Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Question] how to take data from artifact or observable thehive case wazuh responder #2478

Open
romarito90 opened this issue Jan 26, 2024 · 0 comments
Open

[Question] how to take data from artifact or observable thehive case wazuh responder #2478

romarito90 opened this issue Jan 26, 2024 · 0 comments
Labels
question

Comments

@romarito90
Copy link

Hello everyone I'm trying to get fix the problem in the wazuh responder to active response from Thehive to Wazuh

How can I get the data from an artifact or observable in a case ?

I created one new observable "agent_id" this is visible in my list of observables in the case in Thehive

300105780-8acee147-7f01-4930-9acc-458b6dbf1c23

How can I get the data from that field and pass to the payload to run the command firewalldrop

300108441-0111f6f4-1130-413e-8644-261e1f098e6d

300106251-e0759ea0-8bda-49cf-ac93-1b3c02b88e1a

If I run the command like above this It works

300108703-1d7d7779-33e4-468b-a416-ca4e0da4dc14

When I change the code to the following the analyzer failed

300108932-542a8562-813d-49eb-a336-a3c5734b93ff

300108364-138abd29-98fb-4ce7-853a-098de3cf777f

what command or code I need to get that data from that field "agent_id " in this case 12079 ??

Work Environment

Question Answer
OS version (client) Windows 11
Dedicated RAM 32 GB
vCPU 16
TheHive version / git hash 4.1
Package Type RPM
Database Cassandra
Index type Elasticsearch
Attachments storage Local
Browser type & version Firefox
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@romarito90