, 2020 · 4 comments
Closed

[Bug] Wazuh responder not working. #778

abhijeetasawant opened this issue May 26, 2020 · 4 comments
Assignees
@dadokkio
Labels
category:bug Issue is related to a bug
Milestone
2.8.0

Comments

@abhijeetasawant
Copy link

Describe the bug
I see following error when try to block an IP.
{
"errorMessage": "Traceback (most recent call last):\n File "Wazuh/wazuh.py", line 40, in \n Wazuh().run()\n File "Wazuh/wazuh.py", line 24, in run\n ipaddress.ip_address(self.observable)\nNameError: name 'ipaddress' is not defined\n",
"input": null,
"success": false
}

To Reproduce
Steps to reproduce the behavior:

  1. Configure Wazuh responder from cortex.
  2. Create case in Hive and add observable(IP).
  3. Add custom required case custom fields.
  4. Click on action and choose Wazuh responder.
  5. You can see error message in Cortex jobs.

Expected behavior
Responder should get executed without exception.

Complementary information

Work environment

  • Client OS: Windows 10
  • Server OS: Ubuntu (Virtualbox VM)
  • Browse type and version: Chrome 83.0.4103.61
  • Cortex version:
  • Cortex Analyzer/Responder name: Wazuh_1_0
  • Cortex Analyzer/Responder version: 3.0.1-1

Possible solutions
Looks like - import ipaddress in python code missing.

Additional context
.
@abhijeetasawant abhijeetasawant added the category:bug Issue is related to a bug label May 26, 2020
@weslambert
Copy link
Contributor

Thanks for reporting! I'll take a look and test this as soon as I can.

@weslambert weslambert mentioned this issue May 26, 2020
Closed
@dadokkio
Copy link
Contributor

Hi @weslambert , thanks for the fix.
Regarding requirements ipaddress is a standard lib so it should not be included. Can you please double check?

@weslambert
Copy link
Contributor

Yes, I believe it is standard -- was more of a belt and suspenders approach 😄 I can certainly remove it.

@dadokkio dadokkio added this to the 2.8.0 milestone May 27, 2020
@dadokkio dadokkio self-assigned this May 27, 2020
@jeromeleonard jeromeleonard linked a pull request Jun 14, 2020 that will close this issue
Wazuh import ipaddress #779
Closed
@dadokkio
Copy link
Contributor

This PR has been merged manually.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dadokkio dadokkio

Labels
category:bug Issue is related to a bug
Projects
None yet
Milestone
2.8.0
Development

Successfully merging a pull request may close this issue.

Wazuh import ipaddress
3 participants
@dadokkio @abhijeetasawant @weslambert