Download bulk acquisition fails.

Question

Download bulk acquisition fails.

bw-0 opened this issue 4 years ago · 2 comments

HXTool version:4.5.1.2
HX version: 5.0.0.910952

Jun  4 15:24:00 hxtool.py: [2020-06-04 15:24:00,707] {app} {Thread-18712} ERROR - Exception on /api/v1/acquisition/bulk/download [GET]
Jun  4 15:24:00 hxtool.py: Traceback (most recent call last):
Jun  4 15:24:00 hxtool.py: File "/home/hxtool/hxtoolenv/lib64/python3.6/site-packages/flask/app.py", line 2446, in wsgi_app
Jun  4 15:24:00 hxtool.py: response = self.full_dispatch_request()
Jun  4 15:24:00 hxtool.py: File "/home/hxtool/hxtoolenv/lib64/python3.6/site-packages/flask/app.py", line 1951, in full_dispatch_request
Jun  4 15:24:00 hxtool.py: rv = self.handle_user_exception(e)
Jun  4 15:24:00 hxtool.py: File "/home/hxtool/hxtoolenv/lib64/python3.6/site-packages/flask/app.py", line 1820, in handle_user_exception
Jun  4 15:24:00 hxtool.py: reraise(exc_type, exc_value, tb)
Jun  4 15:24:00 hxtool.py: File "/home/hxtool/hxtoolenv/lib64/python3.6/site-packages/flask/_compat.py", line 39, in reraise
Jun  4 15:24:00 hxtool.py: raise value
Jun  4 15:24:00 hxtool.py: File "/home/hxtool/hxtoolenv/lib64/python3.6/site-packages/flask/app.py", line 1949, in full_dispatch_request
Jun  4 15:24:00 hxtool.py: rv = self.dispatch_request()
Jun  4 15:24:00 hxtool.py: File "/home/hxtool/hxtoolenv/lib64/python3.6/site-packages/flask/app.py", line 1935, in dispatch_request
Jun  4 15:24:00 hxtool.py: return self.view_functions[rule.endpoint](**req.view_args)
Jun  4 15:24:00 hxtool.py: File "/home/hxtool/hxtoolenv/hxtool_util.py", line 51, in is_session_valid
Jun  4 15:24:00 hxtool.py: ret = f(*args, **kwargs)
Jun  4 15:24:00 hxtool.py: File "/home/hxtool/hxtoolenv/hxtool_api.py", line 546, in hxtool_api_acquisition_bulk_download
Jun  4 15:24:00 hxtool.py: bulk_acquisition_hosts[host['host']['_id']] = {'downloaded' : False, 'hostname' :  host['host']['hostname']}
Jun  4 15:24:00 hxtool.py: KeyError: 'hostname'

Thanks in advance, B

Answer 1 · 2020-06-04T17:16:03.000Z

Edit: Scratch that. I saw you posted the version information above.

So this is a known issue, the current version of HXTool 4.5.1.2 is not compatible with Endpoint Security (HX) 5.0 due to a bug in hx_lib.py - which was fixed in the tagged PR. The simplest fix is to replace your current hx_lib.py with the one from master: https://raw.githubusercontent.com/fireeye/HXTool/master/hx_lib.py

We're hoping to release 4.6 shortly, though we have no ETA yet.

I'm going to leave this open in case other folks run into this issue as well.

Thanks,
Elazar

Answer 2 · 2020-11-05T18:46:27.000Z

Closing this now that 4.6 has been released.