Merge branch 'StrangeBeeCorp:main' into feature/doc-41-fix

docs/thehive/administration/authentication/oauth2.md

@@ -1,23 +1,29 @@
 # OAuth2 / OpenID-Connect
 
-![OAuth2 configuration page](./images/authentication-oauth2-1.png)
+## Introduction
 
+OAuth2 and OpenID-Connect are widely used authentication protocols that enable secure and seamless user authentication. This article provides instructions on configuring TheHive to authenticate users using an external OAuth2 authentication server. By following this guide, you will be able to integrate various OAuth2 providers, such as Keycloak, Okta, Github, Microsoft 365, and Google, with TheHive.
+
+![OAuth2 Configuration Page](./images/authentication-oauth2-1.png)
+
+---
 
 ## Configuration
 
-Authenticate the user using an external OAuth2 authenticator server. It accepts the following configuration parameters:
+To authenticate users using an external OAuth2 server, you need to specify the following configuration parameters:
 
-| Parameter                                           | Description                                                  |
-|-----------------------------------------------------|--------------------------------------------------------------|
-| Client ID                                           | client ID in the OAuth2 server                               |
-| Client secret                                       | client secret in the OAuth2 server                           |
-| TheHive redirect URL                                | the url of TheHive AOuth2 page ( `https://xxx/api/ssoLogin`) |
-| Authorization URL                                   | the url of the OAuth2 server                                 |
-| Token URL                                           | the token url of the OAuth2 server                           |
-| User information URL                                | the url to get user information in OAuth2 server             |
-| List of scope                                       | list of scope                                                |
-| Field that contains the id of the user in user info | the field that contains the id of the user in user info      |
+| Parameter                                           | Description                                                   |
+|-----------------------------------------------------|---------------------------------------------------------------|
+| Client ID                                           | Client ID in the OAuth2 server                                |
+| Client Secret                                       | Client Secret in the OAuth2 server                            |
+| TheHive Redirect URL                                | The URL of TheHive OAuth2 page (`https://xxx/api/ssoLogin`)   |
+| Authorization URL                                   | The URL of the OAuth2 server                                  |
+| Token URL                                           | The Token URL of the OAuth2 server                            |
+| User Information URL                                | The URL to get user information in the OAuth2 server          |
+| List of Scope                                       | List of scopes                                                |
+| Field that contains the ID of the user in user info | The field that contains the ID of the user in user info       |
 
+ 
 
 ### Examples
 
@@ -101,15 +107,18 @@ Authenticate the user using an external OAuth2 authenticator server. It accepts
             - Instructions on how to create Oauth2 credentials at [https://support.google.com/cloud/answer/6158849](https://support.google.com/cloud/answer/6158849)
             - For the latest reference for Google auth URLs please check Google's [.well-known/openid-configuration](https://accounts.google.com/.well-known/openid-configuration)
 
+---
 
-## User autocreation
+## User Autocreation
 
-To allow users to login without previously creating them, you can enable autocreation, and specify few options:
+To enable users to log in without prior manual creation, you can activate autocreation and specify the following options:
 
 * Field that contains the name of the user in user info
 * Field that contains the name of the organisation in user info
 * Default organisation applied to new users
 * Default profile applied to new users
 
 
-![](./images/authentication-oauth2-2.png)
+![](./images/authentication-oauth2-2.png)
+
+ 

docs/thehive/api-docs/docs.yaml

@@ -1,7 +1,7 @@
 openapi: 3.1.0
 info:
   title: TheHive
-  version: v1-5.4.0-1
+  version: v1-5.4.2-1
   description: "\n## General\n\nAlmost all of the endpoints will require an authentication.\
     \ Supported ways of authentication are detailed below.\n\nEach user has permissions,\
     \ defined by their role. The permissions of the user are checked when making api\
@@ -9745,11 +9745,9 @@ paths:
         in: query
         required: false
         allowEmptyValue: true
-        content:
-          application/json:
-            schema:
-              type: boolean
-              default: false
+        schema:
+          type: boolean
+          default: false
       responses:
         '200':
           description: ''
@@ -13294,11 +13292,9 @@ paths:
         in: query
         required: false
         allowEmptyValue: true
-        content:
-          application/json:
-            schema:
-              type: boolean
-              default: false
+        schema:
+          type: boolean
+          default: false
       responses:
         '204':
           description: ''
@@ -19398,11 +19394,9 @@ paths:
         in: query
         required: false
         allowEmptyValue: true
-        content:
-          application/json:
-            schema:
-              type: boolean
-              default: false
+        schema:
+          type: boolean
+          default: false
       responses:
         '200':
           description: ''
@@ -21493,11 +21487,9 @@ paths:
         in: query
         required: false
         allowEmptyValue: true
-        content:
-          application/json:
-            schema:
-              type: boolean
-              default: false
+        schema:
+          type: boolean
+          default: false
       requestBody:
         content:
           application/json:
@@ -21619,20 +21611,16 @@ paths:
         in: query
         required: false
         allowEmptyValue: true
-        content:
-          application/json:
-            schema:
-              type: boolean
-              default: false
+        schema:
+          type: boolean
+          default: false
       - name: sync
         in: query
         required: false
         allowEmptyValue: true
-        content:
-          application/json:
-            schema:
-              type: boolean
-              default: false
+        schema:
+          type: boolean
+          default: false
       responses:
         '200':
           description: ''
@@ -22018,11 +22006,9 @@ paths:
         in: query
         required: false
         allowEmptyValue: true
-        content:
-          application/json:
-            schema:
-              type: boolean
-              default: false
+        schema:
+          type: boolean
+          default: false
       requestBody:
         content:
           application/json:

