Difficulties integrating Wazuh and Thehive
64 views
Skip to first unread message
Tommy Johann
May 23, 2024, 8:38:43 AM5/23/24
to Wazuh | Mailing List
Hi Team,
I am actually trying to integrate Wazuh and TheHive running on 2 different servers in thesame network but have some difficulties.
I'm running theHive 5.2 and Wazuh 4.7
but I can't see any alert in thehive
here is the error message from tail /var/ossec/logs/integrations.log
Traceback (most recent call last):
File "/var/ossec/integrations/custom-w2thive.py", line 162, in <module>
main(sys.argv)
File "/var/ossec/integrations/custom-w2thive.py", line 74, in main
send_alert(alert, thive_api)
File "/var/ossec/integrations/custom-w2thive.py", line 149, in send_alert
response = thive_api.create_alert(alert)
File "/var/ossec/framework/python/lib/python3.9/site-packages/thehive4py/api.py", line 911, in create_alert
raise AlertException("Alert create error: {}".format(e))
thehive4py.exceptions.AlertException: Alert create error: HTTPConnectionPool(host='192.168.1.10', port=9000): Max retries exceeded with url: /api/alert (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7b27bb926430>: Failed to establish a new connection: [Errno 111] Connection refused'))
File "/var/ossec/integrations/custom-w2thive.py", line 162, in <module>
main(sys.argv)
File "/var/ossec/integrations/custom-w2thive.py", line 74, in main
send_alert(alert, thive_api)
File "/var/ossec/integrations/custom-w2thive.py", line 149, in send_alert
response = thive_api.create_alert(alert)
File "/var/ossec/framework/python/lib/python3.9/site-packages/thehive4py/api.py", line 911, in create_alert
raise AlertException("Alert create error: {}".format(e))
thehive4py.exceptions.AlertException: Alert create error: HTTPConnectionPool(host='192.168.1.10', port=9000): Max retries exceeded with url: /api/alert (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7b27bb926430>: Failed to establish a new connection: [Errno 111] Connection refused'))
please I need assistance
Mauricio Ruben Santillan
May 23, 2024, 6:10:48 PM5/23/24
to Wazuh | Mailing List
Hello Tommy,
Accordin to this message here:
raise AlertException("Alert create error: {}".format(e))
thehive4py.exceptions.AlertException: Alert create error: HTTPConnectionPool(host='192.168.1.10', port=9000): Max retries exceeded with url: /api/alert (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7b27bb926430>: Failed to establish a new connection: [Errno 111] Connection refused'))
thehive4py.exceptions.AlertException: Alert create error: HTTPConnectionPool(host='192.168.1.10', port=9000): Max retries exceeded with url: /api/alert (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7b27bb926430>: Failed to establish a new connection: [Errno 111] Connection refused'))
It seems that your Wazuh manager cannot connect to your TheHive server. You should make sure there's nothing (like a firewall) preventing the connection to the specified IP address and port.
Let us know what you find.
Reply all
Reply to author
Forward
0 new messages