[Feature Request] Providing output details for Responders

[DManness]

Providing output details for responders.

Responders currently provide a simple pass/fail status for the job in TheHive. When a job is successful, A user is able to view a report of the responder. I believe this is the full attribute from the cortex report.

When a responder fails (for whatever reason), TheHive provides no useful information about the failure. This behavior can be inconvenient as an administrator would need to log in to Cortex to review the reason for the failure.

I believe this is due to errors having an errorMessage attribute in place of the full attribute. This may be a quirk in cortexutils, but providing error details to TheHive users would make troubleshooting easier for end-users and administrators alike. Especially in cases where an analyzer fails due to user input validation.

I have a few ideas for implementation

• Have TheHive display the errormessage attribute of the output from a failed responder in the report field.
• Allow responders to use short.html templates similar to analyzers.
• On failure, display a modal with the errormessage.

Request Type

Feature Request

[nadouani]

The responder jobs component will now display job error message. This behavior will be the same wherever a list of responder jobs is displayed