Closed
Description
Request Type
Enhancement
Work Environment
| Question | Answer |
|---|---|
| TheHive version / git hash | 3.0.10 |
Problem Description
TheHive's configuration file (application.conf) can be somehow confusing when an administrator wants to sync TheHive with a MISP instance. The closing curly bracket is of the instance's config section is not easily seen hence remains commented which will generate errors. Moreover, the authentication key that needs to be supplied must correspond to a sync account on MISP. Finally, the tags that can be added to each observable imported from the instance are optional.
misp {
#"MISP-SERVER-ID" {
# URL of the MISP instance.
#url = ""
# Authentication key.
#key = ""
# Name of the case template in TheHive that shall be used to import
# MISP events as cases by default.
# caseTemplate = "<Template_Name_goes_here>"
# Tags to add to each observable imported from an event available on
# this instance.
#tags = ["misp-server-id"]
# Truststore to use to validate the X.509 certificate of the MISP
# instance if the default truststore is not sufficient.
#ws.ssl.trustManager.stores = [
#{
# type: "JKS"
# path: "/path/to/truststore.jks"
#}
#]
#}
Possible Solutions
Change application.conf to:
#"MISP-SERVER-ID" {
# URL of the MISP instance.
#url = ""
# Authentication key corresponding to a sync account on MISP.
#key = ""
# Name of the case template in TheHive that shall be used to import
# MISP events as cases by default.
# caseTemplate = "<Template_Name_goes_here>"
# Optional tags to add to each observable imported from an event
# available on this instance.
#tags = ["misp-server-id"]
# Truststore to use to validate the X.509 certificate of the MISP
# instance if the default truststore is not sufficient.
#ws.ssl.trustManager.stores = [
#{
# type: "JKS"
# path: "/path/to/truststore.jks"
#}
#]
#} ## <-- Uncomment to complete the configuration