Closed
Description
Request Type
Bug
Work Environment
| Question | Answer |
|---|---|
| OS version (server) | Debian Buster |
| OS version (client) | Win10 |
| TheHive version / git hash | 4.0-RC1 |
| Package Type | DEB |
| Browser type & version | Firefox 73 |
Problem Description
I created 2 alerts via the API with the same observable. I imported one and previewed the other, but the case previously created doesn't show up.
I also tried to mark the case's observable as IOC, but no change.
However, two cases with the same observables will be flagged as related.
Steps to Reproduce
- Create 2 alerts with the same observable
- Import one alert as a new case
- Preview the second one
Complementary information
The JSON returned when previewing the alert is the following:
"_id": "45056",
"id": "45056",
"createdBy": "admin@localhost",
"updatedBy": null,
"createdAt": 1583182772662,
"updatedAt": null,
"_type": "alert",
"type": "external",
"source": "instance1",
"sourceRef": "59722e",
"externalLink": null,
"case": null,
"title": "New Alert2",
"description": "N/A",
"severity": 2,
"date": 1583182770000,
"tags": ["TheHive4Py", "sample"],
"tlp": 3,
"pap": 2,
"status": "New",
"follow": true,
"customFields": {},
"caseTemplate": null,
"artifacts": [{
"_id": "61576",
"id": "61576",
"createdBy": "admin@localhost",
"createdAt": 1583182772656,
"_type": "case_artifact",
"dataType": "ip",
"data": "8.8.8.8",
"startDate": 1583182772656,
"tlp": 2,
"tags": [],
"ioc": false,
"sighted": false,
"reports": {},
"stats": {}
}]
}
I'm guessing the value of the field "sighted" should be "true".
I also noticed no specific error in Cassandra's or TH's logs.