HX Cloud

Question

HX Cloud

Closed this issue 2 years ago · 4 comments

Hi Elazar,

Could you provide me some help to to manage HX Cloud through HXTool?

When I try to configure it with a URL similar to [REDACTED]-hx-webui-1.hex03.helix.apps.fireeye.com, I obtain this error message:
HTTPSConnectionPool(host='[REDACTED]-hx-webui-1.hex03.helix.apps.fireeye.com', port=443): Max retries exceeded with url: /hx/api/v1/token (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f9ac2ab9e80>: Failed to establish a new connection: [Errno -2] Name or service not known',))

When I use curl with that domain, I obtain the correct HTML webpage:

<!doctype html>
<!--[if IE 8]>    <html class="no-js lt-ie9" lang="en"> <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js" lang="en"> <!--<![endif]-->

<head>
  <meta charset="utf-8">
  <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
  <meta content="authenticity_token" name="csrf-param" />
<meta content="[REDACTED]" name="csrf-token" />
  <meta name="viewport" content="width=device-width">
  <title>[REDACTED]-hx-webui-1.hex03.helix.apps.fireeye.com - Trellix - Please Log in</title>
  <link rel="shortcut icon" href="/assets/images/favicon.ico?v=2" type="image/x-icon">
  <link data-turbolinks-track="true" href="/assets/stylesheets/vendor/fonts.css?1661967908" media="all" rel="stylesheet" type="text/css" />
  <link href="/assets/fabric/css/font-awesome.min.css?1661967908" media="screen" rel="stylesheet" type="text/css" />
  <link href="/assets/fabric/css/fe-helix-dark.min.css?1661967908" media="screen" rel="stylesheet" type="text/css" />
  <link href="/assets/stylesheets/login.css?1661968037" media="screen" rel="stylesheet" type="text/css" />
  <!--[if IE]>
    <script src="/assets/javascripts/ie.js?1661967908" type="text/javascript"></script>
  <![endif]-->
</head>

<body data-appliance-type="hx_ng" class="muse-background">
  <script src="/assets/javascripts/vendor.js?1661967957" type="text/javascript"></script>
  <script src="/assets/javascripts/app.js?1661968037" type="text/javascript"></script>
  <script>
    if(window.top != window) {
      window.top.location = window.location;
    }
    var fireeye = fireeye || {};
    fireeye.page_data = {};

      fireeye.page_data = {"cm_ha":false,"host_name":"[REDACTED]-hx-webui-1.hex03.helix.apps.fireeye.com","product_name":"HX","model_number":"4502","hash_id":"[REDACTED]","login_banner":"\nThis system is for the use of authorized users only. Individuals\nusing this computer system without authority, or in excess of their\nauthority, are subject to having all of their activities on this\nsystem monitored and recorded by system personnel.\n\nIn the course of monitoring individuals improperly using this system,\nor in the course of system maintenance, the activities of authorized\nusers may also be monitored.\n\nAnyone using this system expressly consents to such monitoring and\nis advised that if such monitoring reveals possible evidence of\ncriminal activity, system personnel may provide the evidence of such\nmonitoring to law enforcement officials.\n\n","asset_type":"Purchased (2)","current_year":2022,"upgrading":"","restoring":false,"product_edition":null,"product_series":"HX","logout_message_enable":false,"display_sso":true,"display_cert":false,"display_saml":false,"redirect_saml":false,"display_local":true};
    window.fireeye.features = {};
    window.fireeye.i18n_strings = [REDACTED];
    require('initialize');
    </script>
      <div id="container"> </div>
    </body>
</html>

Having this result with curl make me think server on which HXTool is hosted is having correct access to the HX Cloud console.

Regards,
JM

Answer 1 · 2022-09-29T15:08:40.000Z

Hi @jmalbertsanofi -
[Errno -2] Name or service not known usually signifies DNS lookup failure. In the controller profile, can you confirm that just the FQDN is there and not anything else, i.e. https?

Thanks,
Elazar

Answer 2 · 2022-10-03T09:06:12.000Z

Hi @B0fH

I can confirm that there is only FQDN, and that I'm using port 443:

Because curl test is working as expected, I guess it is not a network issue/DNS lookup failure.

Regards,
JM

Answer 3 · 2022-10-03T20:49:51.000Z

Hi @jmalbertsanofi -
Thar is very odd. The error that the Python requests module is throwing indicates a DNS resolution failure. The only other thing I can think of at the moment is that maybe some whitespace characters made their way into the host name. You can confirm what the hostname looks like in the database by opening hxtool.db in a text editor - its simply a JSON text file.

Thanks,
Elazar

Answer 4 · 2022-12-14T10:55:42.000Z

Hi,

Solution is to add a block named "proxies" at the end of the block named "network", inside ./data/conf.json file:

        "network": {
                "ssl": "enabled",
                "port": 8080,
                "listen_address": "0.0.0.0",
                "session_timeout": 30,
                "proxies": {
                        "https" : "http://[IPADDRESS]:[PORT]"
                }
        },

Regards,
@jmalbertsanofi