Unable to run integration for custom-w2thive
464 views
Skip to first unread message
Gilmer Huanca Ramos
Aug 7, 2022, 4:28:22 PM8/7/22
to Wazuh mailing list
Hello, I have a problem with the integration of Wazuh and TheHive
Wazuh version: 4.3.6
OS: Ubuntu server 22.04 LTS
TheHive version 4.1.23-1
I have the following configuration in /var/ossec/etc/ossec.conf
<integration>
<name>custom-w2thive</name>
<hook_url>http://172.16.0.202:9000</hook_url>
<api_key>lkqst1KvmSHSAZik67VqcR5PyyeYMWDO</api_key>
<alert_format>json</alert_format>
</integration>
I installed thehive4py module, as indicated on the following page
but wazuh arent sending any alert logs to TheHive.
I added the following line wazuh_modules.debug=2 in local_internal_options.conf
I share the file ossec.log
but there is no log in Integration.log file
Manuel Alejandro Roldan Mella
Aug 7, 2022, 11:30:37 PM8/7/22
to Wazuh mailing list
Hi,
Thank you for using Wazuh!
I found a couple of lines about integration in the ossec.log file you sent:
2022/08/07 15:48:38 wazuh-integratord: ERROR: Unable to run integration for custom-w2thive -> integrations
2022/08/07 15:48:38 wazuh-integratord: ERROR: While running custom-w2thive -> integrations. Output: ModuleNotFoundError: No module named 'thehive4py'
Perhaps the problem could be that thehive4py module is not installed. For solving it you could run :
sudo /var/ossec/framework/python/bin/pip3 install thehive4py==1.8.1
Perhaps the problem could be that thehive4py module is not installed. For solving it you could run :
sudo /var/ossec/framework/python/bin/pip3 install thehive4py==1.8.1
I hope you find it helpful.
Regards,
Reply all
Reply to author
Forward
0 new messages