Correct settings for fir_threatintel
vedburtruba opened this issue · 4 comments
Hello!
I have FIR and YETI installed on same machine, proxied via nginx on different ports.
Yeti web ui and api works well (tested with browser and curl). FIR seems to be working as well.
But I cannot connect FIR to YETI. I added API key to user profile on FIR, also added endpoint as 'http://10.0.0.1:8080/api/'. I have Threat Intel tab in Incident but it tells only 'No intelligence available for this incident. Please check your configuration settings.'
Also I checked nginx access logs and found that there is no API requests from FIR, only from my PC (when I tested API).
Could you please tell what is correct settings for FIR-to-YETI integration and how to throubleshoot it?
I face the same problem. Watched traffic on the wire and there is no communication from fir to yeti. I've found that static files are in the wrong place and moved them to correct folder. The only thing remained is the CORS preflight check for Origin domain which prevents api call be executed from the browser. Tried to put corsheaders middleware without luck :(
Uncommenting these lines in Yeti should help
Thank you, did not know that. Instead i've created an monstrosity in the nginx config to manage the needed headers.
I will close this issue, since it is resolved.
Feel free to reopen it if needed