docs/thehive/download/index.md

@@ -43,4 +43,4 @@ If you prefer using Kubernetes, you can leverage pre-built Docker images availab
 
 The Docker image can be found on [**TheHive Docker Hub**](https://hub.docker.com/r/strangebee/TheHive), and [**instructions to run it on Kubernetes can be found here**](../installation/kubernetes.md). These steps will guide you through the necessary configurations and prerequisites to get TheHive fully operational.
 
- 
+ 

docs/thehive/installation/automated-installation-script.md

@@ -30,5 +30,5 @@ Upon execution, users are presented with several customizable options tailored t
 
     - [Linux/Unix Based Systems Installation Guide](./step-by-step-installation-guide.md)
     - [TheHive Cluster Deployment](./deploying-a-cluster.md)
-    - [Running with Docker](./docker.md)
+    - [Running with Docker](./docker/docker.md)
     - [Kubernetes Deployment](./kubernetes.md)

docs/thehive/installation/docker/docker-compose-overview.md

@@ -67,6 +67,4 @@ services:
       POSTGRES_PASSWORD: example
 ```
 
-## Conclusion
-
-This guide provides a brief overview of Docker and Docker Compose. These tools are powerful and can greatly simplify the process of developing, shipping, and running applications. In the next sections, we will focus on how to use these tools specifically with TheHive.
+ 

docs/thehive/installation/step-by-step-installation-guide.md

@@ -79,7 +79,7 @@ Ensure that all dependencies are successfully installed before proceeding with t
             ```bash
             sudo rpm --import https://yum.corretto.aws/corretto.key &> /dev/null
             wget -qO- https://yum.corretto.aws/corretto.repo | sudo tee -a /etc/yum.repos.d/corretto.repo
-            yum install java-1.11.0-amazon-corretto-devel &> /dev/null
+            yum install java-11-amazon-corretto-devel &> /dev/null
             echo JAVA_HOME="/usr/lib/jvm/java-11-amazon-corretto" | sudo tee -a /etc/environment
             export JAVA_HOME="/usr/lib/jvm/java-11-amazon-corretto"
             ```
@@ -663,7 +663,7 @@ Install TheHive package by using the following commands:
 
     !!! Example ""
         ```bash
-        echo 'deb [arch=all signed-by=/usr/share/keyrings/strangebee-archive-keyring.gpg] https://deb.strangebee.com thehive-5.3 main' |sudo tee -a /etc/apt/sources.list.d/strangebee.list
+        echo 'deb [arch=all signed-by=/usr/share/keyrings/strangebee-archive-keyring.gpg] https://deb.strangebee.com thehive-5.4 main' |sudo tee -a /etc/apt/sources.list.d/strangebee.list
         sudo apt-get update
         sudo apt-get install -y thehive
         ```
@@ -685,7 +685,7 @@ Install TheHive package by using the following commands:
             enabled=1
             priority=1
             name=StrangeBee RPM repository
-            baseurl=https://rpm.strangebee.com/thehive-5.3/noarch
+            baseurl=https://rpm.strangebee.com/thehive-5.4/noarch/
             gpgkey=https://raw.githubusercontent.com/StrangeBeeCorp/Security/main/PGP%20keys/packages.key
             gpgcheck=1
             ```

docs/thehive/release-notes/release-notes-5.3.md

@@ -18,6 +18,18 @@
 !!! info
     An [upgrade guide](../installation/upgrade-from-5.x.md) is available to help you migrate from TheHive 5.x
 
+## 5.3.7 - 11th of October 2024
+
+### Fix
+- We fixed an issue with the method used to filter entity Ids. In certain very specific situations, the filter could return incorrect results.
+
+### Improvements
+#### Cortex Job Queue
+We have made two improvements to the management of Cortex job queues from TheHive to:
+
+- Prevent spamming the Cortex server when a large number of jobs are submitted.
+- Reduce the latency in retrieving completed job reports, even when the job queue is highly loaded.
+
 ## 5.3.6 - 12th of September 2024
 
 ### Fixes

docs/thehive/release-notes/release-notes-5.4.md

@@ -19,6 +19,22 @@
 !!! info
     An [upgrade guide](../installation/upgrade-from-5.x.md) is available to help you migrate from TheHive 5.x
 
+## 5.4.2 - 21st of October 2024
+### Fix
+- This version fixes a regression related to the query boolean parameters in the public API. These parameter values are case insensitive again.
+
