Closed
Description
Request Type
Bug
Work Environment
| Question | Answer |
|---|---|
| OS version (server) | Ubuntu |
| OS version (client) | 16.04 |
| TheHive version / git hash | 2.12.0 |
| Package Type | Binary |
Problem Description
Trying to create an alert using an HTTP post request on /api/alert with an alert which contains the IOC field set in one of its observables/artifacts results in a 400 Bad Request being returned by the server with a message like this one:
{"tableName":"alert","type":"AttributeCheckingError","errors":[[{"name":"alert.artifacts","format":"string","value":{"type":"JsonInputValue","value":true},"type":"InvalidFormatAttributeError","message":"Invalid format for alert.artifacts: JsonInputValue(true), expected string"}]]}
By the way, the message returned by the API server is rather cryptic. I had to trial and error several times to find which attribute of my alert was causing the issue and lost considerable time... Improvements in this area welcome 😃 .
Steps to Reproduce
curl -XPOST -u myuser:mypassword -H 'Content-Type: application/json' http://127.0.0.1:9000/api/alert -d '{
"title": "Other alert",
"description": "alert description",
"type": "external",
"source": "instance1",
"sourceRef": "alert-ref",
"severity": 3,
"tlp": 3,
"artifacts": [
{ "dataType": "ip", "data": "127.0.0.1", "message": "localhost", "ioc": true }
],
"caseTemplate": "external-alert"
}'