Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Failed to invoke alert after latest upgrade #345

Closed
screwlooseit opened this issue Dec 2, 2024 · 0 comments · Fixed by #346
Closed

Failed to invoke alert after latest upgrade #345

screwlooseit opened this issue Dec 2, 2024 · 0 comments · Fixed by #346

Comments

@screwlooseit
Copy link

Describe the bug
Unable to invoke alerts after latest CoPilot upgrade. Get a 'NoneType' object is not subscribable error. Able to see the alerts within the Alerts Tab but they are not created as alerts under the Incident Management tab anymore.

Expected behavior
The invoke alert succeeds and brings in all the alerts trigged by Wazuh

Screenshots
{2EAF8330-62AD-4CAD-B685-D53126EDE8A3}
{E4C80C33-423D-4DAF-8E24-E1614E14CF90}

image

**Container Logs
copilot-backend_1 | 2024-12-02 23:31:52.634 | INFO | app.incidents.services.incident_alert:build_ioc_payload:415 - No IOC value found, returning None
copilot-backend_1 | 2024-12-02 23:31:52.634 | INFO | app.incidents.services.incident_alert:open_alert_exists:788 - Checking if an open alert exists for customer code screwlooseit with alert title Binary loaded PowerShell automation library - Possible unmanaged Powershell execution by suspicious process
copilot-backend_1 | 2024-12-02 23:31:52.635 | INFO | app.incidents.services.incident_alert:open_alert_exists:798 - Open alert exists for customer code screwlooseit with alert title Binary loaded PowerShell automation library - Possible unmanaged Powershell execution by suspicious process
copilot-backend_1 | 2024-12-02 23:31:52.635 | INFO | app.incidents.services.incident_alert:create_alert:841 - Open alert exists for customer code screwlooseit with alert title Binary loaded PowerShell automation library - Possible unmanaged Powershell execution by suspicious process and alert ID 72
copilot-backend_1 | 2024-12-02 23:31:52.635 | INFO | app.db.db_session:get_db_session:60 - DB session created
copilot-backend_1 | 2024-12-02 23:31:52.636 | INFO | app.connectors.utils:get_connector_info_from_db:29 - Fetching connector Wazuh-Indexer from database
copilot-backend_1 | 2024-12-02 23:31:52.638 | INFO | app.db.db_session:get_db_session:68 - Closing DB session
copilot-backend_1 | 2024-12-02 23:31:52.649 | INFO | app.incidents.services.incident_alert:add_alert_to_document:246 - Added alert ID 72 to alert e9dc6072-b09e-11ef-b9c0-3ee71ca42e4b in index graylog_4
copilot-backend_1 | 2024-12-02 23:31:52.649 | INFO | app.incidents.services.incident_alert:does_assit_exist:553 - Checking if an asset exists for alert ID 72 with asset name WATech08
copilot-backend_1 | 2024-12-02 23:31:52.651 | INFO | app.incidents.services.incident_alert:does_assit_exist:562 - Asset exists for alert ID 72 with asset name WATech08
copilot-backend_1 | 2024-12-02 23:31:52.651 | ERROR | app.db.db_session:get_db_session:64 - Error during DB session: 'NoneType' object is not subscriptable
copilot-backend_1 | 2024-12-02 23:31:52.652 | INFO | app.db.db_session:get_db_session:68 - Closing DB session
copilot-backend_1 | 2024-12-02 23:31:52.653 | ERROR | app.db.db_session:get_db_session:64 - Error during DB session:
copilot-backend_1 | 2024-12-02 23:31:52.653 | INFO | app.db.db_session:get_db_session:68 - Closing DB session
copilot-backend_1 | 2024-12-02 23:32:12.752 | INFO | app.schedulers.services.wazuh_index_resize:resize_wazuh_index_fields:24 - Resizing Wazuh index fields via scheduler...
copilot-backend_1 | 2024-12-02 23:32:12.752 | INFO | app.db.db_session:get_db_session:60 - DB session created
copilot-backend_1 | 2024-12-02 23:32:12.752 | INFO | app.connectors.utils:is_connector_verified:52 - Checking if connector Wazuh-Indexer is verified
copilot-backend_1 | 2024-12-02 23:32:12.756 | INFO | app.schedulers.services.wazuh_index_resize:resize_wazuh_index_fields:29 - Wazuh Indexer connector is verified.
copilot-backend_1 | 2024-12-02 23:32:12.757 | INFO | app.db.db_session:get_db_session:60 - DB session created
copilot-backend_1 | 2024-12-02 23:32:12.757 | INFO | app.connectors.utils:get_connector_info_from_db:29 - Fetching connector Wazuh-Indexer from database
copilot-backend_1 | 2024-12-02 23:32:12.763 | INFO | app.db.db_session:get_db_session:68 - Closing DB session
copilot-backend_1 | 2024-12-02 23:32:12.778 | INFO | app.connectors.wazuh_indexer.utils.universal:resize_wazuh_index_fields:588 - Successfully resized the Wazuh index fields
copilot-backend_1 | 2024-12-02 23:32:12.785 | INFO | app.schedulers.services.wazuh_index_resize:resize_wazuh_index_fields:40 - Updated job metadata with the last success timestamp.
copilot-backend_1 | 2024-12-02 23:32:12.785 | INFO | app.db.db_session:get_db_session:68 - Closing DB session
@taylorwalton taylorwalton linked a pull request Dec 3, 2024 that will close this issue
345 failed to invoke alert after latest upgrade #346
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

345 failed to invoke alert after latest upgrade socfortress/CoPilot
1 participant
@screwlooseit