+## 5.4.1 - 11th of October 2024
+
+### Fix
+- We fixed an issue related to our backend framework configuration (pekko). This problem impacted the generated configuration file for a new installation of TheHive on Kubernetes.
+
+### Improvements
+#### Cortex Job Queue
+We have made two improvements to the management of Cortex job queues from TheHive to:
+
+- Prevent spamming the Cortex server when a large number of jobs are submitted.
+- Reduce the latency in retrieving completed job reports, even when the job queue is highly loaded.
+
 ## 5.4.0 - 26th of September 2024
 ### New Features
 
@@ -78,3 +94,22 @@ As part of our recent brand visual identity update, TheHive logo has been update
 
 #### Time metrics
 We resolved an issue with the "Time to Detect" metric during alert creation.
+
+
+### Known issues
+Last update: 21st of October 2024
+
+#### Public API - Query boolean parameters case sensitive
+
+TheHive 5.4.0 introduced a non expected breaking change related to the query boolean parameters.
+The values passed in the query URL, with upper case (ex: `True` or `False`) are not accepted anymore. It does not concern the parameters passed in the body/payload.
+It impacts the endpoints listed below, and the tools that use those endpoints (like TH4Py 2.0). **The 5.4.2 version fixes this issue**.
+
+The following endpoints are impacted:
+
+- Download Attachment from observable: GET /api/v1/observable/$id/attachment/id/download with the asZip param
+- Delete CustomField: `DELETE /api/v1/customField/$id` with `force` flag
+- Invoke Function: `POST /api/v1/function/$id` with `dryRun` flag
+- Invoke Function on an object: `POST /api/v1/function/$id/$objectType/$objectId` with `dryRun` and `sync` params
+- Test Function: `POST /api/v1/function/_test` with `dryRun` param
+- Get platform status: `GET /api/v1/status` with `verbose` param

docs/thehive/user-guides/analyst-corner/search/about-search.md

@@ -1,21 +1,22 @@
-# Search 
+# Search Functionality Overview
 
-In this section you can find information about the Search function.
+The Search function allows you to refine your search by selecting specific criteria. In many cases, search criteria can be broad, resulting in a large number of results. The Search function helps you narrow down these results by applying filters to one or more search parameters.
 
-The Search function allows you to refine search by selecting a particular search criteria. Often, the search criteria are broad, resulting in large number of results. The search function allow users to trim down their list of search results by applying filters on one or more search results.  
+ 
 
-<img src="../images/search.png" alt="search" width="1000" height="1000"/>
+![search](./images/search.png)
 
-You can search based on the following search criteria: 
+&nbsp;
 
-1. Cases.
-1. Tasks.
-1. Task Logs.
-1. Observables.
-1. Alerts.
-1. Jobs.
-1. Audit Logs. 
+You can search based on the following criteria:
 
+1. Cases
+2. Alerts
+3. Observables
+4. Jobs
+5. Tasks
+6. Task logs
 
-Based on your search criteria, a set of search results appear in the right pane of the page. 
-A maximum of 300 results can be displayed on the page that can be navigated using the **Previous** and **Next** buttons at the bottom of the page. 
+Based on your selected criteria, a list of results will appear in the right pane of the page. A maximum of 300 results can be displayed on the page at a time, which can be navigated using the **Previous** and **Next** buttons located at the bottom of the page.
+
+&nbsp;

mkdocs.yml

@@ -243,6 +243,7 @@ nav:
           - 'Manage View': thehive/user-guides/analyst-corner/dashboard/manage-views.md
           - 'Filter and Sort': thehive/user-guides/analyst-corner/dashboard/filter-sort.md
         - 'Search':
+          - 'Search Functionality Overview': thehive/user-guides/analyst-corner/search/about-search.md
           - 'Search by Cases': thehive/user-guides/analyst-corner/search/search-scope-by/cases.md
           - 'Search by Alerts': thehive/user-guides/analyst-corner/search/search-scope-by/alerts.md
           - 'Search by Observables': thehive/user-guides/analyst-corner/search/search-scope-by/observables.md